Re: [Puppet Users] Active Directory integration for Linux and Solaris - possible with Puppet ?
- Original Message - | Dear Colleagues, | in our enterpreise environment we are planning to integrate two server groups | with Active Directory: Linux Systems and Solaris systems. | At the moment we are using RHEL 5/6 and Solaris 10/11. Doing it with RHEL/CentOS 6 and 7. Didn't test with Solaris | 1) Is it possible with Puppet ? Doing it. | 2) Is it possible to create central user management system base connected | with Active Directory and integrated with Linux and Solaris machines ? Yes | Maybe somebody done this already ? Maybe somebody can publish here some | opinions ? Yes | Thanks in advance for the answers. You're welcome | With kind regards | Zalezny -- -- James A. Peltier IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 604-365-6432 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices Twitter : @sfu_rcg Powering Engagement Through Technology -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/50826497.2261915.1441054106083.JavaMail.zimbra%40sfu.ca. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Continuous Availability
- Original Message - | I am trying to setup CA environment or puppet. How do i approach for the | solution and what are the options available? | Thank you in advance. Perhaps you're mixing two technologies? High Availability and Continuous Integration/Delivery/Deployment? -- James A. Peltier IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices Twitter : @sfu_rcg Powering Engagement Through Technology Build upon strengths and weaknesses will generally take care of themselves - Joyce C. Lock -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/742193047.23119275.1424367507646.JavaMail.zimbra%40sfu.ca. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Puppet module
- Original Message - | Trying to install the module vcsrepo with puppet, but really unsure how it | could be done. The commandline to install it is: | puppet module install puppetlabs-vcsrepo | Tried to install it this way, but that didn't work: | package { 'vcsrepo': | ensure = installed, | } | -- | You received this message because you are subscribed to the Google Groups | Puppet Users group. | To unsubscribe from this group and stop receiving emails from it, send an | email to puppet-users+unsubscr...@googlegroups.com . | To view this discussion on the web visit | https://groups.google.com/d/msgid/puppet-users/a834ec65-608a-42f0-842b-d10dd67d8003%40googlegroups.com | . | For more options, visit https://groups.google.com/d/optout . A module is not a package. The way to install modules is to use puppet module install on the command line or to manage it some other way, for example r10k or puppet-librarian, which can be used to manage modules that get installed on the server in an environment. -- James A. Peltier IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices Twitter : @sfu_rcg Powering Engagement Through Technology Build upon strengths and weaknesses will generally take care of themselves - Joyce C. Lock -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/913558440.17246196.1424028141114.JavaMail.zimbra%40sfu.ca. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] concurrent r10k runs?
- Original Message - | Hello, | Wondering if anyone knows if r10k handles concurrent runs of r10k gracefully? | Sort of the way running puppet agent from the command line will detect if a | run has already been kicked off via the daemon? | The use case I'm thinking of is: dynamic r10k run after git branch is updated | as is popular, plus a periodic r10k run via cron to discourage people from | getting too comfortable making changes directly in the environments | directory (since they know that their changes will be regularly 'lost' that | way, as opposed to lost at some unknown, possibly relatively distant future | time from the change, after another change goes through proper channels... | and likely gets the blame for whatever timebomb was left by the improper | change...) | This opens up the potential for a cron run and a git push to execute r10k | concurrently, and I was wondering if anyone knows what can be expected in | this case? | [ I know the better way is probably more tightly controlled access to the | environments directory, but for belt-and-suspenders, does anyone deploy with | r10k and cron on a schedule? ] | Thanks, | W. | -- | You received this message because you are subscribed to the Google Groups | Puppet Users group. | To unsubscribe from this group and stop receiving emails from it, send an | email to puppet-users+unsubscr...@googlegroups.com . | To view this discussion on the web visit | https://groups.google.com/d/msgid/puppet-users/011e02bf-0727-4d15-aca5-e8b8583c9f5e%40googlegroups.com | . | For more options, visit https://groups.google.com/d/optout . We use a lock file to ensure that only one R10K run can operate at a time. R10K does not work in a concurrent manner in our testing. -- James A. Peltier IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices Twitter : @sfu_rcg Powering Engagement Through Technology Build upon strengths and weaknesses will generally take care of themselves - Joyce C. Lock -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/974438063.35588977.1421694391587.JavaMail.zimbra%40sfu.ca. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Q: Maintaining installation profiles and privisioning using puppet
| On Friday, 21 November 2014 19:11:37 UTC, James Peltier wrote: | | You are talking about merging provisioning and management of machines in | | such | | a way that Puppet would control all aspects of the infrastructure, | | including | | what OS would be provisioned on the bare metal and then how it would be | | maintained throughout its lifecycle using Puppet. It sounds like you're | | interested in Puppet Razor ( | | https://docs.puppetlabs.com/pe/latest/razor_intro.html ). | | To be honest I'm not sure is it what I'm looking for. | Intro describing how razor works mention about new node identification. There | is no even single word how it works. Is it don by boot on new host some stub | system which identifies physical attributes? It catches some data from DCP | srver about new/unknown MAC addresses? | Node tagging with node identification: to be hones I'm not sure do i need it. | I don't want to start ANY installation if for example some newly appeared | physical host would be manually assigned to some exact template so all what | I need is only list of new/unidentified hosts. Appearance of new/unknown | host requesting to install something (DHCP requests) should be even treated | as alarm. | To be hones all what I need is transforming some puppet per host description | to DHCP config entry and generate some files: one in tftproot in | pxeboot,cfg/ directory and second one injecting files in http served | directory like kickstart file or in case Solaris profile and manifest. I'm | not going to use full aminstall because it is only frontend on maintain DHCP | configuration and assign profile/manifest. In other words I'm not going to | organize using puppet aminstall frontend. | From point of view maintaining kickstart or Solaris profile/manifests I need | only some generator of those files basing on data like used software | repositories, ability to describe used authentication, storage layout setup, | system setup like used DNS servers, etc | Tomasz If you don't know what you want to accomplish then asking us for help is going to be an exercise in futility. It sounds like you need to write a puppet module that will generate all the configuration necessary to make a machine install. Razor can do that. If that wouldn't work then you need to write the puppet code to do it yourself. -- James A. Peltier IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices Twitter : @sfu_rcg Powering Engagement Through Technology Build upon strengths and weaknesses will generally take care of themselves - Joyce C. Lock -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/44519995.10226126.1418004550347.JavaMail.zimbra%40sfu.ca. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Q: Maintaining installation profiles and privisioning using puppet
| Hi, | I just stated looking closer on the puppet so please forgive me if my | questions or dilemmas would be a little not accurate in context of puppet. | I'm trying to solve couple of problems with install infrastructure for more | than one OS. Let's say that initially would be rpm based Linux and Solaris. | Generally installation infrastructure across many hosts shares some set of | stages like a choosing set of software which needs to be installed, | authentication setup, choosing devices(s) used on install etc. | In case Linux to perform such set of operation you must have kickstart | profile which will do all what is needed. In case Solaris you must have | personalized AI profile and manifest. | Updating install profiles it is modifying set of KS profiles and for example | files with PXE bootloader configuration files in pxelinux.cfg/ directory | served by TFTP server. In case AI installer profiles and manifests must be | updated and imported to AI database. | Additionally on higher level it would be good to keep track some additional | settings like guarantee that none of two hosts will be sharing the same | addresses, updating DNS records, updating firewall settings or switches | ACLs. | In this case I'm not talking about automate simple installation but whole | multistage provisioning process which should be not started if some | dependence will be not fulfilled and/or even committing some new change in | setup should be refused if some inconsistencies will be not fulfilled. | I know that I can solve such set of problems using quattor and pan language. | Problem is that IMO quattor community has IMO real problems with lack of | understanding present days large scale installations in heterogeneous envs | which makes choosing this software in long term a bit risky. | Puppet seems has much healthier community and such risk is IMO way lower. | Questions only is am I will be able to solve all my above problems with | install infrastructure using puppet using set of templates, with per host | parameters, dependency rules and checking automatically on updating host(s) | install settings automatically to start whole cascade of updates in | provisioning process set of additional actions to update DNS, other files on | some hosts easier than using quattor? | If such answer would be positive can I ask someone to point on some needed | here documentation(s) to dig by myself for necessary details? :) | I'll be really appreciated any comments or advice If anyone is using puppet | or other software solving something similar :) | Regards | Tomasz You are talking about merging provisioning and management of machines in such a way that Puppet would control all aspects of the infrastructure, including what OS would be provisioned on the bare metal and then how it would be maintained throughout its lifecycle using Puppet. It sounds like you're interested in Puppet Razor (https://docs.puppetlabs.com/pe/latest/razor_intro.html). -- James A. Peltier IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices Twitter : @sfu_rcg Powering Engagement Through Technology -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/2131372170.97964324.1416597082627.JavaMail.zimbra%40sfu.ca. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Managing multiple types of mounts
Please disregard this. I was mistaken in syntax and it works as it should. - Original Message - | - Original Message - | | Hi All, | | | | I have an issue whereby I need to manage a mount that is a physical | | mount of a device as well as a bind mount entry. | | | | | | Physical Mount | | == | | | | file { /exports: | | owner = root, | | group = root, | | mode = 771, | | ensure = directory, | | } | | | | file { /exports/homes: | | owner = root, | | group = Domain Users, | | mode = 2771, | | ensure = directory, | | require = File[/exports], | | } | | | | file { /srv: | | ensure = directory, | | } | | | | file { /srv/homes: | | ensure = directory, | | require = File[/srv], | | } | | | | | | mount { /exports/homes: | | device = LABEL=homes, | | fstype = xfs, | | ensure = mounted, | | options = inode64,nobarrier,delaylog,uquota,grpquota, | | atboot = true, | | require = File[/exports/homes], | | } | | | | | | But then I also need a bind mount | | | | mount { /srv/homes: | | device = /exports/homes, | | fstype = none, | | ensure = mounted, | | options = bind, | | atboot = true, | | } | | | | Sorry this is a mistype. It should be this | | mount { /export/homes: |device = /srv/homes, |fstype = none, |ensure = mounted, |options = bind, |atboot = true, | } | | | | -- | James A. Peltier | Manager, IT Services - Research Computing Group | Simon Fraser University - Burnaby Campus | Phone : 778-782-6573 | Fax : 778-782-3045 | E-Mail : jpelt...@sfu.ca | Website : http://www.sfu.ca/itservices | | “A successful person is one who can lay a solid foundation from the | bricks others have thrown at them.” -David Brinkley via Luke Shaw | | -- | You received this message because you are subscribed to the Google | Groups Puppet Users group. | To unsubscribe from this group and stop receiving emails from it, | send an email to puppet-users+unsubscr...@googlegroups.com. | To post to this group, send email to puppet-users@googlegroups.com. | Visit this group at http://groups.google.com/group/puppet-users. | For more options, visit https://groups.google.com/groups/opt_out. | -- James A. Peltier Manager, IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices “A successful person is one who can lay a solid foundation from the bricks others have thrown at them.” -David Brinkley via Luke Shaw -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Managing multiple types of mounts
Hi All, I have an issue whereby I need to manage a mount that is a physical mount of a device as well as a bind mount entry. Physical Mount == file { /exports: owner = root, group = root, mode = 771, ensure = directory, } file { /exports/homes: owner = root, group = Domain Users, mode = 2771, ensure = directory, require = File[/exports], } file { /srv: ensure = directory, } file { /srv/homes: ensure = directory, require = File[/srv], } mount { /exports/homes: device = LABEL=homes, fstype = xfs, ensure = mounted, options = inode64,nobarrier,delaylog,uquota,grpquota, atboot = true, require = File[/exports/homes], } But then I also need a bind mount mount { /srv/homes: device = /exports/homes, fstype = none, ensure = mounted, options = bind, atboot = true, } So I wind up with the following in /etc/fstab LABEL=homes /exports/homes xfs inode64,nobarrier,delaylog,uquota,grpquota 0 0 /srv/homes /exports/homes nonebind0 0 Currently this results in a Could not retrieve catalog from remote server: Error 400 on SERVER: Duplicate declaration: Is there a way that I can manage both the bind mount and the physical volume mount at the same time. -- James A. Peltier Manager, IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices “A successful person is one who can lay a solid foundation from the bricks others have thrown at them.” -David Brinkley via Luke Shaw -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Managing multiple types of mounts
- Original Message - | Hi All, | | I have an issue whereby I need to manage a mount that is a physical | mount of a device as well as a bind mount entry. | | | Physical Mount | == | | file { /exports: | owner = root, | group = root, | mode = 771, | ensure = directory, | } | | file { /exports/homes: | owner = root, | group = Domain Users, | mode = 2771, | ensure = directory, | require = File[/exports], | } | | file { /srv: | ensure = directory, | } | | file { /srv/homes: | ensure = directory, | require = File[/srv], | } | | | mount { /exports/homes: | device = LABEL=homes, | fstype = xfs, | ensure = mounted, | options = inode64,nobarrier,delaylog,uquota,grpquota, | atboot = true, | require = File[/exports/homes], | } | | | But then I also need a bind mount | | mount { /srv/homes: | device = /exports/homes, | fstype = none, | ensure = mounted, | options = bind, | atboot = true, | } | Sorry this is a mistype. It should be this mount { /export/homes: device = /srv/homes, fstype = none, ensure = mounted, options = bind, atboot = true, } -- James A. Peltier Manager, IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices “A successful person is one who can lay a solid foundation from the bricks others have thrown at them.” -David Brinkley via Luke Shaw -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] repositories
- Original Message - | Hi, | I need to have yum repository entries | for this OS: | root@vs01 yum.repos.d]# uname -a | Linux vs01.usa.com 2.6.18-128.2.1.5.10.el5xen #1 SMP Thu May 16 | 15:07:41 PDT 2013 i686 i686 i386 GNU/Linux | [root@vs01 yum.repos.d]# | What are the appropriate entries | for /etc/yum.repos.d/puppetlabs.repo for the above? | Thanks. | --Stuart Something more useful would be lsb_release -a or the output of factor. This information is really not all that useful. -- -- James A. Peltier Manager, IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices “A successful person is one who can lay a solid foundation from the bricks others have thrown at them.” -David Brinkley via Luke Shaw -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Deploying system configurations with another tool?
- Original Message - | On 07/05/2013 02:46 PM, David Schmitt wrote: | | One of the big arguments for puppet is the unifying aspect of devs | and | ops to use the same tool/language/process, which improves | cooperation, | agility and quality of the work. This indicates that your | application | deployment should be integrated into your puppet manifests and | those | manifests should be integrated into the application | development/release | cycle. | | But how are they integrated in your environment? What would you do in | my | case? In my environment we choose the right tool for the job, point blank. We put as much into puppet as we can, but we understand that it isn't the be-all-end-all tool. Understanding where the lines of delineation are is an important aspect to configuration management. It does require some extra work to ensure that we're not stepping over each others toes all the time, but it also helps each group understand what each other is trying to achieve. Where we can make use of puppet instead of some other tool we decide during a meeting so everyone knows who's responsible for what. | Another big point in puppet's favor is that it doesn't want to be | the | be-all-end-all. If there's a tool that is better suited to a task | (the | prime example being package managers) then *please* use that. This | indicates that if capistrano is a good match for your | organization's | application deployment (especially in the area of orchestration | across | nodes and rollback it leaves puppet in the dust), then you should | leverage those capabilities. | | And that's exactly why are we using another tool for the job. Assuming there have been the proper discussions made this is not an issue whatsoever. In fact it's good. snip | This is a non-issue as the deployment process will always be able | to | push the changes it needs into the system. So a subversion (no pun | intended) of the deployment process will always be a death knell, | independent of the used tool. So either the devs have the need and | right | to modify those configuration files, or they don't. If they have | the | need and right, then they also share the responsibility for the | system. | | Yeah, but things have to stay pretty tight. For example: if you | enable | some user account to push files into dot-d directory, not-if-but-when | that account gets broken into, you have a possibility of privilege | escalation. | | So, allowing the write privilege for that directory obviously is not | a | good choice. Whether that push has been done via puppet or some other tool is irrelevant. If the account is compromised it's been compromised. You need to ask yourself if using puppet vs some other tool changes this fact in *ANY* way. If something is wrong, it was wrong from the time of deployment and has therefore *ALWAYS* been wrong. I don't know of any tool that can stop this. Mitigate maybe, but stop it entirely, not a chance. Just my 2c. -- James A. Peltier Manager, IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices “A successful person is one who can lay a solid foundation from the bricks others have thrown at them.” -David Brinkley via Luke Shaw -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] puppetlabs-apache module a2mod
Hi All, I'm trying to use the Puppet Labs Apache module from the forge or the git repo and when I install it, and then add class {'apache': } inside the node definition I end up with the error Could not retrieve catalog from remote server: Error 400 on SERVER: Resource type a2mod doesn't exist at /etc/puppet/modules/development/apache/manifests/init.pp:69 on node I saw the ruby type and provider a2mod get installed when added to the development environment, but I'm not sure why this is failing. Any pointers? -- James A. Peltier Manager, IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices “A successful person is one who can lay a solid foundation from the bricks others have thrown at them.” -David Brinkley via Luke Shaw -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] puppetlabs-apache module a2mod
- Original Message - | Hi All, | | I'm trying to use the Puppet Labs Apache module from the forge or the | git repo and when I install it, and then add | | class {'apache': } | | inside the node definition I end up with the error | | | Could not retrieve catalog from remote server: Error 400 on SERVER: | Resource type a2mod doesn't exist at | /etc/puppet/modules/development/apache/manifests/init.pp:69 on node | | | I saw the ruby type and provider a2mod get installed when added to | the development environment, but I'm not sure why this is failing. | Any pointers? Darn my fat fingers. This is on RHEL 6.4, Puppet 2.7.21 (Server and Client). -- James A. Peltier Manager, IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices “A successful person is one who can lay a solid foundation from the bricks others have thrown at them.” -David Brinkley via Luke Shaw -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] How to apply condition such that jdk doesnt download if its already downloaded in the code given
We just download the RPMs and place them in a custom repository. That way we don't mess with the exec stuff or anything. Is there any reason you don't use the RPMs - Original Message - | Hi all, | Can u pls provide me the solution for this | class main { | $software = /app/tcs/puppetdemo/software | $server = /app/tcs/puppetdemo/server | exec{download_jdk: | command =/usr/bin/wget $URL, | cwd =$software, | } | exec {untar_jdk: | command = /bin/tar -C /app/tcs/puppetdemo/server/ -zxf | /app/tcs/puppetdemo/software/jdk1.6.0_24.tar.gz, | cwd = $server, | } | Exec['download_jdk'] - Exec['untar_jdk'] | } | -- | You received this message because you are subscribed to the Google | Groups Puppet Users group. | To unsubscribe from this group and stop receiving emails from it, | send an email to puppet-users+unsubscr...@googlegroups.com. | To post to this group, send email to puppet-users@googlegroups.com. | Visit this group at http://groups.google.com/group/puppet-users?hl=en | . | For more options, visit https://groups.google.com/groups/opt_out . -- James A. Peltier Manager, IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices “A successful person is one who can lay a solid foundation from the bricks others have thrown at them.” -David Brinkley via Luke Shaw -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Puppet LVM create volume maximum size
On 8 January 2013 22:22, ollies...@googlemail.com paul.seym...@barcap.com wrote: | | Never mind sorted it with the help of | | http://projects.puppetlabs.com/issues/14718 | | Nice one. I thought it was just my wrapper around it. The doc implies | setting size to undef, which I've never been able to get working: | * size | The size of the logical volume. Set to undef to use all available | space That's what the documentation says but there's no code in the current git repo to make it work. That patch adds support. It's still not been merged sadly. :( -- James A. Peltier Manager, IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices http://blogs.sfu.ca/people/jpeltier The smartest people are constantly revising their understanding, reconsidering a problem they thought they’d already solved. They’re open to new points of view, new information, new ideas, contradictions, and challenges to their own way of thinking. - Jeff Bezos -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Systems Provisioning
- Original Message - | I'm wondering what people are doing systems provisioning with, ie the | process that gets puppet installed onto a system, running for the | first time, and also the handling of certificate signing and so | forth. | I don't see this topic discussed much. | | The mc-provision tools at | https://github.com/ripienaar/mcollective-server-provisioner don't | seem | to be actively developed anymore, or at least I wasn't able to find | enough documentation to be able to effectively make use of it. | | Doug We have some custom written tools that look after management of our systems since we're integrating with a very large Active Directory in an environment that requires us to pre-stage machines into certain locations. This tool generates a puppet manifest that manages the generation and removal of puppet keys from a central mirror server that all of our clients fetch as part of our post configuration. Essentially, the hosts ensure that they have a proper FQDN, then they fetch the puppet certificates from the mirror server and proceed to run puppet and configure themselves. You can also use other tools like The Foreman to provision machines. MCollective is certainly actively developed but perhaps that module is not. -- James A. Peltier Manager, IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices http://blogs.sfu.ca/people/jpeltier Success is to be measured not so much by the position that one has reached in life but as by the obstacles they have overcome. - Booker T. Washington -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] RHEL Kickstart and Puppet certificates
- Original Message - | Hello everybody, | we´re using Red Hat Kickstarts for some systems. On every new | kickstart we´ve to delete the client certificate first on the | master. | Ist there a best practise to renew the certificate or delete it | remotely on the master? | kind regards, | Ano | -- | You received this message because you are subscribed to the Google | Groups Puppet Users group. | To view this discussion on the web visit | https://groups.google.com/d/msg/puppet-users/-/6U_6f-jW734J . | To post to this group, send email to puppet-users@googlegroups.com. | To unsubscribe from this group, send email to | puppet-users+unsubscr...@googlegroups.com. | For more options, visit this group at | http://groups.google.com/group/puppet-users?hl=en. We manually sign the certificates and place them in a secure location that can downloaded as part of the post configuration of the host. We have automation to commission/decommission hosts which generates or removes the certificate server side. -- James A. Peltier Manager, IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices http://blogs.sfu.ca/people/jpeltier Success is to be measured not so much by the position that one has reached in life but as by the obstacles they have overcome. - Booker T. Washington -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] plugin sync and different platforms
Hi All, I'm trying to write some plugins that should only be sync'd if they're for a specific platform. For example, in our environment we're supporting Solaris, Ubuntu, Fedora, CentOS and Mac OS X. We've developed some OS X plugins and some Solaris plugins but we've noticed that our Linux hosts have imported our OS X plugins and now throw errors each time the agent is started Aug 20 17:30:53 hostname puppet-agent[29934]: (/File[/var/lib/puppet/lib/puppet/type/sysctl.rb]/ensure) defined content as '{md5}0ba25754548630344738a7959fea2bb8' Aug 20 17:30:53 hostname puppet-agent[29934]: (/File[/var/lib/puppet/lib/puppet/provider/x_policy]/ensure) created Aug 20 17:30:53 hostname puppet-agent[29934]: (/File[/var/lib/puppet/lib/puppet/provider/x_policy/x_mcx.rb]/ensure) defined content as '{md5}5ea505d684d7c4b401950927e1680d04' Aug 20 17:30:53 hostname puppet-agent[29934]: Could not load downloaded file /var/lib/puppet/lib/facter/mac_console_users.rb: no such file to load -- osx/cocoa Aug 20 17:30:53 hostname puppet-agent[29934]: Could not load fact file /var/lib/puppet/lib/facter/mac_console_users.rb: no such file to load -- osx/cocoa Am I missing something? Is there a way to stop this from happening? -- James A. Peltier Manager, IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices http://blogs.sfu.ca/people/jpeltier Success is to be measured not so much by the position that one has reached in life but as by the obstacles they have overcome. - Booker T. Washington -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] plugin sync and different platforms
- Original Message - | On Monday, August 20, 2012, James A. Peltier wrote: | | Hi All, | | | I'm trying to write some plugins that should only be sync'd if | | they're for a specific platform. For example, in our environment | | we're supporting Solaris, Ubuntu, Fedora, CentOS and Mac OS X. | | We've | | developed some OS X plugins and some Solaris plugins but we've | | noticed that our Linux hosts have imported our OS X plugins and now | | throw errors each time the agent is started | | Plugins are always synced, regardless of platform. What types of | plugins are you developing? | The best way to deal with this is to deactivate the provider or fact | on systems that don't support the behavior. | -Jeff | -- | You received this message because you are subscribed to the Google | Groups Puppet Users group. | To post to this group, send email to puppet-users@googlegroups.com. | To unsubscribe from this group, send email to | puppet-users+unsubscr...@googlegroups.com. | For more options, visit this group at | http://groups.google.com/group/puppet-users?hl=en. We've developed a set of plugins for managing Macs entirely via puppet. The providers are available here https://github.com/dayglojesus/x_types We're also making extensive use of already available modules. How do I go about deactivating providers and facts specific to platforms? -- James A. Peltier Manager, IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices http://blogs.sfu.ca/people/jpeltier Success is to be measured not so much by the position that one has reached in life but as by the obstacles they have overcome. - Booker T. Washington -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] plugin sync and different platforms
- Original Message - | - Original Message - | | On Monday, August 20, 2012, James A. Peltier wrote: | | | | Hi All, | | | | | | I'm trying to write some plugins that should only be sync'd if | | | they're for a specific platform. For example, in our environment | | | we're supporting Solaris, Ubuntu, Fedora, CentOS and Mac OS X. | | | We've | | | developed some OS X plugins and some Solaris plugins but we've | | | noticed that our Linux hosts have imported our OS X plugins and | | | now | | | throw errors each time the agent is started | | | | | Plugins are always synced, regardless of platform. What types of | | plugins are you developing? | | | The best way to deal with this is to deactivate the provider or | | fact | | on systems that don't support the behavior. | | | -Jeff | | | -- | | | You received this message because you are subscribed to the Google | | Groups Puppet Users group. | | | To post to this group, send email to puppet-users@googlegroups.com. | | | To unsubscribe from this group, send email to | | puppet-users+unsubscr...@googlegroups.com. | | | For more options, visit this group at | | http://groups.google.com/group/puppet-users?hl=en. | | We've developed a set of plugins for managing Macs entirely via | puppet. The providers are available here | https://github.com/dayglojesus/x_types We're also making extensive | use of already available modules. | How do I go about deactivating providers and facts specific to | platforms? | -- | James A. Peltier | Manager, IT Services - Research Computing Group | Simon Fraser University - Burnaby Campus | Phone : 778-782-6573 | Fax : 778-782-3045 | E-Mail : jpelt...@sfu.ca | Website : http://www.sfu.ca/itservices | http://blogs.sfu.ca/people/jpeltier | Success is to be measured not so much by the position that one has | reached | in life but as by the obstacles they have overcome. - Booker T. | Washington | -- | You received this message because you are subscribed to the Google | Groups Puppet Users group. | To post to this group, send email to puppet-users@googlegroups.com. | To unsubscribe from this group, send email to | puppet-users+unsubscr...@googlegroups.com. | For more options, visit this group at | http://groups.google.com/group/puppet-users?hl=en. Never mind. I suspect that you're referring to the confine :operatingsystem = :darwin or the likes -- James A. Peltier Manager, IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices http://blogs.sfu.ca/people/jpeltier Success is to be measured not so much by the position that one has reached in life but as by the obstacles they have overcome. - Booker T. Washington -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet hanging when listen turned on
I guess there's no answer on this one? - Original Message - | Hi All, | | Recently Puppet (2.7.18 / RHEL 6.3) has started to hang when the | listen parameter is turned on. I've tried rolling back several | versions of Puppet as well as rolling back Ruby so as to try and | figure out if it was a recent update that did it, but to no avail. | | | strace on the puppet pid shows the following | | | rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0 | select(7, [5 6], [], [], {1, 99}) = 0 (Timeout) | select(7, [5 6], [], [], {0, 0})= 0 (Timeout) | select(7, [6], [], [], {0, 0}) = 0 (Timeout) | rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0 | rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0 | select(7, [5 6], [], [], {1, 99} unfinished ... | | | This sounds an awful lot like | http://projects.puppetlabs.com/issues/12185 but it doesn't chew up | any CPU time, it just sits there and loops the above strace over and | over again. Telnet to 8139 doesn't work either. Ideas? | | | -- | James A. Peltier | Manager, IT Services - Research Computing Group | Simon Fraser University - Burnaby Campus | Phone : 778-782-6573 | Fax : 778-782-3045 | E-Mail : jpelt...@sfu.ca | Website : http://www.sfu.ca/itservices | http://blogs.sfu.ca/people/jpeltier | | Success is to be measured not so much by the position that one has | reached | in life but as by the obstacles they have overcome. - Booker T. | Washington | | -- | You received this message because you are subscribed to the Google | Groups Puppet Users group. | To post to this group, send email to puppet-users@googlegroups.com. | To unsubscribe from this group, send email to | puppet-users+unsubscr...@googlegroups.com. | For more options, visit this group at | http://groups.google.com/group/puppet-users?hl=en. | | -- James A. Peltier Manager, IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices http://blogs.sfu.ca/people/jpeltier Success is to be measured not so much by the position that one has reached in life but as by the obstacles they have overcome. - Booker T. Washington -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet hanging when listen turned on
Hi All, Recently Puppet (2.7.18 / RHEL 6.3) has started to hang when the listen parameter is turned on. I've tried rolling back several versions of Puppet as well as rolling back Ruby so as to try and figure out if it was a recent update that did it, but to no avail. strace on the puppet pid shows the following rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0 select(7, [5 6], [], [], {1, 99}) = 0 (Timeout) select(7, [5 6], [], [], {0, 0})= 0 (Timeout) select(7, [6], [], [], {0, 0}) = 0 (Timeout) rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0 rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0 select(7, [5 6], [], [], {1, 99} unfinished ... This sounds an awful lot like http://projects.puppetlabs.com/issues/12185 but it doesn't chew up any CPU time, it just sits there and loops the above strace over and over again. Telnet to 8139 doesn't work either. Ideas? -- James A. Peltier Manager, IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices http://blogs.sfu.ca/people/jpeltier Success is to be measured not so much by the position that one has reached in life but as by the obstacles they have overcome. - Booker T. Washington -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Pass array to a define
- Original Message - | On Fri, Aug 10, 2012 at 05:10:20PM -0700, Douglas Garstang wrote: | How can I pass an array to a define? It's not documented in the | puppet | language guide. | | I've got: | | define lvm::create_vg ( $pvdisks ) { | exec { | 'pvcreate': | command = /sbin/pvcreate -yf $pvdisks, | unless = /sbin/pvdisplay $pvdisks, | ... | } | } | | class someclass { | lvm::create_vg { | 'bcvg01': | pvdisks = ['/dev/xvdb1', '/dev/xvdc1']; | } | } | | Inside the define, $pvdisks gets expanded to '/dev/xvdb1/dev/xvdc1' | | Doug. | | Inside your define $pvdisks is whatever you passed as the pvdisks | parameter, so in your case $pvdisks *is* an array. But in the unless | parameter you use the array in a string context so all your items are | concatenated. Unfortunately puppet does not have a join function to | convert an array to a string. | | On the other hand it may not be desired to destroy every disk you | pass | as in the pvdisks array if only one of the disks is not a LVM disk | (as | pvdisplay returns with a non-zero exitcode as soon as one disk is not | recognized to be a LVM disk) | | So the best approach is probably to get the LVM puppet plugin and | replace your exec with | | physical_volume { $pvdisks: | ensure = present, | } | | The physical_volume is a new type that comes with the LVM plugin. | | [1] http://forge.puppetlabs.com/puppetlabs/lvm | | -Stefan Great! But what happens if you want to specify multiple physical volumes be a member of a single data volume during creation. Is the expectation that you'd always specify a lvm:vg with the initial disk and then lvm:vg extend that volume? -- James A. Peltier Manager, IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices http://blogs.sfu.ca/people/jpeltier Success is to be measured not so much by the position that one has reached in life but as by the obstacles they have overcome. - Booker T. Washington -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Pass array to a define
- Original Message - | How can I pass an array to a define? It's not documented in the | puppet | language guide. | | I've got: | | define lvm::create_vg ( $pvdisks ) { | exec { | 'pvcreate': | command = /sbin/pvcreate -yf $pvdisks, | unless = /sbin/pvdisplay $pvdisks, |... | } | } | | class someclass { | lvm::create_vg { | 'bcvg01': | pvdisks = ['/dev/xvdb1', '/dev/xvdc1']; | } | } | | Inside the define, $pvdisks gets expanded to '/dev/xvdb1/dev/xvdc1' | | Doug. It appears that split is a method for doing this. I found this online. $ifs = split($interfaces,,) define do_this { $mule = ipaddress_${name} $donkey = inline_template(%= scope.lookupvar(mule) %) notify { Found interface $donkey:; } } do_this { $ifs:; } -- James A. Peltier Manager, IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices http://blogs.sfu.ca/people/jpeltier Success is to be measured not so much by the position that one has reached in life but as by the obstacles they have overcome. - Booker T. Washington -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] a complete solution for puppet
- Original Message - | Hi, | | I notice that many components of puppet do not scale well and are not | intended for large environment. For example, stored config and | inventory service. In order to scale, we need to use puppetDB, right? | Another example is the webrick, and which should be replaced by a | decent web server such as apache. All these need a lot of new | installation of pieces of software and configurations. | | My question is why the designer of puppet did not consider this and | integrate everything into a complete solution at the beginning, | rather | than having us have to reconfigure everything by hand. Who will use | puppet if he has only 50 nodes? | | -- | Hai Tao I'm sure that the designers of puppet made every effort to make puppet as usable and scalable as they could when it was being designed. This is proven time and time again but the sites that currently have puppet deployed with tens of thousands of nodes. You should take care when making such bold statements, but I assume of course that it was not you intention to insult anyone. We originally rolled puppet out with 10 machines. Managing 10 machines without puppet was 10 times more work than managing 10 machines with puppet. We had to log into each host and apply updates as appropriately. We had to develop management scripts to manage them as well. Puppet helped unify this and ensure less drift between machines so any more than one machine and puppet can be really handy. Now the other thing is that much of Puppet's configuration options can be swapped out for better scalability. For example the default storage backend could be MySQL, PostgreSQL or PuppetDB. The built in webrick server swapped for {Apache,cherokee,nginx}+passenger. The management from CLI to something like Puppet Dashboard, The Foreman or the Puppet Enterprise solution. It's completely up to you the route you take. So does puppet scale well for large environments by default no, but that's ok, swap out a component that's the bottleneck and move on. It seems that your complaint is that there isn't a single all-in-one solution for you to choose from, when in fact there is, Puppet Enterprise. This comes with all the tools you'd need to scale puppet in a black box style. If you're too cheap and don't want to pay for that you can try The Foreman installer which does a pretty good job of installing the toolchain to scale puppet to larger environments using Apache and Passenger and you don't really need to know squat about how the components go together. You could find a How To or tutorial online and just follow it line by line if you want to! Go for it! At any rate, you're going to have to learn about the toolchain associated with scaling puppet anyway. You're going to need to learn how to monitor and tweak Apache and Passenger if you need to scale the web components. You're going to need to know how to tweak MySQL, PostgreSQL or Puppet DB for stored configs. For PuppetDB you're also going to have to learn a bit about tuning Java to make it scale too! Learn the tools or pay for a tuned black box. You can't have it both ways. If you want a rather simple way to deploy Puppet+Apache+Passenger+The Foreman, use The Foreman installer which works quite well. Have fun! -- James A. Peltier Manager, IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices http://blogs.sfu.ca/people/jpeltier Success is to be measured not so much by the position that one has reached in life but as by the obstacles they have overcome. - Booker T. Washington -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] why enterprise puppet does not use stored config and puppetdb
- Original Message - | I just installed PE, and notice that it does not use either stored | config nor puppetdb. It uses the activerecord to store facts in a | mysql db. | | Why puppetlabs let us to use these but they do not use them in their | enterprise version? | | | Thanks. | | Hai T. Probably because PuppetDB is still under development *and* many third party applications don't yet fully support stored configs being stored in PuppetDB. Currently, MySQL or PostgreSQL are still the most widely supported configurations for stored configs. This is just speculation on my part, but it's informed speculation based on projects like The Foreman and others which don't yet work with it. -- James A. Peltier Manager, IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices http://blogs.sfu.ca/people/jpeltier Success is to be measured not so much by the position that one has reached in life but as by the obstacles they have overcome. - Booker T. Washington -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Schema of dependency tree?
- Original Message - | Hi | | Is it possible to somehow list or view dependency tree of the | classes, | packages, services, and other resources for some host? | | I would like to polish my setup so that the first puppet finishes | everything. Right now I have problems that I have to have 2 or 3 | conncurent runs after installation of blank machine to get it up to | working order. Obviously I didn't set up all the dependencies between | resources correctly. It would be cool if I could get some kind of | output | like pstree, or even gui graphs if it's possible. | | | Thank you. | | | -- | Jakov Sosic | www.srce.unizg.hr Add graph = true to the agent section on your puppet client. Then look in /var/lib/puppet/state/graphs. You can then use dot to generate images of the dependencies. -- James A. Peltier Manager, IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices http://blogs.sfu.ca/people/jpeltier Success is to be measured not so much by the position that one has reached in life but as by the obstacles they have overcome. - Booker T. Washington -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Nvidia driver install - condition for install
Check to see if an nVidia module already exists for the current kernel and if not build if [ ! -e /lib/modules/`uname -r`/kernel/drivers/video/nvidia.ko ]; then - Original Message - | Hello all, | I'd like to use puppet to install an Nvidia driver on a local | workstation. I've written the following manifest for this puprpose: | class nvidia_driver { | # This will place the nvidia installer locally in /tmp. File is | pulled from puppet. | file { /tmp/NVIDIA-Linux-x86_64-295.53.run : | source = | puppet:///modules/nvidia_driver/NVIDIA-Linux-x86_64-295.53.run , | ensure = present , | } | # This will run the nvidia installer locally on the machine. | exec { /tmp/NVIDIA-Linux-x86_64-295.53.run -s -X --opengl-headers | --no-distro-scripts --force-tls-compat32=new : } | } | Upon the initial run of the manifest on the target machine, | everything works great (although I do believe there is some room for | improvement of the code above; particularly on the exec portion) and | the driver then gets installed. The issue occurs on subsequent | puppet runs on the same machine and I'm getting the following error | during my second puppet run from the client: | err: | /Stage[main]/Nvidia_driver/Exec[/tmp/NVIDIA-Linux-x86_64-295.53.run | -s -X --opengl-headers --no-distro-scripts | --force-tls-compat32=new]/returns: change from notrun to 0 failed: | /tmp/NVIDIA-Linux-x86_64-295.53.run -s -X --opengl-headers | --no-distro-scripts --force-tls-compat32=new returned 1 instead of | one of [0] at /etc/puppet/modules/nvidia_driver/manifests/init.pp:12 | It appears to me that the above error is occurring because the | nvidia_driver class is running on each subsequent run and since the | driver is already installed, I'm getting an exit status of 1 instead | of 0, which to my knowledge would be expected. | So, what I'd like to do is put some sort of condition that will look | to see if the driver is installed and if it is, the class | nvidia_driver won't run. I'm having a hard time figuring this one | out and I was hoping to get a few opinions on how this might be | accomplished. | Would this potentially be a job for a shell script that does the | checking? Maybe just adding the shell script into the | nvidia_driver manifest? | Thanks in advance for everybody's assistance and the help is very | much appreciated. | Cheers, | Mike | -- | You received this message because you are subscribed to the Google | Groups Puppet Users group. | To view this discussion on the web visit | https://groups.google.com/d/msg/puppet-users/-/R9ngLgt78tMJ . | To post to this group, send email to puppet-users@googlegroups.com. | To unsubscribe from this group, send email to | puppet-users+unsubscr...@googlegroups.com. | For more options, visit this group at | http://groups.google.com/group/puppet-users?hl=en. -- James A. Peltier Manager, IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices http://blogs.sfu.ca/people/jpeltier Success is to be measured not so much by the position that one has reached in life but as by the obstacles they have overcome. - Booker T. Washington -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Setting up puppetmaster
- Original Message - | Okay. I can signed now.. | sudo puppetca -s server1 | Did this on master, and then ran the test command on agent... will | throw | | sudo puppet agent --server puppetmaster --waitforcert 60 --test | --verbose | | warning: peer certificate won't be verified in this SSL session | info: Caching certificate for server1 | err: Could not retrieve catalog from remote server: hostname was not | match | with the server certificate | warning: Not using cache on failed catalog | err: Could not retrieve catalog; skipping run I just finished a migration and the issues I ran into were making sure that the DNS names resolved correctly to the new host and that the new host SSL key was signed by the original CA -- James A. Peltier Manager, IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices http://blogs.sfu.ca/people/jpeltier Success is to be measured not so much by the position that one has reached in life but as by the obstacles they have overcome. - Booker T. Washington -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Reusing host names with puppet and SSL certificates
- Original Message - snip| | Is there a best practice or a solution for this problem? I do need to | use | the same hostnames sometimes for instances that generate new | certificates | when they come up, I've been trying to clean the certificates once in | a | while for instances that are no longer responding but that didn't go | very | well and I also understand that I need to restart the master in order | for | that to take effect which I don't want to do. | | Once solution that I thought about is to generate a certificate for | each | hostname and make sure that when an instance comes up it gets the | specific | certificate that was already generated and signed by the master. Is | this a | good idea? Any other thoughts about this? | | Thanks, | Galed. | I use server generated certificates and copy those certificates to the host upon re-install. Works very well for me. -- James A. Peltier IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices http://blogs.sfu.ca/people/jpeltier I will do the best I can with the talent I have -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Setting savedefult options with augeas/puppet
in an Exec | resource. In Fedora at least, augtool -s command wasn't saving the | files either so I had to get even more hacky and use a temporary file | (urgh...). This is from one of my modules: | | $aug_tmp_file = /tmp/.puppet_base_augeas_cmd_file | exec { set elevator=deadline in $grub_menu: | command = echo 'setm /files${grub_menu}/title kernel/elevator | deadline' ${aug_tmp_file} /usr/bin/augtool -s -f ${aug_tmp_file} | rm -f ${aug_tmp_file}, | onlyif = grep 'kernel /vmlinuz-2' ${grub_menu} | grep -v | elevator=deadline, | require = Package[augeas], | } | | Hope that helps, | | -Luke | Thanks for the detailed reply Luke. I've come up with the following class and it works, however, keeps adding savedefault to the end so I'm going to have to add an onlyif statement to stop that from happening. I'm still trying to work out that onlyif statement right now, but this was incredibly helpful. class windows_default_boot { augeas{ set_windows_to_default : context = /files/etc/grub.conf, changes = [ ins savedefault after /files/etc/grub.conf/title[.='Windows']/chainloader, ], } } -- James A. Peltier IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices http://blogs.sfu.ca/people/jpeltier I will do the best I can with the talent I have -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Setting savedefult options with augeas/puppet (SOLVED)
The following class seems to do exactly what I needed it to do. It sets the default context to saved and creates a savedefault parameter for the Windows entry that exists. This method also does not require a onlyif if statement which is much better than the ins after option that was proposed by Luke although his detailed explaination is still very much welcomed. I just did it a different way. ;) class windows_default_boot { augeas{ set_windows_to_default : context = /files/etc/grub.conf, changes = [ set /files/etc/grub.conf/default saved, set /files/etc/grub.conf/title[.='Windows']/savedefault 0, clear /files/etc/grub.conf/title[.='Windows']/savedefault,], } } Thanks again! -- James A. Peltier IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices http://blogs.sfu.ca/people/jpeltier I will do the best I can with the talent I have -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Setting savedefult options with augeas/puppet
- Original Message - | | You piqued my interest with the savedefault option though so I | | looked | | it up. Are you sure you don't want it on every kernel boot option so | | if you change into different Linux kernels it remembers them as | | well? BTW: No, this is not what this is intended to do. This is intended to allow us to define which machines should boot Windows by default only. Setting the savedefault parameter on all would not perform the steps we want. -- James A. Peltier IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices http://blogs.sfu.ca/people/jpeltier I will do the best I can with the talent I have -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Setting savedefult options with augeas/puppet
- Original Message - | On Thu, Oct 13, 2011 at 1:24 AM, Luke Bigum luke.bi...@lmax.com | wrote: | | Can you give me an example of a grub.conf file that you want to | achieve? I don't have a dual boot windows system so not exactly sure | what option you mean. | | | | | # grub.conf generated by anaconda | # | # Note that you do not have to rerun grub after making changes to | this file | # NOTICE: You have a /boot partition. This means that | # all kernel and initrd paths are relative to /boot/, eg. | # root (hd0,2) | # kernel /vmlinuz-version ro root=/dev/ROOTDISK/root | # initrd /initrd-version.img | #boot=/dev/sda | default=0 | timeout=15 | splashimage=(hd0,2)/grub/splash.xpm.gz | hiddenmenu | password --md5 $1$CgIXv$laSfgcbmFW62.Y7PWbtBB0 | title CentOS (2.6.18-274.3.1.el5) | root (hd0,2) | kernel /vmlinuz-2.6.18-274.3.1.el5 ro | root=/dev/ROOTDISK/root rhgb | quiet | initrd /initrd-2.6.18-274.3.1.el5.img | title Windows | rootnoverify (hd0,0) | chainloader +1 | | | | default= should be set to saved | davedefault should be appended after chainloader +1 savedefault should be appended after chainloader +1 -- James A. Peltier IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices http://blogs.sfu.ca/people/jpeltier I will do the best I can with the talent I have -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Setting savedefult options with augeas/puppet
Hi All, I'm trying to create a puppet manifest that sets the grub default= value to saved and the Windows option to savedefault for a dual_boot class. Setting the default= option is actually fairly easy, but I'm not sure how to create the savedefault entry for the Windows side. Anyone have to deal with this and have a suggestion? -- James A. Peltier IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices http://blogs.sfu.ca/people/jpeltier I will do the best I can with the talent I have -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Selecting repos
- Original Message - | Hi all, | | Got an issue which is starting to annoy me. | | How do people currently select repos from which to install particular | packages? Currently we have a base centos, (enabled by default), and | several others that I want to enable and disable for particular | packages, | like being able to use the --disablerepo=* --enablerepo=somerepo. | | Anyone solved this issue or have a good work around. Basically there | are | some packages in the different repos that break some installs so I | don't | want them to be constantly enabled. We could manage the exclusions via | the | yumrepo type but that might be fiddly to manage. | | What have other people done? | | Cheers, | Den It sucks but this is what I do currently. As already mentioned there are a couple of bug reports/feature requests to add this kind of support. class alpine { exec {install_alpine: command = '/usr/bin/yum -y install alpine --enablerepo=rpmforge', } } -- James A. Peltier IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices http://blogs.sfu.ca/people/jpeltier -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Enable yum repositories as needed
Hi All, I'm new to puppet and I'm having some difficulty enabling and disabling yum repositories on an as needed basis and I was wondering if you all might be able to provide me with some assistance. I've been able to get puppet to configure a yum repository, I'm going to use EPEL as an example here but I'd like it for all, by creating a class called epel.pp containing class epel { yumrepo { epel: descr = Extra Packages for Enterprise Linux \$releasever - \$basearch, baseurl = http://mirror.its.sfu.ca/mirror/CentOS-Third-Party/epel/\$releasever/\$basearch;, gpgcheck = 1, gpgkey = http://mirror.its.sfu.ca/mirror/CentOS-Third-Party/epel/RPM-GPG-KEY-EPEL;, enabled=0 } } and it does create and populate the /etc/yum.repos.d/epel.repo file with this information. Now I want to be able to install ganglia-gmond automatically from this repository but I can't figure out how to enable and disable the repo afterwards? Can anyone please provide an example of how something like this may be accomplished? -- James A. Peltier IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices http://blogs.sfu.ca/people/jpeltier -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] provisioning bare metal (best practices)
- Original Message - | I thought about DHCP for static addresses. I'd need the MAC for each | machine snip This is not necessarily true. If you configure the client to send a requested hostname it will not require you to register the MAC address, although, as per the usual this is a security risk since anyone on the network could pose as a machine if they knew that was the setup. ;) -- James A. Peltier IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices http://blogs.sfu.ca/people/jpeltier -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.