Re: [Puppet Users] Need Ruby help for facts (inline_template) --> <%= classes.collect { |k, v| v }.sort.join(" ") %> --> empty
In your example it looks like classes is an array not a hash. Should be able to just do classes.join(“ “). Derek > On Apr 17, 2017, at 00:46, Denny Fuchs <denny.schi...@gmail.com> wrote: > > Hello, > > for my Icinga2, I want to add all classes to vars, like described in > https://goo.gl/z798HG (page 41). I added the sjoeboo/puppet-common module, > which gives me all classes as a fact: > > facter -p classes > ["settings", "host.foo.local", "base::root::password", "icinga2::params", > "icinga2", ... ] > > facter -p classes --yaml > --- > classes: > - settings > - host.foo.local > - "base::root::password" > - "icinga2::params" > - icinga2 > > I tried the line: > > [...] > puppet_classes => inline_template( > '<%= classes.collect { |k, v| v }.sort.join(" ") %>' > ), > [...] > > so that in the end... > > vars.settings > vars.host.foo.local > vars.base > vars.icinga2 > > is generated for the Icinga2 monitoring host. But in my case, the following > is generated instead: > > + vars.puppet_classes = "" > > > Maybe, the howto is a bit older and the syntax was changed a bit. We use the > Puppet 3.7.2-4 agent. > > Any suggestions are very welcome :-) > > cu denny > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com > <mailto:puppet-users+unsubscr...@googlegroups.com>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/d20e6894-1379-4039-855d-9babfa447be6%40googlegroups.com > > <https://groups.google.com/d/msgid/puppet-users/d20e6894-1379-4039-855d-9babfa447be6%40googlegroups.com?utm_medium=email_source=footer>. > For more options, visit https://groups.google.com/d/optout > <https://groups.google.com/d/optout>. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/ED56A543-44E0-44F6-AC46-4008B78DA0E2%40mac.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: Puppet x64 msi not installing files
You might try checking c:\programdata\. On Thursday, January 14, 2016 at 5:12:19 PM UTC-6, Gary Greene wrote: > > I’ve got a user on Windows 10 x64 Pro that we’ve been having some issues > with the puppet install on his machine. To fix, I tried upgrading the > client from 3.8.3 to 3.8.4 from the Puppet Open Source downloads for > Windows x64. > > When running the install, everything _appears_ to install, and the Windows > Installer throws no error, but when I look at his filesystem, the files > that I expect to be in C:\Program Files\Puppet Labs\ are not present at > all. > > The logs all state that the MSI install completed without issue, but as I > said, the files never show up. > > Has anyone else seen this? And if so, what’s the workaround for this so I > can ensure that the rest of the Windows fleet aren’t going to be an issue > upgrading to the latest release? > > -- > Gary L. Greene, Jr. > == > > > Volunteer developer of the KDE F/OSS project and Project Lead for > AltimatOS > http://www.kde.org/ http://www.altimatos.com/ > Please refrain from sending me proprietary binary documents (Doc, Xls, > Ppt) > Use a free office suite with standards approved formats like > LibreOffice. > http://www.libreoffice.org/ > == > > > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/f85f9448-252b-416a-9f21-3d39ed4ade5f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Module Directory Layout
I'm running PE 3.3.1 using directory environments. All our modules are in the /etc/puppetlabs/puppet/environments/production/modules directory. What I would really like to do is create a subdirectory under here where we allow other uses to put modules i.e. /etc/puppetlabs/puppet/environments/production/modules/business_group_a /etc/puppetlabs/puppet/environments/production/modules/business_group_b The thought is that business_group_a and business_group_b might both be managing a similar service, like apache, but each one has their own apache module. I would like them to be able to setup /etc/puppetlabs/puppet/environments/production/modules/business_group_a/apache/ /etc/puppetlabs/puppet/environments/production/modules/business_group_b/apache/ and based on roles and profiles assign the appropriate apache. Is this possible or are there better ways to accomplish this? Thanks, Derek -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/cfa04749-99bd-48a1-b485-a16e3e779443%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Using puppet for openvpn clients
Hello, I have a question about using puppet to distribute openvpn configs to clients that I am creating in cloudstack. To create my cloudstack VMs, I have something similar to this: cloudstack_instance { 'myVM: ensure= 'present', flavor= 'Small Instance', zone = 'myzone', image = 'myimage', user_data = 'role=ovpnclient', } What is the right pattern to follow to distribute my generated client openvpn configs to these instances? It seems like the luxflux openvpn module just generates the config. Should I just put them into a modules file folder, and then use puppet as a file server to push the file based on a role? Has anyone else use puppet to distribute and start openvpn for client connections? I'd be interested in hearing what you did. Thanks -Derek -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/bade4aa3-b030-400d-a309-d22f915cda69%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Deploy puppet agent to all servers
This is kind of a boot strapping problem how to deploy puppet which can then manage your puppet. Tools like razor, kickstart, automation linux installs are all pretty good at solving the problem at install time. Doing it after the system is up and running is usually best handled by a ssh for loop, cssh, or something similar. Derek On Jan 28, 2014, at 15:17, WL w...@ualberta.ca wrote: Is there a way to deploy puppet agent to all servers rather than installing it one by one? I am using puppet open source. Thanks, Wendy -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/09cc7c6a-8820-4b91-aaa5-343ba1c2830f%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/6E582EE7-EA95-407F-AEEF-04FF62D981E3%40mac.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Process hang on FreeBSD
Just wanted to throw in that you should update to pkgng. pkg_add isnt even going to be an option in FreeBSD10. I have been using https://forge.puppetlabs.com/zleslie/pkgng successfully with FreeBSD10 Beta 3 and puppet. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/47f94b33-f9b6-4d98-9573-6364cfa51ace%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Access class results variables in puppet
I see what you're saying about the design of the code. The suggested workaround you proposed doesn't work. It's the same as if I just have the literal in there. Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find resource 'Openvpn::Server[winterthur]' for relationship on 'Openvpn::Client[client1]' on node 28ae5ab6-e8f4-4da1-bae3-4df3ce94a6fe.cs1cloud.internal Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run I think I just realized something about the library after looking at the dependencies in the client code. This module actually just generates all of the configs but i dont think is meant to actually be used to deploy onto a virtual machine. The end result if I run this on a specific node is that I end up with an importable openvpn profile. I was under the impression that the openvpn::client name actually installed the profile on the actual remote node. I guess I am going to need a separate process to import that openvpn profile on a specific node that is a client node. The end goal here is to automatically provision a node that is a server, and a few nodes that connect to that server with openvpn. This module won't actually do all of that like I thought. -Derek On Tuesday, December 10, 2013 1:25:05 AM UTC-5, Matthew Barr wrote: In this case, you’ve got 2 issues. 1, most of that data would, ideally, be in Hiera. But, with a defined type, you can’t use the parameterized classes lookup. 2. That case statement means that the catalog for the system with “client doesn’t even know anything about the “access resources. I’d suggest in this case: (but I’m not loving the code design, to be honest. Look under the example for more. $vpn_server = ‘winterthur' case $::role { 'access': { snip openvpn::server {“$vpn_server : country = 'CH', province = 'ZH', city = 'Winterthur', organization = 'example.org', email= 'ro...@example.org javascript:', server = '10.200.200.0 255.255.255.0'} } 'client': { notify {Applying client config :} openvpn::client { 'client1': server = “$vpn_server } } } This screams for a better separation, to me. Unless you only have 1 set of servers clients… — Maybe use a class, with the parameters pulling in the details from hiera, and using the variable parameters in the code. — they would include city,province, server_ip, email, country. Matthew Barr mb...@mbarr.net javascript: c: (646) 727-0535 On Dec 9, 2013, at 5:32 PM, Derek Cole derek...@gmail.com javascript: wrote: Hello, I am not exactly sure how to phrase this, but consider the following: case $::role { 'access': { notify {Applying access packages :} include access_packages freebsd::rc_conf { 'test' : value = 'yes', ensure = 'present' } openvpn::server {'winterthur' : country = 'CH', province = 'ZH', city = 'Winterthur', organization = 'example.org', email= 'ro...@example.org javascript:', server = '10.200.200.0 255.255.255.0'} } 'client': { notify {Applying client config :} openvpn::client { 'client1': server = winterthur } } } What I am trying to do in 'client' case is reference the server that was defined in the 'access' case. Is this possible? The openvpn module here; https://github.com/luxflux/puppet-openvpn contains some examples and such that lead me to believe there should be a reference, but it seems like that only is applicable if they have the same scope. How would I go about storing off the 'winterthur' openvpn::server for use by the clients later? Puppet's class variable access and scoping in general are a little confusing to me at this point. I tried the obvious assigning a $variable but that didn't work either. Also, looking at the openvpn code, it seems like openvpn::server is defined instead of using the class keyword. does this make a difference? Thanks
[Puppet Users] Access class results variables in puppet
Hello, I am not exactly sure how to phrase this, but consider the following: case $::role { 'access': { notify {Applying access packages :} include access_packages freebsd::rc_conf { 'test' : value = 'yes', ensure = 'present' } openvpn::server {'winterthur' : country = 'CH', province = 'ZH', city = 'Winterthur', organization = 'example.org', email= 'r...@example.org', server = '10.200.200.0 255.255.255.0'} } 'client': { notify {Applying client config :} openvpn::client { 'client1': server = winterthur } } } What I am trying to do in 'client' case is reference the server that was defined in the 'access' case. Is this possible? The openvpn module here; https://github.com/luxflux/puppet-openvpn contains some examples and such that lead me to believe there should be a reference, but it seems like that only is applicable if they have the same scope. How would I go about storing off the 'winterthur' openvpn::server for use by the clients later? Puppet's class variable access and scoping in general are a little confusing to me at this point. I tried the obvious assigning a $variable but that didn't work either. Also, looking at the openvpn code, it seems like openvpn::server is defined instead of using the class keyword. does this make a difference? Thanks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/9de48764-707d-4529-a018-42a4782310f3%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Puppet agent not loading module correctly
Hello, I have a puppetmaster/agent setup. Puppet master is Ubuntu 12.04 and puppet agent is ubuntu 12.04 When I do puppet agent --test, I get some error message like below. I have checked and fog and ruby are the same versions on both boxes. In fact though, I dont have any requirement for cloudstack_resources on the nodes, so I am not sure why that is getting pulled in anway. But the real problem I have is why does it work on one ubuntu box (on the puppet master if i do puppet apply site.pp) but doesnt work on the agent? I am no ruby expert, so any help debugging is appreciated. -Derek nfo: Loading downloaded plugin /var/lib/puppet/lib/puppet/type/anchor.rb info: Loading downloaded plugin /var/lib/puppet/lib/puppet/parser/functions/keys.rb info: Loading downloaded plugin /var/lib/puppet/lib/puppet/parser/functions/min.rb info: Loading downloaded plugin /var/lib/puppet/lib/puppet/type/cloudstack_image.rb err: Could not load downloaded file /var/lib/puppet/lib/puppet/type/cloudstack_image.rb: Could not autoload /var/lib/puppet/lib/puppet/provider/cloudstack_image/default.rb: no such file to load -- fog info: Loading downloaded plugin /var/lib/puppet/lib/puppet/parser/functions/strftime.rb info: Loading downloaded plugin /var/lib/puppet/lib/puppet/parser/functions/downcase.rb info: Loading downloaded plugin /var/lib/puppet/lib/facter/util/puppet_settings.rb info: Loading downloaded plugin /var/lib/puppet/lib/puppet/provider/cloudstack_flavor/default.rb err: Could not load downloaded file /var/lib/puppet/lib/puppet/provider/cloudstack_flavor/default.rb: no such file to load -- fog info: Loading downloaded plugin /var/lib/puppet/lib/puppet/parser/functions/delete.rb info: Loading downloaded plugin /var/lib/puppet/lib/puppet/parser/functions/has_key.rb info: Loading downloaded plugin /var/lib/puppet/lib/puppet/type/cloudstack_zone.rb err: Could not load downloaded file /var/lib/puppet/lib/puppet/type/cloudstack_zone.rb: Could not autoload /var/lib/puppet/lib/puppet/provider/cloudstack_zone/default.rb: no such file to load -- fog info: Loading downloaded plugin /var/lib/puppet/lib/puppet/provider/cloudstack.rb err: Could not load downloaded file /var/lib/puppet/lib/puppet/provider/cloudstack.rb: no such file to load -- fog info: Loading downloaded plugin /var/lib/puppet/lib/puppet/parser/functions/num2bool.rb info: Loading downloaded plugin /var/lib/puppet/lib/puppet/parser/functions/str2saltedsha512.rb info: Loading downloaded plugin /var/lib/puppet/lib/puppet/parser/functions/size.rb info: Loading downloaded plugin /var/lib/puppet/lib/puppet/type/cloudstack_security_group.rb err: Could not load downloaded file /var/lib/puppet/lib/puppet/type/cloudstack_security_group.rb: Could not autoload /var/lib/puppet/lib/puppet/provider/cloudstack_security_group/default.rb: no such file to load -- fog info: Loading downloaded plugin /var/lib/puppet/lib/puppet/parser/functions/lstrip.rb info: Loading downloaded plugin /var/lib/puppet/lib/puppet/parser/functions/validate_bool.rb info: Loading downloaded plugin /var/lib/puppet/lib/puppet/parser/functions/is_function_available.rb info: Loading downloaded plugin /var/lib/puppet/lib/puppet/parser/functions/prefix.rb info: Loading downloaded plugin /var/lib/puppet/lib/facter/pkgng.rb info: Loading downloaded plugin /var/lib/puppet/lib/puppet_x/cloudstack/transport.rb err: Could not load downloaded file /var/lib/puppet/lib/puppet_x/cloudstack/transport.rb: no such file to load -- fog info: Loading downloaded plugin /var/lib/puppet/lib/puppet/parser/functions/str2bool.rb info: Loading downloaded plugin /var/lib/puppet/lib/puppet/parser/functions/reverse.rb info: Loading downloaded plugin /var/lib/puppet/lib/puppet/parser/functions/any2array.rb info: Loading downloaded plugin /var/lib/puppet/lib/puppet/parser/functions/validate_absolute_path.rb info: Loading downloaded plugin /var/lib/puppet/lib/puppet/parser/functions/shuffle.rb info: Loading downloaded plugin /var/lib/puppet/lib/puppet/parser/functions/is_ip_address.rb info: Loading downloaded plugin /var/lib/puppet/lib/puppet/provider/cloudstack_image/default.rb err: Could not load downloaded file /var/lib/puppet/lib/puppet/provider/cloudstack_image/default.rb: no such file to load -- fog info: Loading downloaded plugin /var/lib/puppet/lib/puppet/parser/functions/validate_slength.rb info: Loading downloaded plugin /var/lib/puppet/lib/puppet/parser/functions/getparam.rb info: Loading downloaded plugin /var/lib/puppet/lib/puppet/provider/cloudstack_instance/default.rb err: Could not load downloaded file /var/lib/puppet/lib/puppet/provider/cloudstack_instance/default.rb: /var/lib/puppet/lib/puppet/provider/cloudstack_instance/default.rb:72: syntax error, unexpected ')' /var/lib/puppet/lib/puppet/provider/cloudstack_instance/default.rb:124: syntax error, unexpected $end, expecting kEND info: Loading downloaded plugin /var/lib/puppet/lib/facter/localbase.rb info: Loading
[Puppet Users] cloudstack instance creation hostname
Hello, I am attempting to use that cloudstack_resources module found here https://github.com/bodepd/cloudstack_resources I have been able to succesfully point it to my cloudstack management server and create VMs. The template I am using is a fresh OS install that already had puppet agent configure and running on it. The problem is, I dont see a way to name my cloudstack instances, so they end up with the name being set to the ID, (display name does seem to be correct). This means I end up with a bunch of certs that have different names in my puppetmasters cert list that dont mean anything to me. Am I doing this right? Should I be using cloudstack_instance to somehow set the machines cloudstack name and/or the hostname of the VM instance? I also notice it seems like there is a puppet_node type in the cloudstack_resources project, but I could not find any documentation on how to us it. Should I be using this with a plain OS template (no puppet pre-installed?) If so, how does that get used? Thanks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/641c5268-c064-46ce-be82-b9a1bfd83885%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] cloudstack_resources not working as expected
Hello, I have cloned the cloudstack_resources git repo into my puppet modules directory. I have a working cloudstack management server up and going. here is my modules/infra/manifests/init.pp file class infra { cloudstack_instance { 'foo': ensure=present, flavor = 'Small Instance', zone = 'ash-dev-xs-zone', image = 'FreeBSD10 Puppet Install', group ='role=transit', } } here is my site.pp node 'dev.mydomain.local' {include infra } where dev.mydomain.local is the hostname of my puppetmaster box. And here is the error I get when I 'puppet apply site.pp' on my puppetmaster box Any help is appreciated. Error trace follows Thanks! Debug: Prefetching default resources for cloudstack_instance Error: Could not prefetch cloudstack_instance provider 'default': undefined method `[]' for nil:NilClass /work/ac/tools/puppet/dev-puppetmaster/modules/cloudstack_resources/lib/puppet_x/cloudstack/transport.rb:24:in `retrieve' /work/ac/tools/puppet/dev-puppetmaster/modules/cloudstack_resources/lib/puppet/provider/cloudstack.rb:27:in `connection' /work/ac/tools/puppet/dev-puppetmaster/modules/cloudstack_resources/lib/puppet/provider/cloudstack_instance/default.rb:11:in `instances' /work/ac/tools/puppet/dev-puppetmaster/modules/cloudstack_resources/lib/puppet/provider/cloudstack.rb:15:in `prefetch' /usr/lib/ruby/vendor_ruby/puppet/transaction.rb:264:in `prefetch' /usr/lib/ruby/vendor_ruby/puppet/transaction.rb:154:in `prefetch_if_necessary' /usr/lib/ruby/vendor_ruby/puppet/transaction.rb:62:in `block in evaluate' /usr/lib/ruby/vendor_ruby/puppet/graph/relationship_graph.rb:116:in `call' /usr/lib/ruby/vendor_ruby/puppet/graph/relationship_graph.rb:116:in `traverse' /usr/lib/ruby/vendor_ruby/puppet/transaction.rb:95:in `evaluate' /usr/lib/ruby/vendor_ruby/puppet/resource/catalog.rb:164:in `block in apply' /usr/lib/ruby/vendor_ruby/puppet/util/log.rb:147:in `with_destination' /usr/lib/ruby/vendor_ruby/puppet/transaction/report.rb:108:in `as_logging_destination' /usr/lib/ruby/vendor_ruby/puppet/resource/catalog.rb:163:in `apply' /usr/lib/ruby/vendor_ruby/puppet/configurer.rb:125:in `block in apply_catalog' /usr/lib/ruby/vendor_ruby/puppet/util.rb:182:in `block in benchmark' /usr/lib/ruby/1.9.1/benchmark.rb:295:in `realtime' /usr/lib/ruby/vendor_ruby/puppet/util.rb:181:in `benchmark' /usr/lib/ruby/vendor_ruby/puppet/configurer.rb:124:in `apply_catalog' /usr/lib/ruby/vendor_ruby/puppet/configurer.rb:190:in `run' /usr/lib/ruby/vendor_ruby/puppet/application/apply.rb:273:in `apply_catalog' /usr/lib/ruby/vendor_ruby/puppet/application/apply.rb:223:in `main' /usr/lib/ruby/vendor_ruby/puppet/application/apply.rb:151:in `run_command' /usr/lib/ruby/vendor_ruby/puppet/application.rb:364:in `block (2 levels) in run' /usr/lib/ruby/vendor_ruby/puppet/application.rb:457:in `plugin_hook' /usr/lib/ruby/vendor_ruby/puppet/application.rb:364:in `block in run' /usr/lib/ruby/vendor_ruby/puppet/util.rb:511:in `exit_on_fail' /usr/lib/ruby/vendor_ruby/puppet/application.rb:364:in `run' /usr/lib/ruby/vendor_ruby/puppet/util/command_line.rb:132:in `run' /usr/lib/ruby/vendor_ruby/puppet/util/command_line.rb:86:in `execute' /usr/bin/puppet:4:in `main' Error: Could not set 'present' on ensure: undefined method `[]' for nil:NilClass at 8:/work/ac/tools/puppet/dev-puppetmaster/modules/infra/manifests/init.pp /work/ac/tools/puppet/dev-puppetmaster/modules/cloudstack_resources/lib/puppet_x/cloudstack/transport.rb:24:in `retrieve' /work/ac/tools/puppet/dev-puppetmaster/modules/cloudstack_resources/lib/puppet/provider/cloudstack.rb:27:in `connection' /work/ac/tools/puppet/dev-puppetmaster/modules/cloudstack_resources/lib/puppet/provider/cloudstack.rb:31:in `connection' /work/ac/tools/puppet/dev-puppetmaster/modules/cloudstack_resources/lib/puppet/provider/cloudstack.rb:52:in `get_id_from_model' /work/ac/tools/puppet/dev-puppetmaster/modules/cloudstack_resources/lib/puppet/provider/cloudstack_instance/default.rb:96:in `get_flavor_id' /work/ac/tools/puppet/dev-puppetmaster/modules/cloudstack_resources/lib/puppet/provider/cloudstack_instance/default.rb:41:in `create' /usr/lib/ruby/vendor_ruby/puppet/property/ensure.rb:16:in `block in defaultvalues' /usr/lib/ruby/vendor_ruby/puppet/property.rb:197:in `call_valuemethod' /usr/lib/ruby/vendor_ruby/puppet/property.rb:498:in `set' /usr/lib/ruby/vendor_ruby/puppet/property.rb:581:in `sync' /usr/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:113:in `apply_parameter' /usr/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:55:in `perform_changes' /usr/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:138:in `evaluate' /usr/lib/ruby/vendor_ruby/puppet/transaction.rb:161:in `apply' /usr/lib/ruby/vendor_ruby/puppet/transaction.rb:174:in `eval_resource' /usr/lib/ruby/vendor_ruby/puppet/transaction.rb:104:in `call'
[Puppet Users] Re: cloudstack_resources not working as expected
Well apparently my transport.yaml file was not formatted correcly. I had everything starting at column zero, and when I added a tab to make the spacing for the lines under cloudstack: be indented, it worked. :shrug: On Wednesday, November 20, 2013 12:22:11 PM UTC-5, Derek Cole wrote: Hello, I have cloned the cloudstack_resources git repo into my puppet modules directory. I have a working cloudstack management server up and going. here is my modules/infra/manifests/init.pp file class infra { cloudstack_instance { 'foo': ensure=present, flavor = 'Small Instance', zone = 'ash-dev-xs-zone', image = 'FreeBSD10 Puppet Install', group ='role=transit', } } here is my site.pp node 'dev.mydomain.local' {include infra } where dev.mydomain.local is the hostname of my puppetmaster box. And here is the error I get when I 'puppet apply site.pp' on my puppetmaster box Any help is appreciated. Error trace follows Thanks! Debug: Prefetching default resources for cloudstack_instance Error: Could not prefetch cloudstack_instance provider 'default': undefined method `[]' for nil:NilClass /work/ac/tools/puppet/dev-puppetmaster/modules/cloudstack_resources/lib/puppet_x/cloudstack/transport.rb:24:in `retrieve' /work/ac/tools/puppet/dev-puppetmaster/modules/cloudstack_resources/lib/puppet/provider/cloudstack.rb:27:in `connection' /work/ac/tools/puppet/dev-puppetmaster/modules/cloudstack_resources/lib/puppet/provider/cloudstack_instance/default.rb:11:in `instances' /work/ac/tools/puppet/dev-puppetmaster/modules/cloudstack_resources/lib/puppet/provider/cloudstack.rb:15:in `prefetch' /usr/lib/ruby/vendor_ruby/puppet/transaction.rb:264:in `prefetch' /usr/lib/ruby/vendor_ruby/puppet/transaction.rb:154:in `prefetch_if_necessary' /usr/lib/ruby/vendor_ruby/puppet/transaction.rb:62:in `block in evaluate' /usr/lib/ruby/vendor_ruby/puppet/graph/relationship_graph.rb:116:in `call' /usr/lib/ruby/vendor_ruby/puppet/graph/relationship_graph.rb:116:in `traverse' /usr/lib/ruby/vendor_ruby/puppet/transaction.rb:95:in `evaluate' /usr/lib/ruby/vendor_ruby/puppet/resource/catalog.rb:164:in `block in apply' /usr/lib/ruby/vendor_ruby/puppet/util/log.rb:147:in `with_destination' /usr/lib/ruby/vendor_ruby/puppet/transaction/report.rb:108:in `as_logging_destination' /usr/lib/ruby/vendor_ruby/puppet/resource/catalog.rb:163:in `apply' /usr/lib/ruby/vendor_ruby/puppet/configurer.rb:125:in `block in apply_catalog' /usr/lib/ruby/vendor_ruby/puppet/util.rb:182:in `block in benchmark' /usr/lib/ruby/1.9.1/benchmark.rb:295:in `realtime' /usr/lib/ruby/vendor_ruby/puppet/util.rb:181:in `benchmark' /usr/lib/ruby/vendor_ruby/puppet/configurer.rb:124:in `apply_catalog' /usr/lib/ruby/vendor_ruby/puppet/configurer.rb:190:in `run' /usr/lib/ruby/vendor_ruby/puppet/application/apply.rb:273:in `apply_catalog' /usr/lib/ruby/vendor_ruby/puppet/application/apply.rb:223:in `main' /usr/lib/ruby/vendor_ruby/puppet/application/apply.rb:151:in `run_command' /usr/lib/ruby/vendor_ruby/puppet/application.rb:364:in `block (2 levels) in run' /usr/lib/ruby/vendor_ruby/puppet/application.rb:457:in `plugin_hook' /usr/lib/ruby/vendor_ruby/puppet/application.rb:364:in `block in run' /usr/lib/ruby/vendor_ruby/puppet/util.rb:511:in `exit_on_fail' /usr/lib/ruby/vendor_ruby/puppet/application.rb:364:in `run' /usr/lib/ruby/vendor_ruby/puppet/util/command_line.rb:132:in `run' /usr/lib/ruby/vendor_ruby/puppet/util/command_line.rb:86:in `execute' /usr/bin/puppet:4:in `main' Error: Could not set 'present' on ensure: undefined method `[]' for nil:NilClass at 8:/work/ac/tools/puppet/dev-puppetmaster/modules/infra/manifests/init.pp /work/ac/tools/puppet/dev-puppetmaster/modules/cloudstack_resources/lib/puppet_x/cloudstack/transport.rb:24:in `retrieve' /work/ac/tools/puppet/dev-puppetmaster/modules/cloudstack_resources/lib/puppet/provider/cloudstack.rb:27:in `connection' /work/ac/tools/puppet/dev-puppetmaster/modules/cloudstack_resources/lib/puppet/provider/cloudstack.rb:31:in `connection' /work/ac/tools/puppet/dev-puppetmaster/modules/cloudstack_resources/lib/puppet/provider/cloudstack.rb:52:in `get_id_from_model' /work/ac/tools/puppet/dev-puppetmaster/modules/cloudstack_resources/lib/puppet/provider/cloudstack_instance/default.rb:96:in `get_flavor_id' /work/ac/tools/puppet/dev-puppetmaster/modules/cloudstack_resources/lib/puppet/provider/cloudstack_instance/default.rb:41:in `create' /usr/lib/ruby/vendor_ruby/puppet/property/ensure.rb:16:in `block in defaultvalues' /usr/lib/ruby/vendor_ruby/puppet/property.rb:197:in `call_valuemethod' /usr/lib/ruby/vendor_ruby/puppet/property.rb:498:in `set' /usr/lib/ruby/vendor_ruby/puppet/property.rb:581:in `sync' /usr/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:113:in `apply_parameter' /usr/lib/ruby
Re: [Puppet Users] What the correct way to downgrade version with puppet? (CentOS 6.4)
Could you do something like package { ‘php-5.5.5’: ensure = absent, } package { ‘php-5.3.3’: ensure = ‘5.3.3', require = Package[‘php-5.5.5’], } On Nov 12, 2013, at 10:37 , shlo.af...@gmail.com wrote: In this case I need to ensure it delete php-5.5.5 and after that install php-5.3.3. When trying to install php-5.3.3 when php-5.5.5 exist it exit with errors about conflict in version. How can I ensure that specific version of php is absent? On Monday, November 11, 2013 4:38:12 PM UTC+2, Derek Harkness wrote: You can specify a version string for each package. package { [ ‘php-xml’, ‘php-common’ ]: ensure = “5.3.3”, } You might have to break them out and add in some dependency. On Nov 10, 2013, at 6:08 , shlo@gmail.com wrote: Hi, I'm using Puppet to downgrade php from 5.5.5 to 5.3.3. It failed because yum command failed. It has dependencies that need to removed or downgrade. ... php-common(x86-64) = 5.5.5-2.el6.remi is needed by (installed) php-xml-5.5.5-2.el6.remi.x86_64 ... How can I tell Puppet to remove the php-xml, php-common etc from the higher version and to install php and those packages (php-xml, php-common etc) he just remove in lower version? Thanks. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/8147ba9c-3f34-4b99-a02e-fd23909fb553%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/77f65608-d59b-4a3c-a055-b7f09c18a1fd%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/4D8715E9-12D7-4165-85D5-7F30F11790FF%40mac.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] What the correct way to downgrade version with puppet? (CentOS 6.4)
You can specify a version string for each package. package { [ ‘php-xml’, ‘php-common’ ]: ensure = “5.3.3”, } You might have to break them out and add in some dependency. On Nov 10, 2013, at 6:08 , shlo.af...@gmail.com wrote: Hi, I'm using Puppet to downgrade php from 5.5.5 to 5.3.3. It failed because yum command failed. It has dependencies that need to removed or downgrade. ... php-common(x86-64) = 5.5.5-2.el6.remi is needed by (installed) php-xml-5.5.5-2.el6.remi.x86_64 ... How can I tell Puppet to remove the php-xml, php-common etc from the higher version and to install php and those packages (php-xml, php-common etc) he just remove in lower version? Thanks. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/8147ba9c-3f34-4b99-a02e-fd23909fb553%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/1480C2B3-3A5D-4A07-BB85-B9CCA4AF8266%40mac.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] How to determine puppet environment when using passenger
Hello, I am trying to figure out what the best way to use puppet when I am using passenger. I noticed that if I log in as my normal user on Ubuntu 12.04, and run puppet config print it gives me the incorrect configuration than what I think I am running when I am using apache/passenger/puppet For example, it shows my confdir as being in my users homedir/.puppet instead of /etc/puppet When i log in as root, and run the command, everything looks correct. Am I just supposed to work in root all the time when I am running puppet's commands? I noticed this is also a problem when I am having a custom modulepath..if I run puppet install module as a user, it puts it in my home dir, instead of in the configured modulepath i have in my puppet.conf Please advise - Thanks! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/589c9a47-3318-46ee-94e4-85c286fec780%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] New to Puppet, trying to get it workign with a FreeBSD agent
Hello, I have been following through some of the documentation trying to make use of puppet in a test environment. I went ahead and tried to install puppet-passenger and puppet dashboard. I think i have succesfully done this, because at mymaster.local:3000/ I get the dashboard webpage (albeit with no nodes or anything reporting) and at https://mymaster.local:8140 I get a cert trying to be served to my browser. Are these good indicators of something at least working? On my pupper master box, which is Ubuntu, here is what /etc/puppet/puppet.conf contains [main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter templatedir=$confdir/templates [master] # These are needed when the puppetmaster is run by passenger # and can safely be removed if webrick is used. reports = store, http reporturl = http://mymaster.local:3000/reports/upload ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY and in the master's etc/hosts there is a reference to the agent, so it can ping it by name. and as of right now, i only have one FreeBSD puppet client. In it's /usr/local/etc/puppet/puppet.conf [agent] server = mymaster report = true pluginsync = true and its hosts file has mymaster, so I can ping it by name. However, on my agent, if i type puppet agent -t I get the following: Error: Could not request certificate: SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: (null) Exiting; failed to retrieve certificate and waitforcert is disabled I tried this with the -w option, and did sudo puppet cert list on the master, but i never saw anything show up. What am I missing here? Can someone point me to some better documentation? It seemed like what I read was lacking a bit, especially for the agent setup in the FreeBSD box. Thanks! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] tidy: Could not back up files of type socket
Hello, I am using puppet tidy to clean up my /tmp directory as described here: https://groups.google.com/d/msg/puppet-users/bg6GzDVDR-k/ELj8eeGI2F8J tidyup: /tmp: age: '4w' backup: 'false' recurse: 'true' Puppet throws errors when it encounters a socket instead of a regular file or directory. change from socket to absent failed: Could not back up files of type socket I see some old discussions regarding this, but I haven't found a clear solution. I don't want to back up the sockets and have specified 'false' as you can see above. What is the best way to deal with the sockets and eliminate these errors? Thanks in advance, Derek -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] specifying tidy resources in hiera (solved)
Hello, I was looking for a clean way to specify tidy resources in my hiera hierarchy. Basically, I wanted to be able to specify common tidy resources, or tidy resources specific to a host without editing a module or class each time, essentially separating the data from the logic. Here I'm using this for tidy, but the same model could be used for other resources. I came up with a solution using create_resources that works so I thought I'd share. assuming the two following yaml files. common.yaml ### --- tidyup: /tmp: age: '4w' backup: 'false' recurse: 'true' myhost.yaml # --- classes : [ 'tidyup' ] tidyup: /tmp/dir1: age: '1s' backup: 'false' recurse: 'true' /tmp/dir3: age: '1s' backup: 'false' recurse: 'true' I created a module named 'tidyup' that contains one class. class tidyup { $tidydirs = hiera_hash('tidyup', []) create_resources('tidy',$tidydirs) } This class gathers up the tidyup resources defined at all levels of the hierarchy and performs the specified tidy tasks. You can see what is returned by running 'hiera' on the command line. hiera -h tidyup hostname=myhost result: {/tmp/dir3={age=1s, backup=false, recurse=true}, /tmp/dir1={age=1s, backup=false, recurse=true}, /tmp={age=4w, backup=false, recurse=true}} -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Execute Mono exe that depends on an environment variable
I have a script that I execute to run a mono exe during a setup process. I would like to automate that with puppet but the exe depends on an environment variable being set or it will fail. My setup.sh file looks like this. export MY_ENV_VAR=$HOME/target_dir /usr/mono/bin/mono $HOME/path_to_exe/Setup.exe this fails because well $HOME is meaningless in a puppet context. Here's is what I would like to do. exec { 'myscript': command = /bin/sh /some_path/scripts/setup.sh, } I can't change the mono exe to not rely on special environment variable. That isn't an option. So in summary I need to be able to set a special env variable for the exec context and I have to be able to dynamically change the path to the exe because each users home directory will be different. I searched for a while but now my eyes are just crossed. Any ideas? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Storage to process this request is not available when puppet runs on windows as a daemon.
I have a weird issue. I'm using puppet 3.2.3 and I have a simple module to install an msi (module below). If I run manually (from the start menu, or cmd using puppet agent - it works fine and installs. If I let the 30 minute scheduled run happen - I get Storage to process this request is not available. Does anyone have any ideas what could cause this? I don't see too much on the net about it and for the life of me can't figure it out. On a side note - every puppet run also seems to install notepad++ again (I get a Package[np]/ensure: created - which also isn't ideal as it makes this system always be in a changed state. Any help people can give is appreciated. class wintest { if ($operatingsystem == 'windows') { package { 'np': ensure = installed, source = '\\files\Software\temp\npp.6.3.2.installer.msi', #provider = windows } } else { fail('This module is only supported on Windows') } } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] how do you test and release puppet changes?
We are in the process of evaluating our puppet related test and release process and interested in knowing what other folks are doing. We are in a position that is not ideal but is not unique from what I can tell. Our current testing process is basically the responsibility of each person making a change. Small changes are committed and pushed to dev/qa/prod in one swoop with the committer spot checking the results manually.Larger changes are tested by running a node against a puppet environment which is pointed to the change branch and the desired behavior is manually verified. What we would like to do is start with implementing some basic control points which require passing tests before the changes move along. With the goal of being able to increase the test coverage over time to protect ourselves from ourselves. One thought we had as an initial step is to just verify catalog compilation for some number of nodes against the proposed changes and block the changes if catalog compilation fails. This raises the next question around tooling. We could script up a catalog compiler test calling the the puppet binaries but should we use this as an opportunity to get familiar with rspec-puppet? Are people using catalog diffs at all in their release process? It would seem nice to provide an automated catalog diff for people making 'small' changes so they can make sure their change didn't accidentally drop or change a large number of resources. So please share what you find works or doesn't work at your shop. TIA -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Is there any other tool other than mcollective for orchestration..
Rajeev. We run mcollective in a 100% Solaris shop. We have not encountered any Solaris specific issues. Email me if you want the steps we use to build the Solaris packages. Thanks. Derek. On Feb 7, 2:01 am, DreamBig rajeev.n.i...@gmail.com wrote: Thanks.. On Feb 7, 2:31 pm, kavitha.c.k2...@gmail.com wrote: Hi, There is a tools called Ansible , I think it works on solaris Kavitha On Thursday, February 7, 2013 2:28:32 PM UTC+5:30, Rajeev Iyer wrote: Hi, I guess mcollective supports only linux and similar OS. It does not have a package for Solaris or even a way to create a package from standard tar file. Can someone suggest any other tool? Regards, Rajeev -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Where do you store sensitive files with puppet+git approach?
We use hiera-gpg for file type sensitive information as well.For sensitive information which is actually a file (ssh private keys) we moved that into hiera-gpg and just set the yaml markup accordingly so the information could be used to populate the file in question in the correct format. For example this is what a private key looks like in yaml. The | and leading indentation keeps the content in the same format as it passes through the hands of the different villagers on the way to it's home in the id_dsa file. professor_plumbs_private_key: | -BEGIN DSA PRIVATE KEY- GOODSTUFFHERE THEGOODSTUFFCONTINUES -END DSA PRIVATE KEY- Then to create the key file. (Hiera call done as part of class param) file { /blah/blah/.ssh/id_dsa: content = $professor_plumbs_private_key; } I'm sure the same approach could be taken for ssl keys. However we have been wielding the hiera hammer pretty hard and had to stop short of using it in place of DNS so you may not like this approach;) HTH. On Oct 1, 10:40 am, Aaron Grewell aaron.grew...@gmail.com wrote: We use hiera-gpg for ours. Files containing sensitive information are converted into templates so that only the necessary strings are included in gpg. If we really needed to distribute full files I would probably build a separate directory tree backed by its own repository for this. It's just never been necessary for us. On Oct 1, 2012 6:47 AM, Vaidas Jablonskis jablons...@gmail.com wrote: Hi People, I have a quick question, which hopefully you will have an answer to. I am slowly moving towards puppet and git with multiple branches for different environments. Things are going pretty well, but now I have a small issue. The question is where should I store sensitive files, for instance SSL private keys or some files which contain sensitive data? I am aware of hiera-gpg storage backend, but that is more suitable for storing plain text strings rather than actual files - correct me if I am wrong? I am looking forward to hear your opinion on this subject. Thanks in advance. -- Vaidas -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/DjQqqdK2NJ4J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: puppet with stored configurations mysql connection error
Hi, selinux may be preventing puppetmaster from talking to mysql, try setenforce 0 also if this works and you want to leave selinux running, it looks like there is a boolean to allow this (on RHEL at least) setenforce 1 setsebool puppetmaster_use_db on Hope this helps, Derek -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/px5BZvZNnWQJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet 3.0 and Hiera
On May 7, 2012, at 12:47 PM, Christopher Wood wrote: Wrapper script (similar concept for anywhere with a yaml reader): Still have to *write* the YAML files. Out of nosiness, how do you handle the edgier cases in your manifests? For example, how everything is a standard syslog client, except for this host which is loghost, and these couple of clients which all do different things with syslog? We would have the syslog module have all the common files/packages/services/etc. declared, and then simply do something like: if ($fqdn =~ /^syslog/) { . log host specific stuff . } else { . NON-log host specific stuff . } doesn't seem like rocket science, and makes it clear, all in one place, what's common, and what's special. Puppet provides some wonderful decision-making capabilities in the manifests themselves, I've yet to see any need to have some ugly machine-readable formatted file to solve a problem. But I *have* seen the parts of our organization that DO use Hiera complaining loudly that they can't easily figure out which of a slurry of YAML files is changing some setting/variable to a value they're not expecting. Cheers, D -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Compile catalog time: 2.6 vs 2.7.X
FWIW, we are experiencing exactly the same thing in 2.7 that you are. We used to average 6-9 seconds for compilation time and now it's anywhere from 15 to 250 to timed out. D On May 8, 2012, at 7:07 AM, Arnau Bria wrote: Compiled catalog for td055.pic.es in environment production in 4.25 seconds Compiled catalog for td055.pic.es in environment production in 76.99 seconds err: Could not retrieve catalog from remote server: execution expired Why my code is being compiled fast in 2.6 but not in 2.7? What language programing considerations do I have to take into account when migrating? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet 3.0 and Hiera
On May 3, 2012, at 1:05 PM, Pieter van de Bruggen wrote: As many of you may be aware, Hiera will be tightly integrated into Puppet in the upcoming release of Puppet 3.0. What will this mean for sites that have specifically avoided using Hiera? I would presume that this should just mean business as usual, with no significant impact? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet 3.0 and Hiera
On May 7, 2012, at 11:54 AM, Nigel Kersten wrote: Yes. If you're not planning to externalize data at all, the only difference you'll see is that you'll now have Hiera installed on your system when you install Puppet 3.0. Cool. Was really panicking there for a moment. I kinda like having human readable manifests as opposed to machine readable YAML :-) Cheers, D -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Certificate Annoyance: Time Differential
Well, we do it with kickstart and -- typically -- do the same thing. But for some reason it wasn't able to reach the NTP server during kickstart and it was never able to sync the clock before things really got rolling. And it just occurred to me that since, ostensibly, puppet could be in charge of making sure the NTP services were installed in the first place, that it would make a lot of sense to have this as a feature/option in puppet, to ignore the time-deltas for SSL certs. D On Feb 27, 2012, at 6:40 AM, y...@comcast.net y...@comcast.net wrote: A suggestion based on how I deal with this : I use Cobbler to load the operating system and do basic configurations. Then I hand off to Puppet. One thing I do with Cobbler is the initial setting of the system clock using ntpdate or ntpd -q Hope this helps -Original Message- From: Derek J. Balling To: puppet-users Sent: 2012-02-27 10:59:12 + Subject: [Puppet Users] Certificate Annoyance: Time Differential We recently had a situation where servers weren't able to use their auto-sign'ed certificates because their local clock was months off from real-time. Of course, it was brand-new hardware straight off the dock and hadn't yet had a chance to have ntp sync the clock to the correct time because, well, puppet is what fires up NTP. :-) Is there any way to recognize that puppet might be the thing in charge of bringing the clocks into sync, and allowing puppet to ignore certificate-verification failures that are based solely on the time-delta being too high? It certainly seems like it'd be a useful feature. D -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Selecting modlues based on subnet in nodes.pp
I have four major zones in my nework: Development, Quality Assurance, User Acceptanc Testing, and Production. I am able to deply different modules to these zones based on the simple regular expressions posted in the example at the bottom of this message. I have two data centers in my network: Salt Lake City and Santa Clara. I would like to be able to deploy different modules to servers based on the data center that they reside it. I have tried simple if statements and case statements but don't seem to be able to deploy my site based modules. Can you give me some imput on the best approach to my problem? I know I can manually define ever server in the enterprise in my nodes.pp, but I would prefer a more dynamic approach based IP subnet. $sal_nets = ['10.131.21.0','10.131.31.0','10.131.40.0','10.134.40.0','10.135.1.0','10.135.2.0','10.135.20.0','10.135.3.0','10.135.6.0','10.142.20.0','10.142.23.0'] $scl_nets = ['10.146.1.0','10.146.16.0','10.146.19.0','10.146.20.0','10.146.24.0','10.146.24.0','10.146.28.0','10.146.31.0','10.151.21.0','192.168.119.0','192.168.43.0','192.168.99.0'] node /^.+\.dev\.svbank\.com/ { # if ($network_eth0 in $sal_nets) or ($network_bond0 in $sal_nets) { #notice('salt lake city net') # } # if (($network_eth0 and ($network_eth0 in $sal_nets))) or ($network_bond0 and (($network_bond0 in $scl_nets))) { #notice('santa clara net') # } case $network_eth0 { $sal_nets: { include svb-sal-sendmail-cf } # use SAL repository $scl_nets: { include svb-scl-sendmail-cf } # else use SCL repository } include svb-core-config include svb-core-encase include svb-core-packages include svb-puppet include svb-sshd include svb-sudo include svb-repos include svb-snmpd # include svb-sendmail-cf } node /^.+\.qa\.svbank\.com/ { include svb-core-config include svb-core-encase include svb-core-packages include svb-puppet include svb-sshd include svb-sudo include svb-repos include svb-snmpd # include svb-sendmail-cf } node /^.+\.uat\.svbank\.com/ { include svb-core-config include svb-core-encase include svb-core-packages include svb-puppet include svb-sshd include svb-sudo include svb-repos # include svb-sendmail-cf include svb-users } node /^.+\.corp\.svbank\.com/ { include svb-core-config include svb-repos include svb-puppet } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Step by step guide to setting user passwords
On Aug 2, 2011, at 8:35 PM, Len Rugen wrote: In puppet, passwd = $6$PVOar6qN$WUTN7HG838PnAdzLYCB4HHVSzE/SX100VVdsiIYlBo7TM5c79R38gx942Lkm710v1HMRmS5VnPbHZ2MwY96wt0, Make sure to use single-quotes, or puppet will try to evaluate variables $PVOar, $WUTN, etc., etc. D -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Facter 1.6.0 and CentOS 6.0
On Aug 1, 2011, at 11:30 AM, Daniel Piddock wrote: You need to have the lsb_release command installed for the lsb* results to appear. Fedora/Redhat have it in the redhat-lsb package, so it possibly has a similar name under CentOS. Thanks to you and everyone else who pointed it out. Apparently something in our CentOS 5 kickstart brought that in, that our kickstart config for 6 didn't (almost certainly having to do with all those package group renames). Cheers, D -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Facter 1.6.0 and CentOS 6.0
We just started testing CentOS 6.0 here, and I'm using Facter 1.6.0 If I run this command from my CentOS 5.x test machine: [root@puppetclient.nj1:~]# facter --version 1.6.0 [root@puppetclient.nj1:~]# facter | grep lsb lsbdistcodename = Final lsbdistdescription = CentOS release 5.3 (Final) lsbdistid = CentOS lsbdistrelease = 5.3 lsbmajdistrelease = 5 lsbrelease = :core-3.1-amd64:core-3.1-ia32:core-3.1-noarch:graphics-3.1-amd64:graphics-3.1-ia32:graphics-3.1-noarch I get reasonable results. But if I do that from my CentOS 6.0 test machine: [root@cos6test.nj1:~]# facter --version 1.6.0 [root@cos6test.nj1:~]# facter | grep lsb [root@cos6test.nj1:~]# I get remarkably less kosher results. Is this a known issue? Is there any work-around? It's really breaking my CentOS 6 servers' ability to find their REPOs. :-) Cheers, D -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Issue with puppet file serving api not parsing yaml content correctly
Unfortunately, it does not work. That was the first thing I had tried to try and reproduce the problem in ruby outside a puppet run. Also, here are the ruby util modules for puppet in 0.25.4: /opt/ruby-1.8.6-p287/lib/ruby/site_ruby/1.8/puppet/util autoload autoload.rb backups.rb cacher.rb checksums.rb classgen.rb config_store.rb constant_inflector.rb diff.rb docs.rb errors.rb execution.rb feature.rb file_locking.rb fileparsing.rb filetype.rb graph.rb inifile.rb instance_loader.rb ldap ldap.rb loadedfile.rb logging.rb log_paths.rb log.rb metaid.rb methodhelper.rb metric.rb monkey_patches.rb nagios_maker.rb package.rb pidlock.rb posix.rb provider_features.rb pson.rb queue queue.rb rails rdoc rdoc.rb reference.rb resource_template.rb selinux.rb settings settings.rb storage.rb subclass_loader.rb suidmanager.rb tagging.rb user_attr.rb warnings.rb Also, I did not see anything in the monkey_patches.rb file pertaining to a yaml like patch only rdoc.: module RDoc def self.caller(skip=nil) in_gem_wrapper = false Kernel.caller.reject { |call| in_gem_wrapper ||= call =~ /#{Regexp.escape $0}:\d+:in `load'/ } end end I think at this point we will probably upgrade puppet anyways so I will just add require puppet/util/yaml once we have upgraded. -- Derek On Jul 11, 4:51 pm, Nigel Kersten ni...@puppetlabs.com wrote: On Mon, Jul 11, 2011 at 4:17 PM, Derek Tamsen dtam...@gmail.com wrote: Thanks. Unfortunately, it seems I will need to wait until we upgrade puppet as version 0.25.4 does not seem to have 'puppet/util/zaml'. Then I'm more confused :) does require 'puppet' require 'yaml' just do the right thing? If not, I'd post to the puppet-dev list and see if the more developer-focused crowd can give you a better answer for 0.25.4. -- Derek On Jul 11, 2:56 pm, Nigel Kersten ni...@puppetlabs.com wrote: On Mon, Jul 11, 2011 at 11:36 AM, Derek dtam...@gmail.com wrote: Thanks for everyone's help. I figured out what the issue was over the weekend. It appears that when the ruby script is run in a puppet run, puppet loads the yaml dictionaries specific to puppet. However, when I was testing the script in ruby I was not loading the yaml dictionaries for puppet. This was causing my script to get a generic loaded yaml of #YAML::Object:0x2ada01f7cf00 instead of the correctly loaded yaml #Puppet::FileServing::Metadata:0x2ac7987b9c08. When the dictionaries are loaded for puppet it no longer has an ivars hash with content or metadata. I just needed to do YAML.load(apitruthtag(content)).content instead of YAML.load(apitruthtag(content)).ivars[content]. However, because I am still not loading the dictionary outside of the puppet run my script will not function correctly if just executed in ruby. Does anybody know how to properly load the puppet yaml dictionary outside of a puppet run? You should be able to load it as require 'puppet/util/zaml' and use ZAML instead of YAML. That's the version of YAML we're vendoring to fix a whole list of bugs we ran into. There's more complication going on in: lib/puppet/util/monkey_patches.rb showing how we monkey patch the various yaml methods on objects to actually talk ZAML instead. FYI: The raw yaml data from puppet is: --- !ruby/object:Puppet::FileServing::Content content: | --- role: - base env: - dev expiration: 2011-07-11 18:57:08.413941 +00:00 links: :manage path: /etc/puppet/modules/truth/files/private/domain.inter/server01/ truth_tags.yml stat_method: :lstat -- Derek On Jul 9, 3:03 pm, Ken Barber k...@puppetlabs.com wrote: So ... servermd5 = YAML.load(apitruthtag(metadata)).ivars[checksum] # When executed from a puppet run I tells me that ivars is undefined. What does the output of apitruthtag(metadata) show you between each run in facter, irb and puppet? Can you output each to a file and analyze the difference? irb, ruby, or facter: yaml parsed http response = #YAML::Object:0x2ada01f7cf00 puppet run: yaml parsed http response = #Puppet::FileServing::Metadata: 0x2ac7987b9c08 with error: undefined method `ivars' for #Puppet::FileServing::Metadata: 0x2ac7987152c0 #NoMethodError: undefined method `ivars' for #Puppet::FileServing::Metadata:0x2ac7987152c0 So when you run it with all the Puppet libraries the YAML object is being serialized back into a Ruby object Puppet::FileServing::Metadata ... I'm really curious what the raw YAML output looks like. This should only happen I think if the YAML output has meta information that matches that class type for example: --- !ruby/object:Puppet::FileServing::Metadata {} I get the feeling the YAML you are getting back isn't what you were expecting
[Puppet Users] Re: Issue with puppet file serving api not parsing yaml content correctly
Thanks for everyone's help. I figured out what the issue was over the weekend. It appears that when the ruby script is run in a puppet run, puppet loads the yaml dictionaries specific to puppet. However, when I was testing the script in ruby I was not loading the yaml dictionaries for puppet. This was causing my script to get a generic loaded yaml of #YAML::Object:0x2ada01f7cf00 instead of the correctly loaded yaml #Puppet::FileServing::Metadata:0x2ac7987b9c08. When the dictionaries are loaded for puppet it no longer has an ivars hash with content or metadata. I just needed to do YAML.load(apitruthtag(content)).content instead of YAML.load(apitruthtag(content)).ivars[content]. However, because I am still not loading the dictionary outside of the puppet run my script will not function correctly if just executed in ruby. Does anybody know how to properly load the puppet yaml dictionary outside of a puppet run? FYI: The raw yaml data from puppet is: --- !ruby/object:Puppet::FileServing::Content content: | --- role: - base env: - dev expiration: 2011-07-11 18:57:08.413941 +00:00 links: :manage path: /etc/puppet/modules/truth/files/private/domain.inter/server01/ truth_tags.yml stat_method: :lstat -- Derek On Jul 9, 3:03 pm, Ken Barber k...@puppetlabs.com wrote: So ... servermd5 = YAML.load(apitruthtag(metadata)).ivars[checksum] # When executed from a puppet run I tells me that ivars is undefined. What does the output of apitruthtag(metadata) show you between each run in facter, irb and puppet? Can you output each to a file and analyze the difference? irb, ruby, or facter: yaml parsed http response = #YAML::Object:0x2ada01f7cf00 puppet run: yaml parsed http response = #Puppet::FileServing::Metadata: 0x2ac7987b9c08 with error: undefined method `ivars' for #Puppet::FileServing::Metadata: 0x2ac7987152c0 #NoMethodError: undefined method `ivars' for #Puppet::FileServing::Metadata:0x2ac7987152c0 So when you run it with all the Puppet libraries the YAML object is being serialized back into a Ruby object Puppet::FileServing::Metadata ... I'm really curious what the raw YAML output looks like. This should only happen I think if the YAML output has meta information that matches that class type for example: --- !ruby/object:Puppet::FileServing::Metadata {} I get the feeling the YAML you are getting back isn't what you were expecting and looking at the contents of the raw output might give a better clue as to why. ken. -- Join us for PuppetConf, September 22nd and 23rd in Portland, OR:http://bit.ly/puppetconfsig; -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Issue with puppet file serving api not parsing yaml content correctly
Thanks. Unfortunately, it seems I will need to wait until we upgrade puppet as version 0.25.4 does not seem to have 'puppet/util/zaml'. -- Derek On Jul 11, 2:56 pm, Nigel Kersten ni...@puppetlabs.com wrote: On Mon, Jul 11, 2011 at 11:36 AM, Derek dtam...@gmail.com wrote: Thanks for everyone's help. I figured out what the issue was over the weekend. It appears that when the ruby script is run in a puppet run, puppet loads the yaml dictionaries specific to puppet. However, when I was testing the script in ruby I was not loading the yaml dictionaries for puppet. This was causing my script to get a generic loaded yaml of #YAML::Object:0x2ada01f7cf00 instead of the correctly loaded yaml #Puppet::FileServing::Metadata:0x2ac7987b9c08. When the dictionaries are loaded for puppet it no longer has an ivars hash with content or metadata. I just needed to do YAML.load(apitruthtag(content)).content instead of YAML.load(apitruthtag(content)).ivars[content]. However, because I am still not loading the dictionary outside of the puppet run my script will not function correctly if just executed in ruby. Does anybody know how to properly load the puppet yaml dictionary outside of a puppet run? You should be able to load it as require 'puppet/util/zaml' and use ZAML instead of YAML. That's the version of YAML we're vendoring to fix a whole list of bugs we ran into. There's more complication going on in: lib/puppet/util/monkey_patches.rb showing how we monkey patch the various yaml methods on objects to actually talk ZAML instead. FYI: The raw yaml data from puppet is: --- !ruby/object:Puppet::FileServing::Content content: | --- role: - base env: - dev expiration: 2011-07-11 18:57:08.413941 +00:00 links: :manage path: /etc/puppet/modules/truth/files/private/domain.inter/server01/ truth_tags.yml stat_method: :lstat -- Derek On Jul 9, 3:03 pm, Ken Barber k...@puppetlabs.com wrote: So ... servermd5 = YAML.load(apitruthtag(metadata)).ivars[checksum] # When executed from a puppet run I tells me that ivars is undefined. What does the output of apitruthtag(metadata) show you between each run in facter, irb and puppet? Can you output each to a file and analyze the difference? irb, ruby, or facter: yaml parsed http response = #YAML::Object:0x2ada01f7cf00 puppet run: yaml parsed http response = #Puppet::FileServing::Metadata: 0x2ac7987b9c08 with error: undefined method `ivars' for #Puppet::FileServing::Metadata: 0x2ac7987152c0 #NoMethodError: undefined method `ivars' for #Puppet::FileServing::Metadata:0x2ac7987152c0 So when you run it with all the Puppet libraries the YAML object is being serialized back into a Ruby object Puppet::FileServing::Metadata ... I'm really curious what the raw YAML output looks like. This should only happen I think if the YAML output has meta information that matches that class type for example: --- !ruby/object:Puppet::FileServing::Metadata {} I get the feeling the YAML you are getting back isn't what you were expecting and looking at the contents of the raw output might give a better clue as to why. ken. -- Join us for PuppetConf, September 22nd and 23rd in Portland, OR: http://bit.ly/puppetconfsig; -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Nigel Kersten Product Manager, Puppet Labs Twitter: @nigelkersten *Join us for **PuppetConf *http://www.bit.ly/puppetconfsig September 22nd and 23rd in Portland, Oregon, USA. * * -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Issue with puppet file serving api not parsing yaml content correctly
I am working on building a facter tag based node classifier similar to https://github.com/jordansissel/puppet-examples/tree/master/nodeless-puppet/. However, I have run into an issue where I cannot use puppet's require file ability to push the yaml file containing the facts file to the client because it would require two runs of puppet to pickup changes. Consequently, I have written into the facter ruby script the ability to connect to puppet's restful api and get the yaml file from the private store. This works fine in irb, ruby, and facter if called directly. However, when run inside of a puppet run it seems to fail on parsing the http response correctly into yaml. As a result, it does not get saved to disk and loaded as a fact for the puppet run. There is probably a simpler way to do this. Essentially we want to have tags on a server and use that to selectively include or remove modules from a server by facter tags rather than by a server's name. Some Version Information: - os = CentOS release 5.2 (Final) - ruby = ruby 1.8.6 (2008-08-11 patchlevel 287) [x86_64-linux] - facter = 1.6.0 (updated because my script loads multiple facts and the older version we were running requires the filename to match the fact name. This was not working because I did not want to split my ruby load script into multiple files to match each of the fact names.) - puppet = 0.25.4 Yaml file it is trying to grab from a private store: --- role: - base - db env: - dev The yaml file downloads correctly via a puppet run without my script. I can also wget the file and use net/https via ruby to get the file. All methods return the correct file with matching md5sums. Under my module called truth I have the following: - files - private - domain.inter - hostname - truth_tags.yml ex: --- role: - base env: - dev - lib - facter - load_truth_tags.rb problem area: def apitruthtag(calltype) # set some client side variables to build on later sslbasedir = '/etc/puppet/ssl' sslprivdir = sslbasedir + '/private_keys' sslpubdir = sslbasedir + '/certs' sslcafile = sslpubdir + '/ca.pem' # this sets if we want metadata or content from puppet datatype = calltype # We want yaml back from puppet header = {'Accept' = 'yaml'} # Setup some connection variables to our puppet server and what we want from it proto = 'https' server = 'puppet.domain.inter' port = '8140' path = '/production/file_' + datatype + '/truth_private/ truth_tags.yml' # Build the full uri to request from our puppet server. Then parse it for port and things uri = URI.parse(proto + '://' + server + ':' + port + path) # Setup the http module and set it for getting data http = Net::HTTP.new(uri.host, uri.port) request = Net::HTTP::Get.new(uri.request_uri, header) http.use_ssl = true if uri.scheme == 'https' # Enable ssl verification to ensure we are talking to the correct people http.verify_mode = OpenSSL::SSL::VERIFY_PEER # Cert Auth: # Set certificate paths # puppet certificate authority file if File.readable?(sslcafile) then # Puppet ca file http.ca_file = sslcafile puts readable? + sslprivdir + '/' + hostname + '.pem' if $debug if File.readable?(sslprivdir + '/' + hostname + '.pem') then # client private key http.key = OpenSSL::PKey::RSA.new(File.read(sslprivdir + '/' + hostname + '.pem')) puts readable? + sslpubdir + '/' + hostname + '.pem' if $debug if File.readable?(sslpubdir + '/' + hostname + '.pem') then # client public key http.cert = OpenSSL::X509::Certificate.new(File.read(sslpubdir + '/' + hostname + '.pem')) # Make the request response = http.request(request) else raise No readable client pubic key in #{sslpubdir}/ #{hostname}.pem end # End public key check else raise No readable client private key in #{sslprivdir}/ #{hostname}.pem end # End private key check else raise No readable ca cert in #{sslcafile} end # End ca file check # Check to make sure we got some data back if response != nil # Check to see if we have a good server response before saving the variable puts check code + response.code if $debug if ((response.code 300) and (response.code = 200)) return response.body else raise server did not return an acceptable reponse code end # end server response code check else raise No response from #{server} end # end nil response check end # end apitruthtag servermd5 = YAML.load(apitruthtag(metadata)).ivars[checksum] # When executed from a puppet run I tells me that ivars is undefined. - lib - puppet - parser - functions - truth_tags.rb - manifests - init.pp ex: class truth inherits truth::init_bootstrap { if truth_tag('role', 'base') and !truth_tag('role', 'nobase') { notice(${::hostname}: Including role, base modules...) notice(${::hostname}: role, base: including network)
Re: [Puppet Users] Re: Force resigning of existing certificates
We've been tracking Bug 3360: https://projects.puppetlabs.com/issues/3360 which controls what the puppetmaster does when it receives a new CSR for a host that already exists. Like you and and OP, we have little to no use for the security aspects of Puppet's CA design, and build in a completely trusted environment. I *think* when 3360 goes live, most of our CA issues will be resolved. It may not be a perfect match the re-signing thing the OP is describing here, or your particular situation, but it's worth paying attention to. D On Apr 13, 2011, at 2:39 PM, Jake - USPS wrote: I also am looking to do something like this. So besides it being a bad idea, is there a way to do it? Thanks, Jake On Mar 11, 3:38 am, Patrick patr...@googlealtert.spamtrap.fht- esslingen.de wrote: On 8 Mrz., 14:54, Disconnect dc.disconn...@gmail.com wrote: Alternately, running thepuppetcacleanbefore starting the new client will result in the standard unsigned behavior. Maybe, but it would be nice to save this extra afford. In our case, we do not want the security features of puppet. (I do think its pretty broken that trying once with the wrong cert poisons the client - if it is an attack, they can just wipe the client cert again, and if it isn't - eg in your case - then it breaks..) We know, but we are using build servers in a trusted network.. The buildservers are often reinstalled and we do not want to manage the certificates. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet Restarting Puppet, Puppet-Agent's resolver (was Inter-Module Dependency)
On Feb 18, 2011, at 3:01 PM, Daniel Pittman wrote: Just to be specific: puppet doesn't do anything except use those standard functions, so we are not actually capable of doing anything portable to solve these problems. It really isn't so much puppet ignores the change to... as the OS libraries ignore... I wonder how other applications deal with it, because some of the other apps on our system noticed the change to resolv.conf in short order. Maybe they're internally stat()ing /etc/resolv.conf every so often and if the time is different, they're re-init'ing their resolver object? Seems like that's something that could happen as part of a catalog run, though, with little to no overhead Dunno. D -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Inter-Module Dependency
For what it is worth, for an extremely well known interface like /etc/resolv.conf I would subscribe to the file resource, but for most cases I prefer to depend on the class. So, I think both answers are right, and I didn't explain why I chose the apparently tighter binding this time around. FWIW, we've chosen to do both, if for no other reason than so that the app in question won't be processed until after the resolv.conf is updated, so we can minimize the number of restarts, etc., as necessary. The next issue which follows, for me, is that random_app is puppet-agent, because it refuses to notice changes to resolv.conf, and has to be restarted to pick them up. Likely this is because it's using its own resolver library instead of the system calls, but this is a real PITA, since the only clean way to restart the puppet agent, from within puppet, essentially amounts to issuing `/etc/init.d/puppet restart`in the middle of a catalog-run, which sucks for all the obvious reasons you would think it does. D -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Trigger an event after a puppet run
size = self.logs.size if size == 0 then system /usr/lib/nagios/eventhandlers/submit_puppet_result + ip + puppet-report 0 \There has been no change\ else system /usr/lib/nagios/eventhandlers/submit_puppet_result + ip + puppet-report 2 \There have been + size.to_s + changes\ end end end This seems, at face value, to only be reporting upward change/no-change type of thing. I'm not at all ruby-ready as it were, in terms of programming skill, but it occurs to me that I can think of other conditions I'd be interested in reporting upward (syntax or other errors in the catalog received, or anything really, which causes a cached catalog to be used). Is there some easy way to add that functionality into this script? D -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Trigger an event after a puppet run
On Feb 16, 2011, at 2:49 PM, donavan wrote: Off hand you may be interested in the metrics portion of the report. Something like metrics[changes][:failed] would give you access to any resources that failed to apply. I don't recall how/if actual catalog failures are show in reports. A syntax error, for example, happens on the master and is presented to the client as a server error. One thing I have seen is where the client gives up waiting for the master and uses the cached catalog, but the master doesn't recognize that the client went away, and doesn't think anything went wrong, or anything like that (or at least doesn't create any sort of failure/error report). D -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Inter-Module Dependency
I tried looking in the language tutorial for this, but I couldn't find a reference for how to do it, but I'm sure it must be possible. So I've got two modules, one for random_app and one for dns_config. dns_config has a file resource resolv.conf which is just what the name implies. I want service 'foo' in my random_app module to subscribe to dns_config's resolv.conf, and if the resolv.conf changes, to restart. (Because, it's a misbehaving app who doesn't just use gethostbyname() calls, but runs its own resolver and never looks at resolv.conf again after it starts up.) I would have thought it'd just be subscribing the service to File['dns_config::resolv.conf'] but clearly that didn't work. ... Could not find dependency File[dns_config::resolv.conf] Any ideas on what I need to do to make that work? Cheers, D -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Possible to disable puppets internal CA, and use wildcard certs from DigiCert CA?
On Jan 28, 2011, at 2:02 PM, Daniel Pittman wrote: Yes. On the other hand, you will very quickly run into a problem: The puppet master uses the name in the SSL certificate that the client supplies as the node identifier. So, if you use that wildcard for your nodes you will not be able to uniquely identify them. You would have to have the same manifest on all of them, or reinvent all the distinctions that puppet already makes. I thought someone pointed out (when I went on one of my rants about the SSL/CA stuff in puppet) that there's a configuration-option to tell the puppetmaster to use the $fqdn fact as the nodename instead? So it shouldn't be THAT hard, if it's just a config-option. D -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppetmaster module path specification with wildcards
On Jan 18, 2011, at 9:38 PM, Bostjan Skufca wrote: Would anyone else fancy a wildcard path expansion in module path specification? Example: modulepath = /etc/puppet/modules/* ---[ above should expand to this equivalent ]-- [ provided that repo1 and repo2 dirs exist in /etc/puppet/modules ] modulepath = /etc/puppet/modules/repo1:/etc/puppet/modules/repo2 There are a couple potential caveats to that, the most serious being sort methodology for the wildcard expansion. It would have to be deterministic in terms of always being sorted the same way (because a straight wildcard expansion will present the various directory items in essentially random order). If you care about in what order things are in the path, then it would be a bad idea to use, but if the sort-methodology is well documented so nobody is surprised, then it should be fine. (IMHO) D -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Autosign Certificate upon rebuild
I think that is the workflow I am going to use, before I kick off the rebuild run puppetca --clean fqdn and keep the fqdn in the autosign.conf so when it rebuilds and kicks off the puppet service the ca just autosigns the cert. It would be nice to be able to set a special key/password that the puppet daemon could send that would tell the ca to revoke previous keys and autosign a new key for that host. On Mon, Jan 17, 2011 at 12:29 PM, Matt mjbl...@gmail.com wrote: one thing to keep in mind is if the server is the same name previously there will be an issue where you will need to use the puppetca on the master to clean out the old cert. On Jan 14, 3:36 pm, Ohad Levy ohadl...@gmail.com wrote: One way would be to enable autosign when you request your kickstart... if you ks is dynamically generated, that could be easily scripted. alternatively, you can have a look at Foreman [1] which handle this kind of things for you. Ohad [1] -http://theforeman.org On Fri, Jan 14, 2011 at 9:04 PM, Derek Tracy trac...@gmail.com wrote: I am implementing Puppet on a small RHEL 5.3 cluster (~14 machines). These boxes will be rebuilt via kickstart at least once a month. What would be the best way to handle the certificate signing, preferably one that has the least interaction? I want to be able to kick off the rebuild and walk away knowing that Puppet will startup and take care of the rest of the config. - Derek Tracy trac...@gmail.com - -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com puppet-users%2Bunsubscribe@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.- Hide quoted text - - Show quoted text - -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Autosign Certificate upon rebuild
I am implementing Puppet on a small RHEL 5.3 cluster (~14 machines). These boxes will be rebuilt via kickstart at least once a month. What would be the best way to handle the certificate signing, preferably one that has the least interaction? I want to be able to kick off the rebuild and walk away knowing that Puppet will startup and take care of the rest of the config. - Derek Tracy trac...@gmail.com - -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] security implications of a puppet run with sensitive data in the resources
Hi, So I was asked a bit about implications of distributing something sensitive through puppet. After a client talks to the puppet server (giving its local facts) and retrieves its catalog is the client allowed to fetch resources that may not be defined in its catalog? For example if someone is crafty and has compromised a client can they retrieve a file from the file server that was not in their catalog? Or can this only be secured this only handled by the file server IP acls (if you really call that secure)? It seems like auth.conf (http://docs.puppetlabs.com/guides/security.html and the default auth.conf file) would be what I am looking for however the only way I can think of tailoring this would be to only allow a node that is in a specific class to have access to a certain set of resources. Thanks, derek -- --- Derek T. Yarnell University of Maryland Institute for Advanced Computer Studies -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] security implications of a puppet run with sensitive data in the resources
On 12/22/10 8:38 PM, Patrick wrote: On Dec 22, 2010, at 5:18 PM, Derek Yarnell wrote: So I was asked a bit about implications of distributing something sensitive through puppet. After a client talks to the puppet server (giving its local facts) and retrieves its catalog is the client allowed to fetch resources that may not be defined in its catalog? For example if someone is crafty and has compromised a client can they retrieve a file from the file server that was not in their catalog? Or can this only be secured this only handled by the file server IP acls (if you really call that secure)? Just to confirm that. Any client with a valid certificate can get any file in any files directory unless you make changes. Templates are different because the templates are put into the catalog, so a client can only use templates you use in the catalog. Ok so is the only way to secure the files is via IP/hostname or am I missing something in the auth.conf? Thanks, derek -- --- Derek T. Yarnell University of Maryland Institute for Advanced Computer Studies -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Fact auto sync reloading
On 12/6/10 10:52 AM, Nigel Kersten wrote: On Mon, Dec 6, 2010 at 7:46 AM, Derek Yarnell de...@umiacs.umd.edu wrote: On 12/3/10 5:13 PM, Nigel Kersten wrote: On Fri, Dec 3, 2010 at 11:58 AM, Derek Yarnell de...@umiacs.umd.edu wrote: So we run puppetd as a long running ruby process on the hosts. When we update a fact that gets auto sync'd to the host it seems when puppetd wakes up and starts its catalog run it doesn't re-sync the facts. It you run it standalone it will or if you restart the service then it will do the right thing. Do other people see this? Or have you all gone to running out of cron? What puppet version? Are you using factsync or pluginsync? Hi, I have noticed this through 0.24.x, 0.25.x and now 2.6.1 which we are running (both server and client) now everywhere. pluginsync = true pluginsource = puppet://$server/plugins Something is special about your case, as I've definitely used this functionality in 0.25.x. Can anyone else replicate this with a node in daemon mode? Anything exotic about your server/filesystem/mount ? After double checking this, I can't seem to replicate it on 2.6.1 now. Sigh, sorry for the trouble. One other thing always annoys me though seems benign, # puppetd --test info: Retrieving plugin info: Loading facts in os_name info: Loading facts in hostname_hour info: Loading facts in os_platform info: Loading facts in nvidia_graphics info: Loading facts in os_version info: Loading facts in pam_limits_d info: Loading facts in rhn info: Loading facts in scratch info: Loading facts in os_name info: Loading facts in hostname_hour info: Loading facts in os_platform info: Loading facts in nvidia_graphics info: Loading facts in os_version info: Loading facts in pam_limits_d info: Loading facts in rhn info: Loading facts in scratch Why does it load the facts twice, or is this just misleading? Thanks, derek -- --- Derek T. Yarnell University of Maryland Institute for Advanced Computer Studies -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Fact auto sync reloading
So we run puppetd as a long running ruby process on the hosts. When we update a fact that gets auto sync'd to the host it seems when puppetd wakes up and starts its catalog run it doesn't re-sync the facts. It you run it standalone it will or if you restart the service then it will do the right thing. Do other people see this? Or have you all gone to running out of cron? Thanks, Derek -- Derek Yarnell -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Disabling Certificates
Has anyone had any luck in actually disabling certificates entirely. Just trust the hostname you get from DNS and treat that info as authoritative. I'm in the Puppet BoF @ LISA, and (essentially) was told that's never going to happen, even though I have *no* need for the security that the certificates theoretically provide and they get in my way far more often than any alleged help. Has anyone managed to just obliterate the whole certificate-nightmare from Puppet? Is there anyone else who thinks they add way more complications than they are worth? Cheers, D -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Disabling Certificates
On Nov 11, 2010, at 6:26 PM, donavan wrote: From your comment in #3958 I think autosign[1] with *.domain.tld would work for you. Nope. Because autosign doesn't also auto-overwrite. - New Host foo001.domain.tld is created - Certs are exchanged for foo001 with the puppetmaster, life is good, autosigned - Host foo001.domain.tld is retired - Replacement Host foo001.domain.tld is created - foo001 tries to talk to puppetmaster, presenting brand new certs. They don't match what the master has for that host. It tells foo001 to pound-sand. At that point, I have to manually log into the CA and clean out the certificates for foo001. I also have to go out to foo001, and blow away all ITS certs, since it's been given a cert it has no idea what to do with. It's just ugly. Like I said in my ticket notes, I'll concede that for some people, it's a necessity, but there's clearly also a set of people for whom it is just unnecessary pain and suffering. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppet 2.6.x with rrdtool
Hi, Since upgrading to 2.6.1 (previously on 0.25.x) our puppet master has been pretty constantly reporting this, puppet-master[26174]: Report rrdgraph failed: Failed to update time: unknown DS name '' In puppet.conf we just have, [master] ... reports = store,log,rrdgraph This was not throwing the error before on 0.25.x puppet master and it does seem like some (maybe all?) of the rrd graphs are getting updated. Wondering if anyone had any thoughts. Thanks, derek Derek Yarnell UNIX Systems Administrator University of Maryland Institute for Advanced Computer Studies -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Making edits to /etc/system on Solaris
Alternatively you could just use a template /etc/system where you put most of the logic into the ERB by putting if defined entries in. -- Derek Yarnell On Sep 14, 2010, at 1:25 AM, John Warburton jwarbur...@gmail.com wrote: I may not go down that path, but you've triggered something in my head - why don't I use concat file? http://www.devco.net/archives/2010/03/12/puppet_concat_20100312.php If there isn't anything more elegant, I'll use concat Thanks for the different viewing angle :-) John On 14 September 2010 15:03, Brian Gallew g...@gallew.org wrote: I've basically ended up with one /etc/system to rule them all (and in the darkness bind them?). Fortunately for me, my systems are large enough to support this and there have been no conflicting requirements. I'm sure I'm losing some tiny bit of performance and memory, but I really can't work up enough concern to do anything about it. On Mon, Sep 13, 2010 at 5:29 PM, John Warburton jwarbur...@gmail.com wrote: Hi All Just wondering what everyone else does when editing /etc/system on Solaris It is on the Augeas To Do list (http://augeas.net/page/Augeas_on_Solaris) - has anyone tried a lens for it? I tried to start but the file format is almost free form and there would always be an exception causing the parse to fail So, apart from http://projects.puppetlabs.com/projects/1/wiki/Simple_Text_Patterns, I don't see any other solution Thanks John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- John Warburton Ph: 0417 299 600 Email: jwarbur...@gmail.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppet file recursion requires two passes to converge
Hi, So for awhile I have been seeing this issue but it hasn't been painful. However, recently I have been deploying a new module that has made it much more annoying. file { cdh3_config: recurse = true, ignore = .svn, checksum = md5, notify = Exec[hadoop_alternatives], require = Package[hadoop], path = /etc/hadoop-$bespin_cdh3_version/conf.bespin, source = puppet:///modules/cdh/cdh3/conf.bespin, } Then I have 2-3 different hadoop services that subscribe this resource. So if you make a change in the directory it will correctly refresh the services. However the next time puppet runs, it will notice there is a mtime difference on the directory and this will also trigger a refresh. notice: //cdh::cdh3/File[cdh3_config]/checksum: checksum changed '{mtime}Wed Sep 01 21:28:46 -0400 2010' to '{mtime}Thu Sep 02 08:53:56 -0400 2010' This is not good since this forces the services to restart again, which is really annoying. We run, puppet 0.25.4. Thanks, derek Derek Yarnell UNIX Systems Administrator University of Maryland Institute for Advanced Computer Studies -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppet file recursion requires two passes to converge
Hi Pete, It does seem fixed in 2.6.1rc3, however 0.25.5 it is still happens. Has there been a convergence of opinion on how to roll out 2.6.x? Server first then clients? Clients first then the server? Everything at once? (that is hard obviously) Thanks, derek On Sep 2, 2010, at 11:51 AM, Peter Meier wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 So if you make a change in the directory it will correctly refresh the services. However the next time puppet runs, it will notice there is a mtime difference on the directory and this will also trigger a refresh. notice: //cdh::cdh3/File[cdh3_config]/checksum: checksum changed '{mtime}Wed Sep 01 21:28:46 -0400 2010' to '{mtime}Thu Sep 02 08:53:56 -0400 2010' This is not good since this forces the services to restart again, which is really annoying. We run, puppet 0.25.4. This might be a bug. It would be good if you could test if it still exists on lates 2.6.1rcX an/or file a bug if there isn't yet one. pete -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkx/x+gACgkQbwltcAfKi3/GngCgh3gI8ufV4kIdGkp8f10D97BR wrUAmgOoo1mnU989whu9hDoPSwk9qDk9 =PtFf -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. Derek Yarnell UNIX Systems Administrator University of Maryland Institute for Advanced Computer Studies -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Refreshing puppetd from within puppetd
On Jun 21, 2010, at 9:03 PM, Patrick Mohr wrote: Anyone have advice? I don't want to put puppet in cron if I can avoid it. We did this: service { puppet : enable = true, require = [ File['etc-sysconfig-puppet'],File['puppet.conf'] ], subscribe = [ File['etc-sysconfig-puppet'],File['puppet.conf'] ], hasrestart = true } the hasrestart tells it not to do a stop, start but instead to do a restart, so it happily seems to work any time we change a config file. D -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Import behavior
Am I reading the right code which I believe is responsible and that Import foo/* does not recursively import beyond the directory of foo correct? Does the behavior of module importation import everything recursively from the manifests directory? I am seeing behavior where a class in a module was working but it wasn't imported it seems. Thanks, derek - def find_manifests(start, options = {}) cwd = options[:cwd] || Dir.getwd module_name, pattern = split_file_path(start) begin if mod = Puppet::Module.find(module_name, options[:environment]) return mod.match_manifests(pattern) end rescue Puppet::Module::InvalidName # Than that would be a no. end abspat = File::expand_path(start, cwd) files = Dir.glob(abspat).reject { |f| FileTest.directory?(f) } if files.size == 0 files = Dir.glob(abspat + .pp).reject { |f| FileTest.directory?(f) } end return files end Thanks, derek -- --- Derek T. Yarnell University of Maryland Institute for Advanced Computer Studies -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] preseed/late_command
Hi, Anyone running puppetd --test in their preseed late_command? I can't seem to get it working as the installer hangs forever in the late_preseed stage. This is what I am using, d-i preseed/late_command string chroot /target; mount /proc; /usr/sbin/puppetd --test --server puppetserver.my.domain Thanks, derek -- --- Derek T. Yarnell University of Maryland Institute for Advanced Computer Studies -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] preseed/late_command
Hi, Anyone running puppetd --test in their preseed late_command? I can't seem to get it working as the installer hangs forever in the late_preseed stage. This is what I am using, d-i preseed/late_command string chroot /target; mount /proc; /usr/sbin/puppetd --test --server puppetserver.my.domain If I run this in a virtual console it seems to work fine. Anyone doing this or have they gone another way? Thanks, derek -- -- Derek Yarnell -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet Wiki Migrated from Trac to Redmine
All I want to say is thanks, I found Trac and its searching to be such a PITA. This was such a pleasant surprise :) -- --- Derek T. Yarnell University of Maryland Institute for Advanced Computer Studies -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] syncing custom facts
Could it be since you are not specifying a environment (puppetd --test --environment=development) that you have not defined your modulepath = /etc/puppet/modules at a global level that there is no idea where to find them? Thanks, derek On 2/4/10 10:06 AM, byron appelt wrote: I am trying to get a custom fact to sync and have tried just about everything. I am trying to follow this: http://reductivelabs.com/trac/puppet/wiki/PluginsInModules I have put my custom fact in /etc/puppet-dev/manifests/classes/custom/ lib/facter puppet.conf on my puppetmaster looks like this [main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet pluginsync=true server = puppetmaster.numerex.com environments = development,testing,production [puppetmasterd] certname=puppetmaster.numerex.com [puppetd] report = true [testing] modulepath = /etc/puppet-dev/manifests/classes templatedir=/etc/puppet-dev/templates manifest = /etc/puppet-dev/manifests/site.pp factpath = /etc/puppet-dev/facter pluginsync = true [production] modulepath = /etc/puppet/manifests/classes templatedir=/etc/puppet/templates manifest = /etc/puppet/manifests/site.pp And in fileserver.conf I have: [files] path /etc/puppet/files allow * [plugins] allow *.numerexfast.com [modules] allow *.numerexfast.com And on my puppet client it looks like this: [main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter pluginsync=true server=puppetmaster.numerex.com environments=production,testing environment=testing [puppetmasterd] templatedir=/var/lib/puppet/templates [puppetd] report = true When I run puppetd --test on the client, I see the following error: nfo: Retrieving plugins err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of resource: No specified source was found from puppet://puppetmaster.numerex.com/plugins And I cannot find my custom fact anywhere under /var/lib/puppet on the client What am I missing here? I assume that I should find the fact somewhere on the client. -- --- Derek T. Yarnell University of Maryland Institute for Advanced Computer Studies -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] reload/restarting puppetd after puppet.conf change
Subject basically says it all. Anyone have a good idea of how to get puppetd restarted after installing a updated puppet.conf? Using the Service types obviously doesn't work since puppet is already running. Is there no, please reload your config on the next run option? I mean there is always some screwing with a cronjob to just restart puppet once and awhile but I dunno I was hoping for something more clean. Thanks, derek -- -- Derek Yarnell -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] content questions
So using the content = attribute on files is obviously very helpful. We are using it and templating to really do some powerful things. However, I have run into a few cases where I want to have for example have a file and then prepend or append onto it another file(s). Now I know I can redefine the content attribute however if I had say more than one file to append my logic becomes very hard to deal with. Something like this is what I wanted to do but get a error about using a private method 'split'. class foo { $array = ['module/foo.erb'] file { foobarbaz: content = template($array) } } class bar inherits foo { $array += ['module/bar.erb'] } Anyone been trying to do something similar? -- --- Derek T. Yarnell -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Facter 1.5.7 and operatingsystemrelease
I think the problem is that using the LSB stuff is unhelpful since non-Linux systems don't support it. The issue with operatingsystemrelease is that behavior has kinda changed with rhel5 from 3 and 4. Now I realize that all it is doing is tokenizing /etc/redhat-release but i agree that this annoys the crap out of me and we implement local facts to make this better. On Tuesday, December 22, 2009, Len Rugen lenru...@gmail.com wrote: I posted a question about the lsb prefixed facts a few weeks ago. lsbmaj may be what you're looking for. On Tue, Dec 22, 2009 at 9:17 AM, Kenton Brede kbr...@gmail.com wrote: On Tue, Oct 20, 2009 at 8:45 PM, Ohad Levy ohadl...@gmail.com wrote: Hi, I for one, thinks that the operatingsystemrelease fact should contain only the major number of the operating system, e.g. for Centos/Rehat 5.4 it should return just 5. the reason behind it is that I rarely use the full release version as a variable, and if I do, I use the lsb facts. this change is very annoying, as it requires to change your manifest again (we had the same issue between facter 1.38 and 1.5.0). I ended up having my own fact which is just a wrapper for the operatingsystem relase, as it one point of time I might have multiple facter version running around I searched through old messages and didn't see that this had been addressed. I can see people wanting facter to report the minor version and others wanting just the major release number. The way it stands I'll need to change every operatingystemrelease variable, each time a new minor version come out. That's a pain I don't need. So I'll work around this by creating my own fact. Having two variables for the OS release seems to me a good choice. Just my 2 cents. Kent -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- --- Derek T. Yarnell -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] private fileserver config
Running 0.25.0b2, Trying to do ssh host public/private key installation via the file type, file { ssh_host_dsa_key.pub: path = $base_path/ssh_host_dsa_key.pub, mode = 0644, owner = root, group = root, source = puppet://puppet/private/ssh/ssh_host_dsa_key.pub, notify = Service[sshd], } It compiles its catalog correctly but then i get this for ever file that I am doing this with, puppetmasterd[24041]: No client; expanding '/etc/puppet/private/%H' with local host My puppetmaster has the following in the fileserver.conf, [private] path /etc/puppet/private/%H allow * # ls /etc/puppet/private/#FQDN#/ssh/ssh_host_dsa_key.pub /etc/puppet/private/#FQDN#/ssh/ssh_host_dsa_key.pub Is this a bug or am I just doing something wrong here, this is the first time I have tried with a [private] section before. Thanks, derek -- --- Derek T. Yarnell --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: puppetd no-daemonize
I spoke too soon, I recompiled with ruby 1.8.7, added rubygems and installed puppet and got the same behavior on RHEL4. Can anyone confirm that --no-daemonize works for them on RHEL4? puppetd --onetime --no-daemonize --verbose --debug Thanks, derek On Thu, Jul 23, 2009 at 7:40 PM, Derek Yarnell derektyarn...@gmail.comwrote: Ok, this would seem to be a problem on RHEL4 w/ the built in ruby as my RHEL5 w/ the built in ruby works as I would expect running the same command. RHEL4 ships with, # ruby --version ruby 1.8.1 (2003-12-25) [i386-linux-gnu] What are other people doing on RHEL4 are you using the built in ruby or are you providing a newer version? Funny thing is that everything works just fine other than this with the built in ruby, I just wanted to make sure that in the %post install of the kickstart that puppet actually ran (if you background it the %post install will just finish and reboot before puppet has a chance to run). Anyone else been trying to do this? Thanks, derek On Thu, Jul 23, 2009 at 6:49 PM, Trevor Vaughan peiriann...@gmail.comwrote: Just for input, I haven't been seeing this behavior with 0.24.8 (or any previous release) on Fedora. Trevor On Thu, Jul 23, 2009 at 17:43, Derek Yarnellderektyarn...@gmail.com wrote: On Tue, Jul 21, 2009 at 8:13 PM, Luke Kanies l...@madstop.com wrote: It's not daemonizing there, it's exiting -- if you use --onetime, it exits after the run. It really does daemonize there, # ps axuww | grep puppet root 2476 0.0 0.2 4036 644 pts/1S+ 17:41 0:00 grep puppet # /usr/sbin/puppetd --onetime --no-daemonize --verbose --debug debug: Creating default schedules debug: Failed to load library 'shadow' for feature 'libshadow' debug: Failed to load library 'ldap' for feature 'ldap' ... debug: Finishing transaction -606656664 with 0 changes # ps axuww | grep puppet root 2518 88.0 6.0 19080 15412 ? Rs 17:41 0:00 /usr/bin/ruby /usr/sbin/puppetd --onetime --no-daemonize --verbose --debug root 2541 0.0 0.2 4888 648 pts/1S+ 17:41 0:00 grep puppet It is doing --onetime correctly but still regardless of putting --no-daemonize or not it still forks into the background. -- --- Derek T. Yarnell -- --- Derek T. Yarnell -- --- Derek T. Yarnell --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: puppetd no-daemonize
--test does do the right thing and doesn't fork a copy into the background and does what I need it to do running the built in version of ruby (1.8.1) or running the new ruby (1.8.7). Anyway thanks again, derek On Fri, Jul 24, 2009 at 1:05 PM, Trevor Hemsley trevor.hems...@codefarm.com wrote: I no longer have a RHEL4 system to try it on but our standard until a few months ago was RHEL4 and puppetd --test certainly used to work (--test includes --no-daemonize) I seem to remember that we had other problems with Ruby as supplied by Centos4 so we installed these: ruby-1.8.5-5.el4.centos.1.i386.rpm ruby-irb-1.8.5-5.el4.centos.1.i386.rpm ruby-libs-1.8.5-5.el4.centos.1.i386.rpm ruby-mode-1.8.5-5.el4.centos.1.i386.rpm ruby-rdoc-1.8.5-5.el4.centos.1.i386.rpm Didn't see any problems after that. Derek Yarnell wrote: I spoke too soon, I recompiled with ruby 1.8.7, added rubygems and installed puppet and got the same behavior on RHEL4. Can anyone confirm that --no-daemonize works for them on RHEL4? puppetd --onetime --no-daemonize --verbose --debug Thanks, derek On Thu, Jul 23, 2009 at 7:40 PM, Derek Yarnell derektyarn...@gmail.com mailto:derektyarn...@gmail.com wrote: Ok, this would seem to be a problem on RHEL4 w/ the built in ruby as my RHEL5 w/ the built in ruby works as I would expect running the same command. RHEL4 ships with, # ruby --version ruby 1.8.1 (2003-12-25) [i386-linux-gnu] What are other people doing on RHEL4 are you using the built in ruby or are you providing a newer version? Funny thing is that everything works just fine other than this with the built in ruby, I just wanted to make sure that in the %post install of the kickstart that puppet actually ran (if you background it the %post install will just finish and reboot before puppet has a chance to run). Anyone else been trying to do this? Thanks, derek On Thu, Jul 23, 2009 at 6:49 PM, Trevor Vaughan peiriann...@gmail.com mailto:peiriann...@gmail.com wrote: Just for input, I haven't been seeing this behavior with 0.24.8 (or any previous release) on Fedora. Trevor On Thu, Jul 23, 2009 at 17:43, Derek Yarnellderektyarn...@gmail.com mailto:derektyarn...@gmail.com wrote: On Tue, Jul 21, 2009 at 8:13 PM, Luke Kanies l...@madstop.com mailto:l...@madstop.com wrote: It's not daemonizing there, it's exiting -- if you use --onetime, it exits after the run. It really does daemonize there, # ps axuww | grep puppet root 2476 0.0 0.2 4036 644 pts/1S+ 17:41 0:00 grep puppet # /usr/sbin/puppetd --onetime --no-daemonize --verbose --debug debug: Creating default schedules debug: Failed to load library 'shadow' for feature 'libshadow' debug: Failed to load library 'ldap' for feature 'ldap' ... debug: Finishing transaction -606656664 with 0 changes # ps axuww | grep puppet root 2518 88.0 6.0 19080 15412 ? Rs 17:41 0:00 /usr/bin/ruby /usr/sbin/puppetd --onetime --no-daemonize --verbose --debug root 2541 0.0 0.2 4888 648 pts/1S+ 17:41 0:00 grep puppet It is doing --onetime correctly but still regardless of putting --no-daemonize or not it still forks into the background. -- --- Derek T. Yarnell -- --- Derek T. Yarnell -- --- Derek T. Yarnell -- Trevor Hemsley Infrastructure Engineer . * C A L Y P S O * Brighton, UK OFFICE +44 (0) 1273 666 350 FAX +44 (0) 1273 666 351 . www.calypso.com This electronic-mail might contain confidential information intended only for the use by the entity named. If the reader of this message is not the intended recipient, the reader is hereby notified that any dissemination, distribution or copying is strictly prohibited. * P * /*/ Please consider the environment before printing this e-mail /*/ -- --- Derek T. Yarnell --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: puppetd no-daemonize
On Tue, Jul 21, 2009 at 8:13 PM, Luke Kanies l...@madstop.com wrote: It's not daemonizing there, it's exiting -- if you use --onetime, it exits after the run. It really does daemonize there, # ps axuww | grep puppet root 2476 0.0 0.2 4036 644 pts/1S+ 17:41 0:00 grep puppet # /usr/sbin/puppetd --onetime --no-daemonize --verbose --debug debug: Creating default schedules debug: Failed to load library 'shadow' for feature 'libshadow' debug: Failed to load library 'ldap' for feature 'ldap' ... debug: Finishing transaction -606656664 with 0 changes # ps axuww | grep puppet root 2518 88.0 6.0 19080 15412 ? Rs 17:41 0:00 /usr/bin/ruby /usr/sbin/puppetd --onetime --no-daemonize --verbose --debug root 2541 0.0 0.2 4888 648 pts/1S+ 17:41 0:00 grep puppet It is doing --onetime correctly but still regardless of putting --no-daemonize or not it still forks into the background. -- --- Derek T. Yarnell --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: puppetd no-daemonize
Ok, this would seem to be a problem on RHEL4 w/ the built in ruby as my RHEL5 w/ the built in ruby works as I would expect running the same command. RHEL4 ships with, # ruby --version ruby 1.8.1 (2003-12-25) [i386-linux-gnu] What are other people doing on RHEL4 are you using the built in ruby or are you providing a newer version? Funny thing is that everything works just fine other than this with the built in ruby, I just wanted to make sure that in the %post install of the kickstart that puppet actually ran (if you background it the %post install will just finish and reboot before puppet has a chance to run). Anyone else been trying to do this? Thanks, derek On Thu, Jul 23, 2009 at 6:49 PM, Trevor Vaughan peiriann...@gmail.comwrote: Just for input, I haven't been seeing this behavior with 0.24.8 (or any previous release) on Fedora. Trevor On Thu, Jul 23, 2009 at 17:43, Derek Yarnellderektyarn...@gmail.com wrote: On Tue, Jul 21, 2009 at 8:13 PM, Luke Kanies l...@madstop.com wrote: It's not daemonizing there, it's exiting -- if you use --onetime, it exits after the run. It really does daemonize there, # ps axuww | grep puppet root 2476 0.0 0.2 4036 644 pts/1S+ 17:41 0:00 grep puppet # /usr/sbin/puppetd --onetime --no-daemonize --verbose --debug debug: Creating default schedules debug: Failed to load library 'shadow' for feature 'libshadow' debug: Failed to load library 'ldap' for feature 'ldap' ... debug: Finishing transaction -606656664 with 0 changes # ps axuww | grep puppet root 2518 88.0 6.0 19080 15412 ? Rs 17:41 0:00 /usr/bin/ruby /usr/sbin/puppetd --onetime --no-daemonize --verbose --debug root 2541 0.0 0.2 4888 648 pts/1S+ 17:41 0:00 grep puppet It is doing --onetime correctly but still regardless of putting --no-daemonize or not it still forks into the background. -- --- Derek T. Yarnell -- --- Derek T. Yarnell --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] templates with ERB
So I have been doing some testing of content = template. Our site has used a custom solution for configuration management w/ a mix of rsync/m4/make and a little cfengine on the side. Now for us the power of m4 is that not only you can do variable substitution but it can include files. I am looking to be able to include files within a template w/ ERB but from the documentation that does not seem possible. Or even if it is possible to have a numter of templates listed in my content= that would be concatenated? Anyone else trying to do this or have done this? -- --- Derek T. Yarnell --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] templates, ERB include, import or whatever
So I have been doing some testing of content = template. Our site has used a custom solution for configuration management w/ a mix of rsync/m4/make and a little cfengine on the side. Now for us the power of m4 is that not only you can do variable substitution but it can include files. I am looking to be able to include files within a template w/ ERB but from the documentation that does not seem possible. Or even if it is possible to have a numter of templates listed in my content= that would be concatenated? Anyone else trying to do this or have done this? -- --- Derek T. Yarnell --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---