Re: [Puppet Users] Spaces in templates
Am 10.09.2010 um 14:50 schrieb Al @ Lab42: > I want to use these values in a single line of a template: > > host <% users_ldap_servers.each do |ldap| %> <%= ldap %> <% end %> > > No matter how many spaces I place around, no matter the absence of > trimming -%> I always get something like: > > host ldapm.example42.comldaps.example42.com > instead of: > host ldapm.example42.com ldaps.example42.com > > I think a solution could be to add a whitespace to "ldap" before > yielding it... but I haven't found the needed "few chars combo" (I > suppose). Try <%= ldap + " " %>, or even force ldap to a string (ldap.to_s) if it complains about not being able to add " " to a not-String. Felix -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] 30 min
Am 03.08.2010 um 15:11 schrieb parag(PK): > I dont want the daemon to run after every 30 mins ... > how can i change it to ...say 10 mins ...…. You could …say … read the docs? Or maybe …the manpage? http://docs.puppetlabs.com/references/latest/configuration.html#runinterval Felix -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: puppet variables
Am 09.07.2009 um 21:20 schrieb David Schmitt: > most available variables are defined by facter, which you can run on > the > commandline to see which vars have what values. Not completely, as IIRc puppet brings a few facts of its own that facter won't show when run on its own on the CLI. Regards, Felix --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Unable to get storedconfigs to work
Am 01.07.2009 um 03:24 schrieb Greg: > I've gotten it working with 2.3.2... But I did have to put in the > require lines > as was mentioned in a previous message... I must say that I'm not very happy with this solution as it seems more hackish than anything, but it does work when adding the few require lines. Anyhow, this should be fixed to work with the current stable rails, shall I reopen #2041 or file a new bug? Felix --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Unable to get storedconfigs to work
Hello Nigel, Am 29.06.2009 um 17:52 schrieb Nigel Kersten: > Do you possibly have multiple versions installed? I did, deleted all but the newest, no change. Felix --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Unable to get storedconfigs to work
Hello, I can't get storedconfigs to work, puppetmaster keeps complaining about "missing Rails". Fact is I do have rails installed, I even have a few rails apps running fine with a mysql backend in passenger. I have tried to localise a possible error by starting puppetmasterd with debug, but nothing obvious there, no help either in the logs. I also tried setting RUBYLIB to the gempath and even the paths to the gems, but that didn't help either. irb also is quite happy with the active record invocations puppet uses: """ irb(main):001:0> require 'rubygems' => true irb(main):002:0> require 'active_record' => true """ Here's the important part of the puppet.conf: """ storeconfigs = true dbadapter= mysql dbuser = puppet dbpassword = xx dbserver = localhost dbsocket = /var/lib/mysql/mysql.sock """ gem also lists rails and active_record as present: """ *** LOCAL GEMS *** actionmailer (2.3.2, 2.1.2) actionpack (2.3.2, 2.1.2) activerecord (2.3.2, 2.1.2) activeresource (2.3.2, 2.1.2) activesupport (2.3.2, 2.1.2) fastthread (1.0.7, 1.0.1) haml (2.0.9) passenger (2.1.2) rack (1.0.0, 0.9.1) rails (2.3.2, 2.1.2) rake (0.8.5, 0.8.3) """ Both sides are running a suse flavour and have puppet, resp. puppetmaster, at version 0.24.8. Any help to get storedconfigs going would be great, thanks! Felix --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: how do I submit a patch?
Am 11.06.2009 um 17:23 schrieb Paul Nasrat: > That all should be part of libc. Try apt-get install build-essential. Actually, libc6-dev was enough. """ Architecture: x86_64 CPU(s):2 Thread(s) per core:1 Core(s) per socket:1 CPU socket(s): 2 NUMA node(s): 1 Vendor ID: GenuineIntel CPU family:6 Model: 2 Stepping: 3 CPU MHz: 2659.996 Hypervisor vendor ID: KVMKVMKVM Virtualization type: full """ Ubuntu guest in KVM. Regards, Felix --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: how do I submit a patch?
Hi, Am 11.06.2009 um 15:41 schrieb Paul Nasrat: > gcc -o lscpu lscpu.c I get: """ lscpu.c:21:19: Fehler: ctype.h: No such file or directory lscpu.c:22:20: Fehler: dirent.h: No such file or directory lscpu.c:23:17: Fehler: err.h: No such file or directory lscpu.c:24:19: Fehler: errno.h: No such file or directory lscpu.c:25:19: Fehler: fcntl.h: No such file or directory lscpu.c:26:20: Fehler: getopt.h: No such file or directory lscpu.c:27:19: Fehler: stdio.h: No such file or directory lscpu.c:28:20: Fehler: stdlib.h: No such file or directory lscpu.c:29:20: Fehler: string.h: No such file or directory lscpu.c:30:25: Fehler: sys/utsname.h: No such file or directory lscpu.c:31:20: Fehler: unistd.h: No such file or directory """ on an ubuntu KVM guest with gcc installed. I suppose I lack some paths in some ENV variables, can anyone point me to which ones? Felix --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: templates, ERB include, import or whatever
Am 05.06.2009 um 19:57 schrieb Derek Yarnell: > So I have been doing some testing of content => template. Our site > has used a custom solution for configuration management w/ a mix of > rsync/m4/make and a little cfengine on the side. Now for us the > power of m4 is that not only you can do variable substitution but it > can include files. I am looking to be able to include files within > a template w/ ERB but from the documentation that does not seem > possible. Or even if it is possible to have a numter of templates > listed in my content=> that would be concatenated? > > Anyone else trying to do this or have done this? IIRC (and please do cross-check with the wiki/docu to make sure), the content attribute takes a string, whatever it is. template() is a puppet function that returns a string, which is a suitable content for the content attribute (sic). If you just want to concatenate a certain set of templates regardless of any logic, that would be a way to go. Regarding the erb templates and the possibility to include other files/ templates: rails does it, so it's possible, but I can't say if it's rails' or erb's doing. BR, Felix --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Vote for your favorite ticket
Am 04.06.2009 um 06:44 schrieb James Turnbull: > Nigel Kersten wrote: >> > >> That's exactly what I see. No arrows. > > This is now fixed. Can people confirm they can see arrows. I can see the arrows and it seems they work as expected. Tanks, Felix --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Vote for your favorite ticket
Hello, Am 03.06.2009 um 16:24 schrieb James Turnbull: > Can you clear your browser cache and try now please? Tried that, same result as before (pertinent part of the html source): """ translation missing: de, label_votes: 0 """ Even omitting the fact that there is no translation (could provide fr and de if you need), there are no arrows whatsoever. BR and thanks for the hard work, Felix --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: renaming module not working
Am 02.06.2009 um 14:48 schrieb Rene: > It cannot find the WLS class even it should be there. Does someone > have a solution for that, because its driving me nuts... Not sure if you can go caps on class/module names, can you? BR, Felix --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Configuring hosts with data from other hosts
Hello, Am 12.05.2009 um 08:51 schrieb steverfran...@gmail.com: > Or do I have to copy the IP address of the monitor host to each > machine, via an exported resource file, and then process it locally in > an exec script to build the correct ntp.conf? > That doesn't seem very puppet-ish... No, but I think you could build the ntp.conf for the clients on the monitor host (which knows its own IP adress :-) ) and distribute that through exported resources to the clients. BR, Felix --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Pitching puppet - how does it work question
Hi, Am 06.05.2009 um 16:40 schrieb LenR: > I'm trying to pitch puppet to my group. I have a test server & 2 > clients, things are going pretty well. The question relates to user > password management as outlined in the recipies. My question, if only > the hash value changes, will puppet apply that change? Who notices > the change, the client or the server? I need to explain how it works. The way I understand it, the server looks at the file when compiling the recipe for the client and calculates a hash value for the file. This hash value is the integrated in the recipe, which in turn is sent to the client. The client then looks at the files described in the recipe and checks if the hash values of the local files match the hash values sent by the server for those files. If they match, nothing happens, as the file is in the right state, if not, the client downloads the file from the server. That's a least the principle. You also have some layers of caching and checking timestamps to see if it's even necessary to recompute a hash, or if you can take the hash value from a previous run, and so on. BR, Felix --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Expert Idempotency Question: Multi-Mysql Installation File System Creation Question
Your definition seems fine and sound (on a quick look), just replace the part that is always the same (here being file { "/data01/ multi_mysql": ... }) with a virtual resource, and you're done Greets, Felix Am 16.03.2009 um 16:48 schrieb TomTom: > > Hi Bruce, > Thanks for the snappy reply. > I need to create X number of mysql_X directories under /data01/ > multi_mysql/. Sometimes I might need to only create one instance, > sometimes I might need to create as many as 10. How can I craft a > flexible class that will create and install X number? > For example > /data01/multi_mysql/mysql_A > /data01/multi_mysql/mysql_B > /data01/multi_mysql/mysql_C > /data01/multi_mysql/mysql_D > /data01/multi_mysql/mysql_E > /data01/multi_mysql/mysql_F > /data01/multi_mysql/mysql_G > /data01/multi_mysql/mysql_H > > Your suggestion for creating a class to do the file system creation is > a good one, but how would I make it flexible to create mysql_X number > of directories? I didn't think you could with a puppet class. That's > why I went down the path of trying to call a function (definition) > multiple times. More information on how you would implement a > flexible puppet class would be greatly appreciated. > > Thank you very much for your help. Ill buy you a beer at the first > puppet conference. :) > -Tom > > > On Mar 16, 11:33 am, Bruce Richardson wrote: >> On Mon, Mar 16, 2009 at 08:16:31AM -0700, TomTom wrote: >>> Second of all, when I try to run the second mysql_B installation, >>> puppet borks and says: >>> puppetd[23415]: Could not retrieve configuration: Duplicate >>> definition: File[/data01/multi_mysql] is already defined in file / >>> etc/ >>> puppet/manifests/definitions/dba/mysql_instance.pp at line 76; >>> cannot >>> redefine at /etc/puppet/manifests/definitions/dba/ >>> mysql_instance.pp:76 >> >>> I believe puppet is getting hung up on the "idempotency" (Not >>> sure if >>> I am using this word correctly) >>> Puppet is seeing the file definition when the function is called to >>> install the second instance, and is saying that the definition is >> >> By function I take it you mean "definition". >> >> Puppet only lets you define any resource once. If you have defined >> File['/data_dir/multi_mysql'] once, you can't define it again, no >> matter >> how deeply buried it is within nested classes or definitions. Don't >> panic one way to get around this is checking to see if the resource >> has >> already been defined and only creating it if not. So change your >> mysql_install_definition to have some thing like this: >> >> if defined( File["/$data_dir/multi_mysql"] ) { >> debug( "/$data_dir/multi_mysql already exists" ) >> } else { >> >> file { "/$data_dir/multi_mysql": >> mode=> 775, owner => "mysql", group => >> "sysadmin", >> require => File [ "/$data_dir" ], >> } >> } >> >> Another way to do this would be to have a class that creates the >> multi_mysql directory and have this definition include it. That >> would >> be more idiomatic puppetry, I think, because it sticks with the >> convention of using classes for things of which there is only one. >> >> -- >> Bruce >> >> What would Edward Woodward do? > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Expert Idempotency Question: Multi-Mysql Installation File System Creation Question
Hello, Am 16.03.2009 um 16:16 schrieb TomTom: > I am trying to puppetize a multi-mysql installation. Our mysql > consultant suggested that we use the pre-compiled binary installations > from mysql.com. > So a multi-instance mysql installation would look like > /data01/multi_mysql/mysql_A/ > /data01/multi_mysql/mysql_B/ > /data01/multi_mysql/mysql_C/ > > First of all, my puppet definition below tries to do the untar first, > and doesn't try to create the file system. I don't think I have my > require order correct. How can I fix that. Not sure what the tarextrat {} does, but wouldn't it be enough to require => Exec["some_alias"] (I'd pop in an alias => "some_alias" in the exec)? > Second of all, when I try to run the second mysql_B installation, > puppet borks and says: > puppetd[23415]: Could not retrieve configuration: Duplicate > definition: File[/data01/multi_mysql] is already defined in file /etc/ > puppet/manifests/definitions/dba/mysql_instance.pp at line 76; cannot > redefine at /etc/puppet/manifests/definitions/dba/mysql_instance.pp:76 > > I believe puppet is getting hung up on the "idempotency" (Not sure if > I am using this word correctly) > Puppet is seeing the file definition when the function is called to > install the second instance, and is saying that the definition is > previously defined. Does anyone know how to get around this. Try a virtual resource http://reductivelabs.com/trac/puppet/wiki/LanguageTutorial#virtual-resources . Basically, you define the resource somewhere outside the define, but it won't do anything on its own. You then put the realize function in the definition, which will make the resource do something if it's called at least once, but it won't bother puppet if the realize is called more than once. > My > instance installation class is: > define mysql_install_definition ( > $data_dir, $mysql_instance, $mysql_distro > ) { > $wget = "wget -q" > $build_area = "/usr/local/puppet" > > #data_dir should be there before this gets started > #file { "/$data_dir": > #mode=> 775, owner => "mysql", group => "sysadmin", > # } > > file { "/$data_dir/multi_mysql": >mode=> 775, owner => "mysql", group => "sysadmin", >require => File [ "/$data_dir" ], >} > > file { "/$data_dir/multi_mysql/$mysql_instance": >mode=> 775, owner => "mysql", group => "sysadmin", >require => File [ "/$data_dir/multi_mysql" ], >} > > file { "/$data_dir/log": >mode=> 775, owner => "mysql", group => > "sysadmin", >require => File [ "/$data_dir" ], >} > > file { "/$data_dir/log/$mysql_instance": >mode=> 775, owner => "mysql", group => > "sysadmin", >require => File [ "/$data_dir/log" ], >} > > exec { "wget -q ftp://$server_local/depot/precompiled/ > $mysql_distro": >cwd => "$build_area/KITS", >creates => "$build_area/KITS/${mysql_distro}", >require => [File [ "$build_area/KITS" ], File [ "/ > $data_dir/multi_mysql/$mysql_instance" ]], >} > >tarextract { "$buld_area/KITS/$mysql_distro": >source => "$build_area/KITS/$mysql_distro", >directory => "/$data_dir/multi_mysql/ > $mysql_instance", >newfile=> "INSTALL-BINARY", >uid=> "mysql", >gid=> "sysadmin", >compression => "gzip", > } > }#end of mysql_install define Peace, Felix Schäfer --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Alias for package list
Am 16.03.2009 um 13:40 schrieb Dave Cheney: > Would require => Package[$packagelist] fit the bill ? Haven't tried it, so take this with a grain of salt, but I'd wager you end with Package[["some", "software", "to", "install"]], which I don't think puppet can parse. Mit freundlichen Grüßen, Felix Schäfer --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Alias for package list
Am 16.03.2009 um 13:28 schrieb Keith Edmunds: > > I have a longish list of packages defined as: > >$packagelist = [ >"autoconf", >"autogen", >"automake", >"autotools-dev", >"bison", > ...] > > They are installed with: > >package { $packagelist: >alias => "wspkgs", >ensure => latest, >require => xxx >} > > Puppet seems to declare the alias for each individual package, so I > get > the following error: > > info: /Package[xterm]: Adding aliases "wspkgs" > info: /Package[build-essential]: Adding aliases "wspkgs" > debug: Reraising build-essential can not create alias wspkgs: object > already exists > at /etc/puppet/modules/workstation/manifests/init.pp:121 It does, as puppet will apply all 3 parameters (alias, ensure and require) to each and every entry in the array, which fails at the second element because the aiasl is already taken. > I want to be able to do a "require => Package["wspkgs"]. How can I > achieve > that? One way would be to put all this in a class and do a "require => Class["my_packages"]" or something like that, but I don't think it's very "puppety". I think the "prettier" way would be to add requires only as needed, and not on a loosely pieced together collection of packages. BR, Felix Schäfer --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: custom facts not working
Hello, Am 11.03.2009 um 11:22 schrieb Gary Law: > I've raised this ticket:- > > http://projects.reductivelabs.com/issues/2067 > > I'll update with what you say. I've no Xen box to test on, but > 'virtual' doesn't work for me on HyperV or Solaris Zones. KVM doesn't seem to be recognised correctly either, I'll update the ticket in Redmine. Felix Schäfer - Cyprès IT Solutions GmbH Löwenstr. 11a, D-44135 Dortmund Tel.: +49 231 576 2678 Fax.: +49 231 576 2676 Cyprès IT-Solutions GmbH / private limited company Geschäftsführer / General Manager: Martin Heitmann – Zahra Salimi Sitz der Gesellschaft / registered office: Dortmund Registergericht / commercial office Dortmund: HRB 20853 Steuernummer / Tax ID: 314/57711/1333 Umsatzsteuer-Identnr / VAT ident. No.: DE257871146 --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Best practices question
Hello, Am 10.02.2009 um 00:34 schrieb Eric Gerlach: > If I want to configure a file, say /etc/network interfaces, on all > of my Debian boxes, should I put the resource definition in: > > a) manifests/classes/debian.pp > b) modules/debian/manifests/init.pp > > I guess I'm asking whether people here have configured modules for > classes of > servers or not. > > As a followup if you choose a), where do you put that in your files > repository? > files/debian/etc/network/interfaces? > > I know neither of these questions have right/wrong answers, but I'm > done for > the day and it's what I want to start with tomorrow, so I thought > I'd seek some > advice before I do. I use modules, but I differentiate "programs" or "tasks" rather than OSes. I think you'll find abstracting the OS away makes thins much easier. What I ended up with were modules for apache, bash settings, cadaver, ntp, informix, whatever. In your case, maybe a module called network would make the most sense. Then, we have a common part in the manifests, and some specialisation blurbs depending on the OS. As you can supercede stuff in puppet, you can make the common part anything you like, and change everything in the OS specific part. E.g.: Say you have a file that always goes in /some/path/some_file, except in debian where it would go in /some/other/path/some_file, and that the file should be owned by root:root on every system, except on SLES where you want john:john to have the file. That would go somewhat like: """ ## example/manifests/manifest.pp: Example class class example { # Here, we put some class defaults through the first-letter-uppercase mechanism Exec { user => john, # all commands in this class will get executed as john unless specified otherwise } include "example::${operatingsystem}" } class example::base { # the default config, OS specific adjustment go into the "OS-classes" file { "/some/path/some_file": source => "puppet:///example/some_file", owner => root, group => root; } } class example::debian inherits example::base { # some_file has to be somewhere else on debian File["/some/path/some_file"] { path => "/some/other/path/some_file", } } class example::sles inherits example::base { # some_file gets another owner on SLES File["/some/path/some_file"] { owner => john, group => john, } } class example::suse inherits example::base { # nothing to change for suse } class example::solaris inherits example::base { # nothing to change for solaris } """ It makes for a bit more typing, but I've found my classes to be much more flexible this way. Hope this helps, if anything is unclear, feel free to ask again :-) Felix --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Pattern matching in case statement
Am 19.01.2009 um 13:08 schrieb : > I need my servers to decide which network they are in (i.e. dmz), > and the only clue is the servers IP-address. I was trying to > accomplish it like this, but it doesn’t work: > > case $ipaddress { > "10.1.1.*": { > $network = "net1" > } > "10.2.2.*.*": { > $network = "net2" > } > "10.3.3.*": { > $network = "net3" > } > } > > When I change the IP Address to a valid one (like 10.1.1.100) the > case works and the network variable is set accordingly. What’s the > correct way to do this? Go with a custom fact, either through an evironment variable on the clients, something like FACTER_NETWORK="net1", which will make a fact called $network available in your manifests, or "true" fact, for which I'd point you to the wiki. Another means would be to write a custom function, which would look somewhat like that (top of my head and not tested at all...): """ module Puppet::Parser::Functions newfunction(:network, :type => :rvalue) do |args| clientip = lookupvar('ipaddress') # this assigns $clientip the ipaddress fact of the current client ## Do some clever stuff with clientip, assign $clientnet some value clientnet end end """ The "clever stuff" obviously needs to be some ruby logic, either with nested if/elses or some matches, depending on what you feel most comfortable with. Felix Schäfer --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: revoking certificate failed
Am 19.01.2009 um 03:14 schrieb Paul Johnson: > Yeah, I read that documentation, but this still seems not so clear > to me. I thought someone using gentoo would have a little more insight in ssl certificate matters, but anyway, here it goes :-) > Here is my situation: > I installed puppet on several hosts and signed certificates for them > on master with puppetca some time ago. Recently I decided to rewrite > my manifests and deny all servers to retrieve configs from master > for that time. Why not just shut down the master, or shut down all the clients, or use environments for a 2- or 3-tiered release process? Trying to revoke certificates just to disable all hosts for a limited period of time is not what the certificates were designed for. > So I did puppetca --clean --all. This deleted all certificates from > master as I wanted, but hosts are still fetching configs and I can't > stop this now. I can't revoke them as well because puppetca says > there is no certificate for any host on master. I don't think --clean --all deleted the certificates from the master, if I understood you correctly, you deleted them by hand? I would urge you to let puppetca manage the certificates, it should have switches to handle 99,9% of all conceivable situations, I think meddling "by hand" with the certificates should only be done if you understand why you can't do this meddling with puppetca. Anyway, you won't be able to revoke the certificates if they are not present any more on the server (basic ssl). > Probably I can generate the certificates on master for all the hosts > and then revoke them, but this solution looks not right to me (and > I'm not sure this will work ok), is there any more proper way to do > this? If no, how can I let the hosts to continue to retrieve configs > after revoking certificates from them? I'm quite sure you'll be getting different certificates, so that won't be any good. If you really want to stop the clients from checking with the server at the ssl level, you could either erase the certificates on the clients, or make the clients upload their certificates to the server so that the server can revoke them, but you'll have to do that by hand, and you'll have to remove the certificates on the clients if you want them to check in again with the server, as the "old" certificates will have been revoked. All in all: the certification mechanism wasn't designed to "stop the clients from checking in on the server while I meddle with the recipes". To do that, you should use environments, check the wiki for more info on that, but basically, you can have many sets of recipes on the server (unstable/stable, or testing/production, or whatever you want to call them), and define on the client which set they'll get, and define the "default" environment on the server. Felix Schäfer --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: revoking certificate failed
Hello, Am 17.01.2009 um 19:25 schrieb Paul Johnson: > I have an issue with removing certificate from puppetmaster. When I > initially connect from client to master, then sign csr using > puppetca on master I can successfully retreive catalog on client, > but if I run puppetca --clean $hostname I am still able to retrieve > facts and catalog from master. I even deleted signed certificate > from $ssldir/ca/signed folder on master and still able to retrieve > catalog. How can this be fixed? --clean is not the same as --revoke: the former removes a host from the list of pending requests, the later removes the "right" of a client to talk to the master. Have a look at http://reductivelabs.com/trac/puppet/wiki/CertificatesAndSecurity for more details on certificates in puppet. Felix Schäfer --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: if file exists
Am 08.12.2008 um 22:14 schrieb Peter Meier: >> I think you'll want to try a custom function >> http://reductivelabs.com/trac/puppet/wiki/WritingYourOwnFunctions >> as they get executed server-side. Just cook up some ruby code to >> check for your file existence, and you're almost done. > > no, facts get always executed on the client. custom facts are sent > down to the client (if using factsync) and are executed there Not fact, function. The first 2 sentences of the link read: """ The Puppet language and interpreter is very extensible. One of the places you can extend Puppet is in creating new functions to be executed on the server (the host running puppetmasterd) at the time that the manifest is compiled. """ So yes, they get executed on the server and you can very well query the existence of files on the server. Felix Schäfer --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: if file exists
Am 08.12.2008 um 19:23 schrieb Jeff: > Is there a condition test to see if a file exists on the > puppetmaster? > > [...] > > I'm open to other ideas. The thought is I'd have one mechanism for > loading license files and I'd manage them inside directories named > after the $fqdn For this to work, I need that "exists" function. I think you'll want to try a custom function http://reductivelabs.com/trac/puppet/wiki/WritingYourOwnFunctions as they get executed server-side. Just cook up some ruby code to check for your file existence, and you're almost done. Felix Schäfer --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: how to define variables in "module" scope ?
Hello, Am 29.09.2008 um 18:40 schrieb Marc Fournier: > I have a bunch of variables that are used in several classes and > definitions, all part of the same module. > > As these variables are defined automatically based on system facts, I > would like to avoid having to declare them in each node that uses > classes or definitions from my module. > > Where would be the best place to put these variables ? I tried in > /manifests/init.pp as well as in an external file imported > from > within classes/definitions files but none work as I would have > expected. That's a discussion I had several weeks ago on IRC, but I can't remember with whom. IIRC, it basically makes a difference wheter the module is autoloaded or imported. My tests so far have shown that "module-scope" variables, i.e. e.g. such ones defined at the beginning of init.pp, get included if you import the module, but not if some class in the module is autoloaded. I think we had concluded that it would be nice to have "module-scope" variables in autoloaded classes and definitions, but had not followed the thought or the tests any further. I hope this answers some of your questions, and we can find a solution that suits everyone. Greetings, Felix Schäfer --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---