Re: [Puppet Users] using generated query string in a collector

[Felix Frank]

On 04/04/2016 02:24 PM, Johan De Wit wrote:
I already I'm a big fan of iteration, but this needs to work on puppet 
3.[7|8].x


Well, there is always "old style pseudo-iteration".

define collect_my_stuff() {
  My_exp_res<<| tag == $name |>>
}

class X($collect_tags) {
  collect_my_stuff { $collect_tags: }
}

Untested, as always ;-)

HTH,
Felix

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/570C3FEF.1080708%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Need hide execution window on Windows Scheduled Tasks

[Felix Frank]

Hi,

if Puppet does not allow you to specify this preference, you could file 
it as a feature request.


https://tickets.puppetlabs.com/

The Windows devs at PL are quite crafty, you might get a patch faster 
than you think ;-)


Cheers,
Felix ( - throwing friends under the bus since 2013 )

On 03/15/2016 12:16 PM, Jesus Vte. Vila wrote:

Hi, I'm using Puppet Agent 1.3.5 on Windows Server 2008 and 2012.

When I create a Scheduled Task, it creates correctly but every time 
task is running, it shows the task screen. If the task is running 
every 5 minutes it's annoying.


I've observed Puppet Agent, create task and in the properties, in the 
part "Configure for" is selected "Windows Server 2003, Windows XP o 
Windows 2000"


If i change this for "Windows Vista or Windows 2008" the window of the 
running task is hidden :-) but when agent run again, it changes again 
to Windows 2003 


What can i do?

Thanks .


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56F32A21.3020102%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Custom type, relationship and fetch order

[Felix Frank]

Hi,

I'm not sure about directly forcing a prefetch action.

However, it seems to me that it would make sense for you to implement a 
*generate* method for your group type. It should enumerate the users 
that are members of the group and create a Puppet resource each. (Don't 
worry about duplicates, Puppet will prune those for you.)


HTH,
Felix

On 03/02/2016 02:23 PM, Thomas Champagne wrote:

Thanks for answering Felix,

I solve some problems with require/before parameters in the manifest. 
I create a new type (user_group) that define link between user and 
group. The provider of user_group type call the provider of user to 
get the relationship.


And I define new type in the manifest module :
|
define rest::user (
  $user_name =$title,
  $ensure =present,
  $groups =[],
){
  user {$title:ensure=>$ensure,before =>Group[$groups],}
 user_group {$title:ensure=>$ensure,groups 
=>$groups,require=>[User[$title],Group[$groups]],}

}
|

|
define rest::group(
  $user_name =$title,
  $ensure =present,
){
group{$title:ensure=>$ensure,}
}
|
|
So in the manifest, I define my node like this :
|
|
node 'host'{
rest::user {'bob':
ensure=>present,
groups =>['user','developer'],
}
rest::user {'alex':
ensure=>present,
groups =>['user'],
}
rest::group{'developer',
ensure=>present,
}
rest::group{'user',
ensure=>present,
}
}
|
|Now, the log is
||prefetch user
flush user 'bob'
flush user 'alex'
||prefetch group
flush group 'developer'
flush group 'user'
||prefetch user_group
||flush user_group 'bob'
flush user_group 'alex'|

I have last problem. When I only configure group that ensure is absent :
|
|
|node 'host'{
|rest::group{'developer',
ensure=>absent,
}
}
|

There is no user defined and so, user provider doesn't fetch user 
data. If there is a real relationship between the group and a user, 
the deletion failed because group provider doesn't know the relationship.

Is there a way to force fetch of a type ?

Thomas|


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56D6FA49.8060802%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet Facter AWS

[Felix Frank]

Hi,

could you please elaborate a bit on your issue? I do not quite 
understand what you are trying to do, and how you are currently failing.


Thanks,
Felix

On 02/24/2016 12:37 AM, Gowtham P R wrote:


Hi All,

I am not able to figure out how to replace "mac address value" with 
 first  mac address, appreciate your help.


$aws_account = 
$::facts['ec2_metadata']['network']['interfaces']['macs'] 
['02:df:8d:XX'][owner-id]'] ? {

  /123456789/ => 'account1',
  /123456789/ => 'account2',
  /123456789/ => 'account3',
  /123456789/ => 'account4',
  /123456789/ => 'account5',
}
notify { " ${aws_account} " : }



--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56D22E4D.9080303%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Help needed - I'm very new to puppet

[Felix Frank]

On 02/23/2016 07:25 PM, Istvan Kassai wrote:


Hi Warron,

How do you mean Learning VM? Is there a downloadable virtual appliance?
I've installed two Ubuntu VM-s onto KVM. Installed the puppet related 
packages, the agent can communicate with the master. This pair 
(master-agent) is in state "ready to work with", but I don't know how. :-(


Hi,

if you consider yourself to be generally well versed in programming and 
operations, you can use the quickstart book I wrote with Martin: 
https://www.packtpub.com/networking-and-servers/puppet-4-essentials-second-edition


It's pricey (can your employer buy it for you?), but it will take you 
through a series of rapid steps to get productive. If you go for it, 
please let me know what you think!


Cheers,
Felix

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56D22DDB.4050602%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Custom type, relationship and fetch order

[Felix Frank]

Hi,

I believe that all you have to do is taking care of the proper resource 
dependencies.


If you really want to rely on autorequire for this, you will have to 
make the logic more dynamic. This is easier if you target a Puppet 
version that has support for autobefore in addition to autorequire.


1. Have the user autorequire all groups if ensure => present
2. Have the user autobefore all groups is ensure => absent

This way, Puppet will make sure to remove all users before managing the 
group.


Of course, you can do this more safely by adding the appropriate 
require/before parameters in your manifest.


HTH,
Felix

On 02/19/2016 10:43 AM, Thomas Champagne wrote:

Hi,

I try to develop a new module to deploy resources with an API REST. 
But I have problems to define relationship between two resources.
I haven't problem to fetch and flush resource individually. This two 
resources are fetch with a REST endpoint but I can have the 
relationship between resources with only one endpoint. When I want to 
delete a resource, I must remove the relationship before removing this 
resource. But I can't know its dependencies because it is not returned 
by its REST endpoint. They are returned by the endpoint of the other 
resource.


It is not easy to describe it so I'm going to explain it with an example.
I have two resources group and user with two REST endpoints (with an 
example response) :

http://host/api/group :
|
[{name:'developer'},{name:'user'}]
|



http://host/api/user :
|
[{
name:'bob',
groups:['developer','user']
},{
name:'alex',
groups:['user']
}]
|



So I create two types and two provider to manage them :
|
Puppet::Type.newtype(:group)do
apply_to_device
ensurable
newparam(:name,:namevar =>true)
end
Puppet::Type.newtype(:user)do
apply_to_device
ensurable
newparam(:name,:namevar =>true)
newproperty(:groups,:array_matching =>:all)
autorequire(:group)do
self[:group]
end
end
|



The puppet config is :
|
node 'host'{
user {'bob':
ensure=>present,
groups =>['developer','user'],
}
user {'alex':
ensure=>present,
groups =>['user'],
}
group{'developer',
ensure=>present,
}
group{'user',
ensure=>present,
}
}
|



When I run "puppet device", the log is :
prefetch group
flush group 'developer'
flush group 'user'
prefetch user
flush user 'bob'
flush user 'alex'

Now I want to delete a group :
|
node 'host'{
user {'bob':
ensure=>present,
groups =>['user'],
}
user {'alex':
ensure=>present,
groups =>['user'],
}
group{'developer',
ensure=>absent,
}
group{'user',
ensure=>present,
}
}
|


When I run "puppet device", the log should be :
prefetch group
destroy group 'developer'
prefetch user
flush user 'bob'

But, when I want to delete a group, the endpoint check if is not 
affected to a user and throw an exception it there is any 
relationship. So, I must remove all user group before remove the group.
But I think this is not possible to do this with puppet because the 
management of each resource is by type. Puppet doesn't know the 
relations of a group when it flush the data group.
Is it possible with puppet to update the state of resources in this 
order :

prefetch group
prefetch user
destroy group 'developer' and relationship with user 'bob'
flush user 'bob'

I try other solution with an autosubscribe instead of autorequire to 
have a notification when the group is deleted but this notification 
happens at the end :

prefetch group
destroy group 'developer'
flush group 'user'
prefetch user
flush user 'bob'
flush user 'alex'
notify user 'bob'

I think the best order to do this is :
prefetch group
prefetch user
notify user 'bob' => Call an REST endpoint to remove relationship
destroy group 'developer'
flush group 'user'
flush user 'bob'
flush user 'alex'

Cheers,
Thomas
--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/df12fe71-070e-4a37-8b6f-e264b9470daf%40googlegroups.com 
.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56D1D7A0.2060902%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] facter doesn't show custom facts?

[Felix Frank]

Hi,

thanks for reading :-)

Traditionally, you had to invoke `facter -p` to receive Puppet's custom 
fact from the facter CLI. When we penned the book, PL had just removed 
that option in favor of `puppet facts`.


Shortly after, it became clear that the latter does not quite cover all 
bases, and `facter -p` was brought back. Oops! Bottom line, unless 
you're quite unlucky, you can use either `puppet facts` or the more 
convenient `facter -p`.


As for the diagram: Facter in Puppet's context is not *quite* the same 
as the CLI, yes. Puppet loads Facter as a library and uses its API 
directly. Invoking `facter` from the shell uses the same fact code, but 
without the Puppet context.


In other words, Facter *can* stand on its own, but with Puppet, you 
mostly call it *through* Puppet. (Or pass the -p flag, so that Facter 
loads Puppet's facts vice versa.)


HTH,
Felix

On 02/23/2016 07:29 PM, David Karr wrote:
I wouldn't call myself a puppet user yet.  I finished the "learning 
vm" tutorial, and I'm reading "Puppet 4 Essentials".


In P4E, I read that "facter" and "puppet facts" don't do the same 
thing.  The book says that the former doesn't support custom facts.  
This seems odd to me, although I wonder if it's even true.  The very 
next page after this statement shows a diagram with "custom facts" 
coming from "Master" to "Facter", although I suppose the "Facter" in 
that diagram may not correspond to the "facter" command-line app.


Is it really true that "puppet facts" shows custom facts, but "facter" 
does not?


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56CCCF37.6080702%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Announce: A REPL for the puppet language

[Felix Frank]

Cool, thanks for sharing!

I will mark this and try to check it out "soon".

Cheers,
Felix

On 02/20/2016 12:04 AM, Corey Osman wrote:

Hi,

I created a REPL for the puppet language this week. This is something 
that has been lacking for quite some time.



https://github.com/nwops/puppet-repl

Install: gem install puppet-repl
bash$ prepl


It is currently at version 0.0.1 but is still very functional.


MacBook-Pro-2~ % prepl
Puppet Version: 4.2.2
Puppet Repl Version: 0.0.1
Created by: NWOps >
Type "exit", "functions", "types", "reset", "help" for more information.

>> $hostname = 'node123.company.com '
 => node123.company.com 
>> $hostname =~ /node/
 => true
>> split($hostname, 'node')
 => ["", "123.company.com "]
>> ['/tmp/test1', '/tmp/test2'].each |String $file_path| { 
file{$file_path: ensure => present}}

 => ["/tmp/test1", "/tmp/test2"]
>> ['/tmp/test1', '/tmp/test2'].each |String $file_path| { 
file{$file_path: ensure => present}}
 => Evaluation Error: Error while evaluating a Resource Statement, 
Duplicate declaration: File[/tmp/test1] is already declared in file 
:1; cannot redeclare at line 1 at line 1:57

>>



Corey



--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56CA1BB4.3020102%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] firewall module to accept array of sources/dests

[Felix Frank]

On 02/19/2016 04:00 AM, Alex Harvey wrote:

So I think I'll call it:

firewall_multi

It will basically accept any parameter that firewall accepts and pass 
it straight through to the firewall resource, unless that parameter is 
the source or destination, in which case it will of course loop 
through these arrays, spawing one firewall resource for each.


:thumbs_up: :-)

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56C8F68B.4000504%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] SSL Error when connecting agent to master

[Felix Frank]

Hi,

a very brief bout of researching lead me to this: 
https://ask.puppetlabs.com/question/6065/mac-os-x-client-ssl-error-before-caching-ca-cert/


You may be experiencing Ruby/OpenSSL version mismatches as well. Perhaps 
the workaround of the OP over at ask will help you as well.


Good luck, please report your findings, cheers,
Felix

On 02/12/2016 05:35 PM, cmiller76 wrote:

Hi,

Disclaimer... I am fairly new to Puppet. :)

I have a puppet master server and a separate CA Server setup in my 
Puppet infrastructure. This infrastructure is running Puppet version 
3.8.4 and has been running fine for the past few weeks. Now, I am 
trying to connect a SLES 11SP2 linux server to the master, and when 
Puppet runs I get the following error:


*Error: Could not request certificate: SSL_connect returned=1 errno=0 
state=SSLv2/v3 read server hello A: (null)*


I have researched this error message and there is very little 
information available. Note that the agent server in question is in a 
completely different environment than other servers that I've had 
success with. I believe that in this environment the company sys 
admins have restricted SSL protocol to TSL1 only. However, when I use 
"openssl s_client" to test the connection from the agent to the master 
using TSL1, the connection is successful. It is not successful using 
sslv2 and sslv3.



Anyone know what this error could mean? Could the agent be trying to 
connect to the master using sslv2 or sslv3? I'm really stuck and would 
appreciate any help.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56C4EB25.6040706%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet 4, Windows and providers.

[Felix Frank]

Hi,

so the provider is available as a plugin in your module? It appears that 
Puppet 4 does not load it successfully.


You should probably enable debug output and look for clues as to why 
that is specifically.


(I half feel that `puppet apply` should first plugin-sync the Ruby code 
to $vardir, but I'm not sure.)


HTH,
Felix

On 02/12/2016 12:55 PM, Philip Wigg wrote:

Hi,

I am trying to use the puppetlabs-dsc module on Windows 2012r2. I have
WMF5 installed on the Windows guest. I am trying to get this working
using Vagrant but I'm not actually using the vagrant provider in the
examples below.

I have a 'testclass' module installed just to show that Puppet is able
to find my modules and run otherwise. The modules are identical in
both scenarios.

Working:-

Puppet 3.8.2 without directory environments, just a 'manifests' and
'modules' directory.

PS C:\vagrant> puppet apply --modulepath .\modules .\manifests\default.pp
Notice: Compiled catalog for vagrant-2012-r2.global.root in
environment production in 0.19 seconds
Notice: /Stage[main]/Main/Dsc_windowsfeature[IIS]/ensure: created
Notice: Hello!
Notice: /Stage[main]/Testclass/Notify[Hello!]/message: defined
'message' as 'Hello!'
Notice: Finished catalog run in 26.78 seconds

It runs and installs the IIS Windows feature which is great.

Not working:-

Puppet 4.3.2 using directory environments with a single environment
called 'production'.

PS C:\vagrant> puppet apply --environmentpath .\environments
.\environments\production\manifests\default.pp
Warning: Facter: skipping external facts for
"C:/ProgramData/PuppetLabs/puppet/cache/facts.d": The request is not
supported
Notice: Compiled catalog for vagrant-2012-r2.global.root in
environment production in 0.19 seconds
Notice: Hello!
Notice: /Stage[main]/Testclass/Notify[Hello!]/message: defined
'message' as 'Hello!'
Error: Could not find a suitable provider for dsc_windowsfeature
Notice: Applied catalog in 0.16 seconds

Here I get an error 'Could not find a suitable provider for dsc_windowsfeature'.

It seems like 'puppet apply' is not finding or using the custom
providers in the puppetlabs-dsc module maybe?

Or is there an option I need to add to 'puppet apply'?

Kind regards,
Phil.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56C4E9B9.2000101%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] v3 agent to v4 master ssl issue

[Felix Frank]

Hi Christopher,

I have no first hand experience with this transition, but Martin put a 
note about SSL in the Puppet 4 chapter of the new Puppet Essentials 
(yes, I'm plugging us :-)


Apparently Puppet 4 cannot use a CA that was created without the 
dns_alt_names setting. This might just be your issue. And yes, you will 
have to re-certify your infrastructure for the upgrade if this is the case.


Cheers,
Felix

On 02/11/2016 11:02 PM, Christopher Wood wrote:

Update is that I still don't know why this happened, but I know what I should 
not do when I go to convert the production puppetmasters.

I have a set of 3.8.5 masters and was attempting to bring up a 4.3.2 master 
(puppetserver 2.2.1, puppet-agent 1.3.4) as a non-CA master to test things 
with. A 3.8.5 agent got these errors when trying to use a server=4.3.2 with 
ca_server=3.8.5 set of puppetmaster versions.

My 3.8.5 agent worked fine against the 4.3.2 master with a completely new CA, 
and with the new master acting as a CA with the 3.8.5 CA's ssl files. Using a 
3.8.5 non-CA master with the 4.3.2 CA server works too.

The upshot is that when I convert the puppetmasters to puppet 4 I will need to 
convert the CA first and work outward from there (other puppetmasters at that 
location, rest of the puppetmasters, then the agents).

(Feel free to add more clue than I can provide, anybody.)

On Fri, Feb 05, 2016 at 04:56:03PM -0500, Christopher Wood wrote:

I have a puppet 3 agent attempting an agent run against a puppet 4 master but I am 
getting ssl errors. I'm out of google-fu and I've verified certs and keys, run both sides 
in debug using puppetserver and the rack "puppet master --no-daemonize 
--verbose", and am not seeing anything that jumps out at me. I do notice that when 
running in DEBUG the puppetserver log doesn't spit output during the agent run.

The closest I can get to understanding this is stackoverflow, but I'm not sure 
how I would tell the agent to use TLSv1.2.

http://stackoverflow.com/questions/25814210/opensslsslsslerror-ssl-connect-syscall-returned-5-errno-0-state-sslv3-read

Any hints on what these ssl errors are from and how I can fix this?

SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read finished A

[root@mail10c2 ~]# puppet --version
3.8.5
[root@mail10c2 ~]# cat /etc/redhat-release
CentOS release 6.7 (Final)
[root@mail10c2 ~]# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

[root@puppetmaster1stage ~]# rpm -q puppetserver
puppetserver-2.2.1-1.el6.noarch
[root@puppetmaster1stage ~]# /opt/puppetlabs/bin/puppet --version
4.3.2
[root@puppetmaster1stage ~]# cat /etc/redhat-release
CentOS release 6.7 (Final)
[root@puppetmaster1stage ~]# /opt/puppetlabs/puppet/bin/openssl version
OpenSSL 1.0.2e 3 Dec 2015

I've verified the hostcert, hostpubkey, and localcacert as definitely belonging to each 
other using openssl. These files exist at the paths from "puppet config print". 
The localcacert is definitely the CA cert that both server and client use, by md5sum.

This is the output (that is definitely the --server in the server cert):

[root@mail10c2 util]# puppet agent --onetime --verbose --no-daemonize 
--no-splay --server puppetmaster1stage
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read finished A
Info: Retrieving pluginfacts
Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional resources 
using 'eval_generate': SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read 
finished A
Error: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not retrieve 
file metadata for puppet://puppetmaster1stage/pluginfacts: SSL_connect SYSCALL 
returned=5 errno=0 state=SSLv3 read finished A
Info: Retrieving plugin
Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources 
using 'eval_generate': SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read 
finished A
Error: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve file 
metadata for puppet://puppetmaster1stage/plugins: SSL_connect SYSCALL 
returned=5 errno=0 state=SSLv3 read finished A
Info: Loading facts
Error: Could not retrieve catalog from remote server: SSL_connect SYSCALL 
returned=5 errno=0 state=SSLv3 read finished A
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: SSL_connect SYSCALL returned=5 errno=0 
state=SSLv3 read finished A

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/20160205215603.GA24864%40iniquitous.heresiarch.ca.
For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To 

Re: [Puppet Users] Problems testing branching using rspec-puppet with hiera

[Felix Frank]

Hi,

I don't really have an answer for you, but would it be a feasible 
workaround for you to convert your variable lookup into a class 
parameter that is looked up implicitly? This way, you can just exploit 
rspec-puppet's own facilities for providing test input, and need not 
perform the whole Hiera dance (it's supposed to be a unit test, after 
all - you're grazing integration test level there).


HTH,
Felix

On 01/27/2016 11:27 PM, jwilki...@gmail.com wrote:

Hi all!

I've been banging my head against this for the past couple of days and 
I'm pretty stuck.  I've started implementing rspec tests for a class 
that uses a hiera lookup and then uses the looked up value to control 
part of its logic.  A simplified version:


class mytest {
 $mycondition = hiera('my::condition')

 if $mycondition {
 ...
 }

}


My spec_helper looks like this:

require 'rubygems'
require 'puppetlabs_spec_helper/module_spec_helper'


RSpec.configure do |c|
  c.hiera_config = 'spec/fixtures/hiera/hiera.yaml'
end

So far, so standard.   What I want to be able to test, obviously, is 
making sure that when $mycondition is true, the resources in the if 
statement are added to the catalog, and if $mycondition is false, they 
aren't.


So, my spec in spec/classes/mytest_spec.rb looks like this:

require 'spec_helper'

describe 'mytest' do

  let(:node) { 'truecondition' }
  if {
should compile
  }

end

My hiera.yaml file looks like this:

---
 :backends:
- yaml
 :yaml:
   :datadir: 'spec/fixtures/hieradata'
 :hierarchy:
   - "%{::fqdn}"

and my spec/fixtures/hieradata/truecondition.yaml looks like this:

---
  my::condition: false


With this setup, my spec class returns an error:

Failures:

  1) mytest should compile into a catalogue
without dependency cycles
 Failure/Error: should compile
   error during compilation: Evaluation Error: Error while 
evaluating a Func

tion Call, Could not find data item my::condition in any Hiera data file
 and no default supplied at 
C:/puppet/mytest/spec/fixtures/modules/mytest/manifests/init.pp:3:22 
on node truecondition

 # ./spec/classes/mytest_spec.rb:7:in `block (2 levels) in
'

Finished in 0.4212 seconds (files took 2.42 seconds to load)
1 example, 1 failure

Ultimately, I thought I could specify a different context for each 
state of $mycondition: true and false, so my test would look like:



require 'spec_helper'

describe 'mytest' do
   context "with mycondition => true" do
   let(:node) { 'truecondition' }
   if {
should compile
   }
   end

   context "with mycondition => false" do
   let(:node) { 'falsecondition' }
   if {
should compile
   }
   end

end

I tried having my contexts set a fact that hiera could use to select 
which yaml file it got data from: didn't work.  I tried having a 
different hiera.yaml file, one for true and one for false, that would 
load a different common.yaml (since common.yaml seems to work, but 
nothing else), and that didn't work.  The example above was the last 
thing I tried, since rspec-puppet is supposed to provide the fqdn 
fact, so I thought setting the node might help it switch. Failure on 
all sides!


I'm trying to do this because we've tried to write our profiles 
following the practice of doing hiera lookups instead of class 
parameters, as recommended here: 
 http://garylarizza.com/blog/2014/10/24/puppet-workflows-4-using-hiera-in-anger/


At this point, I'm almost ready to throw in the towel.  There has to 
be some way to change what values hiera supplies so I can test all 
branches of my code, but I'm not sure how to do it.  Any suggestions 
or alternatives would be welcome.


Thanks!



--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56C3A253.70303%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] firewall module to accept array of sources/dests

[Felix Frank]

On 02/13/2016 05:34 AM, Alex Harvey wrote:


The problem is that removing sources from the array of your
multiplexer resource will just lead to some firewall resources not
being in the catalog anymore. Their respective rules will remain
orphaned, which is not what the user will expect.


Is this really a problem though?  The documentation for the module 
recommends that users do purge the unmanaged firewall rules.  If they 
choose not to, then they should understand that means they need to 
take care of those manually.  It's no different to any other resource 
in Puppet.  If one day I stop managing the /etc/motd file, I should 
understand that Puppet won't delete the file; it'll simply leave it in 
whatever state it was in.


Sure, but I feel that this case is especially confusing.

The user does not remove a resource from their manifest. They change a 
parameter of one of their resources, which feels like changing a 
property value for a proper resource. The fact that this may not be 
sync'ed correctly by the agent can be surprising, and removing firewall 
rules is a highly critical operation.


So, yes, I think you should go ahead and build that module, but please 
make sure to plaster its documentation with warnings ;-)


Cheers,
Felix

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56BF2FE8.3040109%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] firewall module to accept array of sources/dests

[Felix Frank]

On 02/12/2016 07:11 AM, Alex Harvey wrote:


ACCEPT tcp  --  1.1.1.1/24   0.0.0.0/0   multiport dports 
80,443 /* 100 allow http and https access */


ACCEPT tcp  --  2.2.2.2/24   0.0.0.0/0 multiport dports 
80,443 /* 100 allow http and https access */



The provider could be modified so as to represent these as:



Conceptionally, it might just work. But it would be quite hard, and 
create a maintenance nightmare. (Have you *looked* at the current 
provider instances/parsing methods? Oh my...)



2.

Add to the firewall module (or perhaps a new Forge module) a defined 
type that wraps around the existing firewall types/providers.  In 
Puppet 4, that should be easy to do in the DSL using an iterator; but 
because I'd like to support Puppet 3 as well, it's a bit trickier. 
 Still, quite doable.  The hardest part seems to be thinking up a name 
for the new type.  Any suggestions?


While naming things *is* one of the hardest problems in software, I'm 
sure we can figure something out on this one. No worries.


Iterating on the DSL level is nice and all, but it will cause issues for 
users who don't purge unmanaged firewall rules (granted, that should be 
a rare issue, but then I'm willing to bet that there are people with 
weird edge cases like that.)


The problem is that removing sources from the array of your multiplexer 
resource will just lead to some firewall resources not being in the 
catalog anymore. Their respective rules will remain orphaned, which is 
not what the user will expect.


Cheers,
Felix

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56BE6374.8020009%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet/Puppetboard throwing error 'Internal Server Error'

[Felix Frank]

OK, but seriously, what's it saying?

Also, can you connect to localhost:8080 with netcat? With curl?

Cheers,
Felix

On 02/12/2016 08:56 AM, Manoj Kumar wrote:

yess I can see that too

Thanks and Regards,
Manoj Kumar

OK, next debugging step: What's the output of `ss -tlnp | grep :8080` ?


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56BE63E7.3020308%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] German Umlauts in Catalog

[Felix Frank]

On 02/12/2016 12:35 AM, Lindsey Smith wrote:


Hi Josh,

ok, I think I found the problem, thanks to your questions. Our
codepages in Windows are CP850, But the manifests and the
master are UTF-8. Can I change the codepage only for ruby to
UTF-8? If so, how? I'm not this familiar with ruby.

Thanks for helping.

Greetings,
Björn


Hi,

sounds like a fairly straight-forward reproduction. Have you
opened a Jira ticket for this? If not, would you?


Is https://tickets.puppetlabs.com/browse/PUP-5728 the same issue?


Hi Lindsey,

good find, interesting stuff. Not sure if that's the one, but it seems 
to make it clear that non-ASCII is only really supported in 4.3.3 and 
newer, or so I suppose.


Cheers,
Felix

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56BE6009.2090507%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet/Puppetboard throwing error 'Internal Server Error'

[Felix Frank]

On 01/27/2016 07:59 AM, Manoj Kumar wrote:

Yes, puppetdb is running :(



OK, next debugging step: What's the output of `ss -tlnp | grep :8080` ?

Thanks,
Felix

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56BD115C.70204%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Prefetch in custom types in Puppet v4?

[Felix Frank]

On 01/27/2016 10:11 AM, Gareth Rushgrove wrote:

I nearly always having something
like:


def self.prefetch(resources)
   instances.each do|prov|
 if resource = resources[prov.name]
   resource.provider = prov
 end
   end
end

Where instances returns an array of objects created using new.

def self.instances
   some_list_of_things.collect do|obj|
 new({
  name: obj.name,
   ensure: :present,
 })
   end
end



Yeah. Come to think of it - that's so boilerplate-y...should we abstract 
from this? Can we? I'm thinking of a kind of provider DSL call that will 
take care of creating these methods, and/or make that very simple.


Thoughts?

Cheers,
Felix

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56BD1306.2070103%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] How to install tomcat silenlty using puppet on Windows 7

[Felix Frank]

On 01/28/2016 12:22 PM, Maruti Gangumolu wrote:
Thanks Dirk! It worked. I'm still facing with module class file. When 
I'm invoking site.pp -> nodes.pp -> init.pp manifest files I'm getting 
an error that apache class is not found. Could you please help me with it?


# Manage apache tomcat v8 application server
class apache {
 package { 'Tomcat8' :
  ensure => present,
  source => 'C:/Maruti/Puppet/apache-tomcat-8.0.30.exe',
  install_options => ['/S','/D=C:\Maruti\Puppet\apache-tomcat-8'],
  description => 'Installing tomcat v8.0.30 on windows system',
 }
}


Hi,

where did you create that `class apache`?

Ideally, you should put it into a custom module such as 'site' or 
'local' and call it local::apache. It might even go into your profiles 
module as profile::apache.


Have you completed the training VM course?

HTH,
Felix

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56BD1505.7030607%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet::Type.newtype create_resource with notify

[Felix Frank]

Hi,

On 01/29/2016 07:19 PM, Bartosz Kupidura wrote:
New resources are added to catalog, but unfortunately notify is not 
working.


|
parameters ={:name =>'test',:notify =>'Service[test-service]',:value 
=>'10}

res = catalog.create_resource('test_resource', parameters)
target = catalog.resource 'service', 'test-service'
Puppet::Relationship.new(res, target, {:event => :ALL_EVENTS, 
:callback =>:refresh})

|


I don't follow. Where is this code from? Are you invoking this? How?



Log:
|
Debug: /Stage[main]/Main/Asd[test_resource]: test_resource[test]: was 
not found in the catalog, creating it

Info: Applying configuration version '1454091309'
Notice: /test_resource[test]/value: value changed '123' to '10'
Debug: Executing '/sbin/status test-service'
Debug: Finishing transaction 29127600
Debug: Storing state
Debug: Stored state in 0.75 seconds
Notice: Finished catalog run in 1.45 seconds
|

Manifest:
|
asd { 'test_resource':
  data => {
'test' => {'value'=> '10'},
  },
}

service { 'test-service':
   ensure => running
}
|

Any hints what im missing?


Well...your manifest does *not* establish a notify relationship between 
those resources. How about a ~> arrow between them? Or a `notify => 
Service['test-service']` parameter for the asd resource?


HTH,
Felix

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56BD16EC.8060800%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Issues with example42/php::augeas or with augeas in general

[Felix Frank]

On 02/09/2016 09:51 PM, Joseph Karns wrote:

Hello All:

I started getting failed resources from augeas and I'm hoping someone 
can help.


The errors:


Hi,

your output asks you to enable debug output to get more information. 
Please run again like


puppet agent --test --debug

...or whatever your usual invocation is, but with an added --debug flag.

Thanks,
Felix

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56BD0A5A.7080401%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Overriding class parameters within Foreman

[Felix Frank]

On 02/05/2016 02:25 AM, Kyle Flavin wrote:
In the example above, I'm unable to override $dhcp_dnsdomain by 
setting the corresponding value on the host in Foreman.  It always 
goes with the value of $::domain.


Could you describe more specifically what you are setting where?

Adding a variable called $dhcp_dnsdomain to the node will not help. It 
must be added to the class. Perhaps you can share a screenshot?


Cheers,
Felix

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56BD0D90.40203%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Schedule Vcsrepo to sync local with remote

[Felix Frank]

On 02/03/2016 04:18 PM, mike r wrote:
Trying to avoid using cron but cant figure if its possible to run this 
on PE Master as 'puppet apply vcsrepo.pp' every 15 min or so.




Well `puppet apply` is definitely a great way to do this, but guess 
what: The best way to do *that* periodically is...cron. :-)


HTH,
Felix

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56BD0DE8.3040700%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] firewall module to accept array of sources/dests

[Felix Frank]

On 02/09/2016 06:41 AM, Alex Harvey wrote:
Can I get some feedback at this early stage that my PR would be 
accepted, assuming I can come up with a clean, working solution?


Hi,

I don't think that anyone will be able to answer this without at least 
looking at what you're building, or intend to.


From experience, cool features like this have good chances, *unless* 
they come with some pitfalls or a catch that the maintainer (Puppet 
Labs?) is not willing to accept.


As for the feature you're looking at: My gut tells me that you might not 
be able to come up with a clean model to support all that. Multiple 
destination ports should not be problematic, thanks to netfilter's 
multiport module.


But multiple addresses get expanded into distinct rules, IIRC. This 
likely cannot be reconciled with Puppet's resource model, or not without 
introducing some bizarre semantic tricks.


So my advice is to open a PR as soon as possible, even if the feature 
does not work yet, just to showcase your approach and gather the 
feedback you came seeking here.


HTH,
Felix

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56BD0C52.80307%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] German Umlauts in Catalog

[Felix Frank]

On 01/21/2016 08:49 AM, Bjoern Meier wrote:

Hi Josh,

ok, I think I found the problem, thanks to your questions. Our 
codepages in Windows are CP850, But the manifests and the master are 
UTF-8. Can I change the codepage only for ruby to UTF-8? If so, how? 
I'm not this familiar with ruby.


Thanks for helping.

Greetings,
Björn


Hi,

sounds like a fairly straight-forward reproduction. Have you opened a 
Jira ticket for this? If not, would you?


I'm oddly disgusted and fascinated by this still being an issue (come on 
Windows...can't you just unicode like all the other kids?) and might 
just look into that. (Eventually.)


Cheers,
Felix

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56BD0F97.3010307%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] does puppet get download of a server ftp?

[Felix Frank]

Hi,

Puppet cannot directly use FTP servers with the file{} resource. You can 
install a module for this purpose, however. This one is a good choice:


https://forge.puppetlabs.com/puppet/archive

Hope that helps,
Felix

On 02/03/2016 12:32 PM, victor.v...@ecxus.com.br wrote:

Hello,

I'm new here, so I'm brazilian so sorry my bad english, but I wanted 
know if puppet can do download of a server ftp and which the best way?


thanks guys


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56BA84EF.6080706%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] What I think that is needed for a practical Puppet class

[Felix Frank]

Hi,

seconded, and I'll go a step further and claim that "(Forge) Modules 
First Puppet" might actually be a feasible angle for newcomers who don't 
have a programming nor strong operations background to speak of.


Do let me know if you hit any snags along the road. Happy to help, if it 
weren't for all the things on the plate already.


Also please do keep us posted with your developments in that direction.

Cheers,
Felix

On 01/02/2016 12:13 PM, Martin Alfke wrote:

Hi Rudy,

Great idea and work!
I really appreciate supporting less advanced countries.
Maybe you want to also look at our new Puppet documentation/slide/example 
project: http://www.example42.com/guide/

I encourage people to start using self developed modules (but with a prefix for 
the module name to not block them from moving to available modules).
This will allow them to understand Puppet code constructs and they should 
switch to existing modules when they have a decent understanding of Puppet.

Best,
Martin

On 01 Jan 2016, at 23:36, Rudy Gevaert  wrote:


Hi,

This is just report of something I just wrote on my blog 
(http://blog.webworm.org/content/whats-needed-practical-puppet-class) .  Feel 
free to comment here or through (@rgevaert) twitter or email.

I'm a happy user of Puppet and love sharing my knowledge with other people.  
Although I'm not that active online, I've done quiet some work in getting 
Puppet known and used in environments that aren't that easily addressable.  
More specifically, IT departments at several universities in Cuba and Ethiopia. 
 This as part of several IT for development  programmes.  If you want to learn 
more about that work, read the paper I published about it.  I also started the 
Puppet User Group in Ethiopia.

Last December I was in Cuba to follow up on my projects.  When I was at the 
Universidad de Oriente in Santiago De Cuba I spent some time with the 
university staff working with Puppet.  The adoption is still very young and 
they are still in the 'learning and testing' phase.
  
During our hands on sessions it became clear to me that there is need for specific instructors material that teaches the use of Puppet by using already available modules.

I've seen many 'introduction to Puppet' presentations and created several 
myself.  But to be honest I never really saw any presentation that showed the 
audience to start from scratch and build up your infrastructure by using 
already available modules.
  
Why is that necessary?  Because I've seen so many newbies getting lost in setting up Puppet and then loosing way to much time with reinventing the wheel.  New users to Puppet, and very specifically users who don't have access to peers that are already using Puppet, have a hard time deciding what to do first.  And many of them start out like so many people started with Puppet 8 years ago: some small classes and no modules.  But unfortunately they get stuck there and don't move on.
  
In the same category of missing information is how to set up an easy and usable work flow.  For people who are new to Puppet (and maybe even Git too!) setting up dynamic environments is too difficult.  There are just too many ways to do it.  I think it's important to have this in place.  Similarly getting a good syntax checking and puppet lint tests

in place right from the beginning is key in writing good Puppet code.
  
It's not that there is no good documentation or tutorials.  Puppetlabs provides a "learning VM". But the learning VM is more for individual learning.  Recently I found Example42 Puppet Tutorial.  I find the example42 Puppet Tutorial very good.  And best of all, the tutorial is Free Software too.  I've already decided to start using this tutorial if I need to teach Puppet in the future.  They also provide some example architectures.  But I'm missing the approach I was discussing.
  
So what should be in the approach I'm looking for?
  
For example I think the new users (let's call them students) should be shown how to build a small infrastructure with existing modules. Installing modules to manage some key components in your infrastructure:

• motd updating (not important but good first exercise)
• repository management
• DNS configuration in resolve.conf
• user management
• ssh configuration
• firewall rules
• setting up an apache web server
• setting up a MySQL server
  
Only after completing these steps students should move on to learn the  specific Puppet DSL and write their own modules.
  
While students are setting up their core infrastructure they should be able to do this by using a local VM where they are running 'puppet apply' to test the changes they making.  A vagrant VM is well suitedf or this.
  
Next to the above I think it would be good to have some CI infrastructure set up and ready to use.  The CI should check and deploy code committed to a VCS repo.  Getting students already acquainted with 

Re: [Puppet Users] Error applying a catalog when the agent is restarted in the middle of a catalog run

[Felix Frank]

Hi,

as a workaround, you could hopefully switch to running Puppet from cron. 
This is usually more robust.


If you can reproduce this behavior, it would be great if you could
1. see if this holds true with the latest 3.8 or even 4.3 version and if 
yes,

2. simplify the environment as much as possible and report this as a bug

In fact, a simple reproduction would go a long way on its own - I will 
offer to take a crack at the issue if you can provide the instructions.


HTH,
Felix

On 01/14/2016 10:33 AM, César wrote:

Hi all,

we have seen the following error when the puppet agent is restarted in 
the middle of a catalog run

Dec 20 07:19:18 helios puppet-agent[22331]: Reopening log files
Dec 20 07:19:18 helios puppet-agent[22331]: Starting Puppet client version 3.3.2
Dec 20 07:19:18 helios puppet-agent[22331]: Could not run: source did not 
contain any PSON!
Dec 20 07:19:19 helios puppet-agent[22329]: source did not contain any PSON!
Digging further in the issue, this error seems to occur when the agent 
gets an empty catalog to apply.
Puppet is configured to run every 3 minutes, but after the error is 
seen the agent does not recover by itself and requires another restart 
of the service.


Is there any setting that we are missing that would help us get rid of 
the problem or is it a malfunction?


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56B76F3E.8030109%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] puppet cert list yields no certs

[Felix Frank]

On 02/07/2016 04:56 PM, Felix Frank wrote:

Hi,

is this issue still unresolved? 


Ah, ignore please - getting back in the game, getting used to 
Thunderbird (or Google Groups) breaking the threading on occasion :)


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56B769CD.2090905%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Is puppet (apply) supposed to work fine on one non-english windows?

[Felix Frank]

Hi,

internationalization issues are likely as not caused by the underlying 
Ruby runtime, rather than Puppet itself. Or so I guess. Are you running 
a Ruby that came with your copy of Puppet? (Is this how Puppet works on 
Windows?)


On 01/12/2016 06:39 PM, Matthieu Dubuget wrote:


I spent some days testing puppet on a clone of a real windows 2008 R2 
file server.


While puppet seems very interesting, I’m afraid it is not mature 
enough to be used with Windows clients?


The main problem is that the files served by my file server were 
created by french people: their names contain lot of accentuated 
characters.


First, I had to do |chcp 1252| before I could use puppet. The default 
code page is 850. Not really friendly. But manageable.




Wait, code pages? Can Windows not be set to run everything in unicode? 
(Excuse my ignorance, my patience for running Windows in production has 
been limited so far.)


The second problem I’m facing now, appears while using simple 
manifests like the following one:


|acl { 'd:/Data/Directory': permissions => ... } |

It works fine, and is faster than I would have expected, even when the 
permissions are to be applied to a lot of files.
But as soon as there is any file whose path contain special character 
(like |é| or |è|) in the target directory (|d:/Data/Directory|), the 
puppet apply command fails.
Is there any solution to this problem, or should I forget puppet for 
some time?


Thanks for any advice



How does it fail? Can you share the error message? Please also make a 
run of puppet agent with an added --trace flag and share the full output 
including stack traces.


Thanks,
Felix

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56B76BD1.1010002%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] hieradata in add mode

[Felix Frank]

Hi,

very valid question.

Traditionally, you will get this behavior not through Hiera notation, 
but by using an alternative lookup function, hiera_array.


$users = hiera_array('users_list')

Here's how it works: 
http://docs.puppetlabs.com/puppet/latest/reference/function.html#hieraarray


Do note that since Puppet 4.3, you can actually express your desired 
lookup mode in the data, which will work when using puppet-lookup. The 
latter made it into the release notes:


https://docs.puppetlabs.com/puppet/4.3/reference/release_notes.html#new-feature-puppet-lookup

Not sure whether the deep merge functionality is already documented 
well, so I'll just refer you to the Jira issue. Please look at the 
latest comments to find out what the final design ended up being.


https://tickets.puppetlabs.com/browse/PUP-5395

If this is helpful to you, please share your findings and final design 
with the list.


Thanks!
Felix

On 01/06/2016 11:09 PM, Albert Shih wrote:

Hi,

I'm asking something maybe stupid but well...

I've got a

   hieradata
 - common.yaml
 - hostname.yaml

I would like to have in common.yaml

   users_list :
 - user1 user1_ssh_key
 - user2 user2_ssh_key
 - user3 user3_ssh_key

and in someway I would like to add some users in

   hostname.yaml

so something like

   users_list"+":
 - user4 user4_ssh_key
 - user5 user5_ssh_key

The purpose is to add some users for specific host, but always keep some
basic users.

Regards.

JAS


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56B76594.4050004%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Facter 3 and Puppet 3.8.2

[Felix Frank]

Hi,

I'm not so sure, but looking at the release notes, there does not seem 
to be a breaking change in the 3.0 release that would disrupt 
compatibility with Puppet 3.x. So, yes, I believe this should Just Work.


https://docs.puppetlabs.com/facter/3.0/release_notes.html#facter-300

Cheers,
Felix

On 01/06/2016 09:02 AM, Costya Regev wrote:

Hi,

I would like to know if i can install facter 3 with puppet version of 
3.8.2 ?



Thanks,
Costya.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56B762AB.7070608%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] puppet cert list yields no certs

[Felix Frank]

Hi,

is this issue still unresolved?

On 01/08/2016 12:41 AM, Matt Zagrabelny wrote:

On Thu, Jan 7, 2016 at 5:35 PM, Peter Kristolaitis  wrote:

Apparently I was a little too quick on the send button.  :(

To continue my previous email:

Does 'puppet cert list --all' show any certs at all?

Yep:

# puppet cert list --all
+ "puppet-client-1.example.net" (SHA256)
A3:73:DC:89:B2:13:D4:C5:7A:58:B9:EB:7E:6A:22:1C:36:97:BD:8F:4C:AD:18:39:2E:F8:10:2C:29:36:F6:82
+ "puppet-3-7.example.net" (SHA256)
E6:F6:7D:6C:D8:30:6C:AC:1E:B5:5D:29:E8:11:0C:CB:54:22:BA:B3:96:C1:E2:49:7A:48:CF:3E:F8:12:43:24
(alt names: "DNS:puppet-3-7", "DNS:puppet-3-7.example.net")

I don't remember what I did to get the master to accept the CSR of
puppet-client-1 earlier, but I did have similar issues where I ran the
client and the master didn't show any unsigned certs when running
"puppet cert list".

That was a few weeks ago. I'm just coming back to puppet 3.7 now.

-m



--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56B7693B.9090607%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Advice on Puppet update to 4

[Felix Frank]

On 07/23/2015 12:45 AM, Stack Kororā wrote:
 
 It also appears to me that puppet dashboard is not yet ready for 4.
 Anyone have any thoughts on that?

Hi,

the dashboard was discontinued, afaik, so it may never be ready to
work with Puppet 4+.

If you need a good ENC, look at Foreman. If you need reporting, look at
puppetboard or Puppet Explorer.

Best,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/55B21AA7.4040406%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Advice on Puppet update to 4

[Felix Frank]

On 07/22/2015 11:06 PM, Kevin Corcoran wrote:
 Hi,

 We added a new feature in Puppet Server 2.1.0 which allows it to be
 used with Puppet 3 agents (as well as Puppet 4 agents, of course).

 https://docs.puppetlabs.com/puppetserver/latest/release_notes.html#whats-new-in-puppet-server-21

 - Kevin

Mind. Blown.

No really, that is great news!

Thanks,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/55B00A92.108%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Advice on Puppet update to 4

[Felix Frank]

On 07/21/2015 04:14 PM, jcbollinger wrote:


 2)
 I read in the changelog that the older clients should work with
 the backward compatibility, but is it worth even trying? Or should
 I just push out the updated puppet client wherever I can before
 adding the server into my new build? (not hard to do in my
 environment)



 It's worth trying if upgrading the clients when you upgrade the master
 would present a challenge.  Even if you plan to update everything in
 one fell swoop, it may be to your advantage to rely on the newer
 master serving older clients at least for the duration of the upgrade.

Hi,

I don't think that Puppet 3 agents can work with the Puppet 4 master.
There were incompatible changes to the catalog format.

A Puppet 4 upgrade needs to encompass your whole infrastructure. As
such, I'd advise to try and not throw it in with other changes.

Cheers,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/55AE744A.8070002%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Newbie question regarding the file resource

[Felix Frank]

On 07/20/2015 06:17 PM, Fabien Delpierre wrote:
 I've tried multiple things:
 puppet:///modules/sensei/mysite.conf

Well that's nice, but earlier in your mail, you stated that mysite.conf
is in the 'myfiles' module. The URL you need is

puppet:///modules/myfiles/mysite.conf

Your reasoning is sound for the most part, but don't create a 'myfiles'
module. That's the actual no-no. If you create a module that installs
files for the 'mysite' vhost, call it mysite or something along those lines.

HTH,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/55AD7D9C.70606%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Case of the missing Ruby file

[Felix Frank]

Hi,

so you installed puppet_spec_helper as a gem. This should work, and I'm
not certain what the clean approach of making it work in this scenario
would be. I believe require 'rubygems' might help, but I half remember
some issues that can crop up with this.

Personally, I would create a Gemfile, add puppetlabs_spec_helper to it
and run rake through bundler. That should definitely work.

HTH,
Felix

On 07/20/2015 03:39 PM, Peter Berghold wrote:
 Hi folks,

 I've bravely stepped out into the world of writing tests for my Puppet
 modules to ensure code quality.  Have run into an issue.  My
 spec/spec_helper.rb has one line.

 require 'puppetlabs_spec_helper/module_spec_helper'

 I run rake spec and this happens:

 spec/spec_helper.rb:1:in `require': no such file to load --
 puppetlabs_spec_helper/module_spec_helper (LoadError)
 from /home/pb869e/src/pb869e-attbind/spec/spec_helper.rb:1
 -- and more---

 I did a  find /usr -name  module_spec_helper.rb  and it shows up here:
 /usr/lib/ruby/gems/1.8/gems/puppetlabs_spec_helper-0.10.3/lib/puppetlabs_spec_helper/module_spec_helper.rb

 so why isn't it loading?

 thoughts?

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/55AD7C65.8020600%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] puppetserver does not sign its certificate

[Felix Frank]

Hi,

something I noticed when trying a simple puppetserver setup.

I installed puppetserver from PC1 on a Debian 7 box (will try Debian 8
once PC1 has puppetserver for it) and just started the service. It fails
like this:

Exception in thread main java.lang.IllegalStateException: Cannot
initialize master with partial state; need all files or none.
Found:
/etc/puppetlabs/puppet/ssl/private_keys/puppet.example.net.pem
Missing:
/etc/puppetlabs/puppet/ssl/certs/puppet.example.net.pem

I helped myself by launching the WEBrick master briefly, which will sign
the master certificate. After that, puppetserver starts up fine.

Am I Doing It Wrong? Feels like a bug.

Cheers,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/55AC1505.3050307%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Running the Puppet 4 master from the AIO package (especially passenger/rack)

[Felix Frank]

Hi Michael,

I can't find more details to help me track that down, but I'm getting
convinced that the problem is that my Passenger is installed onto OS
Ruby instead of Puppet's Ruby. I could not use your apache config
verbatim, see reason below. Apache starts after some modifications (e.g.
loading the passenger module from the debian package instead of from the
gem) but yields errors that look similar to those I get from nginx.

From your own instructions:

On 07/18/2015 04:53 AM, Michael Stahnke wrote:
 export PATH=/opt/puppetlabs/puppet/bin:$PATH
 # install passenger
 gem install --no-rdoc --no-ri passenger

This consistently fails for me (puppet-agent 1.2.1):

# /opt/puppetlabs/puppet/bin/gem install passenger
Building native extensions.  This could take a while...
ERROR:  Error installing passenger:
ERROR: Failed to build gem native extension.

/opt/puppetlabs/puppet/bin/ruby extconf.rb
Attempting to download
https://oss-binaries.phusionpassenger.com/binaries/passenger/by_release/5.0.14/rubyext-ruby-2.1.6-x86_64-linux.tar.gz
into
/opt/puppetlabs/puppet/lib/ruby/gems/2.1.0/gems/passenger-5.0.14/download_cache
*** Could not download
https://oss-binaries.phusionpassenger.com/binaries/passenger/by_release/5.0.14/rubyext-ruby-2.1.6-x86_64-linux.tar.gz:
2015-07-19 01:42:30 ERROR 404: Not Found.
...


This kind of makes sense, for if you look into the directory listing on
that phusion server, there are only files for Ruby 2.1.3, no other 2.1.x
releases. I can only assume that when you built that test setup, that
the bundled Ruby was just that version.

As yet another aside, I cannot seem to find a changelog for the AIO
package. The Debian package has the default changelog.Debian.gz, but
this contains no information. I was wondering if the Ruby version has at
all changed since the 1.0 release.

Thanks for the feedback so far. I believe that as long as we retain Rack
support, we should make sure that it works out of the box, no?

Cheers,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/55AAE8ED.3050605%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Dictating class evaluation order

[Felix Frank]

On 07/19/2015 01:19 AM, Andrew Langhorn wrote:

 class apps::reservations {


 include tomcat


 tomcat::instance { ‘reservations’:

 ensure = present,

 http_port = 8080,

 }


 }


 However, when I run Puppet against a Vagrant VM, it tells me that the
 tomcat class hasn’t been evaluated, so it can’t use tomcat::instance
 (because of underlying failures when using the Tomcat module):


 == app: Warning: Scope(Tomcat::Instance[reservations]): Could not
 look up qualified variable 'tomcat::instance_basedir'; class
 tomcat has not been evaluated


Hmm, if the resource declaration is lexically preceded by an 'include
tomcat' then this should not happen.

In this case, the order in your manifest is really important. Is your
snippet truly representative of your actual code?

Regards,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/55AAE9F5.5060503%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Running the Puppet 4 master from the AIO package (especially passenger/rack)

[Felix Frank]

Hi list,

I'm currently trying to get Puppet 4 to work with nginx/passenger. I had
that working with Puppet 3.x pretty well, but the new packaging stumps me.

For one, the config.ru file is no longer being packaged, apparently.
It's missing from my systems regardless of whether puppet-agent or even
puppetserver are installed (having it in the latter would be kind of
weird, too, I guess).

Now I can retrieve the config.ru right from github, so that's not a
blocker. Next issue: The puppet user and group is now owned by package
puppetserver, apparently. Just getting the puppet-agent AIO will not
create it on my Debian 8 system. (The fact that there is not yet a
puppetserver package for jessie is an additional hinderance at this time.)

Currently, both WEBrick and Passenger error out on this testing VM
running Debian 8 with PC1.

There should probably be tickets for these issues, but I'd like to
gather some feedback first. Has anyone gotten their feet wet with
non-puppetserver masters that run 4.x?

Cheers,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/55A960BB.7080103%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Net::ReadTimeout errors

[Felix Frank]

On 07/18/2015 03:20 AM, Tim Dunphy wrote:
 Hey Felix,

 thanks, but those aren't the important ones I'm afraid. There
 should be
 a vhost to bind port 8140. If there is not, please check carefully
 which
 process is actually listening on that port. (If it's Ruby, I have bad
 news and good news :-)


 Whoops! OK I get you now. Here's the vhost that binds to 8140:

Yep, that's the one.

OK, so you manage that via puppetlabs-apache. Guess you will have to
ultimately fix this in your manifest/data then.

The default template for the passenger vhost includes settings

PassengerHighPerformance on
and
PassengerPoolSize X

Make sure that both are present in your Apache config, and that the
latter is set to a sufficiently high value. Allow Apache to fork off
enough Ruby workers to handle your load. I suppose your hardware can run
a few dozen processes.

HTH,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/55A9B2DC.7070102%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Running the Puppet 4 master from the AIO package (especially passenger/rack)

[Felix Frank]

Hey Ramin and Michael,

thanks for your replies.

On 07/17/2015 11:53 PM, Ramin K wrote:
 I wrote a how-to on using different Rubies for your Puppet master and
 am using it to run a Ruby 2.1.6/Puppet 3.7.x master. I would attempt
 something similar in your case.

 http://ask.puppetlabs.com/question/16983/performance-improvements-without-updating-to-puppet-server/


 Install Passenger 4.x via packages. Doesn't need to be built on the
 Ruby you plan to use.
 Point to /opt/puppetlabs ruby via PassengerRuby vhost directive.

 Other than those two steps, it sounds like you're pretty close.

Yes, this does look pretty similar to what I attempted. Thanks for this
guide!
Things I learend:
1. Use the rack gem (as in your Gemfile) - this actually enabled
nginx/passenger to load Puppet for me.
2. Passenger 5 may have issues.

The latter is a little tough to solve with nginx, because I rely on
packages from Phusion themselves. Those currently come with Passenger 5.
However, I can reproduce the problems with Passenger 4 on an older
Debian 7 installation. So I'm ruling out Passenger 5 as the immediate
issue at this time.

On 07/18/2015 12:32 AM, Michael Stahnke wrote:
 For the AIO, you can certainly get passenger working. (Although we'd
 love to hear why PuppetServer isn't working or what you want).

Oh, puppetserver is working like a charm. I'm putting together
alternative instructions for nginx/passenger though, for those who have
reservations against the JVM.

This worked great with Puppet 3.x, so I hoped I could repeat with Puppet
4, but it proves more challenging.


 Config files on a gist: 

 https://gist.github.com/stahnma/cf89dfa79b053f138eb1

 This should get you most of the way there. You might have to sub out
 passenger versions or something. 

 export PATH=/opt/puppetlabs/puppet/bin:$PATH
 # install passenger
 gem install --no-rdoc --no-ri passenger
 # you need gcc, apr or build-essential installed
 # this command is different if using nginx
 passenger-install-apache2-module --languages ruby -a

I went for nginx packages from Phusion. From what I understand, regular
nginx cannot just load Passenger as a module. But I may look into
alternative ways of installation if this doesn't work.

 # create a puppet user
 # Add our user and group
 if getent group 'puppet'  /dev/null; then
   /usr/sbin/groupmod  --system 'puppet'
 else
   /usr/sbin/groupadd  --system 'puppet'
 fi
 if getent passwd 'puppet'  /dev/null; then
   /usr/sbin/usermod  --system --gid 'puppet' --home
 '/opt/puppetlabs/server/data/puppetmaster' --shell '/usr/sbin/nologin'
 'puppet'
 else
  /usr/sbin/useradd  --system --gid 'puppet' --home
 '/opt/puppetlabs/server/data/puppetmaster' --shell '/usr/sbin/nologin'
 'puppet'
 fi

Is it a design decision that the puppet-agent AIO package doesn't handle
this?

I realize that WEBrick is deprecated, but support is still there. It
strikes me as odd that the standalone master cannot operate after AIO
installation without the user performing the above steps manually.

As an aside - as far as I know, the Puppet master runs a catalog on
startup (before dropping privileges?) so should it not be able to take
care of this by itself?

 # create public dir
 mkdir -p/opt/puppetlabs/server/data/puppetmaster/public
 mkdir -p /opt/puppetlabs/server/data/puppetmaster
 mkdir -p /var/log/puppetlabs/puppetmaster

Done.

 chown puppet:puppet /opt/puppetlabs/server/data/puppetmaster/public
 /opt/puppetlabs/server/data/puppetmaster
 /var/log/puppetlabs/puppetmaster
 /opt/puppetlabs/server/data/puppetmaster/config.ru http://config.ru
 cp -p ./config.ru http://config.ru
 /opt/puppetlabs/server/data/puppetmaster/config.ru http://config.ru

Where exactly is this config.ru from? Again, it is quite definitely not
part of the PC1 packages for Debian.

 cp -p ./passenger-apache.conf
 /etc/apache2/sites-available/puppet-passenger
 sed -i 's/__PASSENGER_VERSION__/5.0.16/g
 /etc/apache2/sites-available/puppet-passenger

Eh, sure...for nginx there is not much by way of configuration
templates. I managed to compile one for the original Puppet Essentials
book that worked with Puppet 3.

It pretty much works for Puppet 4, but now I get the most informative
stack ever.

[ 2015-07-18 02:40:57.4131 3254/7fc55d886700 App/Implementation.cpp:303
]: Could not spawn process for application /etc/puppetlabs/puppet/rack:
An error occured while starting up the preloader.
  Error ID: 8013a2ba
  Error details saved to: /tmp/passenger-error-dMKrUn.html
  Message from application: exit (SystemExit)
  /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:452:in `exit'
  /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:452:in
`rescue in exit_on_fail'
  /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:438:in
`exit_on_fail'
 
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/command_line.rb:66:in
`execute'
  config.ru:44:in `block in main'

(/etc/puppetlabs/puppet/rack is indeed where I created the rack root.)

What I did to get 

Re: [Puppet Users] Running the Puppet 4 master from the AIO package (especially passenger/rack)

[Felix Frank]

On 07/17/2015 10:08 PM, Felix Frank wrote:
 Hi list,

 I'm currently trying to get Puppet 4 to work with nginx/passenger. I had
 that working with Puppet 3.x pretty well, but the new packaging stumps me.

 For one, the config.ru file is no longer being packaged, apparently.
 It's missing from my systems regardless of whether puppet-agent or even
 puppetserver are installed (having it in the latter would be kind of
 weird, too, I guess).

 Now I can retrieve the config.ru right from github, so that's not a
 blocker. Next issue: The puppet user and group is now owned by package
 puppetserver, apparently. Just getting the puppet-agent AIO will not
 create it on my Debian 8 system. (The fact that there is not yet a
 puppetserver package for jessie is an additional hinderance at this time.)

 Currently, both WEBrick and Passenger error out on this testing VM
 running Debian 8 with PC1.

 There should probably be tickets for these issues, but I'd like to
 gather some feedback first. Has anyone gotten their feet wet with
 non-puppetserver masters that run 4.x?

 Cheers,
 Felix

Following up on that story: Creating puppet user and group helped,
apparently. But no dice with passenger.

Using the OS Ruby will not work, obviously, since /opt/puppetlabs/... is
not in its lookup path. Works as designed. But then the vendored Ruby
from that tree has no rack support.

I failed to install the passenger gem there as well, because apparently,
Phusion only supports Ruby up to 2.1.3, whereas Puppet bundles 2.1.6.

I did try to get system Ruby to load Puppet by adding this at the top of
config.ru:

$LOAD_PATH.unshift('/opt/puppetlabs/puppet/lib/ruby/vendor_ruby')

But no dice. Puppet still cannot be loaded because (apparently) system
Ruby's openssl support is not up to par. Now perhaps it's possible to
load even more stuff from the vendored Ruby, but this whole approach
feels horribly wrong anyway, so I'm stopping right here.

As it stands, I guess if I really want to run Puppet 4 through
Passenger, I will need to install from source. Thoughts?

Thanks,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/55A972E4.4050204%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] how to export path in bashrc via puppet script

[Felix Frank]

Hi,

this whole approach is hardly ideal. Try and take a look at the
file_line type in the stdlib module. It will likely do exactly what you
need.

https://github.com/puppetlabs/puppetlabs-stdlib#file_line

As soon as you install the stdlib module, the type becomes available to
your manifests.

HTH,
Felix

On 07/16/2015 06:58 PM, ayya...@orzota.com wrote:
  exec { file1:
   command = /bin/echo export
 JAVA_HOME=/usr/lib/jvm/java-1.7.0-openjdk.x86_64;  /home/haas/.bashrc,
 }
 }


 i try to added java path. facing issue.

 Error: Could not retrieve catalog from remote server: Error 400 on
 SERVER: Syntax error at 'export'; expected '}' at
 /etc/puppet/modules/a/manifests/init.pp:3 on node
 ip-10-61-204-93.ec2.internal
 Warning: Not using cache on failed catalog
 Error: Could not retrieve catalog; skipping run

 Thanks for your commands.

 Thanks,
 Ayyanar

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/55A961D8.60907%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Net::ReadTimeout errors

[Felix Frank]

On 07/17/2015 10:37 PM, Tim Dunphy wrote:

 Hi Felix,

  Thanks for getting back to me! And yes, you are correct.
 Puppet/Foreman is running through apache/passenger. 

 And here's the vhost configurations. There's two of them, one for ssl
 and one for non ssl. Non ssl is first:


Hi Tim,

thanks, but those aren't the important ones I'm afraid. There should be
a vhost to bind port 8140. If there is not, please check carefully which
process is actually listening on that port. (If it's Ruby, I have bad
news and good news :-)

Best,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/55A96854.60500%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Net::ReadTimeout errors

[Felix Frank]

Hi,

I'm not very familiar with the puppet/foreman stack, so this might be a
silly question, but how is the master set up? Is it running through
Apache/Passenger?

In that case, can we see the Apache vhost configuration?

Thanks,
Felix

On 07/15/2015 05:12 AM, Tim Dunphy wrote:
 Hey all,

  I'm running puppet version 3.7.5 with foreman 1.7.4. Everything was
 going well with this setup for quite a long time. Many months at least
 it ran without even so much as a hiccup!

 Until recently when I started adding more nodes I've found this issue
 I'm having occurring every couple of days. Then as I added even more
 nodes it started happening every couple of hours!!

 The way I've always resolved it was to just reboot the puppet host.
 Which wasn't so bad at first. Not that I like frequent reboots as any
 kind of solution to a problem. But when I was having to do it once or
 twice in a weeks time it wasn't so bothersome.

 But now that it's occurring so often it's time to find a more
 permanent solution.

 Without further delay, here's the error I'm getting:

 #puppet agent --test

 Warning: Unable to fetch my node definition, but the agent run will
 continue:

 Warning: Net::ReadTimeout

 Info: Retrieving pluginfacts

 Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional
 resources using 'eval_generate': Net::ReadTimeout

 Error: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not
 retrieve file metadata for puppet://puppet.example.com/pluginfacts
 http://puppet.example.com/pluginfacts: Net::ReadTimeout

 Info: Retrieving plugin

 Error: /File[/var/lib/puppet/lib]: Failed to generate additional
 resources using 'eval_generate': Error 503 on SERVER: h1This website
 is under heavy load/h1pWe're sorry, too many people are accessing
 this website at the same time. We're working on this problem. Please
 try again later./p

 Error: /File[/var/lib/puppet/lib]: Could not evaluate: Could not
 retrieve file metadata for puppet://puppet.example.com/plugins
 http://puppet.example.com/plugins: Error 503 on SERVER: h1This
 website is under heavy load/h1pWe're sorry, too many people are
 accessing this website at the same time. We're working on this
 problem. Please try again later./p

 Info: Loading facts

 Error: Could not retrieve catalog from remote server: Error 503 on
 SERVER: h1This website is under heavy load/h1pWe're sorry, too
 many people are accessing this website at the same time. We're working
 on this problem. Please try again later./p

 Warning: Not using cache on failed catalog

 Error: Could not retrieve catalog; skipping run

 Error: Could not send report: Error 503 on SERVER: h1This website is
 under heavy load/h1pWe're sorry, too many people are accessing
 this website at the same time. We're working on this problem. Please
 try again later./p

 I'm running this host on a CentOS 7 host with 4GB of ram with a single
 core 2.4 GhZ processor. Right now I'm managing a collection of 25
 hosts with this puppet server. And as I mentioned I never really had
 this problem when I was managing less servers with this.

 So what I'm wondering is if adding more ram to the server would be the
 only way of solving this problem? Other than reducing the number of
 hosts that I'm managing with it.

 Thanks!

 Tim


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/55A96286.1070007%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] where is PC1 for Debian Jessie?

[Felix Frank]

On 07/07/2015 09:33 PM, Melissa Stone wrote:


  ...
  W: Failed to fetch http://apt.puppetlabs.com/dists/jessie/Release
  Unable to find expected entry 'PC1/source/Sources' in Release file
  (Wrong sources.list entry or malformed file)


 The release package for jessie has been updated, and this should no
 longer be an issue 

Hi Melissa,

thanks for looking into this! Happy to report that the above error is
indeed resolved for me.

Best,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/559F0F59.9050807%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] where is PC1 for Debian Jessie?

[Felix Frank]

Hi,

has anyone tried the PC1 on jessie yet? I just did the following:

wget http://apt.puppetlabs.com/puppetlabs-release-pc1-jessie.deb
dpkg -i puppetlabs-release-pc1-jessie.deb
apt-get update

but I get

...
W: Failed to fetch http://apt.puppetlabs.com/dists/jessie/Release 
Unable to find expected entry 'PC1/source/Sources' in Release file
(Wrong sources.list entry or malformed file)

No puppetlabs packages come available to apt.

Thanks,
Felix

On 06/09/2015 10:30 PM, Kylo Ginsberg wrote:
 Hey all,

 We're planning to release the next puppet-agent drop on June 22nd and
 that should include Jessie packages/repos.

 Meanwhile, you can grab jessie packages from our nightly builds, e.g.

 http://nightlies.puppetlabs.com/puppet-agent/3a6740a0753b6fb20d27e45071eedc29dd8b436c/repos/deb/jessie/PC1/puppet-agent_1.1.0.170.g3a6740a-1jessie_amd64.deb

 Builds only promote to nightly if they pass CI, but these are
 nightlies, so standard caveats apply.

 Thanks,
 Kylo

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5599BFB7.5090808%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Puppet Augeas Provider and augtool

[Felix Frank]

On 05/19/2015 01:35 PM, bjoern pohl wrote:
 ouch...
 just some minor modifications and it works :)
 augtool print *'*/files/etc/sudoers/Cmnd_Alias[alias/name = HOMEMGMT]'

 not sure what my shell is eating there... perhaps that slash...

The quotes, most likely :-)

Nice catch.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/555B7CB9.9000504%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Dependencies modules

[Felix Frank]

Hi,

it might be possible to get this to work. You would basically create a
profiles module per affiliate.

Putting all data into params.pp might be possible, but not ideal.
Consider implementing Hiera instead. Your hierarchy can dynamically
adapt to select appropriate data for each affiliate.

HTH,
Felix

On 05/16/2015 01:17 AM, Rafael Tomelin wrote:
 Hi people,

 My name is Rafael, i working with puppet, but in small environment.

 I will implement the puppet in large  environment. The company has 45
 affiliates and each unit have 1 firewall, 1 proxy, 1 AD, 1 VMWARE,
 Zabbix proxy, 

 I would like the create module with all information the units
 (affiliates) e after using dependencie the others modules.

 My idea create the example module:
 puppet module generate client-affiliates

 /etc/puppet/modules/client-affiliates/manifests/params.pp

 The params.pp, have all informations:
 ip dns
 domain
 network
 ip proxy
 ip firewall
 ip ntp
 

 or
 /etc/puppet/modules/client-affiliates/manifests/network.pp
 /etc/puppet/modules/client-affiliates/manifests/proxy.pp


 the archives, the information by service.

 And with using the others modules these with variables?

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5558CC0B.5000902%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] cant get variable to show in template (erb)

[Felix Frank]

Hi,

can you move the notify next to the file resource instead of the
variable declaration?

It seems most likely that there is some kind of scoping issue.

HTH,
Felix

On 05/16/2015 07:46 PM, Adam Winberg wrote:
 Hi,

 trying to populate an ifcfg template (network config) with ipv6
 config, but cant get one of my variables to show. The one I want to
 use is $ipv6_addr_cidr, but it just doesnt work, when my template is
 created the variable is not defined. I can see the 'notify' which I
 put right after defining $ipv6_addr_cidr, so I know I havent lost
 myself in my if statements. I have other variables in my network.pp
 (not shown below bc of snippet) which works.

 What am i doing wrong? Suspect it's something trivial, but I just cant
 see it. Help would be really appreciated.


 ---
 network.pp (snippet)

   
   # IPv6 stuff
   
   if str2bool($ipv6_enabled) {

 # Get the fourth octet from the node’s IPv4 address:
 $i4 = regsubst($ip,'^([0-9]+)[.]([0-9]+)[.]([0-9]+)[.]([0-9]+)$','\4')

 # Set ipv6 address space
 case $::network_eth0 {
   172.31.28.0:  { $ipv6_space = 2001:67c:274: }
   172.31.24.0:  { $ipv6_space = 2001:67c:274:XXYY }
   default:{ $ipv6_space = undef }
 }

 if $ipv6_space != undef {
   # Construct ipv6 address
   $ipv6_addr = ${ipv6_space}::${i4}

# Add network to address string, used in ifcfg template later
 $ipv6_addr_cidr = ${ipv6_addr}/64
 notify { ipv6 addr: $ipv6_addr_cidr:}
 }

   }
   
   # END IPv6 stuff
   

 file { ifcfg-$device:
   path= $cfgdir/ifcfg-$device,
   owner   = root,
   group   = root,
   mode= 644,
   ensure  = present,
   content = $ifcfg_template,
 }

 ---

 ifcfg.erb
 % if @ipv6_addr_cidr -%
 #IPV6ADDR %= @ipv6_addr_cidr %
 % end -%

 ---

 The results of above code is just:
 #IPV6ADDR

 but no variable value.

 Regards,
 Adam

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5558CD5B.2090600%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] fstab dilemma - pounding on file_line and augeas

[Felix Frank]

On 10/08/2014 04:20 AM, Dan White wrote:



 On Oct 7, 2014, at 4:17 PM, Felix Frank
 felix.fr...@alumni.tu-berlin.de
 mailto:felix.fr...@alumni.tu-berlin.de wrote:

 On 10/07/2014 09:55 PM, Dan White wrote:
 |Local hardening guidelines say that /usr/local and /var/log/audit
 have to be separate partitions.
 OK, so I make mount resources.

 Now the problem:  The order of the mount points in /etc/fstab makes
 a difference.
 I had /usr/local before /usr, and at boot, the mount of /usr/local
 failed because the mount point did not (yet) exist.

 So I need to ensure the line for /usr/local comes AFTER the line for
 /usr.

 HOW TO DO IT ? |

 We've been pondering this very problem quite some times here -
 because it really is a fundamental issue.

 I've been thinking of patching the very mount provider to make sure
 of this, but I haven't yet got around to it.

 Currently, your easiest way out will likely be to make the mount
 resources notify the exec of a
 perl/shell/ruby/some-snake-that-everyone-likes-for-some-reason script
 to repair fstab if need be.

 Cheers,
 Felix

 If I figure out how to get augeas to do it, I will, of course, share
 on the list. 
 If you want any help tinkering with the mount type, I am willing to
 assist. 

Hey y'all,

old thread. Oooold. However:
https://github.com/ffrank/puppet/tree/ticket/master/PUP-4619-sort-fstab-mounts

This branch has a fix. Not quite ready for merging, because some proper
tests are still missing, but any feedback is welcome.

Cheers,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5558F8D2.1010804%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] cant get variable to show in template (erb)

[Felix Frank]

Ah, sorry I missed that earlier: You are compiling the template
elsewhere, yes? Because the file resources uses the value of the
$ifcfg_template variable.

Please also debug the scope of the declaration of that variable. Is it a
parameter?

HTH,
Felix

On 05/17/2015 07:41 PM, Adam Winberg wrote:
 thanks for the tip, i tried and the notify outputs correct information
 (i.e the ipv6_addr_cidr variable value) even if put next to the file
 resource. But still no content in my template.

 I've been looking up scoping but as far as I've found there is no
 special scoping in if statements, or conditionals of any kind. But i
 might have missed something (clearly I have).

 //Adam

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5558DC6D.5090109%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] client certificate issue

[Felix Frank]

Hi,

there really is no way for the master to tell directly.

The best approach is to enable storing of reports (e.g. in PuppetDB) so
that you can monitor agent operation. Afflicted agents do not run and do
not report. Tools like Puppet Explorer can indicate this to you very
directly.

HTH,
Felix

On 05/07/2015 04:17 PM, Karel wrote:
 Hi,
 
 I have a problem with a certificate on some servers.
 
 C:\Program Files\Puppet Labs\Puppet Enterprise\binpuppet agent -t
 Error: Could not request certificate: The certificate retrieved from the
 master does not match the agent's private key.
 Certificate fingerprint: 93:85:FC:CF:32:19:43:33:75:43:B0:43:D3:60:4C:69
 To fix this, remove the certificate from both the master and the agent
 and then start a puppet run, which will automatically regenerate a
 certficate.
 On the master:
 puppet cert clean ..
 
 I would need to know if it is possible to track this issue from Puppet
 Master side. Is this communication logged somewhere to log files on
 Puppet Master servers?
 I need to know a list of clients that have the problem with the cert.
 
 Thanks,
 Karel

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/55534887.909%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Hiera single key/value lookup and create_resources for augeas

[Felix Frank]

Well you will have to devise a defined type that takes the variable name
as the resource title, and the value as an argument. Data structure has
to be

my_variables:
   my_project1:
 var1:
   value: value1
 var2:
   value: value2

Then the my_project1 hash is eligible for use with create_resources.

With Puppet 4 you can use iteration over the hash instead, so that no
data restructuring is necessary. If you are on a recent version of
Puppet 3, you can do the same thing using the parser=future setting.

HTH,
Felix

On 05/04/2015 02:56 PM, julien.a...@dayotech.fr wrote:
 Hi
 
 I want to manage an INI file with an undefined number of key/value records.
 I wish to add each var/value recording in a single file (manage by
 augeas) for each project, but I don't know how to make calls or pass the
 data to create_resources.
 Don't want to have a hash for each var/value, too boring to manage.
 
 So here's the Hiera file I write :
 ---
 my_variables:
   my_project1:
 var1:value1
 var2:value2
   my_project2:
 var1:value1
 var2:value2
 
 
 Any idea ?
 
 Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/55534BAD.8000802%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Preserving single quotes

[Felix Frank]

On 05/05/2015 08:25 PM, Marcos Renato wrote:
 Hi
 
 how to add this command line (alias ls='ls --color=auto') to a file 
 preserving single quotes?
 
 Thanks,
 
 Marcos

Are you trying to pass this through the content property?

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/55534ABF.7080104%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Running classes in a certain order

[Felix Frank]

On 04/01/2015 09:03 PM, Jason Gagui wrote:

 How would I make sure  the four classes run in the specified order above?

Hi,

an intermittent reboot implies that the three latter classes *cannot* be
evaluated during the same agent transaction as the first one. To
implement this, add a custom fact to the module, which indicates whether
the reboot after evaluation of the first class has succeeded. Include
the other classes only if this fact has the expected value.

As a side note, I see how such a triggered reboot is convenient, but I
would have reservations about deploying a module that will do that when
it deems necessary. It just feels kind of risky. An alternative could be
an explicit message (via notify resource) that the agent keeps adding to
reports until the operator reboots manually. That's just my 2c though.

Cheers,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/551C7C4A.4030907%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: nodes set to environment 'none'

[Felix Frank]

On 03/30/2015 02:15 PM, Romain P wrote:
 Hello Tim,

 Do you find a solution ?
 I have the same problem.

 Cheers
 Romain

Hi,

looks like Tim is using the Foreman. Are you?

In Tim's case, I suspect that this is a Foreman issue, or at least
related to its integration with Puppet.

HTH,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/551B47AE.80603%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Trouble with service resource detecting systemd as provider on FC19

[Felix Frank]

On 03/31/2015 07:38 PM, Huaqing Zheng wrote:

 appears to have fixed my facter problems but I would recommend using
 lsb facts instead in your forge modules going forward.

*sigh* such a can of worms.

FWIW, last time I looked for those in Debian, they were available only
if a certain package (which was not part of the base installation I
believe) was installed on the system. The LSB facts seemed to be rather
unsafe to me in that light as just as well.

Thanks for sharing the workaround in any case!

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/551B470E.4000806%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] puppetlabs/concat Problem on Windows

[Felix Frank]

On 03/13/2015 03:40 PM, Fraser Goffin wrote:
 I am attempting to use the puppetlabs/concat module on Windows, but
 having some problems.

I just found out that Richard has made an alternative that explicitly
does support Windows:

https://forge.puppetlabs.com/ispavailability/file_concat

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/55155487.5020604%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Creating a list of hosts

[Felix Frank]

On 03/26/2015 05:29 PM, Peter Berghold wrote:
 
 I watched the puppetdb log and it would seem something is being written
 to puppetdb and puppetdb is the backend for storeconfigs. 

Have you tried actually querying the PuppetDB contents?

https://docs.puppetlabs.com/puppetdb/latest/api/query/v2/resources.html

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/551445C5.7060102%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Creating a list of hosts

[Felix Frank]

On 03/26/2015 07:39 PM, Peter Berghold wrote:

 I guess you can't export such a thing?

You can. But your define is not called 'remotemaster'. Perhaps that is
the cause of the error.

Cheers,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/551466F6.9090807%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Provider/type with no name

[Felix Frank]

Hi,

what you're doing is more or less identical to composite namevars. The
codebase has support for *actual* composites, but last I heard, it's a
very fragile construct. I cannot advise to try and use it. Your own
approach may well be more sane.

On 03/24/2015 02:40 PM, Nick Howes wrote:
 Where it falls over is when I try to use the `resources` type to purge
 unmanaged chains and rules. Unless the resource is declared with the
 exact name that would have been pregenerated, it gets confused and
 will create and destroy the resource alternately on each run.

So one run removes a resource named X-Y-Z and the next run creates one
with that same name? Huh.

 Is this because I'm committing a terrible abuse of resource names, or
 down to the nature of the `resources` type (which I understand is
 itself a bit of a hack)?

Ahhh, well...the resources type is an oddball and somewhat limited. It's
not so much of a hack that your scenario wouldn't work.

Pretty strange. Can you try and make sure that the resources that are
being purged are really not part of the catalog? (Examine client-yaml in
$vardir on the agent.)

Any chance that the magic you use to generate resource names is subtly
non-deterministic?

Cheers,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/55134D4D.5040503%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Trouble with service resource detecting systemd as provider on FC19

[Felix Frank]

Hi,

it sure is disappointing that the most recent agent version will not
select the correct default provider on your FC19. Is systemd default on
this platform? Or have you configured this box this way explicitly.

If you want your manifest to behave like this on your FC19 boxen only,
you can do this on the global scope (e.g., site.pp)

if $operatingsystem == 'Fedora' and $operatingsystemmajrelease == '19' {
Service { provider = 'systemd' }
}

This sets a resource default if the node in question uses the specified
operating system.

HTH,
Felix

On 03/13/2015 03:05 PM, James Olin Oden wrote:
 I am on Fedora Core 19 using Puppet version 3.7.4.

 When I was trying ensure a service was configured to start I would do
 something like:

service { 'someservice':
ensure = 'running',
enable = true,
}

 But when I would run puppet apply I would get the following error:

Error: Could not enable someservice: Execution of '/sbin/chkconfig
 --add someservice'
returned 1: error reading information on service someservice: No such file 
 or
 directory
Error: /Stage[main]/Firewall::Linux::Redhat/Service[someservice]/ensure:
 change
 from stopped to running failed: Could not enable someservice: Execution of
 '/sbin/chkconfig --add someservice' returned 1: error reading information on
 service someservice: No such file or directory

 However if I told it the provider like:


service { 'someservice':
ensure = 'running',
enable = true,
provider = 'systemd',
}

 The puppet apply would work fine.   This however makes my resource non
 portable to systems not using systemd.   Is this a bug of some sort?
 Am I doing something wrong?

 Thanks...James


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/55135030.5070104%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] puppetlabs/concat Problem on Windows

[Felix Frank]

On 03/13/2015 03:40 PM, Fraser Goffin wrote:
 If I look at this file I can see that it indeed does not have read (or
 any other) permissions set.

 I tried adding values user, group and mode but to no avail.

 Can anyone suggest what I need to do here ?

Shot in the dark: Is the agent running without Admin privileges?

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/55134EDD.9010605%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet device file

[Felix Frank]

On 03/09/2015 05:59 PM, Sergiu Cornea wrote:
 Hello guys,
 
 I am trying to create a device files and I am not really sure if i'm
 applying the right check.
 
exec { creates_random_file_for_${name}:
   command = mknod -m 0444 ${dev_random} c 1 9,
   path= '/usr/local/bin/:/bin/',
   unless  = /usr/bin/test -c ${dev_random},
 }
 
 Can someone please guide me in the right direction?
 
 Thank you!
 
 Regards,
 Cip

Hi,

looks good to me. For debugging this, you can
1. run the commands by hand and
2. use the --debug flag to watch Puppet run them

HTH,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/54FF1052.5000102%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] puppet 2.7.26 certificate verify failed master and client the same

[Felix Frank]

Hi,

on the agent, try

puppet agent --configprint server

It likely indicates the FQDN of the old master. Change your puppet.conf
accordingly, so that the new FQDN is used instead.

[main]
server=gso0puppet01...

HTH,
Felix

On 03/04/2015 05:35 PM, Ed Deloye wrote:
 I am building a new puppet master server and trying to get it to run
 puppet on itself.
 
 I deleted everything in the /var/lib/puppet/ssl directory and generated
 a new cert.
 
 I get this error:
 err: Could not retrieve catalog from remote server: SSL_connect
 returned=1 errno=0 state=SSLv3 read server certificate B: certificate
 verify failed: [self signed certificate in certificate chain for
 /CN=Puppet CA: puppetmaster.internal.ZZZ.com]
 
 The system name is gso0puppet01. Running puppet cert -la gives this output:
 + gso0puppet01.internal.ZZZ.com
 (F9:B1:00:23:FD:72:6C:F9:51:B9:CC:D8:BF:8B:25:9B) (alt names:
 DNS:gso0puppet01.internal.ZZZ.com, DNS:puppet,
 DNS:puppet.internal.ZZZ.com)
 
 and openssl x509 -issuer -subject -noout -in
 /var/lib/puppet/ssl/certs/ca.pem
 issuer= /CN=Puppet CA: gso0puppet01.internal.ZZZ.com
 subject= /CN=Puppet CA: gso0puppet01.internal.ZZZ.com
 
 So it looks like the agent is trying to contact the old master server,
 puppetmaster. How can I make it use the new master server?
 
 Thanks,
 Ed

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/54F9B652.2080809%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet Open Source with own Certificates

[Felix Frank]

On 03/05/2015 08:33 AM, hoize wrote:
 
 I hope you can help me. At PuppetLabs-Docs I only found the
 configuration for Puppet Enterprise for my issue.

Hi,

apart from some path names, it should be applicable to open source puppet.

Can you link the specific howto you are following, and indicate where
you stumbled?

Thanks,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/54F9B6A7.5090700%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Order class with parameter

[Felix Frank]

Hi,

now I see - you're relying on https://github.com/thbe/puppet-yum to
handle the repo, yes?

You are lacking a crucial dependency then is all.

Class['::yum] -
Class['icinga::package'] -
Class['icinga::config'] -
Class['icinga::service']

I'm still a little confused as to how the yum module works, especially
the repoIcinga parameter. Anyhow, since you seem to rely on `contain`,
this dependency should do the right thing.

HTH,
Felix

On 03/06/2015 11:27 AM, Thomas Bendler wrote:
 Hi Felix,
 
 it's on the forge (https://forge.puppetlabs.com/thbe/icinga). The
 declaration of the repository is in the init section
 (https://github.com/thbe/puppet-icinga/blob/master/manifests/init.pp).
 
 The idea behind this is a generic module for yum that allows service
 modules to add repositories to the host specific for this service. In
 this case, the official Icinga repository should be added.
 
 The problem here is simple, the repository must be added before the
 packages gets installed. Unfortunately in the way I did it, the
 repository is not necessarily added before the packages get installed
 which result in a failed run for the first time. Second run is ok
 because the repositories are in place from the first run.
 
 Under normal circumstances I would use require to include class yum and
 yum::config::icinga but with parameters it would look cleaner.
 
 Regards Thomas
 
 2015-03-05 23:12 GMT+01:00 Felix Frank felix.fr...@alumni.tu-berlin.de
 mailto:felix.fr...@alumni.tu-berlin.de:
 
 On 03/04/2015 02:10 PM, Thomas Bendler wrote:
 /contain icinga::package/
 /contain icinga::config/
 /contain icinga::service/
 /
 /
 /Class['icinga::package'] -/
 /Class['icinga::config'] -/
 /Class['icinga::service']/

 Unfortunately the ordering isn't correct, the module try to
 install the service before the repository is added and usable.
 After the second run, everything is fine because the repository
 gets added during the first run and the configuration for the
 service could be finished. I know that require is under normal
 circumstances the solution for that situation, but in this case I
 can't call the class with the relevant parameter. Any hints?
 
 That's fine. The relationship arrows are adequate for what you want.
 
 Where is the repository declared? Is it a resource right in the
 icinga::package class?
 
 Can you make the whole module visible somewhere, or at least a rough
 sketch of it?
 
 Thanks,
 Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/54F9839F.6050407%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Share data between custom functions/resources/providers?

[Felix Frank]

On 03/06/2015 04:12 PM, Nick Howes wrote:
 I'm aware there are no functions in the example, which would be
 implemented either as a `define` in Puppet or as a custom type in Ruby -
 I was just expressing that I'm open to any solution, which may involve
 some helper function under the hood.

That's why I was asking so intently. Please be aware that functions in
the context of Puppet are usually custom parser functions, which serve a
purpose that has nothing to do with providers whatsoever.

 Having written all this, I've
 learned that the `firewall-cmd` frontend to firewalld can be used to
 manipulate these files, so a solution might be to write a provider that
 drives this command rather than manage the files directly.

That sounds promising. Please verify carefully whether a service and a
zone really need to exchange any information. Your Puppet model should
ideally make it possible to represent a complete configuration through a
set of distinct resources, each of which is self-sufficient.

Puppet will manage relationships such as ordering and dependencies for
you, conveniently defined in the DSL, just as between all other
resources that Puppet can manage out of the box.

If you face difficulty devising such a model for your use case, feel
free to ask for help on this list.

Once you arrived at a design, I would advise to implement it using
define() and exec {} first. Once you have some manifests that
successfully use these defined types, you can consider if it's worth the
effort to implement actual native types and providers to do that work
more efficiently (mind you, that effort is substantial in comparison to
a manifest-only approach).

HTH,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/54F9D275.6050106%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Inter-node dependency

[Felix Frank]

On 03/06/2015 06:50 PM, lupindet...@gmail.com wrote:
 hi, 
 
 thank you for the reply, however the end state really is to have both machine 
 in sync and working as pair of primary/standby Database log shipping.
 
 The flow therefore are:
 1) create backup in serverA
 2) copy to serverB
 3) restore copy serverB
 4) start replication mode serverB
 5) start replication serverA
 
 the crucial point of ordering dependency is between 4  5, I've done an 
 exported file resource on serverB to serve as flag for serverA to start but 
 it fails to complie the catalog since that dependency is not in the catalog 
 yet.

Hi,

I'm with Garrett - Puppet is an awkward fit for this task.

Have you considered a classic publish/subscribe queue such as RabbitMQ
or Gearman? Puppet can set those up for you, and your nodes can then
orchestrate themselves in a more natural fashion.

HTH,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/54F9E97C.6030207%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] External Facts in MODULEPATH/MODULE/facts.d/

[Felix Frank]

On 03/05/2015 11:55 PM, Dan White wrote:
 --external-dir=/var/lib/puppet/facts.d/ 

Ah. Good catch!

 It is not a bug.  It is an Undocumented Feature :D

Hah! Well I'm not convinced. UX bugs are still issues.

Cheers,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/54F8E1C2.7060601%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Order class with parameter

[Felix Frank]

On 03/04/2015 02:10 PM, Thomas Bendler wrote:
 /contain icinga::package/
 /contain icinga::config/
 /contain icinga::service/
 /
 /
 /Class['icinga::package'] -/
 /Class['icinga::config'] -/
 /Class['icinga::service']/

 Unfortunately the ordering isn't correct, the module try to install
 the service before the repository is added and usable. After the
 second run, everything is fine because the repository gets added
 during the first run and the configuration for the service could be
 finished. I know that require is under normal circumstances the
 solution for that situation, but in this case I can't call the class
 with the relevant parameter. Any hints?

That's fine. The relationship arrows are adequate for what you want.

Where is the repository declared? Is it a resource right in the
icinga::package class?

Can you make the whole module visible somewhere, or at least a rough
sketch of it?

Thanks,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/54F8D4E1.9090908%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Can't remove depreciated warning message

[Felix Frank]

On 02/09/2015 05:54 AM, David LeVene wrote:

 Any suggestions as to where to look next?

Hi, in case you're still struggling with this - you can try and locate
the catalog (in $vardir/client_yaml) and examine the package resources
for starters.

Good luck,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/54F8DAE6.9060704%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Share data between custom functions/resources/providers?

[Felix Frank]

Hi,

there might be ways to achieve this, but also plenty caveats.

You mention all of functions, resources and providers, but I see no
indication that all of them relate to your question. Are you aware of
the differences between the three?

Have you implemented anything already, or are you still in the interface
design phase?

Will Puppet do anything besides generating XML? Do you have any code to
do this already?

Thanks,
Felix

On 03/05/2015 03:22 PM, Nick Howes wrote:
 Hello,

 I am trying to define something that would let me do this, or
 something like it:

   fw_service { elasticsearch: 
 ports = [ '9200-9300' ],
 zone = work,
   }

   fw_zone { work:
 source_addresses = [ '10.0.0.0/16' ]
   }

 And for the fw_zone resource to be able to enumerate data from
 services that declared that zone name. Since it end goal is generating
 XML I could always use the concat module to create concat::fragments
 in the fw_service resource, but I wondered if there was any other way
 of passing data between functions within a catalog run? Going into
 Ruby is fine and I'm using future parser so any Puppet 4 API specific
 stuff would be usable.

 Cheers

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/54F8D3B7.2080202%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] External Facts in MODULEPATH/MODULE/facts.d/

[Felix Frank]

Hi Dan,

interesting, I think I can reproduce, with facter 2.4.1. Might be a bug.

I observe `puppet agent` opening my $vardir/facts.d files (through
strace), but not `facter -p`.

Cheers,
Felix

On 02/09/2015 05:41 PM, Dan White wrote:
 Puppet 3.7.3
 Facter 2.3.0
 running on RHEL 6

 Reference:
 https://docs.puppetlabs.com/facter/2.2/custom_facts.html#fact-locations

 I put a simple fact_file.txt in one of my modules to try this new feature.
 When I run puppet agent, I see the fact file deployed to
 /var/lib/puppet/facts.d/
 However, I cannot get it to come out on a command line.

 Here's the text file:

 patch_fact_1=hello
 patch_fact_2=there
 patch_fact_3=every
 patch_fact_4=one

 (Module name is patch)

 facter -p patch_fact_1 returns a blank line

 # facter -p patch_fact_1 --debug
 Found no suitable resolves of 1 for ec2_metadata
 value for ec2_metadata is still nil

 And a full facter -p list does not show my 4 new facts
 I am using /etc/facter/facts.d thru stdlib.  Do the two not play nice
 in the same puppet-sandbox ?

 I tried restarting the puppetmaster and re-running the agent - no change.
 I copied the file to /etc/facter/facts.d/ , prefixing the file name
 and all the fact names with other_ to keep them separate.  The
 other_ facts appeared immediately (no surprise), but the originals
 remain unavailable.

 A clue or two, please ?

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/54F8D7E8.5010103%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Provider throwing errors

[Felix Frank]

On 03/02/2015 05:18 PM, Peter Berghold wrote:
 
 I *believe* this is where I'm getting an error thrown such that:
 Error: /Stage[main]/Multibind::Mob_oam_svc/Bindconfigure[MOB_OAM_SVC]:
 Could not evaluate: wrong number of arguments (1 for 0)

Oh you do? :-)

Please run with --trace to confirm your suspicion.

HTH,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/54F5A1B9.9060308%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Defining custom type with a mandatory property

[Felix Frank]

Hi,

please note that this is a very unusual structure. Properties that are
not assigned a desired value will just be left as is by the agent. Upon
creating a new resource on the managed system, the *ensure* property can
impose a default value.

Are you sure that you want to force the user to supply a property value
that Puppet will keep enforcing?

If so, your code is almost correct, assuming that :absent is not a valid
value for your property. If it is, you may want to pick another default
such as :foo.

newproperty(:bp) do
  defaultto do :absent end
  validate do |value|
if value == :absent
  raise ArgumentError, 'bp' property is mandatory
end
  end
end

HTH,
Felix

On 02/10/2015 11:15 AM, Angel L. Mateo wrote:
 Hello,

 I'm trying to create my own custom type according to guide at
 http://garylarizza.com/blog/2013/12/15/seriously-what-is-this-provider-doing/.


 My problem is that I want one of the resource's properties to be
 mandatory and failed if the property is not defined. So in the type I
 have:

 newproperty(:bp) do
   defaultto do :absent end
   validate do |value|
 raise ArgumentError, 'bp' property is mandatory
   end
 end

 With this code, evertyhing seems fine when I'm programming puppet
 and if I try to create a resource without a bp property, I get the
 error message.

 But my problem is that with this code, I can't use puppet
 resource order, because I get the error too when it tries to get the
 list of resources already defined.

 Any help? 

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/54F39AA9.209%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Quick question about types/providers

[Felix Frank]

Can you make your code available somewhere, so that we can reproduce?

Generally, I'd like to second John's general advice: Do restart your
Puppet processes to make sure that changes to your Ruby code take effect.

Best,
Felix

On 02/27/2015 09:22 PM, Peter Berghold wrote:
 I think I discovered something, correct me if I'm in the weeds with
 this.  

 Seems certain patterns cannot be used as parameters for a type.   So
 far on my list

 version  
 ipv4listen
 rndcport

 that last one baffles me.

 bindconfigure { $mypersonality:
 #  ipv4listen=any,
   ipv6listen=any,
   # rndcport=951,
   statsport=8080,
   named='-n 2',
   ztp=no,
   m_notify=no,
   transfer=none,
   version='9.9.5-S1',
   state=on,
   notify= Service['named-all']

 }
  anybody see anything objectionable here?

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/54F36F6C.6070205%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Problem installing kernel from backports

[Felix Frank]

Hi,

running puppet with --debug will show you the check command that is run
to determine whether the package needs updating. It yields a zero exit
code apparently, so the 'unless' dependency is not hit.

https://github.com/puppetlabs/puppetlabs-apt/blob/0e3220711ba9ce05715c39c22771e34b81b41382/manifests/force.pp#L55

HTH,
Felix

On 02/24/2015 01:33 PM, Jochen Häberle wrote:
 Hi,

 I am having problems installing a kernel from backports on Debian Wheezy with 
 Puppet 3.7.4

 I am using puppetlabs/apt to manage Debian repositories and have the 
 following code for my note

   notice(getting kernel from backports...)
   apt::force { 'linux-image-amd64':
 release = 'wheezy-backports',
 cfg_files   = 'unchanged',
 cfg_missing = true,
 require = Apt::Source['Debian_Backports'],
   } -
   package { 'linux-image-amd64':
 ensure  = 'latest',
   }

 The notice is reached, but the kernel-package is not touched and stays at the 
 main Debian version

 The Apt repositoriy is declared elsewhere as

 apt::source { 'Debian_Backports':
   comment   = 'This is the Debian Backports mirror',
   location  = 'http://ftp.de.debian.org/debian',
   release   = 'wheezy-backports',
   repos = 'main contrib non-free',
   pin   = '200',
   include_src   = false,
   include_deb   = true,
 }

 The source file is present and apt-show-versions gives me the kernel from 
 backports I want to get. apt-get update is executed.

 I do not see the problem. Could anypne pls help me out???

 Thanks in advance

 Jochen

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/54F3729E.3010306%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Quick question about types/providers

[Felix Frank]

On 02/27/2015 05:02 PM, Peter Berghold wrote:
 can I guess that the first def mod is what is referred to as a getter
 and second is a setter?Can I stretch that inference to say that if
 the value being passed to the setter is the same as what the getter is
 seeing it won't be set again?
 

Yes, this is basically a getter/setter pair.

However, the idempotency is implemented closer to the type layer. The
transaction code will check whether properties are out of sync, and
invoke the provider = methods to take action if necessary.

On this higher level, your assertion should hold true. But I'm not sure
if that's what you were asking.

HTH,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/54F09689.7070607%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Exec on a node causing action on another node?

[Felix Frank]

On 02/27/2015 07:51 AM, Erling Ringen Elvsrud wrote:
 
 Do you think it is possible to handle this with Puppet?

Yes, but not relying on exec as heavily as you imply.

Your first step should be a custom fact that reports the state of the
certificate.

The manifest for the node examines the fact value and can decide to
*export* an exec resource to whomever is expected to take action.

Just so we're clear, if this is meant to refresh *puppet* certificates,
then you are likely running in futile circles, or opening yourself up to
grave security implications.

HTH,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/54F09765.3040600%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: how to prevent certificate revocation list (CRL) from expiring

[Felix Frank]

On 02/06/2015 05:15 PM, Josh Bronson wrote:
 I just filed https://tickets.puppetlabs.com/browse/ENTERPRISE-515 for
 this. The workaround is to disable CRL checking:

 1. Add certificate_revocation = false to the [agent] section of the
 puppet.conf file as described at
 https://docs.puppetlabs.com/puppet/latest/reference/config_ssl_external_ca.html,
 and
 2. comment out the line containing SSLCARevocationFile in
 /etc/puppetlabs/httpd/conf.d/puppetdashboard.conf.

Yes, and honestly, I really don't see what else Puppet could do in this
situation to help you out.

 I'm using FreeIPA as a certificate authority, and it uses that field
 to communicate to users when the next update will be ready. It seems
 to like to update it a few times a day. The trouble is, there is
 always going to be a moment *after* the update is ready but *before* a
 script has had a chance to update the CRL and restart the
 Puppetmaster. During this time, Puppet agent runs will fail. Is there
 any way to tell Puppet that slightly out-of-date CRLs are okay?
 Otherwise, I think the next step is to try disabling checks to the
 CRL, but I like the fact that Puppet checks it by default.

This is actually an issue with the CA, from my point of view. It should
really specify next update times that are sufficiently late after the
actual update, so that SSL clients don't run a risk of hitting that time
window. Perhaps there is a configuration setting to that effect?

Cheers,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/54D952A3.3050406%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] user creation in puppet nodes through PUPPET Master

[Felix Frank]

On 01/20/2015 03:45 PM, Johan De Wit wrote:
 http://puppetlabs.com/download-learning-vm
 
 Enjoy the journey

Beat me to the punch.

See you soon, Johan!

Best,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/54BE6A52.9090105%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Override facts from facter

[Felix Frank]

On 01/12/2015 03:55 PM, Felix Frank wrote:
 I think the issue is that facter/util is not supposed to be pluggable
 this way. Custom facts live in lib/facter/*.rb and that's the extent of
 it. I may be mistaken, but it seems consistent to me that this will not
 work.

Hi,

I just found that this is most likely a false assumption of mine.

https://github.com/puppetlabs/puppetlabs-stdlib/tree/master/lib/facter/util

So, yeah, that should work. Although I'm still not sure what Ruby will
do if you sync a file to util/ that is also present in the system wide
facter/util/ tree. It's likely safer to give unique names to your fact
code files, except when you are overriding existing facts (not their
utility functions, mind).

Best,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/54BD2D92.90408%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Rootless Puppet

[Felix Frank]

On 01/14/2015 09:55 AM, KEIGNAERT Mathieu wrote:
 Dear all,

 I am very new to puppet, I have been playing with puppet a long time
 ago, I haven't done anything recently with puppet but I try to follow it.
 One of my main concern with puppet and what I try to achieve is to
 have puppet running as both root and non root in the same time.

 It won't be a suprise to you but I want to use puppet as root user to
 setup and ensure the consistency of my server's configuration, and I
 would like my users to be able to use puppet to manage their
 applications configuration.
 I saw the video of Spencer, and now found this topic. As you correctly
 said, there is not a lot of documentation out there describing
 experience of people using puppet as non root.

 I believe things have changed since the last post on this subject here
 (Nov 2013) and I wanted to ask you guys if you have had some success,
 evolution in the way you use puppet as non root ? Anything changed
 with latest puppet versions to achieve this ?

 Mat

Hi,

I cannot supply a good user's perspective, but I run Puppet unprivileged
a lot, albeit for debugging and analysis only.

With Puppet 3.x, this works without issue. Users maintain individual
configurations in ~/.puppet/puppet.conf, and everything else defaults to
this location as well, e.g.

$vardir=~/.puppet/var

Just run `puppet agent --configprint all` to get a feeling of Puppet's
environment.

Sure, you cannot manage things from root's domain. Things like service
{} or package {} will not just work, although they are still viable for
e.g. the `base` provider for service, `gem` for package etc.

All things considered, I'm quite convinced that you can have a multitude
of agents sharing the same host, each with individual configuration and
data.

HTH,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/54B6F82E.6020007%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Conditional Require For File Type

[Felix Frank]

On 01/14/2015 03:47 PM, Jason Wever wrote:
 Hi All,

 I having a problem in where I'm defining a File Type and setting the
 requires parameter to use a variable name (e.g. requires = $foo).
 However, when I do this, the Puppet run doesn't act like it's
 translating the variable into what it should be set to.  $foo should
 resolve to either Class['a'] or Class['b'] depending on a particular
 fact, but the File Type is being processed by Puppet before Class['a']
 or Class['b'] has been processed.

 Is it possible to use a variable as the value for the requires
 parameter in a File Type?

 I've tried this with Puppet versions 3.5.1 and 3.6.1 but no change in
 behavior.  Haven't tried a 3.7.x.

 Thanks,

Hi,

this is not an ordering issue.

$foo = 'Class[a]'

The above string is not blessed into a class reference when used as the
value for an ensure parameter (apparently). Not quoting it makes no
difference.

This should work:

$foo = a

File[/path/to/file] { require = Class[$foo] }

HTH,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/54B6F51E.3070804%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Override facts from facter

[Felix Frank]

On 01/12/2015 01:22 PM, Davide Ferrari wrote:
 Hello!
 
 My code is basically this commit
 
 https://github.com/vide/facter/commit/c4060af48074c372a63409d81b836b79ff5d0427
 
 This patch works smoothly if I overwrite the files in 
 /usr/lib/ruby/vendor_ruby/

All right, awesome. Thanks for that.

I think the issue is that facter/util is not supposed to be pluggable
this way. Custom facts live in lib/facter/*.rb and that's the extent of
it. I may be mistaken, but it seems consistent to me that this will not
work.

I would hope that you can build your override in a fashion to
1. run the original resolution
2. modify the value to add the 'label' key in the way you need
...instead of copy-pasting the complete original fact code.

I'd need to go code-diving to find out how one would go about this
exactly, or whether it is at all possible. Please let us know if you
manage to build something like this on your own in the meantime :-)

Cheers,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/54B3E076.5090609%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] ordering ressopurces in defined types

[Felix Frank]

On 01/12/2015 05:03 PM, Michael Wörz wrote:
 Solved - tags do the job
 
 define mountentry($device,$mountpoint,$order) {
   @notify{$name:
 tag = [mount$order],
   }
 }
 
 class sysctl::mounts() {
   $m=$yaml['mounts']
   create_resources(mountentry,$m)
   Notify | tag == 'mount1' | -  Notify | tag == 'mount2' |
 }

Nice one, but you can even simplify.

Mountentry| title == '1_usr_sap' |
-
Mountentry| title == '2_usr_sap_lmp' |

HTH,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/54B40FDF.2040809%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] ordering ressopurces in defined types

[Felix Frank]

Ah, I see.

Still, out of curiosity - have you tried Mountentry| order == 1 | ...?

On 01/12/2015 07:42 PM, Michael Wörz wrote:
 generally yes,
 but in this case the names are only examples and dont know which names
 are defined in the database.
 so the order tag is a more generic way to seperate data from code. 
 but  anyway  - thanks
 
 
 2015-01-12 19:18 GMT+01:00 Felix Frank felix.fr...@alumni.tu-berlin.de
 mailto:felix.fr...@alumni.tu-berlin.de:
 
 On 01/12/2015 05:03 PM, Michael Wörz wrote:
  Solved - tags do the job
 
  define mountentry($device,$mountpoint,$order) {
@notify{$name:
  tag = [mount$order],
}
  }
 
  class sysctl::mounts() {
$m=$yaml['mounts']
create_resources(mountentry,$m)
Notify | tag == 'mount1' | -  Notify | tag == 'mount2' |
  }
 
 Nice one, but you can even simplify.
 
 Mountentry| title == '1_usr_sap' |
 -
 Mountentry| title == '2_usr_sap_lmp' |
 
 HTH,
 Felix
 

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/54B415D9.9040800%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Override facts from facter

[Felix Frank]

On 01/09/2015 03:48 PM, Davide Ferrari wrote:
 Hi

 I'm trying to override a fact from facter 2.3, called partitions
 with a custom version of this fact, via pluginsync.

 The problem is that the base file in
 /var/lib/puppet/lib/facter/partitions.rb, just like it's facter
 brother in /usr/lib/ruby/vendor_ruby/facter/partitions.rb has a

 require 'facter/util/partitions'

 and this require seems to me that, no matter what I do, try to
 includes other ruby files from /usr/lib/ruby/vendor_ruby/ and not
 /var/lib/puppet/lib/, even if I run facter -p.

 What's the correct way to override via pluginsync an already existing
 and complex fact like partitions ? I'm already specifying
 has_weigth 100 in /var/lib/puppet/lib/facter/partitions.rb because
 otherwise it wouldn't even consider my custom version, but it stops
 there.

 Thanks!

Hi,

I've done similar things with older versions of Facter. It should work.

Can you share your code, the result, and what you expect to happen?

Thanks,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/54B30F5D.3070005%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] defined types question

[Felix Frank]

On 01/10/2015 02:39 PM, Christopher Wood wrote:
 On Fri, Jan 09, 2015 at 01:51:28PM -0800, Drew wrote:
 I'm fooling around with some defined types and am struggling a little.
  The following is just a small example of what I'm doing while I work it
 out:
 #/etc/puppet/modules/testmodule/manifests/init.pp
 define testmodule ( $message ){
   testmodule::down { ${name}:
  message = test message for ${name},
   }
 }
 I think init.pp has to contain only the class with the same name as the 
 module.

Kind of like that, but backwards :-)

The class 'testmodule' must reside in init.pp. Any class or define *can*
be put there and the autoloader will find it all right. But it is better
practice to put everything in their own respective files.

The issue here is likely that the OP tries to `include testmodule` even
though there is no such class. Just get rid of this include statement -
instantiating your define will Just Work.

HTH,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/54B30B40.5010309%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] facter external fact tips?

[Felix Frank]

Hi,

On 01/08/2015 11:02 PM, Christopher Wood wrote:
 root@cwl:~# cat /etc/facter/facts.d/truefalsetwo.txt 
 truefalsetwo=true

I think it's fine for this one to return a string. After all, the output
of a script is just text. Converting to boolean would be trivial, but
less so for arrays, hashes etc. Having no conversion at all is a
consistent choice.

 root@cwl:~# facter -p truefalsetwo

 root@cwl:~# facter --external-dir /var/lib/puppet/facts.d truefalsetwo
 true

I noticed that before, but paid it no mind - `facter -p | grep
^truefalsetwo`. Not pretty but usually sufficient.

It would be nice to have a bug report for this, anyway :-)

Cheers,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/54B30EDC.7020806%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] puppet agent question

[Felix Frank]

On 01/10/2015 06:51 PM, Brian Lock wrote:
 If the puppet agent isn't running on a server and you issue the
 command  sudo /etc/init.d/puppet stop, and you have also disables
 execute access on the file /etc/init.d/puppet by chmod -x , why does
 puppet run from the master at its pre-prescribed time? 

Well, the init script is not the deciding factor at all. You *could* try
and remove the execute bit from the puppet binary itself but that's
Begging The Question ;-)

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/54B3107F.3010805%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Vagrant Puppetmaster Cert

[Felix Frank]

It sounds as if your master is doing Something Weird when it is launched
during startup of you Vagrant instance. What that is exactly is hard to
tell.

Try and manipulate the init (or whatever) script to enable some debug
logging. See if you can find out the cause for the failures.

If you cannot determine the root cause, consider a workaround such as a

@reboot service puppetmaster restart

cron job.

HTH,
Felix

On 01/08/2015 08:28 PM, Drew wrote:
 Yep, that's exactly what I'm saying.  Like I said, it's weird.  Maybe
 something with the time?

 Thanks!

 On Tuesday, January 6, 2015 6:21:14 PM UTC-5, Felix.Frank wrote:

 Hi,

 so are you saying that after SSL breaks, you can fix it by restarting
 the service?

 On 01/02/2015 08:39 PM, Drew wrote:
  Hey,
 
  I hope someone here can point me in the right direction.  I've been
  struggling with this for a few days and I can't seem to figure out
  what the issue is.  It's really strange.  I have a vagrant
  configuration that spins up a puppetmaster and a target machine
 that
  runs the agent.  When I initially do the 'vagrant up' all comes
 up and
  the agent is configured.  If I halt the puppetmaster and bring
 it back
  up, the agent fails to connect to the puppetmaster due to a
  certificate error.  If I simply restart the puppetmaster
 service, it
  connects without issue.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/54B30C99.1040107%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: many agents connecting at same time and 100+ nodes failed.

[Felix Frank]

Randomizing the time of logrotation as a workaround for this particular
issue seems drastic to me.

https://docs.puppetlabs.com/references/latest/configuration.html#splay

This may do the trick.

Cheers,
Felix

On 01/08/2015 08:27 PM, Christopher Wood wrote:
 Yes it does, and that's something that you would configure to not happen at 
 the same time (with fqdn_rand, or better, remote syslog).
 
 https://docs.puppetlabs.com/references/latest/function.html#fqdnrand
 
 I found some irritating hitches with running through a cut-down environment 
 using mcollective (plugin re-sync, usual hiccoughs with mcollective in our 
 environment), plus popular opinion here did not support adding to our lengthy 
 list of cron jobs. Long story short, we are still running the puppet agent as 
 a daemon. Which you would pick still depends on what criteria you are aiming 
 for.
 
 On Thu, Jan 08, 2015 at 04:40:05AM -0800, Suresh P wrote:
 Hi All,
  
 I have found one more issue.   
 When we install puppet agent, it creates logrotate which will kill the
 puppet and restart it.   We have configured logroate for all the nodes 
  at
 1st minute of everday(00:01).   Because of that all the node's puppet
 agent get reloaded at 00:01 minutes so all agents trying to connect the
 puppet masters at same polling interval.
  
 Regards,
 Suresh.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/54AFD9FF.2010606%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Trouble with class with _ in name

[Felix Frank]

On 01/07/2015 08:18 PM, Matthew Kennedy wrote:
 So changing this to:

 if ($profile == 'existantclass') {
   include profile::${separator}::${profile}
 }

 results in Error 400 on SERVER: Could not find class
 profile::app::existantclass for node1.vnet on node node1.vnet.

Wait, what, so the underscore is not relevant after all?

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/54AD88B8.3060204%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.