[Puppet Users] security implications of a puppet run with sensitive data in the resources
Hi, So I was asked a bit about implications of distributing something sensitive through puppet. After a client talks to the puppet server (giving its local facts) and retrieves its catalog is the client allowed to fetch resources that may not be defined in its catalog? For example if someone is crafty and has compromised a client can they retrieve a file from the file server that was not in their catalog? Or can this only be secured this only handled by the file server IP acls (if you really call that secure)? It seems like auth.conf (http://docs.puppetlabs.com/guides/security.html and the default auth.conf file) would be what I am looking for however the only way I can think of tailoring this would be to only allow a node that is in a specific class to have access to a certain set of resources. Thanks, derek -- --- Derek T. Yarnell University of Maryland Institute for Advanced Computer Studies -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] security implications of a puppet run with sensitive data in the resources
On 12/22/10 8:38 PM, Patrick wrote: On Dec 22, 2010, at 5:18 PM, Derek Yarnell wrote: So I was asked a bit about implications of distributing something sensitive through puppet. After a client talks to the puppet server (giving its local facts) and retrieves its catalog is the client allowed to fetch resources that may not be defined in its catalog? For example if someone is crafty and has compromised a client can they retrieve a file from the file server that was not in their catalog? Or can this only be secured this only handled by the file server IP acls (if you really call that secure)? Just to confirm that. Any client with a valid certificate can get any file in any files directory unless you make changes. Templates are different because the templates are put into the catalog, so a client can only use templates you use in the catalog. Ok so is the only way to secure the files is via IP/hostname or am I missing something in the auth.conf? Thanks, derek -- --- Derek T. Yarnell University of Maryland Institute for Advanced Computer Studies -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Fact auto sync reloading
On 12/6/10 10:52 AM, Nigel Kersten wrote: On Mon, Dec 6, 2010 at 7:46 AM, Derek Yarnell de...@umiacs.umd.edu wrote: On 12/3/10 5:13 PM, Nigel Kersten wrote: On Fri, Dec 3, 2010 at 11:58 AM, Derek Yarnell de...@umiacs.umd.edu wrote: So we run puppetd as a long running ruby process on the hosts. When we update a fact that gets auto sync'd to the host it seems when puppetd wakes up and starts its catalog run it doesn't re-sync the facts. It you run it standalone it will or if you restart the service then it will do the right thing. Do other people see this? Or have you all gone to running out of cron? What puppet version? Are you using factsync or pluginsync? Hi, I have noticed this through 0.24.x, 0.25.x and now 2.6.1 which we are running (both server and client) now everywhere. pluginsync = true pluginsource = puppet://$server/plugins Something is special about your case, as I've definitely used this functionality in 0.25.x. Can anyone else replicate this with a node in daemon mode? Anything exotic about your server/filesystem/mount ? After double checking this, I can't seem to replicate it on 2.6.1 now. Sigh, sorry for the trouble. One other thing always annoys me though seems benign, # puppetd --test info: Retrieving plugin info: Loading facts in os_name info: Loading facts in hostname_hour info: Loading facts in os_platform info: Loading facts in nvidia_graphics info: Loading facts in os_version info: Loading facts in pam_limits_d info: Loading facts in rhn info: Loading facts in scratch info: Loading facts in os_name info: Loading facts in hostname_hour info: Loading facts in os_platform info: Loading facts in nvidia_graphics info: Loading facts in os_version info: Loading facts in pam_limits_d info: Loading facts in rhn info: Loading facts in scratch Why does it load the facts twice, or is this just misleading? Thanks, derek -- --- Derek T. Yarnell University of Maryland Institute for Advanced Computer Studies -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Fact auto sync reloading
So we run puppetd as a long running ruby process on the hosts. When we update a fact that gets auto sync'd to the host it seems when puppetd wakes up and starts its catalog run it doesn't re-sync the facts. It you run it standalone it will or if you restart the service then it will do the right thing. Do other people see this? Or have you all gone to running out of cron? Thanks, Derek -- Derek Yarnell -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppet 2.6.x with rrdtool
Hi, Since upgrading to 2.6.1 (previously on 0.25.x) our puppet master has been pretty constantly reporting this, puppet-master[26174]: Report rrdgraph failed: Failed to update time: unknown DS name '' In puppet.conf we just have, [master] ... reports = store,log,rrdgraph This was not throwing the error before on 0.25.x puppet master and it does seem like some (maybe all?) of the rrd graphs are getting updated. Wondering if anyone had any thoughts. Thanks, derek Derek Yarnell UNIX Systems Administrator University of Maryland Institute for Advanced Computer Studies -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Making edits to /etc/system on Solaris
Alternatively you could just use a template /etc/system where you put most of the logic into the ERB by putting if defined entries in. -- Derek Yarnell On Sep 14, 2010, at 1:25 AM, John Warburton jwarbur...@gmail.com wrote: I may not go down that path, but you've triggered something in my head - why don't I use concat file? http://www.devco.net/archives/2010/03/12/puppet_concat_20100312.php If there isn't anything more elegant, I'll use concat Thanks for the different viewing angle :-) John On 14 September 2010 15:03, Brian Gallew g...@gallew.org wrote: I've basically ended up with one /etc/system to rule them all (and in the darkness bind them?). Fortunately for me, my systems are large enough to support this and there have been no conflicting requirements. I'm sure I'm losing some tiny bit of performance and memory, but I really can't work up enough concern to do anything about it. On Mon, Sep 13, 2010 at 5:29 PM, John Warburton jwarbur...@gmail.com wrote: Hi All Just wondering what everyone else does when editing /etc/system on Solaris It is on the Augeas To Do list (http://augeas.net/page/Augeas_on_Solaris) - has anyone tried a lens for it? I tried to start but the file format is almost free form and there would always be an exception causing the parse to fail So, apart from http://projects.puppetlabs.com/projects/1/wiki/Simple_Text_Patterns, I don't see any other solution Thanks John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- John Warburton Ph: 0417 299 600 Email: jwarbur...@gmail.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppet file recursion requires two passes to converge
Hi,
So for awhile I have been seeing this issue but it hasn't been painful.
However, recently I have been deploying a new module that has made it much more
annoying.
file { cdh3_config:
recurse = true,
ignore = .svn,
checksum = md5,
notify = Exec[hadoop_alternatives],
require = Package[hadoop],
path = /etc/hadoop-$bespin_cdh3_version/conf.bespin,
source = puppet:///modules/cdh/cdh3/conf.bespin,
}
Then I have 2-3 different hadoop services that subscribe this resource.
So if you make a change in the directory it will correctly refresh the
services. However the next time puppet runs, it will notice there is a mtime
difference on the directory and this will also trigger a refresh.
notice: //cdh::cdh3/File[cdh3_config]/checksum: checksum changed '{mtime}Wed
Sep 01 21:28:46 -0400 2010' to '{mtime}Thu Sep 02 08:53:56 -0400 2010'
This is not good since this forces the services to restart again, which is
really annoying.
We run, puppet 0.25.4.
Thanks,
derek
Derek Yarnell
UNIX Systems Administrator
University of Maryland
Institute for Advanced Computer Studies
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppet file recursion requires two passes to converge
Hi Pete,
It does seem fixed in 2.6.1rc3, however 0.25.5 it is still happens. Has there
been a convergence of opinion on how to roll out 2.6.x? Server first then
clients? Clients first then the server? Everything at once? (that is hard
obviously)
Thanks,
derek
On Sep 2, 2010, at 11:51 AM, Peter Meier wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
So if you make a change in the directory it will correctly refresh
the services. However the next time puppet runs, it will notice
there is a mtime difference on the directory and this will also
trigger a refresh.
notice: //cdh::cdh3/File[cdh3_config]/checksum: checksum changed
'{mtime}Wed Sep 01 21:28:46 -0400 2010' to '{mtime}Thu Sep 02
08:53:56 -0400 2010'
This is not good since this forces the services to restart again,
which is really annoying.
We run, puppet 0.25.4.
This might be a bug. It would be good if you could test if it still
exists on lates 2.6.1rcX an/or file a bug if there isn't yet one.
pete
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkx/x+gACgkQbwltcAfKi3/GngCgh3gI8ufV4kIdGkp8f10D97BR
wrUAmgOoo1mnU989whu9hDoPSwk9qDk9
=PtFf
-END PGP SIGNATURE-
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Derek Yarnell
UNIX Systems Administrator
University of Maryland
Institute for Advanced Computer Studies
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Import behavior
Am I reading the right code which I believe is responsible and that
Import foo/* does not recursively import beyond the directory of foo
correct?
Does the behavior of module importation import everything recursively
from the manifests directory? I am seeing behavior where a class in a
module was working but it wasn't imported it seems.
Thanks,
derek
-
def find_manifests(start, options = {})
cwd = options[:cwd] || Dir.getwd
module_name, pattern = split_file_path(start)
begin
if mod = Puppet::Module.find(module_name,
options[:environment])
return mod.match_manifests(pattern)
end
rescue Puppet::Module::InvalidName
# Than that would be a no.
end
abspat = File::expand_path(start, cwd)
files = Dir.glob(abspat).reject { |f| FileTest.directory?(f) }
if files.size == 0
files = Dir.glob(abspat + .pp).reject { |f|
FileTest.directory?(f) }
end
return files
end
Thanks,
derek
--
---
Derek T. Yarnell
University of Maryland
Institute for Advanced Computer Studies
--
You received this message because you are subscribed to the Google Groups Puppet
Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] preseed/late_command
Hi, Anyone running puppetd --test in their preseed late_command? I can't seem to get it working as the installer hangs forever in the late_preseed stage. This is what I am using, d-i preseed/late_command string chroot /target; mount /proc; /usr/sbin/puppetd --test --server puppetserver.my.domain Thanks, derek -- --- Derek T. Yarnell University of Maryland Institute for Advanced Computer Studies -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] preseed/late_command
Hi, Anyone running puppetd --test in their preseed late_command? I can't seem to get it working as the installer hangs forever in the late_preseed stage. This is what I am using, d-i preseed/late_command string chroot /target; mount /proc; /usr/sbin/puppetd --test --server puppetserver.my.domain If I run this in a virtual console it seems to work fine. Anyone doing this or have they gone another way? Thanks, derek -- -- Derek Yarnell -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet Wiki Migrated from Trac to Redmine
All I want to say is thanks, I found Trac and its searching to be such a PITA. This was such a pleasant surprise :) -- --- Derek T. Yarnell University of Maryland Institute for Advanced Computer Studies -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] syncing custom facts
Could it be since you are not specifying a environment (puppetd --test --environment=development) that you have not defined your modulepath = /etc/puppet/modules at a global level that there is no idea where to find them? Thanks, derek On 2/4/10 10:06 AM, byron appelt wrote: I am trying to get a custom fact to sync and have tried just about everything. I am trying to follow this: http://reductivelabs.com/trac/puppet/wiki/PluginsInModules I have put my custom fact in /etc/puppet-dev/manifests/classes/custom/ lib/facter puppet.conf on my puppetmaster looks like this [main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet pluginsync=true server = puppetmaster.numerex.com environments = development,testing,production [puppetmasterd] certname=puppetmaster.numerex.com [puppetd] report = true [testing] modulepath = /etc/puppet-dev/manifests/classes templatedir=/etc/puppet-dev/templates manifest = /etc/puppet-dev/manifests/site.pp factpath = /etc/puppet-dev/facter pluginsync = true [production] modulepath = /etc/puppet/manifests/classes templatedir=/etc/puppet/templates manifest = /etc/puppet/manifests/site.pp And in fileserver.conf I have: [files] path /etc/puppet/files allow * [plugins] allow *.numerexfast.com [modules] allow *.numerexfast.com And on my puppet client it looks like this: [main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter pluginsync=true server=puppetmaster.numerex.com environments=production,testing environment=testing [puppetmasterd] templatedir=/var/lib/puppet/templates [puppetd] report = true When I run puppetd --test on the client, I see the following error: nfo: Retrieving plugins err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of resource: No specified source was found from puppet://puppetmaster.numerex.com/plugins And I cannot find my custom fact anywhere under /var/lib/puppet on the client What am I missing here? I assume that I should find the fact somewhere on the client. -- --- Derek T. Yarnell University of Maryland Institute for Advanced Computer Studies -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] reload/restarting puppetd after puppet.conf change
Subject basically says it all. Anyone have a good idea of how to get puppetd restarted after installing a updated puppet.conf? Using the Service types obviously doesn't work since puppet is already running. Is there no, please reload your config on the next run option? I mean there is always some screwing with a cronjob to just restart puppet once and awhile but I dunno I was hoping for something more clean. Thanks, derek -- -- Derek Yarnell -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] content questions
So using the content = attribute on files is obviously very helpful. We
are using it and templating to really do some powerful things. However, I
have run into a few cases where I want to have for example have a file and
then prepend or append onto it another file(s). Now I know I can redefine
the content attribute however if I had say more than one file to append my
logic becomes very hard to deal with.
Something like this is what I wanted to do but get a error about using a
private method 'split'.
class foo {
$array = ['module/foo.erb']
file { foobarbaz:
content = template($array)
}
}
class bar inherits foo {
$array += ['module/bar.erb']
}
Anyone been trying to do something similar?
--
---
Derek T. Yarnell
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Facter 1.5.7 and operatingsystemrelease
I think the problem is that using the LSB stuff is unhelpful since non-Linux systems don't support it. The issue with operatingsystemrelease is that behavior has kinda changed with rhel5 from 3 and 4. Now I realize that all it is doing is tokenizing /etc/redhat-release but i agree that this annoys the crap out of me and we implement local facts to make this better. On Tuesday, December 22, 2009, Len Rugen lenru...@gmail.com wrote: I posted a question about the lsb prefixed facts a few weeks ago. lsbmaj may be what you're looking for. On Tue, Dec 22, 2009 at 9:17 AM, Kenton Brede kbr...@gmail.com wrote: On Tue, Oct 20, 2009 at 8:45 PM, Ohad Levy ohadl...@gmail.com wrote: Hi, I for one, thinks that the operatingsystemrelease fact should contain only the major number of the operating system, e.g. for Centos/Rehat 5.4 it should return just 5. the reason behind it is that I rarely use the full release version as a variable, and if I do, I use the lsb facts. this change is very annoying, as it requires to change your manifest again (we had the same issue between facter 1.38 and 1.5.0). I ended up having my own fact which is just a wrapper for the operatingsystem relase, as it one point of time I might have multiple facter version running around I searched through old messages and didn't see that this had been addressed. I can see people wanting facter to report the minor version and others wanting just the major release number. The way it stands I'll need to change every operatingystemrelease variable, each time a new minor version come out. That's a pain I don't need. So I'll work around this by creating my own fact. Having two variables for the OS release seems to me a good choice. Just my 2 cents. Kent -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- --- Derek T. Yarnell -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] private fileserver config
Running 0.25.0b2,
Trying to do ssh host public/private key installation via the file type,
file { ssh_host_dsa_key.pub:
path = $base_path/ssh_host_dsa_key.pub,
mode = 0644,
owner = root,
group = root,
source =
puppet://puppet/private/ssh/ssh_host_dsa_key.pub,
notify = Service[sshd],
}
It compiles its catalog correctly but then i get this for ever file that I
am doing this with,
puppetmasterd[24041]: No client; expanding '/etc/puppet/private/%H' with
local host
My puppetmaster has the following in the fileserver.conf,
[private]
path /etc/puppet/private/%H
allow *
# ls /etc/puppet/private/#FQDN#/ssh/ssh_host_dsa_key.pub
/etc/puppet/private/#FQDN#/ssh/ssh_host_dsa_key.pub
Is this a bug or am I just doing something wrong here, this is the first
time I have tried with a [private] section before.
Thanks,
derek
--
---
Derek T. Yarnell
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---
[Puppet Users] Re: puppetd no-daemonize
I spoke too soon, I recompiled with ruby 1.8.7, added rubygems and installed puppet and got the same behavior on RHEL4. Can anyone confirm that --no-daemonize works for them on RHEL4? puppetd --onetime --no-daemonize --verbose --debug Thanks, derek On Thu, Jul 23, 2009 at 7:40 PM, Derek Yarnell derektyarn...@gmail.comwrote: Ok, this would seem to be a problem on RHEL4 w/ the built in ruby as my RHEL5 w/ the built in ruby works as I would expect running the same command. RHEL4 ships with, # ruby --version ruby 1.8.1 (2003-12-25) [i386-linux-gnu] What are other people doing on RHEL4 are you using the built in ruby or are you providing a newer version? Funny thing is that everything works just fine other than this with the built in ruby, I just wanted to make sure that in the %post install of the kickstart that puppet actually ran (if you background it the %post install will just finish and reboot before puppet has a chance to run). Anyone else been trying to do this? Thanks, derek On Thu, Jul 23, 2009 at 6:49 PM, Trevor Vaughan peiriann...@gmail.comwrote: Just for input, I haven't been seeing this behavior with 0.24.8 (or any previous release) on Fedora. Trevor On Thu, Jul 23, 2009 at 17:43, Derek Yarnellderektyarn...@gmail.com wrote: On Tue, Jul 21, 2009 at 8:13 PM, Luke Kanies l...@madstop.com wrote: It's not daemonizing there, it's exiting -- if you use --onetime, it exits after the run. It really does daemonize there, # ps axuww | grep puppet root 2476 0.0 0.2 4036 644 pts/1S+ 17:41 0:00 grep puppet # /usr/sbin/puppetd --onetime --no-daemonize --verbose --debug debug: Creating default schedules debug: Failed to load library 'shadow' for feature 'libshadow' debug: Failed to load library 'ldap' for feature 'ldap' ... debug: Finishing transaction -606656664 with 0 changes # ps axuww | grep puppet root 2518 88.0 6.0 19080 15412 ? Rs 17:41 0:00 /usr/bin/ruby /usr/sbin/puppetd --onetime --no-daemonize --verbose --debug root 2541 0.0 0.2 4888 648 pts/1S+ 17:41 0:00 grep puppet It is doing --onetime correctly but still regardless of putting --no-daemonize or not it still forks into the background. -- --- Derek T. Yarnell -- --- Derek T. Yarnell -- --- Derek T. Yarnell --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: puppetd no-daemonize
--test does do the right thing and doesn't fork a copy into the background and does what I need it to do running the built in version of ruby (1.8.1) or running the new ruby (1.8.7). Anyway thanks again, derek On Fri, Jul 24, 2009 at 1:05 PM, Trevor Hemsley trevor.hems...@codefarm.com wrote: I no longer have a RHEL4 system to try it on but our standard until a few months ago was RHEL4 and puppetd --test certainly used to work (--test includes --no-daemonize) I seem to remember that we had other problems with Ruby as supplied by Centos4 so we installed these: ruby-1.8.5-5.el4.centos.1.i386.rpm ruby-irb-1.8.5-5.el4.centos.1.i386.rpm ruby-libs-1.8.5-5.el4.centos.1.i386.rpm ruby-mode-1.8.5-5.el4.centos.1.i386.rpm ruby-rdoc-1.8.5-5.el4.centos.1.i386.rpm Didn't see any problems after that. Derek Yarnell wrote: I spoke too soon, I recompiled with ruby 1.8.7, added rubygems and installed puppet and got the same behavior on RHEL4. Can anyone confirm that --no-daemonize works for them on RHEL4? puppetd --onetime --no-daemonize --verbose --debug Thanks, derek On Thu, Jul 23, 2009 at 7:40 PM, Derek Yarnell derektyarn...@gmail.com mailto:derektyarn...@gmail.com wrote: Ok, this would seem to be a problem on RHEL4 w/ the built in ruby as my RHEL5 w/ the built in ruby works as I would expect running the same command. RHEL4 ships with, # ruby --version ruby 1.8.1 (2003-12-25) [i386-linux-gnu] What are other people doing on RHEL4 are you using the built in ruby or are you providing a newer version? Funny thing is that everything works just fine other than this with the built in ruby, I just wanted to make sure that in the %post install of the kickstart that puppet actually ran (if you background it the %post install will just finish and reboot before puppet has a chance to run). Anyone else been trying to do this? Thanks, derek On Thu, Jul 23, 2009 at 6:49 PM, Trevor Vaughan peiriann...@gmail.com mailto:peiriann...@gmail.com wrote: Just for input, I haven't been seeing this behavior with 0.24.8 (or any previous release) on Fedora. Trevor On Thu, Jul 23, 2009 at 17:43, Derek Yarnellderektyarn...@gmail.com mailto:derektyarn...@gmail.com wrote: On Tue, Jul 21, 2009 at 8:13 PM, Luke Kanies l...@madstop.com mailto:l...@madstop.com wrote: It's not daemonizing there, it's exiting -- if you use --onetime, it exits after the run. It really does daemonize there, # ps axuww | grep puppet root 2476 0.0 0.2 4036 644 pts/1S+ 17:41 0:00 grep puppet # /usr/sbin/puppetd --onetime --no-daemonize --verbose --debug debug: Creating default schedules debug: Failed to load library 'shadow' for feature 'libshadow' debug: Failed to load library 'ldap' for feature 'ldap' ... debug: Finishing transaction -606656664 with 0 changes # ps axuww | grep puppet root 2518 88.0 6.0 19080 15412 ? Rs 17:41 0:00 /usr/bin/ruby /usr/sbin/puppetd --onetime --no-daemonize --verbose --debug root 2541 0.0 0.2 4888 648 pts/1S+ 17:41 0:00 grep puppet It is doing --onetime correctly but still regardless of putting --no-daemonize or not it still forks into the background. -- --- Derek T. Yarnell -- --- Derek T. Yarnell -- --- Derek T. Yarnell -- Trevor Hemsley Infrastructure Engineer . * C A L Y P S O * Brighton, UK OFFICE +44 (0) 1273 666 350 FAX +44 (0) 1273 666 351 . www.calypso.com This electronic-mail might contain confidential information intended only for the use by the entity named. If the reader of this message is not the intended recipient, the reader is hereby notified that any dissemination, distribution or copying is strictly prohibited. * P * /*/ Please consider the environment before printing this e-mail /*/ -- --- Derek T. Yarnell --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: puppetd no-daemonize
On Tue, Jul 21, 2009 at 8:13 PM, Luke Kanies l...@madstop.com wrote: It's not daemonizing there, it's exiting -- if you use --onetime, it exits after the run. It really does daemonize there, # ps axuww | grep puppet root 2476 0.0 0.2 4036 644 pts/1S+ 17:41 0:00 grep puppet # /usr/sbin/puppetd --onetime --no-daemonize --verbose --debug debug: Creating default schedules debug: Failed to load library 'shadow' for feature 'libshadow' debug: Failed to load library 'ldap' for feature 'ldap' ... debug: Finishing transaction -606656664 with 0 changes # ps axuww | grep puppet root 2518 88.0 6.0 19080 15412 ? Rs 17:41 0:00 /usr/bin/ruby /usr/sbin/puppetd --onetime --no-daemonize --verbose --debug root 2541 0.0 0.2 4888 648 pts/1S+ 17:41 0:00 grep puppet It is doing --onetime correctly but still regardless of putting --no-daemonize or not it still forks into the background. -- --- Derek T. Yarnell --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: puppetd no-daemonize
Ok, this would seem to be a problem on RHEL4 w/ the built in ruby as my RHEL5 w/ the built in ruby works as I would expect running the same command. RHEL4 ships with, # ruby --version ruby 1.8.1 (2003-12-25) [i386-linux-gnu] What are other people doing on RHEL4 are you using the built in ruby or are you providing a newer version? Funny thing is that everything works just fine other than this with the built in ruby, I just wanted to make sure that in the %post install of the kickstart that puppet actually ran (if you background it the %post install will just finish and reboot before puppet has a chance to run). Anyone else been trying to do this? Thanks, derek On Thu, Jul 23, 2009 at 6:49 PM, Trevor Vaughan peiriann...@gmail.comwrote: Just for input, I haven't been seeing this behavior with 0.24.8 (or any previous release) on Fedora. Trevor On Thu, Jul 23, 2009 at 17:43, Derek Yarnellderektyarn...@gmail.com wrote: On Tue, Jul 21, 2009 at 8:13 PM, Luke Kanies l...@madstop.com wrote: It's not daemonizing there, it's exiting -- if you use --onetime, it exits after the run. It really does daemonize there, # ps axuww | grep puppet root 2476 0.0 0.2 4036 644 pts/1S+ 17:41 0:00 grep puppet # /usr/sbin/puppetd --onetime --no-daemonize --verbose --debug debug: Creating default schedules debug: Failed to load library 'shadow' for feature 'libshadow' debug: Failed to load library 'ldap' for feature 'ldap' ... debug: Finishing transaction -606656664 with 0 changes # ps axuww | grep puppet root 2518 88.0 6.0 19080 15412 ? Rs 17:41 0:00 /usr/bin/ruby /usr/sbin/puppetd --onetime --no-daemonize --verbose --debug root 2541 0.0 0.2 4888 648 pts/1S+ 17:41 0:00 grep puppet It is doing --onetime correctly but still regardless of putting --no-daemonize or not it still forks into the background. -- --- Derek T. Yarnell -- --- Derek T. Yarnell --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] templates with ERB
So I have been doing some testing of content = template. Our site has used a custom solution for configuration management w/ a mix of rsync/m4/make and a little cfengine on the side. Now for us the power of m4 is that not only you can do variable substitution but it can include files. I am looking to be able to include files within a template w/ ERB but from the documentation that does not seem possible. Or even if it is possible to have a numter of templates listed in my content= that would be concatenated? Anyone else trying to do this or have done this? -- --- Derek T. Yarnell --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] templates, ERB include, import or whatever
So I have been doing some testing of content = template. Our site has used a custom solution for configuration management w/ a mix of rsync/m4/make and a little cfengine on the side. Now for us the power of m4 is that not only you can do variable substitution but it can include files. I am looking to be able to include files within a template w/ ERB but from the documentation that does not seem possible. Or even if it is possible to have a numter of templates listed in my content= that would be concatenated? Anyone else trying to do this or have done this? -- --- Derek T. Yarnell --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
