Re: [Puppet Users] Knowing if a file is managed by puppet
On 11/16/2011 12:39 AM, Iain Sutton wrote: +1 for tangled strings On 16 November 2011 04:03, Ken Barber mailto:k...@puppetlabs.com>> wrote: Depends on why you want this info ... but its available in the catalog on the box for 'grepping' (more or less). Something I recommend to some people: http://www.tenshu.net/2010/08/adventures-in-puppet-tangled-strings.html Which does more or less that ... but shows a banner in VIM for users to warn them the file is puppet managed before they modify it. A mild word of warning: tangledstrings is distributed as a Vimball, which works well in (most? all?) Linux flavours of Vim, but you may run into support problems in other OS's (such as OpenBSD, *grumble grumble*). That said, tangledstrings does exactly what it's supposed to do: act as a very handy warning layer. -- Daniel Maher With listening comes wisdom, with speaking repentance. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Different paths based on environment
On 10/11/2011 11:14 PM, Gonzalo Servat wrote:
I am re-doing the Puppet config and trying to come up with a better way
of solving the multiple environment problem. Sometimes files need to be
sourced that depend on their environment. Currently we do "source =>
puppet:///${env}/file", which isn't very nice.
Just out of curiousity, what is it that you don't like about your
current solution ?
--
Daniel Maher
If the master dies and the disciple grieves, the lives of both have
been wasted.
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] DNS Zone serial numbers
On 09/09/2011 05:36 PM, Peter Berghold wrote: Normally when I hand edit zone files I use a serial number format of MMDDXXX where is the year, MM is the month and DD is the day the change is being made with XX being a two digit number incremented for each change done that day. I cannot figure out a "good" way to do this with puppet. Any thoughts? Either a ridiculous erb template or a relatively simple custom function would do the trick, though either way you'll have to write some Ruby. -- Daniel Maher « makin' plans now to live on Mars 'cuz I got Earth on lock. » -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Organizational best practices / examples
On 09/01/2011 04:32 AM, col yte wrote: Hi folks, I was curious if anyone would be willing to share how they organize their puppet implementation. Perhaps something similar to what you'll find at https://fedoraproject.org/wiki/Infrastructure/Puppet. People should have this sort of stuff documented, appreciate anything anyone would be willing to share. Hello, In our environment we've made a concious decision to maintain modules/ in as generic a fashion as possible. Basically, the way it works is that before we commit to modules/ we ask, "would we be comfortable sharing this on Github?" It's a surprisingly good strategy. :) I realise this is only a small element of what you're asking for, but I am also curious to know if anybody else out there has any sort of "simple rules" that can applied in order to preserve sanity. -- Daniel Maher « makin' plans now to live on Mars 'cuz I got Earth on lock. » -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Composing a text file with Puppet
On 08/30/2011 04:15 PM, M C wrote: Hi, is it possible to push a file (with "source" or "content") and then add lines without having Puppet to regenerate it every time it runs? And, how can I add, remove or alter text lines without keeping old contents? Note: i want resources to be executed only if something actually changes. Please help, thanks. Hello, I'm not entirely sure if I understand your use-case properly; however, for all instances of text-file manipulation, I have found the "concat" module to be _extremely_ useful. https://github.com/ripienaar/puppet-concat -- Daniel Maher « makin' plans now to live on Mars 'cuz I got Earth on lock. » -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Step by step guide to setting user passwords
On 08/02/2011 09:52 PM, Jfro wrote:
I'm new to Puppet but have searched this group and Puppet docs for how
to set up user passwords using puppet. I haven't found a clear answer
about setting user passwords.
I understand that it is a security risk to send plain text passwords via
Puppet. However, for my use case (setting up one "student" user on a
school computer lab) I think the risk is acceptable.
Can someone walk me through the steps of sending out a password to all
my computers for user "student."
My puppetmaster and puppets are running Ubuntu Lucide 10.4 LTS.
Thanks for getting a newbie off the ground!
This will help :
http://docs.puppetlabs.com/references/2.7.0/type.html#user-3
Otherwise, it's really just as simple as this :
user { 'student_account':
name => 'username',
password => '$6$xx...' # this is the crypted password string.
}
You can also set their group membership, home directory, uid, and other
things as well. Just ensure that the user statement is in a class
that's included on all of your target machines, and you're done.
--
dan.
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppet master and puppet client running very slow
On 07/04/2011 02:46 PM, sanjiv.singh wrote: hi all, I have configured puppet 0.25.4 setup. since last few days , puppet master and client running very slow .It seems puppet client taking soo much time in taking configuration from master (compilation manifest ) ,specially for those node(puppet client ) for which large manifest class to be compiled and to be deployed . what can i do to over come this issue ? What sorts of steps have you already taken in order to investigate the problem? Does the Puppetmaster have enough RAM? It is otherwise overloaded from a system load perspective? What about those two factors on the client(s)? In other words, have you eliminated all of the standard system-based considerations? If so, I would recommend running the client manually with test and debug enabled, and taking a look at the output there. As well, if it's possible, you may wish to do the same for the master daemon - that will give you a much better idea of where along the process any potential hangs are occurring. Good luck ! -- Daniel Maher « makin' plans now to live on Mars 'cuz I got Earth on lock. » -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Turn off client autoupdate
On 06/24/2011 04:10 PM, Nathan Clemons wrote: This is what we do at Livemocha; we're actually in the process of switching over to using MCollective to trigger Puppet runs. By way of a vote of confidence, we made the switch to MC-triggered Puppet runs a few months ago and have been very happy with the result. Implementing Puppet Commander[1] in order to manage the trigger events was about as straightforward as it gets ! [1] http://projects.puppetlabs.com/projects/mcollective-plugins/wiki/ToolPuppetcommander -- Daniel Maher « makin' plans now to live on Mars 'cuz I got Earth on lock. » -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: howto trigger action on another client
On 06/24/2011 03:39 PM, Andreas Kuntzagk wrote: Exported resources are the Puppet means for one node to provide resources for another. In this case, the execution host could export an Exec resource for the master to collect and apply. Hmm, in the (very short) time I've been working with puppet I have not stumbled across exported resources. Any pointer where I should start reading? Exported resources are great fun. :) http://docs.puppetlabs.com/guides/exported_resources.html http://projects.puppetlabs.com/projects/1/wiki/Using_Stored_Configuration -- Daniel Maher « makin' plans now to live on Mars 'cuz I got Earth on lock. » -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] implementing a 1-to-many exported resource only once ?
Hello, I would like to know if there is a (sane) way to allow multiple declarations of the same exported resource to result in only one instance of that resource being instantiated on a given node. Allow me to explain : - Node "infra" includes class "syslog::server". - Definition "syslog__naglog" allows configuration snippets to be added to the syslog configuration. - Many nodes contain class "snmpd". - Class "snmpd" calls definition "syslog__naglog" as an exported resource in the form "@@syslog_naglog", thus there are multiple declarations for this resource across the ecosystem. - Class "syslog::server" realizes the exported resource in the forst "Syslog__naglog <<||>>". Now this will, predictably, result in a "cannot override local resource" problem. I could fix this by ensuring that each instantiation has a unique name (via $fqdn or some such), however, that would result in each node adding a configuration snippet to the syslog.conf on node "infra", which is not in fact what I'm looking for. I'm looking for a way to say to node "infra" that since class "snmpd" is out there, somewhere, regardless of how many times, that one (and only one) configuration line should be added to the local syslog config - and I'd like to be able to do this from the "snmpd" class. I know that I could do it rather simply from class "syslog::server" (for example), but I'd like it to be dynamic - I'd like other modules to be able to trigger the addition of a given configuration snippet in the syslog config of node "infra". Can this be done ? Is this realistic ? Is there another approach that would be better ? I would greatly appreciate any and all commentary. Thank you. -- Daniel Maher « makin' plans now to live on Mars 'cuz I got Earth on lock. » -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] best way to ensure (yum) package repository freshness ?
Hello, I have run into problems in the past where a package has been added to our yum repository, and a (new) class has been pushed to install that package, but puppet fails because the yum db on the target machine is too stale, and thus isn't aware of the existence of the new package. My question is this : what have other Puppet admins done in order to ensure that a target machine has the freshest local dbcache before attempting to install a package ? Thank you. -- Daniel Maher "The Internet is completely over." -- Prince -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] problem w/ puppet & augeus : xinetd.d/rsync server_args value
Hello, I would like to have the following line (among others) in my /etc/xinetd.d/rsync file : server_args = --daemon --address= --log-file=/var/log/rsyncd.log To this end, i am using the camptocamp rsyncd module available from git. Everything works except this line. I thought it was, perhaps, a questions of spaces (this has been discussed on the list before), but according to the documentation here : http://projects.puppetlabs.com/projects/1/wiki/Puppet_Augeas All that i should need to do is to enclose the space-filled value in quotes, like so : "set server_args/value '--daemon --address=$ipaddress_eth0 --log-file=/var/log/rsyncd.log'" A verbose puppetd run says this : debug: Augeas[enable rsync service](provider=augeas): sending command 'set' with params ["/files/etc/xinetd.d/rsync/rsync/server_args/value", "--daemon --address=10.101.0.3 --log-file=/var/log/rsyncd.log"] debug: Augeas[enable rsync service](provider=augeas): Closed the augeas connection err: //rsyncd/Augeas[enable rsync service]/returns: change from need_to_run to 0 failed: Save failed with return code false notice: //xinetd/Service[xinetd]: Dependency augeas[enable rsync service] has 1 failures I have tried many combinations of quotes, including that suggested here (though, to be clear, i don't want actual quotes to appear in the file) : http://groups.google.com/group/puppet-users/msg/748d5036ad80dd4f I've tried escaping the spaces and escaping the slashes in the log-file component too (just in case) - no dice. Any ideas ? $ rpm -qa | egrep -i "(puppet|augeas)" augeas-libs-0.7.3-1.el5 ruby-augeas-0.3.0-1.el5 puppet-0.25.5-1.el5 augeas-0.7.3-1.el5 Thank you. -- Daniel Maher "The Internet is completely over." -- Prince -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: best practice for removing a class & maintained resources from a system ?
On 10/18/2010 03:13 PM, jcbollinger wrote: I'm guessing you mean you have written sub-*classes* to do that job. That is indeed the Puppet way to do it, and I don't find it at all ridiculous. Classes, yes - sorry, i should know better than to post before the first coffee of the day. :P Perhaps you already understand this, but you do not grok Puppet until you know in your bones that Puppet is about achieving and maintaining *state*, and only incidentally about doing particular work. In this That is an excellent point. As a practical matter, an advantage of the subclass approach is that, if done right, including both the base class and the ::no class works, and results in the web service being absent (as if just the ::no class were included). That means you don't have to worry about finding and changing all the places in a complex configuration that the base class may be included. Very good, thank you for your commentary ; assuming no other contradictory advice, i will continue writing ::no-style classes across the board. -- Daniel Maher "The Internet is completely over." -- Prince -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] best practice for removing a module & maintained resources from a system ?
Hello,
I am curious to know what is the best practice for removing a module
(and the resources it maintains) from a system ?
Consider :
node 'webserver' {
include webservice
...
}
class 'webservice' {
file { '/etc/httpd/conf.d/webservice.conf':
...
}
}
At some point i no longer want webservice on webserver, and therefore
remove the module from the node declaration ; however, the configuration
file remains there, and thus HTTPd continues to load it.
I have occasionally written sub-modules to do the work of cleaning the
resources away (ex. « webservice::no »), but this seems ridiculous, and
is an administrative pain besides. What sorts of approaches might there
be to make this for manageable ?
Thank you all.
--
Daniel Maher
"The Internet is completely over." -- Prince
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] issue # 4345 (puppet_dashboard & pluginsync)
Hello, Regarding issue # 4345 « pluginsync removes $libdir/puppet/reports/puppet_dashboard.rb » [1], I am curious to know if the work-around [2] suggested by Ian Ward Comfort is the current best-practice solution for the problem, or if there is another preferred way of dealing with the issue. Thank you. [1] http://projects.puppetlabs.com/issues/4345 [2] http://projects.puppetlabs.com/issues/4345#note-8 -- Daniel Maher "The Internet is completely over." -- Prince -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] certificate problem ; puppetca can't find cert request ?
On 09/30/2010 05:49 PM, Nan Liu wrote: On Thu, Sep 30, 2010 at 6:20 AM, Daniel Maher wrote: I removed /var/lib/puppet/ssl/certs/.pem , then ran puppetd with --waitforcert. Unfortunately, when i run a puppetca --list --all , is not listed, even though there is very clearly a request pem in /var/lib/puppet/ssl/certificate_requests . So first bbackup you ssl dir, then try the following command: puppetca --clean puppetca --generate --certdnsname="puppet;puppetmaster" In certdnsname, provide a list of DNS cname to puppet master, and include puppet for convenience. Thank you for the advice ; unfortunately, as i had already revoked the certificate, cleaning and re-issuing was not a possibility. I ended up biting the bullet and just wiping out and re-initialising the certificates across the board. Thank god for clusterssh. The moral of the story here, i suppose, is that /var/lib/puppet/ssl/ should be backed up and set aside for every client (including the puppetmaster), and that if certificates need to be re-issued from the ground-up, it's going to be trouble. This, i suppose, is why some people opt to move to an external certificate provider within their organisation - it's really not a bad idea. Finally, is "--certdnsname" documented anywhere ? In 0.25.5, at least, puppetca --help doesn't mention it, and neither does the manpage. On the puppet website, a search for "certdnsname" only leads to a reference in Release_Notes. If you already know to search for it, google will give you some hits from the mailing list, and some blogs, but you have to know to look for it in the first place. :P Thanks again. -- Daniel Maher "The Internet is completely over." -- Prince -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: puppet error on cron w/ "complex" timing
On 09/29/2010 03:31 PM, Radek wrote: maybe this will help: minute => "2-57/5", Lovely, thank you. -- Daniel Maher "The Internet is completely over." -- Prince -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] certificate problem ; puppetca can't find cert request ?
Hello, We recently re-deployed puppet certificates in our environment. I removed and regenerated the certificates for all of the clients save for one : the puppetmaster server itself. As one might expect, when i run puppetd --test on the puppetmaster server, i get : err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key I removed /var/lib/puppet/ssl/certs/.pem , then ran puppetd with --waitforcert . Unfortunately, when i run a puppetca --list --all , is not listed, even though there is very clearly a request pem in /var/lib/puppet/ssl/certificate_requests . Executing puppetca --clean removes the private key (as expected), but does not change the error condition. I also tried puppetca --revoke ; no change. I also tried removing every instance .pem from /var/lib/puppet/ssl/* ; this also did nothing. Finally, i saw that was listed in only one spot : /var/lib/puppet/ssl/ca/inventory.txt . Removing the line from this file also does nothing (as expected). In the archives, one solution proposed for this problem is to rm -rf /var/lib/puppet/ssl and let puppet regenerate it all ; this is fine on the clients, i suppose, but i hesitate to do it on the puppetmaster, as i'd rather not have to start from scratch with the certificates of all the clients again. I'm running puppet 0.25.5 on CentOS 5.5 x86_64. Any ideas ? Thank you all. -- Daniel Maher "The Internet is completely over." -- Prince -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppet error on cron w/ "complex" timing
Hello,
cron { foo:
command => "/bin/date > /tmp/foo",
user=> root,
minute => '2,7,12,17,22,27,32,37,42,47,52,57'
}
Which when parsed by puppetd produces :
err: Could not run Puppet configuration client: Parameter minute failed:
2,7,12,17,22,27,32,37,42,47,52,57 is not a valid minute at foo.pp:##
I agree that it's an awkward minute line, but it doesn't violate cron
rules at all. I'm just curious if this is normal, expected behaviour
from puppet, or if it's a bug, or something else perhaps.
Thanks all.
--
Daniel Maher
"The Internet is completely over." -- Prince
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] best way to include a variable in many modules ?
On 09/23/2010 09:31 PM, R.I.Pienaar wrote: I have two sites with a small number of machines at each. Each site is functionally identical. I would like to set up a bunch of templates for the various services at each site, with a handful of variables that indicate which site the service is configured for. What would be "best practice" way to accomplish this in Puppet ? You should consider using extlookup. http://docs.puppetlabs.com/references/2.6.1/function.html#extlookup Thank you for your reply ! According to the documentation, extlookup reads from csv files, which means that a given csv file with the desired data must already be present ; therefore another mechanism must create the file before extlookup can become useful. I've taken a look at your blog entry here, which was very helpful in explaining the situation : http://www.devco.net/archives/2009/08/31/complex_data_and_puppet.php Your entry does not, however, indicate where the csv comes from in the first place ; in my stated case, i suppose that the csv would need to be generated dynamically. One could have a class that ensures a shell script that gets exec'd, the output of which is a csv file that has : site_name, Then you could extlookup that csv file in order to provide the desired variable. That seems awkward, though only because i'd be going through the bother of dynamically generating a csv for one value ; i could see how this would be (very) useful if i was gathering tonnes of variables to use in this way. -- Daniel Maher "The Internet is completely over." -- Prince -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] best way to include a variable in many modules ?
On 09/24/2010 02:57 PM, James Cammarata wrote:
That's the good thing about the way we do it - there's only one level of
scope: basezone. Every variable we define in all the classes along the way
is visible at that level, so we don't have to remember class names of all
the stuff in the middle. Your version makes things more complex, because
you have to remember that your domain variable is in getsite. Also, I
don't think you'd be able to include getsite more than once - I think you'd
get a variable redefinition error. And we do try and use puppetdoc to
explain class internals as much as possible, so the new guys know what
classes they need to include.
Some interesting points, to be sure. As for including getsite more than
once, consider :
class getsite {
# method to obtain $site_name goes here
}
class foo {
include getsite
file { 'template':
content => template('foo/template.erb')
}
}
class bar {
include getsite
file { 'template':
content => template('bar/template.erb')
}
}
node 'srv1' {
include foo
include bar
}
node 'srv2' {
include foo
include bar
}
# /template.erb
Site is : <%= scope.lookupvar('getsite::site_name') %>
# EOF
That works - i just tried it. No problems. In fact, this works, too :
class bar {
include getsite
include foo # which already has getsite in it
}
If the value of "$site_name" were to change depending on which class was
calling it, then i could see that being a problem - but that doesn't
happen in this case.
In any case, looking back at your original reply, i am getting a little
lost on the logic. I drew your include relationships out on the
whiteboard here and it doesn't quite make sense to me ; i'll try to
re-create it here (i hope your client uses a fixed-width font :) ).
.---.
| class dc1_zone1 |
| .. .. |
| | class dc1 | | class basenode | |
| | .. | | .. | |
| | | class basezone | | | | class role_general | | |
| | '' | | '' | |
| '' '' |
'---'
Breaking the scopes down :
dc1_zone1 : All variables in all classes
dc1 : Variables in dc1 and basezone only
basezone : Variables in basezone only
basenode : All variables in basenode and role_general
role_general : All variables in role_general
Your stated example includes logic from role_general, which in turn
looks for a variable in basezone. This leads to two questions :
1. If basezone is empty (a place holder, as you mentioned), where is the
variable coming from ?
2. How can role_general go look for a variable that is outside of its
scope ?
For question #2, i am hypothesising that the variable is out of scope,
but that the ruby call to scope.lookupvar somehow deals with that
problem, and "finds" the variable anyway ?
Alternatively, i have completely and utterly misunderstood the
fundamentals of scoping in Puppet (eminently possible). Is it that
given the class relationship described above, role_general has access to
basezone's scope because they are both "included" together at a higher
level ?
Thank you for your continued commentary on this topic.
--
Daniel Maher
"The Internet is completely over." -- Prince
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] best way to include a variable in many modules ?
On 09/23/2010 09:06 PM, James Cammarata wrote:
Here's the way we do it, and it works very well for us, while avoiding
"globals" and the associated issues.
First, we have a "basezone" class, which is empty and really is just a
place holder (you'll see what this is for in a minute):
Thanks for the reply !
Simplifying your example, then :
class foo {
$foo_var = "beer"
}
class bar {
include foo
# we could assign it here...
$bar_var = $::foo::foo_var
file { 'template':
content => template('bar/template.erb')
}
}
With "template.erb":
This is foo_var as determined by bar : <%= bar_var =>
Or directly from foo : <%= scope.lookupvar('foo::foo_var') %>
Applying this distilled example to my previously stated scenario, then,
we might have something like :
# include this where appropriate
class getsite {
$site_name = $domain ? {
'abc.dom.ain' => 'abc',
'xyz.dom.ain' => 'xyz',
}
$site_ip = $domain ? {
'abc.dom.ain' => '1',
'xyz.dom.ain' => '2',
}
}
# yes i know there's a module for this; this is just a contrived example
class resolv {
include getsite
file { '/etc/resolv.conf:
content => template('resolv/resolv.conf.erb')
}
}
With template "resolv.conf.erb" :
search <%= scope.lookupvar('getsite::site_name') %>.dom.ain
server 10.<%= scope.lookupvar('getsite::site_ip') %>.0.1
This works exactly as it appears, and is a reasonable approach, though
in my example scenario the scope is limited ; i would harbour concerns
about tracking this though many levels of scope (as you have) without
proper internal documentation. :)
Thanks for the idea !
--
Daniel Maher
"The Internet is completely over." -- Prince
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] best way to include a variable in many modules ?
On 09/23/2010 08:40 PM, Mark Glossop wrote: Er, unless I'm missing something folks, the OP wasn't asking about managing /etc/resolv.conf - AFAICT /etc/resolv.conf was only used by the OP as an example. How to manage that file in a one-off case it wasn't the objective. So rehashing [paraphrasing mine]: what is Puppet "best practice" for setting a handful of variables in a single location that then determine the configuration of each client? I'm posting because I'm interested in the answer too...and the answers so far don't help answer it IMHO. If the answer is in the documentation somewhere [I know I haven't found it so far...], well, a link to that doc would be welcomed for my part. Precisely : i provided resolv.conf as an example because it is simple, and it highlighted what i was trying to accomplish. In retrospect, perhaps i should not have picked an example for which there was already a particular module. :P -- Daniel Maher "The Internet is completely over." -- Prince -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] best way to include a variable in many modules ?
Hello,
I have two sites with a small number of machines at each. Each site is
functionally identical. I would like to set up a bunch of templates for
the various services at each site, with a handful of variables that
indicate which site the service is configured for. What would be "best
practice" way to accomplish this in Puppet ?
Consider :
s...@abc$ facter | grep domain
domain => abc.dom.ain
s...@abc$ cat /etc/resolv.conf
search abc.dom.ain
10.1.0.1
s...@xyz$ facter | grep domain
domain => xyz.dom.ain
s...@abc$ cat /etc/resolv.conf
search xyz.dom.ain
10.2.0.1
Thus i would like a template "resolv.conf.erb" :
search <%= site_name =>.dom.ain
10.<%= site_ip =>.0.1
I _could_ put something like this into _every_ class :
$site_name = $domain ? {
'abc.dom.ain' => 'abc',
'xyz.dom.ain' => 'xyz',
}
# etc...
That works, but frankly it's offensive in every way. There are clearly
other ways to go about it, so i am curious : for Puppet, what is the
best practice solution ?
Thank you all for your time and consideration.
--
Daniel Maher
"The Internet is completely over." -- Prince
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Easiest way to create named pipes?
On 09/15/2010 10:11 PM, Dan Urist wrote: Can the puppet file type create named pipes (fifo's)? This doesn't seem to be an option for the "ensure" parameter, but there's also a "type" parameter, though the docs describe it as "A read-only state to check the file type"; not sure what that's for? Or do I need to use mkfifo in an exec? Pretty sure you need to mkfifo in an exec. -- Daniel Maher "The Internet is completely over." -- Prince -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] UK Meet-up?
On 09/14/2010 03:25 PM, R.I.Pienaar wrote: Doubt there's enough traction here for too focused events :( A Europe-based Puppet Camp would probably go over well ; i mean, us Europeans use Puppet, too. :) -- Daniel Maher "The Internet is completely over." -- Prince -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet system deployment hanging ..
On 08/17/2010 04:04 PM, Adrian Snyman wrote: Well, I wonder if there is a way to make puppet turn off the updater before starting it's run ? Instead of trying to disable it, why bother installing it at all ? Just remove the package in your kickstart config and be done with it. %packages # don't install the yum-updatesd package -yum-updatesd Or the equivalent in whatever your deployment system is... -- Daniel Maher "The Internet is completely over." -- Prince -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet system deployment hanging ..
On 08/12/2010 12:49 PM, Ohad Levy wrote: Does the puppet run starts at all? I've seen similar case when the clock were out of sync, ntp started and aligned it, but puppet got hanged because of it (or sleeping for a really long time). Just the other day we had a problem with the config on the DNS servers that appeared first in the (puppet-controlled) resolv.conf of our machines. Puppet initialized just fine, but sat and waited for DNS resolution (read: timeout) at each step, which took forever. Might want to check into that, too. -- Daniel Maher "The Internet is completely over." -- Prince -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] networking on centos
On 08/09/2010 02:46 PM, cola wrote: I'm new to puppet, just want to know which is the right way to configure networking on centos (5). I've puppet up running, and now the first thing I'm trying to achieve is to configure the network interface ( /etc/sysconfig/network and / etc/sysconfig/network.scripts/ifcfg-eth0 ) for a host as soon as it's being provisioned. Hello, Just a thought, but it might be easy/easier to use the system-config-network-tui tool to do this. You could write a quick exec to run the tool with the appropriate parameters and let it generate your sysconfig files for you. -- Daniel Maher "The Internet is completely over." -- Prince -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] "ensure => running" an init script that isn't actually a service ?
Hello all,
Based on this post from July :
http://www.mailinglistarchive.com/html/puppet-users@googlegroups.com/2010-07/msg00124.html
The OP has this snippet running on an RHEL system :
file { "network":
...
notify => Service[network]
}
service { network:
ensure => "running",
hasstatus => "true",
hasrestart => "true",
restart => "/etc/init.d/network restart",
}
Clearly the idea is to trigger a network restart if the given file
changes ; however, "network" isn't really a service, it's an init
script, which means that it's not generally "running".
On a given CentOS machine, ralsh says :
$ ralsh service network
service { 'network':
enable => 'true',
ensure => 'running'
}
Which is what we want, but i'm curious as to _why_ this is so, given
(again) that we're talking about an init script, and not a particular
service that sits in memory. Granted, the effects of the script can be
known - is puppet smart enough to figure out what effect "service
network *" ultimately has on the system, or is this sort of a happy
accident, or yet something else entirely ?
Thank you.
--
Daniel Maher
"The Internet is completely over." -- Prince
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Newbie question - package installation
On 08/01/2010 04:45 AM, Daniel Pittman wrote: Finally, three, which is the hardest, but also the *right* answer: Create a YUM repository for your RPM packages. Configure that on your hosts. Then use YUM to install the package, rather than trying to rewrite YUM inside puppet. It's not really that difficult. :) $ createrepo -d /path/to/files/ Then let an httpd serve /path/to/files/ and you're set. I daresay it's actually _easier_ than the other options that the OP is suggesting, since Puppet already knows how to work with Yum and RPMs. -- Daniel Maher "The Internet is completely over." -- Prince -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Getting started
On 07/26/2010 02:36 PM, parag(PK) wrote: Hey, I have just installed puppet I wanted some basic tasks ,so that i will get started with it .. Can anyone help out .. If you're interested in getting started, you might like to read the documentation in the "Getting Started" area : http://docs.reductivelabs.com/#getting_started The "Puppet Language Tutorial" is excellent as well : http://docs.reductivelabs.com/guides/language_tutorial.html -- Daniel Maher "The Internet is completely over." -- Prince -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Monit module that supports both monitrc and monit.conf
On 07/21/2010 09:59 PM, bmort wrote: Does anyone know of or have a module ( they are willing to share ) that supports both monitrc and monit.conf. Is there a functional / syntactical difference between monit.conf and monitrc, or are they just two implementations of the same thing (my interpretation is the latter). Assuming they are the same thing, why would you have both on a system in the first place ? Just pick one and be done with it. :) If you need to support different distros (and, thus, different filenames), then you could just use a simple case statement to pick the appropriate filename. See the following item in the documentation : http://docs.puppetlabs.com/guides/language_tutorial.html#case_statement -- Daniel Maher "The Internet is completely over." -- Prince -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: subscribing a service to multiple files ?
On 07/20/2010 02:10 PM, Tore wrote:
You could also do:
class httpd {
...
file { '/etc/monit.d/httpd.conf':
...
notify => Service['monit']
}
}
But I would rather do it on the service, since then you can with ease
read one line to find out what that service response to.
I suppose it comes down to where the perceived responsibility for the
configuration file lies :
Since it's a Monit configuration file, one could make the argument that
should it be part of the monit class (or a sub-class thereof). On the
other hand, since the configuration snippet in question relates solely
to the HTTPd service, and wouldn't exist on a system that didn't have
said service, then it could easily be part of the httpd class.
User preference, ultimately.
--
Daniel Maher
"The Internet is completely over." -- Prince
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
