[Puppet Users] Re: environments for several internal customers?
philipp Hanselmann wrote: > But how can we ensure that the customers are separated? It should NOT > be possible for customer X to choose a environment from customer Y. > > Is there a way to implement this? You should probably run multiple puppetmasters, one per customer. Because each puppetmaster has its own ssl configuration, you'll be able to choose which puppetmaster a particular client can connect to. The obvious drawback is that each puppetmaster has to listen on a different port. I tried to define $ssldir differently between environments but it didn't worked out. It's likely the same kind of chicken and egg problem found with SSL virtual hosts. The environment name is not known by the server before the SSL handshake finish. François --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: GNI under 1.8.5
Ohad Levy wrote: > Do you have anything in your vendor/plugins/active_scaffold directory? > maybe its first git submodule init and then update ;) Or even "git submodules update --init" for the lazy. François --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: multiple ignore in file type
Hi,
nmay wrote:
> Tell me pls how can i use multiple ignore in file types
> by other words i wanna use such syntax:
> file { "/foo/dir":
> source => "puppet://host/fooscripts",
> notify => Service["fooservice"],
> recurse => true,
> ignore => [".svn", ".foo"]
> }
You should be able to use something like ".{svn,foo}" because according
the file type reference [1] you can use a pattern which will be matched
using ruby's builtin globbing engine which is described on [2].
François
1. http://reductivelabs.com/trac/puppet/wiki/TypeReference#file
2. http://www.ruby-doc.org/core/classes/Dir.html#M002322
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---
[Puppet Users] Re: Best Practices Rewrite - First Draft
Hi, David Schmitt wrote: > * Environments and the workflow surrounding them > > There is already UsingMultipleEnvironments, which has all the technical > stuff. Perhaps a few sentences about how to use the production, testing, > and development environment. I sketched a schema describing the use of multiple environments and git submodules for Puppet development. It's available on the wiki both in both OpenOffice Draw format and PDF. http://reductivelabs.com/trac/puppet/attachment/wiki/PuppetVersionControl/puppetmaster-git-submodules.odg http://reductivelabs.com/trac/puppet/attachment/wiki/PuppetVersionControl/puppetmaster-git-submodules.pdf I'll be glad if it could be useful for the best practices. It currently relies heavily on git features, but it's probably doable to sketch something similar with other versionning tools. François --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: nagios? naginator?
Hi Steve, Steve Wray wrote: > If I recall correctly, from last time I tried to use this feature, it > wasn't producing nagios configurations that actually worked in the current > nagios release. > > We are now on nagios 3.0.6 > > I'd like to know whether the current nagios code in puppet is working well > now? Yes, we're heavily using nagios 3.0.6 backported under Debian lenny and it works just fine. The module we're using is available there. http://github.com/camptocamp/puppet-nagios François --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: ssh_authorized_key completely ignoring "require"
seph wrote: > r...@mta-system:/tmp/ordering# puppet --verbose ordering-virtual.pp > info: Loading fact virtual > sh: Syntax error: Bad fd number > sh: Syntax error: Bad fd number > err: Could not create seph-2008: user seph doesn't exist > user seph doesn't exist Yes, this is likely a new occurrence of bug #1409 introduced by the fix for #2004. I'll have a look. François http://projects.reductivelabs.com/issues/1409 http://projects.reductivelabs.com/issues/2004 --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: puppetmasterd taking a lot of memory
Aj wrote: > I've noticed a significant drop in memory usage since disabling > storeconfigs (and thus, rails 'n stuff). Previously I'd have to > crontab restart the masters. Upgrading activerecord and associated libs to version 2.1.1 fixed a similar memory leak issues we had. François --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: virutal resources and ssh_authorized_key
Grzegorz Marszałek wrote:
> This is how I'm trying to do that:
> class admins {
> [...]
Sorry, my request was probably not clear enough.
It will be much easier if I could reproduce your problem using a simple
standalone recipe running directly with the puppet interpreter instead
of the full puppetd/puppetmasterd client-server stuff.
You can easily run such a recipe using "puppet --debug blah.pp" or even
by adding "#!/usr/bin/puppet" at the beginning of the file and setting
the execute bit.
By the way, I haven't yet made use of virtual resources. Perhaps this
problem has nothing to do with that particular type ?
François
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---
[Puppet Users] Re: virutal resources and ssh_authorized_key
Hi Grzegorz,
Grzegorz Marszałek wrote:
> I've got question - how to use ssh_autorized_key as a virtual resource?
> I've got bunch of users and ssh_authorized_key virtual resources, but
> only users gets to the target system - ssh keys not...
Unfortunately I cannot reproduce your problem. Could you write a
self-contained recipe showing this bug ?
The following recipe worked as expected on my system running puppet 0.24.5.
class admins {
@ssh_authorized_key{"francois":
ensure => present,
key=> "blahhh",
type => "rsa",
user => "francois",
tag=> "admin"
}
}
include admins
Ssh_authorized_key <| tag==admin |>
François
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---
[Puppet Users] Re: Proposed refactoring of ssh_authorized_keys
Hi Ryan,
You're correct, let's move that discussion into the mailing-list instead
of chatting in the tickets.
In #1644 you wrote:
> In my opinion, the proper design would be to have ONE ssh_authorized_key
> resource per user, and that you should be able to provide an array for both
> the "target" and "key" attributes. This way, all the user's specified keys
> would be added to all the specified authorized_keys file for the host in
> question. In it's current state, ssh_authorized_keys offers me only a
> fraction of the functionality needed to satisfy what I believe are normal use
> cases.
I cannot really agree on that point in your design because we'll lose
granularity. It won't be possible any more to install keys for a given
user in different parts of a recipe.
IMHO native types in Puppet really have to provide the maximum
granularity possible to be able to solve as many use cases as possible.
I'm still convinced that the right way to fix this issue without losing
granularity is to allows constructs like follows.
ssh_authorized_key{"foo":
ensure => present,
key=> "AAA..",
type => "rsa",
user => "root"
}
ssh_authorized_key{"foo":
ensure => present,
key=> "BBB..",
type => "dsa",
user => "root"
}
In ticket #1531:
The documentation is maybe not clear enough but usually you only have to
set the user attribute and leave the target out. The target is only used
to "force" a specific key file, when sshd looks for keys in a
non-standard location for example.
About the idea of using the key itself, a hash or the fingerprint as
namevar instead of the comment, I don't see it solving this issue if we
want to keep separate resources for each line in each authorized_keys file.
It's nice to see people using this code and lead to some constructive
discussion.
François
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---
[Puppet Users] Re: The puppet equivalent of mkdir -p
Teyo Tyree wrote:
> file {["$basedir", "$basedir/src", "$basedir/src/my",
> "$basedir/src/my/dir", "$basedir/src/my/dir/path" ]: #Just pass the
> file resource an array of files.
> mode => 0755,
> owner => jeff,
> group => jeff,
> ensure => directory,
> recurse => true
> }
Because resources do not have implicit ordering, you might run into
dependency problems with this example.
If you're not lucky enough, Puppet might try to create
"$basedir/src/my/dir/path" before "$basedir".
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---
[Puppet Users] Re: ssh_authorized_key not working?
Kenneth Holter wrote: > In what version was this resource type introduced? I'm running 0.24.4 > bur are getting "Could not find resouce type ssh_autorized_key..." It got introduced in 0.24.5 but you can also install it on previous versions using the pluginsync mechanism. François --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Managing SSH keys
Kenneth Holter wrote:
> But does this resource type manage the distribution of SSH public keys
> for setup of password-less login? If so, could you please provide a
> sample code for distributing the SSH public key for a server A?
No, the sshkey type only manages host key (ie. /etc/ssh/ssh_known_hosts).
You can use ssh_authorized_key available since puppet 0.24.5 to do what
you want.
Example:
ssh_authorized_key{"[EMAIL PROTECTED] on root":
ensure => present,
type => "rsa",
key=> "A...",
user => "root",
}
By the way, you still need a way to generate the SSH key private key
beforehand.
François
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---
[Puppet Users] Re: Managing Postfix Configuration
Darryl Ross wrote:
> What is the recommended way of managing something like the postfix
> configuration file? I would prefer _not_ to overwrite the config file with one
> stored centrally or using the templating system.
>
> Ideally I'd like to use the 'postconf' and 'postconf -e' programs to get and
> set options.
Yes, that's what we are using.
define postfix::config ($ensure = present, $value, $nonstandard = false) {
case $ensure {
present: {
exec {"postconf -e ${name}='${value}'":
unless => $nonstandard ? {
false => "test x$(postconf -h ${name}) == 'x${value}'",
true => "test x$(egrep '^${name} ' /etc/postfix/main.cf | cut
-d= -f2 | cut -d' ' -f2) == 'x${value}'",
},
notify => Service["postfix"],
require => File["/etc/postfix/main.cf"],
}
}
absent: {
fail "postfix::config ensure => absent: Not implemented"
}
}
}
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---
