Re: [Puppet Users] Problem in PuppetDB

[Alexandre Monteiro]

Hi Wyatt,

Returned 200 with the version: 4.4.0

[root@master puppetdb]# curl -v 
http://master.dexter.com.br:8080/pdb/meta/v1/version
* About to connect() to master.dexter.com.br port 8080 (#0)
*   Trying 10.10.0.117...
* Connected to master.dexter.com.br (10.10.0.117) port 8080 (#0)
> GET /pdb/meta/v1/version HTTP/1.1
> User-Agent: curl/7.29.0
> Host: master.dexter.com.br:8080
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Thu, 20 Jul 2017 18:21:07 GMT
< Content-Type: application/json; charset=utf-8
< Content-Length: 25
< Server: Jetty(9.2.z-SNAPSHOT)
<
{
  "version" : "4.4.0"
* Connection #0 to host master.dexter.com.br left intact


In the log /var/log/puppetlabs/puppetdb/puppetdb.log:

We are unable to create the recommended pg_trgm indexes due to
the extension not being installed correctly.  Run the command:

CREATE EXTENSION pg_trgm;

as the database super user on the PuppetDB database to correct
this, then restart PuppetDB.

Can this impact the viewing of my PuppetDB?




Em quinta-feira, 20 de julho de 2017 15:13:38 UTC-3, Wyatt Alt escreveu:
>
> That's the behavior I'd expect -- I believe the issue is you're just not 
> hitting an endpoint. If you're trying to verify that the service is up 
> and running, the way we typically do that is with 
>
> curl http://localhost:8080/pdb/meta/v1/version 
>
> which should return a blob with a version number. 
>
> Wyatt 
>
>
> On 07/20/2017 08:28 AM, Alexandre Monteiro wrote: 
> > Hi folks, 
> > 
> > I'm installing PuppetDB on my desktop. All configuration of 
> > puppetserver, postgre is OK .. but occurring return 302 in my curl 
> > test. I read many forums and it still did not work .. 
> > Here is the error: 
> > 
> > # curl -v http://localhost:8080 
> > * About to connect() to localhost port 8080 (#0) 
> > *   Trying 127.0.0.1... 
> > * Connected to localhost (127.0.0.1) port 8080 (#0) 
> > > GET / HTTP/1.1 
> > > User-Agent: curl/7.29.0 
> > > Host: localhost:8080 
> > > Accept: */* 
> > > 
> > < HTTP/1.1 302 Found 
> > < Date: Thu, 20 Jul 2017 15:27:18 GMT 
> > < Location: /pdb/dashboard/index.html 
> > < Content-Length: 0 
> > < Server: Jetty(9.2.z-SNAPSHOT) 
> > < 
> > * Connection #0 to host localhost left intact 
> > 
> > Has anyone seen this yet? 
> > 
> > Tks!! 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> > Groups "Puppet Users" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> > an email to puppet-users...@googlegroups.com  
> > <mailto:puppet-users+unsubscr...@googlegroups.com >. 
> > To view this discussion on the web visit 
> > 
> https://groups.google.com/d/msgid/puppet-users/809eaf77-52b8-4451-be17-5556b8416943%40googlegroups.com
>  
> > <
> https://groups.google.com/d/msgid/puppet-users/809eaf77-52b8-4451-be17-5556b8416943%40googlegroups.com?utm_medium=email&utm_source=footer>.
>  
>
> > For more options, visit https://groups.google.com/d/optout. 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/70798eb8-e204-483d-8f3d-ce24c6e4d082%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Problem in PuppetDB

[Alexandre Monteiro]

Hi folks,

I'm installing PuppetDB on my desktop. All configuration of puppetserver, 
postgre is OK .. but occurring return 302 in my curl test. I read many 
forums and it still did not work ..
Here is the error:

# curl -v http://localhost:8080
* About to connect() to localhost port 8080 (#0)
*   Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 8080 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: localhost:8080
> Accept: */*
>
< HTTP/1.1 302 Found
< Date: Thu, 20 Jul 2017 15:27:18 GMT
< Location: /pdb/dashboard/index.html
< Content-Length: 0
< Server: Jetty(9.2.z-SNAPSHOT)
<
* Connection #0 to host localhost left intact

Has anyone seen this yet?

Tks!!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/809eaf77-52b8-4451-be17-5556b8416943%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Could not evaluate: Could not find command '/var/lib/puppet/concat/bin/concatfragments.rb'

[Alexandre Dumont]

Please see https://tickets.puppetlabs.com/browse/MODULES-2206: the existing
implementation for concat does not work properly with noop mode, and
unfortunately cannot work without violating the principle of noop mode (no
changes made on the system). There was some discussion about this, and the
issues in the pull request here


On Mon, Jul 13, 2015 at 3:22 PM Charlie-Jane Costello <
cjcostell...@gmail.com> wrote:

> Yeah, I'm getting the same error as you Joe. I'm also using the Apache
> module on a Centos7 machine.
> Puppet version 3.7.4. I did however try initially with 3.8.1, but thought
> that this may have been a version issue, and therefore downgraded.
>
> On Thursday, June 4, 2015 at 2:55:01 PM UTC+1, Joe Koenig wrote:
>>
>> I've got a puppet agent (3.8) on CentOS 7 that I'm trying to configure
>> using the puppetlabs-apache module. I'm getting the following on the first
>> run:
>>
>> *Error: /Stage[main]/Main/Node[web-agent-..xxx.com
>> ]/Apache::Vhost[example.com
>> ]/Concat[25-example.com.conf]/Exec[concat_25-example.com.conf]:
>> Could not evaluate: Could not find command
>> '/var/lib/puppet/concat/bin/concatfragments.rb'*
>>
>> Here's what my site.pp looks like:
>>
>> node /^web-agent-(.*)\.bds-puppet\.com$/ {
>>
>> class { 'yum':
>>
>> extrarepo => ['epel', 'puppetlabs', 'remi_php55', 'remi']
>>
>> }
>>
>> file { ["/data", "/data/web", "/data/web/vhosts",
>> "/data/web/vhosts/example.com"]: ensure => "directory" }
>>
>> file { ["/data/logs", "/data/logs/apache"]: ensure => "directory"
>> }
>>
>> class { 'apache':
>>
>> package_ensure => '2.4.6-31.el7.centos',
>>
>> server_signature => 'Off',
>>
>> default_vhost => false,
>>
>> default_mods => false,
>>
>> mpm_module => false
>>
>> }
>>
>> class { 'apache::mod::prefork':
>>
>> startservers => '8',
>>
>> minspareservers => '3',
>>
>> maxspareservers => '5',
>>
>> serverlimit => '1024',
>>
>> maxclients => '1024',
>>
>> maxrequestsperchild => '4000'
>>
>> }
>>
>> apache::vhost { 'www.example.com':
>>
>> port => '80',
>>
>> serveraliases => ['example.com','*.example.com'],
>>
>> docroot => '/data/web/vhosts/example.com',
>>
>> access_log_file => 'example.com_access_log',
>>
>> error_log_file => 'example.com_error_log',
>>
>> logroot => '/data/logs/apache',
>>
>> override => 'All',
>>
>> directoryindex => 'index.php index.html',
>>
>> add_default_charset => 'UTF-8',
>>
>> options => ['-Indexes']
>>
>> }
>>
>> class { 'apache::mod::cache': }
>>
>> class { 'apache::mod::deflate': }
>>
>> class { 'apache::mod::dir': }
>>
>> class { 'apache::mod::mime': }
>>
>> class { 'apache::mod::mime_magic': }
>>
>> class { 'apache::mod::proxy': }
>>
>> class { 'apache::mod::rewrite': }
>>
>> class { 'apache::mod::ssl': }
>>
>> class { 'apache::mod::status': }
>>
>> class { 'apache::mod::vhost_alias': }
>>
>> class { '::apache::mod::php':
>>
>> package_name => "php-5.5.25-1.el7.remi",
>>
>> }
>>
>> package {
>> ["php-mcrypt","php-mysqlnd","php-gd","php-ldap","php-soap","php-mbstring","php-opcache","libcurl-devel"]:
>>
>> ensure => "installed",
>>
>> require => Class['apache']
>>
>> }
>>
>> package { "openldap-devel": ensure => "installed" }
>>
>> package { ["openssl","openssl-devel"]: ensure => "latest" }
>>
>> package { "wkhtmltopdf": ensure => "0.12.1-1.el7" }
>>
>> }
>>
>> Any pointers on what may be causing this would be greatly appreciated.
>> Thanks!
>>
>> Joe
>>
>  --
> You received this message because you are subscribed to a topic in the
> Google Groups "Puppet Users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/puppet-users/vB4hJddgHDM/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/b3e20dd3-5f2d-4946-8753-d18cb60ea149%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubsc

[Puppet Users] Re: Could not evaluate: Could not find command '/var/lib/puppet/concat/bin/concatfragments.rb'

[Alexandre Dumont]

Same error here, when using puppet module saz-ssh v2.8.1.

All my modules are:

# *puppet module lis*t
/etc/puppet/modules
├── puppetlabs-concat (v1.2.3)
├── puppetlabs-ntp (v4.0.0)
├── puppetlabs-stdlib (v4.6.0)
└── saz-ssh (v2.8.1)

Some facts from my fresh installation:

# *facter os puppetversion*
*os* => {"name"=>"Ubuntu", "release"=>{"major"=>"12.04", "full"=>"12.04"}, 
"lsb"=>{"distrelease"=>"12.04", "distcodename"=>"precise", 
"majdistrelease"=>"12.04", "distdescription"=>"Ubuntu 12.04", 
"distid"=>"Ubuntu"}, "family"=>"Debian"}
*puppetversion* => 3.8.1

My site.pp:

include ::ssh::server

Error:

*# puppet agent --test --noop *
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for ema
Info: Applying configuration version '1436379851'
Notice: /Stage[main]/Concat::Setup/File[/var/lib/puppet/concat]/ensure: 
current_value absent, should be directory (noop)
Notice: /Stage[main]/Concat::Setup/File[/var/lib/puppet/concat/bin]/ensure: 
current_value absent, should be directory (noop)
Notice: 
/Stage[main]/Concat::Setup/File[/var/lib/puppet/concat/bin/concatfragments.rb]/ensure:
 
current_value absent, should be file (noop)
Notice: Class[Concat::Setup]: Would have triggered 'refresh' from 3 events
Notice: 
/Stage[main]/Ssh::Server::Config/Concat[/etc/ssh/sshd_config]/File[/var/lib/puppet/concat/_etc_ssh_sshd_config]/ensure:
 
current_value absent, should be directory (noop)
Info: 
/Stage[main]/Ssh::Server::Config/Concat[/etc/ssh/sshd_config]/File[/var/lib/puppet/concat/_etc_ssh_sshd_config]:
 
Scheduling refresh of Exec[concat_/etc/ssh/sshd_config]
Notice: 
/Stage[main]/Ssh::Server::Config/Concat[/etc/ssh/sshd_config]/File[/var/lib/puppet/concat/_etc_ssh_sshd_config/fragments.concat.out]/ensure:
 
current_value absent, should be present (noop)
Notice: 
/Stage[main]/Ssh::Server::Config/Concat[/etc/ssh/sshd_config]/File[/var/lib/puppet/concat/_etc_ssh_sshd_config/fragments]/ensure:
 
current_value absent, should be directory (noop)
Info: 
/Stage[main]/Ssh::Server::Config/Concat[/etc/ssh/sshd_config]/File[/var/lib/puppet/concat/_etc_ssh_sshd_config/fragments]:
 
Scheduling refresh of Exec[concat_/etc/ssh/sshd_config]
Notice: /Stage[main]/Ssh::Server::Config/Concat::Fragment[global 
config]/File[/var/lib/puppet/concat/_etc_ssh_sshd_config/fragments/00_global 
config]/ensure: current_value absent, should be file (noop)
Info: /Stage[main]/Ssh::Server::Config/Concat::Fragment[global 
config]/File[/var/lib/puppet/concat/_etc_ssh_sshd_config/fragments/00_global 
config]: Scheduling refresh of Exec[concat_/etc/ssh/sshd_config]
Notice: 
/Stage[main]/Ssh::Server::Config/Concat[/etc/ssh/sshd_config]/File[/var/lib/puppet/concat/_etc_ssh_sshd_config/fragments.concat]/ensure:
 
current_value absent, should be present (noop)
Error: 
/Stage[main]/Ssh::Server::Config/Concat[/etc/ssh/sshd_config]/Exec[concat_/etc/ssh/sshd_config]:
 
Could not evaluate: Could not find command 
'/var/lib/puppet/concat/bin/concatfragments.rb'
Notice: 
/Stage[main]/Ssh::Server::Config/Concat[/etc/ssh/sshd_config]/Exec[concat_/etc/ssh/sshd_config]:
 
Would have triggered 'refresh' from 3 events
Notice: 
/Stage[main]/Ssh::Server::Config/Concat[/etc/ssh/sshd_config]/File[/etc/ssh/sshd_config]:
 
Dependency Exec[concat_/etc/ssh/sshd_config] has failures: true
Warning: 
/Stage[main]/Ssh::Server::Config/Concat[/etc/ssh/sshd_config]/File[/etc/ssh/sshd_config]:
 
Skipping because of failed dependencies
Notice: Concat[/etc/ssh/sshd_config]: Would have triggered 'refresh' from 5 
events
Info: Concat[/etc/ssh/sshd_config]: Scheduling refresh of Service[ssh]
Notice: Concat::Fragment[global config]: Would have triggered 'refresh' 
from 1 events
Notice: Class[Ssh::Server::Config]: Would have triggered 'refresh' from 2 
events
Info: Class[Ssh::Server::Config]: Scheduling refresh of 
Class[Ssh::Server::Service]
Notice: Class[Ssh::Server::Service]: Would have triggered 'refresh' from 1 
events
Info: Class[Ssh::Server::Service]: Scheduling refresh of Service[ssh]
Notice: /Stage[main]/Ssh::Server::Service/Service[ssh]: Dependency 
Exec[concat_/etc/ssh/sshd_config] has failures: true
Warning: /Stage[main]/Ssh::Server::Service/Service[ssh]: Skipping because 
of failed dependencies
Notice: /Stage[main]/Ssh::Server::Service/Service[ssh]: Would have 
triggered 'refresh' from 2 events
Notice: Class[Ssh::Server::Service]: Would have triggered 'refresh' from 1 
events
Notice: /Stage[main]/Ssh::Server/Anchor[ssh::server::end]: Dependency 
Exec[concat_/etc/ssh/sshd_config] has failures: true
Warning: /Stage[main]/Ssh::Server/Anchor[ssh::server::end]: Skipping 
because of failed dependencies
Notice: Stage[main]: Would have triggered 'refresh' from 3 events
Notice: Finished catalog run in 0.34 seconds

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To vi

[Puppet Users] Re: CentOS 7.1 : facter problem

[Alexandre Barth]

centos-release package has been updated this night and fixes the problem :)

Le mercredi 1 avril 2015 09:59:14 UTC+2, Alexandre Barth a écrit :
>
> OS informations are broken using facter in CentOS 7.1 : os variable is not 
> populated as it should be, and so operatingsystemmajrelease and 
> operatingsystemrelease are not created at all.
>
> I think this comes from the /etc/redhat-release file in centos 7.1
>
> In Centos 7.0, /etc/redhat-release is a symbolic link to 
> /etc/centos-release which contains "CentOS Linux release 7.0.1406 (Core)
>
> In Centos 7.1, /etc/redhat-release is a regular file which contains 
> "Derived from Red Hat Enterprise Linux 7.1 (Source)"
>
> Modifying /etc/redhat-release to be a symlink to /etc/centos-release 
> solves the problem.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/cf27a0b5-e31d-4678-bb2e-a202993687c1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] CentOS 7.1 : facter problem

[Alexandre Barth]

OS informations are broken using facter in CentOS 7.1 : os variable is not 
populated as it should be, and so operatingsystemmajrelease and 
operatingsystemrelease are not created at all.

I think this comes from the /etc/redhat-release file in centos 7.1

In Centos 7.0, /etc/redhat-release is a symbolic link to 
/etc/centos-release which contains "CentOS Linux release 7.0.1406 (Core)

In Centos 7.1, /etc/redhat-release is a regular file which contains 
"Derived from Red Hat Enterprise Linux 7.1 (Source)"

Modifying /etc/redhat-release to be a symlink to /etc/centos-release solves 
the problem.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/74f32736-be00-49bd-8765-fab8f41081ce%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] How to get package version to use it in template ?

[Alexandre Barth]

Hello !

I have a problem generating different configuration in a template depending 
on package version installed.
For example, in my httpd module, i'd like to generate configuration using 
Order, Allow from and Deny from if httpd < 2.4 and Require ip if httpd > 
2.4.
I know i can create custom fact to get a package version, but package 
installation and configuration append during the same puppet run so custom 
fact is empty for the template and the good configuration is only applied 
during next run.

Any idea ?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/473cac2d-7042-4ddf-8f31-c43c28b21a02%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: How to have multi-line external variables ? Failed with extlookup and Dashboard

[Alexandre]

Found out that a CSV file with value like

alex,"line1
line2"

will do the trick, but

alex,"line1
line2
\"line3"

will not work and

alex,"line1
line2
""line3"

will work


On Mar 1, 4:58 pm, Alexandre  wrote:
> Is there a way to be able to externalize multi-line variable (eg to
> contain pem keys, etc...), to be used like
>
>     file { "/tmp/alex":
>         content => $::alex  # In dashboard: alex = line1\nline2
>     }
>     file { "/tmp/alex2":
>         content => extlookup('alex')  # alex,line1\nline2
>     }
>
> I tried to set a variable with line1\nline2 in dashboard and in
> extlookup, but both failed to interpret it and wrote it litterally. Is
> there another way ? Maybe with Hiera (sadly it is not yet integrated
> in the Puppet RPM)

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] How to have multi-line external variables ? Failed with extlookup and Dashboard

[Alexandre]

Is there a way to be able to externalize multi-line variable (eg to
contain pem keys, etc...), to be used like

file { "/tmp/alex":
content => $::alex  # In dashboard: alex = line1\nline2
}
file { "/tmp/alex2":
content => extlookup('alex')  # alex,line1\nline2
}

I tried to set a variable with line1\nline2 in dashboard and in
extlookup, but both failed to interpret it and wrote it litterally. Is
there another way ? Maybe with Hiera (sadly it is not yet integrated
in the Puppet RPM)

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Having inheritance issues

[Henderson Alexandre]

Hello Puppet user group,


I'm unable to get the node controllernode.vps.net to inherit the class
basenode to run any of the includes defined in basenode, no errors are
reported by puppet.

All controllernode.vps.net is able to import from puppet is the hosts
module which is defined in site.pp

---
[root@puppet manifests]# cat nodes.pp

node basenode {
include hosts
include ntp
}

node 'controllernode.vps.net'  inherits basenode{
include controllernode
}
--
[root@puppet manifests]# cat site.pp
node default {
include hosts
}
--
[root@puppet manifests]# cat modules.pp
import "ntp"
import "controllernode"
-

[root@puppet puppet]# cd modules/
[root@puppet modules]# tree
.

├── controllernode
│   ├── files
│   └── manifests
│   └── init.pp

├── hosts
│   ├── files
│   │   └── hosts
│   └── manifests
│   └── init.pp

├── ntp
│   ├── files
│   │   └── ntpd.conf
│   └── manifests
│   └── init.pp
---


Any idea why controllernode.vps.net is not importing the
controllernode module?

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Why is 'notify' acting as a 'before' and not a 'require' ?

[Alexandre]

> Think about it. You want puppet to send a notification to a resource.
> Puppet must decide whether this notification gets sent. So it must
> process the notifying resource. After that, *if* a notification was in
> fact generated, it can process the notified resource.

I see. I was making a difference between parsing the notified
ressource and applying this resource. That is why i -though- the
notify would require the parsing, but Puppet would then apply/refresh
the notified resource afterwards. But it seems that for Puppet,
parsing and applying the notified ressource is one operation, which
means, if i understand correctly, that it is not possible to require
and notify the same resource as i was expecting erroneously.

>
> with whatever implementation you choose for your reload (in most cases
> you want to notify a service resource instead of an exec, but it's not
> more than a rule of thumb).

Yes, my class apache includes a Service, and the Exec requires it. But
since notifying the service will trigger an restart and not a reload,
i do not notify the Service directly ( I see there are open issues
#3323 and #1014 )

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Why is 'notify' acting as a 'before' and not a 'require' ?

[Alexandre Fouché]

Why is 'notify' acting as a 'before' and not a 'require' ?

Can someone explain why this way is unlogical to Puppet parser, why the
'notify' would create a dependency cycle ? Why would the 'notify' need to
create an order ? Isn't it supposed to carry a message, and not a
constraint ?

Typically i would need something like this

# First i have an Apache class
class apache {
#(...)
exec { 'apache-reload':
command => '/sbin/service httpd reload',
refreshonly => true,
require => Service['apache'],
}
}

# Then another class which adds an Apache conf file
class backup::backuppc::web {
#(...)

require 'apache'

file { '/etc/httpd/conf.d/BackupPC.conf':
#(...)
require => [ Class['apache'] ],
notify  => Exec['apache-reload'],
}
}

I find it logical that my 'BackupPC.conf' apache file is put after the
apache package is installed, or more broadly after the apache class is
complete. Afterwards, i put the 'BackupPC.conf' conf, and then afterwards,
i want to notify Exec['apache-reload'], that it needs to reload. To me, the
notify is a good way to ensure the apache class does not have to know
anything about the backup class, and stay generic, while at the same time
ensuring that the backup class can notify the apache service if it thinks
it needs to.

Unfortunately, the 'notify' is acting as a 'before' and creates a
dependency cycle. It breaks the scheme of being able to keep the apache
class generic yet able to respond to notifications

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Does someone have a working config of nginx+passenger for Puppet

[Alexandre]

I see, that is the "passenger_set_cgi_param" which was missing. I was
using "proxy_set_header" and that was not working. And clearly my
config.ru was missing a lot too, and i had to make symlinks and stuff
to point to my Puppet installation dirs

Thanks a lot,
Alex

On 13 déc, 22:14, windowsrefund  wrote:
> nginx bits...
>
> server {
>   server_name puppet;
>   listen 8140 default ssl;
>   client_max_body_size 10M;
>   passenger_enabled on;
>   passenger_set_cgi_param HTTP_X_CLIENT_DN $ssl_client_s_dn;
>   passenger_set_cgi_param HTTP_X_CLIENT_VERIFY $ssl_client_verify;
>   root /opt/nginx/html/puppet-production/public;
>   ssl_certificate /etc/puppet/ssl/certs/puppet.pem;
>   ssl_certificate_key /etc/puppet/ssl/private_keys/puppet.pem;
>   ssl_crl /etc/puppet/ssl/ca/ca_crl.pem;
>   ssl_client_certificate /etc/puppet/ssl/certs/ca.pem;
>   ssl_protocols SSLv3 TLSv1;
>   ssl_ciphers HIGH:+MEDIUM;
>   ssl_prefer_server_ciphers on;
>   ssl_verify_client optional;
>   ssl_verify_depth 1;
>   ssl_session_cache shared:SSL:128m;
>   ssl_session_timeout 5m;
>
> }
>
> passenger bits (config.ru)...
>
> $0 = "puppetmasterd"
> require 'puppet'
>
> ARGV << "--rack"
> ARGV << "--confdir=/etc/puppet.production"
> ARGV << "--vardir=/var/puppet.production"
> ARGV << "--reportdir=/var/puppet.production/reports"
> ARGV << "--ssldir=/etc/puppet/ssl"
> ARGV << "--ssl_client_header=SSL_CLIENT_S_DN"
> ARGV << "--ssl_client_verify_header=SSL_CLIENT_VERIFY"
>
> require 'puppet/application/puppetmasterd'
> run Puppet::Application[:puppetmasterd].run

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Does someone have a working config of nginx+passenger for Puppet

[Alexandre]

Hi,
I tried to adapt the Apache+Passenger donc on the PuppetLabs wiki for
use with nginx+passenger, but something is not working maybe i do not
set the http headers correctly. Did someone made it work ? Can you
share it ? Or is it already posted on the wiki (i did not find so
far) ?

Please don't ask me why i don't simply use Apache, this is because i
use nginx+passenger for another webapp, and best would be to just plug
Puppet to the already running Passenger

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Any way to have exclusive classes?

[Alexandre]

yes i kind of do that too. Eg if i have different classes that permit
to setup and install each a certain java, and i want to make sure only
one of them can be instanciated with Puppet on a server at a time, i
make sure one of my ressources in each class has the name file { java:
name=>'real name', (...) }  . This way, i'll have an error of
duplicate definition at runtime if someone try to include more than 1
class


On 9 déc, 16:58, Aaron Grewell  wrote:
> I suppose if you really want it to fail if more than one option class is
> used you could define a 'canary resource' that would be the same in each
> option class. Then you would get an error if you tried to use more than
> one. The thing is, you would still have to document why you did that since
> it's non-obvious. Better to just document that only one should be used I
> suspect.
> On Dec 9, 2011 6:16 AM, "jcbollinger"  wrote:
>
>
>
>
>
>
>
>
>
> > On Dec 8, 5:05 pm, Len Rugen  wrote:
> > > I have a group of classes (about 6 now) that I want to allow a host to
> > use
> > > none or at most one of them.  This just a "guard rail" for admins.  :-)
>
> > > Basically like this:
>
> > > base
> > > base::opt1
> > > base::opt2
> > > ...
> > > base::opt6
>
> > > base is default to all nodes.
>
> > > We use Puppet and Foreman :-)
>
> > So you want Puppet to *enforce* that nodes have at most one of the
> > base::optX classes?  I'd recommend instead prominently documenting
> > that policy and verifying it in your QA process if it doesn't
> > naturally fall out of the classes themselves.
>
> > If you must do this, however, then you can structure the classes so
> > that they are mutually exclusive.  Here's a trivial example:
>
> > class base::opt1 {
> >  notify { 'base::option': message => 'opt1' }
> > }
>
> > class base::opt2 {
> >  notify { 'base::option': message => 'opt1' }
> > }
>
> > No node can include both of those classes, because catalog compilation
> > would fail on the duplicate Notify['base::option'] resource.  You can
> > also approach the problem via class inheritance if it makes sense to
> > do so:
>
> > class base2 {
> >  notify { 'base2::option': message => 'base' }
> > }
>
> > class base2::opt1 inherits base2 [
> >  Notify['base2::option'] { message => 'opt1' }
> > }
>
> > class base2::opt1 inherits base2 [
> >  Notify['base2::option'] { message => 'opt2' }
> > }
>
> > Nodes may then include (or not) base2, plus at most one of base2::opt1
> > and base2::opt2.  If they try to include both of the subclasses then
> > catalog compilation will fail because of the conflicting overrides.
>
> > Either approach is much more sensible if there is at least one
> > resource that naturally fills the role of the Notify than if you need
> > an artificial one (such as in the examples).  Indeed, if there is such
> > a natural fit, then you get the desired behavior for free.
>
> > Warning: there is a potential issue in all this if you foresee ever
> > changing which option is applies to a given node.  If there is
> > imperfect overlap of the resources managed by the various option
> > classes, then switching from one to another can leave previously
> > managed resources unmanaged instead of removing them.  That's by no
> > means particular to the kind of setup you asked about, but I attribute
> > to it a greater likelihood of being problematic for you.
>
> > John
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Puppet Users" group.
> > To post to this group, send email to puppet-users@googlegroups.com.
> > To unsubscribe from this group, send email to
> > puppet-users+unsubscr...@googlegroups.com.
> > For more options, visit this group at
> >http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Dynamically create arguments for a define (or parametrized class)

[Alexandre]

There is a function to dynamically create Puppet resources from a
hash: createresources(): 
http://docs.puppetlabs.com/references/stable/function.html#createresources


On 27 oct, 17:03, Henrik Lindberg 
wrote:
> Did you try something like:
>
> define boo($a="a", $b="b", $c="c") {
>      bar { $title:
>        a => $a,
>        b => $b,
>        c => $c,
>     }
>
> }
>
> boo { 'the title' : a => "a value", c => "c value" }
>
> - henrik
>
> On 10/27/11 1:29 PM, Alessandro Franceschi wrote:
>
>
>
>
>
>
>
> > Maybe I'm asking too much, but is there a way to dynamically add
> > resources in a define/parametrized class based on a variable (or hash)
> > passed to a containing class/define?
>
> > Something that when I call
> > boo { "bah":
> > options => {
> > "optiona" => "valuea",
> > "optionb" => "valueb",
> > },
> > }
>
> > gets this result (what follows is the wanted behaviour not the actual
> > code of the boo define)
>
> > define boo (
> > $options
> > ) {
>
> > bar { "name":
> > optiona => valuea,
> > optiona => valuea,
> > }
> > }
>
> > Or a more general note, is it possible to manage dynamically the name
> > and presence of arguments in a define?
>
> > Any help or direction is welcomed.
> > Al
>
> > --
> > You received this message because you are subscribed to the Google
> > Groups "Puppet Users" group.
> > To view this discussion on the web visit
> >https://groups.google.com/d/msg/puppet-users/-/5PkidQ_83E0J.
> > To post to this group, send email to puppet-users@googlegroups.com.
> > To unsubscribe from this group, send email to
> > puppet-users+unsubscr...@googlegroups.com.
> > For more options, visit this group at
> >http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Puppet in the DMZ via proxy

[Alexandre]

I also had such a scheme, but having the puppetmaster on an internal
private IP network, not even a DMZ. Puppet runs were triggered, there
was no puppet client daemon or crontabed runs.

server with Puppet client is on interent with public IP

Local intranet:
Puppetmaster
a Squid proxy

When i want to puppetize a machine, from my local workstation in the
same network as the puppetmaster and squid, i connect with ssh
creating a tunnel -L 3128:squidserver:3128 . Once logged, i launched
puppet --server puppetmaster.local --test --http_proxy_host localhost
--http_proxy_port 3128
-> The Puppet client connects to the intranet proxy though the tunnel.
The proxy can route to the puppetmaster.

I keep the tunnel open just for the time of the puppetize


On 20 oct, 21:14, "Kinzel, David"  wrote:
> >On Thu, Oct 20, 2011 at 12:46 PM, Geoff Galitz
> > wrote:
>
> >> We're thinking of ways to get our DMZ nodes managed by puppet, and in
> >> the absence of a full-fledged push model we are thinking about
> >> pointing puppets in our DMZ network at a bastion host
> >running squid to
> >> proxy back to our puppet master.
>
> >> In this scenario, the single bastion host would have an ACL allowing
> >> access through our inner firewall to the master, but the
> >various nodes
> >> would have no direct access.   That would give us a nice choke point
> >> that we can monitor and isolate if needed.  We'd still get all of our
> >> reporting functions, too.
>
> >> Has anyone tried something along these lines?  Any opinions?
>
> We have an allow-list of hosts which connect to a NAT IP that gets forwarded 
> internally. This is a simpler setup than having a proxy do it.
>
> This email communication and any files transmitted with it may contain
> confidential and or proprietary information and is provided for the use of the
> intended recipient only. Any review, retransmission or dissemination of this
> information by anyone other than the intended recipient is prohibited. If you
> receive this email in error, please contact the sender and delete this
> communication and any copies immediately. Thank you.
>
> http://www.encana.com

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Puppet on Centos 6.0

[Alexandre]

Hi trey,

I put it here:  https://github.com/alexfouche/rvm


On 19 oct, 21:07, Robert Mortimer  wrote:
> I got it installed in the end:
>
> 1) Only install dev libraries for the architecture you are using (gcc
> and mysql dev)
> 2) Gems from source (not RPM) were used
> 3) Active record can not be the latest version (down grade was required)
>
> The only other option is to roll your own RPM or scavenge them from
> elsewhere on the net. As that can screw up the whole OS update I would
> avoid it unless you have a development environment and lots of time.
> It is not ideal and I do feel that if puppet is in the EPEL then the
> required ruby dependencies should be there but I only run one puppet
> server and a moderate number of clients so this is not a project I
> would take on.
>
> My contribution when I get a moment will be a how-to to prevent
> someone else going through my pain
>
> 
>
> On 19 October 2011 11:21, Alexandre  wrote:
>
>
>
>
>
>
>
> > Why not use RVM ? It wll be easy to create a ruby env with its gems.
> > It is in /usr/local and completely independant from the system ruby
> > and all gems. I enforce not putting any files on the system which are
> > not part of a RPM.
>
> > For example, i use the puppetmaster and puppet rpms, so that both run
> > and use the standard ruby 1.8.7 without any need of gem (i do not use
> > mysql). But for the cloud provisioner that needs a lot of gems which
> > do not exist as RPM, i put RVM and told it to have a ruby-1.8.7 with
> > my needed gems. I put the default on rvm to keep using the default
> > ruby, so that it will not impact on anything for my system, but i
> > created a RVM wrapper for the second ruby, so that that i use this
> > wrapper to run my puppet command when needing to do cloud actions.
>
> > You could have a similar setup, but having your puppetmaster and
> > puppet client using the rvm wrapped ruby and gems (eg the mysql gem),
> > and you will not have to worry about trashing your system with files
> > not part of RPMs
>
> > I have a Puppet recipe to install rvm, manage rubies, gems, etc...
> > Tell me if you are interested, i could post it
>
> > On 18 oct, 23:56, jcbollinger  wrote:
> >> On Oct 18, 11:43 am, Michael Stahnke  wrote:
>
> >> > On Tue, Oct 18, 2011 at 6:19 AM, jcbollinger  
> >> > wrote:
> >> [...]
> >> > > I, on the other hand, would recommend avoiding gems altogether if
> >> > > you're using the system's Ruby (i.e. one you installed from an RPM,
> >> > > whether via yum or otherwise).  Ruby modules installed via RPM are not
> >> > > (should not be) gems.  Using both gem and rpm to manage the same Ruby
> >> > > installation is begging for trouble.
>
> >> > Why?  The packages of many ruby libraries are basically gems wrapped
> >> > in RPM.  Basically it allows the library/tool to be registered with
> >> > the RPM and gem database.  I admit it's not my favorite thing to have
> >> > gems (and not RPMs), but technically there is almost nothing wrong
> >> > with it, other than future RPMs can't depend on something from a gem
> >> > install only.
>
> >> As others have described, if you use gems and RPMs on the same Ruby
> >> installation then you have two different sources of truth.  They can
> >> and will disagree about what modules (to use a somewhat generic term)
> >> are installed.  Their respective repositories can and will provide
> >> different versions of some modules, and different configurations of
> >> some other modules.  Using both together on the same Ruby installation
> >> can and will make a hash of your Ruby library.  Eventually.  If you're
> >> lucky, you'll notice.
>
> >> Even RPMs registering their Ruby payloads with the gem database does
> >> not solve the problem, because gem is not so accommodating about
> >> synchronizing the RPM database.  In any case, it is not safe to assume
> >> that *all* RPMs with Ruby payloads will install modules as gems.
>
> >> > There are plenty of other debates about rubygems, and whether or not
> >> > they are useful or helpful or anything.  But as far as having a system
> >> > with ruby and using to gem to install things, it will work and is
> >> > always all that bad.
>
> >> Please don't misunderstand: I have no particular complaint about gem
> >> itself.  If you want all its gemtacular goodness then install a local
> >> Ruby build and go wild in it wit

[Puppet Users] Re: How to know the generated certname used by a puppet client, for reuse within erb (because of cloud provisioner) ?

[Alexandre]

Great, i had not seen this one, thank you !

On 19 oct, 18:18, Nigel Kersten  wrote:
> On Wed, Oct 19, 2011 at 2:06 AM, Alexandre Fouché <
>
>
>
>
>
>
>
>
>
> alexandre.fou...@gmail.com> wrote:
> > Hi,
>
> > I am using the cloud provisioner to bootstrap some ec2 nodes, and these
> > clients are signed using a randomly generated certname, which is put in
> > /etc/puppet.conf at the bootstrap time (eg certname =
> > d7bcd693-73fd-495f-0876-ff91ea1e).
>
> > But my puppet code repo also manages the puppet.conf file, so the file will
> > be overwritten on the client at the first puppet run. Nevertheless, i should
> > not lose what was the original certname for this client, because i need to
> > insert it in the puppet.conf.erb that will be pushed to this client,
> > otherwise the puppetmaster will not recognize and allow this client anymore.
>
> > I ran "facter" on the client, and the certname does not appear. I ran
> > "puppet --genconfig |grep certname" and the certname does not appear either.
> > I can not check the cert name in /var/lib/puppet/ssl/certs because the cert
> > will appear after first puppet run.
>
> > Is there a way to to know what certname is using a puppet client, and be
> > able to use it in erb templates, or am using puppet and the cloud
> > provisioner in a wrong way ?
>
> http://docs.puppetlabs.com/guides/faq.html#are-there-variables-availa...
>
> $clientcert — Provided by the agent; contains the agent node’s certname.
> Added in Puppet 2.6.0.
>
>
>
> > AF
>
> >  --
> > You received this message because you are subscribed to the Google Groups
> > "Puppet Users" group.
> > To post to this group, send email to puppet-users@googlegroups.com.
> > To unsubscribe from this group, send email to
> > puppet-users+unsubscr...@googlegroups.com.
> > For more options, visit this group at
> >http://groups.google.com/group/puppet-users?hl=en.
>
> --
> Nigel Kersten
> Product Manager, Puppet Labs

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] EC2 bootstrap: chicken and egg problem with login as ec2-user and sudoers "requiretty"

[Alexandre]

Hi,

I was previously using an EC2 AMI where i was logging as root, and i
could bootstrap nodes.
I am now using Amazon AMIs ( http://aws.amazon.com/fr/amazon-linux-ami
) and they require login as ec2-user.
The problem is that if i run puppet node bootstrap --login ec2-user,
it will detect it and run my install script as with sudo, which is
fine, but sudo will not run it because it is configured by default to
disallow sudo commands without a tty ( requiretty in /etc/sudoers ).
And i can not change the sudoers within my script, since it could not
be executed !

Does anyone else is bootstrapping Amazon AMIs with login as ec2-user ?
How do you do ?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Puppet on Centos 6.0

[Alexandre]

Why not use RVM ? It wll be easy to create a ruby env with its gems.
It is in /usr/local and completely independant from the system ruby
and all gems. I enforce not putting any files on the system which are
not part of a RPM.

For example, i use the puppetmaster and puppet rpms, so that both run
and use the standard ruby 1.8.7 without any need of gem (i do not use
mysql). But for the cloud provisioner that needs a lot of gems which
do not exist as RPM, i put RVM and told it to have a ruby-1.8.7 with
my needed gems. I put the default on rvm to keep using the default
ruby, so that it will not impact on anything for my system, but i
created a RVM wrapper for the second ruby, so that that i use this
wrapper to run my puppet command when needing to do cloud actions.

You could have a similar setup, but having your puppetmaster and
puppet client using the rvm wrapped ruby and gems (eg the mysql gem),
and you will not have to worry about trashing your system with files
not part of RPMs

I have a Puppet recipe to install rvm, manage rubies, gems, etc...
Tell me if you are interested, i could post it



On 18 oct, 23:56, jcbollinger  wrote:
> On Oct 18, 11:43 am, Michael Stahnke  wrote:
>
> > On Tue, Oct 18, 2011 at 6:19 AM, jcbollinger  
> > wrote:
> [...]
> > > I, on the other hand, would recommend avoiding gems altogether if
> > > you're using the system's Ruby (i.e. one you installed from an RPM,
> > > whether via yum or otherwise).  Ruby modules installed via RPM are not
> > > (should not be) gems.  Using both gem and rpm to manage the same Ruby
> > > installation is begging for trouble.
>
> > Why?  The packages of many ruby libraries are basically gems wrapped
> > in RPM.  Basically it allows the library/tool to be registered with
> > the RPM and gem database.  I admit it's not my favorite thing to have
> > gems (and not RPMs), but technically there is almost nothing wrong
> > with it, other than future RPMs can't depend on something from a gem
> > install only.
>
> As others have described, if you use gems and RPMs on the same Ruby
> installation then you have two different sources of truth.  They can
> and will disagree about what modules (to use a somewhat generic term)
> are installed.  Their respective repositories can and will provide
> different versions of some modules, and different configurations of
> some other modules.  Using both together on the same Ruby installation
> can and will make a hash of your Ruby library.  Eventually.  If you're
> lucky, you'll notice.
>
> Even RPMs registering their Ruby payloads with the gem database does
> not solve the problem, because gem is not so accommodating about
> synchronizing the RPM database.  In any case, it is not safe to assume
> that *all* RPMs with Ruby payloads will install modules as gems.
>
> > There are plenty of other debates about rubygems, and whether or not
> > they are useful or helpful or anything.  But as far as having a system
> > with ruby and using to gem to install things, it will work and is
> > always all that bad.
>
> Please don't misunderstand: I have no particular complaint about gem
> itself.  If you want all its gemtacular goodness then install a local
> Ruby build and go wild in it with gems.  As long as you put it in a
> reasonable place (e.g. /usr/local) no RPM will touch it, so no
> problem.
>
> Of course, you have no obligation whatever to do as I advise.  If you
> choose to use both gems and RPMs on the same Ruby then I wish you luck
> -- you're a braver man than I.
>
> John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Puppet on Centos 6.0

[Alexandre]

Why not use RVM ? It wll be easy to create a ruby env with its gems.
It is in /usr/local and completely independant from the system ruby
and all gems. I enforce not putting any files on the system which are
not part of a RPM.

For example, i use the puppetmaster and puppet rpms, so that both run
and use the standard ruby 1.8.7 without any need of gem (i do not use
mysql). But for the cloud provisioner that needs a lot of gems which
do not exist as RPM, i put RVM and told it to have a ruby-1.8.7 with
my needed gems. I put the default on rvm to keep using the default
ruby, so that it will not impact on anything for my system, but i
created a RVM wrapper for the second ruby, so that that i use this
wrapper to run my puppet command when needing to do cloud actions.

You could have a similar setup, but having your puppetmaster and
puppet client using the rvm wrapped ruby and gems (eg the mysql gem),
and you will not have to worry about trashing your system with files
not part of RPMs

I have a Puppet recipe to install rvm, manage rubies, gems, etc...
Tell me if you are interested, i could post it


On 18 oct, 23:56, jcbollinger  wrote:
> On Oct 18, 11:43 am, Michael Stahnke  wrote:
>
> > On Tue, Oct 18, 2011 at 6:19 AM, jcbollinger  
> > wrote:
> [...]
> > > I, on the other hand, would recommend avoiding gems altogether if
> > > you're using the system's Ruby (i.e. one you installed from an RPM,
> > > whether via yum or otherwise).  Ruby modules installed via RPM are not
> > > (should not be) gems.  Using both gem and rpm to manage the same Ruby
> > > installation is begging for trouble.
>
> > Why?  The packages of many ruby libraries are basically gems wrapped
> > in RPM.  Basically it allows the library/tool to be registered with
> > the RPM and gem database.  I admit it's not my favorite thing to have
> > gems (and not RPMs), but technically there is almost nothing wrong
> > with it, other than future RPMs can't depend on something from a gem
> > install only.
>
> As others have described, if you use gems and RPMs on the same Ruby
> installation then you have two different sources of truth.  They can
> and will disagree about what modules (to use a somewhat generic term)
> are installed.  Their respective repositories can and will provide
> different versions of some modules, and different configurations of
> some other modules.  Using both together on the same Ruby installation
> can and will make a hash of your Ruby library.  Eventually.  If you're
> lucky, you'll notice.
>
> Even RPMs registering their Ruby payloads with the gem database does
> not solve the problem, because gem is not so accommodating about
> synchronizing the RPM database.  In any case, it is not safe to assume
> that *all* RPMs with Ruby payloads will install modules as gems.
>
> > There are plenty of other debates about rubygems, and whether or not
> > they are useful or helpful or anything.  But as far as having a system
> > with ruby and using to gem to install things, it will work and is
> > always all that bad.
>
> Please don't misunderstand: I have no particular complaint about gem
> itself.  If you want all its gemtacular goodness then install a local
> Ruby build and go wild in it with gems.  As long as you put it in a
> reasonable place (e.g. /usr/local) no RPM will touch it, so no
> problem.
>
> Of course, you have no obligation whatever to do as I advise.  If you
> choose to use both gems and RPMs on the same Ruby then I wish you luck
> -- you're a braver man than I.
>
> John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: How to know the generated certname used by a puppet client, for reuse within erb (because of cloud provisioner) ?

[Alexandre]

I created a feature request https://projects.puppetlabs.com/issues/10167

On 19 oct, 11:06, Alexandre Fouché  wrote:
> Hi,
>
> I am using the cloud provisioner to bootstrap some ec2 nodes, and these
> clients are signed using a randomly generated certname, which is put in
> /etc/puppet.conf at the bootstrap time (eg certname =
> d7bcd693-73fd-495f-0876-ff91ea1e).
>
> But my puppet code repo also manages the puppet.conf file, so the file will
> be overwritten on the client at the first puppet run. Nevertheless, i should
> not lose what was the original certname for this client, because i need to
> insert it in the puppet.conf.erb that will be pushed to this client,
> otherwise the puppetmaster will not recognize and allow this client anymore.
>
> I ran "facter" on the client, and the certname does not appear. I ran
> "puppet --genconfig |grep certname" and the certname does not appear either.
> I can not check the cert name in /var/lib/puppet/ssl/certs because the cert
> will appear after first puppet run.
>
> Is there a way to to know what certname is using a puppet client, and be
> able to use it in erb templates, or am using puppet and the cloud
> provisioner in a wrong way ?
>
> AF

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] How to know the generated certname used by a puppet client, for reuse within erb (because of cloud provisioner) ?

[Alexandre Fouché]

Hi,

I am using the cloud provisioner to bootstrap some ec2 nodes, and these
clients are signed using a randomly generated certname, which is put in
/etc/puppet.conf at the bootstrap time (eg certname =
d7bcd693-73fd-495f-0876-ff91ea1e).

But my puppet code repo also manages the puppet.conf file, so the file will
be overwritten on the client at the first puppet run. Nevertheless, i should
not lose what was the original certname for this client, because i need to
insert it in the puppet.conf.erb that will be pushed to this client,
otherwise the puppetmaster will not recognize and allow this client anymore.

I ran "facter" on the client, and the certname does not appear. I ran
"puppet --genconfig |grep certname" and the certname does not appear either.
I can not check the cert name in /var/lib/puppet/ssl/certs because the cert
will appear after first puppet run.

Is there a way to to know what certname is using a puppet client, and be
able to use it in erb templates, or am using puppet and the cloud
provisioner in a wrong way ?

AF

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: More changes on yum.puppetlabs.com

[Alexandre]

ah so that's why i could not find it at first. Somewhere in the Cloud
provisioner or Dashboard or documentation, there were links
to ...prosvc...


On 6 oct, 19:34, Michael Stahnke  wrote:
> Greetings,
>
> I'd like to remove the cruft (no longer maintained) areas of
> yum.puppetlabs.com.  I fear they only cause confusion and offer
> less-than-desirable experience for our users.
>
> I'd like to remove
>
> /base
> /prosvc
> /porsvc.unsigned
> /SRMS
> /sources
>
> I'd like to do this some time next week. The stuff mostly found in
> base is available elsewhere and signed properly.  The prosvc stuff has
> been largely unmaintained.  The /SRPMS folder is now broken out into
> each distribution area, so this high-level directory isn't needed.
> The /sources directory contains a very incomplete listing of source.
> We have that available either via SRPMS or at downloads.puppetlabs.com
>
> This will basically keep:
>
> /el (stuff for RHEL, CentOS, Scientific, Oracle Linux etc)
> /fedora
>
> For specific feedback on this change, you can 
> updatehttp://projects.puppetlabs.com/issues/8473or you can reply to this
> thread.
>
> NOTE:
> There's been some discussion about other package platforms,
> Debian/Ubuntu, Solaris, etc.  There are plans to begin working on
> making those packages readily available (working with the community),
> however it's time permitting still.
>
> Mike

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Reusing host names with puppet and SSL certificates

[Alexandre Fouché]

As far as i could see, the Puppet cloud provisionner also generates a random
name and creates a certificate request based on it. Then Puppet client is
run with the certname option, set with this previously generated hostname


2011/10/17 James A. Peltier 

> - Original Message -
> |
> | Is there a best practice or a solution for this problem? I do need to
> | use
> | the same hostnames sometimes for instances that generate new
> | certificates
> | when they come up, I've been trying to clean the certificates once in
> | a
> | while for instances that are no longer responding but that didn't go
> | very
> | well and I also understand that I need to restart the master in order
> | for
> | that to take effect which I don't want to do.
> |
> | Once solution that I thought about is to generate a certificate for
> | each
> | hostname and make sure that when an instance comes up it gets the
> | specific
> | certificate that was already generated and signed by the master. Is
> | this a
> | good idea? Any other thoughts about this?
> |
> | Thanks,
> | Galed.
> |
>
> I use server generated certificates and copy those certificates to the host
> upon re-install.  Works very well for me.
>
> --
> James A. Peltier
> IT Services - Research Computing Group
> Simon Fraser University - Burnaby Campus
> Phone   : 778-782-6573
> Fax : 778-782-3045
> E-Mail  : jpelt...@sfu.ca
> Website : http://www.sfu.ca/itservices
>  http://blogs.sfu.ca/people/jpeltier
> I will do the best I can with the talent I have
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet cant find a class

[Alexandre Fouché]

Sorry, it does not help with the problem, but some time ago, i think i had
something similar.

I had a module+class which is perfectly working, and which was included in
the node code. But if this class was in included in another class, it could
not be found and puppet run failed. I had no choice but to include it at the
node level for it to be found and included.


2011/10/13 Nan Liu 

> On Wed, Oct 12, 2011 at 2:31 PM, Boskey  wrote:
> > Hi,
> >
> > I am having trouble getting puppet to find a class thats defined in
> > one of the modules.I have a module/folder called 'webserver' in /etc/
> > puppet/modules/, which has a init.pp file with the below content
> >
> > class webserver{
> > file {'test.txt':
> >path => '/etc/test.txt',
> >ensure => present,
> >mode => 0640,
> >source => "puppet:///webserver/test.txt"
> > }
> > }
>
> The code above should be located in
> /etc/puppet/modules/webserver/manifests/init.pp
>
> Move the test.txt to /etc/puppet/modules/webserver/files/test.txt and
> update your source to:
> puppet:///modules/webserver/test.txt
>
> > I have a nodes.pp file with
> >
> > node basenode {
> >include webserver
> > }
> >
> > node 'puppet-client02.eng.xyz.com'inherits basenode {
> > }
> >
> > node 'puppet-client.eng.xyz.com'inherits basenode  {
> >
> >
> > And the site.pp, file has
> >
> > -SNIP-
> > import "modules"
> > import "nodes"
> > -SNIP-
>
> You don't need either import statement.
>
> HTH,
>
> Nan
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Better solution for puppet SVN releases

[Alexandre Fouché]

I had a similar problem, i use Git, and i though i could use branches and
Git tricks, but it does not mixes well with Puppet environments. What i do
below permits to use many puppet code branches, while having my puppetmaster
serve all different branches at the same time using environments

In my case, my puppetmaster does not checkout/pull from a code repo, but
could, it does not matter. So in my case, i do a rsync --delete  of my
current workingdir from my workstation to the puppetmaster
/etc/puppet/environments/{manifests,modules}. My puppetmaster has
environments configured, so it can have test environments for the work in
progress, and the production environment. The environments permits to have
many copies of my puppet manifests and modules for the staging or testing
puppet clients, while still being able to serve a Production environment to
the prod puppet clients

On my workstation, i commit only when i am sure and everything is tested,
and this completely independant from what is on the puppetmaster. As an
improvement and for better traceability, i might setup my Production puppet
environment as a code repo checkout of my master branch or some tag. I would
not do it for the test environments, because like you, i do not want to have
to commit many small commits to be able to checkout/pull on the puppetmaster

My puppet environments are rsynced like this. I have a script (which i will
probably put on github once i have time, along with all my recipes) which
creates a environments/directory and rsyncs directly into it, and change the
/etc/puppet.conf to set the environment (from an puppet.conf.erb)

# ls -ld /etc/puppet/environments/*
lrwxrwxrwx. 1 root puppet   11 Jul 25
14:47*/etc/puppet/environments/production -> /etc/puppet
*
drwxr-xr-x. 4 root root   4096 Aug  7 07:45
/etc/puppet/environments/alex
drwxr-xr-x. 4 root root   4096 Sep 26 11:58
/etc/puppet/environments/alextest
drwxr-xr-x. 4 root root   4096 Aug 19 07:51
/etc/puppet/environments/staging

# find -type d /etc/puppet/
/etc/puppet/
/etc/puppet/modules
/etc/puppet/modules/java
/etc/puppet/modules/java/manifests
/etc/puppet/modules/bluepill
/etc/puppet/modules/bluepill/files
/etc/puppet/modules/bluepill/manifests
/etc/puppet/modules/mongodb
(...)
/etc/puppet/manifests
/etc/puppet/manifests/nodes
/etc/puppet/manifests/classes
(...)
/etc/puppet/environments
/etc/puppet/environments/staging
/etc/puppet/environments/staging/modules
/etc/puppet/environments/staging/modules/java
/etc/puppet/environments/staging/modules/java/manifests
/etc/puppet/environments/staging/modules/bluepill
/etc/puppet/environments/staging/modules/bluepill/files
/etc/puppet/environments/staging/modules/bluepill/manifests
/etc/puppet/environments/staging/modules/mongodb
(...)
/etc/puppet/environments/staging/manifests
/etc/puppet/environments/staging/manifests/nodes
/etc/puppet/environments/staging/manifests/classes
(...)
/etc/puppet/environments/alextest
/etc/puppet/environments/alextest/modules
/etc/puppet/environments/alextest/modules/java
/etc/puppet/environments/alextest/modules/java/manifests
/etc/puppet/environments/alextest/modules/bluepill
/etc/puppet/environments/alextest/modules/bluepill/files
/etc/puppet/environments/alextest/modules/bluepill/manifests
(...)
/etc/puppet/environments/alextest/manifests
/etc/puppet/environments/alextest/manifests/nodes
/etc/puppet/environments/alextest/manifests/classes
(...)
/etc/puppet/environments/alex
/etc/puppet/environments/alex/modules
/etc/puppet/environments/alex/modules/mongodb
/etc/puppet/environments/alex/modules/mongodb/manifests
(...)



2011/10/18 Andreas Paul 

> Hi,
>
> we are currently managing our puppet modules with one SVN workspace for
> each admin.
> The post commit hook script updates /etc/puppet/ directory and triggers the
> puppet kick of the correct server.
>
> The problem we have with this solution is that sometimes there are many
> small checkins to one change, because the admin forgot to change small
> details in the config file, e.g. forgot to change the access logfile name of
> the vHost, forgot a redirect, misspelling in the comments etc.
>
> What we end up with are many micro checkins, which can be used to tell
> every small mistake the admin has done.
>
> What we want is a solution which lets the admin test his changes on one
> server without checking these changes into the "main" SVN repository.
> So that the SVN repository only contains the final releases of the changes.
>
>
> I have to say that we also manage the dev and QA servers with this
> puppetmaster. Would dividing of these different stages into puppet
> environments help us?
> What I really want to know is, do you understand my problem and if you had
> the same problem, how did you solve it? SVN branches? Multiple
> puppetmasters, one 

Re: [Puppet Users] How to inherit a parameterized class ? What is the syntax ?

[Alexandre Fouché]

Hi,

The 3rd option is interesting, i should try it to see.

So far i had tried a similar way, with a "realize", but instead of
overriding the content file, i had some conditional blocks with a variable
in the puppet.conf.erb file. And it did not work, because it seems the
variable was never known at the time of the first "realize" call (by the
class puppet). But with a content overide, it should work, i suppose


2011/10/13 Nan Liu 

> On Thu, Oct 13, 2011 at 3:16 AM, Alexandre 
> wrote:
> > Hi,
> >
> > I am trying to manage the puppet.conf file, but both my classes
> > 'puppet' and 'puppet::master' need to manage it. Basically, the class
> > 'puppet::master' should be able to override the resource, which could
> > be done by inheritance.
> > My problem is that my class 'puppet' is a parameterized class:
> >
> >class puppet ( $puppetmaster_fqdn ) {
> >file { '/etc/puppet/puppet.conf':
> >content => template('puppet/puppet.conf.erb'),
> >}
> ># (...)
> >}
> >
> > and so, i don't find any syntax to inherit from it:
> >
> >class puppet::master ( $with_dashboard  = 'yes',
> >   $with_cloud_provisioner  = 'no'
> > ) inherits puppet {
> ># (...)
> >}
> >
> > fails with
> >
> >err: Could not retrieve catalog from remote server: Error 400 on
> > SERVER: Must pass puppetmaster_fqdn to Class[Puppet] at /etc/puppet/
> > modules/puppet/manifests/puppet.pp:1 on node (...)
> >
> > I tried different ways to declare my class 'puppet::master', but i do
> > not find the right syntax, it always fails
> >
> >class puppet::master ( $puppetmaster_fqdn   = 'something',
> >   $with_dashboard  = 'yes',
> >   $with_cloud_provisioner  = 'no'
> > ) inherits puppet {
> ># (...)
> >}
> >
> >class puppet::master ( $with_dashboard  = 'yes',
> >   $with_cloud_provisioner  = 'no'
> > ) inherits puppet( puppetmaster_fqdn =>
> > 'something' ) {
> ># (...)
> >}
> >
> > What is the good syntax for that ?
>
> There's probably three ways to tackle it:
> 1. have the puppet class write a file called puppet.conf.agent, and
> the master class write puppet.conf.master and cat puppet.conf.* >
> puppet.conf.
> 2. use a variable and add some logic to the ERB template.
> 3. use the following syntax (be aware it realize and override):
>
> In class puppet::master:
>
> File <| title=='/etc/puppet/puppet.conf' |> {
>  content => template('puppet/puppetmaster.conf.erb'),
> }
>
> HTH,
>
> Nan
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: How to inherit a parameterized class ? What is the syntax ?

[Alexandre Fouché]

Hi all, thanks for your answers,

After some though and to keep it simple, i think the simplest way is to
simply merge the two classes as you proposed, and decide the behaviour with
a parameter.
As stupid as it is, i admit i did not even though about it, i was seeing my
current puppet class organisation and tried to go from there, but i should
have seen from a bit higher and rethink how to solve the problems from my
requirements and not from what i already had coded !

2011/10/14 jcbollinger 

>
>
> On Oct 13, 5:16 am, Alexandre  wrote:
> > Hi,
> >
> > I am trying to manage the puppet.conf file, but both my classes
> > 'puppet' and 'puppet::master' need to manage it. Basically, the class
> > 'puppet::master' should be able to override the resource, which could
> > be done by inheritance.
> > My problem is that my class 'puppet' is a parameterized class:
> >
> > class puppet ( $puppetmaster_fqdn ) {
> > file { '/etc/puppet/puppet.conf':
> > content => template('puppet/puppet.conf.erb'),
> > }
> > # (...)
> > }
> >
> > and so, i don't find any syntax to inherit from it:
> >
> > class puppet::master ( $with_dashboard  = 'yes',
> >$with_cloud_provisioner  = 'no'
> >  ) inherits puppet {
> > # (...)
> > }
> >
> > fails with
> >
> > err: Could not retrieve catalog from remote server: Error 400 on
> > SERVER: Must pass puppetmaster_fqdn to Class[Puppet] at /etc/puppet/
> > modules/puppet/manifests/puppet.pp:1 on node (...)
> >
> > I tried different ways to declare my class 'puppet::master', but i do
> > not find the right syntax, it always fails
> >
> > class puppet::master ( $puppetmaster_fqdn   = 'something',
> >$with_dashboard  = 'yes',
> >$with_cloud_provisioner  = 'no'
> >  ) inherits puppet {
> > # (...)
> > }
> >
> > class puppet::master ( $with_dashboard  = 'yes',
> >$with_cloud_provisioner  = 'no'
> >  ) inherits puppet( puppetmaster_fqdn =>
> > 'something' ) {
> > # (...)
> > }
> >
> > What is the good syntax for that ?
> >
> > Note also that i tried to work around the problem by using a virtual
> > resource for my File['/etc/puppet.conf'], and realize it in both
> > classes (without inheritance) but it did not end up as i wished. It
> > worked, but the templated file missed the content which should have
> > been triggered by the variables $with_dashboard from class
> > 'puppet::master'
>
>
> To the best of my knowledge, you cannot inherit from a parameterized
> class.  It is one of the lesser of the several reasons I don't like
> them.
>
> There are a few of ways you can approach the problem:
>
> 1) Merge everything into one class.  Use variables / external data /
> parameters to determine whether to include the puppetmaster parts.
> This is more or less Nan's #2.
>
> 2) Remove your class parameterization, at least of the class
> puppet::puppet, so that class puppet::master can inherit from it.
> Class puppet::puppet can obtain an needed data from global variables
> or from an external source (i.e. via extlookup() or hiera).
>
> 3) Model separate sections of puppet.conf as separate resources,
> using, for instance, the Puppet-concat module.  This is similar to
> Nan's #1, but managed at a higher level.
>
> I do not recommend Nan's #3 (overriding a resource parameter when you
> realize File['/etc/puppet/puppet.conf']) because it's a maintenance
> problem waiting to bite you.  With that said, however, it probably
> does perform the job you want.
>
>
> John
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] How to divide the puppet.conf file in multiple files ?

[Alexandre]

Hi,

How can i divide my puppet.conf file in multiple files ?
I would like to have the [main] and [agent] section in puppet.conf and
[master] in puppetmaster.conf for example. I could call sone "include"
or "import"  statement inside  puppet.conf to include the content of
puppetmaster.conf in my configuration

Not sure if this is a stupid question, but i could not find any
"include" or "import" statement in the man page of puppet.conf

Alex

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] How to inherit a parameterized class ? What is the syntax ?

[Alexandre]

Hi,

I am trying to manage the puppet.conf file, but both my classes
'puppet' and 'puppet::master' need to manage it. Basically, the class
'puppet::master' should be able to override the resource, which could
be done by inheritance.
My problem is that my class 'puppet' is a parameterized class:

class puppet ( $puppetmaster_fqdn ) {
file { '/etc/puppet/puppet.conf':
content => template('puppet/puppet.conf.erb'),
}
# (...)
}

and so, i don't find any syntax to inherit from it:

class puppet::master ( $with_dashboard  = 'yes',
   $with_cloud_provisioner  = 'no'
 ) inherits puppet {
# (...)
}

fails with

err: Could not retrieve catalog from remote server: Error 400 on
SERVER: Must pass puppetmaster_fqdn to Class[Puppet] at /etc/puppet/
modules/puppet/manifests/puppet.pp:1 on node (...)

I tried different ways to declare my class 'puppet::master', but i do
not find the right syntax, it always fails

class puppet::master ( $puppetmaster_fqdn   = 'something',
   $with_dashboard  = 'yes',
   $with_cloud_provisioner  = 'no'
 ) inherits puppet {
# (...)
}

class puppet::master ( $with_dashboard  = 'yes',
   $with_cloud_provisioner  = 'no'
 ) inherits puppet( puppetmaster_fqdn =>
'something' ) {
# (...)
}

What is the good syntax for that ?


Note also that i tried to work around the problem by using a virtual
resource for my File['/etc/puppet.conf'], and realize it in both
classes (without inheritance) but it did not end up as i wished. It
worked, but the templated file missed the content which should have
been triggered by the variables $with_dashboard from class
'puppet::master'

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Creating Users and Hashing it's password.

[Alexandre Martani]

On Ubuntu/Debian, you can generate the hash using:

mkpasswd -m sha-512

I don't know if it works on Mac, but the output of it looks like the same as 
the examples posted on this topic, so I think it should work.*
*

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/xhepExgRm0AJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: How to override / redefine outside child class (usecase and example detailled)

[Alexandre]

Yes, i try to be as modular and generic as possible. I do not put
anything global, every thing is either a class or a define, and
variables are usually only set in nodes, either as flags or to be used
in templates. The only exception are the global variables (eg
$_service_is_managed_mysqld=1) , which i described above but i removed
them because the whole thing is too convoluted and does not work
anyway.

On Dec 18, 1:57 am, jcbollinger  wrote:
> On Dec 17, 8:34 am, jcbollinger  wrote:
>
> > On Dec 16, 9:17 pm, Alexandre  wrote:
> > [...]
>
> > > because otherwise Puppet would complain at -parsing- time, not execute
> > > time, since it does not want to have the same ressource(here service)
> > > declared twice, even if one is not included for the node,
>
> > Puppet does not exhibit this problem for me.  The only way I have been
> > able to elicit a resource conflict error from Puppet is to have one
> > node include two classes each declaring a resource of the same type
> > and name.
>
> I just had an additional thought about this one: are you putting all
> your declarations into classes?  Anything that is outside a class
> definition is global, so if that file is parsed, such resources (and
> variables, etc.) apply to all nodes.
>
> Incidentally, please do not take this as a cue to attempt to influence
> global declarations by controlling which files get parsed.  You will
> drive yourself nuts that way.  For the most part, you should just put
> everything into classes.  There are some uses for global declarations,
> but all the ones I can think of have these characteristics:
>
> 1) not harmful if applied when unneeded
> 2) certain to be parsed if needed
>
> Resource parameter defaults can sometimes fall into this category, for
> instance.
>
> John

--

You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: How to override / redefine outside child class (usecase and example detailled)

[Alexandre]

it was because the  case

$mysql_enabled = 1
class mysql::server {
service{mysqld:   blablabla  activate}
}

class stripdown{
if $mysql_enabled == 1 {
service{mysqld:   blablabla  deactivate}
}
}

node somenode {
include mysql::server
include stripdown
}

So you see in the case above, the parser will fail because service
[mysql] is included and defined twice (of course, since it is grammar
parser and not an AI ;-). But it would have worked if executed
( But i know the whole thing with variables is maybe a wrong
implementation of the problem )


On Dec 17, 10:34 pm, jcbollinger  wrote:
> On Dec 16, 9:17 pm, Alexandre  wrote:
> [...]
>
> > because otherwise Puppet would complain at -parsing- time, not execute
> > time, since it does not want to have the same ressource(here service)
> > declared twice, even if one is not included for the node,
>
> Puppet does not exhibit this problem for me.  The only way I have been
> able to elicit a resource conflict error from Puppet is to have one
> node include two classes each declaring a resource of the same type
> and name.  It is not enough to cause such an error (in my tests)
> simply for two classes to define the same resource -- both must be
> included in the same node to get the error.  If you find differently
> then I encourage you to file a bug report.
>
> John

--

You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: How to override / redefine outside child class (usecase and example detailled)

[Alexandre]

Yes, in fact this is exactly what i have for the services -i want to
install or manage-. A base class with common stuff (eg mysql user,
group, pkg, test directories ... and service disabled by default), and
a child class ...::server with typically just include the service
specific config file and override Service[] to enable it

But this was not my original problem. Let's take an example :
 1) i want to apply a general linux stripdown
 2) i get a server, which had already stuff on it, maybe services
activated but not used, and on which sometimes people get on and
modify things (file permissions, start services, ...)
 3) I want to apply the general stripdown to this server, without
having to know what is there and create a special stripdown just for
this server
 4) I still want to install or activate services on this server, while
having the general stripdown still active

So far i can do 1), 2) and 3) with puppet, very simply. My problem is
4). All implementations of 4) i saw in this discussion say i have for
each node, specify exactly what i want to disable and enable, so that
if i have 100 nodes, i have to create 100 different stripdown.
While it is easy saying a node what it should include so that it
provides the needed services, it is big task and unmaintanable to
specify exhaustively what nodes should not include. Especially that
these nodes are used by some people that need some priviledges, but do
not always clean after work or are not sysadmins



On Dec 17, 4:51 pm, Peter Meier  wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> > [...]
> >     I think this is good general practice of sysadmin to ensure
> > everything on a linux system that is not needed should be removed,
> > restricted or disabled (services, users, dir permissions). As we see
> > here, it seems Puppet can not fullfill this need, except by listing
> > explicitely and exhaustively what needs to be or not be activated for
> > each node. So of course, one way or another, there is a place where i
> > need to tell what should be stripdowned. But i want it to be accepted
> > as the default -state- of the node, unless specified otherwise by
> > including a class which redefines some of the ressources that need to
> > be activated. I do not want my nodes.pp to be 100 lines and
> > unmaintanable.
>
> How about doing it the other way round? Generally include the
> stripped-down classes and then include additionally per node the mysql
> class which  inherits the stripped down class but overwrites the
> resources to manage mysql:
>
> node default {
>   include configsets
>
> }
>
> node mysqlserver {
>   include configsets::mysqlserver
>
> }
>
> class configsets {
>   include mysql::server
>
> }
>
> class configsets::mysqlserver {
>   include config
>   include mysql::server::present
>
> }
>
> class mysql::server {
>   package{'mysql-server': ensure => absent }
>   service{'mysql-server':
>     ensure => stopped,
>     enable => false,
>     require => Package['mysql-server'],
>   }
>
> }
>
> class mysql::server::present inherits mysql::server {
>   Package['mysql-server']{ ensure => installed }
>   Service['mysql-server']{
>     ensure => running,
>     enable => true,
>   }
>   file{'/etc/my.conf':
>     source => ""
>     notify => Service['mysql-server'],
>   }
>
> }
>
> Naming convention could be better, but I think this should generally
> work. You simply include every resource you manage in the general class
> configsets, which gets applied to every node (also due to inheritance,
> reinclusion) but include the "present" class in nodes that need it.
>
> > I do not want my nodes.pp to be 100 lines and unmaintanable.
>
> I would generally avoid putting too much into nodes. My nodes look like:
>
> node default {
>   $some_var_1 = 'aaa'
>   $some_var_2 = 'bbb'
>   include configsets
>
> }
>
> node foobar {
>   $some_var_1 = 'foo'
>   $some_var_2 = 'bar'
>   include configsets::foobar
>
> }
>
> And all the actual service includes are done in the module called
> configesets, which can have further abstraction like node-types, i.e.
> physical nodes (class is included depending on the virtual fact) etc.,
> inheritance and so on.
>
> Did I miss some circumstances why this shouldn't work?
>
> cheers pete.
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla -http://enigmail.mozdev.org
>
> iEYEARECAAYFAksp8QQACgkQbwltcAfKi383ZwCdHOZO8yYdo6zooR07tgy5OE7/
> ZhgAoJzWrZoO2ikcrO/ZRJVLE/fPcufr
> =/lYm
> -END PGP SIGNATURE-

--

You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: How to override / redefine outside child class (usecase and example detailled)

[Alexandre]

   Yes all of this is very convoluted, but not because of my mind,
just because Puppet PARSER is too strict and prevents states that can
exists in the real.

No, i do not try to use exec to change the change the state of the
service which is -executed- elsewhere (i aggree it would be stupid and
impossible, a ressource can not have two different status at the same
time), but i do use exec to set services that are -declared- elsewhere
in puppet, but not included(executed). So that the state of the
service is the one of the exec. Unfortunately, i had to do that,
because otherwise Puppet would complain at -parsing- time, not execute
time, since it does not want to have the same ressource(here service)
declared twice, even if one is not included for the node, nor be
overriden if not in a child class (and i understand very well the
logic behind that, it makes sense, if we do not consider that we could
assign priorities or precedences on puppet ressources (but then it
could be a mess :-/))

I also checked your solutions, but it does not solve what i wanted
to achieve. What i wanted is per node :
- if i want to include a class (eg mysql::server), then i
include it.
- If it is missing(not included or required by some other
included class), then have the default global stripdown executed.
As i understood, your solution says that if i do not want a
service in a node, then i should include the disabled class (eg
mysql::server::disabled). This is not what i want, what i want is my
nodes definition to be agnostic of what could have been included
previously in the past or may already be present on the server. I do
not want for each node to declare every ressource that exist in my
puppet repo to be disabled (Eg if only 1 node of my 100 needs mysql
running, i do not wish to have to include mysql::server::disabled in
the 99 other nodes definitions. But i want to ensure the mysqld
service is down for these 99 nodes, in case it was running on the node
for whatever reason).
Of course, we need to accept that puppet will try to stripdown
services that are not even installed, but i do not see it as a
problem.

I think this is good general practice of sysadmin to ensure
everything on a linux system that is not needed should be removed,
restricted or disabled (services, users, dir permissions). As we see
here, it seems Puppet can not fullfill this need, except by listing
explicitely and exhaustively what needs to be or not be activated for
each node. So of course, one way or another, there is a place where i
need to tell what should be stripdowned. But i want it to be accepted
as the default -state- of the node, unless specified otherwise by
including a class which redefines some of the ressources that need to
be activated. I do not want my nodes.pp to be 100 lines and
unmaintanable.

I understand the meaning of declarative language. I just miss the
fact that i can not declare something like if something is not
included, then apply this whole set of declarations.
-> Unfortunately for me, there might be a way to do this
"default state"/"included state" scheme in Puppet, or by including
ruby or facter or ..., but i am not a puppet expert. This could maybe
be the subject of another thread


On 15 déc, 22:56, jcbollinger  wrote:
> On Dec 15, 4:03 am, Alexandre  wrote:
>
> >    I though i found a way to do it, and i would like to show it here,
> > but unfortunately it does not exactly work well, see the comment in
> > uppercase: global variables seems to be set even if no class from
> > the .pp file is included.
>
> Yes.  Modules and manifest files do not provide scoping.
>
> >    And i also think now i am going to far into akwardness, just trying
>
> I agree (a bit more on that below).
>
> > to work around some Puppet limitations, or maybe thinking of Puppet
> > beyond its scope, as if it was a full featured language
>
> Puppet is a declarative language.  Users who come from a programming
> background seem sometimes to have difficulty coming to grips with
> that.  If you ever find yourself thinking "how do a make Puppet do
> foo?" then you are off to a wobbly start.  A better question is
> usually "how do I explain foo to Puppet?".
>
> >    I am wondering now if it is always a good idea to try to do
> > everything within Puppet.
>
> Puppet does have limits to what it can do natively for you (though it
> is also highly extensible).  Where it is possible, using Puppet types
> other than Exec to get the work done has several advantages.
>
> [...]
>
> > and ended up having this
> > define only get the parameters and give it all to a deployed script
> > that does the processing (just because i needed to loop on the items
> > of a puppet array).
>
> Puppet is not built to do user-defined proce

[Puppet Users] Re: How to override / redefine outside child class (usecase and example detailled)

[Alexandre]

   I though i found a way to do it, and i would like to show it here,
but unfortunately it does not exactly work well, see the comment in
uppercase: global variables seems to be set even if no class from
the .pp file is included.
   And i also think now i am going to far into akwardness, just trying
to work around some Puppet limitations, or maybe thinking of Puppet
beyond its scope, as if it was a full featured language
   I am wondering now if it is always a good idea to try to do
everything within Puppet. I think if i get time, i will do a generic
script to address this problem, which would be deployed with the usual
set of scripts i deploy on each server, and run it from Puppet. I also
recently went onto another set of Puppet problem, to which i began
implementing a define to do some processing, and ended up having this
define only get the parameters and give it all to a deployed script
that does the processing (just because i needed to loop on the items
of a puppet array).

   Anyway, here was my last, and almost working to get the default
stripdown (shows relevant parts) :

##
## mysqld.pp
##

# This variable is global, not defined inside the class, otherwise it
will never be seen as set, due to the dynamic scope
$_service_is_managed_mysqld=1
class mysql::server inherits mysql {
# (...)
}


##
## stripdown.pp
##

define stripdown_service ( $pattern="" ) {

if $pattern == "" {
exec { "stripdown $name stop":
command => "service $name stop",
onlyif  => "service $name status",
path=> "/usr/bin:/usr/sbin:/bin:/sbin",
}
} else {
exec { "stripdown $name stop":
command => "service $name stop",
onlyif  => "pgrep -f \"$name\"",
path=> "/usr/bin:/usr/sbin:/bin:/sbin",
}
}

exec { "stripdown $name deactivate":
command => "chkconfig $name off",
onlyif  => "chkconfig $name",
path=> "/usr/bin:/usr/sbin:/bin:/sbin",
}
}

class stripdown_services::centos {
service {
"autofs": enable => "false", ensure => "stopped";
"avahi-daemon": enable => "false", ensure => "stopped";
# (...)
}

# THIS $_service_is_managed_xxx THING DOES NOT WORK : EVEN IF NOT
CLASS NOT INCLUDED IN THE NODE, THE VARIABLE SEEMS TO BE SET !!!

if $_service_is_managed_squid != 1 { stripdown_service{squid:} }
if $_service_is_managed_lighttpd != 1 { stripdown_service
{lighttpd: pattern=>"lighttpd.conf"} }
if $_service_is_managed_mysqld != 1 { stripdown_service{mysqld:} }
# (...)
}


--

You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] How to override / redefine outside child class (usecase and example detailled)

[Alexandre]

The use case i try to illustrate is when to declare some item (eq
mysqld service) with a default configuration that could be included on
every node (class stripdown in the example, for basenode), and still
be able to override this same item in some specific class (eg
mysql::server), to be included by specific nodes (eg myserver.local)

I illustrated this use case with the example below. But of course,
Puppet parsing fails because the Service[mysql] is included twice. And
of course, class mysql::server

Is there a way to override the Service["mysql"], or mark it as the
main one, or whatever ?
I was thinking about the virtual items and the realize function, but
it only permits apply an item multiple times, not to redefine or
override.

class stripdown {
service {"mysql": enable => "false", ensure => "stopped" }
}

class mysql::server {
service { mysqld:
enable  => true,
ensure  => running,
hasrestart  => true,
hasstatus   => true,
path=> "/etc/init.d/mysql",
require => Package["mysql-server"],
}
}

node basenode {
include stripdown
}

node myserver.local inherits basenode {
include mysql::server #   <- boom, fails here
because of Service["mysql"] redefinition
}

--

You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Cache puppet files

[Alexandre Nascimento]

Friends,

I Make the update of my files on the puppetmaster server, but servers
customers run the classes that no longer exist.

Someone could help me?

Thank you!

-- 
Alexandre
SlackUser

"Seja Livre, Use Linux!"

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---