[Puppet Users] Exported resources origin
Hi all, I'm trying to find a way to collect exported resources based not only on a tag but also based on the originating node. Currently exported resources can't collected using more than one criteria, but I can get around that by wrapping the resource in a define and exporting that. I can't seem to find a way though to use the host information in the resources table to collect the resources I want. This does nothing: SomeResource | host == some_host | Has anyone tried this before? Thanks in advance for all your help! Cheers, Atha -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: mysql module is not found
Hi Tim, is there a mysql class in your modules/mysql/init.pp manifest? Cheers, Atha On Tuesday, March 1, 2011 at 7:28 PM, Tim Dunphy wrote: hello list! could someone please offer an opinion as to why the mysql module I am attempting to include is not found? ## error [root@pdb1 ~]# puppetd --test err: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find class mysql at /etc/puppet/manifests/nodes.pp:25 on node pdb1.acadaca.net warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run ## nodes.pp node 'pclient.acadaca.net' { include basefiles include baseapps } node 'pclient2.acadaca.net' { include basefiles include baseapps include mysql } node 'pclient4.acadaca.net' { include basefiles include baseapps } node 'mclient.acadaca.net'{ include basefiles include baseapps include webserver } node 'pdb1.acadaca.net' { include basefiles include baseapps include mysql include postfix } node 'kromep1.acadaca.net' { include basefiles include baseapps include webserver } ## mysql module exists [root@puppet ~]# ls -l /etc/puppet/modules/mysql/manifests/init.pp -rw-r--r-- 1 root root 396 Feb 28 18:03 /etc/puppet/modules/mysql/manifests/init.pp thank you kindly in advance! :) -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Syntax error at 'enable'; expected '}'
Hi Tim, you are missing a closing } class baseapps { $packagelist = [ nmap,php-common,php-cli,perl,keychain,screen ] package { $packagelist: ensure = installed } class sshd { case $operatingsystem { centos: { $ssh_packages = [ openssh,openssh-server,openssh-clients ] } default: { $ssh_packages = [ openssh, openssh-server ] } } package { $ssh_packages: ensure = installed } service { sshd: name = $operatingsystem ? { centos = sshd, default = sshd, }, enable = true, ensure = running } } - missing } Cheers, Atha On Wednesday, February 9, 2011 at 6:38 PM, Tim Dunphy wrote: Hello, I tried placing a comma where you suggested. However that did not appear to make any difference. Do you have any other thoughts? [root@VIRTCENT03:~] #puppetd --test err: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not parse for environment production: Syntax error at end of file; expected '}' at /etc/puppet/manifests/classes/baseapps.pp:31 warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run class baseapps { $packagelist = [ nmap,php-common,php-cli,perl,keychain,screen ] package { $packagelist: ensure = installed } class sshd { case $operatingsystem { centos: { $ssh_packages = [ openssh,openssh-server,openssh-clients] } default: { $ssh_packages = [ openssh, openssh-server ] } } package { $ssh_packages: ensure = installed } service { sshd: name = $operatingsystem ? { centos = sshd, default = sshd, }, enable = true, ensure = running } } thanks!! On Wed, Feb 9, 2011 at 3:34 PM, Sergey Zhuga sergey.zh...@gmail.com wrote: Hi, service { sshd: name = $operatingsystem ? { centos = sshd, default = sshd, } comma enable = true, ensure = running } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: file serving error
Hi Tim, the source specified is wrong. Since this is apparently not in a module, it should read: source = puppet:///snjh/ldap.conf In case you wanted to retrieve your files from another puppetmaster: source = puppet://${puppetmaster}/snjh/ldap.conf where ${puppetmaster} is the name of the server or another variable that specifies that name. Cheers, Atha -- Atha Kouroussis Sent with Sparrow On Wednesday, February 9, 2011 at 7:01 PM, Tim Dunphy wrote: hello again list!! I am attempting to work out how to serve files with puppet. Here is my fileserver.conf file # This file consists of arbitrarily named sections/modules # defining where files are served from and to whom # Define a section 'files' # Adapt the allow/deny settings to your needs. Order # for allow/deny does not matter, allow always takes precedence # over deny [snjh] path /etc/puppet/manifests/files/snjh allow *.summitnjhome.com # deny *.evil.example.com # allow 192.168.0.0/24 Here is the class manifest I am using: class basefiles { file { /etc/ldap.conf: source = puppet://puppet/snjh/ldap.conf } file { /etc/haha.txt: source = puppet://puppet/snjh/haha.txt } } And here is the directory I am trying to serve the files from: [root@virtcent13:/etc/puppet/manifests] #ls -l /etc/puppet/manifests/files total 12 drwxr-xr-x 100 root root 12288 Feb 9 16:32 snjh Each file is in it's expected location. Here is the ldap.conf file I am attempting to serve: [root@virtcent13:/etc/puppet/manifests] #ls -l /etc/puppet/manifests/files/snjh/ldap.conf -rw-r--r-- 1 root root 9190 Nov 25 21:41 /etc/puppet/manifests/files/snjh/ldap.conf And this is a sample text file that I wanted to try to place on the client to help verify that file serving is working: [root@virtcent13:/etc/puppet/manifests] #ls -l /etc/puppet/manifests/files/snjh/haha.txt -rw-r--r-- 1 root root 7 Feb 9 15:38 /etc/puppet/manifests/files/snjh/haha.txt And here is the error: [root@VIRTCENT03:~] #puppetd --test info: Caching catalog for virtcent03.summitnjhome.com info: Applying configuration version '1297288565' err: //basefiles/File[/etc/haha.txt]: Failed to retrieve current state of resource: Could not retrieve information from source(s) puppet://puppet/snjh/haha.txt at /etc/puppet/manifests/classes/basefiles.pp:10 err: //basefiles/File[/etc/ldap.conf]: Failed to retrieve current state of resource: Could not retrieve information from source(s) puppet://puppet/snjh/ldap.conf at /etc/puppet/manifests/classes/basefiles.pp:6 notice: Finished catalog run in 1.09 seconds I would sincerely appreciate any advice you may have on this matter. Thanks!! -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: puppet server not responding
Hi Tim, what is your puppet.conf? Have you specified a puppet server to use? If not, by default it will look for a host named puppet which is why its complaining about not being able to resolve. Cheers, Atha On Wednesday, February 9, 2011 at 8:44 PM, Tim Dunphy wrote: Hello and thanks for your reply!! It looks like the hostname is set correctly [root@mcollective ~]# hostname -f mcollective.acadaca.net [root@mcollective ~]# facter | grep fqdn fqdn = mcollective.acadaca.net And here is a more verbose run of puppetd --test [root@mcollective ~]# puppetd -t -d -v debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does not exist debug: Puppet::Type::User::ProviderPw: file pw does not exist debug: Failed to load library 'ldap' for feature 'ldap' debug: Puppet::Type::User::ProviderLdap: feature ldap is missing debug: Puppet::Type::User::ProviderUser_role_add: file rolemod does not exist debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/state/graphs]: Autorequiring File[/var/lib/puppet/state] debug: /File[/var/lib/puppet/client_yaml]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/private_keys/mcollective.acadaca.net.pem]: Autorequiring File[/var/lib/puppet/ssl/private_keys] debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet] debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet] debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/public_keys/mcollective.acadaca.net.pem]: Autorequiring File[/var/lib/puppet/ssl/public_keys] debug: /File[/var/lib/puppet/ssl/certs/mcollective.acadaca.net.pem]: Autorequiring File[/var/lib/puppet/ssl/certs] debug: /File[/var/lib/puppet/clientbucket]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/crl.pem]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/var/lib/puppet/ssl/certs] debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl] debug: Finishing transaction 23456293293600 with 0 changes debug: /File[/var/lib/puppet/ssl/private_keys/mcollective.acadaca.net.pem]: Autorequiring File[/var/lib/puppet/ssl/private_keys] debug: /File[/var/lib/puppet/ssl/certs/mcollective.acadaca.net.pem]: Autorequiring File[/var/lib/puppet/ssl/certs] debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/var/lib/puppet/ssl/certs] debug: /File[/var/lib/puppet/ssl/crl.pem]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/public_keys/mcollective.acadaca.net.pem]: Autorequiring File[/var/lib/puppet/ssl/public_keys] debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet] debug: Finishing transaction 23456292743820 with 0 changes debug: Using cached certificate for ca debug: Using cached certificate for mcollective.acadaca.net debug: Finishing transaction 23456293690500 with 0 changes debug: Using cached certificate for ca debug: Using cached certificate for mcollective.acadaca.net debug: Using cached certificate_revocation_list for ca debug: catalog supports formats: b64_zlib_yaml marshal pson raw yaml; using pson err: Could not retrieve catalog from remote server: getaddrinfo: Name or service not known warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run Thanks again for your input! On Wed, Feb 9, 2011 at 6:38 PM, Rohan McGovern rohan.mcgov...@nokia.com wrote: Tim Dunphy said: hello list I am attempting to setup a puppet server in the amazon cloud. When I try to hit the host from the test client using puppetd --test I get this response... [root@mclient ~]# puppetd --test err: Could not retrieve catalog from remote server:
[Puppet Users] Re: Syncing /modules --dir via Puppet
We keep all of our puppet manifests and modules in git and use capistrano for deployment. Cheers, Atha On Tuesday, January 25, 2011 at 11:46 AM, CraftyTech wrote: Hello All, For those who run multiple Puppetmasters; what's your method of syncing the modules directory? NFS, rsync, etc? I'm asking, because I'd like to use puppet itself to sync up the modules. I know that the normally the modules dir gets shared automatically, but what would be the implications to file serve the entire modules dir via /etc/puppet/fileserver.conf, to sync up with other masters? What's the best practices way of syncing modules dir across masters? Thanks, -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: More External Nodes
On May 21, 2010, at 13:50 , Douglas Garstang wrote: On Fri, May 21, 2010 at 9:40 AM, R.I.Pienaar r...@devco.net wrote: - Nigel Kersten nig...@google.com wrote: Is something like extlookup what you're really looking for? http://code.google.com/p/extlookup/ You have a bunch of parameters per host that you wish to be able to update programmatically, so you put all of this into an external data file so you can look up the relevant parameters per host? (I haven't followed all the back and forth in this thread sorry, so apologies if this has been covered.) Nigel, Hadn't seen that. Thanks. That looks to be a possibility, and is exactly the type of problem I am trying to solve. YAML would be better than csv, and I'm not a ruby zealot so might have to stick with csv for the moment. Please use the version here: http://www.devco.net/code/extlookup.rb the googlecode one is kind of in progress. background info here: http://www.devco.net/archives/2009/08/31/complex_data_and_puppet.php Thanks. I did a simple test and it seems to work great! One issue still remains though. Since we are running multiple instances of jboss on the same node, I still need to qualify each variable name with the instance number: jboss0_state,running jboss0_sw_version,1.10.12 jboss1_state,running jboss1_sw_version,1.12.15 Douglas, and what is the difference of putting these variables in an external node classifier under the node itself (not global)? Cheers, Atha and so on. Looks like the site.pp takes a facter variable. I wonder if there is some way I can get around the qualification by putting each instance in a separate csv file? Doug. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Puppet high-availability
Hi, You can generate the generate the puppetmaster certificate using the certname and/or certdnsnames options and assign that name to the VIP in a heartbeat cluster. Once the certificate is generated on one server, copy it to the other. Cheers, Atha On Apr 14, 2010, at 17:01 , SyRenity wrote: Hi. I actually considered this, but DRBD seems heavy for read-only information, which puppet manifests are. Maybe just using heartbeat both for DNS and Puppet, but as I'm defining both DNS servers on Puppet clients anyhow, it seems redundant. Are there considerations against this approach? Regards. On Apr 14, 5:38 pm, Trevor Hemsley trevor.hems...@codefarm.com wrote: Sounds like an ideal candidate for using DRBD and heartbeat to run active/standby puppet masters. On 14/04/2010 15:34, Michael DeHaan wrote: It would do for active/passive though.How about setting up an alias for ca that moved when the ca wasn't accessible (using --certname), and load balance the puppet serving parts since there's no race issues there. --Michael On Wed, Apr 14, 2010 at 10:06 AM, David Schmitt da...@dasz.at wrote: On 4/14/2010 3:42 PM, Michael DeHaan wrote: On Tue, Apr 13, 2010 at 7:39 PM, Christopher Johnston chjoh...@gmail.com wrote: How to deal with ssl certs, I have a similar situation where I have two puppetmasters per site and I would like to see them both handle serving puppet data at anytime from a VIP (primary/failover) type of operation. How about shared storage for the SSL dir? Would that be race-free with regards to updating the serial number and stuff? Best Regards, David -- dasz.at OG Tel: +43 (0)664 2602670 Web:http://dasz.at Klosterneuburg UID: ATU64260999 FB-Nr.: FN 309285 g FB-Gericht: LG Korneuburg -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Trevor Hemsley Infrastructure Engineer . * C A L Y P S O * Brighton, UK OFFICE +44 (0) 1273 666 350 FAX +44 (0) 1273 666 351 .www.calypso.com This electronic-mail might contain confidential information intended only for the use by the entity named. If the reader of this message is not the intended recipient, the reader is hereby notified that any dissemination, distribution or copying is strictly prohibited. * P * /*/ Please consider the environment before printing this e-mail /*/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Cron question
Hi, Quick question: what puppet version are you running? IIRC, one of the early 0.25 versions had an issue with the cron type. Its been resolved in 0.25.4. Cheers, Atha On Apr 13, 2010, at 18:05 , Darvin Denmian wrote: Here is the new URL : http://projects.puppetlabs.com/issues/3553 Thanks !!! On Tue, Apr 13, 2010 at 5:57 PM, Peter Meier peter.me...@immerda.ch wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/13/2010 10:50 PM, Darvin Denmian wrote: Here is the output: and here is the url: http://projects.puppetlabs.com/projects/puppet/issues/new ;) cheers pete -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkvE2qIACgkQbwltcAfKi39INACePTBznEOjBN2EcG6+EtLVhfmh q50AnA4lQCU5BKhEARftDBQjABXAA5BR =eUQg -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: external classifier not calling class
On Mar 4, 2010, at 18:51 , Asif Iqbal wrote: On Thu, Mar 4, 2010 at 2:05 PM, Asif Iqbal vad...@gmail.com wrote: On Thu, Mar 4, 2010 at 1:26 PM, Paul Lathrop paul.lath...@gmail.com wrote: In case anyone is looking at this, Asif and I spent some time in #puppet talking about this and we've eliminated: * formatting of the YAML (whitespace, etc.) * missing environment: parameter in YAML (doesn't appear to be required) --Paul following Paul's advice I updated the config.ru (/usr/share/puppet/rack/puppetmasterd/config.ru) ARGV --debug and now I see this in the puppetd on client debug: Calling puppetmaster.getconfig err: Could not call puppetmaster.getconfig: #RuntimeError: HTTP-Error: 500 Internal Server Error err: Could not retrieve catalog: HTTP-Error: 500 Internal Server Error Volcane from #puppet at irc.freenode.net helped me find out the problem passenger calls puppetmasterd as user `nobody'. Once I changed the puppet dirs to own by `nobody' all started working. That means when I updated the config.ru it decided to run puppetmasterd as user `nobody' instead of user `puppet' . older config.ru did not have that issue. Here are my old config.ru and new config.ru. http://pastie.org/854064 Any idea what change I can make on new config.ru so that puppetmasterd runs as user `puppet' instead? [..] Hi Asif, I was under the understanding that passenger run puppet under the user that was the owner of the config.ru file. At least that's the way we have it configured and we've had no issues so far. Cheers, Atha -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Http error with puppet 0.25.1 and passenger
Hi, the config.ru pasted seems to from 0.24. Is it from Ubuntu's puppet package? If so, you need to use the one for 0.25.1. You can find 0.25.1 and above debs in Ubuntu PPA repos. Cheers, Atha On Feb 8, 2010, at 16:27 , Asif Iqbal wrote: I will still need help with this. On Sun, Feb 7, 2010 at 10:43 PM, Asif Iqbal vad...@gmail.com wrote: Hi I am getting all these error from each client. This log is from one of the puppet clients http://pastebin.com/f141edbbc I am guessing I need to replace the /usr/share/puppet/rack/puppetmasterd/config.ru (http://pastebin.com/f39e8e519) with the ext/rack/files/config.ru of puppet 0.25.1 (http://pastebin.com/f4b74220b) to fix this issue. I am running Apache/2.2.11 (Ubuntu) mod_ssl/2.2.11 OpenSSL/0.9.8g Phusion_Passenger/2.2.2 on ubuntu 9.04 Please advise. -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Cannot seem to turn off the CA
Hi, We have several puppetmasters running with ca= false and passenger. They are currently 0.25.3 but were at some point 0.24.8. Basically, once you have setup your ca, in a node intended to be puppetmaster, run the client FIRST with ca_server pointing to your ca. The client generates the certificates and get the ca ceertificate. Then you can run the puppetmaster with ca = false. Our non-ca puppetmasters' puppet.conf looks like this: # file managed by puppet [main] logdir = /var/log/puppet vardir = /var/lib/puppet ssldir = /var/lib/puppet/ssl rundir = /var/run/puppet factpath = $vardir/lib/facter pluginsync = true manifest = /etc/puppet/manifests/site.pp modulepath = /etc/puppet/modules templatedir = /etc/puppet/templates [puppetmasterd] # CA ca = false ca_server = puppeteer.domain.com syslogfacility = info # Enable Foreman reports reports=log, foreman # for Passenger ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY # Use Foreman node_terminus=exec external_nodes=/etc/puppet/scripts/node.rb [puppetd] server = puppeteer.domain.com report = true Hope this helps. Cheers, Atha On Feb 2, 2010, at 17:14 , nicholas wrote: So I have 0.25.3 I found this in the code puppet/ssl/certificate_authority.rb class Puppet::SSL::CertificateAuthority def self.ca? return false unless Puppet[:ca] return false unless Puppet[:name] == puppetmasterd return true end end Basically I read this as, if this class is used inside of puppetmasterd, then turn on the certificate authority. Always. Anyone know if that is intended? On Feb 2, 9:15 am, Scott Smith sc...@ohlol.net wrote: On 2/2/10 9:06 AM, Nigel Kersten wrote: I thought ca = false was working until I actually verified that it wasn't operating as a CA. This is with puppet 0.24.8 btw. Ahhh, I'm using 0.25.x -scott -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Using Git to distribute Puppet configs
Hi John, I read the blog post and although an interesting approach, I can see several shortcomings, namely: - Lack of external node classifier: how do you control/specify which node applies which modules? - Anything apart from a DVCS to do deployment (i.e. subversion) would be madness. And even with git I think it can get out of control really fast - Each node has a copy of the entire repository of modules and classes which makes it in my opinion a security risk. I agree with the fact that puppet's SSL config/setup can be a real PITA, especially when dealing with multiple locations/domains. Cheers, Atha On Jan 27, 2010, at 12:21 , John Arundel wrote: Hi, Stephen would never mention it himself, he's too modest, but he's done a great write-up of how he uses Git (or other DVCS) to distribute manifests instead of using a Puppetmaster. It's quite flexible and powerful (you can use a post-receive hook on the remote repos to run Puppet whenever a new config is pushed out, for example). It's an approach to Puppet scaling I've not seen before - I really like this idea, so I'd be interested to know if anyone else has done something similar, and what you think about Stephen's scheme: http://bitfieldconsulting.com/scaling-puppet-with-distributed-version-control Regards, John -- Bitfield Consulting: we make software that makes things work http://bitfieldconsulting.com/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: SSL Makes My Brain Bleed
Hi Pete, I was thinking of doing that since all the entries in the wiki addressing Puppet Scalability deal with multiple CAs which in my opinion overly complicates things. I am also waiting on a resolution for #2848 which arose from this kind of setup. Cheers, Atha On Nov 23, 2009, at 18:05 , Peter Meier wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi 1. Start the production puppet master as usual. This will be your CA. 2. In your development puppet master, set ca = false and ca_server = production.hostname in puppet.conf in the puppetmasterd section. Also set server = production.hostname in the puppetd section. 3. In your development puppet master, run puppetd first! This is needed to generate the certificates and request the CA to sign them. If you start puppetmasterd first it will fail. 4. Sign the development puppet master certificate on your production puppet master or set autosign. 5. Once the certificate is signed, re-run puppetd to verify. 6. Start the development puppet master. 7. In your development clients, set ca_server = production.hostname to have the production puppet master sign their certificates since its your only CA. would be awesome if you could document that on the wiki. cheers pete -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAksK+QAACgkQbwltcAfKi3/qiACgioznQvrbmf6jbhJKajqaaLOx p9kAnjLvuFNhG5jbcEShnjUiCjCuINyt =Jf/T -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=.
Re: [Puppet Users] Shared database for storedconfigs?
Hi Ohad, thanks for your reply. The database would be shared per location, not globally, and as such there shouldn't be any latency issues. As everything else in our setup, it would be clustered to ensure availability. We had read puppetqd and will use it. We already have an activemq deployment so it wouldn't be an issue. The reason for using storedconfigs would be export / collect. Cheers, Atha On Nov 23, 2009, at 23:03 , Ohad Levy wrote: Hi Atha, if you dont have a high latency between your locations, you can technically do that. You need to ensure that only one server has the dbmigrate option enabled, and its more or less mandatory to run the same puppet version on all of your servers. however, for each client connection, the server would require the database - if the database is not reachable, non of your puppetmasters will work. what exactly are you trying to do? export / collect? inventory? as far as I'm aware, most big puppet installations don't use storeconfig because of the performance (that is dramatically improved with 0.25x) and the single point of failure. note, that if you want to get any decent performance, you would need 0.25 with puppetqd enabled. Ohad On Mon, Nov 23, 2009 at 9:11 PM, Atha akourous...@gmail.com wrote: Hi all, We have a clustered, per location puppet master setup, with multiple masters being able to serve any client at that location. We are about to enable storedconfigs. Is it possible to have all the masters at that each location share one database? Or does each master needs its own db? Being able to share the database backend would be a huge win! Cheers, Atha -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.