[Puppet Users] Exit status of "puppet agent --test"

[Chris Ritson]

Does a manual puppet agent run (puppet agent --test) have a defined exit status 
to indicate if errors were detected? This is not described by the built-in 
help. In two test cases, I have only seen a return code of 2. Both runs made 
some changes. One had warnings, the other didn't.

--
Chris Ritson (School of Computing and NUIT Cybersecurity team)
Newcastle University, NE1 7RU
Tel: +44(0)1912080073

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/LO2P302MB004479A539180A1C626DE416C6929%40LO2P302MB0044.GBRP302.PROD.OUTLOOK.COM.

RE: [Puppet Users] Mount NFS share defined in hiera

[Chris Ritson]

The code I have been given for an NFS mount is like this. Note the module in 
use on the first line….

types::files:
  # derdanne/nfs takes care of mountpoint creation.
  '’:
ensure: directory
mode: '0775'

debconfs:
  'apparmor/homedirs':
ensure: present
type: string
value: 
seen: 'true'
notify: Exec[dr_apparmor]

nfs::client_enabled:  true
nfs::manage_packages: true
nfs::nfs_v4_client:   false

nfs_client_mounts:
  :
server: 
share:  

--
Chris Ritson (School of Computing)
Newcastle University, NE1 7RU
Tel: +44(0)1912080073

From: puppet-users@googlegroups.com 
Sent: 24 February 2023 11:13
To: Digest recipients 
Subject: [Puppet Users] Digest for puppet-users@googlegroups.com - 1 update in 
1 topic


⚠ External sender. Take care when opening links or attachments. Do not provide 
your login details.
puppet-users@googlegroups.com<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fforum%2F%3Futm_source%3Ddigest%26utm_medium%3Demail%23!forum%2Fpuppet-users%2Ftopics=05%7C01%7Cchris.ritson%40newcastle.ac.uk%7C792abff5d80b4ab0e2d008db165806cb%7C9c5012c9b61644c2a91766814fbe3e87%7C1%7C0%7C638128341016272032%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=9R0rbbYlDg0EbAkCr%2BJ7u8KNHzaNjhBYm%2FEt1TxjqSU%3D=0>
Google 
Groups<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fforum%2F%3Futm_source%3Ddigest%26utm_medium%3Demail%2F%23!overview=05%7C01%7Cchris.ritson%40newcastle.ac.uk%7C792abff5d80b4ab0e2d008db165806cb%7C9c5012c9b61644c2a91766814fbe3e87%7C1%7C0%7C638128341016428305%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=jQo6gLwy104tZ4ZQ5f3RbnLu%2FBKlh4gRKPLBn2WXPoU%3D=0>
[Image removed by 
sender.]<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fforum%2F%3Futm_source%3Ddigest%26utm_medium%3Demail%2F%23!overview=05%7C01%7Cchris.ritson%40newcastle.ac.uk%7C792abff5d80b4ab0e2d008db165806cb%7C9c5012c9b61644c2a91766814fbe3e87%7C1%7C0%7C638128341016428305%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=jQo6gLwy104tZ4ZQ5f3RbnLu%2FBKlh4gRKPLBn2WXPoU%3D=0>
Topic digest
View all 
topics<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fforum%2F%3Futm_source%3Ddigest%26utm_medium%3Demail%23!forum%2Fpuppet-users%2Ftopics=05%7C01%7Cchris.ritson%40newcastle.ac.uk%7C792abff5d80b4ab0e2d008db165806cb%7C9c5012c9b61644c2a91766814fbe3e87%7C1%7C0%7C638128341016428305%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=KdyPZjMdxpttqHKI6o9qT74ZprPdYse%2Bdkn%2FX93RDbw%3D=0>
·  Mount NFS share defined in hiera - 1 Update
Mount NFS share defined in hiera 
<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgroups.google.com%2Fgroup%2Fpuppet-users%2Ft%2F6110781cf613c832%3Futm_source%3Ddigest%26utm_medium%3Demail=05%7C01%7Cchris.ritson%40newcastle.ac.uk%7C792abff5d80b4ab0e2d008db165806cb%7C9c5012c9b61644c2a91766814fbe3e87%7C1%7C0%7C638128341016428305%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=MdzQD9u1eWR5DCyufdo%2BcUwJ17xQomJSxzqjc9OLqgM%3D=0>
Laci D : Feb 23 11:45AM -0800

I'm looking for manifest, hiera example which can mount an NFS defined in
a hiera_hash.

Someone must have one, thank you!
Back to top
You received this digest because you're subscribed to updates for this group. 
You can change your settings on the group membership 
page<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fforum%2F%3Futm_source%3Ddigest%26utm_medium%3Demail%23!forum%2Fpuppet-users%2Fjoin=05%7C01%7Cchris.ritson%40newcastle.ac.uk%7C792abff5d80b4ab0e2d008db165806cb%7C9c5012c9b61644c2a91766814fbe3e87%7C1%7C0%7C638128341016428305%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=IjoeHMyAQwsqwtLRgNol%2Frn3iW5aj16AdEy4Y8OzbXY%3D=0>.
To unsubscribe from this group and stop receiving emails from it send an email 
to 
puppet-users+unsubscr...@googlegroups.com<mailto:puppet-users+unsubscr...@googlegroups.com>.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/LO2P302MB0044E5FB514B13870B81DD0BC6A89%40LO2P302MB0044.GBRP302.PROD.OUTLOOK.COM.

Re: [Puppet Users] SQL Error updating certnames PDB6.22.1

[Chris Hoffman]

Okay, cool, so I just need to downgrade postrgres, as I don't want to take
on a 6->7 upgrade right now.

Thanks.

On Thu, Dec 1, 2022 at 11:51 AM austin...@puppet.com <
austin.bl...@puppet.com> wrote:

> We noticed this when attempting to add testing for Postgres 15 and put up
> a maintenance commit that fixed it
> https://github.com/puppetlabs/puppetdb/commit/689e4cbae0773363bb9722fad5a8d7f415b00737.
> The commit message describes the two breaking changes in Postgres 15 that
> affected PuppetDB (one was a test-only issue), but what you are seeing is a
> change that made the Postgres query parser more strict and it started
> rejecting the query given its lack of space between the parameter and the
> AND clause.
>
> Given the late stage of Puppet Platform 6's lifecycle, we currently only
> added support for Postgres 15 to PuppetDB 7. There is a Puppet Platform 7
> release scheduled soon, so the packages that fix this issue will be
> available shortly.
>
> - Austin
>
> On Thursday, December 1, 2022 at 7:13:43 AM UTC-8 ch...@picomes.com wrote:
>
>> Yes, that is the issue... the question is, where is this generated, and
>> how do I fix it...
>>
>> On Thursday, December 1, 2022 at 1:51:07 AM UTC-5 dhei...@opentext.com
>> wrote:
>>
>>> Am Mittwoch, dem 30.11.2022 um 07:58 -0800 schrieb Chris Hoffman:
>>>
>>> certname = $3AND
>>>
>>>
>>> Is this a typo or is there really no blank between "$3" and "AND"? If
>>> there really isn't one, that would explain it.
>>>
>>> Bye...
>>>
>>> Dirk
>>>
>>> --
>>>
>>> *Dirk Heinrichs*
>>> Senior Systems Engineer, Delivery Pipeline
>>> OpenText ™ Discovery | Recommind
>>> *Phone*: +49 2226 15966 18 <+49%202226%201596618>
>>> *Email*: dhei...@opentext.com
>>> *Website*: www.recommind.de
>>> Recommind GmbH, Von-Liebig-Straße 1, 53359 Rheinbach
>>> Vertretungsberechtigte Geschäftsführer Gordon Davies, Madhu Ranganathan,
>>> Christian Waida, Registergericht Amtsgericht Bonn, Registernummer HRB 10646
>>> This e-mail may contain confidential and/or privileged information. If
>>> you are not the intended recipient (or have received this e-mail in error)
>>> please notify the sender immediately and destroy this e-mail. Any
>>> unauthorized copying, disclosure or distribution of the material in this
>>> e-mail is strictly forbidden
>>> Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte
>>> Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail
>>> irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und
>>> vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte
>>> Weitergabe dieser Mail sind nicht gestattet.
>>>
>> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Puppet Users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/puppet-users/R7uzBTGJFXg/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/b81bbbf5-5ad5-45f3-b4dc-00bd14d68ea2n%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/b81bbbf5-5ad5-45f3-b4dc-00bd14d68ea2n%40googlegroups.com?utm_medium=email_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAL_djRy%3DNMTckKxyttWuv%3DUQ_HvLmZ0GGuzDibsJeJ26R1u6-A%40mail.gmail.com.

Re: [Puppet Users] SQL Error updating certnames PDB6.22.1

[Chris Hoffman]

Yes, that is the issue... the question is, where is this generated, and how 
do I fix it...

On Thursday, December 1, 2022 at 1:51:07 AM UTC-5 dhei...@opentext.com 
wrote:

> Am Mittwoch, dem 30.11.2022 um 07:58 -0800 schrieb Chris Hoffman:
>
> certname = $3AND
>
>
> Is this a typo or is there really no blank between "$3" and "AND"? If 
> there really isn't one, that would explain it.
>
> Bye...
>
> Dirk
>
> -- 
>
> *Dirk Heinrichs*
> Senior Systems Engineer, Delivery Pipeline
> OpenText ™ Discovery | Recommind
> *Phone*: +49 2226 15966 18 <+49%202226%201596618>
> *Email*: dhei...@opentext.com
> *Website*: www.recommind.de
> Recommind GmbH, Von-Liebig-Straße 1, 53359 Rheinbach
> Vertretungsberechtigte Geschäftsführer Gordon Davies, Madhu Ranganathan, 
> Christian Waida, Registergericht Amtsgericht Bonn, Registernummer HRB 10646
> This e-mail may contain confidential and/or privileged information. If you 
> are not the intended recipient (or have received this e-mail in error) 
> please notify the sender immediately and destroy this e-mail. Any 
> unauthorized copying, disclosure or distribution of the material in this 
> e-mail is strictly forbidden
> Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte 
> Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail 
> irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und 
> vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte 
> Weitergabe dieser Mail sind nicht gestattet.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/179ad794-77cc-4976-b4c2-b1252c4cf503n%40googlegroups.com.

[Puppet Users] SQL Error updating certnames PDB6.22.1

[Chris Hoffman]

Hello,

I'm seeing this error after updating PDB to 6.22.1 and PostgreSQL to 15

ERROR:  trailing junk after parameter at or near "$3A" at character 90
STATEMENT:  UPDATE certnames SET latest_report_id = 
$1,latest_report_timestamp = $2 WHERE certname = $3AND ( 
latest_report_timestamp < $4  OR latest_report_timestamp is NULL )

I don't see any relevant bugs in tickets.puppetlabs.com.

Puppet Version 6.27.0

Thanks,
Chris

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/3824da67-979b-4e5b-bcf9-41c485f2e95bn%40googlegroups.com.

[Puppet Users] Bolt running local script

[Chris Edwards]

Not sure if this is the correct place to post this question but I'll do it 
anyway

Hi!  I am trying to have Bolt run a script on my laptop for each target.  I 
don't want to execute a script on the target.   Obviously I am fairly new 
to Bolt.  Any help is appreciated.

Thanks,

Chris Edwards

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/fb0c2bc4-36f6-457b-b804-e798f7f0f81bo%40googlegroups.com.

Re: [Puppet Users] Mysqldump using puppet

[Chris]

You put the perl script and backup scripts in a module, and deploy as
files.  In my case, they are part of a private module called bayhosting:

file {
"/var/local/backups/mysql":
  ensure  => directory,
  mode  =>  '0700',
  owner  =>  'root',
  group  =>  'root',
  require => File['/var/local/backups'];

"/opt/bin/MySQLBackup.pl":
  source => "puppet:///modules/bayhosting/opt/bin/MySQLBackup.pl",
  owner   => 'root',
  group   => 'root',
  mode=> '0555';

"/root/backup.sh":
  source => "puppet:///modules/bayhosting/root/backup.sh",
  owner   => 'root',
  group   => 'root',
  mode=> '0555';
 }

And then you set up a cron job:

cron {
cron_mysqlbackup:
  command  =>  "/root/backup.sh",
  user  =>  root,
  hour  => 0,
  minute  => 0,
  require => File['/opt/bin/MySQLBackup.pl',"/var/local/backups/mysql",
"/root/backup.sh"];
}

On Sat, Aug 1, 2020 at 9:31 AM Md Juyel Haque 
wrote:

> if I write this code how will I run it from puppet
>
> On Sat, Aug 1, 2020 at 1:39 AM Chris  wrote:
>
>> I use this as my mysql backup script:
>> https://github.com/ghstwhl/MySQLBackup
>>
>> It expects that the credentials for the database are in ~/.my.cnf for the
>> user running the script.  If you are using puppetlabs/mysql to manage your
>> mysql database then this is already set up for you and you just need to run
>> your cron job as root.  Right now it assumes it is running on the DB server
>> itself, but the ParseMyCnf function could be easily tweaked to read the
>> server address from ~/.my.cnf if it exists and only default to localhost if
>> a host isn't specified.
>>
>> It doesn't currently send emails on errors, but you can fork the repo and
>> submit a PR and I'd be happy to merge.
>>
>>
>> -Chris
>>
>> On Sat, Aug 1, 2020 at 5:17 AM Md Juyel Haque <
>> haquemohammedju...@gmail.com> wrote:
>>
>>> Please help me.I want to create  script database backup. This should be
>>> deployed with the puppet scripts on the Tomcat server.
>>> Errors from the dump should be noted and an email sent to particular
>>> email address in case of errors/failure.
>>> The script should also take the IP addresses from the Cloudformation
>>> template specified and SCP the backup to each of these servers.
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Puppet Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to puppet-users+unsubscr...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/puppet-users/74ab9a41-6043-42db-8e25-68ec2adaa998o%40googlegroups.com
>>> <https://groups.google.com/d/msgid/puppet-users/74ab9a41-6043-42db-8e25-68ec2adaa998o%40googlegroups.com?utm_medium=email_source=footer>
>>> .
>>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/puppet-users/CAABnqB8rJDhgQFUrmGsnLTOuj6h15Q9ZaDjzBC%2BHJR%3DRi-8iLQ%40mail.gmail.com
>> <https://groups.google.com/d/msgid/puppet-users/CAABnqB8rJDhgQFUrmGsnLTOuj6h15Q9ZaDjzBC%2BHJR%3DRi-8iLQ%40mail.gmail.com?utm_medium=email_source=footer>
>> .
>>
>
>
> --
>
> Thanks & Regards,
> Md Juyel Haque | Sr. DevOps Engineer
> Phone No: 7047906982
> Email: haquemohammedju...@gmail.com
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/CAH_OGbb0g3aZkoQ%2BRvcph5am_JbER73H3sXwCz%2BS%2BW3k%3Dj_%2BFQ%40mail.gmail.com
> <https://groups.google.com/d/msgid/puppet-users/CAH_OGbb0g3aZkoQ%2BRvcph5am_JbER73H3sXwCz%2BS%2BW3k%3Dj_%2BFQ%40mail.gmail.com?utm_medium=email_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAABnqB-H3dhEx2bf0rL0iLgXSzqf0oi9prij_6S93bZqDO6D8g%40mail.gmail.com.

Re: [Puppet Users] Mysqldump using puppet

[Chris]

I use this as my mysql backup script:
https://github.com/ghstwhl/MySQLBackup

It expects that the credentials for the database are in ~/.my.cnf for the
user running the script.  If you are using puppetlabs/mysql to manage your
mysql database then this is already set up for you and you just need to run
your cron job as root.  Right now it assumes it is running on the DB server
itself, but the ParseMyCnf function could be easily tweaked to read the
server address from ~/.my.cnf if it exists and only default to localhost if
a host isn't specified.

It doesn't currently send emails on errors, but you can fork the repo and
submit a PR and I'd be happy to merge.


-Chris

On Sat, Aug 1, 2020 at 5:17 AM Md Juyel Haque 
wrote:

> Please help me.I want to create  script database backup. This should be
> deployed with the puppet scripts on the Tomcat server.
> Errors from the dump should be noted and an email sent to particular
> email address in case of errors/failure.
> The script should also take the IP addresses from the Cloudformation
> template specified and SCP the backup to each of these servers.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/74ab9a41-6043-42db-8e25-68ec2adaa998o%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/74ab9a41-6043-42db-8e25-68ec2adaa998o%40googlegroups.com?utm_medium=email_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAABnqB8rJDhgQFUrmGsnLTOuj6h15Q9ZaDjzBC%2BHJR%3DRi-8iLQ%40mail.gmail.com.

Re: [Puppet Users] Is the focal repo borked for Ubuntu 20.04 LTS (Focal Fossa)?

[Chris]

PEBKAC - ugh.  No more emails before coffee.  :)

On Tue, Jun 23, 2020 at 9:11 AM Chris  wrote:

> Greetings Eric,
>
> tl;dr - PEBKEC
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAABnqB-DuvUFJL%2B4x%2BBTwMT_yK3_pw%2BK2XOqEyCRpvhWWoGrGA%40mail.gmail.com.

Re: [Puppet Users] Is the focal repo borked for Ubuntu 20.04 LTS (Focal Fossa)?

[Chris]

Greetings Eric,

tl;dr - PEBKEC

  Thank you for the response.  Just to make sure I am not off my rocker, I
verified that I was getting this error on all my Ubuntu 20.04 instances.  I
was, so I built a clean Ubuntu 20 and started through my initialization
checklist.  After installing puppet6-release-focal.deb on a fresh VM, I too
was not getting the error.  That made me take a deeper look at the affected
machines.  In the comments in /etc/apt/sources.list.d/pc_repo.list I found
the note "# This file is managed by Puppet. DO NOT EDIT." and a bell went
off.  /etc/apt/sources.list.d/pc_repo.list was being managed by the
puppetlabs-puppet_agent module, which is why it wasn't removed when I
purged puppet6-release and re-installed it.  I'd forgotten to set
'collection', so the repo was getting stomped with the wrong collection.

Cheers,

-Chris


On Tue, Jun 23, 2020 at 5:08 AM Eric Griswold 
wrote:

> Hi Chris,
>
> I tried this on a fresh Ubuntu 20.04 VM and couldn't duplicate the
> problem. Would you be willing to send me a tarball of your *.list files to
> analyze?
>
> Thanks,
> Eric Griswold
> Puppet Release Engineering
>
>
> On 6/19/20 1:06 AM, Chris Knight wrote:
>
> I first encountered this problem a few days ago, and I thought I'd wait to
> see if it was repo corruption that would be fixed.  Sadly, even with a
> fresh install of the repo package I'm still getting this:
>
> root@babylonia:~# wget
> https://apt.puppetlabs.com/puppet6-release-focal.deb
> --2020-06-19 08:04:46--
> https://apt.puppetlabs.com/puppet6-release-focal.deb
> Resolving apt.puppetlabs.com (apt.puppetlabs.com)... 13.227.21.13,
> 13.227.21.8, 13.227.21.103, ...
> Connecting to apt.puppetlabs.com (apt.puppetlabs.com)|13.227.21.13|:443...
> connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 11732 (11K) [application/x-debian-package]
> Saving to: ‘puppet6-release-focal.deb’
>
> puppet6-release-focal.deb
> 100%[==>]
> 11.46K  --.-KB/sin 0s
>
> 2020-06-19 08:04:46 (121 MB/s) - ‘puppet6-release-focal.deb’ saved
> [11732/11732]
>
> root@babylonia:~# dpkg -i puppet6-release-focal.deb
> Selecting previously unselected package puppet6-release.
> (Reading database ... 104937 files and directories currently installed.)
> Preparing to unpack puppet6-release-focal.deb ...
> Unpacking puppet6-release (6.0.0-9focal) ...
> Setting up puppet6-release (6.0.0-9focal) ...
> root@babylonia:~# apt update
> Hit:1 https://apt.puppet.com focal InRelease
> Hit:2 http://apt.puppetlabs.com focal InRelease
> Hit:3 http://us.archive.ubuntu.com/ubuntu focal InRelease
> Hit:4 http://us.archive.ubuntu.com/ubuntu focal-updates InRelease
> Hit:5 http://us.archive.ubuntu.com/ubuntu focal-backports InRelease
> Hit:6 http://us.archive.ubuntu.com/ubuntu focal-security InRelease
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> All packages are up to date.
> W: Skipping acquire of configured file 'PC1/binary-amd64/Packages' as
> repository 'https://apt.puppet.com focal InRelease' doesn't have the
> component 'PC1' (component misspelt in sources.list?)
> W: Skipping acquire of configured file 'PC1/binary-all/Packages' as
> repository 'https://apt.puppet.com focal InRelease' doesn't have the
> component 'PC1' (component misspelt in sources.list?)
> W: Skipping acquire of configured file 'PC1/i18n/Translation-en' as
> repository 'https://apt.puppet.com focal InRelease' doesn't have the
> component 'PC1' (component misspelt in sources.list?)
> W: Skipping acquire of configured file 'PC1/i18n/Translation-en_US' as
> repository 'https://apt.puppet.com focal InRelease' doesn't have the
> component 'PC1' (component misspelt in sources.list?)
> W: Skipping acquire of configured file 'PC1/cnf/Commands-amd64' as
> repository 'https://apt.puppet.com focal InRelease' doesn't have the
> component 'PC1' (component misspelt in sources.list?)
> W: Skipping acquire of configured file 'PC1/cnf/Commands-all' as
> repository 'https://apt.puppet.com focal InRelease' doesn't have the
> component 'PC1' (component misspelt in sources.list?)
> root@babylonia:~#
>
> Is there something corrupted on my end that I can address?
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.goog

[Puppet Users] Is the focal repo borked for Ubuntu 20.04 LTS (Focal Fossa)?

[Chris Knight]

I first encountered this problem a few days ago, and I thought I'd wait to 
see if it was repo corruption that would be fixed.  Sadly, even with a 
fresh install of the repo package I'm still getting this:

root@babylonia:~# wget https://apt.puppetlabs.com/puppet6-release-focal.deb
--2020-06-19 08:04:46--  
https://apt.puppetlabs.com/puppet6-release-focal.deb
Resolving apt.puppetlabs.com (apt.puppetlabs.com)... 13.227.21.13, 
13.227.21.8, 13.227.21.103, ...
Connecting to apt.puppetlabs.com (apt.puppetlabs.com)|13.227.21.13|:443... 
connected.
HTTP request sent, awaiting response... 200 OK
Length: 11732 (11K) [application/x-debian-package]
Saving to: ‘puppet6-release-focal.deb’

puppet6-release-focal.deb   
  
100%[==>]
  
11.46K  --.-KB/sin 0s  

2020-06-19 08:04:46 (121 MB/s) - ‘puppet6-release-focal.deb’ saved 
[11732/11732]

root@babylonia:~# dpkg -i puppet6-release-focal.deb
Selecting previously unselected package puppet6-release.
(Reading database ... 104937 files and directories currently installed.)
Preparing to unpack puppet6-release-focal.deb ...
Unpacking puppet6-release (6.0.0-9focal) ...
Setting up puppet6-release (6.0.0-9focal) ...
root@babylonia:~# apt update
Hit:1 https://apt.puppet.com focal InRelease
Hit:2 http://apt.puppetlabs.com focal InRelease
Hit:3 http://us.archive.ubuntu.com/ubuntu focal InRelease
Hit:4 http://us.archive.ubuntu.com/ubuntu focal-updates InRelease
Hit:5 http://us.archive.ubuntu.com/ubuntu focal-backports InRelease
Hit:6 http://us.archive.ubuntu.com/ubuntu focal-security InRelease
Reading package lists... Done
Building dependency tree   
Reading state information... Done
All packages are up to date.
W: Skipping acquire of configured file 'PC1/binary-amd64/Packages' as 
repository 'https://apt.puppet.com focal InRelease' doesn't have the 
component 'PC1' (component misspelt in sources.list?)
W: Skipping acquire of configured file 'PC1/binary-all/Packages' as 
repository 'https://apt.puppet.com focal InRelease' doesn't have the 
component 'PC1' (component misspelt in sources.list?)
W: Skipping acquire of configured file 'PC1/i18n/Translation-en' as 
repository 'https://apt.puppet.com focal InRelease' doesn't have the 
component 'PC1' (component misspelt in sources.list?)
W: Skipping acquire of configured file 'PC1/i18n/Translation-en_US' as 
repository 'https://apt.puppet.com focal InRelease' doesn't have the 
component 'PC1' (component misspelt in sources.list?)
W: Skipping acquire of configured file 'PC1/cnf/Commands-amd64' as 
repository 'https://apt.puppet.com focal InRelease' doesn't have the 
component 'PC1' (component misspelt in sources.list?)
W: Skipping acquire of configured file 'PC1/cnf/Commands-all' as repository 
'https://apt.puppet.com focal InRelease' doesn't have the component 'PC1' 
(component misspelt in sources.list?)
root@babylonia:~# 

Is there something corrupted on my end that I can address?


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/e8485a70-3f64-4447-aeef-546ae6fb09dao%40googlegroups.com.

[Puppet Users] Re: Best practice for Puppet CA servers in multiple Data Centres - upgrading to v6

[chris]

Hi Luke,

thanks a lot for this information, it will be very useful.
Sorry I didn't reply earlier...

I was particularly interested in this bit as it seems it would back up my 
preference to tell the boss we need to make each DC independent with it's 
own CA master :)
Much simpler in my opinion.

Cheers
Chris


> Intermediate Certs looks a bit fiddly but might be an option. 
>> Just to clarify, using these would mean we could also standup new 
>> client-servers in the other DCs if the main DC goes down?
>>
>
> No, if you've got one CA / Signing Master, any new agent (fresh install) 
> would send it's CA signing requests to your Signing Master, also sometimes 
> called a Master of Masters.  If you had a critical need you could turn one 
> of your existing masters in a DC into a CA, and then fix up the certs later 
> - basically destroy and re-add all the Agents once the main DC was back 
> online.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/3db23025-14d3-47fb-830b-edab6f0f028a%40googlegroups.com.

[Puppet Users] Re: Best practice for Puppet CA servers in multiple Data Centres - upgrading to v6

[chris]

Hi Luke,

That's very interesting; thanks.

We do have 2 non-CA puppetmasters in each DC, so you are saying that client 
servers will continue to be able to call in, but we won't be able to setup 
any new ones?

We do only have one puppetdb & foreman in  the main DC.

Intermediate Certs looks a bit fiddly but might be an option. 
Just to clarify, using these would mean we could also standup new 
client-servers in the other DCs if the main DC goes down?

Cheers
Chris

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/db860386-c9dc-4e50-964e-0a60a0b01570%40googlegroups.com.

[Puppet Users] Best practice for Puppet CA servers in multiple Data Centres - upgrading to v6

[chris]

Hi Guys,

so we've got a few data centres spread across the world and are looking to 
upgrade from Puppet v4 to Puppet v6.

At the moment we just have the one CA in the original DC (fast growing 
company).

I like the idea of having a separate CA in each DC and having the "local" 
machine use that - simples .. ;)

However, I'd like to know if there are any sane alternatives as I'll need 
to persuade the rest of the team/mgrs.
Is it  possible/sane to just build a CA in each DC but have it not active 
and then rsync the certs across every hour/day  from the active CA & bring 
it up if (ie when)  the main CA/DC goes away.

Are there any other sensible ideas out there?
Ideally, what is the recommended best practice by Puppet (we are on the  
FOSS version, so I can't ask them).

FWIW, we use Foreman to keep an eye on stuff & I believe(?) it could be 
tricky to have multiple CAs talking to it ??
(I know nothing about how the foreman - puppet cxn works).

Cheers
Chris

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/f5893bca-6997-48da-8945-9451d35a8903%40googlegroups.com.

[Puppet Users] Re: Roles and profiles dissent

[Chris Southall]

>
> > Good points and a nice example.  In the case of my basic module I'm 
> currently using a separate create_resources line for each class parameter. 
>  Is there a way to iterate over all class parameters using each() so I can 
> use a single nested loop to create everything? 
>
> You can - add an extra tier to the hash with the first level being the 
> resource name and then create a default hash with a key for each type you 
> use - but I simply don’t think it scales, especially once you need to merge 
> data from multiple layers of hiera. Even the deepest merge will, to my 
> knowledge, end up replacing and not augmenting the hash values under each 
> key.

...  

> A deep merge will merge in the the new key ‘package’, but *replace* the 
> ‘user’ key, resulting in rnelson0 and appuser everywhere but only 
> localbackups on node ‘somenode’. Because of this, it’s not as flexible as 
> you’d think. You can see more detail at 
> https://puppet.com/docs/puppet/5.0/hiera_merging.html (can’t find the 6.x 
> link but to the best of my knowledge, it works the same). 
>

I thought about the extra tier to the hash approach, but decided against it 
due to the merge behavior.  A simple merge at the top level provides good 
enough flexibility and predictable results.

It also doesn’t scale because you’re writing YAML not code, as Luke 
> suggested earlier. Testing is difficult, and troubleshooting is difficult, 
> and ordering is even more difficult. If you want to, say, add a repo and 
> make sure it’s managed prior to any packages, you’re gonna have to spell 
> out the ordering in your YAML, whereas something like ‘Repo <| tag == 
> “class” |> -> Package <| tag == “class” |>’ within a class can set that 
> ordering only for the related resources much more easily.
>
 
This is more to my original point.  I'd just as soon avoid writing code and 
define my environment in data, although you do need to define resource 
dependencies explicitly this way and testing/troubleshooting is a concern.  
I've found troubleshooting to be fairly straight forward to this point, 
although the environment is growing and complexity with it.  For testing I 
generally sacrifice a goat (an expendable system) to see that changes I've 
added do what's expected before releasing to the full target audience.

The last thing I’d point out is that composition is a really good pattern, 
> and a one-class-does-it-all is an anti-pattern to that. Doing just what you 
> need in a series of single, small classes allows you to easily compose a 
> desired state through a role that includes the relevant, and just the 
> relevant, classes. Within each profile, you should be able to delineate 
> much of the specifics, rather than dynamically determine them at runtime 
> via a superclass. 
>
>  

> Perhaps a question to ask is, how opinionated are your profiles, and how 
> opinionated should they be? IMO, very, and that would probably lower the 
> number of resources you need to dynamically define.


The profiles we currently use have a significant number of parameters to 
customize behavior, so we do have a good amount of data in hiera.  This is 
what led me to think: "if I'm putting this much in hiera, why not put 
everything in hiera?".   I couldn't really come up with a good reason not 
to go this route, so I started this thread.

Since reading the reasoning here I've continued to think about this off and 
on and still have a hard time with the idea of hard-coding configuration.  
It seems like a bit of a paradox within puppet.  When writing modules it is 
generally accepted to separate any configuration data from the module code, 
but when writing profiles go ahead and hard code as many values as 
possible.  I've been trained to think that separating data from code is a 
"Good Thing", so going counter to that makes me question my own existence.

For those who may be interested, I've re-visited my module on the forge and 
updated it to use proper iteration with abstract types instead of 
create_resources() per the previous points made in this thread.  My 
software comes with no warranty expressed or implied.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/c6df5106-238f-45bc-a313-58532959aa29%40googlegroups.com.

[Puppet Users] Re: Roles and profiles dissent

[Chris Southall]

>
> 1) create_resources() is a bit of a kludge left over from puppet 3. 
> Starting in puppet 4 (and 3’s future parser), iteration was added. Instead 
> of create_resources($some_hash), you would say $some_hash.each |$title, 
> $options| {} and create each resource inside the block. You can still use 
> hiera to get the hash as an automatic parameter lookup on the class, but 
> the creation of resources is a bit more explicit. 
>

So you discourage use of create_resources() is favor of each().  I can get 
on board with that.
 

> 2) you also get the chance to define defaults, which means users don’t 
> necessarily have to provide everything! Create a $defaults hash and assign 
> it plus the defined overrides as (say for a user) user {$title: * => 
> $defaults + $options}. This merges the options and defaults and applies the 
> resulting hash as the parameters and values for the resource. You can keep 
> your hiera tidier by creating sane defaults and only specifying the 
> overrides in hiera. Have a new default? Modify the code once and all the 
> resources in hiera benefit from it, unless they explicitly override it. 
>

In fairness, create_resources() also lets you set defaults.
 

> A practical example of this might be creating local users on nodes without 
> access to a central auth mechanism, maybe in staging. In your code you 
> create some defaults: 
>
>   $defaults = { 
> ensure => present, 
> password_max_age => 90, 
> shell => ‘/bin/fish’, 
>   } 
>
> Your hiera might look like: 
>
> profile::linux::local_users: 
>   rnelson0: 
> password: ‘hash1’ 
> groups: 
> - wheel 
> password_max_age: 180 
>   root: 
> password: “hash2” 
> password_max_age:  
>   lbigum: 
> ensure: absent 
>
> In your code, you iterate over the class parameter local_users and combine 
> your defaults with the specific options: 
>
>   $local_users.each |$title, $options| { 
> user { $title: 
>   * => defaults + $options, 
> } 
>   } 
>
> Now my user is created, root’s password is changed and set to basically 
> never expire, and Luke’s account is deleted if it exists. 
>
> This is a good way to combine the power of hiera with the predictability 
> of puppet DSL, maintain unit and acceptance tests, and make it easy for 
> your less familiar puppet admins to manage resources without having to know 
> every single attribute required or even available in order to use them 
> without going too far down the road of recreating a particular well known 
> CM system. It’s always a bit of a balancing act, but I find this is a 
> comfortable boundary for me and one that my teammates understand. 
>

Good points and a nice example.  In the case of my basic module I'm 
currently using a separate create_resources line for each class parameter.  
Is there a way to iterate over all class parameters using each() so I can 
use a single nested loop to create everything?

 

> There a lot more power to iteration that can be found in the puppet 
> documentation and particularly this article by RI that I still reference 
> frequently 
> https://www.devco.net/archives/2015/12/16/iterating-in-puppet.php 
>

Thanks for sharing!
 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/4daec92c-a88c-4994-83cd-3677b7d375ca%40googlegroups.com.

[Puppet Users] Re: Roles and profiles dissent

[Chris Southall]

Hi Luke.  Thanks for a thoughtful and detailed response.

Quite a similar question was posted about two weeks back, you might find 
> that very interesting:
> https://groups.google.com/forum/#!topic/puppet-users/NW2yuHMJvsY
>

I saw this, and have been kicking around the idea leading to this post

If you are a confident Puppet Coder, you might prefer to import the source, 
> patch the module to add your feature, then submit the patch back upstream.
>

This is likely part of my problem.  I am not a confident puppet coder, 
probably closer to barely competent.
  

> When using roles and profiles you end up declaring all the module 
>> parameters again to avoid losing functionality and flexibility.
>>
>
> ... Not sure I agree with that statement.  That sounds odd.  Why would you 
> be re-declaring module parameters if you're not changing something from the 
> defaults?  And if you are intending to change something, then of course you 
> are supplying different parameters?
>

Lets say a module has 10 parameters and supplies defaults for most of 
them.  When writing a profile you have to choose how many of the class 
parameters can remain defaults, how many to override, and how many to 
expose as profile parameters.  It's sounds fine to limit the number of 
parameters at the profile, right up until you hit an edge case that doesn't 
work with the default values and the parameter you need to change now 
requires a profile update...
 

> You also need to be familiar with all the classes, types, and parameters 
>> from all modules in order to use them effectively.
>>
>
> Ideally the README page of a module would contain amazing user level 
> documentation of how the module should work... but not that many do.  I 
> often find I have to go read the Puppet code itself to figure out exactly 
> what a parameter does.
>

Ditto on the documentation.  Some modules are better than others, and of 
course you can review the manifests, but with my admitted weakness in 
Puppet DSL it's not always immediately apparent to me what some classes are 
doing.
 

> To avoid all of the above, I put together the 'basic' module and posted it 
>> on the forge:  https://forge.puppet.com/southalc/basic
>>
>
> Ok :-) I'm beginning to see what the core of your problem is.  The fact 
> that you've created your own module to effectively do create_resources() 
> hash definitions says to me that you haven't quite grasped the concepts of 
> the Role / Profile design pattern.  I know I have a very strong view on 
> this subject and many others will disagree, but personally I think the Role 
> / Profile pattern and the "do-everything-with-Hiera-data" pattern are 
> practically incompatible.
>

I'd like to think I grasp the roles/profiles concept, but am just not 
convinced it's a better approach.  Abstracting away configuration details 
and exposing a limited set of parameters results in uniform 
configurations.  In doing so it also seems it limits flexibility and 
ensures that you'll continue to spend a good deal of time maintaining your 
collection of profiles/modules.
 

> This module uses the hiera_hash/create_resources model for all the native 
>> puppet (version 5.5) types, using module parameters that match the type 
>> (exceptions for metaparameters, per the README).  The module also includes 
>> the 'file_line' type from puppetlabs/stdlib, the 'archive' type from 
>> puppet/archive, and the local defined type 'binary', which together provide 
>> a simple and powerful way to create complex configurations from hiera.  All 
>> module parameters default to an empty hash and also have a merge strategy 
>> of 'hash' to enable a great deal of flexibility.  With this approach I've 
>> found it possible to replace many single purpose modules it's much faster 
>> and easier to get the results I'm looking for.
>>
>
> A Hiera-based, data-driven approach will always be faster to produce a 
> "new" result (just like writing Ansible YAML is faster to produce than 
> Puppet code)...  It's very easy to brain dump configuration into YAML and 
> have it work, and that's efficient up to a certain point.  For your simple 
> use cases, yes, I can completely see why you would be looking at the Role 
> Profile pattern and saying to yourself "WTF for?".  I think the tipping 
> point of which design method becomes more efficient directly relates to how 
> complicated (or how much control) you want over your systems.
>

A number of people I've talked to like Ansible because of the easy learning 
curve and great time-to-results.
 

> The more complicated you go, the more I think you will find that Hiera 
> just doesn't quite cut it.  Hiera is a key value store.  You can start 
> using some neat tricks like hash merging, you can look up other keys to 
> de-duplicate data... When you start to model more and more complicated 
> infrastructure, I think you will find that you don't have enough power in 
> Hiera to describe what you want to describe, and that you need an 

[Puppet Users] Roles and profiles dissent

[Chris Southall]

Our site is using a collection of puppet modules to manage various Linux 
components using the roles and profiles model.  While it works OK for the 
most part, I often find it necessary to update a module or profile for some 
reason or other.  Modules obtained from puppet forge sometimes don't quite 
do what is needed, and writing good quality modules on your own can be a 
challenge.  When using roles and profiles you end up declaring all the 
module parameters again to avoid losing functionality and flexibility.  You
also need to be familiar with all the classes, types, and parameters from 
all modules in order to use them effectively.  

To avoid all of the above, I put together the 'basic' module and posted it 
on the forge:  https://forge.puppet.com/southalc/basic

This module uses the hiera_hash/create_resources model for all the native 
puppet (version 5.5) types, using module parameters that match the type 
(exceptions for metaparameters, per the README).  The module also includes 
the 'file_line' type from puppetlabs/stdlib, the 'archive' type from 
puppet/archive, and the local defined type 'binary', which together provide 
a simple and powerful way to create complex configurations from hiera.  All 
module parameters default to an empty hash and also have a merge strategy 
of 'hash' to enable a great deal of flexibility.  With this approach I've 
found it possible to replace many single purpose modules it's much faster 
and easier to get the results I'm looking for.

Yes, the hiera data can become quite large, but I find it much easier to 
manage data in hiera than coding modules with associated logic, parameters, 
templates, etc.  Is this suitable for hyper-scale deployment?  Maybe not, 
but for a few hundred servers with a few dozen configuration variants it 
seems to work nicely.  Is everyone else using puppet actually happy with 
the roles/profiles method?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/e7014908-5e5d-4525-af28-4936d75fb685%40googlegroups.com.

[Puppet Users] merging hashes with puppet lookup function

[Chris Southall]

I'm trying to merge hiera hashes using the lookup function as described 
here:
https://puppet.com/docs/puppet/5.5/hiera_automatic.html#puppet-lookup

Here's my test:

Hiera config file:
==
---
version: 5
defaults:
  datadir: hiera
  data_hash: yaml_data

hierarchy:
  - name: "Test 1"
path: "test1.yaml"

  - name: "Test 2"
path: "test2.yaml"
==



File: "test1.yaml" 
==
---
simple::package:
  package1:
ensure: 'installed'
==



File: "test2.yaml"
==
---
simple::package:
  package2:
ensure: 'installed'
==


Lookup works as expected - the first match is found.
puppet lookup --hiera_config ./hiera.yaml simple::package
==
---
package1:
  ensure: installed
==


When merge strategy set to hash, the lookup returns results from both hiera 
files.
lookup --hiera_config ./hiera.yaml --merge hash simple::package 
==
---
package2:
  ensure: installed
package1:
  ensure: installed
==


Everything makes sense to this point.  Now to apply this in a manifest.


Here's my test class, specifying 'hash' merge strategy to lookup()
==
class simple (
  Hash $package = lookup('simple::package', Hash, 'hash', {}),
) {
  create_resources('Package',$package)
}
==


Apply (noop) the module, but only 'package1' gets defined as a package 
resource.  Shouldn't the lookup
have merged the hashes?  ('package2' is definately not already installed)
==
sudo puppet apply --modulepath=${modpath} --hiera_config=${hieraconf} 
--execute "include simple" --test --noop
Info: Loading facts
Info: Loading facts
Notice: Compiled catalog for mynode in environment production in 0.02 
seconds
Info: Applying configuration version '1560036315'
Notice: /Stage[main]/Simple/Package[package1]/ensure: current_value 
'purged', should be 'present' (noop)
Notice: Class[Simple]: Would have triggered 'refresh' from 1 event
Notice: Stage[main]: Would have triggered 'refresh' from 1 event
Notice: Applied catalog in 0.22 seconds
==


I've tried setting the merge strategy in the class lookup function using 
string or hash syntax, with both
'hash' and 'deep' as the strategy, but can't get the class to merge the 
hashes.  Am I missing something
with the lookup function?

$ puppet -V
5.5.14

# hiera -V
3.4.6


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/e8546627-f2a5-45ca-a42d-b454e052a90f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Could not retrieve file metadata for puppet:///files/limits-conf: Error 500 on SERVER: Server Error: Not authorized to call find on /file_metadata/files/limits-conf

[Chris Phillips]

I thought the same and have tried that to no avail. I believe its because we 
are storing the files outside of the standard modules directory ie 
/etc/puppetlabs/code where as we are using /etc/puppetlabs/example/code.

Thanks,
Chris

> On May 28, 2019, at 6:03 AM, Alessandro Franceschi  wrote:
> 
> In the file resource which manages /etc/bashrc you have probably a parameter 
> like:
> source => puppet:///files/etcbashrc 
> 
> that should be something like:
> 
> source => puppet:///modules/$MODULENAME/etcbashrc 
> 
> this implies that your source etcbashrc file is in a module called 
> $MODULENAME in the files/etcbashrc location (note that you don't have to 
> specify "files" in the source param.
> 
> For details:
> https://puppet.com/docs/puppet/6.4/modules_fundamentals.html#files-in-modules 
> <https://puppet.com/docs/puppet/6.4/modules_fundamentals.html#files-in-modules>
> 
> On Thursday, May 23, 2019 at 10:13:38 PM UTC+2, Chris Phillips wrote:
> I am using Puppet v5.5.13 and am receiving the following error. Any help 
> would be appreciated. 
> 
> Error: /Stage[main]/Profiles::Base/File[/etc/bashrc]: Could not evaluate: 
> Could not retrieve file metadata for puppet:///files/etcbashrc: Error 500 on 
> SERVER: Server Error: Not authorized to call find on 
> /file_metadata/files/etcbashrc with {:rest=>"files/etcbashrc", 
> :links=>"manage", :checksum_type=>"md5", :source_permissions=>"ignore"}
> 
> 
> 
> My auth.conf looks like:
> 
> 
> 
> authorization: {
> 
> version: 1
> 
> allow-header-cert-info: false
> 
> rules: [
> 
> {
> 
> # Allow file metadata
> 
> match-request: {
> 
> path: "^/file_(metadata|content)/files/"
> 
> type: regex
> 
> }
> 
> allow: "*"
> 
> sort-order: 400
> 
> name: "access to all file metadata"
> 
> },
> 
> {
> 
> # Allow any file access
> 
>   match-request: {
> 
> path: "^/puppet/v3/file_(content|metadata)s?/files"
> 
> type: regex
> 
> method: [get, post]
> 
> }
> 
> allow: "*"
> 
> sort-order: 400
> 
> name: "access to all files"
> 
> },
> 
> {
> 
> # Allow nodes to retrieve their own catalog
> 
> match-request: {
> 
> path: "^/puppet/v3/catalog/([^/]+)$"
> 
> type: regex
> 
> method: [get, post]
> 
> }
> 
> allow: ["$1"]
> 
> sort-order: 500
> 
> name: "puppetlabs catalog"
> 
> },
> 
> {
> 
> # Allow nodes to retrieve the certificate they requested earlier
> 
> match-request: {
> 
> path: "/puppet-ca/v1/certificate/"
> 
> type: path
> 
> method: get
> 
> }
> 
> allow-unauthenticated: true
> 
> sort-order: 500
> 
> name: "puppetlabs certificate"
> 
> },
> 
> {
> 
> # Allow all nodes to access the certificate revocation list
> 
> match-request: {
> 
> path: "/puppet-ca/v1/certificate_revocation_list/ca"
> 
> type: path
> 
> method: get
> 
> }
> 
> allow-unauthenticated: true
> 
> sort-order: 500
> 
> name: "puppetlabs crl"
> 
> },
> 
> {
> 
> # Allow nodes to request a new certificate
> 
> match-request: {
> 
> path: "/puppet-ca/v1/certificate_request"
> 
> type: path
> 
> method: [get, put]
> 
> }
> 
> allow-unauthenticated: true
> 
> sort-order: 500
> 
> name: "puppetlabs csr"
> 
> },
> 
> {
> 
> # Allow the CA CLI to access the certificate_status endpoint
> 
> match-request: {
> 
> path: "/puppet-ca/v1/certificate_status"
> 
> type: path
> 
> method: [get, put, delete]
> 
> }
> 
> allow: [
> 
> "localhost",
> 
> &

[Puppet Users] Could not retrieve file metadata for puppet:///files/limits-conf: Error 500 on SERVER: Server Error: Not authorized to call find on /file_metadata/files/limits-conf

[Chris Phillips]

I am using Puppet v5.5.13 and am receiving the following error. Any help 
would be appreciated. 

*Error: /Stage[main]/Profiles::Base/File[/etc/bashrc]: Could not evaluate: 
Could not retrieve file metadata for puppet:///files/etcbashrc: Error 500 
on SERVER: Server Error: Not authorized to call find on 
/file_metadata/files/etcbashrc with {:rest=>"files/etcbashrc", 
:links=>"manage", :checksum_type=>"md5", :source_permissions=>"ignore"}*


*My auth.conf looks like:*


authorization: {

version: 1

allow-header-cert-info: false

rules: [

{

# Allow file metadata

match-request: {

path: "^/file_(metadata|content)/files/"

type: regex

}

allow: "*"

sort-order: 400

name: "access to all file metadata"

},

{

# Allow any file access

  match-request: {

path: "^/puppet/v3/file_(content|metadata)s?/files"

type: regex

method: [get, post]

}

allow: "*"

sort-order: 400

name: "access to all files"

},

{

# Allow nodes to retrieve their own catalog

match-request: {

path: "^/puppet/v3/catalog/([^/]+)$"

type: regex

method: [get, post]

}

allow: ["$1"]

sort-order: 500

name: "puppetlabs catalog"

},

{

# Allow nodes to retrieve the certificate they requested earlier

match-request: {

path: "/puppet-ca/v1/certificate/"

type: path

method: get

}

allow-unauthenticated: true

sort-order: 500

name: "puppetlabs certificate"

},

{

# Allow all nodes to access the certificate revocation list

match-request: {

path: "/puppet-ca/v1/certificate_revocation_list/ca"

type: path

method: get

}

allow-unauthenticated: true

sort-order: 500

name: "puppetlabs crl"

},

{

# Allow nodes to request a new certificate

match-request: {

path: "/puppet-ca/v1/certificate_request"

type: path

method: [get, put]

}

allow-unauthenticated: true

sort-order: 500

name: "puppetlabs csr"

},

{

# Allow the CA CLI to access the certificate_status endpoint

match-request: {

path: "/puppet-ca/v1/certificate_status"

type: path

method: [get, put, delete]

}

allow: [

"localhost",

"example.com",

{

extensions: {

pp_cli_auth: "true"

}

}

]

sort-order: 500

name: "puppetlabs cert status"

},

{

# Allow the CA CLI to access the certificate_statuses endpoint

match-request: {

path: "/puppet-ca/v1/certificate_statuses"

type: path

method: get

}

allow: [

"localhost",

"example.com",

{

extensions: {

pp_cli_auth: "true"

}

}

]

sort-order: 500

name: "puppetlabs cert statuses"

},

{

# Allow unauthenticated access to the status service endpoint

match-request: {

path: "/status/v1/services"

type: path

method: get

}

allow-unauthenticated: true

sort-order: 500

name: "puppetlabs status service - full"

},

{

match-request: {

path: "/status/v1/simple"

type: path

method: get

}

allow-unauthenticated: true

sort-order: 500

name: "puppetlabs status service - simple"

},

{

match-request: {

path: "/puppet-admin-api/v1/environment-cache"

type: path

method: delete

}

allow: [

"localhost",

"example.com",

]

sort-order: 200

name: "environment-cache"

},

{

match-request: {

path: "/puppet-admin-api/v1/jruby-pool"

type: path

method: delete

}

allow: [

"localhost",

"example.com",

]

sort-order: 200

name: 

[Puppet Users] Re: [ACTION] Changes to release package links

[Chris Taylor]

Try 
http://release-archives.puppet.com/yum/el/7/PC1/x86_64/puppetlabs-release-pc1-1.1.0-5.el7.noarch.rpm

Just be aware it will probably install a repo with yum.puppetlabs.com into 
/etc/yum.repos.d/, so you will need to update the path to the appropriate 
place.


On Wednesday, May 15, 2019 at 11:25:19 PM UTC+1, michael mack wrote:
>
> How do you get the following old repo to work?
>
> rpm -Uvh https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm
>
>
> On Monday, April 22, 2019 at 2:31:09 PM UTC-7, Molly Waggett wrote:
>>
>> TLDR: On May 14, 1. yum release packages will move to the top-level of 
>> yum.puppet.com; 2. links to nightly release packages will be removed 
>> from {yum,apt}.puppet.com; and 3. PC1 (and older) packages will be moved 
>> to release-archives.puppet.com. 
>>
>> All Puppet-maintained tooling and documentation referencing these paths 
>> will be updated by the time these changes are made. Please ensure that 
>> you are using current versions.
>>
>> Read on for details, especially if you've written custom tooling with 
>> hard-coded download paths (e.g. CI testing or provisioning workflows).
>>
>> ---*---*---
>>
>> Hey folks,
>>
>> In an effort to reduce clutter and confusion on some of our public 
>> download sites (yum.puppet.com, apt.puppet.com, downloads.puppet.com, 
>> and nightlies.puppet.com), we are planning to make some changes. 
>>
>> 1. Release packages (for all active streams) will live at the top level 
>> only. 
>>
>> This change only affects yum.puppet.com (and nightlies.puppet.com/yum), 
>> giving us consistency with the layout on apt.puppet.com. Currently, yum 
>> release packages live inside their corresponding repo directory, e.g. 
>> yum.puppet.com/puppet6/puppet6-release-fedora-28.noarch.rpm 
>> . 
>> THESE WILL BE REMOVED. 
>>
>> Here are some examples of where you will be able to find release packages:
>>
>> Old: yum.puppet.com/puppet6/puppet6-release-el-7.noarch.rpm
>>
>> New: yum.puppet.com/puppet6-release-el-7.noarch.rpm
>>
>> Old: nightlies.puppet.com/yum/puppet-nightly/
>> puppet-nightly-release-sles-12.noarch.rpm
>>
>> New: nightlies.puppet.com/yum/puppet-nightly-release-sles-12.noarch.rpm
>>
>> These new paths are currently available for use. We plan to remove the 
>> old ones on May 14. Please plan to make all updates during this period. 
>>
>> 2. There will be no links to nightlies from main download sites.
>>
>> Links like yum.puppet.com/puppet-nightly 
>>  and 
>> apt.puppet.com/puppet-nightly  
>> WILL BE REMOVED on May 14.
>>
>> If you're looking for nightlies, visit nightlies.puppet.com. The 
>> directory structure will match that of our main download sites.
>>
>> 3. All PC1 (and older) packages will be removed from {yum, apt, 
>> downloads}.puppet.com. 
>>
>> PC1 (which includes puppet-agent 1.10.x and puppet 4.10.x) is reaching 
>> end-of-life, so all packages will be moved to release-archives.puppet.com 
>> on May 14 and no further updates will be made to these streams.
>>
>> ---*---*---
>>
>> We have set up a temporary s3 bucket that reflects the new layout if 
>> you’d like to test changes before the cutover:  
>> yum-test.puppet.com.s3-website-us-west-2.amazonaws.com
>>
>> PLEASE NOTE that s3 buckets are not naturally browsable on the web. If 
>> you visit the above url in your browser, the info you'll see is NOT 
>> ACCURATE. You CAN, however, download packages via wget/curl/etc. so this 
>> should only affect human eyes.
>>
>> If you have any questions or concerns about these changes, please 
>> reply-all to this email.
>>
>> Thanks!
>>
>> -- 
>> *Molly Waggett*
>> she/her/hers
>> Release Engineer @ Puppet, Inc.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/a28bd1dd-f956-468c-b0ab-a367620c8a73%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] facter to return version of an installed package

[Chris Taylor]

You'd be better declaring netplan as a requires:

if $operatingsystem == "Ubuntu" { 
  if versioncmp($facts['os']['release']['full'], '18') >= 0 { 
package { 'netplan':
  ensure => present,
}
file { "/etc/netplan/windows-dhcp.yaml": 
  mode=> '0644', 
  owner   => "${rootUID}", 
  group   => "${rootGID}", 
  content => 
epp("${module_name}/etc/netplan/windows-dhcp.yaml.epp"), 
  requires => Package['netplan'],
} 
  } 
} 

If you only want netplan on specific systems, then you'd want that 
delcaration to be done in such a way to only apply to said systems, I leave 
that as an exercise for the reader, as the mechanism that is best depends 
heavily upon your own setup.

On Wednesday, May 15, 2019 at 2:45:44 PM UTC+1, Helmut Schneider wrote:
>
> Ben Ford wrote: 
>
> > To be sure, this pattern doesn't always work and you don't always have 
> > control over the full system. What's your use case that you're trying 
> > to solve? 
>
> if $operatingsystem == "Ubuntu" { 
>   if versioncmp($facts['os']['release']['full'], '18') >= 0 { 
> file { "/etc/netplan/windows-dhcp.yaml": 
>   mode=> '0644', 
>   owner   => "${rootUID}", 
>   group   => "${rootGID}", 
>   content => 
> epp("${module_name}/etc/netplan/windows-dhcp.yaml.epp"), 
> } 
>   } 
> } 
>
> I would like to check if netplan is installed before doing so. 
>
> onlyif => 'test -d /etc/netplan', 
>
> would help. Or 
>
> onlyif => 'test -n "`dpkg -l | grep netplan | grep ^ii`"', 
>
> but I thought a custom fact would be more efficient. 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/3c2b9457-e402-4474-a4aa-9d9697578b8f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet apt repository broken?

[Chris Taylor]

Hi Molly,

That's great news, thank you! (Sadly, I have a lot of inherited, crusty 
puppet code that means I'm stuck running a v3 setup until I can take 
delivery of a sufficient quantity of the round 'tuits' to re-base it all. 
Unfortunately, hexagonal ones are insufficient!)

I shall check in again the morning then.


Many thanks,
Chris

On Wednesday, May 15, 2019 at 11:34:26 PM UTC+1, Molly Waggett wrote:
>
> Hi Chris,
>
> We originally did not plan to support repositories on release-archives, 
> but due to the high demand, yes we are working to enable them as soon as 
> possible.
>
> On Wed, May 15, 2019 at 3:23 PM Chris Taylor  > wrote:
>
>> Guessing this is related to the archiving of the puppet 4 & older 
>> packages?
>>
>> I note that the yum archive still functions as a repo, but the apt one 
>> doesn't have any release files (or a dists folder), in spite of otherwise 
>> being structured appropriately.. Is this going to be fixed? (
>> release-archives.puppet.com/apt/)
>>
>> On Wednesday, May 15, 2019 at 10:06:23 PM UTC+1, Morgan Rhodes wrote:
>>>
>>> The bionic repo should be working again. Let us know if you have any 
>>> more issues.
>>>
>>> On Wed, May 15, 2019 at 1:45 PM Morgan Rhodes  wrote:
>>>
>>>> Hi Peter,
>>>>
>>>> Apologies, we've been having some repo issues today. I'm getting the 
>>>> bionic repository updated now and it should be done within the hour. I 
>>>> will 
>>>> send another update here when it completes.
>>>>
>>>> On Wed, May 15, 2019 at 1:43 PM Peter Berghold  
>>>> wrote:
>>>>
>>>>> Just this afternoon around 4PM I started noticing this happen in my 
>>>>> Docker builds that incorporate loading the Puppet agent:
>>>>> W: Skipping acquire of configured file 'puppet/binary-all/Packages' as 
>>>>> repository 'http://apt.puppetlabs.com bionic InRelease' doesn't have 
>>>>> the component 'puppet' (component misspelt in sources.list?)
>>>>> W: Skipping acquire of configured file 'puppet/binary-amd64/Packages' 
>>>>> as repository 'http://apt.puppetlabs.com bionic InRelease' doesn't 
>>>>> have the component 'puppet' (component misspelt in sources.list?)
>>>>> Reading package lists...
>>>>> Building dependency tree...
>>>>> Reading state information...
>>>>> Package puppet-agent is not available, but is referred to by another 
>>>>> package.
>>>>> This may mean that the package is missing, has been obsoleted, or
>>>>> is only available from another source
>>>>>
>>>>> E: Package 'puppet-agent' has no installation candidate
>>>>>
>>>>> same Docker build worked swimmingly earlier today and seems broken now 
>>>>> with NOTHING changing in the build (except to add NTP).  Any idea why 
>>>>> this 
>>>>> is happening and more importantly any idea when the issue will go away? 
>>>>>
>>>>>
>>>>>
>>>>> -- 
>>>>>
>>>>> Peter L. Berghold   salty@gmail.com
>>>>>
>>>>> http://devops.berghold.net
>>>>>
>>>>>
>>>>> -- 
>>>>> You received this message because you are subscribed to the Google 
>>>>> Groups "Puppet Users" group.
>>>>> To unsubscribe from this group and stop receiving emails from it, send 
>>>>> an email to puppet...@googlegroups.com.
>>>>> To view this discussion on the web visit 
>>>>> https://groups.google.com/d/msgid/puppet-users/CAArvnv0TA-u%2BxM-8wxrQ9b8FOJ9ZCn_%3DBRR2bqjaimXSZm0jGQ%40mail.gmail.com
>>>>>  
>>>>> <https://groups.google.com/d/msgid/puppet-users/CAArvnv0TA-u%2BxM-8wxrQ9b8FOJ9ZCn_%3DBRR2bqjaimXSZm0jGQ%40mail.gmail.com?utm_medium=email_source=footer>
>>>>> .
>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>
>>>>
>>>>
>>>> -- 
>>>> Morgan Rhodes
>>>> Release Engineering
>>>> mor...@puppet.com
>>>>
>>>
>>>
>>> -- 
>>> Morgan Rhodes
>>> Release Engineering
>>> mor...@puppet.com
>>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to puppet...@googlegroups.com .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/puppet-users/5eaf34fc-a524-45b2-9c94-8ba176bb8c94%40googlegroups.com
>>  
>> <https://groups.google.com/d/msgid/puppet-users/5eaf34fc-a524-45b2-9c94-8ba176bb8c94%40googlegroups.com?utm_medium=email_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
> -- 
> *Molly Waggett*
> she/her/hers
> Release Engineer @ Puppet, Inc.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5fa3bd92-2ba0-467e-8035-3ce035cd1970%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet apt repository broken?

[Chris Taylor]

Guessing this is related to the archiving of the puppet 4 & older packages?

I note that the yum archive still functions as a repo, but the apt one 
doesn't have any release files (or a dists folder), in spite of otherwise 
being structured appropriately.. Is this going to be fixed? 
(release-archives.puppet.com/apt/)

On Wednesday, May 15, 2019 at 10:06:23 PM UTC+1, Morgan Rhodes wrote:
>
> The bionic repo should be working again. Let us know if you have any more 
> issues.
>
> On Wed, May 15, 2019 at 1:45 PM Morgan Rhodes  > wrote:
>
>> Hi Peter,
>>
>> Apologies, we've been having some repo issues today. I'm getting the 
>> bionic repository updated now and it should be done within the hour. I will 
>> send another update here when it completes.
>>
>> On Wed, May 15, 2019 at 1:43 PM Peter Berghold > > wrote:
>>
>>> Just this afternoon around 4PM I started noticing this happen in my 
>>> Docker builds that incorporate loading the Puppet agent:
>>> W: Skipping acquire of configured file 'puppet/binary-all/Packages' as 
>>> repository 'http://apt.puppetlabs.com bionic InRelease' doesn't have 
>>> the component 'puppet' (component misspelt in sources.list?)
>>> W: Skipping acquire of configured file 'puppet/binary-amd64/Packages' as 
>>> repository 'http://apt.puppetlabs.com bionic InRelease' doesn't have 
>>> the component 'puppet' (component misspelt in sources.list?)
>>> Reading package lists...
>>> Building dependency tree...
>>> Reading state information...
>>> Package puppet-agent is not available, but is referred to by another 
>>> package.
>>> This may mean that the package is missing, has been obsoleted, or
>>> is only available from another source
>>>
>>> E: Package 'puppet-agent' has no installation candidate
>>>
>>> same Docker build worked swimmingly earlier today and seems broken now 
>>> with NOTHING changing in the build (except to add NTP).  Any idea why this 
>>> is happening and more importantly any idea when the issue will go away? 
>>>
>>>
>>>
>>> -- 
>>>
>>> Peter L. Berghold   salty@gmail.com 
>>> 
>>>
>>> http://devops.berghold.net
>>>
>>>
>>> -- 
>>> You received this message because you are subscribed to the Google 
>>> Groups "Puppet Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send 
>>> an email to puppet...@googlegroups.com .
>>> To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/puppet-users/CAArvnv0TA-u%2BxM-8wxrQ9b8FOJ9ZCn_%3DBRR2bqjaimXSZm0jGQ%40mail.gmail.com
>>>  
>>> 
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>
>> -- 
>> Morgan Rhodes
>> Release Engineering
>> mor...@puppet.com 
>>
>
>
> -- 
> Morgan Rhodes
> Release Engineering
> mor...@puppet.com 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5eaf34fc-a524-45b2-9c94-8ba176bb8c94%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: hiera can't find facts to read hierarchy files?

[chris]

Hi Sean,

I'm having the same issue, and I see what you said, I'm just too new to 
puppet.  Would it be possible for you (or others) to expand on how you 
fixed this (with and example)?

Chris

On Wednesday, November 29, 2017 at 11:15:49 AM UTC-6, Sean wrote:
>
> Thanks to PuppetLab's Mr. Lindberg who helped get my troubleshooting 
> focused in the right direction.
>
> Basically, I forgot to add my new parameters to the class parameter 
> definitions in the module's init.pp.
>
> DOH!
>
> On Tuesday, November 28, 2017 at 4:53:42 PM UTC-5, Sean wrote:
>>
>> Hi,
>> I'm quite confused about how I could have created this problem.  I have a 
>> module we'll call it "test" which has been using Hiera v5 module data for 
>> the last couple of releases...this works great on either puppet 4 or 5...as 
>> expected.
>>
>> Last week added a feature, which involved adding 1 new manifest file 
>> (which creates concat::fragment resources), 2 parameters to a hiera data 
>> file, and adding 2 concat file resources, each named by one of those 
>> parameters, to an existing manifest file (existing.pp below).  Fairly 
>> simple and straight forward change.  The parser passes the syntax checks 
>> for everything involved in the change.
>>
>> I have tested on both puppet 4 and 5 using a pair of centos7 vms, both 
>> produce the same result.
>>
>> # puppet apply -e "include test"
>> Warning: Unknown variable: 'test::dconf_default_config'. at 
>> /etc/puppetlabs/code/environments/production/modules/test/manifests/existing.pp:186:12
>> Error: Evaluation Error: Missing title. The title expression resulted in 
>> undef at 
>> /etc/puppetlabs/code/environments/production/modules/test/manifests/existing.pp:186:12
>>  
>> on node localhost.localdomain
>>
>> This parameter is the filename of the concat resource mentioned above.  
>> Running a puppet lookup (on either v4 or v5) produces this output for the 
>> module data section:
>>
>>   Module "test" Data Provider (hiera configuration version 5)
>> Using configuration 
>> "/etc/puppetlabs/code/environments/production/modules/test/hiera.yaml"
>> Hierarchy entry "Full Version"
>>   Path 
>> "/etc/puppetlabs/code/environments/production/modules/test/data/-.yaml"
>> Original path: "%{facts.os.name}-%{facts.os.release.full}.yaml"
>> Path not found
>> Hierarchy entry "Major Version"
>>   Path 
>> "/etc/puppetlabs/code/environments/production/modules/test/data/-.yaml"
>> Original path: "%{facts.os.name}-%{facts.os.release.major}.yaml"
>> Path not found
>> Hierarchy entry "Distribution Name"
>>   Path 
>> "/etc/puppetlabs/code/environments/production/modules/test/data/.yaml"
>> Original path: "%{facts.os.name}.yaml"
>> Path not found
>> Hierarchy entry "Operating System Family + Major Version"
>>   Path 
>> "/etc/puppetlabs/code/environments/production/modules/test/data/-.yaml"
>> Original path: 
>> "%{facts.os.family}-%{facts.os.release.major}.yaml"
>> Path not found
>> Hierarchy entry "Operating System Family"
>>   Path 
>> "/etc/puppetlabs/code/environments/production/modules/test/data/.yaml"
>> Original path: "%{facts.os.family}.yaml"
>> Path not found
>> Hierarchy entry "common"
>>   Path 
>> "/etc/puppetlabs/code/environments/production/modules/test/data/common.yaml"
>> Original path: "common.yaml"
>> No such key: "test::dconf_default_config"
>>
>>
>> See how all the Hierarchy Paths have bad file names?  This leads me to 
>> think that somehow Hiera has lost the ability to parse facts in my feature 
>> branch of this module.  If I check the master branch out for the "test" 
>> module then Hiera produces the correct datafile names.
>>
>> How can that be?
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/f97ce708-9ce8-43f4-bb92-2400cfaf9d82%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] puppet5 upgrade performance issues

[Chris Smith]

Hey,

Thanks for the follow up.

Environment caching helped a lot, compile times are down to 5-10 seconds
(from 10+ minutes).

I haven't had time to test puppet-agent-5.3 or look at converting to
hiera5 unfortunately.

On 25/01/18 04:41, Matthaus Owens wrote:
> Hey Chris,
> Just wondering if you got any further in figuring this out. I'd be
> happy to try to help debug some more if you need as well.
> 
> On Wed, Jan 10, 2018 at 10:39 PM, Chris Smith <dmag...@gmail.com> wrote:
>> On 11/01/18 09:42, Poil wrote:
>>> Hey,
>>>
>>> Are you sure that you have environment cache enabled on your Puppet5
>>> installation ? (because x10 is what we have here when we disable it)
>>
>> No, that's not enabled at the moment (it wasn't before either). I'm
>> working on setting that up, I did a test run and it helped quite a bit.
>>
>> Thanks for the suggestion.
>>
>> Cheers,
>> Chris.
>>
>> --
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/puppet-users/8b8cc991-165b-20df-dbf2-8fe9e48ecd24%40gmail.com.
>> For more options, visit https://groups.google.com/d/optout.
> 


Cheers,
Chris.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/7d385747-d480-b4e1-1701-b6445f40f042%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] puppet5 upgrade performance issues

[Chris Smith]

On 11/01/18 09:42, Poil wrote:
> Hey,
> 
> Are you sure that you have environment cache enabled on your Puppet5
> installation ? (because x10 is what we have here when we disable it)

No, that's not enabled at the moment (it wasn't before either). I'm
working on setting that up, I did a test run and it helped quite a bit.

Thanks for the suggestion.

Cheers,
Chris.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/8b8cc991-165b-20df-dbf2-8fe9e48ecd24%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] puppet5 upgrade performance issues

[Chris Smith]

On 11/01/18 08:41, Matthaus Owens wrote:
> Chris,
> 
> Good to know that PuppetDB isn't the cause here. One thing worth doing
> on your servers is moving forward to Puppet-agent 5.3.2. There was a
> performance regression in Puppet 5
> https://tickets.puppetlabs.com/browse/PUP-8009 around
> internationalization and modules (something like 30% in some cases).
> You might also need to set `disable_i18n=true` in the [master] section
> of your puppet.conf.

Nice find, thanks for that.

> To see what puppetserver is doing and how long it takes you can set
> `profile=true` in the [master] section of puppet.conf (I would
> recommend only doing this on one of your servers, as it will generate
> a lot of log output per puppet run). The profiling results will be
> logged at the info level to
> /var/log/puppetlabs/puppetserver/puppetserver.log, so you could then
> inspect the timing of different parts of the agent lifecycle.

Awesome, thanks - I'll give that a shot.

Cheers,
Chris.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/d36ae53a-3692-48f6-8f26-e64bf6fb7091%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] puppet5 upgrade performance issues

[Chris Smith]

Hi,

Thanks for your help.

On 10/01/18 06:36, Matthaus Owens wrote:
> Chris,
> To better help you, it would be great to know a few more things about
> your installation. First question: are you running puppetserver 5.0.0
> or something later in the 5.x series (and is it the same on all
> servers)? Second, what version of the puppet-agent are on those
> servers? puppetserver 5.1.3 included a fix for
> https://tickets.puppetlabs.com/browse/SERVER-1922 which should improve
> performance some.

Hm. Interesting, thanks. I'll check out what a 5.0 -> 5.1 upgrade will do.

> 
> Hiera 3 + hiera-eyaml may also be contributing to the slowness. Here
> is one ticket (related to SERVER-1922) that indicated moving to hiera
> 5 improved compile times substantially:
> https://tickets.puppetlabs.com/browse/SERVER-1919

Also interesting but as noted on the last comment, a lot of the
structure was changed so that might not all have been hiera3 -> hiera5.

> To dig into what may be causing the compiles to be slower, I would
> recommend first checking out the client metrics.
> https://puppet.com/docs/puppetserver/5.1/http_client_metrics.html has
> some details, and I would be interested in the client metrics that
> page lists under the /puppet/v3/catalog. They are PuppetDB related
> requests, and as that was also upgraded alongside puppetserver it
> would be good to eliminate PuppetDB as a contributor. PuppetDB
> slowness can show up as slow catalog compiles, which in turn will hold
> jrubies for longer and might explain some of what you are seeing.

puppetservers are all the same.

We upgraded to:
# /opt/puppetlabs/server/bin/puppetserver -v
puppetserver version: 5.0.0

puppetdb is this, it should have been 5.0 as well but I stuffed it up.
# /opt/puppetlabs/server/bin/puppetdb -v
puppetdb version: 5.1.3


agents are all:
# /opt/puppetlabs/puppet/bin/puppet --version
5.0.0


The metrics say

{
  "route-id": "puppet-v3-file_metadata-/*/",
  "count": 9373,
  "mean": 10217,
  "aggregate": 95763941
},
{
  "route-id": "puppet-v3-catalog-/*/",
  "count": 828,
  "mean": 94773,
  "aggregate": 78472044
},
{
  "route-id": "puppet-v3-node-/*/",
  "count": 831,
  "mean": 62709,
  "aggregate": 5279
},
{
  "route-id": "puppet-v3-file_metadatas-/*/",
  "count": 4714,
  "mean": 9288,
  "aggregate": 43783632
},
{
  "route-id": "puppet-v3-report-/*/",
  "count": 780,
  "mean": 3433,
  "aggregate": 2677740
},



  "http-client-metrics": [
{
  "count": 821,
  "mean": 48,
  "aggregate": 39408,
  "metric-name":
"puppetlabs.localhost.http-client.experimental.with-metric-id.puppetdb.command.replace_catalog.full-response",
  "metric-id": [
"puppetdb",
"command",
"replace_catalog"
  ]
},
{
  "count": 832,
  "mean": 25,
  "aggregate": 20800,
  "metric-name":
"puppetlabs.localhost.http-client.experimental.with-metric-id.puppetdb.command.replace_facts.full-response",
  "metric-id": [
"puppetdb",
"command",
"replace_facts"
  ]
},
{
  "count": 780,
  "mean": 19,
  "aggregate": 14820,
  "metric-name":
"puppetlabs.localhost.http-client.experimental.with-metric-id.puppetdb.command.store_report.full-response",
  "metric-id": [
"puppetdb",
"command",
"store_report"
  ]
},
{
  "count": 215,
  "mean": 43,
  "aggregate": 9245,
  "metric-name":
"puppetlabs.localhost.http-client.experimental.with-metric-id.puppetdb.facts.find.full-response",
  "metric-id": [
"puppetdb",
"facts",
"find"
  ]
}
  ]


So I think that's showing it's quick to pass it off to puppetdb when
it's storing changes.

puppetdb logs are telling me that 'replace catalog' is taking 2-3
seconds, and 'replace facts' is taking 10-20 seconds (previous puppetdb
wasn't logging the time

[Puppet Users] puppet5 upgrade performance issues

[chris smith]

Hi there,

I recently did an upgrade from puppetserver 2.7.2 to puppetserver 5.0 and 
performance has bottomed out pretty terribly. Agents and puppetdb also got 
updated. Compiling the catalog on the server used to take 10-20 seconds, 
now they are taking 90-150 seconds and agent runs are taking 30+ minutes 
(used to be a couple of minutes).

The architecture is distributed, with:
 * a central ca, running puppetserver, puppetdb, postgres 9.6
 * separate puppetservers replicated in other datacentres. These are also 
running puppetdb, pointing writes to the central ca, but reads go to a 
locally replicated database

Other servers (agents) point to the replicated puppetservers to do all of 
the work.

The puppetservers were tuned (upped jvm memory, set max-instances).

The architecture hasn't changed since the upgrade.

The puppetservers are still running hiera3 configs, they haven't been 
converted yet (it's on the list, but from what I read it wasn't a 
showstopper). We have a reasonable amount of encrypted yaml files (using 
hiera-eyaml-gpg), though this was the same as pre-upgrade and hasn't 
changed significantly.

Since the upgrade, I've tried re-tuning the jvm settings, changing 
max-instances and not having much luck at all. I found the experimental 
dashboard on the puppetservers and they show that there are no free 
jruby's, but there has to be something I'm missing that's causing that to 
happen.

I'm lost on what to look at next, is there an easy way to peak inside jruby 
to see what's taking so long?

Any suggestions would be great.

Cheers,
Chris.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/4d0dc37f-c07e-4f8c-8323-44a90d68b208%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Dynamic file content?

[Chris Denneen]

Martin, 
Obviously with templates being my first and last recommendation the Exec wasn’t 
my choice either but there are always different ways to skin a cat and not 
knowing why the OP hasn’t used them could be because they aren’t an option, I 
obviously hope not but without knowing background I was just providing options. 

Chris

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/0b417cbc-531c-4357-bd50-4f1f485fc238%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Dynamic file content?

[Chris Denneen]

Can you use an ERB template to construct the changes you require rather than 
augeas?
If not another suggestion would be 1 file resource from src to temp location, 
which only gets updated when src changes. An Exec that is refreshonly that 
copies from temp to dest (which is notified by file resource) and finally 
Augeas that updates dest file. 
The template is obviously your most efficient method using a single resource. 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/1380445c-3ffb-402d-b551-2ff789b4138e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: apt/yum.downloads.puppetlabs.com CDN & rsync deprecation

[Chris Kuehl]

Is there an alternative server we can rsync from? We've been using ftpsync 
(the recommended tool <https://www.debian.org/mirror/ftpmirror> for 
mirroring apt repositories), which worked great until this was turned off. 
ftpsync appears to be at least somewhat superior to the other options.

Thanks,
Chris

On Friday, April 21, 2017 at 1:54:36 PM UTC-7, Daniel Dreier wrote:
>
> On Wednesday we put yum.puppetlabs.com and apt.puppetlabs.com behind the 
> CloudFront CDN in order to accelerate downloads for overseas users. Both 
> repositories have historically been served from the Linode Fremont 
> datacenter, and download performance from Australia and Asia in particular 
> are dramatically faster with the CDN than without.
>
> One side effect is that we no longer support rsync. Other tools like 
> mrepo, reposync, and apt-mirror can sync to your local mirror via HTTP. 
> Since you'll be accessing cached content from a local CloudFront edge 
> location, HTTP mirroring should be very fast for most users.
>
> -- 
> Daniel Dreier
> Technical Operations Engineer
> GPG: BA4379FD
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/e7655848-f6c8-4db7-bdd0-f4d37938ffa1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] /etc/puppetlabs/puppetserver/conf.d/auth.conf : want to use wildcards in certificate_request section

[chris]

On Tuesday, 18 April 2017 17:31:22 UTC+10, Martin Alfke wrote:
>
>
> > On 18 Apr 2017, at 08:03, chris <chris...@gmail.com > 
> wrote: 
> > 
> > Hi guys, 
> > 
> > so I'm trying to restrict requests from known domains eg 
> > 
> >   
> >  { # Allow nodes to request a new certificate match-request: { path: 
> "/puppet-ca/v1/certificate_request" type: path method: [get, put] } allow: 
> [ "*.dev.XXX.com", "*.dev.YYY.com" ] sort-order: 500 name: "puppetlabs 
> csr" }, 
> > 
> Did you restart puppetserver after doing the change? 
> Absolutely :)
> > 
> > 
> > having read puppet docs on hocon style files, inc arrays, wildcards etc. 
> > 
> > However, when I try to use this, I get 
> > 
> > Client: 
> > Error: Could not request certificate: Error 403 on SERVER: Forbidden 
> request: /puppet-ca/v1/certificate_request/a.b.com (method :get). Please 
> see the server logs for details. 
> > 
> > 
> > 
> > Server: 
> > 2017-04-13 03:20:42,855 ERROR [qtp1106686223-70] [p.t.a.rules] Forbidden 
> request: 10.112.19.76 access to /puppet-ca/v1/certificate_request/a.b.com 
> (method :get) (authenticated: false) denied by rule 'puppetlabs csr'. 
> > 
> > 
> > 
> > Server version is 2.7.0 (puppet v4). 
> > 
> > Can anybody help? 
> > 
> > Thanks 
> > Chris 
> > 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups "Puppet Users" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an email to puppet-users...@googlegroups.com . 
> > To view this discussion on the web visit 
> https://groups.google.com/d/msgid/puppet-users/384ce816-ea37-45ca-aa8d-83a44f0bc732%40googlegroups.com.
>  
>
> > For more options, visit https://groups.google.com/d/optout. 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/57b4a06a-53bf-445a-afcd-e65f08b13d7a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] /etc/puppetlabs/puppetserver/conf.d/auth.conf : want to use wildcards in certificate_request section

[chris]

Hi guys,

so I'm trying to restrict requests from known domains eg

   { # Allow nodes to request a new certificate match-request: { path: 
"/puppet-ca/v1/certificate_request" type: path method: [get, put] } allow: [ 
"*.dev.XXX.com", "*.dev.YYY.com" ] sort-order: 500 name: "puppetlabs csr" },



having read puppet docs on hocon style files, inc arrays, wildcards etc.

However, when I try to use this, I get

Client:
Error: Could not request certificate: Error 403 on SERVER: Forbidden request: 
/puppet-ca/v1/certificate_request/a.b.com (method :get). Please see the server 
logs for details.



Server:
2017-04-13 03:20:42,855 ERROR [qtp1106686223-70] [p.t.a.rules] Forbidden 
request: 10.112.19.76 access to /puppet-ca/v1/certificate_request/a.b.com 
(method :get) (authenticated: false) denied by rule 'puppetlabs csr'.



Server version is 2.7.0 (puppet v4).

Can anybody help?

Thanks
Chris


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/384ce816-ea37-45ca-aa8d-83a44f0bc732%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] RHEL 7 STIG compliance using Puppet

[Chris S.]

Hello all, 

Does anyone have a good method to Adhere to the RHEL STIG or even CIS 
benchmark usign Puppet.  I'm inclined to write some of my own modules 
and/or use some from the forge to piecemeal a solution.  I was wondering is 
anyone has an Approved or Supported all encompassing solution to this 
problem. 

Thanks in advance
-cs

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/742b3c46-6232-4e5f-b718-6df08797c062%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: puppet 8140 port is not listening

[Chris Lamontagne]

Thanks a bunch for this post Jason as this was exactly my problem!  I'm 
surprised how much digging I had to do to get to this solution finally.

On Tuesday, 19 July 2016 14:27:02 UTC-4, Jason Hatman wrote:
>
> Hello.  I had this issue as well.  My VM only has 2GB of RAM total and 
> puppetserver was configured to use the same, 2GB.  That's why it failed. 
> The puppetserver service never was starting. I edited 
> /etc/default/puppetserver to only allow puppet server to use 1GB and then 
> the service started sucessfully. Change -Xms1G and -Xmx1G to reflect how 
> many GB of RAM you want to allocate. (i.e. -Xms2G or -Xms4G)
>
> JAVA_ARGS="-Xms1G -Xmx1G -XX:MaxPermSize=256m"
>
>
> Afterwards run sudo service puppetserver restart and see if it loads.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/e50d3466-5ca6-4a99-824c-78454ccd31a3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Could not find resource, but it's there.

[Chris]

On 11/01/17 06:26, Arpin Dominique (Nter) wrote:
> Because you don’t use the right name…
> 

I was using the alias name, which should also work.

The bug report explains things.

Cheers,
-- 
Postgresql & php tutorials
http://www.designmagick.com/

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/e228c251-c470-5ec4-9d2c-4dd2764d01f6%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Could not find resource, but it's there.

[Chris]

On 11/01/17 06:20, Josh Cooper wrote:
> 
> The reference File['abc'] does not succeed because 'abc' is an
> alias, and not the title - I believe there is a ticket about that
> already logged.
> 
> 
> Filed as https://tickets.puppetlabs.com/browse/PUP-6984

Ah, awesome - thanks!

-- 
Postgresql & php tutorials
http://www.designmagick.com/

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/dcd05b88-83e8-2a32-3d16-110d6379f750%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Could not find resource, but it's there.

[chris smith]

Hi,

This seems like a pretty simple thing but I can't figure out why this is 
throwing a warning.

I'm using puppet 4.8.1 installed from the puppetlabs-pc1 on scientific 
linux 6.

# puppet -V
4.8.1
# rpm -q puppet-agent
puppet-agent-1.8.2-1.el6.x86_64


My file is as simple as I can make it:

file {'/test':
ensure => directory,
alias => 'abc',
}

file {'/test/2':
ensure => directory,
require => File['abc'],
}


When I run it, it complains:

# puppet apply test.pp 
Warning: Could not find resource 'File[abc]' in parameter 'require'
   (at /root/test.pp:8)
Notice: Compiled catalog for sl-x86-64.local in environment production in 
0.10 seconds
Notice: /Stage[main]/Main/File[/test]/ensure: created
Notice: /Stage[main]/Main/File[/test/2]/ensure: created
Notice: Applied catalog in 0.04 seconds

Though it seems to apply the resources in the correct order (I haven't had 
it fail trying to create /test/2 before /test).

Any info or ideas would be great.

Cheers,
Chris.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/8d182964-4a26-4be2-8db1-3725164f7e6b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Changes to module not picked up by agent

[Chris Price]

Can you check the value of 'environment_timeout' in your puppet.conf and/or 
environment.conf files?  If that is set to anything other than zero, this 
might be expected behavior.  There is an HTTP API that you can use to clear 
the environment cache if you need to:

https://docs.puppet.com/puppetserver/latest/admin-api/v1/environment-cache.html


On Thursday, August 18, 2016 at 10:51:05 AM UTC-7, mike r wrote:
>
> restarted pe-puppetserver seems to clear cache on master, and the node got 
> the updated version. But if I make any other changes to my modules, node 
> isnt getting the updated catalog, its using cached version again.
>
>
> Master running on Ubuntu 14.04  puppet 4.5.2
> node running on centos7 puppet 4.5.2
>
>
>
>
> On Thursday, August 18, 2016 at 12:32:12 PM UTC-4, mike r wrote:
>>
>> Im trying to run an Nginx module, my install.pp has the following line
>>
>>
>>
>> $agent_version = $::puppetversion
>>   
>> #  if $agent_version < 3.8 {
>> #fail(" Node ${::fqdn} has a Puppet agent version: 
>> ${agent_version} which is not compatible with this module. Need to have 
>> minimum Puppet agent 3.8 -")
>>  # }
>>  
>> the IF statement is commented out, yet when I run agent on target, it 
>> looks like its cached the old version of the manifest, it still tries to do 
>> the IF statement
>>
>> [root@centos7node state]# puppet agent -t
>> Info: Using configured environment 'production'
>> Info: Retrieving pluginfacts
>> Info: Retrieving plugin
>> Info: Loading facts
>> Error: Could not retrieve catalog from remote server: Error 400 on 
>> SERVER: Evaluation Error: Error while evaluating a Resource Statement, 
>> Evaluation Error: *Error while evaluating a Function Call,  Node 
>> centos7node has a Puppet agent version: 4.5.2 which is not compatible with 
>> this module. Need to have minimum Puppet agent 3.8 - at 
>> /etc/puppetlabs/code/environments/production/modules/nginx/manifests/install.pp:18:3
>>  
>> on node centos7node*
>> Warning: Not using cache on failed catalog
>> Error: Could not retrieve catalog; skipping run
>>
>>
>>
>> Not sure where the caching is occuring, on Master or Agent, Im guessing 
>> on master. Any way to clear the cache on both ends? Didnt see anything in 
>> docs. 
>>
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/e71f414c-117f-4df0-b512-f47ae5349bc5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] [ANN] Puppet Server 2.5.0 is available

[Chris Price]

Hi!  We’re happy to announce the new 2.5.0 release of Puppet Server.  This
is a backward compatible feature release that also contains a few bug
fixes.  Highlights include:


   -

   New workflows for certificate signing and authentication, based on
   improved support for X.509 authorization extensions
   -

   A more flexible layout for managing the bootstrapping of the services
   required to run the server, to provide a better upgrade UX in future
   releases (*please see the NOTE below*, especially if you are managing
   your bootstrap.cfg file and/or have disabled the CA service on any of your
   servers)
   -

   Bug fixes related to errant warning messages when running `puppetserver
   gem`, and empty PID files upon installation on EL6


Release notes with more info on all of the above can be found here:

https://docs.puppet.com/puppetserver/latest/release_notes.html#puppet-server-25

NOTE: If you plan to upgrade from a previous version of Puppet Server, and
if you are managing your `bootstrap.cfg` file via Puppet module or other
means (e.g. to disable the CA service on compile masters), please read
the release
notes

and the detailed notes on bootstrap upgrades
prior
to upgrading.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAMx1Qf%2BhAaMHU0HpS%3DeBmufiuNa4ktZNPtyBMcyROXhTZu9igQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] how to chmod files within directory . . . .

[Chris Tomlin]

. . . . . with one type of permissions and within that same directory, 
chmod subdirectories with different permissions.

I've tried to do this with find -type exec {} but it doesn't seem to work. 
 And I'm new to puppet so if you could show some code, i'd appreciate it.

thanks,
Chris

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/85670ce6-9f14-4687-b4bb-68b4424d4668%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Hiera lookup fail : doesan't find json file

[chris]

On Thursday, 23 June 2016 11:06:54 UTC+10, chris wrote:

So as you can see from above, it prefixes each keyname with the dir and 
appends '.json', as it should BUT only if keyname/data src has a numeric 
digit in it! Is this a bug in puppet??
Or am I missing something?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/d2c42889-29a2-47f4-9dcd-b4d14917b611%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Hiera lookup fail : doesan't find json file

[chris]

So, here's a bit more of the debug o/op:

Debug: Performing a hiera indirector lookup of icinga_servers with options 
{:variables=>Scope(Class[main]), 
:merge=>#>, 
@value_type=#]>>>]>, @options={}>}
Debug: hiera(): Looking up icinga_servers in JSON backend
Debug: hiera(): Looking for data source puppet4test101.ops.sac
Debug: hiera(): Cannot find datafile 
/etc/puppetlabs/code/environments/prod/hieradata/puppet4test101.ops.sac.json, 
skipping
Debug: hiera(): Looking for data source puppet4test.ops.sac
Debug: hiera(): Cannot find datafile 
/etc/puppetlabs/code/environments/prod/hieradata/puppet4test.ops.sac.json, 
skipping
Debug: hiera(): Looking for data source puppet4test.ops
Debug: hiera(): Cannot find datafile 
/etc/puppetlabs/code/environments/prod/hieradata/puppet4test.ops.json, 
skipping
Debug: hiera(): Looking for data source ops.sac
Debug: hiera(): Looking for data source ops
Debug: hiera(): Looking for data source sac

and according to facter -p on node nt_location is sac (as expected).
Also, the file /etc/puppetlabs/code/environments/prod/hieradata/sac.json 
definitely exists.
Its odd that it doesn't throw an error, it just doesn't find it.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/9a2da315-7510-4276-af61-dbc90731ef5b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Hiera lookup fail : doesan't find json file

[chris]

Dang; wanted to add to my last.. 

Anyway, ran 'facter -p' on the node and those values are filled correctly. 
How can I check what the master sees when the node checks in?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/50133ef6-a2f0-4c3b-90ec-4580f839b423%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Hiera lookup fail : doesan't find json file

[chris]

Yes, nt_location is 'sac', so sac.json as mentioned.
Not sure how to check the 'value' of that var... %{nt_location}. This is a 
bit new to me.
Should have mentioned its copied from a working(!) 3.2 master; want to 
'upgrade' with minimal changes.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/6f19dfea-6c0f-454a-a687-26f7dea12c56%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Hiera lookup fail : doesan't find json file

[chris]

Given this /etc/puppetlabs/code/hiera.yaml


---
:backends: 
  - json
:hierarchy: 
  - "%{hostname}.%{nt_environment}.%{nt_location}"
  - "%{nt_type}.%{nt_environment}.%{nt_location}"
  - "%{nt_type}.%{nt_environment}"
  - "%{nt_environment}.%{nt_location}"
  - "%{nt_environment}"
  - "%{nt_location}"
  - world
  - default
:logger: console # debug
:json:
:datadir: '/etc/puppetlabs/code/environments/%{::environment}/hieradata' # 
this is the default anyway

and there exists /etc/puppetlabs/code/environments/prod/hieradata/sac.json, 
this cmd


puppet lookup --debug icinga_servers --environment prod


produces


Debug: hiera(): Looking for data source puppetmaster.opsDebug: hiera(): Looking 
for data source ops.sacDebug: hiera(): Looking for data source opsDebug: 
hiera(): Looking for data source sacDebug: hiera(): Looking for data source 
worldDebug: hiera(): Looking for data source default

(& lots more of course).


Why can't it find the 
/etc/puppetlabs/code/environments/prod/hieradata/sac.json file which 
contains the key I'm looking for ? 
(Puppet server 2.4)


Thanks

Chris

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/e0ef704c-34c3-4f0c-8649-76c3941f4ed1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Code coverage for puppet resources

[Chris Denneen]

Looks like there are few issues open like these:

https://github.com/rodjek/rspec-puppet/issues/285

https://github.com/rodjek/rspec-puppet/issues/158

If anyone knows a way in Rakefile to exclude from coverage I'd be greatful. 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/0498fd9f-abec-44de-aaac-e7d2076730dd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Code coverage for puppet resources

[Chris Denneen]

Well for example if i use your puppet-module-skeleton... create a module 
that uses the rspec-puppet-facts for centos 5,6,7.
include ::selinux (jfryman/selinux)
in coverage report it shows the following missing:

 Package[policycoreutils-devel]

 Package[policycoreutils-python]

 Package[policycoreutils]


first is for 7, second for 6, and third for 5 major releases.

While I can test for these in my _spec test I'd rather only be testing that 
class_selinux is included and any parameters I might be using against it. 
or maybe even the selinux::module or selinux::boolean resources that I 
might be setting... 


should hopefully be a pretty simple test to reproduce but it's definitely 
not excluding those resources if that's what that merge was intended for.



On Friday, June 17, 2016 at 11:37:40 AM UTC-4, garethr wrote:
>
> On 17 June 2016 at 15:24, Chris Denneen <cden...@gmail.com > 
> wrote: 
> > Gareth, 
> > 
> > I know this thread is old but do you have a way in the Rakefile to 
> exclude 
> > the dependent modules? 
> > For example dependent modules that include different package resources 
> based 
> > on OSfamily and version are something that module controls and tests I 
> just 
> > need to make sure that the module is included in my catalog and any 
> defined 
> > types used in my module get tested. (dependentmodule::resource['foo']) 
> > I've seen some other posts hacking rspec coverage.rb which probably 
> isn't 
> > good (https://github.com/rodjek/rspec-puppet/issues/364). 
> > I've noticed the filtered?(resource) in rspec-puppet just documented of 
> how 
> > to implement. 
> > Hopefully you can help here. 
> > 
>
> I _think_ the coverage support now does this by default? 
>
> Anything from fixtures should now be ignored. 
> https://github.com/rodjek/rspec-puppet/pull/258 
>
> Other folks have made a whole bunch of improvements to the coverage 
> support in rspec-puppet since I added it. 
>
> Gareth 
>
> > Thanks 
> > 
> > On Friday, February 7, 2014 at 5:54:06 AM UTC-5, garethr wrote: 
> >> 
> >> On 7 February 2014 02:51, gh <g...@garretthoneycutt.com> wrote: 
> >> > On 1/26/14 7:50 AM, Gareth Rushgrove wrote: 
> >> >> For anyone else who likes writing tests for their puppet manifests, 
> >> >> I've just added basic code coverage to rspec-puppet: 
> >> >> 
> >> >> A blog post here about how to use it: 
> >> >> 
> >> >> 
> >> >> 
> http://www.morethanseven.net/2014/01/25/code-coverage-for-puppet-modules/ 
> >> >> 
> >> >> I'd be interested in any feedback on how to improve or add to this. 
> >> >> 
> >> >> Cheers 
> >> >> 
> >> >> Gareth 
> >> >> 
> >> > 
> >> > Gareth, 
> >> > 
> >> > Great blog post. I tried this on a module with 100% coverage and 
> notice 
> >> > that it reports back 50% coverage. After some poking around, found 
> that 
> >> > it is checking code in spec/fixtures/, the stdlib module actually. 
> There 
> >> > seems to be an open issue[1] regarding the inability to exclude 
> things. 
> >> > Curious if you found a work around for testing your code and not the 
> >> > modules pulled in from .fixtures.yml. 
> >> > 
> >> 
> >> Currently the rspec-puppet coverage stuff does check coverage across 
> >> all resources, including those from dependent modules. For example 
> >> this module depends on the puppetlabs/apt module - 
> >> https://travis-ci.org/garethr/garethr-nginx/jobs/18133670#L113 
> >> 
> >> I purposefully didn't add too much configuration to the first pass of 
> >> the code, but it would be simple to add some options to ignore 
> >> specific modules (I think). I thought I'd wait to see if anyone found 
> >> it useful first. 
> >> 
> >> Gareth 
> >> 
> >> > [1] - https://github.com/lemurheavy/coveralls-public/issues/184 
> >> > 
> >> > BR, 
> >> > -g 
> >> > 
> >> > -- 
> >> > You received this message because you are subscribed to the Google 
> >> > Groups "Puppet Users" group. 
> >> > To unsubscribe from this group and stop receiving emails from it, 
> send 
> >> > an email to puppet-users...@googlegroups.com. 
> >> > To view this discussion on the web visit 
> >> > 
> https://groups.google.com/d/msgid/puppet-users/52F44A2E.3070903%40garrettho

Re: [Puppet Users] Code coverage for puppet resources

[Chris Denneen]

Gareth,

I know this thread is old but do you have a way in the Rakefile to exclude 
the dependent modules?
For example dependent modules that include different package resources 
based on OSfamily and version are something that module controls and tests 
I just need to make sure that the module is included in my catalog and any 
defined types used in my module get tested. 
(dependentmodule::resource['foo'])
I've seen some other posts hacking rspec coverage.rb which probably isn't 
good (https://github.com/rodjek/rspec-puppet/issues/364).
I've noticed the filtered?(resource) in rspec-puppet just documented of how 
to implement.
Hopefully you can help here.

Thanks

On Friday, February 7, 2014 at 5:54:06 AM UTC-5, garethr wrote:
>
> On 7 February 2014 02:51, gh  
> wrote: 
> > On 1/26/14 7:50 AM, Gareth Rushgrove wrote: 
> >> For anyone else who likes writing tests for their puppet manifests, 
> >> I've just added basic code coverage to rspec-puppet: 
> >> 
> >> A blog post here about how to use it: 
> >> 
> >> 
> http://www.morethanseven.net/2014/01/25/code-coverage-for-puppet-modules/ 
> >> 
> >> I'd be interested in any feedback on how to improve or add to this. 
> >> 
> >> Cheers 
> >> 
> >> Gareth 
> >> 
> > 
> > Gareth, 
> > 
> > Great blog post. I tried this on a module with 100% coverage and notice 
> > that it reports back 50% coverage. After some poking around, found that 
> > it is checking code in spec/fixtures/, the stdlib module actually. There 
> > seems to be an open issue[1] regarding the inability to exclude things. 
> > Curious if you found a work around for testing your code and not the 
> > modules pulled in from .fixtures.yml. 
> > 
>
> Currently the rspec-puppet coverage stuff does check coverage across 
> all resources, including those from dependent modules. For example 
> this module depends on the puppetlabs/apt module - 
> https://travis-ci.org/garethr/garethr-nginx/jobs/18133670#L113 
>
> I purposefully didn't add too much configuration to the first pass of 
> the code, but it would be simple to add some options to ignore 
> specific modules (I think). I thought I'd wait to see if anyone found 
> it useful first. 
>
> Gareth 
>
> > [1] - https://github.com/lemurheavy/coveralls-public/issues/184 
> > 
> > BR, 
> > -g 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups "Puppet Users" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an email to puppet-users...@googlegroups.com . 
> > To view this discussion on the web visit 
> https://groups.google.com/d/msgid/puppet-users/52F44A2E.3070903%40garretthoneycutt.com.
>  
>
> > For more options, visit https://groups.google.com/groups/opt_out. 
>
>
>
> -- 
> Gareth Rushgrove 
> @garethr 
>
> devopsweekly.com 
> morethanseven.net 
> garethrushgrove.com 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/2d63d692-f837-42da-a44e-c5b73dbfa015%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Additional Puppet Server Failure

[Chris Price]

On Monday, February 22, 2016 at 5:01:20 PM UTC-8, Matthew Ceroni wrote:
>
> I have the following setup.
>
> 1) Existing PuppetServer version 1.1.3 
>
> 2) New PuppetServer version 1.1.3 installation (new DC)
>
> I followed the following documentation on setting up multiple Puppet 
> Masters 
>
>
> https://docs.puppetlabs.com/guides/scaling_multiple_masters.html#option-1-direct-agent-nodes-to-the-ca-master
>
> Essentially I pre-generated the SSL certificate for the new puppet server 
> from the existing puppet server, instead of letting the puppet server 
> generate it on startup. 
>
> A new node checks in and contacts server 1 (pre-existing Puppet server) 
> for CA functions (configured via ca_server in puppet.conf). Certificate 
> generates and node caches it. However, the puppet run (which runs against 
> the new puppet server) generates the following error:
>
> Warning: Unable to fetch my node definition, but the agent run will 
> continue:
>
>  
>
> Warning: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read finished 
> A 
>
> Info: Retrieving pluginfacts 
>
> Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional 
> resources using 'eval_generate': SSL_connect SYSCALL returned=5 errno=0 
> state=SSLv3 read finished A 
>
> Error: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not 
> retrieve file metadata for puppet://aws-puppet-01.xx.com/pluginfacts: 
> SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read finished A 
>
> Info: Retrieving plugin 
>
> Error: /File[/var/lib/puppet/lib]: Failed to generate additional 
> resources using 'eval_generate': SSL_connect SYSCALL returned=5 errno=0 
> state=SSLv3 read finished A 
>
> Error: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve 
> file metadata for puppet://aws-puppet-01.xx.com/plugins: SSL_connect 
> SYSCALL returned=5 errno=0 state=SSLv3 read finished A 
>
> Info: Loading facts 
>
> Error: Could not retrieve catalog from remote server: SSL_connect SYSCALL 
> returned=5 errno=0 state=SSLv3 read finished A 
>
> Notice: Using cached catalog 
>
> Error: Could not retrieve catalog; skipping run 
>
> Error: Could not send report: SSL_connect SYSCALL returned=5 errno=0 state
> =SSLv3 read finished A
>
>
> If I point the node at the other puppet server it runs fine. 
>
>
> I have verified that the certificate being used on the new puppet server 
> is in fact signed by the same CA that generates the node certificate and 
> the certificate used on the pre-existing puppet server. I can also connect 
> to the new Puppet server via OpenSSL and issue a simple HTTP GET command 
> (don't know a valid get request so end up with a 404 response, but it shows 
> the certificate is setup correctly).
>

Are you using the agent's certs/key when you make this connection via 
openssl?  Can you include the syntax of the command you're running for 
this?  Have you tried with curl?  e.g.

curl --cacert $ssldir/certs/ca.pem --cert $ssldir/certs/agent-node.pem 
--key $ssldir/private_keys/agent-node.pem 
https://new-puppet-master:8140/production/nodes/agent-node

Also, are there any log messages in the puppetserver.log file?  If not, 
perhaps try editing the 'logback.xml' config file and changing the log 
level from info/warn to 'debug', and then see if any log messages appear?

My best guess at the moment is that either:
* the new puppet server's cert is not signed by the same CA, or,
* the certname of the puppet server cert does not match the hostname that 
the agent is using to try to connect to it
 

>
> Also, I have disabled CA services on the second puppetserver as it is not 
> providing CA capabilities. 
>

How did you go about doing this?
 

>
> As a test I removed the SSL certificates and started up Puppetserver fresh 
> on the new server, that way it generated the CA certificates, etc.
>

If the new puppet server instance is generating its own CA cert, then its 
CA is not disabled, and its CA cert will not be compatible with the CA cert 
from the original puppet server.  The steps I'd recommend:

1. shut down puppet server on the new puppet server host
2. make sure that its CA is disabled ( 
https://docs.puppetlabs.com/puppetserver/latest/external_ca_configuration.html#disabling-the-internal-puppet-ca-service
 
)
3. set up the puppet agent on the new puppet server host; configure it to 
connect to the old puppet server as its master
4. do an agent run on the new puppet server host; this will cause it to 
request a cert from the old puppet server CA
5. once you've signed that cert and are able to complete your agent runs 
successfully on the new puppet server host, it should have valid certs in 
place
6. start puppet server back up on the new puppet server host; it should 
find the certs that were generated by the agent and use them
7. now try running an agent on a different host, pointed at your new puppet 
server.

 

> A node then successfully checks in, gets a certificate and can apply a 
> manifest. This 

[Puppet Users] Re: Puppet Server Crashing often

[Chris Price]

On Wednesday, December 16, 2015 at 4:26:26 AM UTC-8, Makrand Sanap wrote:
>
> Hi All,
>
> I am doing POC for puppet enterprise. Master is on CentOS 6.4 VM with 2GB 
> ram. Puppet server is going down on its own. 
>
> [root@mss-pup-mst2 ~]# /etc/init.d/pe-puppetserver status
>> pe-puppetserver dead but pid file exists
>>
>
>
> I can start it without any issues, but it stays for like 30-60 Mins up. 
> then It goes down again.
>
> Logs are not hinting anything, but for one of shutdown, I found following 
> lines. Surprisingly they appeared for only one shutdown incident. Not for 
> others
>
> 2015-12-13 04:38:21,100 INFO  [p.t.internal] Shutting down due to JVM 
>> shutdown hook.
>> 2015-12-13 04:38:21,363 INFO  [p.t.internal] Beginning shutdown sequence
>> 2015-12-13 04:38:21,640 INFO  [p.e.s.j.pe-jruby-metrics-service] PE JRuby 
>> Metrics Service: stopping metrics sampler job
>> 2015-12-13 04:38:21,990 INFO  [p.e.s.j.pe-jruby-metrics-service] PE JRuby 
>> Metrics Service: stopped metrics sampler job
>> 2015-12-13 04:38:22,724 INFO  [p.t.s.w.jetty9-service] Shutting down web 
>> server(s).
>> 2015-12-13 04:38:22,808 INFO  [p.t.s.w.jetty9-core] Shutting down web 
>> server.
>> 2015-12-13 04:38:23,243 INFO  [o.e.j.s.ServerConnector] Stopped 
>> ServerConnector@4369ad74{SSL-HTTP/1.1}{0.0.0.0:8140}
>> 2015-12-13 04:38:23,262 INFO  [o.e.j.s.h.ContextHandler] Stopped 
>> o.e.j.s.h.ContextHandler@3749adc6{/status,null,UNAVAILABLE}
>>
>
This is very unusual, I would not expect for you to see the message "Shutting 
down due to JVM shutdown hook" unless something on your system sent a 
signal to the service to stop or restart.

I presume you have a Puppet agent running on the same node; can you check 
its report and see if it shows anything about it trying to restart Puppet 
Server?  Or maybe try disabling the agent (`service puppet stop`) for a 
period of time and see if the weird behavior of the server only occurs when 
the agent is running?

 

>
>
> After bit of googling, I found following
>
>
> https://github.com/puppetlabs/puppet-server/blob/master/documentation/install_from_packages.markdown#memory-allocation
>
> Thing is, I am not able to find  init file under 
> /etc/sysconfig/puppetserver
> to ask Puppetserver to use less RAM than 2GB. (This proabably seems reason 
> for this)
>
> Do anyone know, where I can set the RAM usage for puppetserver (PE 
> 2015.2.3)?
>
> -- 
> Best,
> Makrand
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/59958791-b989-484e-add0-09d7298eb328%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Daemonized puppet on Windows and splay

[Chris Spence]

We are running puppet (3.7.x) on Windows daemonized.  We recently turned on 
splay because reasons.  After having done so the interval between daemonised 
runs, counter to expectation, has become randomised (though we get an 
averageish run interval of 30 minutes (30.5 recurring)).  The linuxes here have 
identical config and their runs are as regular as a muesli eating vegetarian.  
Here are some report times and approximate delta of a representative Windows 
2012:

Oct 21 2015 - 16:03:27 (14)
Oct 21 2015 - 15:49:10 (28)
Oct 21 2015 - 15:21:14 (33)
Oct 21 2015 - 14:48:23 (32)
Oct 21 2015 - 14:16:47 (23)
Oct 21 2015 - 13:53:35 (36)
Oct 21 2015 - 13:17:57 (27)
Oct 21 2015 - 12:54:02 (29)
Oct 21 2015 - 12:25:20 (53)
Oct 21 2015 - 11:31:48

Before I raise this as a bug, has anyone else seen this happening?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/fc651143-df27-4bed-948e-6b593f21e465%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] invoke modules from puppetforge from hiera yamls?

[Chris Jefferies]

At my office we use puppet hiera. The general approach has been to use key 
value pairs in the yaml files as the source for variables in the modules 
which are defined with snippets that look like this:

hiera('some_hiera_variable', 'www.google.com')

The main puppet init.pp is a small piece of config pointing to hiera 
backend. All the hosts/nodes are defined in role based YAMLs and invoke 
various modules with their associated configs and service modules. After 
that there is a list of key value pairs that are used in the modules with 
the hiera() function.

So when I download modules from sourceforge I note that none I've looked at 
so far refer to hiera or have variables like the above example.

Is there a way to reference a module's parameters from the hiera and if so, 
what's the basic approach? For instance, if the module documentation from 
puppetforge shows blocks like these (which would be defined in a site.pp):

class {'::icinga':
  dbtype => 'mysql',
  dbhost => 'localhost',
  dbuser => 'icinga',
  dbpasswd   => 'icinga',
  dbname => 'icinga',
  }


icinga::classicui::user {'username':
  passwd => 'HashPa22worD',
}

class{'::icinga':
  initdb   => true,
  with_classicui   => true,
  enabled_features => ['statusdata', 'compatlog', 'command'],
}


class { 'apache':
default_vhost => false,
}

...how does one translate these into hiera definitions? Perhaps there is a 
tutorial on this subject?

I am reticent to start seeding the module code with hiera() variables 
because it seems I'll end up with custom code and unable to retrieve module 
updates that would overwrite my changes.

Sorry to be such a noob on the subject but any tips would be appreciated.

Thanks, Chris.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/002b3a69-9f89-4bd6-96de-e9b4b373038c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Puppetserver 2 API requests returning 403 from curl, but agent/CLI works fine (puppet 4.2.1)

[Chris Cowley]

When I run


 /opt/puppetlabs/bin/puppet node find 

I get the expected wall of JSON and agents work fine too.

However, I would like to set up monitoring. When I run:

curl --cert /etc/puppetlabs/puppet/ssl/certs/mymachine.pem \
 --key /etc/puppetlabs/puppet/ssl/private_keys/mymachine.pem \
 --cacert /etc/puppetlabs/puppet/ssl/ca/ca_crt.pem \
 -H 'Accept: pson' \
 
https://:8140/puppet/v3/catalog/?environment=production

the server returns Error 403: Forbidden

Is there something in auth.conf to add to enable acces to API outside of 
CLI?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/ebdac597-b4c4-4677-ba7a-ab74da9092dd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Puppet Server dying with high number of JRuby instances

[Chris Price]

Stefan,

That is a very weird error.  The way it reads it sounds like something that 
should happen on every JRuby instance or on none of them 
(NoClassDefFoundError usually means it's trying to load some code that 
doesn't exist), so I wouldn't expect you to see a difference in behavior 
between 16 instances and 32 instances.

It might be best if you open a bug about this on our issue tracker: 
https://tickets.puppetlabs.com/browse/SERVER , so that we can get some 
other folks to weigh in on it... would you mind doing that?

On Tuesday, August 25, 2015 at 12:05:54 PM UTC+1, Dietrich, Stefan wrote:

 Hello, 

 we tried to today to migrate our Puppet Masters from Apache/Passenger to 
 Puppet Server 1.1.1. 
 However, Puppet Server just dies with error messages as soon as we 
 increase the number of JRuby instances to 24 and a JVM heapsize of  16GB. 

 During startup of Puppet Server, it starts to spawn the JRuby instances 
 one after another and around ~8 instances an exception is logged: 
 2015-08-25 10:25:05,676 INFO  [puppet-server] Puppet Puppet settings 
 initialized; run mode: master 
 2015-08-25 10:25:06,254 INFO  [p.s.j.jruby-puppet-agents] Finished 
 creating JRubyPuppet instance 7 of 32 
 2015-08-25 10:25:08,567 ERROR [p.t.internal] shutdown-on-error triggered 
 because of exception! 
 java.lang.IllegalStateException: There was a problem adding a JRubyPuppet 
 instance to the pool. 
 Caused by: org.jruby.embed.EvalFailedException: (LoadError) load error: 
 jopenssl/load -- java.lang.NoClassDefFoundError: 
 org/jruby/ext/openssl/NetscapeSPKI 
 at 
 org.jruby.embed.internal.EmbedEvalUnitImpl.run(EmbedEvalUnitImpl.java:132) 
 ~[puppet-server-release.jar:na] 
 at 
 org.jruby.embed.ScriptingContainer.runUnit(ScriptingContainer.java:1341) 
 ~[puppet-server-release.jar:na] 

 The full log file is available in this Gist [1]. 
 The log file is from the initial setup with max-active-instances set to 32 
 and a JVM heap size of 48gb. 
 We had a working setup with 16GB Heap and 16 instances. Sometimes 24 
 worked as well, but not always. 
 However, 16 instances will be too small to handle all the Puppet agents. 
 Increasing the timeout in /etc/sysconfig/puppetserver did not help either. 

 We use rather beefy HW for our 3x Puppet Masters (2x Dell R715, 1x R815), 
 for Apache/Passenger this scaled nicely. 

 The OS on the Puppet Masters is Scientific Linux 6.6 (RHEL 6.6 clone) and 
 OpenJDK 8 is used. 
 We tried the Oracle JRE as well, but this did not change anything. 
 HTTPS is terminated at our F5 Loadbalancer, which forwards the traffic 
 unencrypted to Puppet Server. 

 Any help would be appreciated! 

 [1] https://gist.github.com/stdietrich/5a5b8f9b1dc2445c3ec7 

 Regards, 
 Stefan 

 -- 
  
 Stefan DietrichDeutsches Elektronen-Synchrotron (IT-Systems) 
 Ein Forschungszentrum der Helmholtz-Gemeinschaft 
 Notkestr. 85 
 phone:  +49-40-8998-4696   22607 Hamburg 
 e-mail: stefan@desy.de javascript: 
  Germany 
  


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/f38505c9-8793-45d4-bee0-1aa0f45bdf94%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Check code quality with SonarQube

[Chris Bowles]

Thanks, David.  Have never checked out SonarQube, but I like the idea of a 
Puppet code quality tool.

~ Chris

On Wednesday, August 19, 2015 at 1:13:11 AM UTC-5, David Racodon wrote:

 Hi,

 Iain and I developed a SonarQube http://www.sonarqube.org/ plugin to 
 check code quality of Puppet modules. This first version comes with over 40 
 rules spanning from potential bugs to coding style guidelines. It fully 
 benefits from all the nice features coming with SonarQube 
 http://nemo.sonarqube.org/: efficient web interface to browse issues 
 and metrics, ability to focus your effort on new code (added or modified) 
 only, computation of technical debt and a lot more.

 It is fully open source and free. So, feel free to give it a try. The 
 release is available at: 
 https://github.com/iwarapter/sonar-puppet/releases/tag/1.0. To get 
 started with SonarQube, see 
 http://docs.sonarqube.org/display/SONAR/Documentation.

 Any feedback is more than welcome!

 Meanwhile, we'll keep adding new features.

 Enjoy!

 Iain Adams and David Racodon

 David RACODON
 Freelance QA Consultant
 LinkedIn https://ch.linkedin.com/pub/david-racodon/11/62/283 | Twitter 
 https://twitter.com/davidracodon


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/66186961-f42c-4e28-9f42-10317029e4eb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Top scope variables and hiera

[Chris Spence]

The other option is to use anchors and references in the YAML to reduce the 
duplication. 

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/59a50aed-de52-42b4-82f6-029eb36df4e2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Augeas: Skipping because no files were changed

[Chris Lee]

Thanks Ian,

I had tried with and without the context, also tried with set and setm, 
tried to include the values first... but nothing worked.

I was about to go insane and through to remove the trailing slash in the 
changes... 

augeas { 'grub.conf/8250_LAR':
incl = '/etc/grub.conf',
lens= 'Grub.lns',
changes = [
'set title[1]/kernel/8250.nr_uarts 4',
'set title[1]/kernel/8250_core.nr_uarts 4',
],
}
 and now it works, with and without the context.. but I'll put it back in 
anyway just in case.

Thanks!

Chris


On Wednesday, 8 July 2015 05:23:59 UTC+2, ianm wrote:



 Actually in this case it needs: 

context = '/files/boot/grub/grub.conf', 

 or: 

context = '/files/etc/grub.conf', 
incl = '/etc/grub.conf', 


 -- 
 Ian 


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/789e685d-04b9-4918-b044-34e6f96e9b7d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Augeas: Skipping because no files were changed

[Chris Lee]

I am trying to add two new options to grub.conf using augeas.
The code is as follows:

augeas { 'grub.conf/8250_LAR':
tag = chris1,
incl= '/boot/grub/grub.conf',
lens= 'Grub.lns',
changes = [
'set /title[1]/kernel/8250.nr_uarts 8',
'set /title[1]/kernel/8250_core.nr_uarts 8',
],
}


However nothing is added to /etc/grub.conf at all, and the puppet run 
completes as follows with debug.

Debug: Augeas[grub.conf/8250_LAR](provider=augeas): Augeas version 1.0.0 is 
installed
Debug: Augeas[grub.conf/8250_LAR](provider=augeas): Will attempt to save and 
only run if files changed
Debug: Augeas[grub.conf/8250_LAR](provider=augeas): sending command 'set' 
with params [/title[*]/kernel/8250.nr_uarts, 8]
Debug: Augeas[grub.conf/8250_LAR](provider=augeas): sending command 'set' 
with params [/title[*]/kernel/8250_core.nr_uarts, 8]
Debug: Augeas[grub.conf/8250_LAR](provider=augeas): Skipping because no 
files were changed
Debug: Augeas[grub.conf/8250_LAR](provider=augeas): Closed the augeas 
connection

Manually, Augeas appears to work fine:

augtool set /files/boot/grub/grub.conf/title[1]/kernel/8250_core.nr_uarts 8
augtool save
Saved 1 file(s)

I'd appreciate any ideas?


Thanks
Chris

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/9f4a854d-e3b3-4be1-b7f2-5d495dba21d9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] error when I run puppet and try to apply changes to the system

[Chris Zou]

Hi,
 
I am new to puppet and I am trying to follow Quest Guide and its VM 
Learning Machine.
 
When I run puppet apply cowsayings/tests/cowsay.pp, I encounter error 
message as following:   

Warning: The package type's allow_virtual parameter will be changing its 
default value from false to true in a future release. If you do not want to 
allow virtual packages, please explicitly set allow_virtual to false.
   (at /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/type/package.rb:430:in 
`block (3 levels) in module:Puppet')
Error: Execution of '/usr/bin/yum -d 0 -e 0 -y list cowsay' returned 1: 
Error: Cannot find a valid baseurl for repo: epel
Could not retrieve mirrorlist 
http://mirrors.fedoraproject.org/mirrorlist?repo=epel-6arch=i386 error was
14: PYCURL ERROR 7 - Failed to connect to 2001:4178:2:1269::fed2: Network 
is unreachable
Error: /Stage[main]/Cowsayings::Cowsay/Package[cowsay]/ensure: change from 
absent to present failed: Execution of '/usr/bin/yum -d 0 -e 0 -y list 
cowsay' returned 1: Error: Cannot find a valid baseurl for repo: epel
Could not retrieve mirrorlist 
http://mirrors.fedoraproject.org/mirrorlist?repo=epel-6arch=i386 error was
14: PYCURL ERROR 7 - Failed to connect to 2001:4178:2:1269::fed2: Network 
is unreachable
 
 
What does it mean by Error: Cannot find a valid baseurl for repo: epel?
Why network is unreachable? 
How can I fix it? 
 
 
I really appreciate your help!

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/3fdadec0-d97b-4d65-abe2-4ce59d633b78%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] error message when I tried to run puppet and apply changes to the system

[Chris Zou]

I am new to Puppet, and I am trying to follow Quest Learning Machine from 
Puppet Lab.
 
However, every time I tried to run 
puppet apply cowsayings/tests/cowsay.pp
 
Error message comes up like this:
 
Warning: The package type's allow_virtual parameter will be changing its 
default value from false to true in a future release. If you do not want to 
allow virtual packages, please explicitly set allow_virtual to false.
   (at /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/type/package.rb:430:in 
`block (3 levels) in module:Puppet')
Error: Execution of '/usr/bin/yum -d 0 -e 0 -y list cowsay' returned 1: 
Error: Cannot find a valid baseurl for repo: epel
Could not retrieve mirrorlist 
http://mirrors.fedoraproject.org/mirrorlist?repo=epel-6arch=i386 error was
14: PYCURL ERROR 7 - Failed to connect to 2001:4178:2:1269::fed2: Network 
is unreachable
Error: /Stage[main]/Cowsayings::Cowsay/Package[cowsay]/ensure: change from 
absent to present failed: Execution of '/usr/bin/yum -d 0 -e 0 -y list 
cowsay' returned 1: Error: Cannot find a valid baseurl for repo: epel
Could not retrieve mirrorlist 
http://mirrors.fedoraproject.org/mirrorlist?repo=epel-6arch=i386
error was
14: PYCURL ERROR 7 - Failed to connect to 2001:4178:2:1269::fed2: Network 
is unreachable
 
What does Cannot find a valid baseurl for repo: epel mean? How can I fix 
these errors?
 
I really appreciate your help!!

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/284e8988-4388-40fb-8cae-7f21de4ced28%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] rspec-puppet: let( :title ) isn't setting title

[Chris Galli]

 I'd probably recommend trying to write a test for one of your 
 real-world puppet modules as I think the issue is with the Puppet code 
 more than the tests. 


 Thanks for the feedback and links Stephen and Gareth.

Gareth's comment sums things up nicely.  I'm dealing a large amount of 
Puppet 0.2x code, and my example was based one of them -- I gutted the 
logic but kept the usage of class and usage of $title in the resource.

I appreciate the help since I'm just getting started with Puppet.

Thanks!
Chris

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/2fe13343-3fa5-4805-8637-dbef5cc3a305%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] rspec-puppet: let( :title ) isn't setting title

[Chris Galli]

I've created a simple module to play with rspec-puppet, and I'm having 
trouble getting my tests to pass because it appears I can't set the value 
of $title -- It's always the name of my module.

I think perhaps I'm not understanding something about $title in puppet or 
let( :title ) in rspec-puppet.


Here's what I'm testing and the results I'm getting.

Create module:
$ puppet module generate --skip-interview poc-filez 



Module contents (*poc-filez/manifests/init.pp*):
class filez {

  file { $title:
# have also tried ${title}
ensure = present,
  }
}




Spec contents (*poc-filez/spec/classes/init_spec.rb*)
require 'spec_helper'
describe 'filez' do
  expected_title = '/home/me/foo'
  let(:title) { expected_title }
  # have tried variations, e.g. let (:title) { #{expected_title }


  # this fails  
  it { should contain_file(#{expected_title}) }
  
  # but when I use the module name, it passes, File[filez] is in the catalog
  # it { should contain_file(filez) }
end



*.fixtures.yml* contents:
fixtures:

  repositories:
#
  symlinks:
filez: #{source_dir}




Test results:
$ rake spec


Failures:


  1) filez should contain File[/home/me/foo]
 Failure/Error: it { should contain_file(#{expected_title}) }
   expected that the catalogue would contain File[/home/me/foo]



However, if I change the module to use $name, and pass $name as a parameter 
in the spec, then my tests pass, e.g.

*manifests/init.pp*
class filez {
  file { $name:
ensure = present,

  }
}


*spec/classes/init_spec.rb*
require 'spec_helper'
describe 'filez' do
  expected_title = '/home/me/foo'
  let(:params) {{ :name = expected_title }}


  # this passes
  it { should contain_file(#{expected_title}) }

  
  # this fails
  # it { should contain_file(filez) } 
end



I've examined other projects that use rspec-puppet and let( :title ) and on 
the surface they seems very similar.  But obviously, I'm missing something 
or not doing something correctly.  Any insight would be greatly 
appreciated.  I've got several legacy modules that use $title, so I'm 
hesitant to simply accept changing them to use name (unless of course 
that's the root of my problem).

Much appreciated,

Chris


ps
I'm using Ruby 2.1.5 on MAC OS X 10.9.5

Version Info (from *Gemfile.lock*):
GEM
  remote: https://rubygems.org/
  specs:
CFPropertyList (2.2.8)
diff-lcs (1.2.5)
facter (2.3.0)
  CFPropertyList (~ 2.2.6)
hiera (1.3.4)
  json_pure
json_pure (1.8.1)
metaclass (0.0.4)
mocha (1.1.0)
  metaclass (~ 0.0.1)
puppet (3.7.3)
  facter ( 1.6,  3)
  hiera (~ 1.0)
  json_pure
puppet-lint (1.1.0)
puppet-syntax (1.3.0)
  rake
puppetlabs_spec_helper (0.8.2)
  mocha
  puppet-lint
  puppet-syntax
  rake
  rspec
  rspec-puppet
rake (10.4.2)
rspec (3.1.0)
  rspec-core (~ 3.1.0)
  rspec-expectations (~ 3.1.0)
  rspec-mocks (~ 3.1.0)
rspec-core (3.1.7)
  rspec-support (~ 3.1.0)
rspec-expectations (3.1.2)
  diff-lcs (= 1.2.0,  2.0)
  rspec-support (~ 3.1.0)
rspec-mocks (3.1.3)
  rspec-support (~ 3.1.0)
rspec-puppet (1.0.1)
  rspec
rspec-support (3.1.2)


PLATFORMS
  ruby


DEPENDENCIES
  facter (= 1.7.0)
  puppet (= 3.3)
  puppet-lint (= 0.3.2)
  puppetlabs_spec_helper (= 0.1.0)

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/39cf1edd-aa4f-4370-8674-4b041e4cfa86%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Packets out of order:

[Chris Brooks]

I'm using puppet/hiera on freebsd 10.1 and I had no issue wth freebsd 10.0 
now when I use this I see the following:-

Error: Could not retrieve catalog from remote server: Error 400 on SERVER: 
Packets out of order: 0 at 
/usr/local/etc/puppet/environments/production/manifests/site.pp:1 on node 
puppet.london-internal.ingresso.co.uk
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

I'm using crayfishx's mysql backend for hiera.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5e904b5c-15fe-4bef-856b-1c73268a29a0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Puppet master on Windows

[Chris Price]

On Monday, December 29, 2014 1:52:41 PM UTC-8, Alejandro del Castillo wrote:

 Hello,

 We are looking at the different options out there to build a System 
 Management solution for embedded systems. I am encouraged by the fact that 
 puppet support opkg and it's already in use by OpenWRT (we build our own 
 distribution, but it's opkg-based). Digging/experimenting around with 
 puppet, it looks like it can do most of what we want. We would need to 
 write several modules, custom UI, etc, but it looks doable. The only 
 problem is that we absolutely must have Windows support for the host. That 
 is a deal breaker requirement, as many of our customers (unfortunately) 
 will expect Windows on the server side. As I am looking at options, I would 
 like to understand what would be the effort for the Windows port of the 
 server side components (at least puppet master, hiera, possibly puppetDB). 
 I do get that this is not a priority for the community and do understand 
 that if we take this approach, we would be maintaining the Windows server 
 side, which is something that is on the table for us. 


 Alejandro,

Puppet Server and PuppetDB both run on the JVM, so, theoretically they 
might Just Work on Windows.  We don't provide packaging, so you'd 
probably need to just try running them from source. 

Both projects have docs on how to run from source:

https://docs.puppetlabs.com/puppetserver/1.0/dev_running_from_source.html
https://docs.puppetlabs.com/puppetdb/latest/install_from_source.html

Hiera, to some degree, is a kind of plugin that runs inside the server, so 
it should work fine with Puppet Server.

I'm not aware of any efforts to run these apps on Windows, so, your mileage 
may vary... and I'm not aware of it being on our product roadmap to provide 
official support for Windows on the server-side.  That said, I'm not aware 
of any reason why it *shouldn't* work, so would be interested to hear about 
your results if you decide to try it.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/90266123-78db-4122-aff9-ca2a4faf769f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Did PE 3.7 kills r10k?

[chris mague]

Vadym,

I ran into the same problem and was able to work around as follows with the 
caveat that it's unsupported:

sudo su - pe-postgres
psql
\connect pe-classifier
select * from groups;
# write everything down
update groups set environment_name='agent-specified' where 
environment_name='production';
# then set the last column to 't' if you have any other groups.

You may need to specify the override 




On Saturday, December 27, 2014 7:59:55 AM UTC-8, Vadym Chepkov wrote:



 On Saturday, December 27, 2014 9:44:44 AM UTC-5, Martin Alfke wrote:

 Hi Vadym, 

 the PE node classifier is an ENC. 
 This ENC sets environments per nodes as an authority. Nodes can no longer 
 switch their environments if you use an ENC with environment parameters 
 set. 

 You still have the technical possibility to continue using manifests 
 based node classification and therefor you can continue using r10k. 
 You will only loose the environment enforcement via ENC. 

 hth, 

 Martin 



 Hi Martin,

 That's the problem,  PE 3.7 creates 'default' group, which can't be edited 
 and this group enforces 'production' environment for each node.
 You can create a new group and override environment there, but you would 
 have to do it for each single topic branch you create in git and 
 development team can't work on more than one topic branches from the same 
 node. This makes development process extremely difficult.

 Regards,
 Vadym






-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/30babbee-4d8e-467e-90ea-c3d0af8f446c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: puppet turning a file into a directory

[Chris]

Just posting a follow up.

On 04/12/14 01:31, jcbollinger wrote:

Or if you have multiple environments defined, and for some reason the
affected server is occasionally assigned to the wrong one, then you
might get a different declaration.  There are many other possibilities.


This was the case. I had other environments where it was declared as 
just 'present' rather than 'file' and it was switching to one of those. 
Since I've updated the other environments, it hasn't happened again.


Thanks for the help and ideas.

--
Postgresql  php tutorials
http://www.designmagick.com/

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/548763D6.6050803%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] puppet turning a file into a directory

[Chris]

Hi,

This is a very strange one. On my CA server (which also runs puppet as 
an agent to control various things), sometimes a file gets turned into a 
directory. It's only this file and on this server (the other puppet 
controlled servers don't have this issue).


Using puppet 3.7.3 from the puppetlabs yum repo.

My manifest has this:

file { '/usr/local/sbin/duplicity-backup.sh':
ensure  = file,
owner   = 'root',
group   = 'root',
mode= '0755',
source  = 'puppet:///modules/duplicity/duplicity-backup.sh',
}

so pretty simple. The source exists and is a bash script.

It starts off as a file:

Dec  2 23:47:28 server puppet-agent[1072]: 
(/Stage[main]/Duplicity/File[/usr/local/sbin/duplicity-backup.sh]/ensure) defined 
content as '{md5}db1ad110a94782a2e0edc9f1b650a854'


but turns into a directory:

Dec  3 00:54:12 server puppet-agent[23986]: 
(/Stage[main]/Duplicity/File[/usr/local/sbin/duplicity-wrapper.sh]) 
Could not evaluate: Could not retrieve file metadata for 
puppet:///modules/duplicity/duplicity-wrapper.sh: Could not intern from 
text/pson: undefined method `delete' for 
#Puppet::Resource::Catalog:0x7f3b29db1468
Dec  3 00:54:12 server puppet-agent[23986]: 
(/Stage[main]/Duplicity/File[/usr/local/sbin/duplicity-wrapper.sh]) 
Wrapped exception:
Dec  3 00:54:12 server puppet-agent[23986]: 
(/Stage[main]/Duplicity/File[/usr/local/sbin/duplicity-wrapper.sh]) 
Could not intern from text/pson: undefined method `delete' for 
#Puppet::Resource::Catalog:0x7f3b29db1468
Dec  3 00:54:12 server puppet-agent[23986]: 
(/Stage[main]/Duplicity/File[/usr/local/sbin/duplicity-backup.sh]/ensure) ensure 
changed 'file' to 'directory'



Any help/ideas/suggestions would be great :)

Thanks!
--
Postgresql  php tutorials
http://www.designmagick.com/

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/547E8B90.4000302%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: PuppetServer Inconsistent Errors

[Chris Price]

On Friday, November 14, 2014 8:52:55 AM UTC-8, Brian Wong wrote:

 I am currently using version 0.4.0 of PuppetServer using the official RPM 
 package on CentOS 7. I am running into an issue where a node's agent runs 
 error out inconsistently. The node's agent run would sometimes successfully 
 complete or give different errors upon other runs. Below are examples of 
 the errors that the agent would report. The errors never show up together 
 but instead are confined to different invocations of the agent run. It may 
 be slightly confusing, but the node where agent runs are performed also 
 happens to be the server which is running PuppetServer as well. I am using 
 Puppet to manage the PuppetServer.

 - one error that would sometimes appear
 Notice: Finished catalog run in 8.08 seconds
 Error: Could not send report: Error 400 on SERVER: Could not create 
 resources for managing Puppet's files and directories in sections 
 [:reporting]: Invalid parameter ensure
 Invalid parameter ensurelogdir = /var/log/puppet 


These errors are very strange.  How frequently would you say that it 
happens?  If you are able to jump on to #puppet-dev in freenode we could 
maybe try to suggest some debugging patches you could apply to the ruby 
code to help us narrow it down. 

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/e311eac6-075b-4a57-bdd3-e50f3f967ab7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] augeas, sshd and multiple onlyif requirements

[Chris]

On 10/10/14 16:29, John Warburton wrote:

On 10 October 2014 13:34, Chris dmag...@gmail.com
mailto:dmag...@gmail.com wrote:


Any help, suggestions, alternatives would be greatly appreciated.


Stop using Augeas and start using templates
https://docs.puppetlabs.com/guides/templating.html


I didn't want to go that far, so I persisted with the other approach.

Instead of doing this:

augeas{'sshd-config-client-alive-interval':
  context = '/files/etc/ssh/sshd_config',
  changes = [
'ins ClientAliveInterval before Match',
'set ClientAliveInterval 3600',
  ],
  onlyif = [
'match ClientAliveInterval size == 0',
'match Match size  0',
  ],
}

I did this:

augeas{'sshd-config-client-alive-interval':
  context = '/files/etc/ssh/sshd_config',
  changes = [
'rm ClientAliveInterval', # Make sure it's gone so it won't be 
set multiple times

'ins ClientAliveInterval before Match',
'set ClientAliveInterval 3600',
  ],
  onlyif = [
'match Match size  0',
  ],
}

and augeas is smart enough (much smarter than me) to only run that once 
(subsequent runs don't keep removing it and re-adding it).


Cheers,
--
Postgresql  php tutorials
http://www.designmagick.com/

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/543B540F.5040002%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: centos 7 boxes on vagrant cloud?

[Chris Handy]

awesome, thank you!

On Wednesday, October 8, 2014 5:15:25 PM UTC-4, Scott Schneider wrote:

 I was wondering when there will be official centos 7 boxes from puppet 
 labs on https://vagrantcloud.com/puppetlabs?

 Also it would be nice to have a link on the puppet vagrant cloud homepage 
 to what repo these boxes are generated from like the chef project does to 
 https://github.com/opscode/bento.


 Hi Chris,

 You've caught us in the middle of re-working our automated Vagrant imaging 
 pipeline.  I expect to have new builds published to Vagrant Cloud later 
 this week or early next week.

 We're also working on setting up a ticketing project for bug reporting and 
 publicizing our Packer repository, as suggested.  Stay tuned!


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/f7ca5c5f-abf6-4d4e-9dc8-b370c97a28c8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] augeas, sshd and multiple onlyif requirements

[Chris]

Hi all,

I'm trying to insert a ClientAliveInterval setting into sshd_config with 
augeas. Some servers have a Match User line (so the new setting needs 
to come before the Match User line), and some don't. Some already have 
a ClientAliveInterval setting, and some don't.


My first attempt was this:

augeas{'sshd-config-client-alive-interval':
  context = '/files/etc/ssh/sshd_config',
  changes = [
'ins ClientAliveInterval before Match',
'set ClientAliveInterval 3600',
  ],
  onlyif = [
'match ClientAliveInterval size == 0',
'match Match size  0',
  ],
}

But it's not checking both onlyif requirements before trying to add the 
new setting. Reversing the order tries to add it to configs with the 
option already set which also causes a failure.



I've read a few posts that suggest putting both match requirements into 
one setting, but I can't get the syntax right.


augeas{'sshd-config-client-alive-interval':
  context = '/files/etc/ssh/sshd_config',
  changes = [
'ins ClientAliveInterval before Match',
'set ClientAliveInterval 3600',
  ],
  onlyif = [
'match /files/etc/ssh/sshd_config[(match 
/files/etc/ssh/sshd_config include ClientAliveInterval) size == 0 and 
(match /files/etc/ssh/sshd_config include Match) size  0] size  0',

  ],
}

Any help, suggestions, alternatives would be greatly appreciated.

Using augeas 1.0.0 from scientific linux 6, puppet 2.7.

Thanks!
--
Postgresql  php tutorials
http://www.designmagick.com/

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/543745AC.80108%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] centos 7 boxes on vagrant cloud?

[Chris Handy]

Hey all,

I was wondering when there will be official centos 7 boxes from puppet labs 
on https://vagrantcloud.com/puppetlabs?

Also it would be nice to have a link on the puppet vagrant cloud homepage 
to what repo these boxes are generated from like the chef project does 
to https://github.com/opscode/bento.

Thanks,
Chris

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/7f617960-9ff9-4aee-9895-6caaba31c257%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Dependency cycle using tidy with puppet 3

[Chris Lee]

 Alternatively, you should be able to overcome any autorequire by declaring 
 a contradictory explicit relationship.  For example, you could try this:

 define crond::job($jobs,$comment,$mail=root) {
 include crond::cleanup
 file {
 /etc/cron.d/${name}.puppet.cron:
 owner=root,group=root,
 content=template(crond/job.erb)
 } - Tidy['/etc/cron.d']
 }


That worked perfectly, and it doesn't appear to be removing any of the 
other files. 
The next part of our migration will obviously be moving what we can from 
extdata to hiera, etc and then a massive code clean up to conform with all 
the new best practises. Getting around this now though makes it much 
easier to get the system working with Puppet 3.0+ and start the big project 
of cleaning.

Thank you so much

Chris

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/2ab1e1b8-accb-42b0-ad4e-7ac984681a9f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Dependency cycle using tidy with puppet 3

[Chris Lee]

We try not to use stages at all, unless absolutely necessary and we would 
love to avoid them if we could.

Our puppet code is used on around ~3000 machines in a heterogeneous 
environment of both various hardwares, os boot systems and applications, so 
at times its an unnecessary evil

It is my understanding that tidy now now creates a dependency on the file, 
but since this is run in the beginning, the tidy on the files which are 
created in post creates a loop. For all the other times we use tidy I was 
able to get around by splitting the tidy from the classes and simple 
including them, this is the last one I cant seem to get around. I did find 
another post about this and puppet 3, but no solution 
https://ask.puppetlabs.com/question/13431/how-do-i-work-around-puppet-3-semantics-change/

Unfortunately we have way to many variables, and while direct requires 
might be possible it would mean an entire rewrite of ~ 4 years of code, and 
many times we have run into conflicts anyway which finally forced us into 
this.
Mostly the idea is that our (systems admin) configuration is run in main, 
specific user requirements are configured in apps, and only after all of 
that, do we declare the machine usable. Finally we ensure that things like 
puppet are running, where prior to that on a broken system it wouldn't be 
required anyway,  and then apply certain safety checks, as with this cron 
which does a daily check to ensure puppet hasn't been disabled and mails a 
report which we can compare with puppet dashboards output. 

With out the stages this would literally require hundreds of if defined 
statements due to all the various configurations available.

The File[/etc/cron.d/puppetcheck.puppet.cron] - Tidy[/etc/cron.d] 
relationship is from the new design  of tidy as explained in the post I 
linked above. The code I posted is simple called in a class that is set to 
stage post.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/8972ab55-6b62-499c-bd58-eb82d5593192%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Dependency cycle using tidy with puppet 3

[Chris Lee]

We try not to use stages at all, unless absolutely necessary and we would 
love to avoid them if we could.

Our puppet code is used on around ~3000 machines in a heterogeneous 
environment of both various hardwares, os boot systems and applications, so 
at times its an necessary evil

It is my understanding that tidy now now creates a dependency on the file, 
but since this is run in the beginning of the catalog, the tidy on the 
files which are created in post creates a loop. For all the other times we 
use tidy I was able to get around this by splitting the tidy from the 
classes and simple including them, this is the last one I cant seem to get 
around. I did find another post about this and puppet 3, but no solution 
https://ask.puppetlabs.com/question/13431/how-do-i-work-around-puppet-3-semantics-change/

Unfortunately we have way to many variables, and while direct requires 
might be possible it would mean an entire rewrite of ~ 4 years of code, and 
many times we have run into conflicts anyway which finally forced us into 
this.
Mostly the idea is that our (systems admin) configuration is run in main, 
specific user requirements are configured in apps, and only after all of 
that, do we declare the machine usable (remove nologin, etc). Finally, we 
then ensure that things like puppet are running, where prior to that on a 
broken system it wouldn't be required anyway,  and then apply certain 
safety checks, as with this cron which does a daily check to ensure puppet 
hasn't been disabled and mails a report which we can compare with puppet 
dashboards output. 

With out the stages this would literally require hundreds of if defined 
statements due to all the various configurations available.

The File[/etc/cron.d/puppetcheck.
puppet.cron] - Tidy[/etc/cron.d] relationship is from the new design  of 
tidy as explained in the post I linked above. The code I posted is simple 
called in a class that is set to stage post?

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/3e097655-c925-4bd9-bebf-1dbf6d87782f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Dependency cycle using tidy with puppet 3

[Chris Lee]

hmmm, I've created a new class trying to replicated the exact same thing 
with different files, and I cant seem to.. 
Will have to do a lot more digging to see where this is coming from

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/7161a278-b98b-4782-9fb9-abeb5117120c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Dependency cycle using tidy with puppet 3

[Chris Lee]

The first error was being thrown out and I didn't see the second one. Its 
easy to replicate using puppet 3.3.2

node test {
class {crond::test:stage=post,}
}

define crond::job($jobs,$comment,$mail=root) {
include crond::cleanup
file {
/etc/cron.d/${name}.puppet.cron:
owner=root,group=root,
content=template(crond/job.erb)
} 
}
class crond::cleanup {
tidy {
/etc/cron.d:
age = 0, recurse = true,
matches = *.puppet.cron,
}
service {
crond: ensure=running,enable=true
}
}
class crond::test  {
crond::job {tidytest:
  mail=root,
  comment=testing tidy,
  jobs=6 6 * * * root nice /bin/true,
}
}



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/886b7539-751a-4b32-b283-dcb9859fb561%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: mod_passenger.so is missing

[Chris Lee]

assuming linux you could run

yum whatprovides *mod_passenger.so

for example on my system it is as follows:

mod_passenger-3.0.17-2.el6.1.x86_64 : Apache Module for Phusion Passenger
Repo: atds
Matched from:
Filename: /usr/lib64/httpd/modules/mod_passenger.so



mod_passenger-3.0.17-2.el6.1.x86_64 : Apache Module for Phusion Passenger
Repo: installed
Matched from:
Filename: /usr/lib64/httpd/modules/mod_passenger.so




-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/ac351ec6-c2e0-4913-b657-6dca873aff4b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: mod_passenger.so is missing

[Chris Lee]

ps: not so sure about the gems and why its not there?

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/f6c11be1-88a2-4cc2-8431-907cf0078a68%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Custom Providers and Third Party Gems

[Chris Pitman]

Hey everyone,

I'm hoping someone can enlighten me here: Why is it so hard/complicated to 
use third party gems when developing a custom provider? It seems to me that 
pulling in gems should be priority #1, since it allows providers to 
leverage a lot of development already done in the ruby community.

However, right now it is complicated:

1. I have to get my users downstream to install gem dependencies before 
using any resources related to the provider. There is no way for me to 
annotate the module itself for these dependencies, and no support for 
automatically pulling them down.

2. Features offer very limited capability (as far as I understand), and 
are poorly documented. The only documentation is on how to link providers 
and types using features, not on how to require ruby libraries. There is no 
way for anything other than a type to specify requiring a feature. For 
example, what if a provider requires a gem?

3. Features only protect part of the lifecycle. Even without a feature 
present, puppet still attempts to resolve auto-require relationships. This 
makes sense based on how things work, but what am I supposed to do if I 
need a third party gem there?

4. Some gem dependencies need to be present on both the puppet master (in 
the master's environment) and on the node. There is no way for me to 
transparently take care of this for users.

So, am I just missing something? Is there some secret hook in the puppet 
source that makes dealing with gems better? Should I just start 
distributing this provider as a package, and ignore puppet module, r10k, 
etc? Or are there any changes coming down the pipeline that will make this 
work better?

Thanks,
Chris

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/78d97481-4d1f-4548-9835-0ca20eade250%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Dependency cycle using tidy with puppet 3

[Chris Lee]

Hi all,

We are busy migrating out puppet 2.7 code to puppet 3 and have run into a 
problem where we are getting dependency cycles when using tidy.
This mostly happens with stages (and yes, I completely understand why we 
should avoid them).

As an example we have a defined class that we use to create our cron jobs, 
and then a tidy to clean up anything that isn't defined.

class crond::cleanup {
tidy {
/etc/cron.d:
age = 0, recurse = true,
matches = *.puppet.cron
}
}

define crond::job($jobs,$comment,$mail=root) {
include crond::cleanup
file {
/etc/cron.d/${name}.puppet.cron:
owner=root,group=root,
content=template(crond/job.erb)
} 
}


and we get a dependency as follows:

(File[/etc/cron.d/puppetcheck.puppet.cron] = Tidy[/etc/cron.d] = 
Class[Crond::Cleanup] = Stage[main] = Stage[apps] = Stage[apps] = 
Stage[post] = Class[Puppet::Service] = Crond::Job[puppetcheck] = 
File[/etc/cron.d/puppetcheck.puppet.cron])

Does anyone know of a workaround?

Thanks
Chris


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/01a1dc4a-ab91-4653-a879-ba4d4d26ea21%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Puppet agent memory usage on the master

[Chris Ritson]

I've been trying for a while to work out why my puppet agent run on the puppet 
master was consuming so much time and memory. With a single webrick master 
running puppet puppet-3.6.2-1.el6 and serving about 100 clients, I was seeing 
agent runs on  the master of the order of 4000 seconds. I was keeping, but not 
making use of the agent reports, so the puppet master was tidying these away 
after they reached the an age of 36 hours to avoid wasting disk space. Agent 
runs were quite often getting OOM errors and being killed as this was on a 
virtual machine with 2G of memory. Increasing this limit and watching the agent 
run grow it became clear that stored state was part of the problem. Memory 
consumption was sometimes reaching 3G.

In the end, even after abandoning report generation and allowing the remaining 
report files to be tidied out of existence, I was still seeing a large memory 
footprint and long delays when the puppet run appeared to be doing nothing or 
saving its previous state. Looking in the saved state.yaml file, I saw that 
there were still many hundreds of references to report files and directories 
that used to exist. Only when I finally removed this file altogether, taking 
the risk that a few services would be restarted when they shouldn't be, did my 
puppet run get back to a reasonable time and memory footprint.

It seems from this that the puppet agent is reading and preserving a lot of 
historic state information, even when this is no longer of any use. Is this a 
bug/feature? Is this something I could/should have been able to avoid with 
better knowledge of puppet's configuration options?

Chris Ritson
Newcastle University IT,
c/o School of Computing Science,
Floor 8,
Claremont Tower,
Newcastle University,
NE1 7RU, UK.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/D00BBDAB7ECC63469B186F002CC7DBC80AC53EB6%40EXMBCT01.campus.ncl.ac.uk.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] HA puppetmaster in AWS

[chris mague]

I used this approach detailed below in production for a large-ish 
environment.
When used in conjunction with Nginx load balancing in AWS 
(http://blog.mague.com/?p=286) it worked very well.

1) Route all certificate requests (explained above) to a pair of boxes that 
have the sync setup listed below
2) Route specific environments to specific puppet backends

One further refinement is to set up a puppet master running in debug mode 
and create a debug environment which is useful for troubleshooting.

-c

On Friday, July 18, 2014 6:03:51 AM UTC-7, Juan Sierra Pons wrote:

 Hi 

 What about this approach? [1] Sync Puppet Certs between EC2 regions 

 It seems very easy to implement: unison + incron +  scripts 

 Disclaimer: not tested yet. Hope to have a prof of concept next week. 

 Best regards 

 [1] http://blog.mague.com/?p=468 

 --
  

 Juan Sierra Pons ju...@elsotanillo.net 
 javascript: 
 Linux User Registered: #257202 
 Web: http://www.elsotanillo.net Git: http://www.github.com/juasiepo 
 GPG key = 0xA110F4FE 
 Key Fingerprint = DF53 7415 0936 244E 9B00  6E66 E934 3406 A110 F4FE 
 --
  



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/d092191d-f933-4669-9272-2f104a894851%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Just Released: Puppet Enterprise 3.3

[Chris Westphal]

Puppet Enterprise 3.3 is now available! Our newest release makes it easier 
to install, adopt and scale Puppet Enterprise across a broad range of 
supported platforms. Here’s a quick look at what’s new:


   - *Simplified installation process:* Our new web-based installer 
   provides a detailed walkthrough, whether you need a basic installation or a 
   multi-server deployment.


   - *Expanded platform support:* RHEL 7, Ubuntu 14.04 LTS and Windows 
   Server 2012 R2 have been added to existing support for enterprise 
   platforms. This release also introduces agent installation to a broader 
   range of platforms, including AIX, Solaris 10 and RHEL 4, making it easier 
   to manage mixed-platform environments.


   - *New supported modules:* We’ve added the VCS Repo module, Windows ACL 
   module and Windows PowerShell module to our growing list of Puppet 
   Enterprise supported modules. Find them here: 
   http://forge.puppetlabs.com/supported


   - *Increased visibility into your infrastructure:* You can now export 
   data captured by the Puppet Enterprise console and import it into the tool 
   of your choice to create reports for your team.


*Take a deeper dive into the latest release*


Read the blog post here:

http://puppetlabs.com/blog/puppet-enterprise-3.3-get-started-faster

Ready to get started? Download Puppet Enterprise 3.3 here: 

http://puppetlabs.com/download-puppet-enterprise

Review the docs here: 

*http://docs.puppetlabs.com/pe/latest/ 
http://docs.puppetlabs.com/pe/latest/*

Find instructions for upgrading from a prior version of Puppet Enterprise 
here: 

http://docs.puppetlabs.com/pe/latest/install_upgrading.html 

See Puppet Enterprise 3.3 in action in one of our live technical webinars:

   - 
   
   Tuesday, July 22, at 11 am PDT: Register here 
   https://cc.readytalk.com/cc/s/registrations/new?cid=pmh71knj7ze0
   - 
   
   Thursday, July 24th at 2pm BST: Register here 
   https://cc.readytalk.com/cc/s/registrations/new?cid=wyxifwfj3aux
   



We look forward to your feedback on this release!

Thanks,
Chris Westphal

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/9328643a-62cc-4dea-9c08-780188580849%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Checking a variable is not 'undef'

[Chris Cowley]

OK, so what it the recommended way to do this? Somehow it is not something 
I have come up against before, I have the impression that it is a lot 
harder than simply:

if $variable {
  do stuff
}

I've had a look through stdlib and it does not seem to have anything that 
helps here (if that is the case, then I will make a feature request).

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/ac5be1c4-073a-404b-969d-14b53267cf7a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] ssl signing issue

[Chris]

On 30/06/14 16:24, Martin Alfke wrote:

Hi Chris,
On 30 Jun 2014, at 05:23, Chris dmag...@gmail.com wrote:



master gets it:
# puppet ca list
  client  (SHA256) 
D4:6D:33:FE:33:98:C1:42:77:ED:D3:33:16:8D:A0:C6:37:1F:90:6B:03:D2:EC:79:52:FF:03:2E:8C:7F:D8:50

and has signed itself:
# puppet ca list --all
  client (SHA256) 
D4:6D:33:FE:33:98:C1:42:77:ED:D3:33:16:8D:A0:C6:37:1F:90:6B:03:D2:EC:79:52:FF:03:2E:8C:7F:D8:50
+ puppet-master  (SHA256) 
65:CE:54:5B:0A:93:5A:43:B4:D6:26:21:5C:99:F5:E9:3B:B3:59:98:4C:5C:84:24:A6:2D:06:C4:FC:DF:2F:A9

So I sign it:
# puppet ca sign client
Notice: Signed certificate request for client
Notice: Removing file Puppet::SSL::CertificateRequest client2.squiz.local at 
'/var/lib/puppet/ssl/ca/requests/client.pem'
-BEGIN CERTIFICATE-\ncert contents here


Then the problems start:

# puppet ca list --all
Error: The certificate retrieved from the master does not match the agent's 
private key.
Certificate fingerprint: 
B5:2C:39:40:27:31:47:4F:89:A8:75:EB:8D:1C:16:B9:31:14:4D:BE:B3:DD:AB:81:0E:F4:E4:F2:73:CC:C1:B9
To fix this, remove the certificate from both the master and the agent and then 
start a puppet run, which will automatically regenerate a certficate.


Will the same problem occur when using puppet cert instead of puppet ca?


That worked fine, thanks.

--
Postgresql  php tutorials
http://www.designmagick.com/

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/53B20B70.60904%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] ssl signing issue

[Chris]

Hi,

I'm trying to get signing right and have come up with a weird situation.

Both master and client are running 3.6.2 (rpms from puppetlabs).

client config:

[main]
vardir = /var/lib/puppet
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = /var/lib/puppet/ssl
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
server = puppet-master
ca_server = puppet-master
report = true

# 2 mins.
runinterval = 120

factpath = /etc/facter/facts.d
pluginsync = true
environment = production



master:
[main]
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl

reports = store
environmentpath = $confdir/environments
factpath = /etc/facter/facts.d

storeconfigs = true
storeconfigs_backend = puppetdb


client generates a cert fine:
Info: Creating a new SSL key for client
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for client
Info: Certificate Request fingerprint (SHA256): 
D4:6D:33:FE:33:98:C1:42:77:ED:D3:33:16:8D:A0:C6:37:1F:90:6B:03:D2:EC:79:52:FF:03:2E:8C:7F:D8:50



master gets it:
# puppet ca list
  client  (SHA256) 
D4:6D:33:FE:33:98:C1:42:77:ED:D3:33:16:8D:A0:C6:37:1F:90:6B:03:D2:EC:79:52:FF:03:2E:8C:7F:D8:50


and has signed itself:
# puppet ca list --all
  client (SHA256) 
D4:6D:33:FE:33:98:C1:42:77:ED:D3:33:16:8D:A0:C6:37:1F:90:6B:03:D2:EC:79:52:FF:03:2E:8C:7F:D8:50
+ puppet-master  (SHA256) 
65:CE:54:5B:0A:93:5A:43:B4:D6:26:21:5C:99:F5:E9:3B:B3:59:98:4C:5C:84:24:A6:2D:06:C4:FC:DF:2F:A9


So I sign it:
# puppet ca sign client
Notice: Signed certificate request for client
Notice: Removing file Puppet::SSL::CertificateRequest 
client2.squiz.local at '/var/lib/puppet/ssl/ca/requests/client.pem'

-BEGIN CERTIFICATE-\ncert contents here


Then the problems start:

# puppet ca list --all
Error: The certificate retrieved from the master does not match the 
agent's private key.
Certificate fingerprint: 
B5:2C:39:40:27:31:47:4F:89:A8:75:EB:8D:1C:16:B9:31:14:4D:BE:B3:DD:AB:81:0E:F4:E4:F2:73:CC:C1:B9
To fix this, remove the certificate from both the master and the agent 
and then start a puppet run, which will automatically regenerate a 
certficate.



I've double checked my configs against a separate working install 
(though that doesn't have puppetdb) and can't see anything obviously wrong.


I'm not sure where to start looking at this so thanks for any help.

--
Postgresql  php tutorials
http://www.designmagick.com/

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/53B0D829.9000802%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Grant user SELECT on pg_stat_database?

[Chris]

On 13/06/14 14:44, Chris Miller wrote:

How do I grant a user SELECT privileges on the pg_stat_database catalog?
Using the normal postgresql::server::database_grant approach just
returns: 'ERROR: database pg_stat_database does not exist


pg_stat_database isn't a database, it's a view inside *each* postgres 
database (ie the stats in there are not for the entire cluster).


--
Postgresql  php tutorials
http://www.designmagick.com/

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/539F7354.604%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Grant user SELECT on pg_stat_database?

[Chris Miller]

How do I grant a user SELECT privileges on the pg_stat_database catalog? 
Using the normal postgresql::server::database_grant approach just returns: 
'ERROR: database pg_stat_database does not exist

-Chris

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/cfe4fa21-e6f1-4bc4-92ce-cbf4706ba389%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] multiple puppet masters, multiple puppetdb's

[Chris]

Hi all,

I'm trying to set up something that will have multiple puppet masters 
(with one as the CA) and multiple puppet db's (they will be 
geographically dispersed).


The multi-masters stuff all works fine, but I'm struggling with multiple 
puppet db's.


Ideally I'd like puppet db to live on the same server as the puppet 
master for a particular region (so a master + puppetdb in US, one in UK, 
one in AU for starters) but I'm not sure if that's supported at all.


I've got puppetdb on the master CA server and that works fine, but if I 
point the other masters to 'localhost' (in puppetdb.conf) I get ssl 
errors on the agent runs:


Error: Could not retrieve catalog from remote server: Error 400 on 
SERVER: Failed to submit 'replace facts' command for client1.local to 
PuppetDB at localhost:8081: SSL_connect returned=1 errno=0 state=SSLv3 
read server certificate B: certificate verify failed: [certificate 
revoked for /CN=puppetmaster1.local]


I saw in the puppetdb docs about using postgres replication to do things 
but if an agent has to go back to the main server for every run to 
report, I don't understand why you'd want to do that.


Any help or ideas would be great.

Cheers,
Chris.
--
Postgresql  php tutorials
http://www.designmagick.com/

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/539A45DF.2070100%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppetmaster Logrotate isn't working

[Chris]

On 30/04/14 02:13, willi.feh...@home24.de wrote:

Hello,

we have an issue that the Puppetmaster logrotate isn't working.

We are using the following default Logrotate:

/var/log/puppet/*log {
   missingok
   sharedscripts
   create 0644 puppet puppet
   compress
   rotate 4

   postrotate
 pkill -USR2 -u puppet -f 'puppet master' || true
 [ -e /etc/init.d/puppet ]  /etc/init.d/puppet reload  /dev/null 21 || 
true
   endscript
}

After running the logrotate script we have this message in syslog:

Apr 29 09:36:12 puppet1 puppet-master[3109]: Caught USR2; calling reopen_logs
Apr 29 09:36:12 puppet1 puppet-master[3109]: Reopening log files

The problem is that the logrotate does not create a new masterhttp.log. We 
tried it with Puppet-3.4.2, 3.4.3 and 3.5.1.


I can't help with the puppet side of things, but try 'copytruncate' in 
your logrotate conf instead, and remove the postrotate section.


--
Postgresql  php tutorials
http://www.designmagick.com/

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5369577A.1010105%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Error reporting gripe.

[Chris Johnson]

Hi.

Had the following error in my messages log from the puppet gent daemon, 
i.e. the client side:


{/Stage{main}/web_server/File{/var/www/html/index.html])  Could not 
evaluate:  Could not retrieve file metadata for 
puppet://modules/web_services/client1/html/index.html:  Connection 
refused  -  connect(2)


Now maybe I wouldn't be quite so annoyed if I hadn't been chasing file 
protocols and network problems for four days on this one.  And the 
computer gods know I've google it enough and seen all kinds of responses.


Please, please, please would it be too much trouble for a simple file 
or directory not found error instead?  That's what the problem was. But 
I just spend four days googling this and try to find nonexistent network 
problems among other things.


I like the idea of puppet especially with a huge install client base or 
compute cluster etc.  But come on guys.  Is it too much task for simpler 
more direct and meaningful error reporting?


Chris.

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/53592635.9050907%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Error reporting gripe.

[Chris Johnson]

On 4/24/14, 11:22 AM, Felix Frank wrote:

Uhm, why is this in the Sharing Puppet Functions thread?


Sorry, didn't know it belonged elsewhere.  My bad.



Anyway, this looks like a bug. Can you reproduce this? I'll gladly
report it if you'd like to save the hassle, but I'll need to reproduce.


Very easily reproducible.  I was reproducing it for four days.  The 
module I was trying to write initialized the /var/www/html Web content 
directory with a index.html.  Try mistyping something in the source path 
that should normally go to the module's file directory (bloody 
trifocals).  BTW this is puppet and server 3.5.1 with current 
dependencies on CentOS-6.5.


Chris



Regards,
Felix

On 04/24/2014 04:56 PM, Chris Johnson wrote:

Hi.

Had the following error in my messages log from the puppet gent daemon,
i.e. the client side:

{/Stage{main}/web_server/File{/var/www/html/index.html])  Could not
evaluate:  Could not retrieve file metadata for
puppet://modules/web_services/client1/html/index.html:  Connection
refused  -  connect(2)

Now maybe I wouldn't be quite so annoyed if I hadn't been chasing file
protocols and network problems for four days on this one.  And the
computer gods know I've google it enough and seen all kinds of responses.

Please, please, please would it be too much trouble for a simple file
or directory not found error instead?  That's what the problem was. But
I just spend four days googling this and try to find nonexistent network
problems among other things.

I like the idea of puppet especially with a huge install client base or
compute cluster etc.  But come on guys.  Is it too much task for simpler
more direct and meaningful error reporting?

Chris.


--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/53593089.6090906%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: How to pass a hash to a variable with Puppet Enterprise?

[Chris Neal]

Hi John,

Thanks for the detailed reply.  That declaration appears on the Puppet
Forge site for that module as an example for what has to use for that
variable.

I took your suggestion and just modified the default value for the variable
and plugged that has in, and it works fine.

There seems to be something different in the syntax for a hash when
entering it into the form data in Puppet Enterprise that I cannot figure
out.  I tried removing extra spaces, and making the single quotes double
ones, but that didn't work either.

If you or anyone else has some insight into getting a has accepted in PE,
please share!

Thank you again for the help.
Chris

On Tue, Apr 22, 2014 at 1:40 PM, jcbollinger john.bollin...@stjude.orgwrote:



 On Tuesday, April 22, 2014 11:40:08 AM UTC-5, Chris Neal wrote:

 Hi all,

 This is most likely a noob question, so I apologize.  I've googled as
 well and was not able to find an answer to this seemingly basic question.
 I'm using Puppet Enterprise 3.1.2 along with this module to
 install/manage Elasticsearch:  https://forge.puppetlabs.com/
 elasticsearch/elasticsearch/0.2.3

 I've added the elasticsearch class to my node definition, and when I try
 and pass the hash to the 'config' variable, my runs fail with various
 errors about the parameter being a string, not a hash.

 I've tried:

  class { 'elasticsearch':
config   = {
  'node' = {
'name'   = 'elasticsearch001'
  },
  'index'= {
'number_of_replicas' = '0',
'number_of_shards'   = '5'
  },
  'network'  = {
'host'   = $::ipaddress
  }
}
  }

 [...]



 All result in something like this:

 
 Error: Could not retrieve catalog from remote server: Error 400 on
 SERVER:  config = { 'node' = { 'name' = 'elasticsearch001' }, 'index'
 = { 'number_of_replicas' = '0', 'number_of_shards' = '5' }, 'network' =
 { 'host' = $::ipaddress } } is not a Hash. It looks to be a String at
 /etc/puppetlabs/puppet/modules/elasticsearch/manifests/init.pp:242 on
 node n6.example.com



 Differences in whitespace are not significant in Puppet manifests, so as
 far as I can tell, all your attempts are equivalent.  I don't see anything
 wrong with them as such, but perhaps the context in which that declaration
 appears is causing the issue.  Or maybe the keys should be unquoted.
 Following PL examples (
 http://docs.puppetlabs.com/puppet/3/reference/lang_datatypes.html#hashes),
 I don't quote my hash keys, but the docs do say they are strings, so I
 would expect quoting them to be valid.

 Does that declaration appear, in that form, in a manifest file somewhere?
 (If not, then please tell us what you are really doing.)  If putting the
 example declaration, verbatim, into a Puppet class and assigning that class
 to a node causes the compilation of the node's catalog to fail, then I'm
 sure PL would appreciate a bug report.  In the mean time, you could
 consider assigning the hash to a class variable of the containing class,
 and using that to configure Class['elasticsearch']:

 $search_config = {

   node= {
 name = 'elasticsearch001'
   },
   index   = {
 numberofreplicas = '0',
 numberofshards   = '5'

   },
   network = {
 host  = $::ipaddress
   }
 }

 class { 'elasticsearch':
   config = $search_config
 }


 Really, though, it would be much better form to to externalize the data --
 i.e. to store the config hash in an Hiera data store under key
 'elasticsearch::config'.  (If you do that then remember to format the hash
 appropriately for the relevant Hiera back-end.)



 John

  --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to puppet-users+unsubscr...@googlegroups.com.
 To view this discussion on the web visit
 https://groups.google.com/d/msgid/puppet-users/80f2036a-d437-4f4e-80b5-a39b3973d9d2%40googlegroups.comhttps://groups.google.com/d/msgid/puppet-users/80f2036a-d437-4f4e-80b5-a39b3973d9d2%40googlegroups.com?utm_medium=emailutm_source=footer
 .

 For more options, visit https://groups.google.com/d/optout.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAND3Dpj0eO5D-DRg2%3DadTBrr9QrW94ztYjbSq7W0xtkBDNLr%3Dw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Received certificate does not match private key.

[Chris Johnson]

On 4/22/14, 10:54 AM, Felix Frank wrote:

*sigh* The excessive clearing of certs master side is painful to watch,
to be certain.

The error basically tells you that the master does hand a certificate to
the agent, but it is not one the agent has a key for. This is what
someone will see if they try and fraud themselves to a catalog for one
of your nodes, but lacking your agent's valuable key.

What you want to do is to 'puppet cert clean agent-fqdn' on the
master. The old cert should still be showing up in 'puppet cert list
--all'. Then the agent should be able to place its new CSR.

Side question - is the master still as recent (or more so) as the agent?

Thanks,
Felix

Don't know how many times I tried that.  No joy.  I did get it to work 
though by upgrading all versions to 3.5.1 and their dependencies.  The 
master was 3.5.1 but the clients were 2.4 something.  I thought there 
was supposed to be backward compatibility.  Maybe I missed something in 
the release notes. Anyway I'm at 3.5.1 etc now on both ends and it's 
working again.


And yes I did read the best practices on upgrades.  Next time I'll take 
the alternate master approach and upgrade nodes in small bunches using 
the new master.


Tnx.

Chris.


--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5356880B.2080506%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] How to pass a hash to a variable with Puppet Enterprise?

[Chris Neal]

Hi all,

This is most likely a noob question, so I apologize.  I've googled as well 
and was not able to find an answer to this seemingly basic question.
I'm using Puppet Enterprise 3.1.2 along with this module to install/manage 
Elasticsearch:  
https://forge.puppetlabs.com/elasticsearch/elasticsearch/0.2.3

I've added the elasticsearch class to my node definition, and when I try 
and pass the hash to the 'config' variable, my runs fail with various 
errors about the parameter being a string, not a hash.  

I've tried:

 class { 'elasticsearch':
   config   = {
 'node' = {
   'name'   = 'elasticsearch001'
 },
 'index'= {
   'number_of_replicas' = '0',
   'number_of_shards'   = '5'
 },
 'network'  = {
   'host'   = $::ipaddress
 }
   }
 }

and also:

config   = {
 'node' = {
   'name'   = 'elasticsearch001'
 },
 'index'= {
   'number_of_replicas' = '0',
   'number_of_shards'   = '5'
 },
 'network'  = {
   'host'   = $::ipaddress
 }
   }

and also:

{
 'node' = {
   'name'   = 'elasticsearch001'
 },
 'index'= {
   'number_of_replicas' = '0',
   'number_of_shards'   = '5'
 },
 'network'  = {
   'host'   = $::ipaddress
 }

All result in something like this:


Error: Could not retrieve catalog from remote server: Error 400 on SERVER: 
 config = { 'node' = { 'name' = 'elasticsearch001' }, 'index' = { 
'number_of_replicas' = '0', 'number_of_shards' = '5' }, 'network' = { 
'host' = $::ipaddress } } is not a Hash. It looks to be a String at 
/etc/puppetlabs/puppet/modules/elasticsearch/manifests/init.pp:242 on node 
n6.example.com 

Warning: Not using cache on failed catalog 

Error: Could not retrieve catalog; skipping run


How exactly would I pass a hash to this variable so that it will work?

Thanks so much.
Chris

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/248cb613-fac9-4b7e-9e39-316aa1a73dfb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.