[Puppet Users] Has anyone written an ENC script that uses EC2 tags for classification purposes?

[Brian Gupta]

I'm thinking it should be fairly simple to have a puppetmaster call
out to an ENC script that queries the EC2 API to get tags for
classification purposes, and would be surprised if someone hasn't
already written an ENC script to do this.

I'm thinking this will help let nodes in autoscaling groups get
classified, however that does still leave the issue of certs.

Thanks,
Brian

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: does foreman require stored config?

[Brian Gupta]

I'd like to add that *IF* you are using Foreman as an ENC, the
preferred method of putting facts in the Foreman database is the new
ENC script that updates facts on every puppet run:

https://github.com/theforeman/puppet-foreman/blob/master/templates/external_node.rb.erb

Where you might want to use storeconfigs, is if you want to use the
Puppet language's storeconfig syntax to export and collect resources.
(Or have existing code that uses storeconfigs syntax). You do NOT need
to share the database to do this, and in fact I am personally
discouraging a shared database, since Puppetlabs has indicated that
they eventually plan to deprecate mysql based storeconfigs, and using
UUID certnames in conjunction with Foreman provisioning doesn't work
with a shared database.

While we now have separated our storeconfigs database from the foreman
database, and still have code that uses storeconfigs operators, I am
exploring replacing our storeconfigs code with native puppet functions
that work with foreman searches, as described here:
http://blog.theforeman.org/2012/01/getting-foreman-search-results-into.html

We can do this because we are using the ENC script to keep facts up to date.

I'd love to hear other people's thoughts on this.

Cheers,
Brian

On Tue, Jul 24, 2012 at 5:45 PM, llow...@oreillyauto.com
 wrote:
> It only is needed if you want to have the foreman list/show facts and such
> for the puppet master.
>
> It makes life a lot easier, and makes foreman a lot more useful, and it does
> make the process of importing classes a lot easier as well.
>
>
>
>
> On Tuesday, July 24, 2012 4:35:42 PM UTC-5, Hai wrote:
>>
>> I am trying to isntall foreman, but it seems that it required to
>> config stored config first, and it will use the puppet database.
>>
>> can someone explain why it has to use the stored config database?
>>
>> Thanks.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/rfP-dJMulcgJ.
>
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Is modulename::parentclass::subclassname ok style?

[Brian Gupta]

And is the following the best way to support this: (ie: will it be
supported for the foreseeable future.)

$modulepath/modulename/manifests/parentclass/subclassname.pp the way
the autoloader supports this?

Long story short, I can test and see if it works, but I don't want to
trust that as a way to see if something is a supported patttern, as
historically many things that work, aren't neccesarily supported.

Also can and should I have more than one init.pp files in a module?

e.g.
$modulepath/modulename/manifests/init.pp
$modulepath/modulename/manifests/parentclass/init.pp

I did a bit of reading in the puppetdocs, and it seems where i am
using parentclass, there is a namespace feature called
"implementation", which basically allows one to extend the namespace,
but it is unclear if "implementation" can also be a class? From docs:
"This directory’s name affects the class names beneath it."

I believe I don't need both to be supported, and am largely looking at
this as a way to organize some of our overloaded modules, that don't
make sense to be broken out into separate modules.

Thanks,
Brian

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] access facts in ENC

[Brian Gupta]

Your ENC script can pretty much do whatever you want it to do. I'm not
exactly following what you want to do with the facts, but you could
upload them to your ENC like so:
https://github.com/theforeman/puppet-foreman/blob/master/templates/external_node.rb.erb

-Brian

On Mon, Jul 23, 2012 at 7:56 PM, Hai Tao  wrote:
> I am talking about facts other than hostname, such as ipaddress, custom facts.
>
> On Mon, Jul 23, 2012 at 4:47 PM, Craig White  wrote:
>>
>> On Jul 23, 2012, at 4:07 PM, Hai Tao wrote:
>>
>>> Hi,
>>>
>>> As the only paramater we can pass to the ENC is the hostname, I wonder
>>> if there is a way to access a node's fact in the ENC script?
>>>
>>> I know a workaround is to query my Fact database ( I am using Mysql),
>>> but I like to know if I can use a variable directly, for example,
>>> $ipaddress?
>> 
>> $hostname should work
>> $fqdn is an option but that will likely carry a domain name with it.
>>
>> Craig
>>
>> --
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to 
>> puppet-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at 
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>
>
>
> --
> Hai Tao
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] puppet over ansible

[Brian Gupta]

> On 18/07/2012, at 8:54 AM, Marc Lucke wrote:
>
>> So I'm seeing a lot of hype around Ansible.  It seems to be a compelling 
>> story.  I've looked around and found a lot of stories about why you would 
>> use it over puppet, but not puppet over ansible.  Can anyone relate personal 
>> experiences or point to some interesting reading?

On Fri, Jul 20, 2012 at 8:11 PM, Marc Lucke  wrote:
> … well there you have it.  No advantages.  Or nobody cares about this better 
> system.  Or nobody knows :)
>

Well, I am guessing most of the people on this list haven't heard of
Ansible (until now). (Other than any Orson Scott Card fans.)

Taking a quick look the high level differences are:

1) Userbase/community - Puppet has a much larger userbase and
community. My belief is this is an advantage for puppet.

2) Larger number of modules available for use with puppet.

2) Ansible uses SSH to connect to the managed hosts. Pros and cons
here. Will let others argue which is "better".

3) DSL - Puppet has a Declarative DSL which largely separates the what
from the how. Ansible seems to mix the two in their playbooks. (Much
like Chef, but with Ansible not being Ruby specific.) I prefer a
Declarative DSL, but others may prefer alternate approaches.

4) Python vs Ruby - I feel Ruby is more popular in the Devops
community, and find I like the syntax better, but Python is not
necessarily a bad choice. That said, largely as a puppet user, one
doesn't have to deal with Ruby. (Nor does a Absible user have to deal
with writing Python.) This decision would be more important if you
wanted to contribute to one of the projects in question.

5) GPL vs Apache - DIfferent strokes for different folks. I actually
prefer GPL licensed software, but many prefer the Apache 2 license.

6) Push vs poll. - Ansible pushes configs to hosts where puppet
clients check in to a central server on regular intervals. (My
understanding is that ansible is somehow serverless.)

7) External data - Puppet supports the concept of storing ones data
separately from the code. It appears that ansible does not have a
standard method for doing so.

8) Built in remote command execution. Puppet relies on mcollective for
this feature, which is additional administrative overhead to setup and
maintain. However, on the flip side, I am certain that mcollective is
much more scalable than ansible. (IE: I am not using a tool that uses
ssh to manage 1000s of servers.) I can't say as a blanket statement
which is better.. If all you are managing is 10 nodes, I could see
simplicity of setup being an advantage. If you need to scale obviously
the scalable solution wins. That said, I would probably prefer to use
the scalable tool in small scenarios, so I don't have to learn two
toolchains.

9) Puppet manifests are historically have non-deterministic order
execution, unless dependencies are specifically declared. I think this
is the correct approach as implicit dependency graphs can be
dangerous, and lead to incomplete understanding of one's
configuration. That said, we are all used to scripts that run in
order, so this is definitely a learning curve when folks are new to
puppet.

10) Puppet is available in an Enterprise Edition that you can buy from
a known vendor with a full support contract. This gives many companies
warm and fuzzies. The majority of folks would say this is an advantage
for Puppet, however if one wants to be on the FLOSS bleeding edge, and
you don't have any money for software/support anyway, it might just be
a wash.

All in all I would say that Ansible feels more like a deployment
system with some basic configuration management idioms supported.
(Basically a step from capistrano or fabric towards a full-fledged
cfg-management framework.) I'm also sure I didn't get this all right,
and missed differences, as I have never used Ansible, and quickly
skimmed the docs.

Cheers,
Brian

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Modeling higher level services

[Brian Gupta]

On Fri, Jul 13, 2012 at 2:18 PM, Mark Roggenkamp
 wrote:
> Will Puppet ever enable the modeling of higher level resources (than node).
> I'd like to model a multi-node application/service or even many
> applications/services that sometimes connect. I guess I'm thinking something
> along the lines of cloudformation but in puppet such that the DAG would
> extend out from the node and be connected as needed. Or, should something
> like cloudformation, glu, etc always be a separate layer?

I can't speak for Puppetlabs, but I would imagine that at some point
service orchestration is something they should want to tackle, by
building something on top of mcollective and puppetdb, but for now,
the options I am aware of (In no particular order):

1) Glu http://linkedin.github.com/glu/docs/latest/html/tutorial.html
2) KermIT http://kermit.fr/kermit/
3) Juju https://juju.ubuntu.com/
4) Foreman-stacker https://github.com/ohadlevy/stacker (Not sure the status).
5) CloudFormation (AWS specific)
6) http://rundeck.org/

I just saw a talk on Juju, and it looks pretty interesting..
(Interesting enough, that I will be testing it in the lab.)

Cheers,
Brian

> Also, would it make sense at some point to have node-level changes
> immediately kick off changes in other nodes (perhaps via MCollective) as
> opposed to using exported resources and scheduled puppet runs to implement
> changes? IOW, something like a file resource subscribing to an event such
> that changes on another node that relate are immediately triggered instead
> of waiting for a puppet run.
>
> Just trying to work out some thoughts floating in my head. :)
>
> Kind Regards,
> Mark
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/ougYOJKlVS0J.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet freelancers?

[Brian Gupta]

On Sat, Jul 7, 2012 at 1:05 PM, JeremyCampbell
 wrote:
> I run a small shop, around 10 servers and spent some time with Puppet but
> I'm no programmer. I've created a set of manifests but most have issues and
> I'm certain that they don't follow best practice etc. I would like to hire a
> freelancer to both complete the manifests and refactor the existing ones
> according to best practice. I can't afford to hire Puppetlabs obviously so I
> was wondering if anyone had any ideas where I might find a freelancer with
> Puppet expertise. Anyone on this list available? Any advice where to look
> etc. would be much appreciated.

Jeremy,

Where are you located? I ask because there are a number of DevOps and
Puppet User Groups scattered throughout the globe, which are resources
that would be helpful in your search. (And useful for learning more
about Puppet yourself.)

Cheers,
Brian

>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/lyIhGyOoLNcJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Built in rollback features

[Brian Gupta]

On Thu, Jul 5, 2012 at 4:45 PM, gilbertc777  wrote:
> Hi Everyone,
>
> I am relativly new to writing puppet modules, and am working to architecht
> our puppet implementation.  One of the questions I have, is rolling back a
> puppet run.  What are the best ways to accomplish this.
>
> For instance, if I add a module to manage autofs, apply it to a server, and
> then no longer want to manage autofs on the server, how would I make it so
> that I can roll the server back to the unconfigured state?
>
> Also, when managing local account using puppet, what are ideas to handle the
> following case:Users A, B and C are added to all our servers.  After running
> for some time, we need to only remove User B.
>
> I have read on multiple blogs about having !classes, but I want to try and
> work towards using more of an industry standard and wanted to get other
> peoples opinions.

Puppet doesn't have any concept of rollback. You are declaring what
you want as your end result. Also bear in mind puppet only manages
resources that are in your manifests. (There are 10s of thousands of
objects on a default OS install that are unmanaged, if you consider
ever file, service, user or package that gets installed.)

One example:

If you had a manifest that didn't manage the user "testuser" and added
a resource to manage it, it would go from "unmanaged" to managed, and
create it if it didn't exist. If one were to roll back to a previous
manifest that didn't have "testuser", the user would still exist on
the system in an unmanaged state. In the puppet world if you want that
removed, you have to continue managing that resource, but ensure that
the resource in question is absent, or purged, using "ensure". e.g. -
"ensure => absent"

> Thanks!
> Chuck
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/uPGycpyKnEsJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: How to make send in a "q" when a screen shows up from exec?

[Brian Gupta]

On Thu, Jul 5, 2012 at 9:43 PM, Benjamin Lei  wrote:
> I see; thanks. I'll try that later.
> The next thing I'm trying to do is:
> rvm use 1.8.7 --default
>
> The command executes successfully, but when I SSH back into my server the
> version is still its old one. What might be going wrong?
>
> On Thursday, July 5, 2012 8:37:28 AM UTC-7, jcbollinger wrote:
>>
>>
>>
>> On Wednesday, July 4, 2012 6:01:02 PM UTC-5, Benjamin Lei wrote:
>>>
>>> So I'm trying to exec something, but during the exec a screen will show
>>> up that I need to "q" out of to finish it. Specifically speaking, I'm trying
>>> to exec: rvm --force install 1.8.7
>>
>>
>> Ideally, there would be a command-line option to suppress the screen or
>> provide the needed answer automatically.  Most command-line based installers
>> have such a thing in order to make them scriptable.  If rvm doesn't provide
>> that option then you might be able to pipe in the needed input: 'echo q |
>> rvm --force install 1.8.7'.  In that case make sure the Exec uses the 'sh'
>> provider.

Does this help?:
http://unknown-xengineer.blogspot.com/2012/06/workaround-for-unattended-rvm.html


>> John
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/qfdLLnvdw8cJ.
>
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Problem during setting password for user, using puppet provisioner of Vagrant

[Brian Gupta]

On Mon, Jul 2, 2012 at 11:10 AM, nikosd23  wrote:
> Hi,
>
> I am trying to set the password for a user that I have created using the
> puppet provisioner of Vagrant for a Linux version 2.6.32-71.el6.x86_64 Red
> Hat 4.4.4-13 box.
>
> I have tried both approaches:
>
> Approach1
> user { "test":
>     ensure   => present,
>     shell    => "/bin/bash",
>     password => "encrypted_password_generated_by_passwd_command",
>     managehome => true,
> }

This is the approach I would take, but you need libshadow-ruby
installed for it to work.

>
> Approach2
> exec { "create-test-password":
>     onlyif => "/bin/egrep '^test:' /etc/passwd",
>     command => '/usr/sbin/usermod -p
> $6$BlODgWJe$eQ.xkRSzkXpMudl831q78I8lh4hHLVGVKds.6hpcPe348uoqWXmlf6PC1s4TfmPhYrPHo6dbdbmNkz2UxewfS1
> test',
>     require => User["test"],
> }
>
> The first approach fills in the /etc/shadow file with an entry !! concerning
> the hashed password of the specific user,
>
> The second approach fills in a part of the above hashed password the
> /etc/shadow file entry., ie. for the above example:
>
> test:.xkRSzkXpMudl831q78I8lh4hHLVGVKds.6hpcPe348uoqWXmlf6PC1s4TfmPhYrPHo6dbdbmNkz2UxewfS1:15523:0:9:7:::
>
> Is there something I am missing? Is there any other approach that I should
> use?
>
> My puppet version is 2.7.1 ( and my Vagrant version is 1.0.3 although I dont
> know if this relates with my problem) .
>
> Thanks in advance.
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/tYRgMXG0SxQJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] yum.puppetlabs.com for fedora 17

[Brian Gupta]

I would guess part of the issue is related to testing against ruby
1.9.x, which Fedora now ships with, but someone from Puppetlabs should
confirm.

-Brian

On Mon, Jul 2, 2012 at 12:29 PM, Matthew Nicholson
 wrote:
> I notice fedora 17 isn't in there yet.Any time frame for this release
> being packaged up? Glad to help out rebuilding srpms
>
>
>
>
> --
> Matthew Nicholson
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Style guide question..

[Brian Gupta]

On Fri, Jun 29, 2012 at 3:09 AM, David Schmitt  wrote:
> On 29.06.2012 08:51, Brian Gupta wrote:
>>
>> According to the style guide,  "Classes and defined resource types
>> must not be defined within other classes."
>>
>> However looking at
>>
>> https://github.com/puppetlabs/puppetlabs-nginx/blob/master/manifests/init.pp
>> shows that there are a number of other classes defined in class nginx.
>>
>> What's the correct pattern? (And why?)
>>
>> Also can someone confirm the following class naming standards.:
>> 1) In init.pp, naming the main class associated with that module as
>> the same name as that module is best practice and will get applied,
>> when someone just does include modulename.
>> 2) For all classes that you want to include from other modules you
>> need to name them modulename::classname
>> 3) Other then option 1, one should avoid just using a simple classname
>> inside a module, but rather use modulename::classname. (Some
>> additional clarification here would be great.)
>
>
> These recommendations are rooted in the autoloader, who automatically finds
> modulename::some::class in modulename/manifests/some/class.pp.
>
> Additionally this improves orientation for others when reading or using the
> module because it ibues the names with meaning.

Thanks David. Could you clarify one thing?

The style guide says the following is bad:

"   class foo {
  ...
  class bar { ... }
}"

I think this largely works, and will register as classes apache and
apache::ssl, but the correct style would be?:

class foo {
  ---
}
class foo::bar {
  ...
}

>
>
> Best Regards, David
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Style guide question..

[Brian Gupta]

According to the style guide,  "Classes and defined resource types
must not be defined within other classes."

However looking at
https://github.com/puppetlabs/puppetlabs-nginx/blob/master/manifests/init.pp
shows that there are a number of other classes defined in class nginx.

What's the correct pattern? (And why?)

Also can someone confirm the following class naming standards.:
1) In init.pp, naming the main class associated with that module as
the same name as that module is best practice and will get applied,
when someone just does include modulename.
2) For all classes that you want to include from other modules you
need to name them modulename::classname
3) Other then option 1, one should avoid just using a simple classname
inside a module, but rather use modulename::classname. (Some
additional clarification here would be great.)

Thanks,
Brian

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] packaging puppet modules

[Brian Gupta]

On Thu, Jun 28, 2012 at 4:38 PM, Paul Belanger
 wrote:
> On 12-06-28 08:57 AM, Ken Dreyer wrote:
>>
>> Hi Puppet folks,
>>
>> I'm a Fedora packager, and I'm looking into packaging up some of the
>> modules at http://forge.puppetlabs.com/users/puppetlabs
>>
>> I'm thinking through the naming scheme for modules. It looks like the
>> upstream modules include the creators' names as part of the package names,
>> which strikes me as a little verbose from the perspective of Fedora
>> packaging.
>>
>> For example, the Puppetlabs' mysql module RPM  would (in theory) be called
>> "puppetmodule-puppetlabs-mysql". That's a mouthful. Any chance we could
>> have the Puppet Labs' modules be considered "canonical" modules on the
>> Forge, and then strip away the puppetlabs vendor name? Any other ideas
>> welcome.
>>
> I'm considering doing the same for Debian.  I haven't researched a naming
> scheme yes however I would expect something like
> puppetmodule-puppetlabs-mysql or puppet-module-puppetlabs-mysql would apply.
>
> I'd be reluctant to call it puppet-module-mysql unless it was actually
> bundled within puppet.

In the Debian world I'd consider a metapackage (hope this is the right
term) callet puppet-module-mysql, that can be install package
alternatives, and have puppet-module-puppetlabs-mysql (or something
like that) be one of possibly many alternatives.

I think the bigger question is whether Puppetlabs (via puppet forge)
considers best practice to have multiple modules supporting the same
service to be either/or alternatives, or wants people to make modules
that can be coexist in parallel. In my limited experience working with
people's third party modules, there seems to be an assumption that a
given module will be the only module on a given
puppetmaster/modulepath that is capable of managing a given
service/package, but I don't know if this is a published standard or
just people not thinking folks might want to have two modules managing
the same resource installed at the same time.

>
> --
> Paul Belanger | PolyBeacon, Inc.
> Jabber: paul.belan...@polybeacon.com | IRC: pabelanger (Freenode)
> Github: https://github.com/pabelanger | Twitter:
> https://twitter.com/pabelanger
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: packaging puppet modules

[Brian Gupta]

On Thu, Jun 28, 2012 at 2:46 PM, Steve Traylen  wrote:
> On Thursday, 28 June 2012 14:57:08 UTC+2, Ken Dreyer wrote:
>>
>> Hi Puppet folks,
>>
>> I'm a Fedora packager, and I'm looking into packaging up some of the
>> modules at http://forge.puppetlabs.com/users/puppetlabs
>>
>> I'm thinking through the naming scheme for modules. It looks like the
>> upstream modules include the creators' names as part of the package names,
>> which strikes me as a little verbose from the perspective of Fedora
>> packaging.
>>
>> For example, the Puppetlabs' mysql module RPM  would (in theory) be called
>> "puppetmodule-puppetlabs-mysql". That's a mouthful. Any chance we could have
>> the Puppet Labs' modules be considered "canonical" modules on the Forge, and
>> then strip away the puppetlabs vendor name? Any other ideas welcome.
>>
>
> Presumably it would end up on the filesystem as something like
> $modulepath/mysql/ so the puppetlabs bit is a bit redundant
> in some ways. Ignore packages for now, how does anyone cope with
> 'puppetlabs-mysql' and 'whatever-mysql'... in the same environment.

We don't, because the pattern seems to be to dump the leading
identifiers in the repo name, and many modules assume their namespace
is just the service/package name they are managing, e.g. modules/mysql.
If you look in init.pp in the case of the puppetlabs' mysql module,
this is clear as the main class is just called mysql. The way we deal
with these typically is to standardize on a single module and install
it as a git submodule. I believe if you wanted more than one, you
would need to make changes to the code. (We don't use the mysql
module, but it is a good example.)

So:
cd $puppetgitworkingdir
git submodule git://github.com/puppetlabs/puppetlabs-mysql.git modules/mysql
git submodule init
git submodule update

Cheers,
Brian

>>
>> - Ken
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/HZDPZSyjbSEJ.
>
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Service Puppetmaster being monitored by Nagios

[Brian Gupta]

On Mon, Jun 18, 2012 at 10:22 AM, Wendell Araujo
 wrote:
> Good morning!
>
> I have a server running Nagios and would like to monitor the service in my
> puppet server puppetmaster. Has anyone managed to do this?
>
> grateful
>
> Wendell

So this doesn't exactly answer your question, but it is a pattern that
may be of use. So we push out a managed file to all clients that gets
updated everytime we make a commit to the puppetcode base (git post
commit hook), and have a corresponding nagios check that confirms that
the version of the file on the puppet master is the same as on the
client. This tells us if anything is broken in the loop, including a
nonfunctional puppetmaster.

>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Request a way for passing simple info to a package installation

[Brian Gupta]

I need to install postfix on a a debian system with puppet.
Unfortunately there are a lot of prompts. One way to deal with this
is, is: http://projects.puppetlabs.com/projects/1/wiki/Debian_Preseed_Patterns.
Another way (apparently)  is to give an answerfile in the package
resource declaration. (I have no idea how to do this)

e.g.:

echo postfix postfix/main_mailer_type        select  No configuration
| debconf-set-selections
apt-get install -y postfix

However, I'd just like to deal with this stuff from within the package
resource declaration. Is there something simple I am missing?

 I just want to install a single package install with noconfig, and
have puppet handle the rest.

Thanks,
Brian

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] mysql or postgresql

[Brian Gupta]

On Tue, Jun 5, 2012 at 12:07 AM, Gary Larizza  wrote:
> On Mon, Jun 4, 2012 at 8:48 PM, Brian Gupta  wrote:
>> On Mon, Jun 4, 2012 at 11:19 PM, Gary Larizza  wrote:
>>> On Mon, Jun 4, 2012 at 7:54 PM, Denmat  wrote:
>>>> Hi,
>>>>
>>>> You should checkout puppetdb which currently locks you into PostgreSQL.
>>>>
>>>> Docs here:
>>>> http://docs.puppetlabs.com/#puppetdbpuppetdb09
>>>>
>>>> It's new so may be buggy - though I haven't seen any reports on this 
>>>> (haven't looked ;) )
>>>
>>> PuppetDB will store Inventory Data as well as exported resources and
>>> catalog data (from Puppet itself), but it will not store reports from
>>> the Puppet Dashboard.  To do that, the Puppet Dashboard requires a
>>> MySQL database backend.  It doesn't CURRENTLY support Postgres, though
>>> I suspect that will change in the future.
>>
>> Gary,
>>
>> Assuming we are just talking about report stores, Akaroot is looking
>> at storing 60,000 reports per hour. Can a single storeconfigs MySQL
>> instance handle that? (That's 1000 reports per minute.)
>>
>
> Just to correct the terminology - storeconfigs refers to the act of
> storing resources that have been exported from nodes, as well as
> storing your inventory data (Facter facts).  There's documentation
> here that should help -->
> http://docs.puppetlabs.com/guides/inventory_service.html  With
> storeconfigs, it's information that can be pulled from within a Puppet
> run.
>
> Reports, on the other hand, contain information on transactional
> events FROM a Puppet run.  Reports are stored in the Puppet Dashboard,
> which is a separate database (Storeconfigs uses one database -
> potentially PuppetDB, Dashboard uses another database.  Storeconfigs
> can be MySQL or Postgres but the database backend for the Dashboard
> must be MySQL).
>
> As for handling 1000 reports per minute, it's up to how you tune your
> MySQL setup.  Puppet is going to send reports to your database
> 'server' (credentials are provided in puppet.conf, so it could be a
> VIP based on what you're doing on the backend).  I'll let others with
> better experience in that area comment on what they've seen in
> production.

Thanks Gary for clarifying. My apologies, it's late here.

>
>
>> Thanks,
>> Brian
>>
>>>>
>>>> Den
>>>>
>>>> On 05/06/2012, at 4:05, akaroot  wrote:
>>>>
>>>>> Hi!
>>>>> Which database would you recommend to use mysql or postgresql for
>>>>> puppet?
>>>>> Estimated number of nodes 3, they send reports every 30 minutes.
>>>>> Thanks
>>>>>
>>>>> --
>>>>> You received this message because you are subscribed to the Google Groups 
>>>>> "Puppet Users" group.
>>>>> To post to this group, send email to puppet-users@googlegroups.com.
>>>>> To unsubscribe from this group, send email to 
>>>>> puppet-users+unsubscr...@googlegroups.com.
>>>>> For more options, visit this group at 
>>>>> http://groups.google.com/group/puppet-users?hl=en.
>>>>>
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google Groups 
>>>> "Puppet Users" group.
>>>> To post to this group, send email to puppet-users@googlegroups.com.
>>>> To unsubscribe from this group, send email to 
>>>> puppet-users+unsubscr...@googlegroups.com.
>>>> For more options, visit this group at 
>>>> http://groups.google.com/group/puppet-users?hl=en.
>>>>
>>>
>>>
>>>
>>> --
>>>
>>> Gary Larizza
>>> Professional Services Engineer
>>> Puppet Labs
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups 
>>> "Puppet Users" group.
>>> To post to this group, send email to puppet-users@googlegroups.com.
>>> To unsubscribe from this group, send email to 
>>> puppet-users+unsubscr...@googlegroups.com.
>>> For more options, visit this group at 
>>> http://groups.google.com/group/puppet-users?hl=en.
>>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to 
>> puppet-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at 
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>
>
>
> --
>
> Gary Larizza
> Professional Services Engineer
> Puppet Labs
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] mysql or postgresql

[Brian Gupta]

On Mon, Jun 4, 2012 at 11:19 PM, Gary Larizza  wrote:
> On Mon, Jun 4, 2012 at 7:54 PM, Denmat  wrote:
>> Hi,
>>
>> You should checkout puppetdb which currently locks you into PostgreSQL.
>>
>> Docs here:
>> http://docs.puppetlabs.com/#puppetdbpuppetdb09
>>
>> It's new so may be buggy - though I haven't seen any reports on this 
>> (haven't looked ;) )
>
> PuppetDB will store Inventory Data as well as exported resources and
> catalog data (from Puppet itself), but it will not store reports from
> the Puppet Dashboard.  To do that, the Puppet Dashboard requires a
> MySQL database backend.  It doesn't CURRENTLY support Postgres, though
> I suspect that will change in the future.

Gary,

Assuming we are just talking about report stores, Akaroot is looking
at storing 60,000 reports per hour. Can a single storeconfigs MySQL
instance handle that? (That's 1000 reports per minute.)

Thanks,
Brian

>>
>> Den
>>
>> On 05/06/2012, at 4:05, akaroot  wrote:
>>
>>> Hi!
>>> Which database would you recommend to use mysql or postgresql for
>>> puppet?
>>> Estimated number of nodes 3, they send reports every 30 minutes.
>>> Thanks
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups 
>>> "Puppet Users" group.
>>> To post to this group, send email to puppet-users@googlegroups.com.
>>> To unsubscribe from this group, send email to 
>>> puppet-users+unsubscr...@googlegroups.com.
>>> For more options, visit this group at 
>>> http://groups.google.com/group/puppet-users?hl=en.
>>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to 
>> puppet-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at 
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>
>
>
> --
>
> Gary Larizza
> Professional Services Engineer
> Puppet Labs
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Configuring Puppet for OnApp Cloud

[Brian Gupta]

To be clear, unique hostnames are not a must. Unique certnames are,
which by default are based on hostnames, but they don't have to be.
You can programmatically generate those using something like UUID
(Which is what Foreman uses for cloud provisioning). See the following
for more info on UUIDs:
http://en.wikipedia.org/wiki/Universally_unique_identifier

-Brian

On Fri, Jun 1, 2012 at 4:20 AM, ankush grover  wrote:
> Thanks Brian.
>
> My issue is with OnApp the end user can give his hostname while
> configuring the details for the Cloud Instance. When the system boots
> up how do I make puppetmaster accepts this as a client without manual
> intervention from administrator and apply some default classes for
> this host.
>
> Unique hostname is must for Puppet and if the user changes the
> hostname on his own then how the puppet client will talk to
> Puppetmaster.
>
>
>
> On Fri, Jun 1, 2012 at 1:36 PM, Brian Gupta  wrote:
>> On Fri, Jun 1, 2012 at 3:54 AM, ankush grover  wrote:
>>> Any update on this?
>>>
>>> On Wed, May 30, 2012 at 3:28 PM, ankush grover  
>>> wrote:
>>>> Hi Friends,
>>>>
>>>> My company is soon to going to deploy a private cloud from OnApp in
>>>> the infrastructure. Task given to me is to install puppet agent when
>>>> any Cloud instance boots. After searching on the google found there
>>>> are 2 ways to do this:
>>>>
>>>>
>>>> * Create a template in which puppet agent is already installed and
>>>> configured to talk to Puppetmaster. The issue is the hostnames for
>>>> these Cloud instances are given by the user and puppet requires unique
>>>> hostnames.
>>>>
>>>> * 2nd Option is run some scripts to install puppet agent, assign the
>>>> new hostname based on the ip and connect it to the Puppet Master and
>>>> on the Puppet master side accept the client without Admin
>>>> intervention.
>>>>
>>>> I somebody could share his experience in configuring Puppet for Cloud
>>>> Instances. What is the best way to configure Puppet and also if
>>>> possible please share the configuration or how to that will be very
>>>> helpful.
>>>>
>>>>
>>>> Thanks & Regards
>>>>
>>>> Ankush
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups 
>>> "Puppet Users" group.
>>> To post to this group, send email to puppet-users@googlegroups.com.
>>> To unsubscribe from this group, send email to 
>>> puppet-users+unsubscr...@googlegroups.com.
>>> For more options, visit this group at 
>>> http://groups.google.com/group/puppet-users?hl=en.
>>
>> I'm not familiar with OnApp, but the typical pattern for bootstrapping
>> cloud instances is to pass them a templated shell script that
>> bootstraps puppet onto the machine.
>>
>> Here is an example template/script which I use with Foreman
>> (http://www.theforeman.org/) ENC/provisioning system for bootstrapping
>> Ubuntu 12.04 EC2 nodes (Please feel free to follow up with any
>> questions.):
>>
>> #! /bin/bash
>>
>> echo "updating system time"
>> /usr/sbin/ntpdate -sub ntp.pool.org
>>
>> echo "<%= @host %>" > /etc/hostname
>> hostname <%= @host %>
>>
>> echo "PUT_A_DUBUG_PUBLIC_SSH_KEY_HERE" > /root/.ssh/authorized_keys
>>
>> echo "Configuring apt"
>> cat > /etc/apt/sources.list << EOF
>> <%= snippets "precise-sources" -%>
>> EOF
>>
>> apt-get update
>> apt-get -y install ruby ruby1.8 libshadow-ruby1.8 libruby1.8
>> wget http://production.cf.rubygems.org/rubygems/rubygems-1.8.24.tgz
>> tar xvzf rubygems-1.8.24.tgz
>> pushd rubygems-1.8.24
>> ruby setup.rb
>> popd
>> gem1.8 install -v 2.6.9 --no-rdoc --no-ri puppet
>> mkdir /etc/puppet
>> # and add the puppet and ruby-shadow package
>> #apt-get -y install puppet
>>
>> echo "Configuring puppet"
>> cat > /etc/puppet/puppet.conf << EOF
>> <%= snippets "puppetbgllc.conf" -%>
>> EOF
>>
>> /usr/bin/puppetd --config /etc/puppet/puppet.conf -o --tags
>> no_such_tag --no-daemonize
>>
>> puppetd --verbose
>> exit 0
>>
>> --
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to 
>> puppet-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at 
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Thoughts on job listings?

[Brian Gupta]

On Wed, May 30, 2012 at 5:13 PM, R.I.Pienaar  wrote:
>
>
> - Original Message -
>> From: "Michael Stahnke" 
>> To: puppet-users@googlegroups.com
>> Sent: Wednesday, May 30, 2012 9:49:44 PM
>> Subject: [Puppet Users] Thoughts on job listings?
>>
>> How do folks feel about getting Puppet job listings on this list?
>> I've rejected a few that we quite spammy, but when the subject matter
>> really is a system admin with puppet experience, the decision becomes
>> a bit different.
>>
>> I'm looking for general feelings.  A simple +1 or -1 would be great.
>
> job postings from community members looking for themselves/their employers
> with clear direct to employer contact information +1
>
> job postings from recruiters -1

+1 to both suggestions. If we limit it to relevant on topic postings
from principals, and keep recruiters out, it *should* keep volume low.

If we do reach consensus to support this, I propose an official
written policy that clarifies the requirements, and would probably
also require that job listings include "[JOB]" in the subject so that
those that aren't interested can easily set up filters. The official
policy should also set the expectation that this is subject to change
if volume becomes too high. (In which case we could revisit and look
at a designated jobs board/list) In addition, we should limit postings
from a single company to a certain limit (Once every two months for
example).

-Brian

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Configuring Puppet for OnApp Cloud

[Brian Gupta]

On Fri, Jun 1, 2012 at 3:54 AM, ankush grover  wrote:
> Any update on this?
>
> On Wed, May 30, 2012 at 3:28 PM, ankush grover  wrote:
>> Hi Friends,
>>
>> My company is soon to going to deploy a private cloud from OnApp in
>> the infrastructure. Task given to me is to install puppet agent when
>> any Cloud instance boots. After searching on the google found there
>> are 2 ways to do this:
>>
>>
>> * Create a template in which puppet agent is already installed and
>> configured to talk to Puppetmaster. The issue is the hostnames for
>> these Cloud instances are given by the user and puppet requires unique
>> hostnames.
>>
>> * 2nd Option is run some scripts to install puppet agent, assign the
>> new hostname based on the ip and connect it to the Puppet Master and
>> on the Puppet master side accept the client without Admin
>> intervention.
>>
>> I somebody could share his experience in configuring Puppet for Cloud
>> Instances. What is the best way to configure Puppet and also if
>> possible please share the configuration or how to that will be very
>> helpful.
>>
>>
>> Thanks & Regards
>>
>> Ankush
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.

I'm not familiar with OnApp, but the typical pattern for bootstrapping
cloud instances is to pass them a templated shell script that
bootstraps puppet onto the machine.

Here is an example template/script which I use with Foreman
(http://www.theforeman.org/) ENC/provisioning system for bootstrapping
Ubuntu 12.04 EC2 nodes (Please feel free to follow up with any
questions.):

#! /bin/bash

echo "updating system time"
/usr/sbin/ntpdate -sub ntp.pool.org

echo "<%= @host %>" > /etc/hostname
hostname <%= @host %>

echo "PUT_A_DUBUG_PUBLIC_SSH_KEY_HERE" > /root/.ssh/authorized_keys

echo "Configuring apt"
cat > /etc/apt/sources.list << EOF
<%= snippets "precise-sources" -%>
EOF

apt-get update
apt-get -y install ruby ruby1.8 libshadow-ruby1.8 libruby1.8
wget http://production.cf.rubygems.org/rubygems/rubygems-1.8.24.tgz
tar xvzf rubygems-1.8.24.tgz
pushd rubygems-1.8.24
ruby setup.rb
popd
gem1.8 install -v 2.6.9 --no-rdoc --no-ri puppet
mkdir /etc/puppet
# and add the puppet and ruby-shadow package
#apt-get -y install puppet

echo "Configuring puppet"
cat > /etc/puppet/puppet.conf << EOF
<%= snippets "puppetbgllc.conf" -%>
EOF

/usr/bin/puppetd --config /etc/puppet/puppet.conf -o --tags
no_such_tag --no-daemonize

puppetd --verbose
exit 0

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] exclude puppetmaster from default

[Brian Gupta]

On Wed, May 30, 2012 at 12:49 PM, Andrei-Florian Staicu
 wrote:
> On Wed, May 30, 2012 at 7:39 PM, Peter Bukowinski  wrote:
>> On May 30, 2012, at 12:13 PM, Andrei-Florian Staicu wrote:
>>
>> Hi all,
>>
>> Can you tell me if the puppetmaster (which is also a puppet node) can
>> be excluded from the default node definition?
>> The idea is that new unclassified nodes should get the puppet.conf and
>> auth.conf files by default, but these files are pretty different on
>> the master.
>>
>> Thanks.
>>
>>
>> The default node definition is only applied to nodes that aren't included in
>> any other node definitions. As long as your puppetmaster node is included in
>> any other node definition — either explicitly (e.g. 'puppet.domain.org') or
>> by glob (e.g. /^puppet/) — the default node definition will not affect it.
>>
>
> Ok, so this will exactly what I want for new (i.e. which don't already
> have a definition) nodes.
> Then how can I have a definition for all nodes, except the puppet master?

We basically use a base node class, that is applied to every host. For
managing puppet.conf we have an exception for the puppetmasters that
is setup in an erb template. Here is an example
https://gist.github.com/2837734

There are probably simpler ways to do this, e.g. via file
conditionals, but we needed to template for other reasons.

-Brian

> --
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Interactive Debian Package Installation?

[Brian Gupta]

On Tue, May 29, 2012 at 12:11 PM, Nan Liu  wrote:
> On Tue, May 29, 2012 at 7:03 AM, Dennis Benzinger | hybris
>  wrote:
>> Hello!
>>
>> For some machines I want to do a semi automated installation via puppet
>> apply. Is it possible to tell Puppet to install Debian packages
>> interactively in this case? So that for example the MySQL root password can
>> be entered.
>
> You won't be able to break into interactive mode during puppet apply,
> but you have the option of supplying the answer file.

Also check out:
http://projects.puppetlabs.com/projects/1/wiki/Debian_Preseed_Patterns


> Nan
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Anyone have a module they can share for greylog2+logstash?

[Brian Gupta]

If not I will write one.

Thanks,
Brian

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Check If State Changed with Puppet 0.25.4

[Brian Gupta]

On Fri, May 18, 2012 at 12:44 PM, Eytan Daniyalzade  wrote:
> Hey,
>
> I would like to figure out if the latest puppet client run changed the
> state of the server, in a programatic way. Essentially, I would like
> to achieve what --detailed-exitcodes provides in later versions of
> puppet. I am running in master/slave mode. Any suggestions? I have
> considered using /var/lib/puppet/state/state.yaml, and checking if
> anything more than 'checked' happened. Would that be the right way to
> go?
>
> Thanks,
> --Eytan

We aren't using 0.25.x but we do use puppet reports to track puppetrun
status. We feed them into foreman, which should still support the
older puppet report format (pre-2.6.5), but you might also be able to
use puppet-dashboard. (Looks like it does support the older report
format: http://downloads.puppetlabs.com/docs/dashboardmanual.pdf.)
(The last_run_report should be in the same directory as state.yaml,
but you have to enable reports in your puppet.conf).

As an aside, the upgrade from 0.25.x to 2.6.x was relatively painless.

Perhaps someone else can address your question more directly?

-Brian

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Question about plans for the forge.

[Brian Gupta]

On Thu, May 17, 2012 at 12:38 PM, Ryan Coleman  wrote:
> On Thu, May 17, 2012 at 9:23 AM, Brian Gupta  wrote:
>> Will general best practice for forge modules to be developed against
>> current latest puppet version, or maintain backward compatibility
>> going forward? e.g. - let's say there is a version of a module that
>> works with 2.7, when Telly ships will the plan be for the modules to
>> be required to support both puppet versions, or just Telly? Or are you
>> guys thinking that there will be separate modules for different
>> versions of puppet? (Perhaps you guys aren't there yet in your
>> planning?)
>
> I'd love to hear what the communities thoughts are here! :-)
>
> From my perspective, I think it's up to the module author to determine
> what their needs are and author modules accordingly. If they can only
> run 2.6 and want to author modules that aren't compatible with some
> aspect of 2.7, that's perfectly acceptable. They'll just need to
> specify that so those using 2.7 don't install a module that doesn't
> work for them. They'd have to re-evaluate their module when a new
> version (like Telly) ships.

Ah I had envisioned that the long term plan was for there to be core
modules that were written with best practices and that unless you were
doing something really funky, they would meet most people's needs.
(Either through some sort of official process, or crowd-sourced
voting/rating/self-selection).

> I added a comment to that ticket suggesting an idea to take the burden
> of specifying compatibility off of module author. Perhaps for modules
> that provide spec tests, we could automatically test that module
> against a matrix of puppet, facter and ruby versions to set and
> maintain what the module is compatible with every time a new version
> of puppet or facter is released. Just a thought.. and certainly that
> could be optional to authors who would rather manually specify
> compatibility.

Hmmm.. a thought (may be to much).. what if you also tracked
incompatible versions. That way if someone wanted to test it with a
version of puppet that the author didn't have an opportunity to test,
someone could submit a testing patch marking it as compatible or
incompatible with specific version(s)?

> --
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Question about plans for the forge.

[Brian Gupta]

On Thu, May 17, 2012 at 12:05 PM, Ryan Coleman  wrote:
> On Thu, May 17, 2012 at 4:43 AM, Brian Gupta  wrote:
>> Currently and going forward people will be running multiple versions
>> of puppet. What are the plans for puppet compatibility with Modules?
>>
>> Thinking we may want to be able to specify what version of Puppet is
>> running and ask for the compatible module. (Which may be the same).
>
> Hi Brian,
>
> Would you like to specify Puppet compatibility in each of your
> modules, perhaps in the Modulefile? Expressing that this module is
> compatibile with versions less than or equal to X, greater than or
> equal to X or exactly equal to X? If so, looks like we've got a ticket
> tracking that feature request.
> http://projects.puppetlabs.com/issues/13598

Sounds good, and sounds like it addresses the basic needs. (That
metadata, I think, will be very important.)

Will general best practice for forge modules to be developed against
current latest puppet version, or maintain backward compatibility
going forward? e.g. - let's say there is a version of a module that
works with 2.7, when Telly ships will the plan be for the modules to
be required to support both puppet versions, or just Telly? Or are you
guys thinking that there will be separate modules for different
versions of puppet? (Perhaps you guys aren't there yet in your
planning?)

Thanks,
Brian

> --
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Question about plans for the forge.

[Brian Gupta]

Currently and going forward people will be running multiple versions
of puppet. What are the plans for puppet compatibility with Modules?

Thinking we may want to be able to specify what version of Puppet is
running and ask for the compatible module. (Which may be the same).

Thanks,
Brian

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] modifying declared user/group types without resorting to inheritance?

[Brian Gupta]

On Wed, May 16, 2012 at 9:51 PM, Joshua Hoblitt  wrote:
> Hello,
>
> I have number of classes that deal with user management and I've run into a
> snag with needing to extend/modify either the user or group types.  I'm
> using theforeman as an ENC.
>
> The class structure I have is something like the following.
>
> users::common
> users::dev
> users::prod
> etc...
>
> users::{dev, prod} do not use inheritance.  Almost all node include
> users::common.  Some include users::common and user::dev, while others
> include users::common and users::prod.  No node presently includes all three
> classes but it's desirable for that to be possible.  The class users::common
> contains user and group types (actually virtual resources but that detail
> shouldn't matter...) and is machine generated.  users::{dev, prod} define
> additional users and groups.  The difficulty is that I have users in
> ::common that need to be added a group a group in ::dev but not be a member
> of that group in prod.  This is complicated by the fact that this group is
> declared in ::common.   Am I left with having to do class inheritence here?
> I'd like to avoid that if possible as that would preclude ::dev and ::prod
> being included on the same node.  I understand that heira is good at dealing
> with this sort of situation.  Is there some magic way of looking up data in
> heira without dumping foreman as an enc?

Check out: https://github.com/torrancew/hiera-foreman

As I understand it lets you map heira variables to foreman params.

Cheers,
Brian

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Using Puppet to manage preexisting servers

[Brian Gupta]

On Wed, May 16, 2012 at 12:08 PM, Aaron Grewell wrote:

> On Wed, May 16, 2012 at 5:07 AM, Mister IT Guru 
> wrote:
> > Ordinarily, I'd say lets upgrade your working practices while we're at
> it, and properly manage your whole workflow, manage access and manage who
> can make changes. Lets start by rebuilding your boxes to specification, and
> migrating your existing data over. Sounds great, "Client says no" huh? -
> Now I need to rethink my strategy.
>
>
> One of the tools that's helpful in this situation is Puppet's no-op
> mode.  This gives you the ability to report in advance on what would
> change during a Puppet run.  It's helpful for reassuring angsty
> customers as well as making a list of what might need to be reverted
> in an emergency.
>

 I concur to the advice all posters have given. I'll add that the three
tools we've used to do stuff like this are:

1) puppet resource
2) blueprint
http://pratikamin.wordpress.com/2011/03/22/generate-puppet-recipe-from-running-system/(These
recipes that get generated really need hand tuning, as they are
massive.)
3) puppet in --noop mode to validate.

Generally we start with the manage nothing and go through and add resources
and services one at a time. It's slow and tedious, and we don't like to do
it, but you sometimes have to.

Cheers,
Brian

--
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>


-- 


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] puppet-dashboard with SELinux enforced

[Brian Gupta]

I've run into permission errors like this if apparmor is enabled, and not
configured for the app I am trying to run.
http://en.wikipedia.org/wiki/AppArmor

I'm guessing you need to tell selinux that /usr/share/puppet-dashboard/* is
a valid path. (Never used selinux, but my understanding is that apparmor
and selinux have similarities.)

-Brian

On Sun, May 13, 2012 at 9:07 PM, Sans  wrote:

> Dear all,
>
> Can anyone please tell me why Ruby on Rails application is not starting,
> when SELinux is on. This is the errors reporting on the browser:
>
>
> The application has exited during startup (i.e. during the evaluation of
>> config/environment.rb). The error message can be found below. To solve
>> this problem, please follow any instructions in the error message.
>>
>> *Error message:*
>> Rails Error: Unable to access log file. Please ensure that
>> /usr/share/puppet-dashboard/log/production.log exists and is chmod 0666.
>> The log level has been raised to WARN and the output directed to STDERR
>> until the problem is fixed. Database isn't the current migration version:
>> expected 20120112195235, got 0 You must either run 'rake db:migrate' or set
>> environmental variable NO_MIGRATION_CHECK
>
>
>
> Any idea what am I doing wrong? Cheers!!
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/qXoLkbcvsy8J.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>



-- 


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Autoscaling with Puppet

[Brian Gupta]

Can you provide a link to the video? I'm guessing the workflow could be
much simpler, in that you could have an autoscaling group, that spins up
instances that are based on AMIs that are either preconfigured for puppet,
or have the cloud-init info passed to them to get puppet up and running.

-Brian

On Sun, May 13, 2012 at 9:28 PM, de  wrote:

> I have a specific need to use Puppet to Autoscale a few applications I
> have deployed on EC2. I'm using Puppet now to manage and create instances
> and saw a neat video on this subject. I'm missing the a piece of the
> puzzle. I'm assuming I should use Cloudwatch to send my puppetmaster a
> notification to then create a new instance with the cloudformation module.
>
> Does that sound about right? I looked into cloudformation, but that
> doesn't seem right.
>
> Can someone point me in the right direction.
>
> Thanks.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/ps2yIUWdTMQJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>



-- 


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Video for last months's meeting is now online (Foreman)

[Brian Gupta]

My apologies, this was supposed to go to the puppet-nyc mailing list. :( -Brian

On Tue, May 8, 2012 at 12:42 AM, Brian Gupta  wrote:
> Ohad did a great job covering Foreman. If you couldn't make it go
> check it out! (Audio is a little low) http://youtu.be/CqX-heDl9VM
>
> You can also check it out on archive.org if that's your preference:
> http://archive.org/details/Puppet-nycMonthlyMeeting-42012
>
> You can find out more about Foreman here:
> http://theforeman.org/
>
> and the code here: https://github.com/theforeman/foreman
>
> Foreman also has an IRC channel #theforeman on Freenode.
>
> and a couple mailing lists:
> https://groups.google.com/group/foreman-users
> https://groups.google.com/group/foreman-dev
>
> Cheers,
> Brian

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Video for last months's meeting is now online (Foreman)

[Brian Gupta]

Ohad did a great job covering Foreman. If you couldn't make it go
check it out! (Audio is a little low) http://youtu.be/CqX-heDl9VM

You can also check it out on archive.org if that's your preference:
http://archive.org/details/Puppet-nycMonthlyMeeting-42012

You can find out more about Foreman here:
http://theforeman.org/

and the code here: https://github.com/theforeman/foreman

Foreman also has an IRC channel #theforeman on Freenode.

and a couple mailing lists:
https://groups.google.com/group/foreman-users
https://groups.google.com/group/foreman-dev

Cheers,
Brian

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Compliance Workflow only in PE?

[Brian Gupta]

That said, it is build on top of Puppet's "puppet inspect" subcommand,
so theoretically one could build an open source extension to do the
same thing.

Puppet inspect was introduced in 2.6.5:
http://projects.puppetlabs.com/issues/4943

Read here for more information: http://docs.puppetlabs.com/man/inspect.html
http://docs.puppetlabs.com/pe/2.0/compliance_basics.html

- Brian Gupta

New York City user groups calendar:
http://nyc.brandorr.com/


On Wed, May 2, 2012 at 5:29 PM, Brian Gupta  wrote:
> Looks like it is an Enterprise only feature:
>
> http://puppetlabs.com/puppet/enterprise-vs-open-source/
>
> -Brian
>
> On Wed, May 2, 2012 at 5:26 PM, Thomas  wrote:
>> I'm currently prototyping with Puppet Enterprise 2.5 and I was
>> wondering if compliance workflow is only in PE or if is also available
>> in the open source dashboard?
>>
>> --
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to 
>> puppet-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at 
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Compliance Workflow only in PE?

[Brian Gupta]

Looks like it is an Enterprise only feature:

http://puppetlabs.com/puppet/enterprise-vs-open-source/

-Brian

On Wed, May 2, 2012 at 5:26 PM, Thomas  wrote:
> I'm currently prototyping with Puppet Enterprise 2.5 and I was
> wondering if compliance workflow is only in PE or if is also available
> in the open source dashboard?
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Thoughts on preseed vs config files?

[Brian Gupta]

So having an internal debate on whether to use puppet managed debian
preseed files to configure packages prior to installation or
installing with no-config and using puppet to manage the config files
after the fact.

The end of the discussion is that ideally one would use both, but if
one had to chose just one, it would be puppet managing the configs,
with the exception of certain packages that gain more benefit than
average by being configured through debconf. e.g. - Setting root mysql
password, so that debian maint. cron jobs can run without issue.

Thoughts?

-Brian

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: trouble w/ Foreman as ENC, agents and environments

[Brian Gupta]

Hmm. Are you definitely using the node.rb from here?
http://theforeman.org/projects/foreman/wiki/External_Nodes

Also that doesn't 100% look like the output of Foreman's ENC, are you
sure your node.rb is pointing at Foreman, including the correct port?

Thanks,
Brian


On Mon, Apr 30, 2012 at 11:37 AM, droog72  wrote:
> Hi,
>
> I don't actually see foreman_env - here's the actual output:
>
> environment: development
> classes:
> - concat::setup
> - dns
> - facts
> - hardening
> - mcollective
> - network
> - ntp
> - postfix
> - rhel
> - satellite::client
> - snmpd
> - ssh
> - sudo
> - users
> - vmware
> parameters:
>  puppetmaster: puppet
>  mac: 
>  ip: 
>  puppet_env: development
>
>
> thanks again,
> Steve
>
> On Apr 29, 7:15 pm, Brian Gupta  wrote:
>> Just to make sure, when you run node.rb does it return foreman_env in
>> the parameters stanza, the expected classes and a proper reference to
>> the foreman_env in the environment stanza?
>>
>> Cheers,
>> Brian
>>
>>
>>
>>
>>
>>
>>
>> On Fri, Apr 27, 2012 at 3:45 PM, droog72  wrote:
>> > Hi Ohad,
>>
>> > Sorry, I'm not really seeing anything useful in the logs, I can see
>> > about turning up verbosity, etc.
>>
>> > node.rb is owned by puppetmaster user and not root -
>>
>> > The ownership / permissions are :
>> > -r-xr-xr-x. 1 pe-puppet pe-puppet 705 Apr 27 13:24 node.rb
>>
>> > and I was able to run /etc/puppetmaster/puppet/node.rb as the pe-
>> > puppet user and retrieve the yaml for a client.
>>
>> > thanks again
>>
>> > On Apr 27, 2:56 pm, Ohad Levy  wrote:
>> >> On Fri, Apr 27, 2012 at 9:15 PM, droog72  wrote:
>> >> > Hi,
>>
>> >> > I have a Puppet Enterprise (2.0) puppetmaster running with Foreman,
>> >> > and having trouble getting it working as an External Node Classifier.
>> >> > In short, if I manually add a test client into site.pp, it will
>> >> > retrieve the proper catalog / classes, but I would like to avoid
>> >> > having to do that.  I'm also using environments (production/testing/
>> >> > development) as well, but think I have most of this configured
>> >> > correctly -
>>
>> >> > on the puppetmaster's puppet.conf - I do have:
>>
>> >> > node_terminus  = exec
>> >> > external_nodes = /etc/puppetlabs/puppet/node.rb
>>
>> >> > node.rb does exist and is owned by pe-puppet, executable, etc. I've
>> >> > verified I can view
>> >> > the yaml for a test client using the script.
>>
>> >> > and I have stanzas for each environment in the master's puppet.conf -
>> >> > [production]
>> >> > modulepath=/etc/puppetlabs/puppet/production/modules
>> >> > [testing]
>> >> > ...etc..
>>
>> >> > and the client's puppet.conf has   :
>> >> > environment = testing  under the agent stanza.
>>
>> >> > Running:   puppet agent --test --environment testing
>> >> > will run, but doesn't apply any classes.
>>
>> >> > I'm not sure what else I may be missing? Thanks in advance.
>>
>> >> > beside checking your logs, you should also make sure you can run that
>>
>> >> script as the puppetmaster user and not root.
>>
>> >> Ohad
>>
>> >> > --
>> >> > You received this message because you are subscribed to the Google 
>> >> > Groups
>> >> > "Puppet Users" group.
>> >> > To post to this group, send email to puppet-users@googlegroups.com.
>> >> > To unsubscribe from this group, send email to
>> >> > puppet-users+unsubscr...@googlegroups.com.
>> >> > For more options, visit this group at
>> >> >http://groups.google.com/group/puppet-users?hl=en.
>>
>> > --
>> > You received this message because you are subscribed to the Google Groups 
>> > "Puppet Users" group.
>> > To post to this group, send email to puppet-users@googlegroups.com.
>> > To unsubscribe from this group, send email to 
>> > puppet-users+unsubscr...@googlegroups.com.
>> > For more options, visit this group 
>> > athttp://groups.google.com/group/puppet-users?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: trouble w/ Foreman as ENC, agents and environments

[Brian Gupta]

Just to make sure, when you run node.rb does it return foreman_env in
the parameters stanza, the expected classes and a proper reference to
the foreman_env in the environment stanza?

Cheers,
Brian

On Fri, Apr 27, 2012 at 3:45 PM, droog72  wrote:
> Hi Ohad,
>
> Sorry, I'm not really seeing anything useful in the logs, I can see
> about turning up verbosity, etc.
>
> node.rb is owned by puppetmaster user and not root -
>
> The ownership / permissions are :
> -r-xr-xr-x. 1 pe-puppet pe-puppet 705 Apr 27 13:24 node.rb
>
> and I was able to run /etc/puppetmaster/puppet/node.rb as the pe-
> puppet user and retrieve the yaml for a client.
>
> thanks again
>
> On Apr 27, 2:56 pm, Ohad Levy  wrote:
>> On Fri, Apr 27, 2012 at 9:15 PM, droog72  wrote:
>> > Hi,
>>
>> > I have a Puppet Enterprise (2.0) puppetmaster running with Foreman,
>> > and having trouble getting it working as an External Node Classifier.
>> > In short, if I manually add a test client into site.pp, it will
>> > retrieve the proper catalog / classes, but I would like to avoid
>> > having to do that.  I'm also using environments (production/testing/
>> > development) as well, but think I have most of this configured
>> > correctly -
>>
>> > on the puppetmaster's puppet.conf - I do have:
>>
>> > node_terminus  = exec
>> > external_nodes = /etc/puppetlabs/puppet/node.rb
>>
>> > node.rb does exist and is owned by pe-puppet, executable, etc. I've
>> > verified I can view
>> > the yaml for a test client using the script.
>>
>> > and I have stanzas for each environment in the master's puppet.conf -
>> > [production]
>> > modulepath=/etc/puppetlabs/puppet/production/modules
>> > [testing]
>> > ...etc..
>>
>> > and the client's puppet.conf has   :
>> > environment = testing  under the agent stanza.
>>
>> > Running:   puppet agent --test --environment testing
>> > will run, but doesn't apply any classes.
>>
>> > I'm not sure what else I may be missing? Thanks in advance.
>>
>> > beside checking your logs, you should also make sure you can run that
>>
>> script as the puppetmaster user and not root.
>>
>> Ohad
>>
>>
>>
>>
>>
>>
>>
>> > --
>> > You received this message because you are subscribed to the Google Groups
>> > "Puppet Users" group.
>> > To post to this group, send email to puppet-users@googlegroups.com.
>> > To unsubscribe from this group, send email to
>> > puppet-users+unsubscr...@googlegroups.com.
>> > For more options, visit this group at
>> >http://groups.google.com/group/puppet-users?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Trying to build Ruby 1.8.7 on a RHEL5 systems

[Brian Gupta]

http://www.ruby-lang.org/ I think is what he meant.

On Thu, Apr 19, 2012 at 3:54 PM, Dan White  wrote:
> - Jo Rhett  wrote:
>> For ruby, go to ruby.org and find the latest patchlevel for 1.8.7 and put 
>> that number at the top of the spec file.
>>
>
> FYI: ruby.org is a parked domain.
>
> “Sometimes I think the surest sign that intelligent life exists elsewhere in 
> the universe is that none of it has tried to contact us.”
> Bill Waterson (Calvin & Hobbes)
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Two puppet related events in New York city this month (4/20 and 4/27).

[Brian Gupta]

On Friday 4/20 at 6:30pm, Ohad Levy, the author of Foreman, will be giving
a talk on Foreman to PuppetNYC, the New York City Puppet User Group:
http://www.meetup.com/puppetnyc-meetings/events/59430962/

In addition on the following Friday 4/27, Puppetlabs will be hosting an all
day Puppetcamp!!
http://www.meetup.com/puppetnyc-meetings/events/55401362/RSVP info
here:
http://puppetcampnyc.eventbrite.com/

Cheers,
Brian

-- 


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet Beginners: New list suggestion?

[Brian Gupta]

On Tue, Apr 3, 2012 at 2:35 PM, Daniel Pittman wrote:

> On Mon, Apr 2, 2012 at 22:53, Denmat  wrote:
> > How about a 'serverfault' or 'stackoverflow' or the like site? One of
> the issues I find is that previous answers are lost in mail lists and hard
> to search for. IRC isn't much help for searching previous answers either.
>
> I would absolutely support getting a new StackExchange site for
> configuration management or something going.  What it really needs is
> someone to drive that forward - you can't just ask for one, it needs a
> community.
>

Daniel, mmm.. do we want a general purpose configuration management site or
a puppet specific one? I'd be willing to help host and setup a puppet
specific one, however, I'd have thought that would be something that
puppetlabs would want to own/run. Feel free to discuss internally, and let
me know which way you guys want to go.

Thanks,
Brian


> --
> Daniel Pittman
> ⎋ Puppet Labs Developer – http://puppetlabs.com
> ♲ Made with 100 percent post-consumer electrons
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>


-- 


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet Beginners: New list suggestion?

[Brian Gupta]

Michael,

Would you guys consider standing up a shapado instance?
http://shapado.com/(It's basically an FLOSS clone of stackoverflow,
and is great for Q&A type
stuff.) You could stand it up as ask.puppetlabs.com, and point new users
there for questions. One of the big issues of puppet-users, is simple the
volume of emails that are blasted into ones inbox. (Ignoring the diverse
nature of the various discussions.) In addition, I have a sense that IRC
and mailing lists are a bit old-school, and can be intimidating to new
users.

Personally, I don't love mailing lists, in that I don't want to have to
subscribe to EVERYTHING, to get the answer to a single question.

I'd also like to address Scott's critique of FAQs. I think that no matter
how good and complete the documentation, there will be frequently asked
questions. It's just the nature of the beast.

Thanks,
Brian

On Tue, Apr 3, 2012 at 12:30 AM, Michael Stahnke wrote:

> Hey, we've been having some mailing list discussion on and off inside
> of Puppet Labs too. Obviously we have a large community that we are
> trying to appeal to, and we keep doing our best to create the
> experience for the user-base.
>
> Breaking the users list into two lists has its pros and cons.
>
> Pros:
> * Less code fragments in emails
> * Advanced users not bogged down with new user questions
>
> Cons:
> * Fragmentation of the user-base
> * Who will monitor/answer questions on a new user list?
> * New people may not learn from more experienced people, because the
> more experienced users may not subscribe to the new-users list
>
> What I really think we need, is a way to provide knowledge to new
> users in an efficient (and non fragmented) way.  In the past we had a
> horrible problem with documentation all over the place, wiki issues,
> blogs from everybody and their brother, etc.  Today, we have narrowed
> those problems with the Learning Puppet series.
> (http://docs.puppetlabs.com/learning/), and lots of other
> documentation improvements on docs.puppetlabs.com.
>
> The points about FAQ make complete sense.  We'd like to address this
> with proper documentation and some other online presence that will be
> rolled out in the in the next quarter or so.
>
> As an interrum, could we have a wiki page where we place questions
> that get asked frequently and have no (or incomplete) associated
> documentation?
>
> http://projects.puppetlabs.com/projects/puppet/wiki/Frequent_Questions_Without_Answers
>
>
> We also hope that IRC is helpful and remains helpful.  I don't often
> see RTFM comments coming out in #puppet.  When I do, it's quite often
> because their exact question was already answered, with citations, and
> the user still didn't read it.  Also in this thread somebody mentioned
> helping those willing to help themselves.  That's a fair statement,
> but we really want to make this an accepting community to make
> everybody better at their workloads with Puppet.
>
> I hope I've attempted to answer some of the concerns.  I am totally
> willing to revisit this in 90 days or so if the community thinks we
> should be handling this differently.
>
> This is also by no means designed to close this discussion, so please
> weigh in if you have opinions.
>
> Michael Stahnke
> Community Manager
>
>
>
> On Fri, Mar 30, 2012 at 1:00 PM, Mister IT Guru 
> wrote:
> > Good Evening Guys,
> >
> > Let me start by saying that I really admire how far puppet has come in
> the last year or so, with the launch of the Enterprise version, Puppet
> Forge and the other innovations from within Puppet Labs, and in particular
> the community participation. I love the mailing list, even though I've been
> lurking for over a year. It's this "inner shame" that compels me to raise
> this issue. I apologise if this is not the place to mention this, but hey,
> you've already got this far, so keep reading!
> >
> > I get stage fright looking at some of the "code fragments" that people
> post to the list and then say "This is how far I've got and I'm trying to
> do X" where X is something pretty complex/unique doesn't quite seem like
> best practice or something that you'll find on a general use linux box.
> While I have no problem or even issue with this, the problem I find is that
> when I tell my admin geek friends about puppet, they go to google and
> switch off when they see what they view as "buckets of work" to just get
> started.
>
> We have a lot of Puppet users on Mac, BSD, and now Windows too, so
> it's not just Linux.
>
> >
> > In a nutshell the perception and feedback I get and I feel this myself,
> is that the competency level of those whose regularly participate in this
> list, and in other internet forums may just be a bit too good. I feel as if
> puppet is lacking a sort of "nursery area". After all, everyone here is
> already a 'professional' or so we like to think!
> >
> > Would it be a good idea to have a puppet beginners list, where people
> can post dumb questions, and maybe have some patient 

Re: [Puppet Users] Cloud provisioning

[Brian Gupta]

On Tue, Mar 20, 2012 at 1:31 AM, Denmat  wrote:

> Thanks Brian,
>

NP. First let me say there are about 10 ways to skin a cat here, so many
folks might have different advice.


> We will be running a public subnet and at least one private subnet -
> traditional web/database set up essentially. Web servers will be behind a
> aws load balancer and there will be at least one admin host in the public
> subnet for access.
>

You could put your puppetmaster on the public subnet, if you put it in a
security group that limits access to specific non-ec2 IP addresses. (and
allows access from the rest of your security groups that need access.

Private hosts will access the outside world via a NAT instance.
>

Puppet works trans-NAT, so you should be fine having your private clients
connect to a puppetmaster on a public subnet.


> I'm very interested in using 'cloudformation' to build out the application
> stack instances and run configuration via puppet in either master or
> masterless mode. However I'm wondering if this is the best method and how
> this can all be reported back to a centralized reporting server (if at all
> possible under these scenarios). Also interested in tips on building into
> VPCs in general.
>

Both popular reporting servers, Dashboard and Foreman, support multiple
puppetmasters, but you would need to put your reporting servers somewhere
that is reachable by all puppetmasters. General VPC advice is probably out
of scope of this group, but if you have some particular questions, feel
free to ping me offline. Cloudformation is fairly useful, for either
building a puppetmaster, or getting a basic puppet client up. If you are
using puppet, I would use Puppet to get your application stack installed,
and maybe use cloudformation to get your instance to the point it can
connect to the puppetmaster. That said, I might wait a few weeks and see if
the foreman ec2 provisioning support that is coming is a better fit than
cloudformation. (See below).


> I'm curious how foreman handles cloud provisioning and would appreciate
> information on that.
>

I believe official Foreman support for cloud provisioning is not that far
off, as Ohad is refactoring the provisioning engine to use fog+libvirt and
one of the first "compute" resources we are going to see is EC2. I don't
know if VPC support will make it into the first release. For the first
release, I believe initial bootstrapping will be done with ssh, just as
Foreman currently does for traditional virt/bare-metal bootstrapping. (This
is the method that Foreman uses to get puppet installed, among other
things.) I believe cloud-init support is a planned enhancement. Ping
ohadlevy on #theforeman if you want early access, or have other questions.
I am sure he would welcome feature requests, and testers.

I should add we already have an existing puppet setup that handles
> traditional nodes. Our preference at this stage would be to keep them
> separate except for reporting. Not sure if that is something easily
> accomplished.
>

Multiple puppetmasters is easy with Foreman, and I imagine it's easy with
Dashboard as well.

Thanks,
> Den
>
>
> On 20/03/2012, at 15:35, Brian Gupta  wrote:
>
> Well you can always assign Elastic IPs to your VPC instances, if they are
> on a single public subnet. (Depending on how you have things configured.)
>
> Also, for a private subnet, you can setup an internet gateway instance
> that can handle outgoing NAT for you.
>
> Other than that, some fancier options are to run a replica of your
> puppetmaster in a public subnet, or even run a foreman "smart-proxy" puppet
> proxy in a public VPC subnet, that your other VPC nodes can accces.
>
> (Let me know if any of these sound appealing and I can get you more info.
> Or at least point you in the right direction.)
>
> -Brian
>
> On Tue, Mar 20, 2012 at 12:03 AM, Denmat  wrote:
>
>> Hi list,
>>
>> Quick general question, what's the current best way to deploy to an
>> Amazon VPC (without VPN to central puppet master)? Deliberately vague to
>> get wide results :)
>>
>> Has anyone got good posts on this?
>>
>> TIA
>> Den
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>>
>
>
> --
> <http://aws.amazon.com/solutions/solution-providers/brandorr/>
>
>  --
> You received this message because you are subscribed to the Google G

Re: [Puppet Users] Cloud provisioning

[Brian Gupta]

Well you can always assign Elastic IPs to your VPC instances, if they are
on a single public subnet. (Depending on how you have things configured.)

Also, for a private subnet, you can setup an internet gateway instance that
can handle outgoing NAT for you.

Other than that, some fancier options are to run a replica of your
puppetmaster in a public subnet, or even run a foreman "smart-proxy" puppet
proxy in a public VPC subnet, that your other VPC nodes can accces.

(Let me know if any of these sound appealing and I can get you more info.
Or at least point you in the right direction.)

-Brian

On Tue, Mar 20, 2012 at 12:03 AM, Denmat  wrote:

> Hi list,
>
> Quick general question, what's the current best way to deploy to an Amazon
> VPC (without VPN to central puppet master)? Deliberately vague to get wide
> results :)
>
> Has anyone got good posts on this?
>
> TIA
> Den
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>


-- 


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: vmware provisioning

[Brian Gupta]

Foreman has support for this. (Tied into Foreman provisioning workflow). I
am unaware of any other support for VMware provisioning in the open source
Puppet world, but in theory it shouldn't be too hard to write.

-Brian

On Wed, Feb 15, 2012 at 3:55 PM, Luke  wrote:

> Just to clarify,
>
> We currently have centos templates in ESX that we manually clone to VM
> and configure (add HD network etc) then kick off puppet. We would like
> to automate these initial steps.
>
> On Feb 15, 4:30 pm, Luke  wrote:
> > Does anyone know of a module that will spin up and configure a centos
> > vmware template? I see options with PE any with the open source
> > version?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>


-- 


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Question about reusing classes/modules

[Brian Gupta]

I would say Global vars aren't necessarily evil. However, they ideally fit
into a hierarchical structure, where one can have variable scoping with an
ability to override global vars with more tightly scoped local overrides.

Foreman, and Hiera support the ability to set the same variable at
multiple hierarchical levels and have the most "local" variable scoping
override the global. Think Global vars, datacenter vars, domain specific
vars, subnet vars, host vars, hostgroup vars, etc.

(Folks please correct me if I explained this incorrectly.)

-Brian

On Mon, Feb 13, 2012 at 12:14 PM, Kenneth Lo  wrote:

>  Eric:
>
>  Can you elborate on why global variables is a bad idea? Most of my
> environment's key-value pairs are set via dashboard as ENC, which I think
> are all global.
>
>  --KL
>
>   From: Eric Shamow 
> Reply-To: "puppet-users@googlegroups.com" 
> Date: Sat, 11 Feb 2012 20:48:24 -0500
> To: "puppet-users@googlegroups.com" 
> Subject: Re: [Puppet Users] Question about reusing classes/modules
>
>  I would avoid this approach - global variables aren't a good idea.
>
>  Hiera would be a better approach:
>
>
> http://www.devco.net/archives/2011/06/05/hiera_a_pluggable_hierarchical_data_store.php
> http://www.devco.net/archives/2011/06/06/puppet_backend_for_hiera.php
>
>  -Eric
>
>  --
>
>  Eric Shamow
> Professional Services
> http://puppetlabs.com/
> (c)631.871.6441
>
>  On Saturday, February 11, 2012 at 7:08 PM, krish wrote:
>
>My scenario is this: I have 4 environments, Dev, Test, QA, Prod. Each
> of these environments lives in 2 sites, LA and NY. I have 5
> applications that are site and env specific.
>
>  I want to use puppet to template-ize the config files that is required
> for each env, per site, per app, so 40 files.
>
>  The config file is basically key=value pairs. Here's a simple example
> of what each file may look like:
>
>  site=LA
> env=Dev
> app=App1
> masterServer=host1
> clientServer1=host2
> clientServer2=host3
>
>
>
>  How about having these key value pairs in site.pp with a case environment
> Then they become global to all modules.
>
>
>
>  --
> Krish
> olindata.com
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
> This message is for the designated recipient only and may contain
> privileged, proprietary, or otherwise private information. If you have
> received it in error, please notify the sender immediately and delete the
> original. Any other use of the email by you is prohibited.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>



-- 


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Cross-module dependencies

[Brian Gupta]

Nigel,

I just wanted to add, if we do go this route, we should work to support
private "forges" (module repos) as well.

Cheers,
Brian

On Sun, Jan 29, 2012 at 1:39 AM, Brian Gupta wrote:

> Nigel,
>
> It frightens me a bit that I think the "correct" solution, will be to
> replicate what the distros are doing in Puppetforge. Basically turning
> puppetforge into a massive cross distro metadata repo, with very strict
> contribution standards and rules. This would involve strong rules for
> curated modules that would require manpower to vet (and to contribute the
> modules).
>
> Maybe, we might want to extend modules so that there are two namespaces,
> one for curated forge modules and another for local modules. (Making the
> "local module" namespace the default for backwards compatibility.) One
> example of a potential rule would be to require that official modules
> support a mandatory set of popular OSes. Don't allow more than one official
> module per package. e.g.: In the curated section of forge there will be one
> MySQL module. (not to get too ahead of the cart, but I envision a time when
> you can instantiate a MySQL service by just telling puppet to use the Forge
> MySQL module, puppet handles downloading and installing the module and
> figuring out what OS you are running and with the help of the native
> package management, installs and configures the basic MySQL service.) The
> official modules will be curated such that if there is a a common resource
> they need to manage that resource will be split into a separate singular
> dependency module, that incorporates the requirements of
> all dependent forge modules. (Not a bag of common resources in a single
> module, but rather a separate module for each shared resource.)
>
> Maybe, I am overthinking this, but I think this is the "right" solution,
> that may require more resources to implement than the community has
> available.
>
> That leaves us what to do about "defined". (Or was that a different
> thread?) In the case of defined, my group has only ever used it once in
> almost 4 years, but it seems from the discussions that there are others
> still using it. Maybe the answer is provide a real alternative first, and
> then go about deprecating it? We wouldn't miss it, but I could see the
> challenges of rewriting a codebase that depends on it, and I wouldn't want
> that rewrite enforced on me, without a solid alternative.
>
> Cheers,
> Brian
>
> P.S. - No one is going to really love this solution, including myself, but
> that doesn't necessarily mean it shouldn't be done.
>
>
> On Sat, Jan 28, 2012 at 9:18 PM, Nigel Kersten wrote:
>
>> I just wanted to post to this thread to primarily encourage you all to
>> keep brainstorming, and to make it clear that I'm paying close attention. :)
>>
>>
>>
>> --
>> Nigel Kersten
>> Product Manager, Puppet Labs
>>
>>
>>
>>  --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>
>
>
> --
> <http://aws.amazon.com/solutions/solution-providers/brandorr/>
>
>


-- 
<http://aws.amazon.com/solutions/solution-providers/brandorr/>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Cross-module dependencies

[Brian Gupta]

Nigel,

It frightens me a bit that I think the "correct" solution, will be to
replicate what the distros are doing in Puppetforge. Basically turning
puppetforge into a massive cross distro metadata repo, with very strict
contribution standards and rules. This would involve strong rules for
curated modules that would require manpower to vet (and to contribute the
modules).

Maybe, we might want to extend modules so that there are two namespaces,
one for curated forge modules and another for local modules. (Making the
"local module" namespace the default for backwards compatibility.) One
example of a potential rule would be to require that official modules
support a mandatory set of popular OSes. Don't allow more than one official
module per package. e.g.: In the curated section of forge there will be one
MySQL module. (not to get too ahead of the cart, but I envision a time when
you can instantiate a MySQL service by just telling puppet to use the Forge
MySQL module, puppet handles downloading and installing the module and
figuring out what OS you are running and with the help of the native
package management, installs and configures the basic MySQL service.) The
official modules will be curated such that if there is a a common resource
they need to manage that resource will be split into a separate singular
dependency module, that incorporates the requirements of
all dependent forge modules. (Not a bag of common resources in a single
module, but rather a separate module for each shared resource.)

Maybe, I am overthinking this, but I think this is the "right" solution,
that may require more resources to implement than the community has
available.

That leaves us what to do about "defined". (Or was that a different
thread?) In the case of defined, my group has only ever used it once in
almost 4 years, but it seems from the discussions that there are others
still using it. Maybe the answer is provide a real alternative first, and
then go about deprecating it? We wouldn't miss it, but I could see the
challenges of rewriting a codebase that depends on it, and I wouldn't want
that rewrite enforced on me, without a solid alternative.

Cheers,
Brian

P.S. - No one is going to really love this solution, including myself, but
that doesn't necessarily mean it shouldn't be done.

On Sat, Jan 28, 2012 at 9:18 PM, Nigel Kersten  wrote:

> I just wanted to post to this thread to primarily encourage you all to
> keep brainstorming, and to make it clear that I'm paying close attention. :)
>
>
>
> --
> Nigel Kersten
> Product Manager, Puppet Labs
>
>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>



-- 


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Trying to understand how mcollective differs from saltstack?

[Brian Gupta]

http://saltstack.org/ http://puppetlabs.com/mcollective/

I found this link that talks about Func, Rundeck, Salt and mcollective, but
it doesn't really compare and contrast.
http://www.coloandcloud.com/editorial/func-mcollective-salt-and-rundeck/(From
a 10,000 overview Saltstack and mcollective look very similar. IE:
both integrate with facter/puppet, have queuing mechanisms, allow remote
execution and introspection of node data, etc).

Thanks,
Brian

-- 


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] AWS Elastic Beanstalk & Puppet

[Brian Gupta]

On Tue, Jan 3, 2012 at 10:14 AM, Ryan Chan  wrote:

> Anyone have experience and willing to share for Beanstalk?
>
> e.g.
>
> How does Puppet fit in when we mainly use AWS Elastic Beanstalk?
>
> Seems most features are provided by Beanstalk.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
Well there are two Amazon products that you can look at here:
CloudFormation, which is a way to templatize spinning up a set of nodes,
and which could be used to deploy a puppet master and/or clients.  See this
example for more info:
https://s3.amazonaws.com/cloudformation-examples/IntegratingAWSCloudFormationWithPuppet.pdf

As far as BeanStalk goes, it's not really targeted at the same use case
Puppet is, Elastic BeanStalk is Amazon's first attempts at providing
something akin to a PaaS (Platform as a Service), allowing developers an
easy way to just upload code to the cloud, and have scaling tasks taken
care of automatically. Currently Elastic BeanStalk is limited to Java apps,
but they have plans to extend that in the future.

Cheers,
Brian

-- 


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Is puppet right for us?

[Brian Gupta]

I would consider the following a small list of pros and cons for the three
tools:

Pros:
Cfengine: Not written in Ruby, so currently is more efficient with system
resources.
Puppet: IMHO has the most approachable syntax of the three (for sysadmins),
and the strongest community. It also has the widest platform support, with
a lot of preexisting code and code examples out there.
Chef: Configs are written in Ruby, and somewhat modeled on Rails
development patterns, so it is relatively easy for Ruby/Rails devs to pick
up. Also, Chef was designed from the ground up for the cloud, so is focused
on things like dynamically spinning up cloud instances. (Check out knife
and databags) If you don't want to manage your own Chef server you can get
it as a preconfigured service.

Cons:
Cfengine: Can be a bit challenging to learn, especially the promise theory.
Puppet: Particularly with older versions of Ruby can have memory usage
issues. Variable scoping is not ideal. These issues are manageable though.
Chef: No true dependency graphing, (implicit execution order) Setting up a
chef server is a bit on the challenging side, since it has a number of
requirements that don't fall into very common use. (Erlang based CouchDB,
and Solr). Learning Ruby is mandatory.

None of these tools are perfect and each have their warts, but any one of
them would make your life a lot easier. I'd say though that I prefer Puppet
over cfengine in almost all cases (except maybe a case where I am managing
only machines that have very tight resource constraints). Chef vs Puppet it
depends. If I was working entirely in the cloud and I had a very dynamic
environment, or was a Ruby shop, Chef would probably be my choice. In
almost all other cases I would go with Puppet. That said, the Puppet
community is working to address the Cloud deployment differences, so if the
cloud is in the future but not a now thing, I wouldn't let that effect your
decision. (And puppet does work in the cloud today, just the support is
relatively new and not yet as robust as Chef's)

All in all, for the reason of community and ecosystem alone, I'd say go
with Puppet.

Here are some random syntax examples:
cfengine:
http://www.sysadmin.hep.ac.uk/wiki/Cfengine:_Installing_Xrootd_with_cfengine
puppet: http://people.redhat.com/dlutter/puppet-app.html
chef:
https://github.com/opscode/cookbooks/blob/master/apache2/recipes/default.rb

Cheers,
Brian

P.S. - Another tool to look at, that I have *heard* good things about is
bcfg2, but it isn't nearly as popular as the others.

-- 


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Calling puppet from a script

[Brian Gupta]

On Thu, Dec 1, 2011 at 9:12 PM, Phil Frost  wrote:
> On 11/30/2011 11:01 AM, Ted wrote:
>>
>> I'm trying to call puppet from a bash script and whilst it works, it
>> causes my script to end prematurely.
>>
>> #!/bin/bash
>>
>> ...
>>
>> function runPuppetLocally()
>> {
>>     echo "...running Puppet locally"
>>     exec puppet agent --test
>>     echo "Puppet complete"
>> }
>> runPuppetLocally
>>
>> I presume Puppet is issuing an exit or something similar which causes
>> my script to end. Is there a means by which I can call it without it
>> terminating my script (I don't see the "Puppet complete" message)?
>
> I don't think so. "exec" directs bash to use exec(3) to replace itself with
> a new process image. That's probably why your script appears to end.

Just drop the exec and call /usr/bin/puppet  directly.

-Brian

>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Adding custom config to files

[Brian Gupta]

On Fri, Nov 18, 2011 at 4:24 AM, Jonathan van der Watt <
jonathan.vanderw...@gmail.com> wrote:

> Good day,
>
> I'm very new to Puppet and am trying to manage the snmpd daemon and
> associated config on our Red Hat servers using Puppet (for a start).
> My problem is not ensuring that the config file is present or that the
> package is installed. My problem is that the NMS we're using to
> monitor our servers needs to have extra config in the snmpd.conf file
> in order for it to monitor the space usage of mounted disks. Like so:
>
> disk /
> disk /var/log
> disk /var/lib/mysql
>
> This needs to be added somewhere in the snmpd.conf file; usually the
> bottom. Now, this is obviously never going to be the same on every
> single server... How would I accomplish this using Puppet? I'm
> guessing that I will need to use a template with some erb code and
> some facts from facter, but I'm just not sure what to do or how the
> code should look. Even if Puppet could ensure that all the disks (/dev/
> shm, /boot etc) are in there that would be fine. We could just tell
> our NMS which disks we want it to monitor. But it has to be in the
> above format!
>
> Any suggestions would be appreciated!
>

You could centrally manage the snmp.conf files by class of server, or by
individual host. Or you could go the route of custom facts. Here is a
ticket discussing this: http://projects.puppetlabs.com/issues/2847 (It does
look like if you wait, it will be included in facter.)

J
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>


-- 


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] New user looking for some guidance

[Brian Gupta]

On Fri, Nov 18, 2011 at 4:07 AM, Jonathan van der Watt <
jonathan.vanderw...@gmail.com> wrote:

> Good day,
>
> I'd like to ask the Puppet community for some help with a few problems
> I've been having...
>

Please feel free to post the details of the problems you are having to this
list, so that folks can see if they can help. (No need to ask to ask).


Good luck,
Brian

Greetings,
>
> Jonathan
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>


-- 


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] dropping support for ruby 1.85?

[Brian Gupta]

On Tue, Nov 15, 2011 at 11:30 PM, Jo Rhett  wrote:

> On Nov 9, 2011, at 5:47 AM, Ohad Levy wrote:
>
> Ruby 1.87 support
> Foreman 0.4 would be the last major version supporting Ruby older then
> 1.87.
> This has to be done since the upstream rails community no longer
> supports older versions, which means that critical security patches
> are no longer available if we keep supporting that.
>
> if required, we would release 0.4.x maintenance releases, but since
> ruby 1.87+ is available on most distribution these days, you are
> encouraged to upgrade.
>
>
> No distribution based on RHEL5 has a supported version of ruby other than
> 1.85 AFAIK.  It's pretty much a roll-your-own-RPM for 1.87, and that's not
> possible for most sites.
>
>  --
> Jo Rhett
> Net Consonance : consonant endings by net philanthropy, open source and
> other randomness
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

Jo,

Not speaking for Ohad here, but I do know that rails 3.x would have major
issues with Ruby versions <= 1.8.6, and are explicitly not supported. As it
stands foreman is not alone here, as puppetlabs is not supporting ruby
1.8.5 for the latest versions of puppet dashboard either. 1.8.7 is the
minimum to support puppet dashboard 1.2.x.

Being that Foreman is just a single server in your environment, is this
really that big of a deal? Is there anything the Foreman project could do
to ease the issues with supporting a newer versions of Ruby? There are some
options here. The packages that Eric mentioned, REE source install, RVM,
etc.

-Brian

-- 


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Design Goals of Puppet

[Brian Gupta]

A quick google found this.. I am sure you can find more, remember the
founder was Luke Kanies and the original name of "Puppet Labs" was
"Reductive Labs":

http://www.redmonk.com/cote/2009/06/24/reductivelabs/

As far as design goals go, the key concept is "idempotent", which means that
no matter how many times you do the same thing the outcome remains the same.
For example, if a Puppet "script" says that a user must exist, it will only
take action if the user doesn't exist. This ties into the other key design
goal in that the Puppet language is a "declarative" language, which means it
is a language that describes the desired outcome rather than actions to
take, leaving the actions to take to the Language
implementor/implementation.

-Brian

On Tue, Oct 4, 2011 at 2:13 AM, brighton marekera <
brightonmarek...@gmail.com> wrote:

> Hi everyone. I am Looking for a any information on the Design goals of
> Puppet and its History from its inception,i have been looking around
> the internet and i cant seem to find good info on tht
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>


-- 


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] mysql database

[Brian Gupta]

Another mysql module:
https://labs.riseup.net/code/projects/module-mysql/repository

-Brian

On Sun, Oct 2, 2011 at 4:37 PM, Dan Bode  wrote:

> you can find several examples of existing types/providers for managing
> mysql online.
>
> Here is one example:
>
> https://github.com/puppetlabs/puppetlabs-mysql
>
> hope this helps
>
> -Dan
>
>
> On Sun, Oct 2, 2011 at 1:26 PM, Matthew Black  wrote:
>
>> No that is one of the ways to do it. The alternative is to write your own
>> provider and type. As for whether your method is correct, if it is working
>> for you and scales then its the correct procedure for you.
>>
>>
>> On Sun, Oct 2, 2011 at 11:41 AM, CHEBRIAN  wrote:
>>
>>> Hi,
>>>
>>> How to create mysql database thru puppet. I fired thru exec . it it
>>> creating. but i feel it is not a correct procedure. Please share your
>>> suggestions
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "Puppet Users" group.
>>> To post to this group, send email to puppet-users@googlegroups.com.
>>> To unsubscribe from this group, send email to
>>> puppet-users+unsubscr...@googlegroups.com.
>>> For more options, visit this group at
>>> http://groups.google.com/group/puppet-users?hl=en.
>>>
>>>
>>  --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>



-- 


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Gotchas around upgrading from an old version (0.25.4) to a newer version.

[Brian Gupta]

If you follow the mailing list it seems that there were a larger number of
deliberate syntax changes from the move from 2.6 to 2.7 than there were from
0.25 to 2.6. IE: Syntax that changes behavior, not just breaks.

The rule of thumb has always been to support one major version backwards, so
a 2.7 server should in theory support 2.6 clients, and 0.25 clients less so.
YMMV, as there really isn't a strict guarantee of backwards compatibility in
any case.

Check out: http://projects.puppetlabs.com/projects/puppet/wiki/Release_Notesand
you'll see the 2.7 release had a lot more changes than the 2.6 branch.

You are likely to have fewer issues migrating from 0.25 to 2.6 vs 2.7.

Two things to consider when you are making this migration.
1) 2.6.9 is a more "stable" code base. (Stable meaning mature and vetted).
1) 2.7.4 is a more featureful, faster-moving code base. (Faster moving
because it's the active branch and is newer). We are just now feeling that
it is ready for new deployments, so if the features are compelling, maybe
the risk and pain of a two major version upgrade might be worth it.

I still think skipping major puppet versions when upgrading is somewhat
risky, and I would probably move my environment to 2.6.9 and then plan on a
later move to 2.7. I guess for me the deciding factors would be, a) how
large is my code base (the smaller it is, the easier it will be to debug any
issues that come up), and b) what is my pain tolerance if there are
incompatibilities that come up.

-Brian

On Fri, Sep 23, 2011 at 6:06 PM, brokenpipe  wrote:

> I've been tasked at my workplace to upgrade our puppet installation to
> a more modern version. Currently all the environments run a RubyGem
> version of puppet 0.25.4 on mostly RHEL/Centos 5.3 - 5.5 (there are,
> like most environments, a few laggards running RHEL4 or new machines
> running CentOS 6).
>
> The plan is to upgrade these to the most stable version of Puppet,
> which at the time of writing is 2.7.3.
>
> I plan on building RPMs on RHEL5.3 for Puppet 2.7.3 against the Ruby
> version that RHEL5 shipped with which is 1.8.5 I believe.
>
> Are there are any significant gotaches. My plan was to upgrade the
> server first and then do a few roll outs to some QA machines and see
> how it goes. However there is some concern in the group that 0.25.4
> agents are unable to talk to a 2.7.3 server. Are these unfounded or
> true?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>


-- 


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Official puppetlabs position on cron vs puppet as a service?

[Brian Gupta]

Over the years many shops have come to start running puppet via cron to
address memory leaks in earlier versions of Ruby, but the official position
was that puppet was meant to be run as a continually running service.

I am wondering if the official position has changed. On one hand many if not
all of the early Ruby issues have been fixed, on the other, the addition of
mcollective into the mix as a lightweight agent for triggering adhoc puppet
runs, and other tasks somewhat lowers the requirements for puppet to be run
as a service. (Or out of cron for that matter).

I understand that in cases where old Ruby versions are for whatever reason
mandated the answer may be different.

Thanks,
Brian

-- 


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Variable number of variables in external node output...

[Brian Gupta]

Puppet can do this. I would propose the following solution, but there may be
other ways to do it.

1) Use a template. Templates have embedded ruby code and run on the clients.
2) Link to some library that allows you to query your database (You can use
one or more require statements in your ruby code)
3) Embed ruby code to parse and format your variables into configuration

See http://docs.puppetlabs.com/guides/templating.html for a bit more about
templates.

-Brian

On Wed, Sep 21, 2011 at 4:20 PM, Douglas Garstang
wrote:

> All,
>
> I have a situation where I need to get some fairly complex
> configuration files onto systems, and I'm wondering if puppet can even
> do this. Lets say that my external node script will go and source all
> the data it needs from an external database, and dump out all
> variables that the node will need. The relevant puppet module(s) will
> then have to inject these variables into templates to be deployed to
> the systems.
>
> Now, what if the number of variables that get dumped by the external
> node script is variable? And, what if these variables are broken into
> chunks that need to be split into different files on the remote
> system? How would I do such a complex thing in puppet? A lack of any
> type of looping constructs in puppet would seem to make this rather
> difficult.
>
> Doug.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>


-- 


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Software inventory

[Brian Gupta]

Does anyone else have any concern about populating custom facts that
list ALL packages installed on a system? My sense is that it has the
potential to create a lot of overhead for facter, and in turn puppet
itself. (A typical linux system will have hundreds of packages
installed). I also don't think putting the data in facter as key value
pairs necessarily presents the data in a useful form, but that may be
in the eye of the beholder.

-Brian

On Sep 21, 3:14 pm, Ashay  wrote:
> On Sep 21, 10:53 am, Glenn Bailey  wrote:
>
> > >> Before I go about writing one myself, anyone out there written a
> > >> software inventory module/fact for gathering a list of all installed
> > >> rpms/debs on a system? Got a few ideas floating around in my head, but
> > >> wanted to see if/what other folks have done ..
>
> > > you can already do this with:
>
> > > puppet resource package
>
> > > this will generate a manifests that represents all of the packages 
> > > installed
> > > on a system.
>
> > Let me re-phrase a bit, I'm trying to get a fact setup to collect this
> > information and I can report of my Puppet DB. Was just thinking of
> > doing an auto-increment so it would be something like "package0 =>
> > package_name-version" "package1 => package_name-version" etc. Parsing
> > "puppet resource package" will make it easier for writing a single
> > module for rpm/deb ..
>
> You could distribute a custom fact like this 
> one:https://github.com/ripienaar/facter-facts/tree/master/facts-dot-d
>
> Then you can use a cron job that runs "rpm -qa" and populates /etc/
> facts.d/pkgs.txt like so:
>
> pkg0=httpd-2.2.15-5.el6.centos.x86_64
> pkg1=nscd-2.12-1.7.el6.x86_64
> .
> .
>
> or even
>
> pkgs=httpd-2.2.15-5.el6.centos.x86_64:nscd-2.12-1.7.el6.x86_64:other_pkgs_colon_seperated
>
> Either way, it doesn't look elegant if a large number of packages is
> installed.
>
> If you care about certain packages only, you can populate the file
> with those package names.
>
> Or you can populate it with the output of "yum check-update" or "apt-
> get upgrade -V"

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Software inventory

[Brian Gupta]

Well, puppet does include a native facility for doing this... try running
and see if the output meets your needs:
"puppet resource package"

I guess the question before extending this to a module, is what exactly do
you want to do with the data?

-Brian

On Wed, Sep 21, 2011 at 12:45 PM, Glenn Bailey
wrote:

> Howdy,
>
> Before I go about writing one myself, anyone out there written a
> software inventory module/fact for gathering a list of all installed
> rpms/debs on a system? Got a few ideas floating around in my head, but
> wanted to see if/what other folks have done ..
>
> --
> I've seen things you people wouldn't believe. Attack ships on fire off
> the shoulder of Orion. I watched C-beams glitter in the dark near the
> Tannhauser gate. All those moments will be lost in time... like tears
> in rain... Time to die.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>


-- 


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Upgrading my version of perl

[Brian Gupta]

It would help to know what version of Ubuntu you are running. Presumably
finding a backport of the package version you are looking for, would
typically be the approach that most folks use.

-Brian

On Wed, Sep 14, 2011 at 11:59 AM, Puppet convert wrote:

> Hi guys,
> I totally love Puppet. I"m installing an ubuntu virtual machine with
> it and have managed to get the most rudimentary stuff working. My
> virtual machine runs 5.10 and I am needing 5.12.
> Does anyone know how to specify an install of Perl-5.12 in my .pp
> file?
> Any pointers would be appreciated...
> Julian
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>


-- 


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Deployment of applications

[Brian Gupta]

If you want something simple and don't need a GUI, many folks are using
either Capistrano (Ruby) or the very similar Fabric (Python) for deployment.
You can populate hostlists via Foreman queries. That said, I am not sure
what sort of integration with Puppet/Foreman you are looking for.

Cheers,
Brian

On Tue, Sep 13, 2011 at 3:53 PM, Ashley Penney  wrote:

> I know this has come up on the list numerous times before but I
> thought it would be a good time to see if the state of the art has
> advanced for this kind of thing.  I wanted to know how people are
> handling higher level deployment of applications - things that have to
> be done repeatedly but not all the time.  An example of this is
> checking an application out of svn, building it, creating a package
> and then moving it off to a repo.  Or even just building/installing
> locally for developers.
>
> It never seems to fit well into Puppet for me and I end up with crazy
> complicated manifests to deal with this kind of thing.  I recently
> moved these jobs into Rundeck (www.rundeck.org) which works pretty
> well but doesn't really leverage any of the stuff I have within
> Foreman/Puppet.  I've seen suggestions to use mcollective but this
> doesn't easily integrate our existing scripts (written in many
> languages) or processes and would require me to force a lot of
> developers to work differently.  I could just have classes that
> trigger scripts only when some condition is met (like /.buildapp
> files) or something along those lines but nothing seems elegant.
>
> What I'm trying to find out is what other people did to handle this?
> I want something I can build up over time and slowly migrate legacy
> apps and processes into without having to do a massive up front
> development.  It should also be relatively simple and not require me
> to code anything as anyone on the list who knows me can tell you that
> I am absolutely awful at coding.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>


-- 


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] How To Expand an .erb Template Without Doing a Full Puppet Run?

[Brian Gupta]

I'm thinking the answer is to update your init script, to make sure that
restart calls rndc reload, and specify "hasrestart" in your resource
definition.

I suggest this because bind should ignore bad zone files, and keep serving
the old zones, when reloaded via rndc.

Maybe the answer is to also incorporate named-checkzone and some sort of
email notification into the restart section of your init script.

As always test, and you milage may vary.

Cheers,
Brian

On Sun, Sep 11, 2011 at 10:35 AM, Dan White  wrote:

> @Jon - If you find an answer to your question, please post it to the list.
>  I'd like to see the answer and there are probably lots of other folks who
> would benefit from the info being in the mailing list archives.
>
> Good luck.
>
> On Sep 11, 2011, at 12:00 AM, Aaron Grewell wrote:
>
> Perhaps just add an exec step or two to your regular run? Put the file in a
> temp location then move it to the live one if it checks out?
> On Sep 10, 2011 8:01 PM, "Jon Forrest"  wrote:
> > On 9/10/2011 6:57 PM, Jonathan Stanton wrote:
> >>
> >> Maybe I'm missing something here, but I think Jon was asking
> >> something a bit different -- he doesn't want to check the validity of
> >> the erb template (i.e. ruby syntax check) but syntax check the named
> >> zone file generated by the template.
> >
> > Precisely. Maybe later I'll face the issue of ruby syntax
> > problems but right now I need to detect named syntax errors
> > before they cause problems.
> >
> >> So the tricky bit is how to get the variables out of the puppet
> >> manifests that the erb template needs to generate the output file
> >> that 'would' be generated by a new puppet run for this node --
> >> without the actual puppet run (as he asks at the end of the email).
> >
> > Precisely again.
> >
> >> My first thought is that the only accurate way to do this is by doing
> >> a full puppet run, as any part of the node's manifest could effect
> >> the variables used in the zone file template. You should be able to
> >> get away with a --noop run so the changes won't actually be applied
> >> (because noop does generate files from templates, but you would need
> >> to have a way to capture the newly generated zone file on the client
> >> host and run the named-checkzone there.
> >
> > That's what I figured. I was hoping that there would be an easier way
> > that could somehow do a facter run but only run the minimal amount
> > of puppet.
> >
> > Jon
> >
> >
> > --
> > You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> > To post to this group, send email to puppet-users@googlegroups.com.
> > To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> > For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
> >
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>



-- 


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] What is the deference of Puppi, MCollective and ControlTier?

[Brian Gupta]

I have also heard some good things about Rundeck as well.
http://rundeck.org/ -Brian

On Thu, Sep 8, 2011 at 11:44 PM, Yunfeng Xu  wrote:

> Hi,
>
> I am using puppet as my configuration solution, it is a very good for
> system-level configuration management and compliance. But it is not good at
> batch jobs. For now, I have three options: puppi, MCollective and
> ControlTier. I don't know much about them. Can anyone give me some advices
> that which of them is better at batch jobs.
>
> Thanks
> Yunfeng
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>



-- 


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] A working firewall module

[Brian Gupta]

On Sun, Jul 10, 2011 at 12:15 PM, Ronen Narkis  wrote:

> Iv been going through a multitude of firewall modules not being able to
> find a simple module that open and closes ports on Redhat/Centos 5.6
>
> All the modules that iv tried keep open ports multiple times (each time
> puppet agent runs):
>
>  ACCEPT
> -A INPUT -p tcp -m multiport --dports 80 -m comment --comment "Allow
> clarity" -m state --state NEW -j ACCEPT
> -A INPUT -p tcp -m multiport --dports 5672 -m comment --comment "JMS port"
> -m state --state NEW -j ACCEPT
> -A INPUT -p tcp -m multiport --dports 1099 -m comment --comment "Allow rmi"
> -m state --state NEW -j ACCEPT
> -A INPUT -p tcp -m multiport --dports  -m comment --comment "Allow jmx"
> -m state --state NEW -j ACCEPT
> -A INPUT -p tcp -m multiport --dports  -m comment --comment "Allow jmx"
> -m state --state NEW -j ACCEPT
> -A INPUT -p tcp -m multiport --dports 5672 -m comment --comment "JMS port"
> -m state --state NEW -j ACCEPT
> -A INPUT -p tcp -m multiport --dports 55672 -m comment --comment "Allowing
> rabbit managment port" -m state --state NEW -j ACCEPT
> -A INPUT -p tcp -m multiport --dports 1099 -m comment --comment "Allow rmi"
> -m state --state NEW -j ACCEPT
> -A INPUT -p tcp -m multiport --dports 80 -m comment --comment "Allow
> clarity" -m state --state NEW -j ACCEPT
>
> Among the modules iv tried:
>
> https://github.com/pdeaudney/puppet-firewall
> https://github.com/puppetlabs/puppetlabs-firewall
>
> Iv also tried:
>
> https://github.com/duritong/puppet-shorewall
>
> And didn't manager to get it going,
>
> Id be grateful to Any reference to a simple working Redhat/Centos module
>
> Ronen
>

I haven't looked at it closely yet (but I plan to), but I've heard good
things about this module:
https://labs.riseup.net/code/projects/shared-shorewall

-- 
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>



-- 


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] ec2 initial server prep tips and tricks

[Brian Gupta]

Take a look at https://help.ubuntu.com/community/CloudInit

Also consider using an ENC, and passing class information as user data.

-Brian


On Sat, May 28, 2011 at 6:10 AM, S Ahmed  wrote:
> Say I need to fireup a new ec2 instance to add to my cluster.
> Currently what I know to do is (Ubuntu):
> sudo apt-get install ruby libshawdow-ruby1.8
> sudo apt-get install puppet facter
> (and maybe some other things like build-essential etc).
> Would this be a good idea?
> Create a script that contains the above, and then when a new server goes
> like I do:
> curl -O http://url_to_script.sh
> run script
>
> Other that this, I guess it is a manual process for figuring out the host of
> the server, and adding that host to the puppet master based on what kind of
> node this will be (web, db server, etc)
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Client updates

[Brian Gupta]

Douglas,

I have to concur with disconnect, now that we are using Foreman, many
of the things we setup in the past to catch these things are now
redundant. I don't know why you "don't like" Foreman, but I have to
say along with our initial decision to use puppet, and managing our
configs with version control, adopting Foreman stands up there as one
of our big infrastructure management wins. (And we aren't even
using Foreman's provisioning capabilities).

May I ask why you don't like Foreman? (We were for a long time
hesitant to use Foreman, as it wasn't an "official" project, but we
had reached a point where we needed a new ENC, and a technical
evaluation of both Foreman and Dashboard lead us to the realization
that functionality-wise it was a lot closer to what we needed. (And I
suspect your needs may be similar to ours.)

Cheers,
Brian

On Wed, May 25, 2011 at 1:54 PM, Disconnect  wrote:
> Foreman can email error reports automatically. (Without having to use the
> GUI..) IIRC you can also make it email actions (changes) - if not, it
> shouldn't be that hard to add.
>
> We use nagios to check puppet's state file for age - if it is too old,
> puppet hasn't run. Between those two, afaict, we're covering basically
> everything. And once a day, foreman also emails a status summary
> ('interesting' hosts - changes, failures, outdated/no report, etc)
>
> Puppet tries to run, finds a problem: Foreman emails the report.
> Puppet runs and makes changes, no errors: Do you want email? It'll show on
> the 'active hosts' page, and in the nightly summary email.
> Puppet doesn't run: Nagios alerts on that host
>
> And FWIW I'm the only sysadmin (also at a startup w/ no dev environment for
> puppet) and its really not impossible to get identical servers. (In fact,
> our first answer to "wtf is wrong with server21-foo" is "meh, whatever,
> trash the vm and recreate it".. Well.. thats first after "lets make sure it
> didn't get hacked" of course..) My workload went -way- down once puppet was
> working properly (complete manifests) and even more when I got foreman's vm
> deployments going.
>
> On Wed, May 25, 2011 at 1:48 PM, Douglas Garstang 
> wrote:
>>
>> Executed successfully =
>> a) No syntax errors
>> b) No dependency errors
>> c) No other weird stuff
>> Just because there are no dependency errors on one system, doesn't mean
>> that there won't be dependency errors on another system. No two systems are
>> ever identical, so spot checks won't cover all bases.
>> We're a startup with limited resources, with the typical total lack of
>> resources. We don't have the luxury of a dev environment. We have 4 data
>> centres, different rules for each, and one is PCI compliant, which is akin
>> to having a root canal done every time you touch it. Even if we did, that
>> doesn't preclude making sure everything ran ok. It's still needed.
>> Doug.
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Client updates

[Brian Gupta]

On Wed, May 25, 2011 at 1:29 PM, Douglas Garstang
 wrote:
> On Wed, May 25, 2011 at 10:22 AM, Brian Gupta 
> wrote:
>>
>> Basically the ways I know of:
>>
>> 1) Don't run puppet as a daemon, but run it out of cron every X mins.
>> 2) Setup a cronjob that checks if puppet is running and restart it if not.
>> 3) Setup a nagios job that checks to see if puppet is running
>> 4) Presuming you are managing your puppet code in some sort of version
>> control system, you can "publish" the latest timestamp of your latest
>> commit, and also push that out via puppet, and setup a nagios check
>> that compares them and if they ever are behind by more than X mins you
>> can crit on it. You could take this a step further and have nagios
>> automatically restart puppet if they are behind, but if you think it
>> might be a syntax error, I would probably skip that. (As an aside you
>> should do syntax checking before committing. I added the commands to
>> do so below)
>> 5) Foreman (or dashboard) can monitor puppet runs, and flag any broken
>> runs.
>>
>> Check syntax:
>> puppet --noop --parseonly memcached.pp
>>
>> Check erb syntax:
>> erb -x -T '-' memcached-sessions.erb |ruby -c
>>
>> We use a combination of 2,3,4 and 5.
>>
>
> I must have phrased my question wrong, because it seems to have been
> misinterpreted. We're pretty much doing everything you suggested, with the
> exception of Foreman, which I don't like.
> I just need a way to confirm that the changes I made to the config were
> executed successfully. I also need to know if other changes snuck in
> somehow, and everything has gone south for one reason or another. The only
> way I can think of to do this, is to actually force puppet to do a run, and
> then eyeball /var/log/messages immediately.
> Doug.

What do you mean by "executed successfully"? Assuming I understand
your question correctly, if it is untested code, and it passes a
syntax checker, and doesn't generate errors, you pretty much need to
spot check at least one one system that the code in question does what
you intended. Many folks do this in a dev environment, before pushing
it to their puppetmaster. I don't really see a way around this that
wouldn't end up being a lot more work than it's worth.

> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Client updates

[Brian Gupta]

Basically the ways I know of:

1) Don't run puppet as a daemon, but run it out of cron every X mins.
2) Setup a cronjob that checks if puppet is running and restart it if not.
3) Setup a nagios job that checks to see if puppet is running
4) Presuming you are managing your puppet code in some sort of version
control system, you can "publish" the latest timestamp of your latest
commit, and also push that out via puppet, and setup a nagios check
that compares them and if they ever are behind by more than X mins you
can crit on it. You could take this a step further and have nagios
automatically restart puppet if they are behind, but if you think it
might be a syntax error, I would probably skip that. (As an aside you
should do syntax checking before committing. I added the commands to
do so below)
5) Foreman (or dashboard) can monitor puppet runs, and flag any broken runs.

Check syntax:
puppet --noop --parseonly memcached.pp

Check erb syntax:
erb -x -T '-' memcached-sessions.erb |ruby -c

We use a combination of 2,3,4 and 5.

Cheers,
Brian

On Wed, May 25, 2011 at 1:12 PM, Douglas Garstang
 wrote:
> I probably waste quite a bit of time each week restarting the puppet client,
> and logging systems, and tailing the messages file, to see if my puppet
> changes worked. Is there a better way? How do people normally do this?
> Sure, I can use puppetrun or mcollective to cause puppet to do a config run
> on the client, but I still need to log in and look at the messages file. The
> reports that the clients generate, and which are available on the server
> contain, I believe yield enough information to determine if there was any
> syntax errors or not. I guess they contain more, but, even though they are
> yaml files, they contain ruby objects, which non ruby parsers won't read.
> Would have been nice if it was standard yaml.
> Anyway ideas?
> Doug.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Advice for managing package versions with CentOS/yum

[Brian Gupta]

On Tue, Apr 12, 2011 at 7:02 PM, elliott  wrote:

> Hi all, looking for some general advice for how people are doing
> this...
>
> We have some packages that *must* be kept at a particular version
> (e.g. httpd, php) because our code and configurations depend on it.
> As far as I'm aware, in puppet, the only parameter that can be passed
> to a package type describing version information is the ensure
> directive, i.e. something like:
>
> package { "httpd":
>ensure => "2.2.3-43.el5.centos",
> }
>
> Which means that we must specify both package version (2.2.3) *and*
> RPM release version (43) to be installed.  This seems to work fine,
> except when CentOS branches to a new release, and suddenly my specific
> RPM release is not available in the new yum repo anymore (current
> version is now httpd-2.2.3-45.el5.centos).
>
> Anyone have any advice for dealing with this?  I'd rather not mirror
> the entire CentOS-Base repository locally at version 5.5 just so my
> few packages are available...
>

You can specify a package source, that isn't from a repo. IE: You can
specify the RPM package provider, and specify the source for the RPMs in
question from a URL or local file.

See the following for more details:
http://docs.puppetlabs.com/references/latest/type.html#package

-Brian


> Thanks!
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>



-- 


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: Dashboard "write" API (was Re: [Puppet Users] Role-based access in Dashboard)

[Brian Gupta]

On Thu, Mar 3, 2011 at 4:25 PM, James Turnbull  wrote:

> Brian Gupta wrote:
> > We find it frequently useful to be able to set variables from within
> > puppet to communicate information from one module or class to another,
> > or to save state across puppet runs.  It also makes cloud management and
> > bootstrapping easier to be able to specify classes/variables from a
> > command line script being used to spin up nodes.
> >
> > Also, going forward, it would be very helpful for the API to be an equal
> > citizen of the GUI. IE: There shouldn't really be anything that you can
> > do via the GUI, that you can't do programmatically. This will also allow
> > for the creation of CLI based tools that can interact with Puppet
> > Dashboard, which is rather important to us.
> >
> > Please let me know if you have any further questions.
> >
> >
>
> Brian
>
> The API is currently much more fully featured than the GUI. Have you
> seen Luke and Dan's Puppet-Interfaces work?
>
> I think it'll give you most (and perhaps more) of what you want.
>
> https://github.com/lak/puppet-interfaces
> https://github.com/bodepd/puppet-interfaces
>
> Regards
>
> James
>

We'll definably check it out. I'm wondering right now who's version we
should start testing, and where we install it? Also does it interface
directly with dashboard, or is everything proxied through the puppetmaster?

--
> James Turnbull
> Puppet Labs
> 1-503-734-8571
>
>


-- 
<http://aws.amazon.com/solutions/solution-providers/brandorr/>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: Dashboard "write" API (was Re: [Puppet Users] Role-based access in Dashboard)

[Brian Gupta]

On Thu, Mar 3, 2011 at 12:27 PM, Randall Hansen wrote:

> On Mar 3, 2011, at 9:20 AM, Brian Gupta wrote:
>
> > Also, going forward, it would be very helpful for the API to be an equal
> citizen of the GUI.
>
> I agree, Brian.  While we plan to improve Dashboard's GUI for those who
> want it, it's often hard to beat a CLI for efficiency and repeatability.
>

Yes it will also make it possible to integrate with Ubuntu's cloud-init
framework, which has quickly become the standard for cloud-based post-spinup
node customization and configuration, with CentOS and other distro support
included. Amazon has even adopted it now. That said, cloud-init is no longer
just an EC2 option, with Eculyptus and Openstack support builtin for private
cloud deployments. The way I envision using it is is to pass the node it's
hostname, classes, custom puppet variables and a user-data script that
cloud-init would use to install puppet, and have the node register itself
with DNS and Dashboard.

> Please let me know if you have any further questions.
>
> Absolutely.  I'll keep your name on my list, and we'll make our plans in
> public.
>

Any sense on a timeframe? (I just saw James' email. I will reply separately
later tonight.)


> r
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>


-- 
<http://aws.amazon.com/solutions/solution-providers/brandorr/>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: Dashboard "write" API (was Re: [Puppet Users] Role-based access in Dashboard)

[Brian Gupta]

We find it frequently useful to be able to set variables from within puppet
to communicate information from one module or class to another, or to save
state across puppet runs.  It also makes cloud management and bootstrapping
easier to be able to specify classes/variables from a command line script
being used to spin up nodes.

Also, going forward, it would be very helpful for the API to be an equal
citizen of the GUI. IE: There shouldn't really be anything that you can do
via the GUI, that you can't do programmatically. This will also allow for
the creation of CLI based tools that can interact with Puppet Dashboard,
which is rather important to us.

Please let me know if you have any further questions.

-Brian

On Wed, Mar 2, 2011 at 7:28 PM, James Turnbull  wrote:

> Brian Gupta wrote:
> > Randall, sorry for the offtopic response, but our team needs a "write"
> > API before RBAC. WIthout it Dashboard is a non-starter in our shop.
>
> Brian
>
> Can you articulate what you'd like to see from this API whilst we're
> here and I'll capture it in a ticket.
>
> Thanks
>
> James
>
> --
> James Turnbull
> Puppet Labs
>  <1-503-734-8571> <1-503-734-8571>1-503-734-8571
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>


-- 
<http://aws.amazon.com/solutions/solution-providers/brandorr/>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Role-based access in Dashboard

[Brian Gupta]

Randall, sorry for the offtopic response, but our team needs a "write" API
before RBAC. WIthout it Dashboard is a non-starter in our shop.

As for your RBAC question, I envision a time when, through dashboard, you
will be able to handle complex provisioning workflows, being able to give
people execution, view and write access to all workflows, nodes, classes,
variables and tasks. Also to be able to separately manage GUI access vs API
access, while not critical, might be useful. I imagine a group of operators
who can mix and match classes to make new node types through the UI, but
can't access the underlying code. (or some who can). Notification control
would probably be something useful to RBAC.

-Brian

On Wed, Mar 2, 2011 at 2:02 PM, Randall Hansen wrote:

> Good people ~
>
> Role-based access will be one of the next big features in Dashboard.  If
> this is something that would help you, will you tell me the minimum features
> that you would consider useful?  That is, the features without which RBAC
> would be useless to you.
>
> I'm sure there'll be disagreement; right now I'm just gathering
> requirements.  Once we have feedback from multiple channels we'll work on
> prioritizing and creating a roadmap.
>
> Thanks!
>
> r
>
> --
> Randall Hansen; Director of User Experience; rand...@puppetlabs.com
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>


-- 


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] best way of handling source installs

[Brian Gupta]

Typically I think people precompile and make custom OS packages. -Brian

On Tue, Mar 1, 2011 at 6:34 PM, russell.fulton wrote:

> Hi
>
> I have a number of apps that need to be installed from tarballs --
> simple tar -zxf; configure;  make install...
> with a possible extra parameter to configure (usually prefix).
>
> There are no prepackaged versions of these available as they are very
> specialised application (security related).
>
> I can handle these with an exec or series of execs in a define but I
> wondered if there was a better way or if someone else has already dome
> something along these lines.
>
> I did try google but I could not narrow the search down enough to be
> useful...
>
> Russell
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>


-- 


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Where to put External Nodes in Multiple Environments?

[Brian Gupta]

Second vote for "ack", it is awesome for "grepping" through source
code trees. Details here: http://betterthangrep.com/ (Note that it is
available as an OS packages for many OSes/distros).

-Brian

On Mon, Feb 28, 2011 at 10:34 PM, Brian Gallew  wrote:
> Doug, there's a command-line tool called "ack" which is an enhanced grep
> replacement.  It will probably do what you wat with finding your nodes.
>
> On Mon, Feb 28, 2011 at 4:43 PM, Douglas Garstang 
> wrote:
>>
>>
>> On Mon, Feb 28, 2011 at 1:17 PM, Alan Barrett  wrote:
>>>
>>> On Mon, 28 Feb 2011, Douglas Garstang wrote:
>
> How is it possible to use external nodes as local files?  I was under
> the impression that node_terminus=exec or node_terminus=ldap were the only
> ways of using external nodes.

 Really? That might be because everyone seems to be on the LDAP external
 node bandwagon. You can put a "external_nodes = 

Re: [Puppet Users] Puppetmaster/Amazon EC2/DNS

[Brian Gupta]

You have two options that I would advocate.
1) Have your clients register with your bind server, and have it
propagate to a solid DNS distribution layer like dnsmadeeasy. (Which
has truly static and well known DNS server addresses, with reasonable
uptime history. There are a few players in this space.
2) Have your clients directly register with Amazon's own Route53 DNS
service. It takes care of almost everything, if you are willing to use
Amazon's API.

We do both, but now that Amazon has their own service, we lean towards
#2, but frankly don't have enough time to say that Amazon has a DNS
offering that is significantly more or less reliable than other DNS
servers. Based on their past record of non-DNS uptime, I would guess
that relatively speaking they are a very solid choice.

Does this help?

Cheers,
Brian

On Wed, Feb 23, 2011 at 4:08 AM, Romain Pelisse  wrote:
> Hi,
> I'm using Amazon EC2 and I'm planning to use puppet to deploy automatically
> my instances, however, I have an issue I can't rely think through.
> As most people advised, I used a DNS server (bind to be precise) so that my
> instances can register to it but also ask this DNS Server the IP of the
> puppetmaster. However, as this DNS server is also running on Amazon EC2
> instance it does not have a "static" IP. So I tried to associate it with an
> "elastic IP" - ie a static IP but (for unexplained reasons yet) it's
> failing. I've been fighting with this for a little while and I'm starting to
> wonder if my all approach is not wrong.
> If you do deploy on Amazon EC2, how do you address this situation ?
> --
> Romain PELISSE,
> "The trouble with having an open mind, of course, is that people will insist
> on coming along and trying to put things in it" -- Terry Pratchett
> http://belaran.eu/wordpress/belaran
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet NYC Meetup?

[Brian Gupta]

Guys,

Sorry for the late response. I've spoken with Luke about talking at the
NYLUG meeting on the 17th, and going out for dinner/drinks afterwards. Luke
is on board, and the folks who run NYLUG are as well.

Currently we are working with IBM to reserve the meeting space for the
evening of the 17th. In all likelihood this shouldn't be a problem, but it's
not official yet.

Once the announcement goes out I will forward here, and everyone will need
to RSVP. (Please do RSVP as soon as the announcement goes out, as there is a
chance we could run out of space, as the last NYLUG puppet talk was very
well attended.)

Cheers,
Brian

- Brian Gupta

New York City user groups calendar:
http://nyc.brandorr.com/



On Mon, Jan 25, 2010 at 12:38 PM, Luke Kanies wrote:

> Hi all,
>
> I'm going to be in NYC on February 17th, probably starting Monday the 15th.
>  Anyone in a position to help organize a meetup while I'm there?
>
> Also, if you're at a company and would like me to come to chat about your
> Puppet usage, ping me and I'll hopefully be able to fit it in.
>
> Thanks,
> Luke
>
> --
> I have never met a man so ignorant that I couldn't learn something
> from him. --Galileo Galilei
> -
> Luke Kanies  -|-   http://reductivelabs.com   -|-   +1(615)594-8199
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Fwd: New York City Puppet presentation Wednesday Nov 18th.

[Brian Gupta]

-- Forwarded message --
From: bgupta 
Date: Sat, Nov 14, 2009 at 8:05 PM
Subject: Puppet presentation Wednesday Nov 18th.
To: puppet-nyc 


Please register here: http://rsvp.nylug.org/

We should be getting together after the preso, if folks want to
exchange notes. (Likely at the TGI Fridays near the IBM Building where
the NYLUG meeting will be held).

Announcement: http://www.nylug.org/home/index.shtml

Larry Ludwig
- on -
Puppet: What it is and how can it make system administration less
painful
** Please note important information about: this meeting **

   Please join us on Wednesday, November 18th, 2009 for a discussion
of Reductive Labs' Centralized configuration management framework,
Puppet.

   Puppet is a model-driven open source framework designed to
efficiently manage data center infrastructure. It's the sysadmin's
best friend, reducing error counts and downtime, saving countless
hours and providing significantly higher service quality. Puppet lets
sysadmins spend less time on mundane tasks and instead focus on
managing their infrastructure as a whole.

   System administrators have long written custom scripts and tools
to help automate common tasks such as configuration management and
system updates. But as networks scale and reach outside the corporate
firewall, custom tools become yet another management headache.

   The benefits of automated infrastructure go beyond policy-enforced
consistency and auditing. In conjunction with virtualizaton, the
ability to reliably create new systems running consistent services
creates auto-scaling applications as well as test systems identical to
production environments.

   Puppet abstracts the system from the system administration,
providing developers and system administrators with a simple service-
based policy framework that allows for more consistent, transparent
and flexible systems.

   Puppet is currently in use at many organizations, large and small,
including: Google, Yahoo, and RedHat.

   More Information:

       * Puppet
       * Reductive Labs
       * Puppet Wiki
       * Puppet users discussion
       * Puppet developers discussion
       * Puppet NYC User Group

   About Larry Ludwig:
   Larry Ludwig is a Solutions Architect at Brandorr Group LLC. Larry
has been in the industry for over 15 years as a system administrator,
DBA and system programmer. He`s had previous experience working for
Fortune 500 corporations and holds a BS in CS from Clemson University.
Larry has written over 120 puppet modules. Larry, along with Eric E.
Moore and Brian Gupta are founding members of the NYC Puppet
Usergroup.

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Thanks for coming out last night, and sorry for the venue confusion. Planning future meetings.

[Brian Gupta]

Good to see some new and familiar faces... I had a great time.

One thing that I'd like to discuss is what kind of meetings we have
had so far, and what kind of meetings people would like to see in the
future.

In the past we have had two types of "meetings"
1) Socials (at bar/restaurant, with no particular topic other than an
interest in puppet)
2) Co-meetings with other user groups, where an introduction to puppet
presentation has been given (Larry and Eric so far)

It was brought up last night that people would like to have dedicated
puppet technical meetings covering advanced topics that may be of
little interest to a general audience. e.g.:
- Writing modules
- Using external node classification tools
- Writing erb templates
- Using various modules (MySQL, Nagios, etc).
- Implementing version control
- etc...

It would be good to hear people's thoughts on what kind of meetings we
should be having. (I'm thinking maybe alternating technical/social,
with the occasional outreach meeting with another user group - e.g. -
We haven't presented with NYLUG yet.)

Also, it would be good to hear from people that are interested in
presenting, and what topics they might be interested in
presenting.(And or hearing about)
.
Cheers,
Brian

P.S. - Venue suggestions are welcome. (Especially for presentations).

-- 
- Brian Gupta

New York City user groups calendar:
http://nyc.brandorr.com/

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: NYC Puppet Meetup

[Brian Gupta]

Actually, the only user group that is meeting on Feb 3rd is the NYLUG
Python Workshop. (That I am aware of). Although I regret even this
conflict, please be aware that the reason Larry suggested Feb 3rd is
because some folks are visiting from out of town and are leaving the
next day. So the only other possible day was Monday Feb 2nd, and that
was non workable for a number of people.

Please don't expect "first Tuesday" to necessarily be a regular
occurrence. (IE: I will try to find a day that has even fewer
conflicts).

:)

Cheers,
Brian

On Mon, Jan 19, 2009 at 12:40 PM, Ajai Khattri  wrote:
> Yeah, let's have it on the day that half a dozen other NY user groups have
> their meetings shall we? :-)
>
>
> On Thu, Jan 15, 2009 at 10:10 AM, Larry Ludwig  wrote:
>>
>> Hi All,
>>
>> We are wanting to having a Puppet Meetup in NYC on February 3th, 2009,
>> 6:30 PM.  Place to be determined.  Baring that my wife doesn't give
>> birth by then (which would prevent me from making it) how does this
>> sound to everyone else?
>>
>> Brian G.,
>> Can you rally up the troops and also invite people from other groups?
>> Also let's have some specific topics to discuss.
>>
>>
>
>
>
> --
> Aj.
>
>
> >
>

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] NYC Puppet meeting: Feb 3rd at Westside Brewery 6:30pm

[Brian Gupta]

For more info on venue, I am posting the "Google Maps" link:
http://tinyurl.com/6u4jdx

As a recap we are meeting from 6:30-8:30pm on February 3rd at the
Westside Brewery.

Please try and RSVP to the puppet-nyc list, as currently I am planning
on reserving a table for 12, and need to know if I need to up the
reservation.

-Brian

P.S. - I changed the thread subject, since the date is pretty much locked.

On Sun, Jan 18, 2009 at 1:02 PM, Brian Gupta  wrote:
> After talking with Larry, I proposed "Westside Brewery" as the location. I
> was gonna reserve a table for 12. (Which we could adjust depending on how
> many people want to come)
>
> Anyone have any objections to venue?
>
> On Jan 18, 2009 11:42 AM, "Brian Gupta"  wrote:
>
> Looking at the calendar Feb. 3rd is doable. Let's try to quickly
> narrow down a location, before spreading the word. Any requirements?
> Assuming we want to meet somewhere that has food?
>
> For now I will go ahead and put it on the "NYC User Groups" Google
> Calendar with a location TBD for now. (6:30-8:30pm)
>
> As far as topics go, I am pretty open, but would definitely like to
> find out if anyone has experience with Enterprise Ruby. Also, I am
> looking to explore: debgem vs dpkg-tools (Two tools to make deploying
> gems via Debian packages easier) http://www.debgem.com/  and
> http://reprocessed.org/tags/dpkg-tools
>
> Also we are using puppet "in the cloud" so we could definitely talk to
> Rinaldo about that.
>
> Cheers,
> -Brian
>
> --
> - Brian Gupta
>
> New York City user groups calendar:
> http://nyc.brandorr.com/
>
> On Thu, Jan 15, 2009 at 10:10 AM, Larry Ludwig  wrote: >
>> Hi All, > > We are w...

-- 
- Brian Gupta

New York City user groups calendar:
http://nyc.brandorr.com/

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: NYC Puppet Meetup

[Brian Gupta]

After talking with Larry, I proposed "Westside Brewery" as the location. I
was gonna reserve a table for 12. (Which we could adjust depending on how
many people want to come)

Anyone have any objections to venue?

On Jan 18, 2009 11:42 AM, "Brian Gupta"  wrote:

Looking at the calendar Feb. 3rd is doable. Let's try to quickly
narrow down a location, before spreading the word. Any requirements?
Assuming we want to meet somewhere that has food?

For now I will go ahead and put it on the "NYC User Groups" Google
Calendar with a location TBD for now. (6:30-8:30pm)

As far as topics go, I am pretty open, but would definitely like to
find out if anyone has experience with Enterprise Ruby. Also, I am
looking to explore: debgem vs dpkg-tools (Two tools to make deploying
gems via Debian packages easier) http://www.debgem.com/  and
http://reprocessed.org/tags/dpkg-tools

Also we are using puppet "in the cloud" so we could definitely talk to
Rinaldo about that.

Cheers,
-Brian

--
- Brian Gupta

New York City user groups calendar:
http://nyc.brandorr.com/

On Thu, Jan 15, 2009 at 10:10 AM, Larry Ludwig  wrote: >
> Hi All, > > We are w...

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: NYC Puppet Meetup

[Brian Gupta]

Looking at the calendar Feb. 3rd is doable. Let's try to quickly
narrow down a location, before spreading the word. Any requirements?
Assuming we want to meet somewhere that has food?

For now I will go ahead and put it on the "NYC User Groups" Google
Calendar with a location TBD for now. (6:30-8:30pm)

As far as topics go, I am pretty open, but would definitely like to
find out if anyone has experience with Enterprise Ruby. Also, I am
looking to explore: debgem vs dpkg-tools (Two tools to make deploying
gems via Debian packages easier) http://www.debgem.com/  and
http://reprocessed.org/tags/dpkg-tools

Also we are using puppet "in the cloud" so we could definitely talk to
Rinaldo about that.

Cheers,
-Brian

-- 
- Brian Gupta

New York City user groups calendar:
http://nyc.brandorr.com/

On Thu, Jan 15, 2009 at 10:10 AM, Larry Ludwig  wrote:
>
> Hi All,
>
> We are wanting to having a Puppet Meetup in NYC on February 3th, 2009,
> 6:30 PM.  Place to be determined.  Baring that my wife doesn't give
> birth by then (which would prevent me from making it) how does this
> sound to everyone else?
>
> Brian G.,
> Can you rally up the troops and also invite people from other groups?
> Also let's have some specific topics to discuss.
>
> >
>

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: host management database/webinterface

[Brian Gupta]

On Mon, Oct 13, 2008 at 12:58 PM, Phillip Scholz
<[EMAIL PROTECTED]> wrote:
> hi $puppet-users,
>
> a while ago someone on this list wrote about a webinterface implementing
> a database for nodes.
> it had a very simple design if a recall correctly and has been based on
> a sql rdbms afaik.
> there was a demo of it, I think.
>
> does anyone remember the name of this tool?
>
> I only found conary, but I thought it was way more lightweight.
>
> thanks,
>Phillip
>
> --
>
>


Are you thinking of iClassify? https://wiki.hjksolutions.com/display/IC/Home

-- 
- Brian Gupta

http://opensolaris.org/os/project/nycosug/

http://www.genunix.org/wiki/index.php/OpenSolaris_New_User_FAQ

New York City user groups calendar:
http://www.google.com/calendar/embed?src=nycusergroups%40brandorr.com&ctz=America/New_York

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: Trying to gem install mysql

[Brian Gupta]

On Mon, Sep 22, 2008 at 8:52 PM, Blake Barnett <[EMAIL PROTECTED]> wrote:
>
> I'd also recommend using a .gemrc file (managed by puppet!) to add "--
> no-rdoc --no-ri" since it's usually what everyone wants as the
> default, especially in production.
>
> -Blake
>
> On Sep 22, 2008, at 1:46 PM, Ashley Penney wrote:
>
>>
>> You could just do exec { "gem-install-mysql": command => "gem install
>> mysql --no-rdoc --no-ri -- --with-mysql-config=/usr/bin/mysql_config",
>> }
>>
>> Then you can rely on require => Exec["gem-install-mysql"] elsewhere.
>>
>> On Mon, Sep 22, 2008 at 2:15 PM, Ed Greenberg
>> <[EMAIL PROTECTED]> wrote:
>>>
>>> I need to do this in puppet:
>>>
>>>  gem install mysql --no-rdoc --no-ri -- --with-mysql-config=/usr/bin/
>>> mysql_config
>>>
>>> Not sure how to express any of the arguments to gem install in my
>>> puppet Package stanza.
>>>
>>> can somebody explain?,
>>>
>>>>
>>>
>>
>> >
>
>
> >
>


more ~/.gemrc

update: -B 10
install: -B 10
gem: --no-ri --no-rdoc

-- 
- Brian Gupta

http://opensolaris.org/os/project/nycosug/

http://www.genunix.org/wiki/index.php/OpenSolaris_New_User_FAQ

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: some query about puppet node configuration management

[Brian Gupta]

Look for an external node classification tool like iClassify.
iClassify let's you store all the puppet variables and class
assignments for individual nodes in a central database.

On Mon, Sep 22, 2008 at 3:26 PM, Subhasis Dasgupta
<[EMAIL PROTECTED]> wrote:
> Hi,
> I apologize for  my previous posting , because it may not be very much clear
> about the problem. My problem is , from  outside of the puppet I want to
> modify / update my puppet node configuration . Conventional,  storing of
> node details in a file is not an ideal solution for me because  I want to
> update the file very frequently , and as it's a distributed system
> eventually ,  more than one node can try to modify the same node
> configuration file at same time. So , I am thinking is there any good
> solution exist or not ? May I use storeconfigs utility for this purpose. Or
> I have to use LDAP mechanism to store , delete and update the nodes.
>
> I will be very much thank if some one help me .
>
> --
> Subhasis Dasgupta
>
> Kaavo Inc
>
> www.kaavo.com
> Phone : +919830282548
> skype : subhasis.dasgupta
>
> >
>




-- 
- Brian Gupta

http://opensolaris.org/os/project/nycosug/

http://www.genunix.org/wiki/index.php/OpenSolaris_New_User_FAQ

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Setting up a syslog-ng server with puppet?

[Brian Gupta]

Anyone have any recipes for this? Also logrotate bits would help.

-- 
- Brian Gupta

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: Getting started.. quick start guide?

[Brian Gupta]

On Tue, Sep 16, 2008 at 1:21 PM, Brian Mathis <[EMAIL PROTECTED]> wrote:
>
> From what I've been reading about puppet I think it's the answer to my
> (and every sysadmin's) prayers.  I've been going over the docs at the
> reductive labs web site, and I've found a short introduction using the
> 'sudo' example, but the next step I've found there is "everything".
>
> Does anyone know of a guide or site that can get someone going on
> puppet quickly, without having to swallow the whole system at once?
>
> Thanks
>
> >
>

James Turnbull's book "Pulling Strings with Puppet" is a decent intro.


-- 
- Brian Gupta

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---