[Puppet Users] Re: puppet-lint questions
On Monday, April 14, 2014 7:16:39 PM UTC+2, Daniele Sluijters wrote: Sometimes things don't become more legible if you're forced to break it off somehow at 80 chars. We still try very hard to respect the 80 chars but sometimes, we go over it. Just a note on the 80 chars limitation: in the past I found it frustrating too, but today I see it's working well with code reviews software (Gerrit) that split the window in two with the old and new version of the file. -- http://about.me/alexanderfortin -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/57c35a11-bc52-43c8-854b-9c77f136856e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Slides TDD with puppet - puppetcamp paris yesterday
On Tuesday, April 15, 2014 1:10:05 PM UTC+2, Felix.Frank wrote: On 04/15/2014 09:25 AM, Nikola Petrov wrote: I haven't used catalog-diff but I am suspecting that it might be a substitute for the rspec tests. Tell me No. rspec allows you to implement unit tests to catch certain regression bugs. catalog-diff is rather concerned with integration testing (although you can use rspec for that as well). I think with catalog-diff we're catching regression bugs too, meaning that if the module interface is broken in the proposed commit, it will show up as an error (unless no node is actually including the refactored module). does it provide the following: * Automatic runs through guard/rake/whatever on every commit to verify that I am not breaking things like permissions on files You could do that, but compiling each of your nodes' catalog on every commit would be excessive. I agree it can be overkill for many environments, I guess depends on what you actually want to test, or better, what kind of confidence you want to have that your committed code is not actually breaking anything. To me seems that the catalog-diff approach is catching a broad variety of problems, also some that (I think) can't be easily catch by expressions in rspec. For example, somewhere in a random manifest I'm just changing declaration style for a class, from 'include myclass' to class {'myclass': }, leading to possible declaration dependency order / duplicated declarations problems: Node A (which I am currently working on) is including only one declaration, but node B was evaluating that class declaration two times, hence the duplicate declaration only on node B. Can rspec-puppet catch also this kind of problems? More in general, I'd like to know if rspec-puppet can give me the confidence that, given a node resource, the new version of the catalog will compile for that node. -- Alex -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/826f278e-1b69-4721-9e35-7028627c44fa%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Slides TDD with puppet - puppetcamp paris yesterday
On Sunday, April 13, 2014 11:57:19 AM UTC+2, Johan De Wit wrote: I still am so surprised when asking who is doing some kind of 'testing', almost nobody raises is hand . Most people just don't' see the sense of doing rspec unit tests - why writing the same code twice ? Well, I think there is still a lot of talking to do Hi Johan, sorry for the missed presentation at Puppet User Group Berlin, I'll make it one day or another and I'll share the slides at least ;) I'll be very happy to discuss further the testing topic, because testing is also very important to us. Actually we do lots of testing on our manifests (but not with rspec) and catalogs, and precisely I think that puppet catalog-diff [1] is the key piece in the pipeline for us, because it shows us for real what's actually changing with every commit we push to our manifests, plus the noop runs before merging to prod give us the final safe net to be sure we don't get any unexpected change in production. For the last 8 months or so it's been working surprisingly well for us and I'm really willing to share our experience with the community and also getting and suggestions about how to improve it even further. By the way, I'm another one that's not so convinced about the rspec tests value, to me seems that the unit tests themselves are much less relevant for a declarative-like language like Puppet. I mean, there's no 'design' that has to emerge by the unit tests getting green, in our team we already share a defined design for module structure, and, say, if the coder write the spec for a file to be there, I don't see why I should trust that more than a definition of that same thing in the manifest itself, hence the feeling of code duplication with no real value added. What I can see very clearly for normal software development, those values coming from TDD, I can't see easily for Puppet manifests writing. Something like Beaker [2] is what we'd like to add to our testing pipeline, i.e. running tests for the full stack in a VM, but again, stil more then willing to change my mind about rspec-puppet ;) [1] https://github.com/ripienaar/puppet-catalog-diff [2] https://github.com/puppetlabs/beaker/wiki/Overview -- http://about.me/alexanderfortin -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/fb8dc4c8-f5ce-4f0d-9ce9-e71f709dc197%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: puppet-lint questions
On Friday, April 11, 2014 12:32:39 AM UTC+2, Rich Burroughs wrote: I saw one of the Puppet Labs webinars about setting up your Puppet development environment, and at one point it mentioned using a git hook to run puppet-lint before committing. We do that where I work with puppet parser validate, but right now a lot of our code would not pass a puppet-lint run with no options. I'm curious how many people actually are that strict about it. Hi Rich, in our team we use puppet-lint strictly (meaning, if a manifest can't pass any linter test, it can't be merged), and personally I like it because it help standardize the code style and in general make the manifests more readable. As far as I know, it is enforcing most (if not any) Puppetlabs style guide rules [1]. Also, I have a couple of specific questions about errors that show up in our manifests commonly. We get this a lot: WARNING: quoted boolean value found on line 39 With code like this: $foo=hiera('foo', 'false'), We've given a default of false for a Hiera lookup. It doesn't seem like there's a way around this, it seems like it actually needs to be quoted. I think this is a problem with the hiera function, from a puppet point of view to me a boolean literal seems more appropriate, a string containing 'false' is semantically quite misleading. I remember I somehow solved the problem with a default '' (empty string) value for the hiera function, but maybe it's not fitting your use case as well. Another workaround is to define a default foo key in hiera itself to false. Not sure what hiera version you're running, maybe it changed with more recent versions. One other example: WARNING: double quoted string containing no variables on line 57 We get this when we are doing a tidy and are globbing: tidy { $log_directory: schedule = weekly, backup = false, type = ctime, recurse = true, matches = foo.out*, age = 97d, } Again, I think this is supposed to be double quoted (I found some examples on the Puppet Labs site that had double quotes). I never used the tidy resource but I'm quite sure the globbing will be done at apply time and not at compile time, puppet master has no notion of what's inside the agent filesystem in the first place. Nevertheless, quoting rules are quite clear [2] and a double quote should only be needed to interpolate variables inside the string. I know I can pass options to disable those checks, but in both cases there are times we might legitimately make a mistake that would cause that error, and I wouldn't want to ignore those... Yeah, I know it's a little painful to follow them all strictly at the beginning (especially the missing-docs and 80 chars ones), but in my experience in the long run it pays off in terms of readability, so I'd advise to use puppet-lint wherever possible [1] http://docs.puppetlabs.com/guides/style_guide.html [2] http://docs.puppetlabs.com/guides/style_guide.html#quoting -- http://about.me/alexanderfortin -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/d2877ef4-1a29-4cea-809b-38c3d1a0bd9b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: Error when checking out repo with svn+ssh
On Wednesday, March 26, 2014 8:06:02 PM UTC+1, rupsmaths wrote: When i try running puppet agent -t --server master i get the following error: *Error: Execution of '/usr/bin/svn --non-interactive checkout svn+ssh://repo' returned 1: svn: To better debug SSH connection problems, remove the -q option from 'ssh' in the [tunnels] section of your Subversion configuration file.* *svn: Network connection closed unexpectedly* I have added the private key on to my client machine so that i dont have to enter the password again and again. What should i do? I hope i have explained the problem good enough..Waiting for your help guys. Hi. Not sure where that vcsrepo resource is coming from, anyway I guess it's a defined resource declaring an Exec that tries to run your svn command. Maybe the (shell) environment you're testing your script from is different from the one your Puppet run is using (i.e. different users) ? Anyway, the general advise is to provide the more data and context you can if you want others to help you out solving your problem ;) For example, try to run puppet with --debug and/or --trace option and see if it gives you more hints, by the way the svn error message is already giving you some, so maybe also remove (temporally) the -q option there to have more information. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/e2942599-f21e-44ac-846b-9dd67ac27e44%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: Disable SSL when compiling catalogs for testing purposes
On Thursday, March 6, 2014 3:15:39 PM UTC+1, jcbollinger wrote: Do you see the ca in most of those? That stands for certificate authority. The one file that doesn't have it, ssl/crl.pem, is a certificate revocation list, which is also associated with the CA. The Puppet master provides a (as in one) certificate authority for the infrastructure it manages. It will create the needed keys and certificate only if they do not already exist. IMPORTANT: you must not disturb the master's CA. Doing so will make the certificates it has already signed unusable, rendering those agents using them both unwilling AND unable to request catalogs from that master. Hi John, thanks for the concern and for the insights you are providing. Yes, now I realize it's not creating the $host cert as I initially said but only the certificate authority files. I think I could just create these files just once and place them in the Docker image to avoid puppet recreating them at any run, maybe it will not give us any visible gain in performance but it's trivial to do so why not. Also, these puppet master --compile processes are not run in the actual puppet master machine(s) but on dedicated testing environments (Jenkins + Docker images) so no harm done to the actual CA :) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/2f7273d0-ed30-48f6-bac3-72fc6b4b7049%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: ignoring changes to a file
On Wednesday, March 5, 2014 3:41:45 PM UTC+1, kaustubh chaudhari wrote: Hi All, One of my application requires me to copy a config file after installation the application. This needs to be done only once after installation However this config file is managed by a central server and keeps on getting updated every day, which means puppet will overwrite the updated file every day. Which is a problem. How can i configure puppet to ignore changes to this file. Is there a way to do this ? http://docs.puppetlabs.com/references/3.stable/type.html#file-attribute-replace Whether to replace a file or symlink that already exists on the local system but whose content doesn’t match what the source or content attribute specifies. Setting this to false allows file resources to initialize files without overwriting future changes. Note that this only affects content; Puppet will still manage ownership and permissions. Defaults to true. Valid values are true, false, yes, no -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/231aae69-f70c-43a6-b342-40b33fdf55ca%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Disable SSL when compiling catalogs for testing purposes
Hi folks, recently in our Puppet pipeline we added a few tests on catalogs leveraging Ripienaar's puppet-catalog-diff [1]. Basically, before merging to production, for each node we compare the catalogs between production and the committed developing version, to spot any (maybe unwanted) change before the agent run. Also, we run catalog diffs for a single node locally in a Docker container to help refactoring-like tasks, and to test with different versions of puppet too (still at v2.7, will upgrade to 3 hopefully very soon). This has been working quite well for us so far, but of course will be nice to reduce the amount of time needed to run those tests. I know very little about the puppet master process, but my understanding is that every time we create the catalog, i.e. running puppet master --compile myhost this will also create a SSL cert for myhost. Is there a way to disable this behavior? Any other suggestions about how to make this catalog creation process as lightweight as possible? -- https://www.vizify.com/alexander-fortin -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAEoqoki-PT16v_Nqo7_%3DL-vXBv7LMu7X_vgZXQssaJ%2B3BQ29ew%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Disable SSL when compiling catalogs for testing purposes
On Wednesday, March 5, 2014 7:07:42 PM UTC+1, jcbollinger wrote: On Wednesday, March 5, 2014 8:35:40 AM UTC-6, Alexander Fortin wrote: [...] my understanding is that every time we create the catalog, i.e. running puppet master --compile myhost this will also create a SSL cert for myhost. I can't say for certain that you're wrong, but I have never heard of that certificate-generating behavior. From whence comes your understanding? I noticed because running two 'puppet master --compile' in parallel with the same host and same vardir path was creating conflicts, anyway these are the (SSL) files that get created at every run: ssl/ca/ca_crt.pem ssl/ca/ca_crl.pem ssl/ca/serial ssl/ca/ca_pub.pem ssl/ca/ca_key.pem ssl/ca/inventory.txt ssl/ca/private/ca.pass ssl/crl.pem ssl/certs/ca.pem Even if Puppet were doing that, I think you would find the savings available from eliminating it to be negligible compared to the cost of the actual catalog compilation. I guess you are right, I hoped it was just a matter of setting a config parameters to false but didn't find anything like that. Thanks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/f2488970-05ce-4136-9af6-f48c11b08e5e%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Environment supersets using Hiera
Hi folks, I'm using Puppet 3.0.1 and hiera 1.1.1, and this is my hierarchy now: :hierarchy: - %{fqdn} - %{environment} - common but I'd like to achieve something like this: if my node has environment=vagrant, then Hiera sources should be: - /var/lib/hiera/vagrant.yaml - /var/lib/hiera/devel.yaml - /var/lib/hiera/common.yaml if environment=devel: - /var/lib/hiera/devel.yaml - /var/lib/hiera/common.yaml if environment=production: - /var/lib/hiera/common.yaml I'm going through documentation but seems there's no mention to this kind of setup. Any hint? Thanks! -- Alexander Fortin https://www.vizify.com/alexander-fortin -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Thoughts on job listings?
On 5/30/12 11:07 PM, R. Tyler Croy wrote: I think this is the best idea here, a This Week in Puppet Jobs would be a good email, low noise, high signal :) Oh yes, I like this suggestion too! My +1 -- Alexander Fortin http://about.me/alexanderfortin/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet syntax check for Komodo Edit
On 2/18/12 9:01 PM, Mister IT Guru wrote: Hi All, Please forgive me for jumping on this thread, but I'm a bit shocked - Syntax highlighting for puppet? Sorry for being slow on this one, I have been cracking my eyes using nano, and basic text editors - It never crossed my mind to use an IDE!! Feel free to shame me as you see fit - I think I deserve punishment for missing a trick here! I've seen two recommendations for OSX users, Komodo Edit, and Eclipse. I think I'll download them now, I'm open for other suggestions! Hi! no shame, you've got to use the tool you feel more comfortable with ;) Each one has pros and cons of course. Actually I've been using mostly VIM + VIM-Puppet so far, but given that recently I've been writing more and more Python code, I feel that an IDE is more handy, especially for features like projects, so I double click on a project name and I get any previously opened file in a tab. PS still struggling to make Geppetto install PyDev :-/ -- Alexander Fortin http://about.me/alexanderfortin/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet syntax check for Komodo Edit
On 2/18/12 2:55 PM, Henrik Lindberg wrote: For Eclipse, there is PyDev for Python, and the Dynamic Lanugages toolkit has support for several others (like Ruby). You can install Geppetto into an Eclipse, or install support for other languages into Geppetto (which is essentially a stripped down Eclipse with only the things required for Puppet development). Did you try PyDev? Is that where the pain came from :) ? No :) I was just scared by the bloat that comes with Eclipse, but I'll give a try to the second option you suggest (Geppetto + languages support) though. -- Alexander Fortin http://about.me/alexanderfortin/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Uninstall Puppet and Facter from OSX
On 11/28/11 5:59 PM, Nigel Kersten wrote: You should, yes. I'd actually suggest the best thing to do is to run conf/osx/createpackage.sh to generate a proper Mac pkg out of the tarball. That will do some extra things like set up the right directory ownership for you. The previous install.rb install should have put files into: /usr/lib/ruby/site_ruby/1.8/puppet* /usr/bin/puppet* /usr/bin/filebucket /usr/bin/pi /usr/bin/ralsh /usr/sbin/puppet* and removing all those should effectively remove the install. Thanks Nigel, I've followed your suggestion and now I'm running puppet v2.7.6 installed via gem PS I wasn't able to find the createpackage.sh script you suggested though -- Alexander Fortin http://about.me/alexanderfortin/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Uninstall Puppet and Facter from OSX
Hi folks, I'm a new Mac user and a while ago I installed puppet (2.6.7) + facter (1.5.8) from tarballs provided by puppetlabs.com on my Lion machine. Now, I'd like to go for gem install and get puppet 2.7, but I'm not sure if I need to remove the puppet I've got installed right now before doing so. Thanks for your time, -- Alexander Fortin http://about.me/alexanderfortin/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Multiple nodes.pp files
On 11/24/11 5:58 AM, Iain Sutton wrote: Aside: do you perhaps mean source = file(/home/$::realuser/puppet/files/smb.conf), instead of content = file(/home/$::realuser/puppet/files/smb.conf), ? No, I'm using content =, and it works if I use actual strings instead of variables. Do you have any lines like: notice(the value of realuser is ${realuser} and ::realuser is ${::realuser} ) in your manifest to confirm what the variables might actually contain? I've added your line as suggested but as soon as I import the manifest file that uses those variables, it doesn't compile: Could not find any files from /home//puppet/files/smb.conf at /home/alex/puppet/manifests/samba.pp:7 on node blah -- Alexander Fortin http://about.me/alexanderfortin/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Multiple nodes.pp files
On 11/21/11 9:28 PM, jcbollinger wrote: What if you spell it like so: mysersource { /etc/$::myvariable: ensure = present } ? This is the actual code now: file { /etc/samba/smb.conf: ensure = present, content = file(/home/$::realuser/puppet/files/smb.conf), require = Package[samba], notify = Service[$sambaservices], } but I get the same output from apply: Could not find any files from /home//puppet/files/smb.conf at /home/alex/puppet/manifests/samba.pp:7 on node blah -- Alexander Fortin http://about.me/alexanderfortin/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Multiple nodes.pp files
On 11/22/11 7:37 PM, Aaron Grewell wrote: Curly braces perhaps? content = file(/home/${realuser}/puppet/files/smb.conf), Tried both with ${realuser} and with ${::realuser}, no luck. -- Alexander Fortin http://about.me/alexanderfortin/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Multiple nodes.pp files
On 11/21/11 11:13 AM, Luke Bigum wrote: Yes, big difference. The 'import' function will literally add the contents of a manifest file into where your import statement is, it's like a 'include woof.h' in C/C++ or source /etc/sysconfig/woof in Bash. It should really never be used anywhere outside of site.pp to add classes and functions but rather with Puppet's class autoloading functionality. [CUT] I think it's related. I'm using 2.7.3 with puppet apply only and I've noticed that if you declare a variable in the importing manifest (say, init.pp), it will not be callable from the imported manifest. So: init.pp: $myvariable = blabla myresource { $myvariable : ensure = present } import secondmanifest.pp # secondmanifest.pp: mysersource { /etc/$myvariable: ensure = present } doesn't work. -- Alexander Fortin http://about.me/alexanderfortin/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] eggdrop-puppet-notificator
Hi folks. I've just written a small plug-in for Eggdrop: https://github.com/shaftoe/eggdrop-puppet-notificator Maybe someone here is running both a puppet master and an eggdrop process on the same machine and wishes to get notified about missing nodes (via IRC and email). I like very much that Dashboard tells me which node is missing for more than 60mins, but I didn't know how to get notified too, so... I'm sure there are better ways to do it but this was just the easier I've seen, so of course any comment/bug report etc is very appreciated ;) -- Alexander Fortin http://about.me/alexanderfortin/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Announce: Dashboard 1.2.0 is available now
On 08/27/2011 08:07 PM, Ramin K wrote: ruby 1.8.5, released Apr 2006 ruby 1.8.7, released May 2008 ruby 1.9.2, released Oct 2010 Not exactly bleeding edge though I suppose anything released in the last four years could be considered that when compared to RHEL 5.:-) FWIW, if you think of the releases as Ruby 1.0.x, 1.5.x, and 2.0.x respectively the differences in capabilities will make more sense. For my environment, having puppet agents = 2.6.4 is the only blocking issue, because I'd like to stay with Debian/Ubuntu packages and so far the most I can get from stable versions are 2.6.2 (the only exception being FreeBSD 8.2 shipping 2.6.7) Argh... I just can't wait to see the new Dashboard! :D -- Alexander Fortin http://about.me/alexanderfortin/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] eggdrop-puppet-notificator
On 08/31/2011 02:25 PM, Ohad Levy wrote: nice! any chance you would consider adding a query to foreman? easy to get that info via: curlhttp://foreman/hosts/out_of_sync?format={json,yaml} Hi Ohad! Unfortunately I've got no Foreman so no way to test it (and no real need to extend it because no Foreman in the near future here...) If you (or anyone) want to submit a patch I'll be more than happy :) Just ask to be added to the GitHub project and I'll give you RW. -- Alexander Fortin http://about.me/alexanderfortin/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Can a node access a not-imported module's files?
Hi folks, I've finally found the time (and the will!) to test puppet and thanks to this ml and other great resources like docs.puppetlabs.com and #puppet on freenode, I must admit it's much easier than what I thought. It's evident this is a great community indeed, nice job everyone! I've got a doubt and I wasn't able to find documentation about, so I thought it was time to try out this ML too: I'd like to manage sensitive data like PEM certs (to manage openvpn services for instance) and I'm puzzled by this doubt: is it possible for a client to steal information from the master? I mean, can mynode see modules/mymodule/files/mysecretfile even if the node 'mynode' is not including that module? -- Alexander Fortin http://about.me/alexanderfortin/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Can a node access a not-imported module's files?
On 06/15/2011 04:54 PM, Nigel Kersten wrote: By default, yes. It is possible to construct an API call to access fileserver data that hasn't been explicitly assigned to that node. However you can construct your own ACLs to restrict access to certain files using auth.conf http://docs.puppetlabs.com/guides/rest_auth_conf.html For such data, I would create a specific module or custom fileserver mount, and restrict access to it explicitly. http://docs.puppetlabs.com/guides/file_serving.html Thanks Nigel, I'll think about that option. I'm not yet sure if it's a better idea to keep secret files stored just on one secure place (say, an encrypted folder on my laptop or better) as I'm doing now, then collecting them on a server. It was more a curiosity then a real necessity, many thanks for the explanation though. -- Alexander Fortin http://about.me/alexanderfortin/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Can a node access a not-imported module's files?
On 06/15/2011 05:01 PM, Nigel Kersten wrote: Check the correct format for generate(). That's a terrible idea if the catalog gets written to disk anywhere. Can someone confirm? Only the agents who have been delivered that resource will end up with that data in their catalog. I should have mentioned this solution as well. Note too the file() function which lets you simply return the contents of a file without needing to jump through the hoop of using cat. Yes, this sounds reasonable! @Luke: about the catalog writing danger, do you refer to the client or the master? Anyway, to make this work, eventually both client and master will store the secret somewhere, so I don't think is an issue as far as the secret/catalog is only readable by root. -- Alexander Fortin http://about.me/alexanderfortin/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.