Re: [Puppet Users] X509 Cert management
awesome On 23 August 2016 at 17:43, Lowe Schmidt wrote: > There is also https://forge.puppet.com/puppetlabs/java_ks maybe it fits > better with what you want to do ? > > -- > Lowe Schmidt | +46 723 867 157 > [snip] -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAJ%2BQ1PXZabf6cDuz%3Dgg7osWuWxY_%3DXnys49WMuATdSmaEO3aQQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] X509 Cert management
Hi I want to manage CA certs on Centos boxes and also in JVM's I found https://forge.puppet.com/camptocamp/openssl ... not realy what i want and https://forge.puppet.com/pcfens/ca_cert looks better. If I was to extend to manage java certs. this is my script /usr/java/jdk1.6.0_30/bin/keytool -keystore /usr/java/jdk1.6.0_30/jre/lib/security/cacerts -importcert -noprompt -alias CA512 -file /etc/pki/ca-trust/source/anchors/ca512.crt -storepass changeit how would I write this into puppet ? I was thinking i can provide an array of locations where java is installed, then I can can find the keytool and the certstore. But how to I run a command on the client machine. Better still how do I make sure it doesn't run all the time - every invoke ? A -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/ee6cc9fd-1608-43fd-a809-d1ac64f0f45e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Re: Puppet control, Hiera data, puppetfile, and r10k and git merging woes
On 21 August 2016 at 11:04, Chadwick Banning wrote: > As Rob Nelson mentioned above, you can differentiate between operational > environments in Hiera as long as you have the appropriate facts available. > > If you differentiate Puppet environments and operational environments, then > it's easier to address staged rollouts in each appropriate context. Staged > rollouts of changes across *operational* environments may be done through > Hiera, and staged rollouts of Puppet code (usually common Puppet code that > cuts across operational environments) can be done through *Puppet* > environments. > > If your environment is simple enough...such as a single app with dev, > staging, and production operational environments, then equating a Puppet > environment to an operational environment is that much of an issue. For more > complex Puppet setups, equating them always creates issues IMHO. Okay I get it you have another branch in hiera lets say env as you have above. But they pull in the same profile class - lets say openssh. So lets say ssh come out with v3, you want to slowly roll out. Do you have a bit if then or case switch statement in your ssh profile class or do you create a new ssh class call ssh-v3 and then assign it to only the env you want to. seems like every time you want to make a change to a profile/class you need to create another one so you can control the roll out or you have a big if/then or switch case to do that for you. trying to persist with the 2 branches production and testing for now .. > > This topic is really interesting to me since I've run into it multiple > times, the last being very recent. > > On Saturday, August 20, 2016 at 6:39:03 PM UTC-4, Alex Samad wrote: >> >> On 20 August 2016 at 22:50, Chadwick Banning wrote: >> > This is an issue I run into pretty regularly. If your Puppet >> > infrastructure >> > is even moderately complex, I'd recommend NOT equating a Puppet >> > environment >> > to an operational environment, operational environment being the groups >> > of >> > machines known as dev, qa, staging, etc. >> >> But how to you stage a roll out of an update. If you want it to go to >> dev then uat then prod ... or through some logical steps. >> >> presuming you have a common profile used by all. >> >> > >> > For instance, in my infrastructure we have 50+ different operational >> > environments. If I equate each one of these to a Puppet environment, I'd >> > need 50+ branches. While doable, this immediately becomes a nightmare if >> > I >> > have a change that applies to all or some of the operational >> > environments -- >> > say, changing something in my base profile. Now I have to a) hope all >> > 50+ >> > branches are somewhat in sync, and b) merge my change into *each* branch >> > 50+ >> > times. If the branches aren't in sync at all I very well might end up >> > having >> > to fix unique conflicts each time I merge. >> > >> > This is *not* a place where you want to end up. >> >> Yes agree sounds like it would be a nightmare >> >> > >> [snip] > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Puppet Users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/puppet-users/4YL6D4wwJww/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/272fba59-9684-44b1-8350-417893cbfb9e%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAJ%2BQ1PWS3LHBWE6Z-h8Newbo_R7qdh4qn-yADxqWMbJLv8Ga4Q%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Re: Puppet control, Hiera data, puppetfile, and r10k and git merging woes
On 20 August 2016 at 22:50, Chadwick Banning wrote: > This is an issue I run into pretty regularly. If your Puppet infrastructure > is even moderately complex, I'd recommend NOT equating a Puppet environment > to an operational environment, operational environment being the groups of > machines known as dev, qa, staging, etc. But how to you stage a roll out of an update. If you want it to go to dev then uat then prod ... or through some logical steps. presuming you have a common profile used by all. > > For instance, in my infrastructure we have 50+ different operational > environments. If I equate each one of these to a Puppet environment, I'd > need 50+ branches. While doable, this immediately becomes a nightmare if I > have a change that applies to all or some of the operational environments -- > say, changing something in my base profile. Now I have to a) hope all 50+ > branches are somewhat in sync, and b) merge my change into *each* branch 50+ > times. If the branches aren't in sync at all I very well might end up having > to fix unique conflicts each time I merge. > > This is *not* a place where you want to end up. Yes agree sounds like it would be a nightmare > [snip] -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAJ%2BQ1PXzQpq0J2gDMcGd2g6ugxn_E8VE0PjVDnHmP2COb%2BKdkQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Puppet control, Hiera data, puppetfile, and r10k and git merging woes
Hi
Think you missed my point. in my example I want to limit where the updates
go.
Presumably the puppet agent is set to some periodic period. I believe
30min.
so when i push my test case, say using the puppet --environment command,
30min later it will be updated back.
A
On Friday, 19 August 2016 13:20:47 UTC+10, Rob Nelson wrote:
>
> The number of branches you have has almost nothing to do with how fast
> your nodes converge to a new desired state. If you want them to check in on
> command, use mcollective or another orchestration engine to make that
> happen.
>
> On Thursday, August 18, 2016, Alex Samad >
> wrote:
>
>> Hi
>>
>> I have recently gone through this problem.
>>
>> I had initial thought to you different branches for the different
>> environments.
>> say
>> prod
>> uat
>> sim
>> inf
>> dev
>>
>> But was advised best to go with production and testing.
>>
>>
>> so I have and I have used a grouping in my ENC to put machines into the
>> above groups. But I am about ready to go back to more branches again. Why
>>
>> I have setup my profiles
>>
>> my_ssh profile this handles all the general setup of ssh server and
>> client - standard across all machines
>>
>>
>> so my roles just include profile::my_ssh
>>
>> My issue with this is if I want to now role out a change to my ssh setup
>> I can't isolate which box gets its, pot luck, wait long enough and they all
>> get it.
>>
>> I am not sure its the best to go to each dev/uat machine and run puppet
>> --environment is the best solution plus my ENC sets the
>> environment .. don't want pesky dev guys change environments on me.
>>
>> I don't want to have to create a new profile and attach it to the roles I
>> want to test on.
>>
>> So I am thinking ... multiple branches is sounding good.
>>
>> But im keen to see what comes out of this.
>>
>>
>> On Friday, 19 August 2016 02:24:58 UTC+10, Rob Nelson wrote:
>>>
>>> The term 'environment' is overloaded. In the context of puppet, I prefer
>>> to think of it as "a set of puppet code/data representing a branch of the
>>> controlrepo' (puppet environment), rather than 'an environment that nodes
>>> run in' (dev/qa/prod/etc) (node environment). Since you can make the latter
>>> part of your hiera hierarchy, the only puppet environment that needs to
>>> live forever is 'production'. Inside it, the hieradata has ALL the data for
>>> all of the node environments, so they actually all check into 'production'.
>>> The hierarchy value for the node environment can be a custom fact,
>>> calculated or a file on disk, so nodes can get the right node environment
>>> data from the puppet environment 'production'.
>>>
>>> :hierarchy:
>>> - "nodes/%{::trusted.certname}"
>>> - "node_env/%{node_env}"
>>> - "common"
>>>
>>> By differenting the various uses of the overloaded term 'environment' a
>>> bit, you can actually streamline your workflow quite a bit. Now all your
>>> data is in one place. When you create a feature branch for testing, you can
>>> then point the canary nodes to that branch (`puppet agent -t --environment
>>> ticket1234`, or putting `environment = ticket1234` in puppet.conf). Whether
>>> you're changing roles and profiles, hiera data, or the Puppetfile, it's
>>> contained in that branch, but you can actually have production, dev, qa
>>> nodes check into it and get the new results, so you aren't surprised when a
>>> Puppetfile change in dev trickles up to prod and suddenly things blow up.
>>> Of course, you need to have some canary nodes in each node environment (or
>>> place a LOT of trust in --noop mode) to get there, but I think that's a
>>> reasonable goal to work toward.
>>>
>>>
>>>
>>> Aside: I know we have discussed workflows and the various types of
>>> environments on this list quite a bit this Spring/Summer. Does anyone have
>>> a good reference article for this already, or do we need to come up with
>>> one? I think this is an important gap to fill.
>>>
>>>
>>> Rob Nelson
>>> rnel...@gmail.com
>>>
>>> On Thu, Aug 18, 2016 at 12:07 PM, Mike Sharpton
>>> wrote:
>>>
>>>> The static branches are basically Puppet environments
[Puppet Users] Re: Using puppet/apache
Found this additional_includes On Friday, 19 August 2016 10:39:07 UTC+10, Alex Samad wrote: > > Hi > > How to I set this > > >Options -Indexes > > > # x-frame > Header always append X-Frame-Options SAMEORIGIN > > But I want to do it outside of the vhost config, so its the default for > all vhosts ? > > And/or how can I do the DirectoryMatch inside a vhost - there isn't an > example in the readme. > > Alex > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/bc7b32d3-b547-4062-856a-af8db117fcb0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Puppet control, Hiera data, puppetfile, and r10k and git merging woes
Hi
I have recently gone through this problem.
I had initial thought to you different branches for the different
environments.
say
prod
uat
sim
inf
dev
But was advised best to go with production and testing.
so I have and I have used a grouping in my ENC to put machines into the
above groups. But I am about ready to go back to more branches again. Why
I have setup my profiles
my_ssh profile this handles all the general setup of ssh server and client
- standard across all machines
so my roles just include profile::my_ssh
My issue with this is if I want to now role out a change to my ssh setup I
can't isolate which box gets its, pot luck, wait long enough and they all
get it.
I am not sure its the best to go to each dev/uat machine and run puppet
--environment is the best solution plus my ENC sets the
environment .. don't want pesky dev guys change environments on me.
I don't want to have to create a new profile and attach it to the roles I
want to test on.
So I am thinking ... multiple branches is sounding good.
But im keen to see what comes out of this.
On Friday, 19 August 2016 02:24:58 UTC+10, Rob Nelson wrote:
>
> The term 'environment' is overloaded. In the context of puppet, I prefer
> to think of it as "a set of puppet code/data representing a branch of the
> controlrepo' (puppet environment), rather than 'an environment that nodes
> run in' (dev/qa/prod/etc) (node environment). Since you can make the latter
> part of your hiera hierarchy, the only puppet environment that needs to
> live forever is 'production'. Inside it, the hieradata has ALL the data for
> all of the node environments, so they actually all check into 'production'.
> The hierarchy value for the node environment can be a custom fact,
> calculated or a file on disk, so nodes can get the right node environment
> data from the puppet environment 'production'.
>
> :hierarchy:
> - "nodes/%{::trusted.certname}"
> - "node_env/%{node_env}"
> - "common"
>
> By differenting the various uses of the overloaded term 'environment' a
> bit, you can actually streamline your workflow quite a bit. Now all your
> data is in one place. When you create a feature branch for testing, you can
> then point the canary nodes to that branch (`puppet agent -t --environment
> ticket1234`, or putting `environment = ticket1234` in puppet.conf). Whether
> you're changing roles and profiles, hiera data, or the Puppetfile, it's
> contained in that branch, but you can actually have production, dev, qa
> nodes check into it and get the new results, so you aren't surprised when a
> Puppetfile change in dev trickles up to prod and suddenly things blow up.
> Of course, you need to have some canary nodes in each node environment (or
> place a LOT of trust in --noop mode) to get there, but I think that's a
> reasonable goal to work toward.
>
>
>
> Aside: I know we have discussed workflows and the various types of
> environments on this list quite a bit this Spring/Summer. Does anyone have
> a good reference article for this already, or do we need to come up with
> one? I think this is an important gap to fill.
>
>
> Rob Nelson
> rnel...@gmail.com
>
> On Thu, Aug 18, 2016 at 12:07 PM, Mike Sharpton > wrote:
>
>> The static branches are basically Puppet environments in which nodes are
>> bound/pointed to them in their puppet.conf. This way we can open CR's per
>> set of nodes and move up the chain. Also, I may have found another option
>> on Gary's site. We could r10k our hiera data and split it from our control
>> repo. More to come. Thanks again for thoughts.
>>
>>
>> On Thursday, August 18, 2016 at 10:00:01 AM UTC-5, Christopher Wood wrote:
>>
>>> I'm missing why you need static branches. I'm picturing something more
>>> like:
>>>
>>> git checkout production
>>> git checkout -b ticket1234
>>> # make changes, commit, push, test, repeat
>>> git merge production # catch up on any prod changes, retest
>>> git tag ticket.1234
>>> git checkout production
>>> git merge ticket1234
>>> git branch -d ticket1234
>>>
>>> That way everybody's changes are working pretty close to what production
>>> is right now.
>>>
>>> The alternatives are curating your branches, periodically re-branching
>>> from production, or just accepting the current state, as near as I can tell
>>> off the cuff. If you want to maintain something it requires maintenance
>>> work no matter the tool you pick.
>>>
>>>
>>> On Thu, Aug 18, 2016 at 05:27:40AM -0700, Mike Sharpton wrote:
>>> >Thanks for your reply. We based our initial design on shit Gary
>>> says.
>>> > This may be our only option as you say, to have hiera data changes
>>> made
>>> >to each static branch/puppet environment by hand and not merge. We
>>> need
>>> >the static branches for separation of Puppet environments. Problem
>>> with
>>> >this approach is humans will make errors between each branch
>>> sometimes or
>>> >always.
[Puppet Users] Using puppet/apache
Hi How to I set this Options -Indexes # x-frame Header always append X-Frame-Options SAMEORIGIN But I want to do it outside of the vhost config, so its the default for all vhosts ? And/or how can I do the DirectoryMatch inside a vhost - there isn't an example in the readme. Alex -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/d2bb4d9e-fbfb-4d0c-ae7e-7f9b1018963f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: how to ensure LVM created before installing postgres
Hi
# setup postgres
postgresql::server::db { 'bitbucket':
user => $butbucketuser,
password => postgresql_password( $butbucketuser , $bitbucketpass ),
}
class { 'bitbucket':
# fix to version 8
javahome=> '/usr/java/java8',
version=> '4.8.3',
installdir => '/apps/atlassian/atlassian-bitbucket',
homedir=> '/apps/atlassian/application-data/bitbucket-home',
uid => 525,
gid => 525,
dbpassword => $bitbucketpass,
service_manage => false,
jvm_xms=> '1G',
jvm_xmx=> '4G',
proxy => {
scheme => 'https',
proxyName=> 'bitbucket.yieldbroker.com',
proxyPort=> '443',
},
tomcat_port=> '7991'
require => postgresql::server::db['bitbucket'],
this seems to fail, how do I make the DB a require for bitbucket install ?
A
On Tuesday, 16 August 2016 11:16:48 UTC+10, Alex Samad wrote:
>
> Hi
>
> I would like to setup my LVM first
> PV
> VG
> PV
> mount that in /var/lib/pgsql/9.2/data and then use
>
> # default
> class { 'postgresql::globals':
> manage_package_repo => false,
> version => '9.2',
> }->
> class { 'postgresql::server':
> }
>
>
> now for testing I haven't installed /dev/sdc which is my phys disk for the
> vg..
>
> I would like the install of postgress to fail
>
>
>
> # predefined mounts
> # not done via lvm - can't do labels !
>
> # setup PG Data directory first
> file { '/var/lib/pgsql':
> ensure => 'directory',
> group=> '26',
> mode => '0700',
> owner=> '26',
> }
>
> file { '/var/lib/pgsql/9.2/':
> ensure => 'directory',
> group=> '26',
> mode => '0700',
> owner=> '26',
> }
>
> # incuded as part of the postgres module
> #file { '/var/lib/pgsql/9.2/data':
> # ensure => 'directory',
> # group=> '26',
> # mode => '0700',
> # owner=> '26',
> #}
>
> filesystem { '/dev/vg_pgdata/lv_pgdata':
> ensure => 'present',
> fs_type => 'ext4',
> options => '-L ybPGData',
> }
>
> mount { '/var/lib/pgsql/9.2/data':
> ensure => 'mounted',
> device => 'LABEL=ybPGData',
> dump=> '1',
> fstype => 'ext4',
> options => 'defaults',
> pass=> '2',
> target => '/etc/fstab',
> }
>
> volume_group { 'vg_pgdata':
> ensure => present,
> physical_volumes => '/dev/sdc1'
> }
>
> logical_volume { 'lv_pgdata':
> ensure => present,
> volume_group => 'vg_pgdata',
> size => '20G',
> }
>
>
>
> #
> # latest postgres rpm
> #
> package { 'pgdg-centos92-repo':
> name => 'pgdg-centos92',
> ensure => 'installed',
> provider => 'rpm',
> source => '
> https://download.postgresql.org/pub/repos/yum/9.2/redhat/rhel-6-x86_64/pgdg-centos92-9.2-7.noarch.rpm
> ',
> install_options => [
> '--httpproxy',
> 'proxyyb',
> '--httpport',
> '3128',
> ]
> }
>
> # have to overwrite the repo file
> file { 're_pgdg-centos92':
> ensure => present,
> path => '/etc/yum.repos.d/pgdg-92-centos.repo',
> content => file('profile/ybpostgresql92/pgdg-92-centos.repo'),
> owner => 'root',
> group => 'root',
> mode => 'u=rw,g=r,o=r',
> }
>
>
> # default
> class { 'postgresql::globals':
> manage_package_repo => false,
> version => '9.2',
> }->
> class { 'postgresql::server':
> }
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/bc4a3e02-58dd-4e54-bcac-15c1cb7f87fb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: how to ensure LVM created before installing postgres
HI
So got this to work
volume_group { 'vg_pgdata':
ensure => present,
physical_volumes => '/dev/sdc1'
}
logical_volume { 'lv_pgdata92':
ensure => present,
volume_group => 'vg_pgdata',
require => Volume_Group['vg_pgdata'],
}
Also found out that I can't have spaces between File and [
so
File[ is difference from File [
Not sure I fully understand the [] and the difference between
{ '':}
A
On Wednesday, 17 August 2016 09:44:42 UTC+10, Alex Samad wrote:
>
> Hi
>
> Just tried this
>
>
> logical_volume { 'lv_pgdata92':
> ensure => present,
> volume_group => 'vg_pgdata',
>
> requires => volume_group { 'vg_pgdata':
> ensure => present,
> physical_volumes => '/dev/sdc1'
> }
>
> Got this
> Error: Could not retrieve catalog from remote server: Error 400 on SERVER:
> Evaluation Error: Error while evaluating a Resource Statement, Syntax error
> at '{' at
> /etc/puppetlabs/code/environments/testing/site/profile/manifests/ybpostgresql92.pp:51:32
>
> on node bitbucket.yieldbroker.com
> W
>
>
> On Wednesday, 17 August 2016 09:27:29 UTC+10, Alex Samad wrote:
>>
>> Okay
>>
>> that sounds okay, how do I add fatal call to it to stop it processing any
>> more
>>
>> Alex
>>
>> On Tuesday, 16 August 2016 17:53:33 UTC+10, Gavin Williams wrote:
>>>
>>> Alex
>>>
>>> You're looking for 'Requires' - See
>>> https://docs.puppet.com/puppet/latest/reference/lang_relationships.html
>>>
>>> Basically, you can add "requires => Logical_Volume['lv_pgdata']" to the
>>> 'postgresql::server' class, and if the Logical_Volume resource fails for
>>> whatever reason, then the 'postgresql::server' class will be skipped...
>>>
>>> HTH
>>>
>>> Gav
>>>
>>>> [snip]
>>>>
>>>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/b6ea0bad-ef0b-4e5b-85af-3bd6bbba7b03%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: how to ensure LVM created before installing postgres
Hi
Just tried this
logical_volume { 'lv_pgdata92':
ensure => present,
volume_group => 'vg_pgdata',
requires => volume_group { 'vg_pgdata':
ensure => present,
physical_volumes => '/dev/sdc1'
}
Got this
Error: Could not retrieve catalog from remote server: Error 400 on SERVER:
Evaluation Error: Error while evaluating a Resource Statement, Syntax error
at '{' at
/etc/puppetlabs/code/environments/testing/site/profile/manifests/ybpostgresql92.pp:51:32
on node bitbucket.yieldbroker.com
W
On Wednesday, 17 August 2016 09:27:29 UTC+10, Alex Samad wrote:
>
> Okay
>
> that sounds okay, how do I add fatal call to it to stop it processing any
> more
>
> Alex
>
> On Tuesday, 16 August 2016 17:53:33 UTC+10, Gavin Williams wrote:
>>
>> Alex
>>
>> You're looking for 'Requires' - See
>> https://docs.puppet.com/puppet/latest/reference/lang_relationships.html
>>
>> Basically, you can add "requires => Logical_Volume['lv_pgdata']" to the
>> 'postgresql::server' class, and if the Logical_Volume resource fails for
>> whatever reason, then the 'postgresql::server' class will be skipped...
>>
>> HTH
>>
>> Gav
>>
>> On Tuesday, 16 August 2016 02:16:48 UTC+1, Alex Samad wrote:
>>>
>>> Hi
>>>
>>> I would like to setup my LVM first
>>> PV
>>> VG
>>> PV
>>> mount that in /var/lib/pgsql/9.2/data and then use
>>>
>>> # default
>>> class { 'postgresql::globals':
>>> manage_package_repo => false,
>>> version => '9.2',
>>> }->
>>> class { 'postgresql::server':
>>> }
>>>
>>>
>>> now for testing I haven't installed /dev/sdc which is my phys disk for
>>> the vg..
>>>
>>> I would like the install of postgress to fail
>>>
>>>
>>>
>>> # predefined mounts
>>> # not done via lvm - can't do labels !
>>>
>>> # setup PG Data directory first
>>> file { '/var/lib/pgsql':
>>> ensure => 'directory',
>>> group=> '26',
>>> mode => '0700',
>>> owner=> '26',
>>> }
>>>
>>> file { '/var/lib/pgsql/9.2/':
>>> ensure => 'directory',
>>> group=> '26',
>>> mode => '0700',
>>> owner=> '26',
>>> }
>>>
>>> # incuded as part of the postgres module
>>> #file { '/var/lib/pgsql/9.2/data':
>>> # ensure => 'directory',
>>> # group=> '26',
>>> # mode => '0700',
>>> # owner=> '26',
>>> #}
>>>
>>> filesystem { '/dev/vg_pgdata/lv_pgdata':
>>> ensure => 'present',
>>> fs_type => 'ext4',
>>> options => '-L ybPGData',
>>> }
>>>
>>> mount { '/var/lib/pgsql/9.2/data':
>>> ensure => 'mounted',
>>> device => 'LABEL=ybPGData',
>>> dump=> '1',
>>> fstype => 'ext4',
>>> options => 'defaults',
>>> pass=> '2',
>>> target => '/etc/fstab',
>>> }
>>>
>>> volume_group { 'vg_pgdata':
>>> ensure => present,
>>> physical_volumes => '/dev/sdc1'
>>> }
>>>
>>> logical_volume { 'lv_pgdata':
>>> ensure => present,
>>> volume_group => 'vg_pgdata',
>>> size => '20G',
>>> }
>>>
>>>
>>>
>>> #
>>> # latest postgres rpm
>>> #
>>> package { 'pgdg-centos92-repo':
>>> name => 'pgdg-centos92',
>>> ensure => 'installed',
>>> provider => 'rpm',
>>> source => '
>>> https://download.postgresql.org/pub/repos/yum/9.2/redhat/rhel-6-x86_64/pgdg-centos92-9.2-7.noarch.rpm
>>> ',
>>> install_options => [
>>> '--httpproxy',
>>> 'proxyyb',
>>> '--httpport',
>>> '3128',
>>> ]
>>> }
>>>
>>> # have to overwrite the repo file
>>> file { 're_pgdg-centos92':
>>> ensure => present,
>>> path => '/etc/yum.repos.d/pgdg-92-centos.repo',
>>> content => file('profile/ybpostgresql92/pgdg-92-centos.repo'),
>>> owner => 'root',
>>> group => 'root',
>>> mode => 'u=rw,g=r,o=r',
>>> }
>>>
>>>
>>> # default
>>> class { 'postgresql::globals':
>>> manage_package_repo => false,
>>> version => '9.2',
>>> }->
>>> class { 'postgresql::server':
>>> }
>>>
>>>
>>>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/ae190c4f-88e5-47b5-bc23-87966d42b227%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: how to ensure LVM created before installing postgres
Okay
that sounds okay, how do I add fatal call to it to stop it processing any
more
Alex
On Tuesday, 16 August 2016 17:53:33 UTC+10, Gavin Williams wrote:
>
> Alex
>
> You're looking for 'Requires' - See
> https://docs.puppet.com/puppet/latest/reference/lang_relationships.html
>
> Basically, you can add "requires => Logical_Volume['lv_pgdata']" to the
> 'postgresql::server' class, and if the Logical_Volume resource fails for
> whatever reason, then the 'postgresql::server' class will be skipped...
>
> HTH
>
> Gav
>
> On Tuesday, 16 August 2016 02:16:48 UTC+1, Alex Samad wrote:
>>
>> Hi
>>
>> I would like to setup my LVM first
>> PV
>> VG
>> PV
>> mount that in /var/lib/pgsql/9.2/data and then use
>>
>> # default
>> class { 'postgresql::globals':
>> manage_package_repo => false,
>> version => '9.2',
>> }->
>> class { 'postgresql::server':
>> }
>>
>>
>> now for testing I haven't installed /dev/sdc which is my phys disk for
>> the vg..
>>
>> I would like the install of postgress to fail
>>
>>
>>
>> # predefined mounts
>> # not done via lvm - can't do labels !
>>
>> # setup PG Data directory first
>> file { '/var/lib/pgsql':
>> ensure => 'directory',
>> group=> '26',
>> mode => '0700',
>> owner=> '26',
>> }
>>
>> file { '/var/lib/pgsql/9.2/':
>> ensure => 'directory',
>> group=> '26',
>> mode => '0700',
>> owner=> '26',
>> }
>>
>> # incuded as part of the postgres module
>> #file { '/var/lib/pgsql/9.2/data':
>> # ensure => 'directory',
>> # group=> '26',
>> # mode => '0700',
>> # owner=> '26',
>> #}
>>
>> filesystem { '/dev/vg_pgdata/lv_pgdata':
>> ensure => 'present',
>> fs_type => 'ext4',
>> options => '-L ybPGData',
>> }
>>
>> mount { '/var/lib/pgsql/9.2/data':
>> ensure => 'mounted',
>> device => 'LABEL=ybPGData',
>> dump=> '1',
>> fstype => 'ext4',
>> options => 'defaults',
>> pass=> '2',
>> target => '/etc/fstab',
>> }
>>
>> volume_group { 'vg_pgdata':
>> ensure => present,
>> physical_volumes => '/dev/sdc1'
>> }
>>
>> logical_volume { 'lv_pgdata':
>> ensure => present,
>> volume_group => 'vg_pgdata',
>> size => '20G',
>> }
>>
>>
>>
>> #
>> # latest postgres rpm
>> #
>> package { 'pgdg-centos92-repo':
>> name => 'pgdg-centos92',
>> ensure => 'installed',
>> provider => 'rpm',
>> source => '
>> https://download.postgresql.org/pub/repos/yum/9.2/redhat/rhel-6-x86_64/pgdg-centos92-9.2-7.noarch.rpm
>> ',
>> install_options => [
>> '--httpproxy',
>> 'proxyyb',
>> '--httpport',
>> '3128',
>> ]
>> }
>>
>> # have to overwrite the repo file
>> file { 're_pgdg-centos92':
>> ensure => present,
>> path => '/etc/yum.repos.d/pgdg-92-centos.repo',
>> content => file('profile/ybpostgresql92/pgdg-92-centos.repo'),
>> owner => 'root',
>> group => 'root',
>> mode => 'u=rw,g=r,o=r',
>> }
>>
>>
>> # default
>> class { 'postgresql::globals':
>> manage_package_repo => false,
>> version => '9.2',
>> }->
>> class { 'postgresql::server':
>> }
>>
>>
>>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/af895f2a-3bf7-4e93-86cb-d6a9db877c4a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[Puppet Users] how to ensure LVM created before installing postgres
Hi
I would like to setup my LVM first
PV
VG
PV
mount that in /var/lib/pgsql/9.2/data and then use
# default
class { 'postgresql::globals':
manage_package_repo => false,
version => '9.2',
}->
class { 'postgresql::server':
}
now for testing I haven't installed /dev/sdc which is my phys disk for the
vg..
I would like the install of postgress to fail
# predefined mounts
# not done via lvm - can't do labels !
# setup PG Data directory first
file { '/var/lib/pgsql':
ensure => 'directory',
group=> '26',
mode => '0700',
owner=> '26',
}
file { '/var/lib/pgsql/9.2/':
ensure => 'directory',
group=> '26',
mode => '0700',
owner=> '26',
}
# incuded as part of the postgres module
#file { '/var/lib/pgsql/9.2/data':
# ensure => 'directory',
# group=> '26',
# mode => '0700',
# owner=> '26',
#}
filesystem { '/dev/vg_pgdata/lv_pgdata':
ensure => 'present',
fs_type => 'ext4',
options => '-L ybPGData',
}
mount { '/var/lib/pgsql/9.2/data':
ensure => 'mounted',
device => 'LABEL=ybPGData',
dump=> '1',
fstype => 'ext4',
options => 'defaults',
pass=> '2',
target => '/etc/fstab',
}
volume_group { 'vg_pgdata':
ensure => present,
physical_volumes => '/dev/sdc1'
}
logical_volume { 'lv_pgdata':
ensure => present,
volume_group => 'vg_pgdata',
size => '20G',
}
#
# latest postgres rpm
#
package { 'pgdg-centos92-repo':
name => 'pgdg-centos92',
ensure => 'installed',
provider => 'rpm',
source =>
'https://download.postgresql.org/pub/repos/yum/9.2/redhat/rhel-6-x86_64/pgdg-centos92-9.2-7.noarch.rpm',
install_options => [
'--httpproxy',
'proxyyb',
'--httpport',
'3128',
]
}
# have to overwrite the repo file
file { 're_pgdg-centos92':
ensure => present,
path => '/etc/yum.repos.d/pgdg-92-centos.repo',
content => file('profile/ybpostgresql92/pgdg-92-centos.repo'),
owner => 'root',
group => 'root',
mode => 'u=rw,g=r,o=r',
}
# default
class { 'postgresql::globals':
manage_package_repo => false,
version => '9.2',
}->
class { 'postgresql::server':
}
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/1a228b97-3b47-43a7-95e0-ff1d5cf0f6fd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] managing vmware-tools with puppet
Hi
from the KB
OVT is available with these operating systems:
Red Hat Enterprise Linux 7.0 and later releases
CentOS 7.0 and later releases
I'm C6. but it looks like its in the EPEL repo.
A
On 12 August 2016 at 11:27, Rob Nelson wrote:
> There's nothing wrong with them being 3rd party, it's just cannot tell if
> those are the latest version available for the guest OS.
>
>
> On Thursday, August 11, 2016, Alex Samad wrote:
>>
>> Hi
>>
>> Thanks, very interesting, I had recently been testing with them. But
>> they show up in VC as 3rd party... I will check out the KB.
>>
>>
>> Thanks
>> Alex
>>
>> On 11 August 2016 at 22:03, Rob Nelson wrote:
>> > This. open-vm-tools upgrades seamlessly if you upgrade your kernel, the
>> > official tools do not. They are only recommended when open-vm-tools is
>> > not
>> > available.https://kb.vmware.com/kb/2073803 under VMware Support Policy.
>> > I
>> > mention this because the official tools will be present, but not synced
>> > with
>> > the new kernel version, so won't be considered Running by vSphere, even
>> > though the processes themselves are running in the Guest OS, which is
>> > impossible to ascertain from inside the Guest OS. That's best discovered
>> > through any one of the vSphere APIs (like PowerCLI) and then use other
>> > tools/actions to remediate your findings, like VUM.
>> >
>> >
>> > Rob Nelson
>> > rnels...@gmail.com
>> >
>> > On Thu, Aug 11, 2016 at 7:00 AM, Dan White wrote:
>> >>
>> >> Did you know that VMWare encourages the use of the open-vm-tools ?
>> >> You might want to reconsider.
>> >>
>> >> Dan White | d_e_wh...@icloud.com
>> >>
>> >> “Sometimes I think the surest sign that intelligent life exists
>> >> elsewhere
>> >> in the universe is that none of it has tried to contact us.” (Bill
>> >> Waterson: Calvin & Hobbes)
>> >>
>> >>
>> >> On Aug 11, 2016, at 01:21 AM, Alex Samad wrote:
>> >>
>> >> HI
>> >>
>> >> Yes went to puppet forge first, but .. the vmtools module use the
>> >> opensource vmtools package, which I could use, but we have decided to
>> >> stick with the office install from vmware. and I don't see one of
>> >> those anywhere.
>> >>
>> >> Thanks
>> >>
>> >> Alex
>> >>
>> >> On 11 August 2016 at 14:12, Nick Cammorato
>> >> wrote:
>> >>
>> >> So setting aside if this is a good idea or not, you can do this in a
>> >>
>> >> single exec resource. Look at
>> >>
>> >> https://docs.puppet.com/puppet/latest/reference/types/exec.html
>> >>
>> >>
>> >> Pay particular attention to onlyif, refreshonly, unless, and creates.
>> >>
>> >> Used either alone or in concert with the file resource type
>> >>
>> >>
>> >>
>> >> (https://docs.puppet.com/puppet/4.6/reference/types/file.html#file-attribute-source),
>> >>
>> >> you can set up something roughly like:
>> >>
>> >> file { 'somepath/vmtools.tar.gz': source =>
>> >>
>> >> 'http://somesite/vmtools.tar.gz', notify => exec['vmtoolsinst'] } ->
>> >>
>> >> exec { 'vmtoolsinst': command => 'stuffs', refreshonly => true }
>> >>
>> >>
>> >> which will download the file then run a command on it if it had to
>> >>
>> >> download the file. You could also chain execs ala:
>> >>
>> >> exec { 'curl -o somepath http://somesite/vmtoolsd': onlyif =>
>> >>
>> >> 'shell eval of vmware-toolbox-cmd -v output', notify => vmtoolsinst }
>> >>
>> >> exec { 'vmtoolsinst': command => 'stuffs', refreshonly => true }
>> >>
>> >>
>> >> Now going beyond that, you could add in a custom fact to capture the
>> >>
>> >> value of vmware-toolbox-cmd. This would look something like:
>> >>
>> >> Facter.add('vmtools-toolbox-cmd') do
>> >>
>> >> setcode do
>> >>
>> >> Facter::Core::Execution.exec(' vmware-toolbox-c
Re: [Puppet Users] managing vmware-tools with puppet
Hi
Thanks, very interesting, I had recently been testing with them. But
they show up in VC as 3rd party... I will check out the KB.
Thanks
Alex
On 11 August 2016 at 22:03, Rob Nelson wrote:
> This. open-vm-tools upgrades seamlessly if you upgrade your kernel, the
> official tools do not. They are only recommended when open-vm-tools is not
> available.https://kb.vmware.com/kb/2073803 under VMware Support Policy. I
> mention this because the official tools will be present, but not synced with
> the new kernel version, so won't be considered Running by vSphere, even
> though the processes themselves are running in the Guest OS, which is
> impossible to ascertain from inside the Guest OS. That's best discovered
> through any one of the vSphere APIs (like PowerCLI) and then use other
> tools/actions to remediate your findings, like VUM.
>
>
> Rob Nelson
> rnels...@gmail.com
>
> On Thu, Aug 11, 2016 at 7:00 AM, Dan White wrote:
>>
>> Did you know that VMWare encourages the use of the open-vm-tools ?
>> You might want to reconsider.
>>
>> Dan White | d_e_wh...@icloud.com
>>
>> “Sometimes I think the surest sign that intelligent life exists elsewhere
>> in the universe is that none of it has tried to contact us.” (Bill
>> Waterson: Calvin & Hobbes)
>>
>>
>> On Aug 11, 2016, at 01:21 AM, Alex Samad wrote:
>>
>> HI
>>
>> Yes went to puppet forge first, but .. the vmtools module use the
>> opensource vmtools package, which I could use, but we have decided to
>> stick with the office install from vmware. and I don't see one of
>> those anywhere.
>>
>> Thanks
>>
>> Alex
>>
>> On 11 August 2016 at 14:12, Nick Cammorato
>> wrote:
>>
>> So setting aside if this is a good idea or not, you can do this in a
>>
>> single exec resource. Look at
>>
>> https://docs.puppet.com/puppet/latest/reference/types/exec.html
>>
>>
>> Pay particular attention to onlyif, refreshonly, unless, and creates.
>>
>> Used either alone or in concert with the file resource type
>>
>>
>> (https://docs.puppet.com/puppet/4.6/reference/types/file.html#file-attribute-source),
>>
>> you can set up something roughly like:
>>
>> file { 'somepath/vmtools.tar.gz': source =>
>>
>> 'http://somesite/vmtools.tar.gz', notify => exec['vmtoolsinst'] } ->
>>
>> exec { 'vmtoolsinst': command => 'stuffs', refreshonly => true }
>>
>>
>> which will download the file then run a command on it if it had to
>>
>> download the file. You could also chain execs ala:
>>
>> exec { 'curl -o somepath http://somesite/vmtoolsd': onlyif =>
>>
>> 'shell eval of vmware-toolbox-cmd -v output', notify => vmtoolsinst }
>>
>> exec { 'vmtoolsinst': command => 'stuffs', refreshonly => true }
>>
>>
>> Now going beyond that, you could add in a custom fact to capture the
>>
>> value of vmware-toolbox-cmd. This would look something like:
>>
>> Facter.add('vmtools-toolbox-cmd') do
>>
>> setcode do
>>
>> Facter::Core::Execution.exec(' vmware-toolbox-cmd -v')
>>
>> end
>>
>> end
>>
>>
>> You would then be able to do logic based off this fact.
>>
>>
>> Really though, you should just use the forge - there's a puppet
>>
>> approved module for vmtools:
>>
>> https://forge.puppet.com/razorsedge/vmwaretools
>>
>>
>> HTH,
>>
>> --Nick
>>
>>
>> On Wed, Aug 10, 2016 at 11:45 PM, Alex Samad wrote:
>>
>> Hi
>>
>>
>> so I have a repo of vmware-tools.*.tgz files located at a website.
>>
>>
>> how do I build a module to check
>>
>> 1) is vmware tool install - check does vmware-toolbox-cmd exist
>>
>> 2) is it the right version - check for current version is
>> vmware-toolbox-cmd
>>
>> -v
>>
>>
>> I want to add version number into my hiera DB. think i have worked out.
>> but
>>
>> not sure how to do the client test.
>>
>>
>> I am guessing (psydo code)
>>
>>
>> if exist vmware-toolbox-cmd and if vmware-toolbox-cmd -v >= >
>> wanted>
>>
>> then
>>
>> do nothing
>>
>> else
>>
>> wget file
>>
>> run vmware-install
>>
>> fi
>>
>>
>>
>>
>>
Re: [Puppet Users] managing vmware-tools with puppet
HI
Yes went to puppet forge first, but .. the vmtools module use the
opensource vmtools package, which I could use, but we have decided to
stick with the office install from vmware. and I don't see one of
those anywhere.
Thanks
Alex
On 11 August 2016 at 14:12, Nick Cammorato wrote:
> So setting aside if this is a good idea or not, you can do this in a
> single exec resource. Look at
> https://docs.puppet.com/puppet/latest/reference/types/exec.html
>
> Pay particular attention to onlyif, refreshonly, unless, and creates.
> Used either alone or in concert with the file resource type
> (https://docs.puppet.com/puppet/4.6/reference/types/file.html#file-attribute-source),
> you can set up something roughly like:
> file { 'somepath/vmtools.tar.gz': source =>
> 'http://somesite/vmtools.tar.gz', notify => exec['vmtoolsinst'] } ->
> exec { 'vmtoolsinst': command => 'stuffs', refreshonly => true }
>
> which will download the file then run a command on it if it had to
> download the file. You could also chain execs ala:
>exec { 'curl -o somepath http://somesite/vmtoolsd': onlyif =>
> 'shell eval of vmware-toolbox-cmd -v output', notify => vmtoolsinst }
>exec { 'vmtoolsinst': command => 'stuffs', refreshonly => true }
>
> Now going beyond that, you could add in a custom fact to capture the
> value of vmware-toolbox-cmd. This would look something like:
> Facter.add('vmtools-toolbox-cmd') do
> setcode do
> Facter::Core::Execution.exec(' vmware-toolbox-cmd -v')
> end
> end
>
> You would then be able to do logic based off this fact.
>
> Really though, you should just use the forge - there's a puppet
> approved module for vmtools:
> https://forge.puppet.com/razorsedge/vmwaretools
>
> HTH,
> --Nick
>
> On Wed, Aug 10, 2016 at 11:45 PM, Alex Samad wrote:
>> Hi
>>
>> so I have a repo of vmware-tools.*.tgz files located at a website.
>>
>> how do I build a module to check
>> 1) is vmware tool install - check does vmware-toolbox-cmd exist
>> 2) is it the right version - check for current version is vmware-toolbox-cmd
>> -v
>>
>> I want to add version number into my hiera DB. think i have worked out. but
>> not sure how to do the client test.
>>
>> I am guessing (psydo code)
>>
>> if exist vmware-toolbox-cmd and if vmware-toolbox-cmd -v >= > wanted>
>> then
>> do nothing
>> else
>> wget file
>> run vmware-install
>> fi
>>
>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/puppet-users/7e990f42-22b6-4aff-8887-83768e086cb8%40googlegroups.com.
>> For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to a topic in the Google
> Groups "Puppet Users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/puppet-users/zjoK2eEPhDg/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/CAKJ8awfg4Z1ZoWXsvtykZjFOJ7%3DwqKSYoFi5q%3DJkZwq90o1ugw%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAJ%2BQ1PUCVcvxWdP%2BxR5kHVjVHcMmbaPx%3DNfOK_nvrkE3udq0bw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
[Puppet Users] managing vmware-tools with puppet
Hi so I have a repo of vmware-tools.*.tgz files located at a website. how do I build a module to check 1) is vmware tool install - check does vmware-toolbox-cmd exist 2) is it the right version - check for current version is vmware-toolbox-cmd -v I want to add version number into my hiera DB. think i have worked out. but not sure how to do the client test. I am guessing (psydo code) if exist vmware-toolbox-cmd and if vmware-toolbox-cmd -v >= then do nothing else wget file run vmware-install fi -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/7e990f42-22b6-4aff-8887-83768e086cb8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Re: puppet lvm module
Hi Sorry new to puppet, not sure which mechinism your talking about. from the file listing find modules/lvm/ | grep -i filesy modules/lvm/lib/puppet/type/filesystem.rb modules/lvm/lib/puppet/provider/filesystem modules/lvm/lib/puppet/provider/filesystem/lvm.rb modules/lvm/lib/puppet/provider/filesystem/aix.rb modules/lvm/spec/unit/puppet/type/filesystem_spec.rb modules/lvm/spec/unit/puppet/provider/filesystem modules/lvm/spec/unit/puppet/provider/filesystem/lvm_spec.rb modules/lvm/spec/unit/type/filesystem_spec.rb I presume the ./lib directory is what is injecting it into the system what do i look up in the documents to learn more about this ? On 8 August 2016 at 23:14, jcbollinger wrote: > > > On Monday, August 8, 2016 at 2:38:35 AM UTC-5, Alex Samad wrote: >> >> So it seems like i can access it as just filesystem >> >> Why is that, i presume it comes from the puppet/lvm module ??? > > > Custom types are implemented via the same mechanisms that the types included > in the base package are implemented, and that mechanism has always provided > a single, flat namespace for all types. There are technical challenges to > changing the current implementation in that regard, though I'm sure those > could be overcome if there were sufficient motivation. In any case, all > types implemented as native types belong to the top scope, whether they are > included in the base Puppet distribution or not. You'll see this with other > modules, too, such as the stdlib's file_line. > > > John > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Puppet Users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/puppet-users/1-M_qx9dR2U/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/b9a93808-1863-4ce3-bc0a-94af33127574%40googlegroups.com. > > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAJ%2BQ1PWpmmCh5iZwC8-WY0NWvLTVt5UMb9-G_OUD-pOTjY8%3DLA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: puppet lvm module
So it seems like i can access it as just filesystem
Why is that, i presume it comes from the puppet/lvm module ???
On Monday, 8 August 2016 17:11:50 UTC+10, Alex Samad wrote:
>
> Hi
>
> is it possible to access the filesystem type in the puppet/lvm module.
>
> in my module I tried doing this
>
> lvm::filesystem { '/dev/vg_data/varlogyb':
> ensure => true,
> fs_type => 'ext4',
> options => '-L varlogyb',
> }
>
> but that errored out
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/3e61aa0f-2e21-4e2f-9632-482be5001828%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[Puppet Users] puppet lvm module
Hi
is it possible to access the filesystem type in the puppet/lvm module.
in my module I tried doing this
lvm::filesystem { '/dev/vg_data/varlogyb':
ensure => true,
fs_type => 'ext4',
options => '-L varlogyb',
}
but that errored out
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/c084ad8e-066c-42d6-85dd-f9f9b4718ac2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Puppet LVM and FS Label
Hi
I am using https://forge.puppet.com/puppetlabs/lvm
in my hiera yaml file I have
lvm::volume_groups:
vg_data:
# not used but needed
physical_volumes:
- /dev/sdb1
#createonly: false
# defined standard soe Centos 1.6
logical_volumes:
varlogyb:
size: 10G
#mountpath: /var/log/yb
#mountpath_require: true
in my module I have
# yb log
file { '/var/log/yb/':
ensure => 'directory',
group=> '0',
mode => '0755',
owner=> '0',
}
mount { '/var/log/yb/':
ensure => 'mounted',
device => 'LABEL=varlogyb',
dump=> '1',
fstype => 'ext4',
options => 'defaults',
pass=> '2',
target => '/etc/fstab',
}
The second part isn't linking in.
In fstab I want the FS loaded by LABEL.
there are 2 lines in the fstan one from the mount above and one from the
hiera above.
the filesystem was created for varlogyb but without a volume name
I tried adding in this to my yaml file
lvm::filesystem:
/dev/vg_data/varlogyb:
fs_type => 'ext4',
options => '-L varlogyb',
but hasn't seemed to have worked.
slightly confused on how to get it working now .
my fstab looks like
LABEL=varlogyb /var/log/yb ext4defaults1 2
/dev/vg_data/varlogyb /varlogyb ext4defaults1 2
don't really want to use the bottom one, would rather use the top one ...
A
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/4af71fb9-2fae-4ac4-ab47-91323b402680%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Re: Puppet .... ruby regex
So Puppet DSL is ruby like then
Think thats where I was going wrong. I went to the ruby page
Craig & Robert thanks.
Alex
On Friday, 5 August 2016 00:50:54 UTC+10, R.I. Pienaar wrote:
>
>
>
> - Original Message -
> > From: "Robert Poulson" >
> > To: "puppet-users" >
> > Sent: Thursday, 4 August, 2016 16:42:21
> > Subject: Re: [Puppet Users] Re: Puppet ruby regex
>
> >>
> >> $pp_shortcertname= "${trusted['certname']}".match(/([^.]+)\./)[1]
> >>
> >> not sure I fully understand why this works and [] doesn't.
> >>
> >> Not 100% sure I understand what the [1] does !
> >>
> >
> > The parentheses are for capturing the matching text, and \1 for re-using
> it
> > as a backreference; [1] outside of the pattern.
> >
> > See
> http://ruby-doc.org/core-2.1.1/Regexp.html#class-Regexp-label-Capturing
>
> this is not a ruby question, the code in question is PUPPET DSL.
>
> The DSL match function looks for a regex and returns what it finds and any
> capture groups.
>
> You access the 2nd item in the array as array[1]
>
> if certname if hostname.domain.name
>
> $matches = $trusted["certname"].match(/([^.]+)\./)
>
> Here $matches will have ["hostname.", "hostname"]
>
> and $matches[1] will fetch "hostname"
>
> https://docs.puppet.com/puppet/latest/reference/function.html#match
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/59508afd-d498-4f8c-8fa6-36bc4acdc9e6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: Puppet .... ruby regex
so got to this
$pp_shortcertname= "${trusted['certname']}".match(/([^.]+)\./)[1]
not sure I fully understand why this works and [] doesn't.
Not 100% sure I understand what the [1] does !
A
On Thursday, 4 August 2016 16:17:55 UTC+10, Alex Samad wrote:
>
> Hi
>
> I want to take ${trusted['certname']} and extract the hostname short form
> from it.
>
> so if i had thisbox.abc.com.au. I would like to get just thisbox
>
> I have tried this
>
> $pp_shortcertname= "${trusted['certname']}[/bitbucket/]"
>
> doesn't work , tried this
>
> $pp_shortcertname= "${trusted['certname']}"[/bitbucket/]
>
> error cannot convert to numeric error.
>
> and
>
> $pp_shortcertname= ${trusted['certname']}[/bitbucket/]
>
> doesn't work
>
> ??? bit lost ...
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/f00fb4b2-75d2-4144-a31c-b8114c1d3078%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Puppet .... ruby regex
Hi
I want to take ${trusted['certname']} and extract the hostname short form
from it.
so if i had thisbox.abc.com.au. I would like to get just thisbox
I have tried this
$pp_shortcertname= "${trusted['certname']}[/bitbucket/]"
doesn't work , tried this
$pp_shortcertname= "${trusted['certname']}"[/bitbucket/]
error cannot convert to numeric error.
and
$pp_shortcertname= ${trusted['certname']}[/bitbucket/]
doesn't work
??? bit lost ...
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/fef84686-a69c-4515-b28a-2d8ff5e0e858%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Re: Something wrong with classification and hiera
Thanks On Thursday, 21 July 2016 11:31:46 UTC+10, R.I. Pienaar wrote: > > > > - Original Message - > > From: "Alex Samad" > > > To: "puppet-users" > > > Sent: Wednesday, 20 July, 2016 21:29:27 > > Subject: [Puppet Users] Re: Something wrong with classification and > hiera > > > Hi > > > > Very strange, edited hiera.yaml. ended up not makeing any changes - > > restarte puppet server > > > > and it seems to be working ! > > > > sigh ... > > yes, thats normal, do need to restart after editing it > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/45b34e27-1807-41e6-9b87-4ed48d273bc2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Puppet and SVN
Hi
Thanks for this again, its has helped allot.
Question would it be fair to say you can't do firewall rules from hiera,
that they have to be associated with a module..
Alex
On Thursday, 26 May 2016 11:01:57 UTC+10, Rob Nelson wrote:
>
> Yep! I do that with some profiles:
> Base
> https://github.com/puppetinabox/controlrepo/blob/production/dist/profile/manifests/base.pp
> calls
> linuxfw and its pre/post subclasses
> https://github.com/puppetinabox/controlrepo/blob/production/dist/profile/manifests/linuxfw.pp
>
> https://github.com/puppetinabox/controlrepo/tree/production/dist/profile/manifests/linuxfw
> to
> set up the genera rules all bodes have.
> Component profiles like Apache allows port 80
> https://github.com/puppetinabox/controlrepo/blob/production/dist/profile/manifests/apache.pp
>
> The names of the firewall rule resources are sorted numerically, so you
> can have multiple 100 rules in different profiles and it won't cause a
> problem unless one of them is a deny, in which case you probably want to
> start the name with 99 - or have unique rules across profiles, though that
> doesn't scale very well.
>
> On Wednesday, May 25, 2016, Alex Samad >
> wrote:
>
>> Hi
>>
>> Thanks for all the input.
>>
>> What I have gathered
>>
>> Start with GIT from the beginning. Okay I can do that
>>
>> /etc/*puppetwhatever*/environments/{production|stage|etc}/ is good
>>
>> Look at using / implementing r10k
>>
>>
>> Profiles / roles good.
>>
>> No need to reinvent modules - wasn't actually planning on that.
>>
>> From the puppet user group meeting I got that it is good to (example ntp)
>>
>> 1) reuse forge ntp module
>> 2) wrap it up with $job defaults
>> 3) use the new ntp profile
>>
>>
>> Something i was looking at doing was managing the server firewall.
>>
>> I was going to produce some sort of a template with places in it where
>> I can add dynamic content - depending on what apps where installed on
>> the server.
>>
>>
>> Example
>> profile - ABC Firewall
>> this would be basic
>>
>> allow related,connected
>> allow ssh
>>
>> reject anything not from company ip address
>>
>> drop broadcast
>> drop multicast
>> allow zabbix monitoring
>> log with limit
>> reject with limit
>> drop
>>
>>
>> so if I applied this profile to server A it would get the basic firewall.
>>
>> The next step is if I had profile "app A"
>> if it had something like
>> rules to add to from anywhere
>> allow inbound port 80
>> allow inbound port 443
>>
>> rules to add to only from local network
>> allow inbound port 8080
>>
>>
>> I would hope to get puppet to update the basic firewall with info from
>> app A and other profiles.
>>
>>
>> Is this possible ?
>>
>> A
>>
>> On 24 May 2016 at 11:22, Rob Nelson wrote:
>> > I wrote some articles on using Git with puppet and r10k. It's a little
>> out
>> > of date in the referenced versions of puppet and r10k, so check to make
>> sure
>> > you're using the modern file locations, but otherwise remains accurate.
>> >
>> https://rnelson0.com/2014/05/19/puppet-and-git-201-r10k-setup-installation/
>> >
>> > There's a link to a Git 100 series I wrote if you need assistance with
>> Git
>> > itself.
>> >
>> >
>> > On Monday, May 23, 2016, Alex Samad wrote:
>> >>
>> >> Hi
>> >>
>> >> Is it really that painful to retro fit git. or is the way you think
>> >> about the DB that different ?
>> >>
>> >> Could you point a good starting point to read up on this ?
>> >>
>> >> Thanks
>> >> Alex
>> >>
>> >> On 24 May 2016 at 07:16, Christopher Wood
>> >> wrote:
>> >> > On Mon, May 23, 2016 at 03:51:58PM +1000, Alex Samad wrote:
>> >> >> How hard is it to retro fit SVN / GIT onto a puppet install.
>> >> >>
>> >> >> I am building from scratch, working through the doco.
>> >> >>
>> >> >> Was thinking once I have a friendly setup then I would look at
>> putting
>> >> >> that into SVN/GIT.
>> >> >
>> >> > Do yourself a huge favour, use git as the tool you use to construct
>> the
>> >> &
[Puppet Users] Re: Something wrong with classification and hiera
Hi
Very strange, edited hiera.yaml. ended up not makeing any changes -
restarte puppet server
and it seems to be working !
sigh ...
A
On Thursday, 21 July 2016 10:32:16 UTC+10, Alex Samad wrote:
>
> Hi
>
> So i think I have worked out the issue
>
> the params sections is setting puppet variables ... looks like that is
> happening after the hiera lookups are done.
>
> so environment: production is done before hiera.
>
> so how do I set variables in the enc that are used by hiera ?
>
> A
>
>
>
> On Thursday, 21 July 2016 09:32:41 UTC+10, Alex Samad wrote:
>>
>> Hi
>>
>> Using an ENC
>>
>> /usr/local/bin/puppet_node_classifier abc.abc.com
>> ---
>> environment: production
>> parameters:
>> pp_ybenv: alex
>> pp_yblocation: ybo
>>
>>
>>
>> from hiera.yaml
>>
>>
>> :hierarchy:
>>
>> # node specific
>> - "nodes/%{::trusted.certname}"
>>
>>
>> # Envornment
>> - "ybenv/%{::pp_ybenv}"
>>
>> # OS specific
>> - "os/%{::osfamily}"
>>
>> # common to all
>> - common
>>
>>
>> I create a file /etc/ybenv which records $pp_ybenv and it gets set to alex
>>
>>
>> but my file
>>
>> hieradata/ybenv/alex.yaml
>>
>> doesn't get read ?
>>
>>
>> I set this in alex.yaml
>>
>> hr_motd_content: ">>>>>>> alex environment <<<<<<<<<<"
>>
>>
>> use it in a class like this
>>
>>
>>
>> $pp_motd_content_array =hiera_array( 'hr_motd_content', [] )
>> $pp_motd_content = join( $pp_motd_content_array, "
>> ")
>>
>>
>> [...]
>>
>>
>> class { 'motd' :
>>
>> content =>
>> "Server build V1.6
>> $pp_motd_content
>> You are logging into ${trusted['certname']} Environment [$pp_ybenv]
>> "
>>
>>
>> }
>>
>>
>> if I add the same info to a node specific file or the common.yaml
>>
>> it show up.. for some reason hiera is not looking at pp_ybenv
>>
>>
>>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/c2e812a3-8627-44d3-98e4-bc4f9b60bf95%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: Something wrong with classification and hiera
Hi
So i think I have worked out the issue
the params sections is setting puppet variables ... looks like that is
happening after the hiera lookups are done.
so environment: production is done before hiera.
so how do I set variables in the enc that are used by hiera ?
A
On Thursday, 21 July 2016 09:32:41 UTC+10, Alex Samad wrote:
>
> Hi
>
> Using an ENC
>
> /usr/local/bin/puppet_node_classifier abc.abc.com
> ---
> environment: production
> parameters:
> pp_ybenv: alex
> pp_yblocation: ybo
>
>
>
> from hiera.yaml
>
>
> :hierarchy:
>
> # node specific
> - "nodes/%{::trusted.certname}"
>
>
> # Envornment
> - "ybenv/%{::pp_ybenv}"
>
> # OS specific
> - "os/%{::osfamily}"
>
> # common to all
> - common
>
>
> I create a file /etc/ybenv which records $pp_ybenv and it gets set to alex
>
>
> but my file
>
> hieradata/ybenv/alex.yaml
>
> doesn't get read ?
>
>
> I set this in alex.yaml
>
> hr_motd_content: ">>>>>>> alex environment <<<<<<<<<<"
>
>
> use it in a class like this
>
>
>
> $pp_motd_content_array =hiera_array( 'hr_motd_content', [] )
> $pp_motd_content = join( $pp_motd_content_array, "
> ")
>
>
> [...]
>
>
> class { 'motd' :
>
> content =>
> "Server build V1.6
> $pp_motd_content
> You are logging into ${trusted['certname']} Environment [$pp_ybenv]
> "
>
>
> }
>
>
> if I add the same info to a node specific file or the common.yaml
>
> it show up.. for some reason hiera is not looking at pp_ybenv
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/c90c9968-5273-4c19-8366-d90347964d8c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Something wrong with classification and hiera
Hi
Using an ENC
/usr/local/bin/puppet_node_classifier abc.abc.com
---
environment: production
parameters:
pp_ybenv: alex
pp_yblocation: ybo
from hiera.yaml
:hierarchy:
# node specific
- "nodes/%{::trusted.certname}"
# Envornment
- "ybenv/%{::pp_ybenv}"
# OS specific
- "os/%{::osfamily}"
# common to all
- common
I create a file /etc/ybenv which records $pp_ybenv and it gets set to alex
but my file
hieradata/ybenv/alex.yaml
doesn't get read ?
I set this in alex.yaml
hr_motd_content: ">>> alex environment <<"
use it in a class like this
$pp_motd_content_array =hiera_array( 'hr_motd_content', [] )
$pp_motd_content = join( $pp_motd_content_array, "
")
[...]
class { 'motd' :
content =>
"Server build V1.6
$pp_motd_content
You are logging into ${trusted['certname']} Environment [$pp_ybenv]
"
}
if I add the same info to a node specific file or the common.yaml
it show up.. for some reason hiera is not looking at pp_ybenv
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/68d73369-142e-448d-9b8f-e7c9f9b1a98c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Can i do this with hiera
Hi
if I have this
hieradata/
|-- common.yaml
|-- nodes
| `-- dev1.adbc.com.yaml
|-- os
| `-- RedHat.yaml
:hierarchy:
# node specific
- "nodes/%{::trusted.certname}"
# Applicaiton - YB
- "ybapplication/%{::pp_ybapplication}"
# Envornment - YB
- "ybenv/%{::pp_ybenv}"
# Location - YB
- "yblocation/%{::pp_yblocation}"
# OS specific
- "os/%{::osfamily}"
# common to all
- common
then i use puppet/motd
vim hieradata/os/RedHat.yaml
# motd
motd::content: "\n
Server build V1.6\n
\n
> %{::motd::extracontent} <<
\n
You are logging into %{::trusted.certname} [%{::pp_ybenv}]\n
"
can in
hieradata/nodes/ybodev1.abc.com.yaml
# extra motd
motd::extracontent: "You are logging into a %{::pp_ybenv} environment\n
"
and when i run puppet -t --noop
I don't see extracontent ???
Alex
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/ce521df9-b21f-497f-a1eb-b074c77f8e28%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[Puppet Users] hierarchy inside a module
Hi
presume i have in my hiera.yaml something like this
:hierarchy:
- env/%{::ybenv}
lets presume that env is not set in my ENC.
but lets say in a module that is included by my
hiera_include(classes) in my manifests/sites.pp
I have this
$::env=Test
and then I do a
hiera ('somekey')
will it include env/somekey.yaml ?
Thanks
Alex
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/61b82afc-9c31-4bd4-8800-46434beb953a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Re: control-repo how to use the profile setup
Thanks On 12 July 2016 at 18:23, Gavin Williams wrote: > Alex > > I've done something similar for managing Oracle Java installation... > > I've created a 'base::software::java' class [1] within a site 'base' module, > but you could equally do this in your profile I guess... > > As you can see from the class, if the '$source' param starts with 'puppet', > then it's treated as a puppet fileserver path, and the RPM file is copied > from the corresponding location on the Puppetmaster. > This could be within the 'files' subfolder of your site module [2] or a > separate file server path on your Puppetmaster [3][4]. > > I then call the 'base::software::java' class wherever it's required. An > example is [5]. > > HTH > > Gav > > [1] > https://gist.github.com/fatmcgav/cbacf6380639301779ea894180a4568a#file-java-pp > [2] > https://docs.puppet.com/puppet/latest/reference/modules_fundamentals.html#files > [3] > https://gist.github.com/fatmcgav/cbacf6380639301779ea894180a4568a#file-fileserver-conf > [4] > https://gist.github.com/fatmcgav/cbacf6380639301779ea894180a4568a#file-data-tree > [5] > https://gist.github.com/fatmcgav/cbacf6380639301779ea894180a4568a#file-calling-class-java-pp > > On Tuesday, 12 July 2016 01:36:30 UTC+1, Alex Samad wrote: >> >> Hi >> >> Thanks, but ! not all of my boxes have internet access. >> >> But thanks >> >> On 12 July 2016 at 10:13, Matthaus Owens wrote: >> > Alex, >> > >> > It looks like puppetlabs/java has a defined type to handle getting the >> > oracle version of java (https://forge.puppet.com/puppetlabs/java#usage). >> > The >> > link has some examples of using the defined type to install oracle java >> > 6 >> > and oracle java 8. >> > >> > HTH >> > >> > On Mon, Jul 11, 2016 at 5:00 PM, Alex Samad wrote: >> >> >> >> Ta >> >> >> >> but ! I don't want to use the rpm / package from the distro (Centos), >> >> I >> >> want to use the one from oracle. I had hoped to use puppet for storing >> >> that. >> >> I have a repo setup and could add it there. >> >> >> >> It was a 2 part question, 1 to solve the package problem, the other how >> >> to >> >> use the download from puppet web site. I remember from the training >> >> module >> >> you can store files in classes >> >> >> >> A >> >> >> >> >> >> >> >> >> >> On Monday, 11 July 2016 23:56:08 UTC+10, aar...@bigmirrorlabs.com >> >> wrote: >> >>> >> >>> >> >>> New to puppet here, but I used this to handle my java dependency. >> >>> >> >>> https://forge.puppet.com/puppetlabs/java >> >>> >> >>> >> >>> >> >> -- >> >> You received this message because you are subscribed to the Google >> >> Groups >> >> "Puppet Users" group. >> >> To unsubscribe from this group and stop receiving emails from it, send >> >> an >> >> email to puppet-users...@googlegroups.com. >> >> To view this discussion on the web visit >> >> >> >> https://groups.google.com/d/msgid/puppet-users/fae84d50-ed98-4c5e-8cd5-c5c43bb88bd2%40googlegroups.com. >> >> >> >> For more options, visit https://groups.google.com/d/optout. >> > >> > >> > -- >> > You received this message because you are subscribed to a topic in the >> > Google Groups "Puppet Users" group. >> > To unsubscribe from this topic, visit >> > https://groups.google.com/d/topic/puppet-users/er8PS8hY2iY/unsubscribe. >> > To unsubscribe from this group and all its topics, send an email to >> > puppet-users...@googlegroups.com. >> > To view this discussion on the web visit >> > >> > https://groups.google.com/d/msgid/puppet-users/CACD%3DwAcYKRuK3NnBcDWJ74ShKY8ZO6t6U%3D%3DvLr%3D9nHrFbYE2yA%40mail.gmail.com. >> > >> > For more options, visit https://groups.google.com/d/optout. > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Puppet Users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/puppet-users/er8PS8hY2iY/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/016794d3-23a3-4557-be73-beea1b59263f%40googlegroups.com. > > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAJ%2BQ1PXGWNx0nz%3DGWMguBAy7TSvw7dYHF2bxN7s3gPwpUqie4g%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Re: control-repo how to use the profile setup
Hi Thanks, but ! not all of my boxes have internet access. But thanks On 12 July 2016 at 10:13, Matthaus Owens wrote: > Alex, > > It looks like puppetlabs/java has a defined type to handle getting the > oracle version of java (https://forge.puppet.com/puppetlabs/java#usage). The > link has some examples of using the defined type to install oracle java 6 > and oracle java 8. > > HTH > > On Mon, Jul 11, 2016 at 5:00 PM, Alex Samad wrote: >> >> Ta >> >> but ! I don't want to use the rpm / package from the distro (Centos), I >> want to use the one from oracle. I had hoped to use puppet for storing that. >> I have a repo setup and could add it there. >> >> It was a 2 part question, 1 to solve the package problem, the other how to >> use the download from puppet web site. I remember from the training module >> you can store files in classes >> >> A >> >> >> >> >> On Monday, 11 July 2016 23:56:08 UTC+10, aar...@bigmirrorlabs.com wrote: >>> >>> >>> New to puppet here, but I used this to handle my java dependency. >>> >>> https://forge.puppet.com/puppetlabs/java >>> >>> >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to puppet-users+unsubscr...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-users/fae84d50-ed98-4c5e-8cd5-c5c43bb88bd2%40googlegroups.com. >> >> For more options, visit https://groups.google.com/d/optout. > > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Puppet Users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/puppet-users/er8PS8hY2iY/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/CACD%3DwAcYKRuK3NnBcDWJ74ShKY8ZO6t6U%3D%3DvLr%3D9nHrFbYE2yA%40mail.gmail.com. > > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAJ%2BQ1PWLc7BFXXVWPiineeyOBwETeMyeK2ir2n5eV%3Dw7Hwgz5Q%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: control-repo how to use the profile setup
Ta but ! I don't want to use the rpm / package from the distro (Centos), I want to use the one from oracle. I had hoped to use puppet for storing that. I have a repo setup and could add it there. It was a 2 part question, 1 to solve the package problem, the other how to use the download from puppet web site. I remember from the training module you can store files in classes A On Monday, 11 July 2016 23:56:08 UTC+10, aar...@bigmirrorlabs.com wrote: > > > New to puppet here, but I used this to handle my java dependency. > > https://forge.puppet.com/puppetlabs/java > > > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/fae84d50-ed98-4c5e-8cd5-c5c43bb88bd2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] control-repo how to use the profile setup
Hi I am using the control-rep from git (https://github.com/puppetlabs/control-repo) it has site/profile/manifest/.pp I am creating a profile for standard install of java. There is a file I would like to associated with this profile / class. But I have created site/profile/manifests/myjava.pp << a file not a directory. so I am unsure where do I put the file resource ?? do I change myjava.pp to a directory and place myjava.pp into myjava/manifest/init.pp and place the file ?? which path of the tree. I would like to be able to download the file from puppet and then I want to be able to rpm install it the rpm is the oracle rpm Alex -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/0a57d10a-7c4a-4d25-9b96-b58e8cf7aa1c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: Best practise question around where to keep certain facts
Hi
Think I have had a miss understanding of the scope of
puppet variables
hiera data..
Think I have been mixing the two
I think my question here is how do you use hiera() in side a yaml to look
up info outside that current yaml.
so if hiera has check 1.yaml then 2.yaml then 3.yaml. How does 3.yaml get
info from the 1.yaml ???
A
On Friday, 8 July 2016 10:14:13 UTC+10, Alex Samad wrote:
>
> Hi
>
> Using a global ENC - this is allocating facts like location and envornment.
>
> in my hiera I had
>
> # Envornment - YB
> - "ybenv/%{::ybenv}"
>
> so I would have say
>
> prod.yaml
>
> and
>
> # Location - YB
> - "yblocation/%{::yblocation}"
>
> to id location or datacentre
>
> I setting
> yblocation: alc << not sure why I am setting this again as its set by the
> ENC
> yblocation::ip: 33 << this is new not defined in the ENC
>
> but I have a common.yaml that tries to use this value and the only way I
> get to view it is with a hiera lookup..
> and its not working the best.
>
> but https://docs.puppet.com/hiera/3.2/variables.html
> Passing Variables to Hiera seciton
>
>
>- Avoid referencing user-set local variables from Hiera. Instead, use
>facts, built-in variables,
>
> <https://docs.puppet.com/puppet/latest/reference/lang_facts_and_builtin_vars.html>top-scope
>
>variables, node-scope variables, or variables from an ENC whenever
>possible.
>
> does that mean i should do it all in my ENC ??
>
>
> hiera -d ybenv::file::osfamily=RedHat environment=production
> ::trusted.certname=abc ::ybenv=alex ::yblocation=ybo
> DEBUG: 2016-07-08 09:58:10 +1000: Hiera YAML backend starting
> DEBUG: 2016-07-08 09:58:10 +1000: Looking up ybenv::file in YAML backend
> DEBUG: 2016-07-08 09:58:10 +1000: Looking for data source ybenv/alex
> DEBUG: 2016-07-08 09:58:10 +1000: Looking for data source yblocation/ybo
> DEBUG: 2016-07-08 09:58:10 +1000: Looking for data source os/RedHat
> DEBUG: 2016-07-08 09:58:10 +1000: Looking for data source common
> DEBUG: 2016-07-08 09:58:10 +1000: Found ybenv::file in common
> DEBUG: 2016-07-08 09:58:10 +1000: Looking up ybvlan in YAML backend
> DEBUG: 2016-07-08 09:58:10 +1000: Looking for data source ybenv/alex
> DEBUG: 2016-07-08 09:58:10 +1000: Looking for data source yblocation/ybo
> DEBUG: 2016-07-08 09:58:10 +1000: Looking for data source os/RedHat
> DEBUG: 2016-07-08 09:58:10 +1000: Looking for data source common
> DEBUG: 2016-07-08 09:58:10 +1000: Found ybvlan in common
> DEBUG: 2016-07-08 09:58:10 +1000: Looking up yblocation::ip in YAML backend
> DEBUG: 2016-07-08 09:58:10 +1000: Looking for data source ybenv/alex
> DEBUG: 2016-07-08 09:58:10 +1000: Looking for data source yblocation/ybo
> DEBUG: 2016-07-08 09:58:10 +1000: Found yblocation::ip in yblocation/ybo
> {"ybenv_file1"=>
> {"path"=>"/etc/ybenv",
>"ensure"=>"present",
>"content"=>"ybenv: alex\nyblocation: ybo\n0\n172\n",
>"group"=>"root",
>"mode"=>"0444",
>"owner"=>"root"}}
>
> when i run this on a node it doesn't get the 172 ??
>
>
>
>
> Let me try and explain that again ...
>
> this is what I get from my ENC
> ---
> environment: production
> parameters:
> ybenv: alex
> yblocation: ybo
>
>
> my :hierarchy looks like
>
> :hierarchy:
>
> # node specific
> - "nodes/%{::trusted.certname}"
>
> # Applicaiton - YB
> - "ybapplication/%{::ybapplication}"
>
> # Envornment - YB
> - "ybenv/%{::ybenv}"
>
> # Location - YB
> - "yblocation/%{::yblocation}"
>
> # OS specific
> - "os/%{::osfamily}"
>
> # common to all
> - common
>
> in yblocation
>
> cat hieradata/yblocation/ybo.yaml
> ---
>
> ##
> yblocation: ybo
> yblocation::ip: 172
>
>
>
> and in cat hieradata/common.yaml
>
> #
> # Save it
> ybenv::file:
> ybenv_file1:
> path: /etc/ybenv
> ensure: present
> content: "ybenv: %{::ybenv}\nyblocation:
> %{::yblocation}\n%{hiera('ybvlan')}\n%{hiera('yblocation::ip')}\n"
> group: root
> mode: '0444'
> owner: root
>
>
>
> hiera -d ybenv::file::osfamily=RedHat environment=production
> ::trusted.certname=abc ::ybenv=alex ::yblocation=ybo
>
> gives me
> "content"=>"ybenv: alex\nyblocation: ybo\n0\n172\n",
>
> but on the node i get this
>
> Notice: /Stage[main]/Main/Node[defau
[Puppet Users] Best practise question around where to keep certain facts
Hi
Using a global ENC - this is allocating facts like location and envornment.
in my hiera I had
# Envornment - YB
- "ybenv/%{::ybenv}"
so I would have say
prod.yaml
and
# Location - YB
- "yblocation/%{::yblocation}"
to id location or datacentre
I setting
yblocation: alc << not sure why I am setting this again as its set by the
ENC
yblocation::ip: 33 << this is new not defined in the ENC
but I have a common.yaml that tries to use this value and the only way I
get to view it is with a hiera lookup..
and its not working the best.
but https://docs.puppet.com/hiera/3.2/variables.html
Passing Variables to Hiera seciton
- Avoid referencing user-set local variables from Hiera. Instead, use
facts, built-in variables,
top-scope
variables, node-scope variables, or variables from an ENC whenever
possible.
does that mean i should do it all in my ENC ??
hiera -d ybenv::file::osfamily=RedHat environment=production
::trusted.certname=abc ::ybenv=alex ::yblocation=ybo
DEBUG: 2016-07-08 09:58:10 +1000: Hiera YAML backend starting
DEBUG: 2016-07-08 09:58:10 +1000: Looking up ybenv::file in YAML backend
DEBUG: 2016-07-08 09:58:10 +1000: Looking for data source ybenv/alex
DEBUG: 2016-07-08 09:58:10 +1000: Looking for data source yblocation/ybo
DEBUG: 2016-07-08 09:58:10 +1000: Looking for data source os/RedHat
DEBUG: 2016-07-08 09:58:10 +1000: Looking for data source common
DEBUG: 2016-07-08 09:58:10 +1000: Found ybenv::file in common
DEBUG: 2016-07-08 09:58:10 +1000: Looking up ybvlan in YAML backend
DEBUG: 2016-07-08 09:58:10 +1000: Looking for data source ybenv/alex
DEBUG: 2016-07-08 09:58:10 +1000: Looking for data source yblocation/ybo
DEBUG: 2016-07-08 09:58:10 +1000: Looking for data source os/RedHat
DEBUG: 2016-07-08 09:58:10 +1000: Looking for data source common
DEBUG: 2016-07-08 09:58:10 +1000: Found ybvlan in common
DEBUG: 2016-07-08 09:58:10 +1000: Looking up yblocation::ip in YAML backend
DEBUG: 2016-07-08 09:58:10 +1000: Looking for data source ybenv/alex
DEBUG: 2016-07-08 09:58:10 +1000: Looking for data source yblocation/ybo
DEBUG: 2016-07-08 09:58:10 +1000: Found yblocation::ip in yblocation/ybo
{"ybenv_file1"=>
{"path"=>"/etc/ybenv",
"ensure"=>"present",
"content"=>"ybenv: alex\nyblocation: ybo\n0\n172\n",
"group"=>"root",
"mode"=>"0444",
"owner"=>"root"}}
when i run this on a node it doesn't get the 172 ??
Let me try and explain that again ...
this is what I get from my ENC
---
environment: production
parameters:
ybenv: alex
yblocation: ybo
my :hierarchy looks like
:hierarchy:
# node specific
- "nodes/%{::trusted.certname}"
# Applicaiton - YB
- "ybapplication/%{::ybapplication}"
# Envornment - YB
- "ybenv/%{::ybenv}"
# Location - YB
- "yblocation/%{::yblocation}"
# OS specific
- "os/%{::osfamily}"
# common to all
- common
in yblocation
cat hieradata/yblocation/ybo.yaml
---
##
yblocation: ybo
yblocation::ip: 172
and in cat hieradata/common.yaml
#
# Save it
ybenv::file:
ybenv_file1:
path: /etc/ybenv
ensure: present
content: "ybenv: %{::ybenv}\nyblocation:
%{::yblocation}\n%{hiera('ybvlan')}\n%{hiera('yblocation::ip')}\n"
group: root
mode: '0444'
owner: root
hiera -d ybenv::file::osfamily=RedHat environment=production
::trusted.certname=abc ::ybenv=alex ::yblocation=ybo
gives me
"content"=>"ybenv: alex\nyblocation: ybo\n0\n172\n",
but on the node i get this
Notice: /Stage[main]/Main/Node[default]/File[ybenv_file1]/content:
--- /etc/ybenv 2016-07-08 10:01:55.121019861 +1000
+++ /tmp/puppet-file20160708-30039-sdgvj0 2016-07-08
10:10:24.007280395 +1000
@@ -1,4 +1,4 @@
ybenv: alex
yblocation: ybo
0
-
+0
looks like the hiera() is not working properly
Thanks
A
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/59db9f38-4efb-48dd-8952-1f149da97e81%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] can create a top level variable in my enc
Thanks - finally found it myself - been looking for days on this
---
environment: production
parameters:
ybenv: alextest
from
Learning Puppet 4: A Guide to Configuration Management and Automation
it actually says ENC paramaters are not the same as parameters anywhere
else in puppet.
wasn't too clear on that page...
thanks again
On Wednesday, 6 July 2016 17:03:46 UTC+10, R.I. Pienaar wrote:
>
>
>
> - Original Message -
> > From: "Alex Samad" >
> > To: "puppet-users" >
> > Sent: Wednesday, 6 July, 2016 09:01:10
> > Subject: [Puppet Users] can create a top level variable in my enc
>
> > Hi
> >
> > I have a bash script produce this for my test node
> >
> > ---
> > environment: production
> > ybenv: alextest
>
>
> ---
> environment: foo
> parameters:
> ybenv: foo
>
> https://docs.puppet.com/guides/external_nodes.html#parameters
> <https://www.google.com/url?q=https%3A%2F%2Fdocs.puppet.com%2Fguides%2Fexternal_nodes.html%23parameters&sa=D&sntz=1&usg=AFQjCNHT_VaJVRtLX79dRserOCuIURsngg>
>
>
> >
> >
> > I have this in my hiera.yaml file
> > :hierarchy:
> >
> > # node specific
> > - "nodes/%{::trusted.certname}"
> >
> > # OS specific
> > - "os/%{::osfamily}"
> >
> > # Envornment
> > - "ybenv/%{::ybenv}"
> >
> > # common to all
> > - common
> >
> >
> > These are my hieradata files
> > hieradata/
> > hieradata/os
> > hieradata/os/RedHat.yaml
> > hieradata/nodes
> > hieradata/nodes/testnode.yaml
> > hieradata/common.yaml
> > hieradata/ybenv
> > hieradata/ybenv/alextest.yaml
> >
> >
> > But this file doesn't seem to be getting read
> > hieradata/ybenv/alextest.yaml
> >
> > and tried doing some testing in my site.pp
> >
> > tried this
> > $ybenv=hiera('ybenv')
> > info("Certname [${trusted['certname']}] OsName [${osfamily}] ybenv
> > [${ybenv}] environment [${environment}]")
> >
> > and also just this
> >
> > info("ybenv [${ybenv}]")
> >
> > and it the logs it say ybenv undefined
> >
> >
> >
> > A
> >
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups
> > "Puppet Users" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an email
> > to puppet-users...@googlegroups.com .
> > To view this discussion on the web visit
> >
> https://groups.google.com/d/msgid/puppet-users/0c3c410c-cad1-47e6-a017-3a177458bc8d%40googlegroups.com.
>
>
> > For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/b24edb17-df7c-4391-8612-ba153802241a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[Puppet Users] can create a top level variable in my enc
Hi
I have a bash script produce this for my test node
---
environment: production
ybenv: alextest
I have this in my hiera.yaml file
:hierarchy:
# node specific
- "nodes/%{::trusted.certname}"
# OS specific
- "os/%{::osfamily}"
# Envornment
- "ybenv/%{::ybenv}"
# common to all
- common
These are my hieradata files
hieradata/
hieradata/os
hieradata/os/RedHat.yaml
hieradata/nodes
hieradata/nodes/testnode.yaml
hieradata/common.yaml
hieradata/ybenv
hieradata/ybenv/alextest.yaml
But this file doesn't seem to be getting read
hieradata/ybenv/alextest.yaml
and tried doing some testing in my site.pp
tried this
$ybenv=hiera('ybenv')
info("Certname [${trusted['certname']}] OsName [${osfamily}] ybenv
[${ybenv}] environment [${environment}]")
and also just this
info("ybenv [${ybenv}]")
and it the logs it say ybenv undefined
A
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/0c3c410c-cad1-47e6-a017-3a177458bc8d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Working with hiera and debugging
Hi
Another update - again for any one else that comes to this thread.
http://www.puppetcookbook.com/posts/simple-debug-messages.html
https://www.devco.net/archives/2009/08/19/tips_and_tricks_for_puppet_debugging.php
found this can find the link i found it on :(
/*
notice("try to run this script with -v and -d to see difference between
log levels")
notice("function documentation is available here:
http://docs.puppetlabs.com/references/latest/function.html";)
notice("--")
debug("this is debug. visible only with -d or --debug")
info("this is info. visible only with -v or --verbose or -d or --debug")
alert("this is alert. always visible")
crit("this is crit. always visible")
emerg("this is emerg. always visible")
err("this is err. always visible")
warning("and this is warning. always visible")
notice("this is notice. always visible")
#fail will break execution
# fail("this is fail. always visible. fail will break execution process")
*/
I have been smattering these and notify around my code to find out what
happening.
This and hiera and puppet agent -t --noop -d -v has been helping..
found this also
https://docs.puppet.com/puppetserver/latest/dev_debugging.html
On Wednesday, 6 July 2016 09:31:03 UTC+10, Alex Samad wrote:
>
> On 6 July 2016 at 08:44, Alex Samad wrote:
> > But on the test node I try -t --noop --verbose. but it doesn't give me
> > any info about this.
>
> Seems like I got that wrong, just applied -d to one of my test
> commands on a test node and it has spewed out lots of info ...
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/9bef1352-f773-45a0-b3f3-5961a6506479%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Working with hiera and debugging
On 6 July 2016 at 08:44, Alex Samad wrote: > But on the test node I try -t --noop --verbose. but it doesn't give me > any info about this. Seems like I got that wrong, just applied -d to one of my test commands on a test node and it has spewed out lots of info ... -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAJ%2BQ1PU_HKDwUp0LvJSak8LyjfeqmPG34M4B6%2BNgrtarqNE%2BAw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Working with hiera and debugging
Hi
On 5 July 2016 at 23:32, jcbollinger wrote:
>
>
> On Saturday, July 2, 2016 at 1:21:03 AM UTC-5, Alex Samad wrote:
>>
>> Incase somebody googles to here
>>
>>
>> i found this
>>
>> puppet apply --certname= -e "notice(hiera('classes'))" --noop
>> --verbose
>>
>> This shows me what the puppet master is giving as classes for a specific
>> node based on certname.
>
>
>
> Clarification: (1) if run on the master, that command gives (2) the value
> that the master sees for Hiera key "classes" for the designated node, (3) as
> computed without benefit of that node's facts. That key is commonly used to
> designated names of classes to be applied, but (4) that's a convention, not
> a rule, and (5) either way, there may be other classes applied, too.
Yes i seem to be running into these limitations.
So how does one debug..
I have my hiera setup the way I think i want to progress
:hierarchy:
# node specific
- "nodes/%{::trusted.certname}"
# OS specific
- "os/%{::osfamily}"
# Envornment - YB
- "ybenv/%{::ybenv}"
# common to all
- common
I want to group nodes based in a ybenv variable.
I have added this to my ENC i get this from it
---
environment: production
ybenv: alextest
I have add something to my hieradata/ybenv/alextest.yaml but it
doesn't seem to be working
But on the test node I try -t --noop --verbose. but it doesn't give me
any info about this.
Where can I look / what can I turn on to confirm that puppet / hiera
is looking at that file
I have also tried the hiera -d but it doesn't tell me all the yaml
files it touches.
Thanks
A
>
>
>>
>> also
>>
>> hiera -d classes ::osfamily=RedHat environment=production
>> ::trusted.certname=
>>
>>
>> on the puppet master to give you info from hiera .. helpful
>
>
>
> Indeed it does, and indeed it is. Note that when Hiera is run from the
> command line like that, it uses only the fact values you specify on the
> command line, as shown. Which fact values are significant depends on your
> hierarchy configuration and data.
>
>
> John
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Puppet Users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/puppet-users/OAtIhSwbyEs/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/663a9cc9-320b-43f0-9513-f52ce806728d%40googlegroups.com.
>
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAJ%2BQ1PX47S0fdFBBYBBwwvTXcOELhghrdwQeBBH%3Dn-4zqEFD6w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
[Puppet Users] puppet hiera setup
Hi
Looking for some feed back on this.
master puppet setup. Open source install using R10K and the control-repo
gone with 2 envirenments
production
testing
using a ENC at the global level
/etc/puppetlabs/puppet/puppet.conf
This is where I use the company classifier. for environments and other
company wide attributes - like company env... << I am thinking this could
probably go into the production ENC ??? But my plan is to keep this simple
following the guildlines we use to name vm's - which should id what type of
server and service it has.
Here is a my
/etc/puppetlabs/puppet/hiera.yaml
---
:backends:
- yaml
# Hierarchy
# First takes precedence ??? I think
:hierarchy:
# node specific
- "nodes/%{::trusted.certname}" <<< So node specific configs
come in first
# OS specific
- "os/%{::osfamily}" ### << then any OS specific
# Envornment - YB
- "abenv/%{::abenv}" << then any environment ones
# common to all
- common ### then common
:yaml:
# datadir is empty here, so hiera uses its defaults:
# - /etc/puppetlabs/code/environments/%{environment}/hieradata on *nix
# - %CommonAppData%\PuppetLabs\code\environments\%{environment}\hieradata
on Windows
# When specifying a datadir, make sure the directory exists.
:datadir:
# https://docs.puppet.com/hiera/3.1/configuring.html
:merge_behavior: deeper
Think this gives me the flexibility I want.. Not sure I might swap OS and
ADEnv around ...
going to try and setup with roles / profiles ...
My first try at this is profile::absshd - the aim he is to setup ssh as per
company standards and enforce it every where
site/profile/manifests/absshd.pp
class profile::absshd {
class { '::ssh':
# import info from hiera
hiera_merge => true,
sshd_config_permitemptypasswords => no,
sshd_config_strictmodes => yes,
sshd_password_authentication => yes,
sshd_allow_tcp_forwarding => yes,
sshd_use_pam => yes,
permit_root_login => 'without-password',
}
}
I have this in my
hieradata/os/RedHat.yaml
---
message: "This node is using Redhat data"
# common include for all node
classes:
- profile::ybsshd
##
## Data
##
My only thought it here is if I have the config in the profile then I can't
over write it or testing ... (I think). if I want to place a hiera node
file for node a.b.c with ssh config info I am not sure what would happen.
My hope is that the node hiera would take precedence of the class variables
- but I think not. I think I have to move the setup into common.yaml ..
So i have to do more testing with this. once I have more profiles I will
group them together as a role and then allocate roles to nodess...
Any thoughts ?
Alex
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/1cbf1444-b74f-498c-9605-4ce043d21de9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Working with hiera and debugging
Incase somebody googles to here
i found this
puppet apply --certname= -e "notice(hiera('classes'))" --noop
--verbose
This shows me what the puppet master is giving as classes for a specific
node based on certname.
also
hiera -d classes ::osfamily=RedHat environment=production
::trusted.certname=
on the puppet master to give you info from hiera .. helpful
On Monday, 27 June 2016 17:02:31 UTC+10, Alex Samad wrote:
>
> Hi
>
> Okay, I have downloaded and will re do he trainging VM.
>
> But I have finished the reading this blog
> http://www.craigdunn.org/2012/05/239/ << suggested to me here.
>
> This is basically what i am trying to do. But I would like to see /
> test what I am doing along the way
>
> The install of puppet / hiera was by the documentation .
>
> I have added in an ENC - only so I can allocate (in on place) node to
> environments and potentially ??
>
> I have a test node and I try the puppet agent -t --noop --verbose
> hoping to see some results of my work on the puppet master.
>
> I have seen - cert request and I have signed this.
>
> Now this is what I am probably missing is the link in the production
> environment to the class list - via roles / profiles ?
>
> I am presuming I need to look at work with
> /etc/puppetlabs/code/environments/production/manifests/site.pp
> and get that to work with hiera ..
>
> Alex
>
>
>
> On 27 June 2016 at 14:56, Peter Kristolaitis wrote:
> > You may want to go back and re-read my previous message.
> >
> > You're missing the very, very critical distinction that Hiera is not
> your
> > node manifest. Hiera is just data, and does not configure any resources
> for
> > the agent to manage. You still need to write your node manifest files.
> > Note that this differs from a class manifest.
> >
> >
> >
> > On 6/27/2016 12:23 AM, Alex Samad wrote:
> >>
> >> Hi
> >>
> >> Okay, i do it a bit simpler :)
> >>
> >> /etc/puppetlabs/puppet/hiera.yaml
> >>
> >> i added
> >>
> >> message: "This node is using global common data"
> >>
> >> sudo /opt/puppetlabs/bin/puppet agent --noop --verbose -t
> >>
> >> didn't see the text message !
> >>
> >>
> >>
> >>
> >> On 27 June 2016 at 13:14, Peter Kristolaitis
> wrote:
> >>>
> >>> It's important to keep in mind that Hiera is "just data". You still
> need
> >>> to
> >>> actually create the resources somehow in your manifest based on that
> >>> data.
> >>>
> >>> Thus, creating a data element called "classes" in Hiera isn't enough
> to
> >>> actually get those classes applied to the node. You need to add
> >>> hiera_include('classes') in your manifest. More info here:
> >>>
> >>>
> https://docs.puppet.com/hiera/3.1/puppet.html#assigning-classes-to-nodes-with-hiera-hierainclude
>
> >>>
> >>> Having said that, until you get more experience with Puppet I would
> >>> recommend avoiding using Hiera to assign classes to nodes. It can be
> >>> harder
> >>> to debug and maintain, and breaks the rule of thumb that Hiera should
> >>> only
> >>> contain configuration data and not class structure. You may want to
> look
> >>> into the "roles and profiles" model instead. There ARE valid reasons
> to
> >>> assign classes via Hiera (e.g. assigning a role to the node based on
> the
> >>> output of a custom Hiera backend) but this wouldn't be the approach I
> >>> recommend to a newbie. :)
> >>>
> >>>
> >>> On 6/26/2016 8:41 PM, Alex Samad wrote:
> >>>
> >>> Hi
> >>>
> >>> Newbie - greenfield install . Centos 6.8 - PC1 puppet. Master puppet
> >>> setup.
> >>>
> >>> I have installed R10K and git and hiera.
> >>>
> >>> I would like to group my nodes into groups
> >>>
> >>> I'm doing some testing
> >>>
> >>> testnode - puppet client
> >>> masternode - puppet master
> >>>
> >>> On the master node I have
> >>>
> >>>
> >>> cat /etc/puppetlabs/puppet/puppet.conf
> >>> # This file can be used to override the default puppet settings.
>
Re: [Puppet Users] Hiera question
Okay I have progressed further with the help of the blog
my hiera.yaml looks like this
---
:backends:
- yaml
# Hierarchy
# First takes precedence ??? I think
:hierarchy:
# node specific
- "nodes/%{::trusted.certname}"
# OS specific
#- "environment/%{server_facts.environment}"
- "%{::osfamily}"
# common to all
- common
:yaml:
# datadir is empty here, so hiera uses its defaults:
# - /etc/puppetlabs/code/environments/%{environment}/hieradata on *nix
# - %CommonAppData%\PuppetLabs\code\environments\%{environment}\hieradata
on Windows
# When specifying a datadir, make sure the directory exists.
:datadir:
# https://docs.puppet.com/hiera/3.1/configuring.html
:merge_behavior: deeper
i have /
hieradata/
hieradata/common.yaml
hieradata/RedHat.yaml
and in my sites.pp
# include hiera data
hiera_include(classes)
i do this found this nice tool to help with hiera
hiera -d classes ::osfamily=RedHat environment=production
I get
DEBUG: 2016-07-02 15:53:37 +1000: Hiera YAML backend starting
DEBUG: 2016-07-02 15:53:37 +1000: Looking up classes in YAML backend
DEBUG: 2016-07-02 15:53:37 +1000: Looking for data source RedHat
DEBUG: 2016-07-02 15:53:37 +1000: Found classes in RedHat
["profile::ybsshd"]
it doesn't go past RedHat.
if I remove the redhat.yaml file it will give me the common.yaml response.
I want hat is documented here
https://docs.puppet.com/hiera/3.1/lookup_types.html
i have the gem module installed
deep_merge
I have checked this out , but don't think it covers it.
https://docs.puppet.com/hiera/3.2/complete_example.html
Alex
On Saturday, 2 July 2016 09:57:41 UTC+10, Alex Samad wrote:
>
> Hi
>
> Thanks for replying
>
> But I have been looking not saying it's not there but a quick URL to start
> with might be helpful.
>
> There is lots of doco. I've done the learning vm twice but it didn't
> answer the questions I'm looking
>
> Found this which seems to have all the answers for now
> http://www.slashroot.in/puppet-hiera-tutorial-example-configuration
>
> A
>
> On 2 Jul 2016 1:00 AM, "Henrik Lindberg"
> wrote:
>
>> On 01/07/16 06:20, Alex Samad wrote:
>>
>>> Hi
>>>
>>> I have in my common.yaml
>>>
>>> ---
>>> classes:
>>> - ssh
>>>
>>>
>>>
>>> How do I say if the OS is linux then add that class ?
>>>
>>>
>> I think it is best if you try to read the documentation and look at
>> tutorials. This very first step is clearly shown there.
>>
>> - henrik
>>
>> Thanks
>>> Alex
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Puppet Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to puppet-users+unsubscr...@googlegroups.com
>>> <mailto:puppet-users+unsubscr...@googlegroups.com>.
>>> To view this discussion on the web visit
>>>
>>> https://groups.google.com/d/msgid/puppet-users/dec0f7bf-b7cc-4f5e-8d90-3e49c4759e56%40googlegroups.com
>>> <
>>> https://groups.google.com/d/msgid/puppet-users/dec0f7bf-b7cc-4f5e-8d90-3e49c4759e56%40googlegroups.com?utm_medium=email&utm_source=footer
>>> >.
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>
>> --
>>
>> Visit my Blog "Puppet on the Edge"
>> http://puppet-on-the-edge.blogspot.se/
>>
>> --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "Puppet Users" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/puppet-users/dMcleZNN3qE/unsubscribe.
>> To unsubscribe from this group and all its topics, send an email to
>> puppet-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/puppet-users/72ce74dc-e2f1-584b-0122-aa1e1f18c36f%40puppet.com
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/97306492-9c15-4ca8-99fd-622f1f233dd7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Hiera question
Hi Thanks for replying But I have been looking not saying it's not there but a quick URL to start with might be helpful. There is lots of doco. I've done the learning vm twice but it didn't answer the questions I'm looking Found this which seems to have all the answers for now http://www.slashroot.in/puppet-hiera-tutorial-example-configuration A On 2 Jul 2016 1:00 AM, "Henrik Lindberg" wrote: > On 01/07/16 06:20, Alex Samad wrote: > >> Hi >> >> I have in my common.yaml >> >> --- >> classes: >> - ssh >> >> >> >> How do I say if the OS is linux then add that class ? >> >> > I think it is best if you try to read the documentation and look at > tutorials. This very first step is clearly shown there. > > - henrik > > Thanks >> Alex >> >> -- >> You received this message because you are subscribed to the Google >> Groups "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send >> an email to puppet-users+unsubscr...@googlegroups.com >> <mailto:puppet-users+unsubscr...@googlegroups.com>. >> To view this discussion on the web visit >> >> https://groups.google.com/d/msgid/puppet-users/dec0f7bf-b7cc-4f5e-8d90-3e49c4759e56%40googlegroups.com >> < >> https://groups.google.com/d/msgid/puppet-users/dec0f7bf-b7cc-4f5e-8d90-3e49c4759e56%40googlegroups.com?utm_medium=email&utm_source=footer >> >. >> For more options, visit https://groups.google.com/d/optout. >> > > > -- > > Visit my Blog "Puppet on the Edge" > http://puppet-on-the-edge.blogspot.se/ > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Puppet Users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/puppet-users/dMcleZNN3qE/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/72ce74dc-e2f1-584b-0122-aa1e1f18c36f%40puppet.com > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAJ%2BQ1PWNcsH7fCXyRtXTU1HenDFqMRJQ8tJiba5PMEXr7TPFYg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Hiera question
Hi I have in my common.yaml --- classes: - ssh How do I say if the OS is linux then add that class ? Thanks Alex -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/dec0f7bf-b7cc-4f5e-8d90-3e49c4759e56%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Help with setting up a profile
Hi
I have a new install.
I want to use the node <- role <<- profiles setup.
I want to define a profile for sshd for my environment.
So I want to use a sshd module (I will check the forge) and have some
things preset.
1) I would like to turn off password acces for root account
2) turn off x11
3) turn on forwarding
4) also for root I would like to install a public for my master root
so I have my environment location
/etc/puppetlabs/code/environments/production
i have (from the control repo)
site/profile/manifests
and
site/role/manifests
do I create
site/profile/manifests/mysshd.pp
class profile::mysshd {
package { 'sshd' :
ensure => 'present',
}
### options set ???
}
and then potentially a role in
site/role/manifests/mysshrole.pp
class role::mysshrole {
include profile::mysshd
}
and then I go to
manifests/site.pp
add in my node definition
node {
include role:mysshd
}
Does that look about right ??
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/ee57ec15-1a22-4852-87f4-b2864d0c6575%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Re: external node classifier my setup
Hi Sorry not trying to argue but just like to get my view point in On 29 June 2016 at 08:30, jcbollinger wrote: > > > On Monday, June 27, 2016 at 6:42:58 PM UTC-5, Alex Samad wrote: >> >> On 27 June 2016 at 23:33, jcbollinger wrote: >> > >> > Alex, >> > >> > I will be brief(ish) this time, since wordiness seems not to be working. >> > I've been around Puppet for a fairly long time, and I think I know what >> > I'm >> > talking about, but by all means do evaluate my claims for yourself. >> >> I have come to the list to get the input from people like yourself >> with experience. I am in the learning stage. So I am taking in stuff. >> and maybe asking silly questions. >> >> But what I like to hear is why, not just being told what to do. >> >> I have heard environments is not the way to go, but not why what is >> the down side. I have also heard from other people who use it a lot >> that they use a lot of environments. >> > > > We have given you several reasons why. Examples include, > > "[for your purposes] environments do not provide a benefit commensurate with > the extra complication and work they involve." So isn't R10K meant to handle this - a lit bit of complexity doesn't seem like a big problem > "Environments is a very big hammer for whats basically a tiny nail you're > describing." > "Puppet environments are highly appropriate for change management in your > Puppet infrastructure itself [, but ...] There is no good reason for > coupling that with change management for your product / service pipeline." > "The reason there is no direct relationship between ['operating > environments' and 'puppet environments'] is because a node that is in the > operational status of production [for example] can switch between the > [Puppet] production environment and any other environment of your puppet > code without affecting its operational status." > "This data is better separated via hiera." There is nothing there that really says why not to use lots of environments - except some slight comlexity. having said that I am proceeding with the single environment and will be able to better comment once I have played with it for a while > > We have also talked a bit about the uses to which environments are better > suited; for the most part, using them for the purposes you propose > interferes with using them (later) for those more apt purposes. > > I'm sorry if these seem to be higher-level claims than you would like to > hear, but I'm uncertain how to answer in any deeper detail. thanks for the input much appreciated > > >> >> I've have decided to give it a go under 2 envornments and try and map >> my machines in some other grouping under production. I presume I can >> always go back. > > > > As I said from the beginning, your machines themselves do not (or should > not) care to which Puppet environment they are assigned if you are > performing those assignments centrally. So yes, you can go back and forth > among different approaches on the master's side. > > >> >> > their overall configurations are not identical. If indeed no machine in >> > any >> > of your groups is distinguishable from any other in the same group >> > except by >> > its network identifiers (hostname / IP / MAC) then Puppet environments >> > are >> > even less appropriate for you than I thought. In that case, the key >> > thing >> > you should do is define one class per group, and have your ENC assign >> > the >> > appropriate one of those classes to each machine. >> >> Q) why classes - i thought the way to go was roles / profiles. >> > > > Roles and profiles are implemented via classes. What you seemed to have > said suggested that even roles and profiles was more complex than you really > needed. Nevertheless, the one class per machine group maps directly to one > role per group, and can be implemented that way. There is no essential > inconsistency here. Your subsequent comments make me think that your real > requirements are at least a bit more complex, as indeed I had initially > supposed when I first suggested roles and profiles. > > >> So I have 1 environment production >> I have my prod server in the prod grouping ??? >> I have my standard profile MY Winbind. its linked to a specific version. > > > > We already covered this. The conventional ways to approach problems of that > sort are via hiera or via your ENC. There are many ways to imp
Re: [Puppet Users] Re: external node classifier my setup
On 27 June 2016 at 23:33, jcbollinger wrote: > > Alex, > > I will be brief(ish) this time, since wordiness seems not to be working. > I've been around Puppet for a fairly long time, and I think I know what I'm > talking about, but by all means do evaluate my claims for yourself. I have come to the list to get the input from people like yourself with experience. I am in the learning stage. So I am taking in stuff. and maybe asking silly questions. But what I like to hear is why, not just being told what to do. I have heard environments is not the way to go, but not why what is the down side. I have also heard from other people who use it a lot that they use a lot of environments. I've have decided to give it a go under 2 envornments and try and map my machines in some other grouping under production. I presume I can always go back. > > On Friday, June 24, 2016 at 9:20:58 PM UTC-5, Alex Samad wrote: > >> >> The point i was trying to make was not the how. But that a group of >> nodes will have 1 config and another a different config. It seems >> like environments would be the way to group that. > > > > Your ENC does the grouping. Environments are one way to organize each > group's manifests and data, but multiple people are advising you against > using them that way. Okay - what is the down side ... ? Note I am going to try the single environment setup > >> > Surely you don't >> > suppose that every machine in the same operational environment will be >> > configured identically to every other, so even if you do match Puppet >> > environments to operational environments, that does not in itself >> > address >> > questions about how to assign configurations to nodes -- or, in Puppet >> > speak, how to classify nodes. >> Why can't I expect that. if I expect puppet to look after things like >> MOTD, SSHD config, smtp config, firewall config. users. SOE directory >> setup. Why can't I expect them to be the same. I understand that ip >> address and name will be different. > > > > Evidently you do suppose. Wow. > > Most people have machines of different kinds under management -- web > servers, database servers, workstations, etc.. These normally have some > commonalities in their configurations -- maybe many commonalities -- but There are going to be a lot of commonalities (i believe), standard patching, standard security, standard ... these are typically company wide. But my current environment small number of nodes. we have app, web, rp, mail, proxy servers, but they have quite a lot in common. > their overall configurations are not identical. If indeed no machine in any > of your groups is distinguishable from any other in the same group except by > its network identifiers (hostname / IP / MAC) then Puppet environments are > even less appropriate for you than I thought. In that case, the key thing > you should do is define one class per group, and have your ENC assign the > appropriate one of those classes to each machine. Q) why classes - i thought the way to go was roles / profiles. I have defined a who bundle of profiles - like for example one for ssh - have company standard setup for ssh, and other packages that are part of the SOE. Then I will have roles which will be a collection of profiles. those roles will be things like web server, app server, proxy server etc etc. ? are roles and profiles made up of classes, are classes the fundemental building block in puppet and the term role / profile is just a type of class ? > > >> >> > In the first place, this still has nothing to do with nodes being >> > mindful of >> > which Puppet environment they are assigned to, nor even of which >> > operational >> > environment they are assigned to. Nodes will use whichever winbind (for >> > example) is installed on them, regardless of which environments you >> > label >> > them with. The nodes themselves don't much care what you call them -- >> > they >> > simply operate according to the way you configure them. >> >> But ... this is what i want to use puppet for. > > > > You're missing my point. Which winbind (as an example) is installed on a > given node can absolutely be managed by Puppet. The point is that the nodes > themselves don't need to know which Puppet environment -- or even which > operating environment -- they are assigned to; they just use whichever > winbind they currently have (as managed by Puppet). Yes I understand that, but how (again try and explain how not that I shouldn't). So I have 1 environment production I have my prod server in the prod grouping ??? I have my standard pro
Re: [Puppet Users] Working with hiera and debugging
Hi
Okay, I have downloaded and will re do he trainging VM.
But I have finished the reading this blog
http://www.craigdunn.org/2012/05/239/ << suggested to me here.
This is basically what i am trying to do. But I would like to see /
test what I am doing along the way
The install of puppet / hiera was by the documentation .
I have added in an ENC - only so I can allocate (in on place) node to
environments and potentially ??
I have a test node and I try the puppet agent -t --noop --verbose
hoping to see some results of my work on the puppet master.
I have seen - cert request and I have signed this.
Now this is what I am probably missing is the link in the production
environment to the class list - via roles / profiles ?
I am presuming I need to look at work with
/etc/puppetlabs/code/environments/production/manifests/site.pp
and get that to work with hiera ..
Alex
On 27 June 2016 at 14:56, Peter Kristolaitis wrote:
> You may want to go back and re-read my previous message.
>
> You're missing the very, very critical distinction that Hiera is not your
> node manifest. Hiera is just data, and does not configure any resources for
> the agent to manage. You still need to write your node manifest files.
> Note that this differs from a class manifest.
>
>
>
> On 6/27/2016 12:23 AM, Alex Samad wrote:
>>
>> Hi
>>
>> Okay, i do it a bit simpler :)
>>
>> /etc/puppetlabs/puppet/hiera.yaml
>>
>> i added
>>
>> message: "This node is using global common data"
>>
>> sudo /opt/puppetlabs/bin/puppet agent --noop --verbose -t
>>
>> didn't see the text message !
>>
>>
>>
>>
>> On 27 June 2016 at 13:14, Peter Kristolaitis wrote:
>>>
>>> It's important to keep in mind that Hiera is "just data". You still need
>>> to
>>> actually create the resources somehow in your manifest based on that
>>> data.
>>>
>>> Thus, creating a data element called "classes" in Hiera isn't enough to
>>> actually get those classes applied to the node. You need to add
>>> hiera_include('classes') in your manifest. More info here:
>>>
>>> https://docs.puppet.com/hiera/3.1/puppet.html#assigning-classes-to-nodes-with-hiera-hierainclude
>>>
>>> Having said that, until you get more experience with Puppet I would
>>> recommend avoiding using Hiera to assign classes to nodes. It can be
>>> harder
>>> to debug and maintain, and breaks the rule of thumb that Hiera should
>>> only
>>> contain configuration data and not class structure. You may want to look
>>> into the "roles and profiles" model instead. There ARE valid reasons to
>>> assign classes via Hiera (e.g. assigning a role to the node based on the
>>> output of a custom Hiera backend) but this wouldn't be the approach I
>>> recommend to a newbie. :)
>>>
>>>
>>> On 6/26/2016 8:41 PM, Alex Samad wrote:
>>>
>>> Hi
>>>
>>> Newbie - greenfield install . Centos 6.8 - PC1 puppet. Master puppet
>>> setup.
>>>
>>> I have installed R10K and git and hiera.
>>>
>>> I would like to group my nodes into groups
>>>
>>> I'm doing some testing
>>>
>>> testnode - puppet client
>>> masternode - puppet master
>>>
>>> On the master node I have
>>>
>>>
>>> cat /etc/puppetlabs/puppet/puppet.conf
>>> # This file can be used to override the default puppet settings.
>>> # See the following links for more details on what settings are
>>> available:
>>> # -
>>>
>>> https://docs.puppetlabs.com/puppet/latest/reference/config_important_settings.html
>>> # -
>>>
>>> https://docs.puppetlabs.com/puppet/latest/reference/config_about_settings.html
>>> # -
>>> https://docs.puppetlabs.com/puppet/latest/reference/config_file_main.html
>>> # -
>>> https://docs.puppetlabs.com/puppet/latest/reference/configuration.html
>>> [master]
>>> vardir = /opt/puppetlabs/server/data/puppetserver
>>> logdir = /var/log/puppetlabs/puppetserver
>>> rundir = /var/run/puppetlabs/puppetserver
>>> pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
>>> codedir = /etc/puppetlabs/code
>>>
>>> # https://docs.puppet.com/puppetdb/4.1/connect_puppet_master.html
>>> storeconfigs = true
>>> storeconfigs_backend = puppetdb
>>>
>>> reports = store,puppetdb
>>>
>>>
>>> # https://
Re: [Puppet Users] Working with hiera and debugging
I have... but then i spent 2-3 weeks doing git and r10k ...
I will look again..
On 27 June 2016 at 14:33, Rob Nelson wrote:
> Have you tried the Learning Puppet VM? I believe it provides answers this
> and many of the other questions you have had over the past few weeks.
> There's really nothing better than actually trying to use the software to
> learn it.
>
>
> On Monday, June 27, 2016, Alex Samad wrote:
>>
>> Hi
>>
>> Okay, i do it a bit simpler :)
>>
>> /etc/puppetlabs/puppet/hiera.yaml
>>
>> i added
>>
>> message: "This node is using global common data"
>>
>> sudo /opt/puppetlabs/bin/puppet agent --noop --verbose -t
>>
>> didn't see the text message !
>>
>>
>>
>>
>> On 27 June 2016 at 13:14, Peter Kristolaitis wrote:
>> > It's important to keep in mind that Hiera is "just data". You still
>> > need to
>> > actually create the resources somehow in your manifest based on that
>> > data.
>> >
>> > Thus, creating a data element called "classes" in Hiera isn't enough to
>> > actually get those classes applied to the node. You need to add
>> > hiera_include('classes') in your manifest. More info here:
>> >
>> > https://docs.puppet.com/hiera/3.1/puppet.html#assigning-classes-to-nodes-with-hiera-hierainclude
>> >
>> > Having said that, until you get more experience with Puppet I would
>> > recommend avoiding using Hiera to assign classes to nodes. It can be
>> > harder
>> > to debug and maintain, and breaks the rule of thumb that Hiera should
>> > only
>> > contain configuration data and not class structure. You may want to
>> > look
>> > into the "roles and profiles" model instead. There ARE valid reasons to
>> > assign classes via Hiera (e.g. assigning a role to the node based on the
>> > output of a custom Hiera backend) but this wouldn't be the approach I
>> > recommend to a newbie. :)
>> >
>> >
>> > On 6/26/2016 8:41 PM, Alex Samad wrote:
>> >
>> > Hi
>> >
>> > Newbie - greenfield install . Centos 6.8 - PC1 puppet. Master puppet
>> > setup.
>> >
>> > I have installed R10K and git and hiera.
>> >
>> > I would like to group my nodes into groups
>> >
>> > I'm doing some testing
>> >
>> > testnode - puppet client
>> > masternode - puppet master
>> >
>> > On the master node I have
>> >
>> >
>> > cat /etc/puppetlabs/puppet/puppet.conf
>> > # This file can be used to override the default puppet settings.
>> > # See the following links for more details on what settings are
>> > available:
>> > # -
>> >
>> > https://docs.puppetlabs.com/puppet/latest/reference/config_important_settings.html
>> > # -
>> >
>> > https://docs.puppetlabs.com/puppet/latest/reference/config_about_settings.html
>> > # -
>> >
>> > https://docs.puppetlabs.com/puppet/latest/reference/config_file_main.html
>> > # -
>> > https://docs.puppetlabs.com/puppet/latest/reference/configuration.html
>> > [master]
>> > vardir = /opt/puppetlabs/server/data/puppetserver
>> > logdir = /var/log/puppetlabs/puppetserver
>> > rundir = /var/run/puppetlabs/puppetserver
>> > pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
>> > codedir = /etc/puppetlabs/code
>> >
>> > # https://docs.puppet.com/puppetdb/4.1/connect_puppet_master.html
>> > storeconfigs = true
>> > storeconfigs_backend = puppetdb
>> >
>> > reports = store,puppetdb
>> >
>> >
>> > # https://docs.puppet.com/guides/external_nodes.html
>> > node_terminus = exec
>> > external_nodes = /usr/local/bin/puppet_node_classifier
>> >
>> >
>> >
>> >
>> > I was use a node classifier at the top level to place nodes into
>> > environments - but I am testing grouping nodes in to groups in 1 env/
>> >
>> > all it produces is
>> > ---
>> > environment: alex
>> >
>> >
>> > for now
>> >
>> >
>> > cat /etc/puppetlabs/puppet/hiera.yaml
>> > # https://docs.puppet.com/hiera/3.1/configuring.html
>> > ---
>> > :backends:
>> > - yaml
>> > :hierarchy:
>> > - "nodes/%{::trusted.certname}"
>> > - common
&g
Re: [Puppet Users] Working with hiera and debugging
Hi
Okay, i do it a bit simpler :)
/etc/puppetlabs/puppet/hiera.yaml
i added
message: "This node is using global common data"
sudo /opt/puppetlabs/bin/puppet agent --noop --verbose -t
didn't see the text message !
On 27 June 2016 at 13:14, Peter Kristolaitis wrote:
> It's important to keep in mind that Hiera is "just data". You still need to
> actually create the resources somehow in your manifest based on that data.
>
> Thus, creating a data element called "classes" in Hiera isn't enough to
> actually get those classes applied to the node. You need to add
> hiera_include('classes') in your manifest. More info here:
> https://docs.puppet.com/hiera/3.1/puppet.html#assigning-classes-to-nodes-with-hiera-hierainclude
>
> Having said that, until you get more experience with Puppet I would
> recommend avoiding using Hiera to assign classes to nodes. It can be harder
> to debug and maintain, and breaks the rule of thumb that Hiera should only
> contain configuration data and not class structure. You may want to look
> into the "roles and profiles" model instead. There ARE valid reasons to
> assign classes via Hiera (e.g. assigning a role to the node based on the
> output of a custom Hiera backend) but this wouldn't be the approach I
> recommend to a newbie. :)
>
>
> On 6/26/2016 8:41 PM, Alex Samad wrote:
>
> Hi
>
> Newbie - greenfield install . Centos 6.8 - PC1 puppet. Master puppet setup.
>
> I have installed R10K and git and hiera.
>
> I would like to group my nodes into groups
>
> I'm doing some testing
>
> testnode - puppet client
> masternode - puppet master
>
> On the master node I have
>
>
> cat /etc/puppetlabs/puppet/puppet.conf
> # This file can be used to override the default puppet settings.
> # See the following links for more details on what settings are available:
> # -
> https://docs.puppetlabs.com/puppet/latest/reference/config_important_settings.html
> # -
> https://docs.puppetlabs.com/puppet/latest/reference/config_about_settings.html
> # -
> https://docs.puppetlabs.com/puppet/latest/reference/config_file_main.html
> # - https://docs.puppetlabs.com/puppet/latest/reference/configuration.html
> [master]
> vardir = /opt/puppetlabs/server/data/puppetserver
> logdir = /var/log/puppetlabs/puppetserver
> rundir = /var/run/puppetlabs/puppetserver
> pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
> codedir = /etc/puppetlabs/code
>
> # https://docs.puppet.com/puppetdb/4.1/connect_puppet_master.html
> storeconfigs = true
> storeconfigs_backend = puppetdb
>
> reports = store,puppetdb
>
>
> # https://docs.puppet.com/guides/external_nodes.html
> node_terminus = exec
> external_nodes = /usr/local/bin/puppet_node_classifier
>
>
>
>
> I was use a node classifier at the top level to place nodes into
> environments - but I am testing grouping nodes in to groups in 1 env/
>
> all it produces is
> ---
> environment: alex
>
>
> for now
>
>
> cat /etc/puppetlabs/puppet/hiera.yaml
> # https://docs.puppet.com/hiera/3.1/configuring.html
> ---
> :backends:
> - yaml
> :hierarchy:
> - "nodes/%{::trusted.certname}"
> - common
>
> :yaml:
> # datadir is empty here, so hiera uses its defaults:
> # - /etc/puppetlabs/code/environments/%{environment}/hieradata on *nix
> # - %CommonAppData%\PuppetLabs\code\environments\%{environment}\hieradata on
> Windows
> # When specifying a datadir, make sure the directory exists.
> :datadir:
>
>
>
> This is the default hiera setup
>
>
> cat /etc/puppetlabs/code/environments/alex/hieradata/common.yaml
> ---
> classes:
>- profile::mypuppet
>
> message: "This node is using common data"
>
> #Puppet Server Tuning
> puppet_enterprise::master::puppetserver::jruby_max_requests_per_instance: 0
>
>
>
> cat
> /etc/puppetlabs/code/environments/alex/site/profile/manifests/mypuppet.pp
> class profile::mypuppet {
>
> package { 'puppet-agent' :
> ensure => 'present',
> }
>
> #include ::puppet_agent;
>
> }
>
>
>
> then i go to my test node
>
> # for testing ..
> sudo /opt/puppetlabs/bin/puppet agent --noop --verbose -t
> Notice: Local environment: 'production' doesn't match server specified node
> environment 'alex', switching agent to 'alex'.
> Info: Retrieving pluginfacts
> Info: Retrieving plugin
> Info: Loading facts
> Info: Applying configuration version
> 'ee80ea6b15178f517618992833a8bc3c7c378bd0'
> Notice: Applied catalog in 0.04 seconds
>
[Puppet Users] Working with hiera and debugging
Hi
Newbie - greenfield install . Centos 6.8 - PC1 puppet. Master puppet setup.
I have installed R10K and git and hiera.
I would like to group my nodes into groups
I'm doing some testing
testnode - puppet client
masternode - puppet master
On the master node I have
cat /etc/puppetlabs/puppet/puppet.conf
# This file can be used to override the default puppet settings.
# See the following links for more details on what settings are available:
# -
https://docs.puppetlabs.com/puppet/latest/reference/config_important_settings.html
# -
https://docs.puppetlabs.com/puppet/latest/reference/config_about_settings.html
# -
https://docs.puppetlabs.com/puppet/latest/reference/config_file_main.html
# - https://docs.puppetlabs.com/puppet/latest/reference/configuration.html
[master]
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /etc/puppetlabs/code
# https://docs.puppet.com/puppetdb/4.1/connect_puppet_master.html
storeconfigs = true
storeconfigs_backend = puppetdb
reports = store,puppetdb
# https://docs.puppet.com/guides/external_nodes.html
node_terminus = exec
external_nodes = /usr/local/bin/puppet_node_classifier
I was use a node classifier at the top level to place nodes into
environments - but I am testing grouping nodes in to groups in 1 env/
all it produces is
---
environment: alex
for now
cat /etc/puppetlabs/puppet/hiera.yaml
# https://docs.puppet.com/hiera/3.1/configuring.html
---
:backends:
- yaml
:hierarchy:
- "nodes/%{::trusted.certname}"
- common
:yaml:
# datadir is empty here, so hiera uses its defaults:
# - /etc/puppetlabs/code/environments/%{environment}/hieradata on *nix
# - %CommonAppData%\PuppetLabs\code\environments\%{environment}\hieradata
on Windows
# When specifying a datadir, make sure the directory exists.
:datadir:
This is the default hiera setup
cat /etc/puppetlabs/code/environments/alex/hieradata/common.yaml
---
classes:
- profile::mypuppet
message: "This node is using common data"
#Puppet Server Tuning
puppet_enterprise::master::puppetserver::jruby_max_requests_per_instance: 0
cat
/etc/puppetlabs/code/environments/alex/site/profile/manifests/mypuppet.pp
class profile::mypuppet {
package { 'puppet-agent' :
ensure => 'present',
}
#include ::puppet_agent;
}
then i go to my test node
# for testing ..
sudo /opt/puppetlabs/bin/puppet agent --noop --verbose -t
Notice: Local environment: 'production' doesn't match server specified node
environment 'alex', switching agent to 'alex'.
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Applying configuration version
'ee80ea6b15178f517618992833a8bc3c7c378bd0'
Notice: Applied catalog in 0.04 seconds
I don't see any mention of mypuppet ??
Am i testing the system the right way ?
What am i doing wrong ?
Thanks
Alex
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/a7bb4a4b-d61b-4db0-bdff-57030d75cb51%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] external node classifier my setup
Hi Okay so what i am getting from this is. have 2 maybe 3 environments production - production puppet code testing - testing modules and dev - another testing / developer Inside production I can use a "ENC" ? to force nodes into groups production sim inf inside there I can allocate "environment stuff" Again I am unsure how I implement what I am trying to do. I will pick winbind - just to highlight the difference not the package etc etc. My plan was to create a profile lets say "alex winbind" it would have all of my config info for the module. this profile and others would be pulled together into roles and the roles assigned to nodes. So in my puppet production environment I would have 1 module called alex winbind and because its all in 1 puppet environment I then have to have lots of if statements (or case statement) inside it that basically says if node is in prod use this module if node is in sim use this module if node is in inf use this module is that right A On 25 June 2016 at 13:28, Rob Nelson wrote: > > On Friday, June 24, 2016, Alex Samad wrote: >> >> The point i was trying to make was not the how. But that a group of >> nodes will have 1 config and another a different config. It seems >> like environments would be the way to group that. > > > Alex, > > Environment is a very overloaded term. In this case, 'environment' means 'a > discrete set of puppet code and data.' It has no direct relation to > 'environment' meaning 'an operational status of a set of services' (or > however one might deceive the concepts of 'production' vs 'development' vs > …). It is important not to confuse those two, or any other use of the term > environment. > > The reason there is no direct relationship between those two versions of the > term is because a node that is in the operational status of production can > switch between the production environment and any other environment of your > puppet code without affecting its operational status (whether it should is a > very different question!). You may also have two nodes that are both > production nodes that receive different values for e.g. their mail relay. > > This data is better separated via hiera, where you can say "all nodes in the > Sydney datacenter use mail relay A, and all those in Perth use mail relay > B." They don't have to be in separate puppet environments for that to occur. > > Environments are more often used in your code development workflow, where > environments map to your version control branches. You branch off of > development to a branch called feature_a. None of your actual nodes check in > against either of these environments, but your CI pipeline and your > developers test against these with vagrant or similar. You maybe even take a > canary node that normally uses the puppet environment production and have it > check in against the feature_a environment instead. When the feature works > properly, you merge feature_a->development and delete the branch feature_a, > which deletes the environment feature_a. > > You repeat this for a few features, and then you merge from > development->production. Now the code that was tested in CI is being used by > the operational production nodes, which are using the operational > environment as well. Then you go back to making more feature branches and > repeat. > > Along the way, a given node may check into one puppet environment 99% of the > time, but nothing prevents the node from using a different puppet > environment, for testing or urgent fixes or for any other reason. The puppet > environment can be pretty fluid without changing the data and configuration > a given node receives much if at all. > > I hope that's not too confusing. You did say you haven't managed a puppet > install yet, and I think if you set something up in vagrant or a lab, some > of the concepts would become clear a lot quicker than when we discuss them > in the abstract. > > > -- > > Rob Nelson > rnels...@gmail.com > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Puppet Users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/puppet-users/mZBLZQKZ0xM/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/CAC76iT_ZScBbqvtOJ7xdkwr8--JspDnYBgKGjJ-%3DvdDp-tAcJQ%40mail.gmail.com. > > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the G
Re: [Puppet Users] Re: external node classifier my setup
On 25 June 2016 at 00:32, jcbollinger wrote: > > > On Thursday, June 23, 2016 at 6:11:11 PM UTC-5, Alex Samad wrote: >> >> On 24 June 2016 at 00:16, jcbollinger wrote: > > > [...] > >> >> > In the first place, I recommend not using multiple Puppet environments >> > unless you have a Puppet-related reason for doing so. The prime reason >> > in >> > this category would be that you want to allow for use of different >> > versions >> > of the same Puppet modules to be used with one group of nodes than with >> > another. When no such reason applies, environments do not provide a >> > benefit >> > commensurate with the extra complication and work they involve. >> > >> > In the second place, yes, you're wrong. The Puppet environment to which >> > a >> > node is assigned affects the details of the catalogs built for it, which >> > in >> > turn affects those nodes' configurations. The master makes decisions >> > based >> > on node environment, but nodes need not and should not care why they are >> > configured as they are. For example, nodes do not need to know or care >> > about the meaning of the contents of their MOTD; they just need to >> > present >> > the text -- whatever it is -- to users when they log in and when they >> > ask >> >> I agree but how do you make them difference for different nodes, if I >> specify a group of nodes that have a specific MOTD... the nodes don't >> care but ( i was using it as an example). maybe a better one would be >> say smtp setup - all nodes have it, non prod must point to the non >> prod smtp server. >> > > > How is configuring which SMTP server a node uses fundamentally different > from configuring a node's MOTD? In either case you're just plugging the > right data into the right hole. The holes are even similar in shape: part > or all of a particular text file in a known location (or on Windows, the > holes are sometimes registry entries). The point i was trying to make was not the how. But that a group of nodes will have 1 config and another a different config. It seems like environments would be the way to group that. > > You said earlier that your master will assign nodes to environments, and at > that time you were identifying Puppet environments with operational > environments. It follows that you anticipate that your master will have > enough information to identify nodes' intended operational environments. I believe in my environment I can do that by hostname as a general rule. > How the master should translate that information into node configurations is > an entirely different question, and largely orthogonal to whether Puppet > environments are associated with operational environments. Surely you don't > suppose that every machine in the same operational environment will be > configured identically to every other, so even if you do match Puppet > environments to operational environments, that does not in itself address > questions about how to assign configurations to nodes -- or, in Puppet > speak, how to classify nodes. Why can't I expect that. if I expect puppet to look after things like MOTD, SSHD config, smtp config, firewall config. users. SOE directory setup. Why can't I expect them to be the same. I understand that ip address and name will be different. > > In fact, Puppet has several mechanisms for that, one of them being the one > that you already plan on using to assign nodes to environments: the external > node classifier (ENC). Puppet also makes heavy use of external data for > configuring nodes, generally accessed via its Hiera hierarchical data > subsystem. Hiera data can be used to directly classify nodes > (hiera_include()), or to supplement classification performed primarily > elsewhere (automated data binding, hiera(), hiera_hash(), hiera_array()). I > prefer to put most of the load on Hiera, myself, but the reasons for that > would be an entirely separate discussion. I plan to use hiera - still getting my head around that. > > Furthermore, how you structure your manifest set plays heavily into how > easily this all works out. If you are not already aware of Craig Dunn's > "Roles and Profiles" pattern, then you should familiarize yourself with it. > You are not obligated to use it, but I think it synergizes with your > objectives, and it has been applied with great success in a lot of places. I will definitely be looking at this. I had already planned on using profiles and roles - got that from the sydney user group. I have most of mine defined I believe. Now to work
[Puppet Users] Writing my first role
Hi
So greenfield install. I'm a newbie.
I have setup the latest puppet open source, using r10k + git. I have
started with the control-repo.
I have my 'alex' branch/environment.
I can see there is a directory
site/profile/manifests
I presume I can put my "code" here for example
cat site/profile/manifests/mypuppet.pp
class profile::mypuppet {
include ::puppet_agent;
}
What I would like todo is set the default environment in puppet.conf via
this model
Or even go further and install a complete puppet.conf.
How do I assign the profile::mypuppet to all notes in this environment
Would/could I add it to hieradata/common.yaml with something like
class:
-profile::mypuppet
Although I also realize or at least plan to use roles. idea being a node
gets a roles which is made up of all the relevant profiles.
Alex
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/9e4434ee-471f-4065-a1d1-435275632dfd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Re: external node classifier my setup
On 24 June 2016 at 00:16, jcbollinger wrote: > > > On Thursday, June 23, 2016 at 1:30:37 AM UTC-5, Alex Samad wrote: >> >> Hi >> >> So I am a bit of a newbie. My assumption was to setup using a master >> puppet server. But I wanted to make sure that environment was handled >> by the master puppet - I have control over that and I might not be >> able to exclude control over the managed box from other users (dam >> developers !). >> > > > I'm inclined to agree that central control is to be preferred. Do be aware, > however, that control over node environment is mostly a management feature, > not a security feature. Your master can control what resources it records > in nodes' catalogs, but those nodes' admins can disable Puppet, make it run > in --noop mode, make it present false facts to the master, and many other > things. Do not grant privileges to people whom you do not trust, and do not > trust anyone any more than you need to do. > > >> >> I wanted some way to test what I was doing was correct. >> > > > And you found one. > > >> >> " >> If your nodes care deeply about which Puppet environment they are >> assigned to, then you are doing something wrong. >> " >> >> so I am planning on having atleast a production, sim , inf, non prod >> and a dev environment. >> >> I would presume a box would want to know which environment they are >> in, because in prod they might be on a certain rpm / module or >> certain config - lets say for example MOTD. >> >> But i might be wrong ? >> > > > In the first place, I recommend not using multiple Puppet environments > unless you have a Puppet-related reason for doing so. The prime reason in > this category would be that you want to allow for use of different versions > of the same Puppet modules to be used with one group of nodes than with > another. When no such reason applies, environments do not provide a benefit > commensurate with the extra complication and work they involve. > > In the second place, yes, you're wrong. The Puppet environment to which a > node is assigned affects the details of the catalogs built for it, which in > turn affects those nodes' configurations. The master makes decisions based > on node environment, but nodes need not and should not care why they are > configured as they are. For example, nodes do not need to know or care > about the meaning of the contents of their MOTD; they just need to present > the text -- whatever it is -- to users when they log in and when they ask I agree but how do you make them difference for different nodes, if I specify a group of nodes that have a specific MOTD... the nodes don't care but ( i was using it as an example). maybe a better one would be say smtp setup - all nodes have it, non prod must point to the non prod smtp server. > for it. Likewise, they do not need to know why they are configured to > access a particular database server, why they have the particular vhosts > configured that they do, why they have the particular users and passwords > they have, why they mount the particular remote file systems they mount, > etc.. > Sorry our argument seems counter intuitive. Maybe I am miss understanding. For example I have had a lot of issue with winbind. (centos 6.x). So my thought is production environment - has all the prod nodes. It has a specific version of winbind, might be old but it works My other environments have different newer versions of winbind. if you can explain how I can do that with 1 environment . happy to learn. I haven't done a puppet setup before - which is why i'm asking and questioning. > >> >> My thought had been to align production environment with production >> server, infra with infra servers and non prod non infra in the non >> prod environment. > > > > Even if you ignore my advice and do that, what I'm saying is that you should > not identify Puppet's sense of "environment" with any external concept going > by the same name. I maintain that nodes probably don't need to be > explicitly aware of the label of their operational environment, either, but > especially if you're exerting central control over Puppet environments, > there is no reason for nodes to care how Puppet labels those environments. so environments should only really align with puppets production code and none prod code. and by non prod code you are talking only about puppet module code ? > > > John > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Puppet Users" group. > To unsubscribe fr
Re: [Puppet Users] Re: external node classifier my setup
Hi sorry bit more. puppet config print environment So from what I understand you saying this show the environment from the agent side no talking to the master puppet ! so a puppet agent --noop --test would be a way of looking. is there no other way of querying what the master things of a node I tried puppet catalog find and it still shows me the wrong environment if I can add to this. How in puppet can i set the local environment. So say box A in my enc I say its in environment xyz, so when puppet agent runs it set the puppet environment on that box to environment xyz ? A On 23 June 2016 at 16:30, Alex Samad wrote: > Hi > > So I am a bit of a newbie. My assumption was to setup using a master > puppet server. But I wanted to make sure that environment was handled > by the master puppet - I have control over that and I might not be > able to exclude control over the managed box from other users (dam > developers !). > > I wanted some way to test what I was doing was correct. > > " > If your nodes care deeply about which Puppet environment they are > assigned to, then you are doing something wrong. > " > > so I am planning on having atleast a production, sim , inf, non prod > and a dev environment. > > I would presume a box would want to know which environment they are > in, because in prod they might be on a certain rpm / module or > certain config - lets say for example MOTD. > > But i might be wrong ? > > My thought had been to align production environment with production > server, infra with infra servers and non prod non infra in the non > prod environment. > > Thanks > Alex > > > On 23 June 2016 at 03:26, jcbollinger wrote: >> >> >> On Wednesday, June 22, 2016 at 2:21:27 AM UTC-5, Alex Samad wrote: >>> >>> :))) >>> >>> seems like after writing this I found my answer >>> >>> I used >>> >>> puppet agent --test --verbose >>> >>> shows me that it is classified as environment alex. thats good. >>> >>> but >>> puppet config print environment >>> still show production? so I am guessing the above just looks at the puppet >>> config files and as I haven't set environment it defaults to production ! >>> >>> So the question is, is this the best way to do it ? >>> >> >> >> The command ... >> >> puppet config print environment >> >> ... indeed does print a value derived from the local Puppet configuration >> file. The default for this value is 'production'. Whatever value the >> command prints is the value that will be used for the node's environment, >> provided that the node-specified environment is not overridden by an >> external node classifier running on the master. This allows nodes to >> request specific environments, while still affording the master the final >> say. No matter whether the setting takes a default or explicit value in the >> node's local configuration (which 'puppet config print environment' will >> print), that value must be taken as provisional at best. >> >> If your nodes care deeply about which Puppet environment they are assigned >> to, then you are doing something wrong. If you just want to check, however, >> then the method you discovered, relying on verbose output from the agent, >> seems entirely reasonable. You could perhaps tweak that by adding a --tags >> option that filters out all resources, so that you get node information >> without applying anything. You cannot get a reliably correct answer without >> consulting the master, because the master has the final word on the matter. >> >> >> John >> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "Puppet Users" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/puppet-users/mZBLZQKZ0xM/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> puppet-users+unsubscr...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-users/c9d7b296-ff84-4887-9707-5fe4d647fde7%40googlegroups.com. >> For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAJ%2BQ1PUteG5APOF93YXXovwfA1OyYMvQJCv7j5HHVKQKmApj0w%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Re: external node classifier my setup
Hi So I am a bit of a newbie. My assumption was to setup using a master puppet server. But I wanted to make sure that environment was handled by the master puppet - I have control over that and I might not be able to exclude control over the managed box from other users (dam developers !). I wanted some way to test what I was doing was correct. " If your nodes care deeply about which Puppet environment they are assigned to, then you are doing something wrong. " so I am planning on having atleast a production, sim , inf, non prod and a dev environment. I would presume a box would want to know which environment they are in, because in prod they might be on a certain rpm / module or certain config - lets say for example MOTD. But i might be wrong ? My thought had been to align production environment with production server, infra with infra servers and non prod non infra in the non prod environment. Thanks Alex On 23 June 2016 at 03:26, jcbollinger wrote: > > > On Wednesday, June 22, 2016 at 2:21:27 AM UTC-5, Alex Samad wrote: >> >> :))) >> >> seems like after writing this I found my answer >> >> I used >> >> puppet agent --test --verbose >> >> shows me that it is classified as environment alex. thats good. >> >> but >> puppet config print environment >> still show production? so I am guessing the above just looks at the puppet >> config files and as I haven't set environment it defaults to production ! >> >> So the question is, is this the best way to do it ? >> > > > The command ... > > puppet config print environment > > ... indeed does print a value derived from the local Puppet configuration > file. The default for this value is 'production'. Whatever value the > command prints is the value that will be used for the node's environment, > provided that the node-specified environment is not overridden by an > external node classifier running on the master. This allows nodes to > request specific environments, while still affording the master the final > say. No matter whether the setting takes a default or explicit value in the > node's local configuration (which 'puppet config print environment' will > print), that value must be taken as provisional at best. > > If your nodes care deeply about which Puppet environment they are assigned > to, then you are doing something wrong. If you just want to check, however, > then the method you discovered, relying on verbose output from the agent, > seems entirely reasonable. You could perhaps tweak that by adding a --tags > option that filters out all resources, so that you get node information > without applying anything. You cannot get a reliably correct answer without > consulting the master, because the master has the final word on the matter. > > > John > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Puppet Users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/puppet-users/mZBLZQKZ0xM/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/c9d7b296-ff84-4887-9707-5fe4d647fde7%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAJ%2BQ1PUaSdp9-y5na9RXZTzXDGk8jrhamp6Mh9VwVYgD_LdUPw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: external node classifier my setup
:))) seems like after writing this I found my answer I used puppet agent --test --verbose shows me that it is classified as environment alex. thats good. but puppet config print environment still show production? so I am guessing the above just looks at the puppet config files and as I haven't set environment it defaults to production ! So the question is, is this the best way to do it ? Alex On Wednesday, 22 June 2016 17:13:04 UTC+10, Alex Samad wrote: > > Hi > > Might have this wrong. But.. > > I have puppet install - got r10k and will be using hiera > > I wanted to have 1 script / programatic way of classifying scripts into > environments. I wanted to be able to look at certname and maybe ip address. > > So I found this > https://docs.puppet.com/guides/external_nodes.html > > I have added this > > [master] > node_terminus = exec > external_nodes = /usr/local/bin/puppet_node_classifier > > > to my /etc/puppetlabs/puppet/puppet.conf at the bottom > > for this /usr/local/bin/puppet_node_classifier i have > > #!/bin/bash > > # > # puppet external node classifier > # https://docs.puppet.com/guides/external_nodes.html > # > > > echo "$*" > /tmp/a1 > > set -e > > HSTNAME="$1" > > if [ -z "$HSTNAME" ] > then > # can't be called with no arguments > exit 1 > fi > > > case "$HSTNAME" in > testing.xyz.com) > echo "---" > > #echo "classes:" > #echo " - common" > #echo "parameters:" > > #echo "environment: production" > echo "environment: alex" > ;; > *) > exit 1 > ;; > esac > > echo > > exit 0 > > > > when i go to box testing.xyz.com which is the box I have installed > puppet on and try this > puppet config print environment > > I still get production not alex > > > what am i doing wrong ? > How do I try and debug this (where do i look)? > > Is this the right way to do it. our should I be adding nodes to config > files (which ones?) in the environments or one master file in the global > sites.pp (is this the file and if so where does it exist ) > > Thanks > Alex - slightly confused > > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/a27fb92d-5d8b-42a9-a9e6-aa89f28f130f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] external node classifier my setup
Hi Might have this wrong. But.. I have puppet install - got r10k and will be using hiera I wanted to have 1 script / programatic way of classifying scripts into environments. I wanted to be able to look at certname and maybe ip address. So I found this https://docs.puppet.com/guides/external_nodes.html I have added this [master] node_terminus = exec external_nodes = /usr/local/bin/puppet_node_classifier to my /etc/puppetlabs/puppet/puppet.conf at the bottom for this /usr/local/bin/puppet_node_classifier i have #!/bin/bash # # puppet external node classifier # https://docs.puppet.com/guides/external_nodes.html # echo "$*" > /tmp/a1 set -e HSTNAME="$1" if [ -z "$HSTNAME" ] then # can't be called with no arguments exit 1 fi case "$HSTNAME" in testing.xyz.com) echo "---" #echo "classes:" #echo " - common" #echo "parameters:" #echo "environment: production" echo "environment: alex" ;; *) exit 1 ;; esac echo exit 0 when i go to box testing.xyz.com which is the box I have installed puppet on and try this puppet config print environment I still get production not alex what am i doing wrong ? How do I try and debug this (where do i look)? Is this the right way to do it. our should I be adding nodes to config files (which ones?) in the environments or one master file in the global sites.pp (is this the file and if so where does it exist ) Thanks Alex - slightly confused -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/23d9baeb-6ffe-48b6-9647-f0f5d30e7c02%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: security around puppet facts
Hi Seems like I might have jumped the gun tried puppet facts a.xyz.com from machine here.xyz.com. the first line sayes name: a.xyz.com, but the info seems to be from here.xyz.com alex On Wednesday, 22 June 2016 15:50:56 UTC+10, Alex Samad wrote: > > Hi > > working my way through a puppet install. Working on my external node > classifier. Found this > > puppet facts > > Seems like I can run this from any machine and it queries the DB and > return me information about that node. Seems like a bit of a security > leak... from my windows machine I can see the entire setup of a my > production servers just by naming them here. > > Is there any way to limit who | what gets sent back. could you limit it > such that the calling (client) can only see info about its self and noone > else ? I suppose how to you allow the puppet master to do it then > > > Alex > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/7461f2bb-0322-4bf1-bb43-e66172d0f6d5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] security around puppet facts
Hi working my way through a puppet install. Working on my external node classifier. Found this puppet facts Seems like I can run this from any machine and it queries the DB and return me information about that node. Seems like a bit of a security leak... from my windows machine I can see the entire setup of a my production servers just by naming them here. Is there any way to limit who | what gets sent back. could you limit it such that the calling (client) can only see info about its self and noone else ? I suppose how to you allow the puppet master to do it then Alex -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/4f19c47a-d90a-4c9b-9a95-10d1f59f1826%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Newbie question re Hiera
Done some more reading.
I'm have a master puppet server
I had thought to use hiera. seems like i need to setup
ENC https://docs.puppet.com/guides/external_nodes.html
Alex
On Wednesday, 22 June 2016 10:39:34 UTC+10, Rob Nelson wrote:
>
> Typically, you wouldn't actually classify or assign environment via hiera.
> That's a value provided to the master during checkin, either as a CLI
> argument or in puppet.conf. You could, of course, manage that file and
> provide an environment value through hiera. But that would change the
> environment used on next run, not the current run.
>
> If you're in a master less environment, you could do some magic with hiera
> cli/puppet lookup to find a value for the environment then call puppet
> apply with that environment, but that seems a bit needlessly complex at
> that point.
>
> You would typically use hiera to classify the node and assign the classes
> it receives, though. That would be done with hiera_include('some_key'),
> where somekey is found in your hierarchy with the proper value.
>
> On Tuesday, June 21, 2016, Alex Samad >
> wrote:
>
>> Hi
>>
>> I have a greenfield install. Centos 6.x puppet opensource latest.
>> installed r10k.
>>
>> I have setup my git repo, used the control repo as a starting spot.
>>
>> now I am getting my head around hiera
>>
>> Looking at this https://docs.puppet.com/hiera/3.1/complete_example.html
>> I understand the way that works for each environment.
>>
>> But how do I use hiera to allocate nodes to environments ?
>>
>> for example can I classify by name regex, so all hosts with name
>> ".*prod.*" is in production and ".*inf.*" into inf environment
>> can I also classify by ip address ?
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/puppet-users/8236b18c-2b1c-4733-a744-7dbeb281784c%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/puppet-users/8236b18c-2b1c-4733-a744-7dbeb281784c%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
> --
>
> Rob Nelson
> rnel...@gmail.com
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/168019ef-d060-4881-bc6f-5b4dbb12d114%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Newbie question re Hiera
Hi I have a greenfield install. Centos 6.x puppet opensource latest. installed r10k. I have setup my git repo, used the control repo as a starting spot. now I am getting my head around hiera Looking at this https://docs.puppet.com/hiera/3.1/complete_example.html I understand the way that works for each environment. But how do I use hiera to allocate nodes to environments ? for example can I classify by name regex, so all hosts with name ".*prod.*" is in production and ".*inf.*" into inf environment can I also classify by ip address ? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/8236b18c-2b1c-4733-a744-7dbeb281784c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Puppet 4.5 and git & R10K
Hi
Okay done some git training, did the R10k workshop. So just to refresh.
Centos 6.x install
i install the puppet repo rpm
then install
puppet-agent.x86_64
puppetserver
postgresql92.x86_64 postgresql92-server.x86_64
postgresql92-contrib.x86_64
check_postgres.noarch
puppetdb
git
Then I can use the script (robs)
to do the R10K install.
What I need todo is bootstrap my initial repo with the puppet repo.
https://github.com/puppetlabs/control-repo
Need to work that out first
Then I presume I need to use HIERA to classify nodes into environments ?
and then config Puppetfiles for each environment that I want.
I believe that leaves me with
automating the link between git push into the repo and R10K pull
A
On 9 June 2016 at 05:39, Rob Nelson wrote:
> I do something similar with zack/r10k:
>
> #r10k_installation.pp
> Package {
> allow_virtual => true,
> }
>
> sshkey { 'github.com':
> type => 'ssh-rsa',
> key =>
> 'B3NzaC1yc2EBIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==',
> }
>
> class { 'r10k':
> version => '2.1.1',
> sources => {
> 'puppet' => {
> 'remote' => 'g...@github.com:puppetinabox/controlrepo.git',
> 'basedir' => $::settings::environmentpath,
> 'prefix' => false,
> },
> },
> manage_modulepath => false
> }
>
> # bootstrap.sh snippets
> mkdir -p /root/bootstrap/modules
> puppet module install --modulepath=/root/bootstrap/modules zack/r10k
> --version 3.2.0
> puppet apply --modulepath=/root/bootstrap/modules r10k_installation.pp
> r10k deploy environment -p
>
> Since I don't know where the files move around from version to version, I
> let zack/r10k worry about that for me :)
>
>
> Rob Nelson
> rnels...@gmail.com
>
> On Wed, Jun 8, 2016 at 3:06 PM, Ben West wrote:
>>
>> At least to answer the question of installing r10k tool for use with open
>> source Puppetserver (or just puppet agent), I do this in a bootstrap script
>> for my Puppetserver to install r10k from gem, and do the initial deployment
>> of the control repo. This for directory-based environments.
>>
>> # Install r10k gem and deploy control repo for this environment
>> /opt/puppetlabs/puppet/bin/gem install r10k --no-ri --no-rdoc
>> mkdir -p /etc/puppetlabs/r10k
>> cat > /etc/puppetlabs/r10k/r10k.yaml <> :cachedir: '/opt/puppetlabs/puppet/cache/r10k'
>> :sources:
>> :controlrepo:
>> remote: '${PUPPET_CONTROLREPO_URL}'
>> basedir: '/etc/puppetlabs/code/environments'
>> R10K
>>
>> rm -rf /etc/puppetlabs/code/environments/*
>>
>> /opt/puppetlabs/puppet/bin/r10k deploy environment -pv info
>> ${PUPPET_ENVIRONMENT}
>>
>>
>>
>>
>> On Thursday, June 2, 2016 at 2:33:31 PM UTC-5, Stefan Heijmans wrote:
>>>
>>> HI,
>>>
>>> Maybe you check the r10k workshop [1] which will do a complete
>>> walkthrough of r10k or just watch their video [2] of it.
>>>
>>> [1] https://github.com/adrienthebo/r10k-workshop/blob/master/WORKSHOP.mkd
>>> [2] https://www.youtube.com/watch?v=rQJbuqMCl9c
>>>
>>> Stefan
>>>
>>> On Thursday, June 2, 2016 at 2:32:46 AM UTC+2, Alex Samad wrote:
>>>>
>>>>
>>>>
>>>> But branches ??? I read I need to have a production branch ...
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/puppet-users/51cad53b-2969-41ee-9e39-e5030286792e%40googlegroups.com.
>> For more options, visit https://groups.google.com/d/optout.
>
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Puppet Users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/puppet-users/836ysw94ya4/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/CAC76iT-oqSkbMyOaALueCUqepXCPbz5JjEe%3DeMCRm7G5%3DMbH%3Dg%40mail.gmail.com.
>
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAJ%2BQ1PXmpQFjEZVUvMENuGXNaS4bZrdMTLhHE4d1jd8a8dP%2BfA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Puppet 4.5 and git & R10K
Cool.
spent the last week getting my head around git .. branching and such.
On 9 June 2016 at 05:39, Rob Nelson wrote:
> I do something similar with zack/r10k:
>
> #r10k_installation.pp
> Package {
> allow_virtual => true,
> }
>
> sshkey { 'github.com':
> type => 'ssh-rsa',
> key =>
> 'B3NzaC1yc2EBIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==',
> }
>
> class { 'r10k':
> version => '2.1.1',
> sources => {
> 'puppet' => {
> 'remote' => 'g...@github.com:puppetinabox/controlrepo.git',
> 'basedir' => $::settings::environmentpath,
> 'prefix' => false,
> },
> },
> manage_modulepath => false
> }
>
> # bootstrap.sh snippets
> mkdir -p /root/bootstrap/modules
> puppet module install --modulepath=/root/bootstrap/modules zack/r10k
> --version 3.2.0
> puppet apply --modulepath=/root/bootstrap/modules r10k_installation.pp
> r10k deploy environment -p
>
> Since I don't know where the files move around from version to version, I
> let zack/r10k worry about that for me :)
>
>
> Rob Nelson
> rnels...@gmail.com
>
> On Wed, Jun 8, 2016 at 3:06 PM, Ben West wrote:
>>
>> At least to answer the question of installing r10k tool for use with open
>> source Puppetserver (or just puppet agent), I do this in a bootstrap script
>> for my Puppetserver to install r10k from gem, and do the initial deployment
>> of the control repo. This for directory-based environments.
>>
>> # Install r10k gem and deploy control repo for this environment
>> /opt/puppetlabs/puppet/bin/gem install r10k --no-ri --no-rdoc
>> mkdir -p /etc/puppetlabs/r10k
>> cat > /etc/puppetlabs/r10k/r10k.yaml <> :cachedir: '/opt/puppetlabs/puppet/cache/r10k'
>> :sources:
>> :controlrepo:
>> remote: '${PUPPET_CONTROLREPO_URL}'
>> basedir: '/etc/puppetlabs/code/environments'
>> R10K
>>
>> rm -rf /etc/puppetlabs/code/environments/*
>>
>> /opt/puppetlabs/puppet/bin/r10k deploy environment -pv info
>> ${PUPPET_ENVIRONMENT}
>>
>>
>>
>>
>> On Thursday, June 2, 2016 at 2:33:31 PM UTC-5, Stefan Heijmans wrote:
>>>
>>> HI,
>>>
>>> Maybe you check the r10k workshop [1] which will do a complete
>>> walkthrough of r10k or just watch their video [2] of it.
>>>
>>> [1] https://github.com/adrienthebo/r10k-workshop/blob/master/WORKSHOP.mkd
>>> [2] https://www.youtube.com/watch?v=rQJbuqMCl9c
>>>
>>> Stefan
>>>
>>> On Thursday, June 2, 2016 at 2:32:46 AM UTC+2, Alex Samad wrote:
>>>>
>>>>
>>>>
>>>> But branches ??? I read I need to have a production branch ...
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/puppet-users/51cad53b-2969-41ee-9e39-e5030286792e%40googlegroups.com.
>> For more options, visit https://groups.google.com/d/optout.
>
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Puppet Users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/puppet-users/836ysw94ya4/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/CAC76iT-oqSkbMyOaALueCUqepXCPbz5JjEe%3DeMCRm7G5%3DMbH%3Dg%40mail.gmail.com.
>
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAJ%2BQ1PU5PoyyMJ5yC4oVEaqXwXJ4L-qt-2QGjafanZ-qOra7rA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Puppet 4.5 and git & R10K
Hi So I have https://rnelson0.com/2014/05/19/puppet-and-git-201-r10k-setup-installation/ or http://garylarizza.com/blog/2014/08/31/r10k-plus-directory-environments/ Currently stuck on the control-repo https://github.com/puppetlabs/control-repo I have cloned their repo to my work box git clone https://github.com/puppetlabs/control-repo replaced origin with my destination. I prepped the destination with git init --bare then do the push. but all i get is the logs. when I do a clone of my repo into another directoy on my work box I get no files. So I thought different approach create the repo (puppet.git) with --bare on my internet git server create a new git repo on my work box and then copy over all the files from the control-repo into my repo minus the .git directory then I can commit and push back up to my git server. But branches ??? I read I need to have a production branch ... On Thursday, 2 June 2016 10:04:52 UTC+10, Alex Samad wrote: > > Oh... > > Okay now I am getting lost :) Sorry trying to multi task. > > I will go back to the docu & link and see which I need to do. > > But I believe I am at the setup git / r10k stage ... > > > > > On Wednesday, 1 June 2016 12:51:06 UTC+10, Rob Nelson wrote: >> >> Just to be sure, code manager is PE only. It looks like you're using >> Puppet Opensource instead. >> >> On Tuesday, May 31, 2016, Alex Samad wrote: >> >>> Answer my own question (and for any one following on) >>> >>> going to use >>> https://docs.puppet.com/pe/2016.1/cmgmt_managing_code.html >>> https://docs.puppet.com/pe/2016.1/cmgmt_control_repo.html >>> >>> for the setup and then back to >>> >>> http://garylarizza.com/blog/2014/08/31/r10k-plus-directory-environments/ >>> >>> https://rnelson0.com/2014/05/19/puppet-and-git-201-r10k-setup-installation/ >>> >>> >>> >>> >>> >>> On 1 June 2016 at 10:56, Alex Samad wrote: >>> > Hi >>> > >>> > Lowe - okay - so I presume by that it doesn't come as a centos rpm .. >>> > Rob - yes >>> > Lee >>> > >>> > >>> > So it looks like (more for my documentation ) >>> > >>> > install the puppet repo into centos >>> > install the puppet base components (DB, server, agent) >>> > >>> > Then I can install r10k via puppet ? >>> > >>> > i'm looking at this >>> > https://docs.puppet.com/pe/2016.1/cmgmt_managing_code.html >>> > >>> > should I follow this to setup ? >>> > >>> > >>> > " >>> > If you are already using r10k to manage your Puppet code, we suggest >>> > that you upgrade to Code Manager. Code Manager works in concert with >>> > r10k, so when you switch to Code Manager, you no longer interact >>> > directly with r10k. >>> > " >>> > >>> > >>> > >>> > >>> > >>> > On 31 May 2016 at 16:58, Lee DaeHyung wrote: >>> >> Hi >>> >> >>> >> I think you could see this page first: >>> https://forge.puppet.com/zack/r10k >>> >> and this >>> >> >>> http://garylarizza.com/blog/2014/08/31/r10k-plus-directory-environments/ >>> >> >>> >> These will guide you how to use it. >>> >> >>> >> >>> >> >>> >> 2016년 5월 31일 화요일 오후 3시 40분 49초 UTC+9, Alex Samad 님의 말: >>> >>> >>> >>> Hi >>> >>> >>> >>> New install, I am doing this on Centos 6.x >>> >>> I have installed the repo RPM >>> >>> >>> >>> I believe this is PC1 repo >>> >>> >>> >>> >>> >>> yum --disablerepo '*' --enablerepo puppetlabs-pc1 list | grep >>> >>> puppetlabs-pc1 >>> >>> puppet-agent.x86_64 1.5.0-1.el6 >>> >>> @puppetlabs-pc1 >>> >>> puppetdb.noarch 4.1.0-1.el6 >>> >>> @puppetlabs-pc1 >>> >>> puppetdb-termini.noarch 4.1.0-1.el6 >>> >>> @puppetlabs-pc1 >>> >>> puppetserver.noarch 2.4.0-1.el6 >>> >>> @puppetlabs-pc1 >>> >>> puppet-client-tools.x86_64 1.0.0-1.el6 >>> >>> puppetlabs-pc1 >>> >>> puppetdb-terminus.noarch
Re: [Puppet Users] Puppet 4.5 and git & R10K
Oh... Okay now I am getting lost :) Sorry trying to multi task. I will go back to the docu & link and see which I need to do. But I believe I am at the setup git / r10k stage ... On Wednesday, 1 June 2016 12:51:06 UTC+10, Rob Nelson wrote: > > Just to be sure, code manager is PE only. It looks like you're using > Puppet Opensource instead. > > On Tuesday, May 31, 2016, Alex Samad > > wrote: > >> Answer my own question (and for any one following on) >> >> going to use >> https://docs.puppet.com/pe/2016.1/cmgmt_managing_code.html >> https://docs.puppet.com/pe/2016.1/cmgmt_control_repo.html >> >> for the setup and then back to >> >> http://garylarizza.com/blog/2014/08/31/r10k-plus-directory-environments/ >> >> https://rnelson0.com/2014/05/19/puppet-and-git-201-r10k-setup-installation/ >> >> >> >> >> >> On 1 June 2016 at 10:56, Alex Samad wrote: >> > Hi >> > >> > Lowe - okay - so I presume by that it doesn't come as a centos rpm .. >> > Rob - yes >> > Lee >> > >> > >> > So it looks like (more for my documentation ) >> > >> > install the puppet repo into centos >> > install the puppet base components (DB, server, agent) >> > >> > Then I can install r10k via puppet ? >> > >> > i'm looking at this >> > https://docs.puppet.com/pe/2016.1/cmgmt_managing_code.html >> > >> > should I follow this to setup ? >> > >> > >> > " >> > If you are already using r10k to manage your Puppet code, we suggest >> > that you upgrade to Code Manager. Code Manager works in concert with >> > r10k, so when you switch to Code Manager, you no longer interact >> > directly with r10k. >> > " >> > >> > >> > >> > >> > >> > On 31 May 2016 at 16:58, Lee DaeHyung wrote: >> >> Hi >> >> >> >> I think you could see this page first: >> https://forge.puppet.com/zack/r10k >> >> and this >> >> >> http://garylarizza.com/blog/2014/08/31/r10k-plus-directory-environments/ >> >> >> >> These will guide you how to use it. >> >> >> >> >> >> >> >> 2016년 5월 31일 화요일 오후 3시 40분 49초 UTC+9, Alex Samad 님의 말: >> >>> >> >>> Hi >> >>> >> >>> New install, I am doing this on Centos 6.x >> >>> I have installed the repo RPM >> >>> >> >>> I believe this is PC1 repo >> >>> >> >>> >> >>> yum --disablerepo '*' --enablerepo puppetlabs-pc1 list | grep >> >>> puppetlabs-pc1 >> >>> puppet-agent.x86_64 1.5.0-1.el6 >> >>> @puppetlabs-pc1 >> >>> puppetdb.noarch 4.1.0-1.el6 >> >>> @puppetlabs-pc1 >> >>> puppetdb-termini.noarch 4.1.0-1.el6 >> >>> @puppetlabs-pc1 >> >>> puppetserver.noarch 2.4.0-1.el6 >> >>> @puppetlabs-pc1 >> >>> puppet-client-tools.x86_64 1.0.0-1.el6 >> >>> puppetlabs-pc1 >> >>> puppetdb-terminus.noarch 3-1.el6 >> >>> puppetlabs-pc1 >> >>> >> >>> I believe I have installed puppet , server , db and agent. >> >>> >> >>> But I can't find r10k >> >>> >> >>> rpm -qa | grep puppet >> >>> puppetdb-4.1.0-1.el6.noarch >> >>> puppet-agent-1.5.0-1.el6.x86_64 >> >>> puppetserver-2.4.0-1.el6.noarch >> >>> puppetdb-termini-4.1.0-1.el6.noarch >> >>> puppetlabs-release-pc1-1.0.0-2.el6.noarch >> >>> >> >>> I was following Rob's blog for puppet r10K + git and couldn't find >> >>> /etc/r10k.yaml >> >>> >> >>> so how do I install r10k :) >> >>> >> >> -- >> >> You received this message because you are subscribed to a topic in the >> >> Google Groups "Puppet Users" group. >> >> To unsubscribe from this topic, visit >> >> https://groups.google.com/d/topic/puppet-users/836ysw94ya4/unsubscribe >> . >> >> To unsubscribe from this group and all its topics, send an email to >> >> puppet-users+unsubscr...@googlegroups.com. >> >> To view this discussion on the web visit >> >> >> https://groups.google.com/d/msgid/puppet-users/e3d27c2a-4604-4c0d-9f31-d17dba05ef17%40googlegroups.com >> . >> >> >> >> For more options, visit https://groups.google.com/d/optout. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to puppet-users+unsubscr...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-users/CAJ%2BQ1PUihWLQK8dfL-JP7q3Shrxq8ow44hXjKuFxvn-10Jr2_Q%40mail.gmail.com >> . >> For more options, visit https://groups.google.com/d/optout. >> > > > -- > > Rob Nelson > rnel...@gmail.com > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/f859cbbe-e214-4478-b6a3-79e65cbdf593%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Re: Puppet 4.5 and git & R10K
Answer my own question (and for any one following on) going to use https://docs.puppet.com/pe/2016.1/cmgmt_managing_code.html https://docs.puppet.com/pe/2016.1/cmgmt_control_repo.html for the setup and then back to http://garylarizza.com/blog/2014/08/31/r10k-plus-directory-environments/ https://rnelson0.com/2014/05/19/puppet-and-git-201-r10k-setup-installation/ On 1 June 2016 at 10:56, Alex Samad wrote: > Hi > > Lowe - okay - so I presume by that it doesn't come as a centos rpm .. > Rob - yes > Lee > > > So it looks like (more for my documentation ) > > install the puppet repo into centos > install the puppet base components (DB, server, agent) > > Then I can install r10k via puppet ? > > i'm looking at this > https://docs.puppet.com/pe/2016.1/cmgmt_managing_code.html > > should I follow this to setup ? > > > " > If you are already using r10k to manage your Puppet code, we suggest > that you upgrade to Code Manager. Code Manager works in concert with > r10k, so when you switch to Code Manager, you no longer interact > directly with r10k. > " > > > > > > On 31 May 2016 at 16:58, Lee DaeHyung wrote: >> Hi >> >> I think you could see this page first: https://forge.puppet.com/zack/r10k >> and this >> http://garylarizza.com/blog/2014/08/31/r10k-plus-directory-environments/ >> >> These will guide you how to use it. >> >> >> >> 2016년 5월 31일 화요일 오후 3시 40분 49초 UTC+9, Alex Samad 님의 말: >>> >>> Hi >>> >>> New install, I am doing this on Centos 6.x >>> I have installed the repo RPM >>> >>> I believe this is PC1 repo >>> >>> >>> yum --disablerepo '*' --enablerepo puppetlabs-pc1 list | grep >>> puppetlabs-pc1 >>> puppet-agent.x86_64 1.5.0-1.el6 >>> @puppetlabs-pc1 >>> puppetdb.noarch 4.1.0-1.el6 >>> @puppetlabs-pc1 >>> puppetdb-termini.noarch 4.1.0-1.el6 >>> @puppetlabs-pc1 >>> puppetserver.noarch 2.4.0-1.el6 >>> @puppetlabs-pc1 >>> puppet-client-tools.x86_64 1.0.0-1.el6 >>> puppetlabs-pc1 >>> puppetdb-terminus.noarch 3-1.el6 >>> puppetlabs-pc1 >>> >>> I believe I have installed puppet , server , db and agent. >>> >>> But I can't find r10k >>> >>> rpm -qa | grep puppet >>> puppetdb-4.1.0-1.el6.noarch >>> puppet-agent-1.5.0-1.el6.x86_64 >>> puppetserver-2.4.0-1.el6.noarch >>> puppetdb-termini-4.1.0-1.el6.noarch >>> puppetlabs-release-pc1-1.0.0-2.el6.noarch >>> >>> I was following Rob's blog for puppet r10K + git and couldn't find >>> /etc/r10k.yaml >>> >>> so how do I install r10k :) >>> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "Puppet Users" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/puppet-users/836ysw94ya4/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> puppet-users+unsubscr...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-users/e3d27c2a-4604-4c0d-9f31-d17dba05ef17%40googlegroups.com. >> >> For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAJ%2BQ1PUihWLQK8dfL-JP7q3Shrxq8ow44hXjKuFxvn-10Jr2_Q%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Re: Puppet 4.5 and git & R10K
Hi Lowe - okay - so I presume by that it doesn't come as a centos rpm .. Rob - yes Lee So it looks like (more for my documentation ) install the puppet repo into centos install the puppet base components (DB, server, agent) Then I can install r10k via puppet ? i'm looking at this https://docs.puppet.com/pe/2016.1/cmgmt_managing_code.html should I follow this to setup ? " If you are already using r10k to manage your Puppet code, we suggest that you upgrade to Code Manager. Code Manager works in concert with r10k, so when you switch to Code Manager, you no longer interact directly with r10k. " On 31 May 2016 at 16:58, Lee DaeHyung wrote: > Hi > > I think you could see this page first: https://forge.puppet.com/zack/r10k > and this > http://garylarizza.com/blog/2014/08/31/r10k-plus-directory-environments/ > > These will guide you how to use it. > > > > 2016년 5월 31일 화요일 오후 3시 40분 49초 UTC+9, Alex Samad 님의 말: >> >> Hi >> >> New install, I am doing this on Centos 6.x >> I have installed the repo RPM >> >> I believe this is PC1 repo >> >> >> yum --disablerepo '*' --enablerepo puppetlabs-pc1 list | grep >> puppetlabs-pc1 >> puppet-agent.x86_64 1.5.0-1.el6 >> @puppetlabs-pc1 >> puppetdb.noarch 4.1.0-1.el6 >> @puppetlabs-pc1 >> puppetdb-termini.noarch 4.1.0-1.el6 >> @puppetlabs-pc1 >> puppetserver.noarch 2.4.0-1.el6 >> @puppetlabs-pc1 >> puppet-client-tools.x86_64 1.0.0-1.el6 >> puppetlabs-pc1 >> puppetdb-terminus.noarch 3-1.el6 >> puppetlabs-pc1 >> >> I believe I have installed puppet , server , db and agent. >> >> But I can't find r10k >> >> rpm -qa | grep puppet >> puppetdb-4.1.0-1.el6.noarch >> puppet-agent-1.5.0-1.el6.x86_64 >> puppetserver-2.4.0-1.el6.noarch >> puppetdb-termini-4.1.0-1.el6.noarch >> puppetlabs-release-pc1-1.0.0-2.el6.noarch >> >> I was following Rob's blog for puppet r10K + git and couldn't find >> /etc/r10k.yaml >> >> so how do I install r10k :) >> > -- > You received this message because you are subscribed to a topic in the > Google Groups "Puppet Users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/puppet-users/836ysw94ya4/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/e3d27c2a-4604-4c0d-9f31-d17dba05ef17%40googlegroups.com. > > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAJ%2BQ1PUFojMFJ-tFiz21%2BXwb_wsw_8Dmzmd%2BeDkBjuqB6UAtbg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Puppet and SVN
Thanks. I did get onto the code control section which seems to suggest I should use it instead of git/r10k as it hids this away behind the scene ! On 31 May 2016 at 22:36, Rob Nelson wrote: > Alex, some of the later r10k articles have changed workflows, you may want > to read the whole series before implementing anything. I highly recommend > you check out Gary's Workflows Evolved article at > http://garylarizza.com/blog/2015/11/16/workflows-evolved-even-besterer-practices/. > The third link is to a reference controlrepo that Puppet suggests be used as > a basis for building your own controlrepo > (https://github.com/puppetlabs/control-repo). The controlrepo is what r10k > would be deploying. > > You may also want to capture other items, mostly for bootstrapping, such as > .pp files to configure hiera and r10k. Whether you place those in your > controlrepo or another repo is up to you. > > > Rob Nelson > rnels...@gmail.com > > On Tue, May 31, 2016 at 1:01 AM, Alex Samad wrote: >> >> Hi >> >> >> Finally got some time to look at this >> >> >> On 24 May 2016 at 11:22, Rob Nelson wrote: >> > I wrote some articles on using Git with puppet and r10k. It's a little >> > out >> > of date in the referenced versions of puppet and r10k, so check to make >> > sure >> > you're using the modern file locations, but otherwise remains accurate. >> > >> > https://rnelson0.com/2014/05/19/puppet-and-git-201-r10k-setup-installation/ >> > >> > There's a link to a Git 100 series I wrote if you need assistance with >> > Git >> > itself. >> >> >> I notice in the previous installs of puppet every thing was under >> /etc/puppet and you recommended putting that under git. >> >> >> I see with the latest version of puppet I have >> >> /etc/puppetlabs >> should I place that under git >> >> The only thing of concern there would be the ssl directory. >> >> or do i just add >> code/ >> puppet/ >> puppetserver/ >> >> >> THanks >> Alex >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to puppet-users+unsubscr...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-users/CAJ%2BQ1PUs%3Dr6a74VPQ9K0z40Uu_bHXAdfeJEYMph4JCJ%3DRcFLQw%40mail.gmail.com. >> For more options, visit https://groups.google.com/d/optout. > > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Puppet Users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/puppet-users/Q0ke0NzMRjY/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/CAC76iT9ANbHm59X_fLcsGYxERgFBBHC97bk2yQR9EvirFWtz0Q%40mail.gmail.com. > > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAJ%2BQ1PUr46gus%2Bipc8H%3DsOAC%2Bzh7NXHOqvDCudJnqhDK6O9jjw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Puppet 4.5 and git & R10K
Hi New install, I am doing this on Centos 6.x I have installed the repo RPM I believe this is PC1 repo yum --disablerepo '*' --enablerepo puppetlabs-pc1 list | grep puppetlabs-pc1 puppet-agent.x86_64 1.5.0-1.el6 @puppetlabs-pc1 puppetdb.noarch 4.1.0-1.el6 @puppetlabs-pc1 puppetdb-termini.noarch 4.1.0-1.el6 @puppetlabs-pc1 puppetserver.noarch 2.4.0-1.el6 @puppetlabs-pc1 puppet-client-tools.x86_64 1.0.0-1.el6 puppetlabs-pc1 puppetdb-terminus.noarch 3-1.el6 puppetlabs-pc1 I believe I have installed puppet , server , db and agent. But I can't find r10k rpm -qa | grep puppet puppetdb-4.1.0-1.el6.noarch puppet-agent-1.5.0-1.el6.x86_64 puppetserver-2.4.0-1.el6.noarch puppetdb-termini-4.1.0-1.el6.noarch puppetlabs-release-pc1-1.0.0-2.el6.noarch I was following Rob's blog for puppet r10K + git and couldn't find /etc/r10k.yaml so how do I install r10k :) -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/672db58c-e03b-4e60-9003-0afce7b37af8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Puppet and SVN
Hi Finally got some time to look at this On 24 May 2016 at 11:22, Rob Nelson wrote: > I wrote some articles on using Git with puppet and r10k. It's a little out > of date in the referenced versions of puppet and r10k, so check to make sure > you're using the modern file locations, but otherwise remains accurate. > https://rnelson0.com/2014/05/19/puppet-and-git-201-r10k-setup-installation/ > > There's a link to a Git 100 series I wrote if you need assistance with Git > itself. I notice in the previous installs of puppet every thing was under /etc/puppet and you recommended putting that under git. I see with the latest version of puppet I have /etc/puppetlabs should I place that under git The only thing of concern there would be the ssl directory. or do i just add code/ puppet/ puppetserver/ THanks Alex -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAJ%2BQ1PUs%3Dr6a74VPQ9K0z40Uu_bHXAdfeJEYMph4JCJ%3DRcFLQw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Puppet and SVN
Hi
Cool, so I presume the module firewall is from the forge
https://github.com/puppetlabs/puppetlabs-firewall this one ?
I notice you have your modules / code on github aren't you concerned
about having it in a public place ?
A
On 26 May 2016 at 11:01, Rob Nelson wrote:
> Yep! I do that with some profiles:
> Base
> https://github.com/puppetinabox/controlrepo/blob/production/dist/profile/manifests/base.pp
> calls linuxfw and its pre/post subclasses
> https://github.com/puppetinabox/controlrepo/blob/production/dist/profile/manifests/linuxfw.pp
> https://github.com/puppetinabox/controlrepo/tree/production/dist/profile/manifests/linuxfw
> to set up the genera rules all bodes have.
> Component profiles like Apache allows port 80
> https://github.com/puppetinabox/controlrepo/blob/production/dist/profile/manifests/apache.pp
>
> The names of the firewall rule resources are sorted numerically, so you can
> have multiple 100 rules in different profiles and it won't cause a problem
> unless one of them is a deny, in which case you probably want to start the
> name with 99 - or have unique rules across profiles, though that doesn't
> scale very well.
>
>
> On Wednesday, May 25, 2016, Alex Samad wrote:
>>
>> Hi
>>
>> Thanks for all the input.
>>
>> What I have gathered
>>
>> Start with GIT from the beginning. Okay I can do that
>>
>> /etc/*puppetwhatever*/environments/{production|stage|etc}/ is good
>>
>> Look at using / implementing r10k
>>
>>
>> Profiles / roles good.
>>
>> No need to reinvent modules - wasn't actually planning on that.
>>
>> From the puppet user group meeting I got that it is good to (example ntp)
>>
>> 1) reuse forge ntp module
>> 2) wrap it up with $job defaults
>> 3) use the new ntp profile
>>
>>
>> Something i was looking at doing was managing the server firewall.
>>
>> I was going to produce some sort of a template with places in it where
>> I can add dynamic content - depending on what apps where installed on
>> the server.
>>
>>
>> Example
>> profile - ABC Firewall
>> this would be basic
>>
>> allow related,connected
>> allow ssh
>>
>> reject anything not from company ip address
>>
>> drop broadcast
>> drop multicast
>> allow zabbix monitoring
>> log with limit
>> reject with limit
>> drop
>>
>>
>> so if I applied this profile to server A it would get the basic firewall.
>>
>> The next step is if I had profile "app A"
>> if it had something like
>> rules to add to from anywhere
>> allow inbound port 80
>> allow inbound port 443
>>
>> rules to add to only from local network
>> allow inbound port 8080
>>
>>
>> I would hope to get puppet to update the basic firewall with info from
>> app A and other profiles.
>>
>>
>> Is this possible ?
>>
>> A
>>
>> On 24 May 2016 at 11:22, Rob Nelson wrote:
>> > I wrote some articles on using Git with puppet and r10k. It's a little
>> > out
>> > of date in the referenced versions of puppet and r10k, so check to make
>> > sure
>> > you're using the modern file locations, but otherwise remains accurate.
>> >
>> > https://rnelson0.com/2014/05/19/puppet-and-git-201-r10k-setup-installation/
>> >
>> > There's a link to a Git 100 series I wrote if you need assistance with
>> > Git
>> > itself.
>> >
>> >
>> > On Monday, May 23, 2016, Alex Samad wrote:
>> >>
>> >> Hi
>> >>
>> >> Is it really that painful to retro fit git. or is the way you think
>> >> about the DB that different ?
>> >>
>> >> Could you point a good starting point to read up on this ?
>> >>
>> >> Thanks
>> >> Alex
>> >>
>> >> On 24 May 2016 at 07:16, Christopher Wood
>> >> wrote:
>> >> > On Mon, May 23, 2016 at 03:51:58PM +1000, Alex Samad wrote:
>> >> >> How hard is it to retro fit SVN / GIT onto a puppet install.
>> >> >>
>> >> >> I am building from scratch, working through the doco.
>> >> >>
>> >> >> Was thinking once I have a friendly setup then I would look at
>> >> >> putting
>> >> >> that into SVN/GIT.
>> >> >
>> >> > Do yourself a huge favour, use git as the tool you use to construct
>> >> > the
&g
Re: [Puppet Users] Puppet and SVN
Hi
Thanks for all the input.
What I have gathered
Start with GIT from the beginning. Okay I can do that
/etc/*puppetwhatever*/environments/{production|stage|etc}/ is good
Look at using / implementing r10k
Profiles / roles good.
No need to reinvent modules - wasn't actually planning on that.
>From the puppet user group meeting I got that it is good to (example ntp)
1) reuse forge ntp module
2) wrap it up with $job defaults
3) use the new ntp profile
Something i was looking at doing was managing the server firewall.
I was going to produce some sort of a template with places in it where
I can add dynamic content - depending on what apps where installed on
the server.
Example
profile - ABC Firewall
this would be basic
allow related,connected
allow ssh
reject anything not from company ip address
drop broadcast
drop multicast
allow zabbix monitoring
log with limit
reject with limit
drop
so if I applied this profile to server A it would get the basic firewall.
The next step is if I had profile "app A"
if it had something like
rules to add to from anywhere
allow inbound port 80
allow inbound port 443
rules to add to only from local network
allow inbound port 8080
I would hope to get puppet to update the basic firewall with info from
app A and other profiles.
Is this possible ?
A
On 24 May 2016 at 11:22, Rob Nelson wrote:
> I wrote some articles on using Git with puppet and r10k. It's a little out
> of date in the referenced versions of puppet and r10k, so check to make sure
> you're using the modern file locations, but otherwise remains accurate.
> https://rnelson0.com/2014/05/19/puppet-and-git-201-r10k-setup-installation/
>
> There's a link to a Git 100 series I wrote if you need assistance with Git
> itself.
>
>
> On Monday, May 23, 2016, Alex Samad wrote:
>>
>> Hi
>>
>> Is it really that painful to retro fit git. or is the way you think
>> about the DB that different ?
>>
>> Could you point a good starting point to read up on this ?
>>
>> Thanks
>> Alex
>>
>> On 24 May 2016 at 07:16, Christopher Wood
>> wrote:
>> > On Mon, May 23, 2016 at 03:51:58PM +1000, Alex Samad wrote:
>> >> How hard is it to retro fit SVN / GIT onto a puppet install.
>> >>
>> >> I am building from scratch, working through the doco.
>> >>
>> >> Was thinking once I have a friendly setup then I would look at putting
>> >> that into SVN/GIT.
>> >
>> > Do yourself a huge favour, use git as the tool you use to construct the
>> > setup. Use it from the start of the process, not just as what you put
>> > things
>> > into when you're done.
>> >
>> >> Thoughts are
>> >> install puppet
>> >> install puppetDB
>> >> install heira ??
>> >>
>> >> setup environments, currently thinking
>> >> Prod - all prod env
>> >> SIM - testing for prod
>> >> INF - inf
>> >> NON Prod - anything thats not above
>> >> dev - testing
>> >> alex - personal
>> >>
>> >> Then I was going to create a whole bundle of profiles break up into
>> >>
>> >> OS app
>> >> things like
>> >> smtp
>> >> ssh
>> >> http
>> >> etc
>> >>
>> >> have the default company setup
>> >>
>> >> Company Apps
>> >> things that cover company apps
>> >>
>> >>
>> >> Then build some roles - based solely from profiles.
>> >>
>> >> Then some how dynamically assign nodes to a roles / environment.
>> >>
>> >>
>> >> Sounds okay ??
>> >>
>> >> A
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> On 23 May 2016 at 10:47, Rilindo Foster wrote:
>> >> > You can use any VCS with Puppet. I know of one shop that uses
>> >> > Mercurial.
>> >> >
>> >> > Most of the tooling and integration are closely coupled with git and
>> >> > most of the workflows assumes that you will be using git. So it would
>> >> > be a
>> >> > good idea to get up to speed with it.
>> >> >
>> >> > Of note that you can use git with svn (which may be helpful if you
>> >> > are getting started:
>> >> >
>> >> >
>> >> > https://git-scm.com/book/en/v1/Git-and-Other-Systems-Git-and-Subversion
>>
Re: [Puppet Users] Puppet and SVN
Hi Is it really that painful to retro fit git. or is the way you think about the DB that different ? Could you point a good starting point to read up on this ? Thanks Alex On 24 May 2016 at 07:16, Christopher Wood wrote: > On Mon, May 23, 2016 at 03:51:58PM +1000, Alex Samad wrote: >> How hard is it to retro fit SVN / GIT onto a puppet install. >> >> I am building from scratch, working through the doco. >> >> Was thinking once I have a friendly setup then I would look at putting >> that into SVN/GIT. > > Do yourself a huge favour, use git as the tool you use to construct the > setup. Use it from the start of the process, not just as what you put things > into when you're done. > >> Thoughts are >> install puppet >> install puppetDB >> install heira ?? >> >> setup environments, currently thinking >> Prod - all prod env >> SIM - testing for prod >> INF - inf >> NON Prod - anything thats not above >> dev - testing >> alex - personal >> >> Then I was going to create a whole bundle of profiles break up into >> >> OS app >> things like >> smtp >> ssh >> http >> etc >> >> have the default company setup >> >> Company Apps >> things that cover company apps >> >> >> Then build some roles - based solely from profiles. >> >> Then some how dynamically assign nodes to a roles / environment. >> >> >> Sounds okay ?? >> >> A >> >> >> >> >> >> >> >> >> >> On 23 May 2016 at 10:47, Rilindo Foster wrote: >> > You can use any VCS with Puppet. I know of one shop that uses Mercurial. >> > >> > Most of the tooling and integration are closely coupled with git and most >> > of the workflows assumes that you will be using git. So it would be a good >> > idea to get up to speed with it. >> > >> > Of note that you can use git with svn (which may be helpful if you are >> > getting started: >> > >> > https://git-scm.com/book/en/v1/Git-and-Other-Systems-Git-and-Subversion >> > >> > - Rilindo >> > >> > -Original Message- >> > From: puppet-users@googlegroups.com [mailto:puppet-users@googlegroups.com] >> > On Behalf Of Alex Samad >> > Sent: Sunday, May 22, 2016 7:44 PM >> > To: puppet-users@googlegroups.com >> > Subject: Re: [Puppet Users] Puppet and SVN >> > >> > Ta >> > >> > I was at the last puppet (sydney ) users group. heard r10k mentioned a lot. >> > >> > Also I got the impression that git was more closely integrated with puppet. >> > >> > Should I be l looking at git ? >> > >> > A >> > >> > >> > On 23 May 2016 at 10:40, Henrik Lindberg >> > wrote: >> >> On 22/05/16 12:41, Alex Samad wrote: >> >>> >> >>> Hi >> >>> >> >>> just starting out with puppet. >> >>> I found >> >>> this >> >>> http://projects.puppetlabs.com/projects/1/wiki/Puppet_Version_Control >> >>> old page >> >>> >> >>> talks about checking /etc/puppet into svn. >> >>> >> >>> But on my centos install I have /etc/puppetlabs/puppet >> >>> >> >>> do I add /etc/puppetlabs or /etc/puppetlabs/puppet to svn and if the >> >>> later what about my codedir ? >> >>> >> >> >> >> You probably want to use the project r10k to manage your >> >> manifests/configurations that are stored in a source code control >> >> repository. >> >> >> >> Here is the page that explains a bit about r10k and SVN: >> >> https://github.com/puppetlabs/r10k/blob/master/doc/dynamic-environment >> >> s/svn-environments.mkd >> >> >> >> There is also lots of material available on r10k itsef that is easy to >> >> find if you google for it. >> >> >> >> Regards >> >> - henrik >> >> >> >>> Thanks >> >>> >> >>> -- >> >>> You received this message because you are subscribed to the Google >> >>> Groups "Puppet Users" group. >> >>> To unsubscribe from this group and stop receiving emails from it, >> >>> send an email to puppet-users+unsubscr...@googlegroups.com >> >>> <mailto:puppet-users+unsubscr...@googlegroups.com>.
Re: [Puppet Users] Puppet and SVN
How hard is it to retro fit SVN / GIT onto a puppet install. I am building from scratch, working through the doco. Was thinking once I have a friendly setup then I would look at putting that into SVN/GIT. Thoughts are install puppet install puppetDB install heira ?? setup environments, currently thinking Prod - all prod env SIM - testing for prod INF - inf NON Prod - anything thats not above dev - testing alex - personal Then I was going to create a whole bundle of profiles break up into OS app things like smtp ssh http etc have the default company setup Company Apps things that cover company apps Then build some roles - based solely from profiles. Then some how dynamically assign nodes to a roles / environment. Sounds okay ?? A On 23 May 2016 at 10:47, Rilindo Foster wrote: > You can use any VCS with Puppet. I know of one shop that uses Mercurial. > > Most of the tooling and integration are closely coupled with git and most of > the workflows assumes that you will be using git. So it would be a good idea > to get up to speed with it. > > Of note that you can use git with svn (which may be helpful if you are > getting started: > > https://git-scm.com/book/en/v1/Git-and-Other-Systems-Git-and-Subversion > > - Rilindo > > -Original Message- > From: puppet-users@googlegroups.com [mailto:puppet-users@googlegroups.com] On > Behalf Of Alex Samad > Sent: Sunday, May 22, 2016 7:44 PM > To: puppet-users@googlegroups.com > Subject: Re: [Puppet Users] Puppet and SVN > > Ta > > I was at the last puppet (sydney ) users group. heard r10k mentioned a lot. > > Also I got the impression that git was more closely integrated with puppet. > > Should I be l looking at git ? > > A > > > On 23 May 2016 at 10:40, Henrik Lindberg wrote: >> On 22/05/16 12:41, Alex Samad wrote: >>> >>> Hi >>> >>> just starting out with puppet. >>> I found >>> this >>> http://projects.puppetlabs.com/projects/1/wiki/Puppet_Version_Control >>> old page >>> >>> talks about checking /etc/puppet into svn. >>> >>> But on my centos install I have /etc/puppetlabs/puppet >>> >>> do I add /etc/puppetlabs or /etc/puppetlabs/puppet to svn and if the >>> later what about my codedir ? >>> >> >> You probably want to use the project r10k to manage your >> manifests/configurations that are stored in a source code control >> repository. >> >> Here is the page that explains a bit about r10k and SVN: >> https://github.com/puppetlabs/r10k/blob/master/doc/dynamic-environment >> s/svn-environments.mkd >> >> There is also lots of material available on r10k itsef that is easy to >> find if you google for it. >> >> Regards >> - henrik >> >>> Thanks >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Puppet Users" group. >>> To unsubscribe from this group and stop receiving emails from it, >>> send an email to puppet-users+unsubscr...@googlegroups.com >>> <mailto:puppet-users+unsubscr...@googlegroups.com>. >>> To view this discussion on the web visit >>> >>> https://groups.google.com/d/msgid/puppet-users/ee63fdad-2d0f-4914-b9c >>> a-0dbdb5044dc3%40googlegroups.com >>> >>> <https://groups.google.com/d/msgid/puppet-users/ee63fdad-2d0f-4914-b9ca-0dbdb5044dc3%40googlegroups.com?utm_medium=email&utm_source=footer>. >>> For more options, visit https://groups.google.com/d/optout. >> >> >> >> -- >> >> Visit my Blog "Puppet on the Edge" >> http://puppet-on-the-edge.blogspot.se/ >> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "Puppet Users" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/puppet-users/Q0ke0NzMRjY/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> puppet-users+unsubscr...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-users/ac7d5df1-1798-e7d2-0215-b05166dc7b71%40puppet.com. >> >> For more options, visit https://groups.google.com/d/optout. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-us
Re: [Puppet Users] Puppet and SVN
Ta I was at the last puppet (sydney ) users group. heard r10k mentioned a lot. Also I got the impression that git was more closely integrated with puppet. Should I be l looking at git ? A On 23 May 2016 at 10:40, Henrik Lindberg wrote: > On 22/05/16 12:41, Alex Samad wrote: >> >> Hi >> >> just starting out with puppet. >> I found >> this http://projects.puppetlabs.com/projects/1/wiki/Puppet_Version_Control >> old page >> >> talks about checking /etc/puppet into svn. >> >> But on my centos install I have /etc/puppetlabs/puppet >> >> do I add /etc/puppetlabs or /etc/puppetlabs/puppet to svn and if the >> later what about my codedir ? >> > > You probably want to use the project r10k to manage your > manifests/configurations that are stored in a source code control > repository. > > Here is the page that explains a bit about r10k and SVN: > https://github.com/puppetlabs/r10k/blob/master/doc/dynamic-environments/svn-environments.mkd > > There is also lots of material available on r10k itsef that is easy to find > if you google for it. > > Regards > - henrik > >> Thanks >> >> -- >> You received this message because you are subscribed to the Google >> Groups "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send >> an email to puppet-users+unsubscr...@googlegroups.com >> <mailto:puppet-users+unsubscr...@googlegroups.com>. >> To view this discussion on the web visit >> >> https://groups.google.com/d/msgid/puppet-users/ee63fdad-2d0f-4914-b9ca-0dbdb5044dc3%40googlegroups.com >> >> <https://groups.google.com/d/msgid/puppet-users/ee63fdad-2d0f-4914-b9ca-0dbdb5044dc3%40googlegroups.com?utm_medium=email&utm_source=footer>. >> For more options, visit https://groups.google.com/d/optout. > > > > -- > > Visit my Blog "Puppet on the Edge" > http://puppet-on-the-edge.blogspot.se/ > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Puppet Users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/puppet-users/Q0ke0NzMRjY/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/ac7d5df1-1798-e7d2-0215-b05166dc7b71%40puppet.com. > > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAJ%2BQ1PVrqBsaznadB9z9wTAS6s%3DdEHMZZpwNAqtCtYES7OMCyg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Puppet and SVN
Hi just starting out with puppet. I found this http://projects.puppetlabs.com/projects/1/wiki/Puppet_Version_Control old page talks about checking /etc/puppet into svn. But on my centos install I have /etc/puppetlabs/puppet do I add /etc/puppetlabs or /etc/puppetlabs/puppet to svn and if the later what about my codedir ? Thanks -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/ee63fdad-2d0f-4914-b9ca-0dbdb5044dc3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Help with training VM - agent setup
Hi I have been working through the training vm. ran into a lot of issue with the agent_setup. I have fixed up the docker -T issue but still can't get it to start I run puppet agent -t puppet agent -t Info: Using configured environment 'production' Info: Retrieving pluginfacts Info: Retrieving plugin Info: Loading facts Info: Caching catalog for learning.puppetlabs.vm Info: Applying configuration version '1462860876' Notice: /Stage[main]/Docker::Service/Service[docker]/ensure: ensure changed 'stopped' to 'running' Info: /Stage[main]/Docker::Service/Service[docker]: Unscheduling refresh on Service[docker] Notice: /Stage[main]/Multi *node/Docker::Image[phusion/baseimage]/Exec[check*image*phusion/baseimage*install]/returns: executed successfully Info: /Stage[main]/Multi *node/Docker::Image[phusion/baseimage]/Exec[check*image*phusion/baseimage*install]: Scheduling refresh of Exec[docker pull phusion/baseimage] Notice: /Stage[main]/Multi*node/Docker::Image[phusion/baseimage]/Exec[docker pull phusion/baseimage]/returns: Using default tag: latest Notice: /Stage[main]/Multi*node/Docker::Image[phusion/baseimage]/Exec[docker pull phusion/baseimage]/returns: Warning: failed to get default registry endpoint from daemon (Cannot connect to the Docker daemon. Is the docker daemon running on this host?). Using system default: https://index.docker.io/v1/ Notice: /Stage[main]/Multi*node/Docker::Image[phusion/baseimage]/Exec[docker pull phusion/baseimage]/returns: Cannot connect to the Docker daemon. Is the docker daemon running on this host? Error: /Stage[main]/Multi*node/Docker::Image[phusion/baseimage]/Exec[docker pull phusion/baseimage]: Failed to call refresh: docker pull phusion/baseimage returned 1 instead of one of [0] Error: /Stage[main]/Multi*node/Docker::Image[phusion/baseimage]/Exec[docker pull phusion/baseimage]: docker pull phusion/baseimage returned 1 instead of one of [0] Error: Could not start Service[docker-webserver]: Execution of '/bin/systemctl start docker-webserver' returned 1: A dependency job for docker-webserver.service failed. See 'journalctl -xe' for details. Error: /Stage[main]/Multi*node/Docker::Run[webserver]/Service[docker-webserver]/ensure: change from stopped to running failed: Could not start Service[docker-webserver]: Execution of '/bin/systemctl start docker-webserver' returned 1: A dependency job for docker-webserver.service failed. See 'journalctl -xe' for details. Error: Could not start Service[docker-database]: Execution of '/bin/systemctl start docker-database' returned 1: A dependency job for docker-database.service failed. See 'journalctl -xe' for details. Error: /Stage[main]/Multi*node/Docker::Run[database]/Service[docker-database]/ensure: change from stopped to running failed: Could not start Service[docker-database]: Execution of '/bin/systemctl start docker-database' returned 1: A dependency job for docker-database.service failed. See 'journalctl -xe' for details. Info: Class[Multi*node]: Unscheduling all events on Class[Multi_node] Notice: /Stage[main]/Graphite::Config/Service[carbon-cache]/enable: enable changed 'false' to 'true' rather stuck now .. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5991f24a-0596-4d83-8915-ced892a64f99%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Newbie Question
Hi I am just about finished running through the tutorial. I am planing ahead for rolling out puppet to manage my linux servers. So I am thinking I need a puppet servers. all the linux boxes need access to this server on port 80 & 443 My first task is to standardize the standard username's GID/UID used. currently there is a script that creates my standard users. and it has changed over times and some users have different GID/UID's can I use poppet to standardize my GID/UID's. Then I presume I could create a class ??? or ??? to group all of these users together. How do I plan for different environments. I would like to test things in say NON PROD for week or 2, how do you setup for that . I note root@learning:/etc/puppetlabs/code/environments/production/modules there is a production here in the pathing. for example lets say I want to roll out a new sudoers config file. I want to test in UAT first. If I have 1 class and its allocated to all my boxes. doesn't that mean that all my boxes get the new sudoers. or do i need a prod sudoer and a non prod sudoers ?? Thanks -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/19f6dfde-a8bf-4666-bf1e-3a03131a9d40%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Newbie Question
So I tried a few times yesterday ... today its working !!! On 8 January 2016 at 09:37, Alex Samad wrote: > Quick feed back on the VM > > fails to start RHEL makes the disk offline and then it just never starts :) > > > > On 8 January 2016 at 00:57, jcbollinger wrote: >> On Wednesday, January 6, 2016 at 10:25:05 PM UTC-6, Alex Samad wrote: >>> >>> Hi >>> >>> Doing this of the single VM. I was hopping to test the agent and the >>> server side on the same box. >>> >> >> >> You can run the agent on the box where the master runs. Many people do. >> Indeed, though I've never played with the learning VM myself, I had always >> assumed that it was set up just that way. >> >> >> John >> >> -- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAJ%2BQ1PUwmo5id7MmuWkeEnUqDrQ7tUfZWHuhPeQRhxsW%3DH7UFw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Newbie Question
Quick feed back on the VM fails to start RHEL makes the disk offline and then it just never starts :) On 8 January 2016 at 00:57, jcbollinger wrote: > On Wednesday, January 6, 2016 at 10:25:05 PM UTC-6, Alex Samad wrote: >> >> Hi >> >> Doing this of the single VM. I was hopping to test the agent and the >> server side on the same box. >> > > > You can run the agent on the box where the master runs. Many people do. > Indeed, though I've never played with the learning VM myself, I had always > assumed that it was set up just that way. > > > John > > -- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAJ%2BQ1PVgV41%3DPs_75f6xk1SFS__CpG24c_itLBMim_%3Drr77BMw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Newbie Question
Hi Doing this of the single VM. I was hopping to test the agent and the server side on the same box. I will have a look at https://puppetlabs.com/download-learning-vm <https://www.google.com/url?q=https%3A%2F%2Fpuppetlabs.com%2Fdownload-learning-vm&sa=D&sntz=1&usg=AFQjCNFBKZII0uofnXTLwyeFI7panS1Ylg> ta Alex On Thursday, 7 January 2016 14:33:58 UTC+11, Christopher Wood wrote: > > It sounds like you'd be well off reading, that doesn't look like an agent > run with errors. It looks like the agent run of a very small catalog that > didn't need to change anything on the agent's host. It's not entirely clear > where you are running "puppet agent" and "puppet cert". > > This thing often gets recommended: > > https://puppetlabs.com/download-learning-vm > > Also lots of reading here: > > http://docs.puppetlabs.com/ > > On Wed, Jan 06, 2016 at 07:15:17PM -0800, Alex Samad wrote: > >Hi > >New to puppet. I am trying to do some testing. I have a centos 6.7 > >installed VM. I have setup the puppet repo's > >Then installed puppetserver-2.2.1-1.el6.noarch > >I edited this > >/etc/puppetlabs/puppet/puppet.conf > >added in > >[main] > >dns_alt_names=puppet,puppet.abc.com > >the FQDN for the machine is ybosnort.abc.com so I thought I would > need > >that. > >then > >! I believe to make the agent always run > >puppet resource service puppet ensure=running enable=true > >puppet resource package puppet-server ensure=latest > >came up with some errors > >/opt/puppetlabs/bin/puppet agent --test > >Info: Using configured environment 'production' > >Info: Retrieving pluginfacts > >Info: Retrieving plugin > >Info: Caching catalog for ybosnort.abc.com > >Info: Applying configuration version '1452136313' > >Notice: Applied catalog in 0.02 seconds > >so all looks good ... but > >puppet cert list > >show me nothing > >How do I regenerate the CA .. signing cert used by puppet > >How do I register the agent on the same box as puppet server > >What am I supposed to do with puppetDB > >Internet access do all the puppet agents need internet access or just > the > >puppet server, how do I configure it to use a proxy server > >Any links to a simple guide to setup a linux vm client pc ... cover > things > >like > >* usernames and UID . GUID > >* packages installed > >* configuring ETH and sudoers << are these done by manipulating the > config > >files ? > >Thanks > >A > > > >-- > >You received this message because you are subscribed to the Google > Groups > >"Puppet Users" group. > >To unsubscribe from this group and stop receiving emails from it, > send an > >email to [1]puppet-users...@googlegroups.com . > >To view this discussion on the web visit > >[2] > https://groups.google.com/d/msgid/puppet-users/1fdef323-95d9-4c6f-af58-462bb1653fa5%40googlegroups.com. > > > >For more options, visit [3]https://groups.google.com/d/optout. > > > > References > > > >Visible links > >1. mailto:puppet-users+unsubscr...@googlegroups.com > >2. > https://groups.google.com/d/msgid/puppet-users/1fdef323-95d9-4c6f-af58-462bb1653fa5%40googlegroups.com?utm_medium=email&utm_source=footer > > >3. https://groups.google.com/d/optout > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/9265245c-3d03-4463-b94a-f7c474e993fa%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Newbie Question
Hi New to puppet. I am trying to do some testing. I have a centos 6.7 installed VM. I have setup the puppet repo's Then installed puppetserver-2.2.1-1.el6.noarch I edited this /etc/puppetlabs/puppet/puppet.conf added in [main] dns_alt_names=puppet,puppet.abc.com the FQDN for the machine is ybosnort.abc.com so I thought I would need that. then ! I believe to make the agent always run puppet resource service puppet ensure=running enable=true puppet resource package puppet-server ensure=latest came up with some errors /opt/puppetlabs/bin/puppet agent --test Info: Using configured environment 'production' Info: Retrieving pluginfacts Info: Retrieving plugin Info: Caching catalog for ybosnort.abc.com Info: Applying configuration version '1452136313' Notice: Applied catalog in 0.02 seconds so all looks good ... but puppet cert list show me nothing How do I regenerate the CA .. signing cert used by puppet How do I register the agent on the same box as puppet server What am I supposed to do with puppetDB Internet access do all the puppet agents need internet access or just the puppet server, how do I configure it to use a proxy server Any links to a simple guide to setup a linux vm client pc ... cover things like * usernames and UID . GUID * packages installed * configuring ETH and sudoers << are these done by manipulating the config files ? Thanks A -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/1fdef323-95d9-4c6f-af58-462bb1653fa5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
