[Puppet Users] Puppet group resource?
Good day, I am trying to add users to the local admin group but on a minimal list. I have used the following code however it still throws errors if a local account is added or a sid is unresolvable. #Class Profile Server.admin group class profile::windows::groups::server_admin { if ($::role != 'domain_controller') { if ($::add_admin_group == 't') { $admins = lookup('ad.localadmin') $localadmins = concat($admins, [ "${facts['domain']}\\${facts['hostname']}.admin"]) } else { $localadmins = lookup('ad.localadmin') } case $facts['kernel'] { 'Linux': { } 'windows': { group { 'Administrators': ensure => present, members => $localadmins, auth_membership => false, } } default: { fail("Unsupported kernel: ${facts['kernel']} - ${facts['os']['release']['major']}") } } } } Any help would be greatly appreciated. Thank you -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/08719bd8-db64-43a1-8e8a-3d0258055e04%40googlegroups.com.
[Puppet Users] Sensitive type?
Good day, We were attempting to secure passwords appearing in files. In the node manifest we changed $password = lookup("user_cred.${username}.${domain_lookup}.password")) to $password = Sensitive(lookup( "user_cred.${username}.${domain_lookup}.password")) In the resources file it correctly redacted the password, but when i open C:\ProgramData\PuppetLabs\puppet\var\client_data\catalog\.json It shows the password in plain text under the section /etc/puppetlabs/code/environments/sensitive/site/profile/manifests/windows/domain/join.pp but still redacted under the section /etc/puppetlabs/code/environments/sensitive/modules/domain_membership/manifests/init.pp How can redact the password in all locations? Any help is greatly appreciated, thank you very much. Jason -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/ed5873cf-a60b-4b66-b3f2-ad7f7714f9c3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Permissions denied?
Thank you Josh, I think the issue is wrong file permissions on the module in the forge. All my other modules are fine. Appreciate the confirmation on my initial thought. On Tuesday, January 29, 2019 at 3:49:37 PM UTC-6, Josh Cooper wrote: > > > > On Tue, Jan 29, 2019 at 10:16 AM Jason McMahan > wrote: > >> Good day, >> I received the below error when running the lsp module by kpn from the >> forge. >> >> >> Error: /File[C:/ProgramData/PuppetLabs/puppet/var/lib]: Failed to >> generate additional resources using 'eval_generate': E >> rror 500 on SERVER: Server Error: Permission denied - >> /etc/puppetlabs/code/environments/test/modules/local_s >> ecurity_policy/lib/puppet_x/lsp/security_policy.rb >> >> I am a little confused is the permissions issue on the master end or on >> the server the agent is running on? >> > > It's an error on the server. The puppetserver process running as the > "puppet" user needs read permission to those files. > > >> Any guidance would be appreciated. >> >> Thank you >> Jason >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to puppet-users...@googlegroups.com . >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-users/59bf2f60-d02d-450e-90ef-2d4a7000249b%40googlegroups.com >> >> <https://groups.google.com/d/msgid/puppet-users/59bf2f60-d02d-450e-90ef-2d4a7000249b%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > > -- > Josh Cooper | Software Engineer > jo...@puppet.com | @coopjn > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/d5b21903-9f2e-4088-aa1d-ef0516ae7ecf%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Permissions denied?
Good day, I received the below error when running the lsp module by kpn from the forge. Error: /File[C:/ProgramData/PuppetLabs/puppet/var/lib]: Failed to generate additional resources using 'eval_generate': E rror 500 on SERVER: Server Error: Permission denied - /etc/puppetlabs/code/environments/test/modules/local_s ecurity_policy/lib/puppet_x/lsp/security_policy.rb I am a little confused is the permissions issue on the master end or on the server the agent is running on? Any guidance would be appreciated. Thank you Jason -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/59bf2f60-d02d-450e-90ef-2d4a7000249b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: adding require to if/elseif statement?
Thanks Michael, What i ended up having to do was create a separate powershell process then run invoke-webrequest there because start-process allows for -wait. exec { 'client_setup': command => '(Start-Process powershell -ArgumentList (Invoke-WebRequest "Invoke-WebRequest "$$file_source/file.exe " -outfile C:/Windows/dir/file.exe))', provider => powershell, creates => 'C:/Windows/dir/file.exe' require => Package['client_package'], } (Start-Process powershell -ArgumentList (Invoke-WebRequest "Invoke-WebRequest "$$file_source/file.exe " -outfile C:/Windows/dir/file.exe)) On Tuesday, September 11, 2018 at 8:36:27 AM UTC-5, Michael Watters wrote: > > You should be able to add a require => Package['client_package'] parameter > to the exec resource to resolve this. For example: > > > $file_source = lookup('application.client') > > if $facts['domain'] == 'internal' { >file { 'sccm_setup': > path=> 'C:/Windows/ccmsetup/ccmsetup.exe', > source => "$file_source /file.exe" >} > } > else { >exec { 'client_setup': > command => 'Invoke-WebRequest "$$file_source/file.exe " -outfile > "C:/Windows/dir/file.exe" ', > provider => powershell, > creates => 'C:/Windows/dir/file.exe' > require => Package['client_package'], >} > } > package { 'client_package': > } > > > > On Tuesday, September 11, 2018 at 9:09:25 AM UTC-4, Jason McMahan wrote: >> >> Thanks Michael, >> I think my problem is not syntax but rather the invoke-webrequest is not >> actually completing before moving to the package resource. Then as the file >> doesnt exist the run fails. >> Back to drawing board. >> >> Appreciate the quick reply. >> >> >> On Tuesday, September 11, 2018 at 7:27:49 AM UTC-5, Michael Watters wrote: >>> >>> What you have there looks fine but I would change the elsif to an else >>> statement. >>> >>> >>> On Tuesday, September 11, 2018 at 8:08:53 AM UTC-4, Jason McMahan wrote: >>>> >>>> Good day, >>>> I am attempting to add require to an if statement and not sure i am >>>> doing it right. Any help would be greatly appreciated. >>>> >>>> If the machine is joined to our internal domain it will use a file >>>> resource, if external i am using a invoke-webrequest as the file is on >>>> azure blob storage. >>>> >>>> >>>> $file_source = lookup('application.client') >>>> >>>> if $facts['domain'] == 'internal' { >>>> file { 'sccm_setup': >>>> path=> 'C:/Windows/ccmsetup/ccmsetup.exe', >>>> source => "$file_source /file.exe" >>>> } >>>> } >>>> elsif $facts['domain'] != 'internal' { >>>> exec { 'client_setup': >>>> command => 'Invoke-WebRequest "$$file_source/file.exe " -outfile >>>> "C:/Windows/dir/file.exe" ', >>>> provider => powershell, >>>> creates => 'C:/Windows/dir/file.exe' >>>> } >>>> } >>>> package { 'client_package': >>>> } >>>> >>> -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5582a659-d94e-4272-8a41-8a1591366e71%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: adding require to if/elseif statement?
Thanks Michael, I think my problem is not syntax but rather the invoke-webrequest is not actually completing before moving to the package resource. Then as the file doesnt exist the run fails. Back to drawing board. Appreciate the quick reply. On Tuesday, September 11, 2018 at 7:27:49 AM UTC-5, Michael Watters wrote: > > What you have there looks fine but I would change the elsif to an else > statement. > > > On Tuesday, September 11, 2018 at 8:08:53 AM UTC-4, Jason McMahan wrote: >> >> Good day, >> I am attempting to add require to an if statement and not sure i am doing >> it right. Any help would be greatly appreciated. >> >> If the machine is joined to our internal domain it will use a file >> resource, if external i am using a invoke-webrequest as the file is on >> azure blob storage. >> >> >> $file_source = lookup('application.client') >> >> if $facts['domain'] == 'internal' { >> file { 'sccm_setup': >> path=> 'C:/Windows/ccmsetup/ccmsetup.exe', >> source => "$file_source /file.exe" >> } >> } >> elsif $facts['domain'] != 'internal' { >> exec { 'client_setup': >> command => 'Invoke-WebRequest "$$file_source/file.exe " -outfile >> "C:/Windows/dir/file.exe" ', >> provider => powershell, >> creates => 'C:/Windows/dir/file.exe' >> } >> } >> package { 'client_package': >> } >> > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/28af20fc-4e21-45e9-8b10-b76dc8ba80b5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] adding require to if/elseif statement?
Good day, I am attempting to add require to an if statement and not sure i am doing it right. Any help would be greatly appreciated. If the machine is joined to our internal domain it will use a file resource, if external i am using a invoke-webrequest as the file is on azure blob storage. $file_source = lookup('application.client') if $facts['domain'] == 'internal' { file { 'sccm_setup': path=> 'C:/Windows/ccmsetup/ccmsetup.exe', source => "$file_source /file.exe" } } elsif $facts['domain'] != 'internal' { exec { 'client_setup': command => 'Invoke-WebRequest "$$file_source/file.exe " -outfile "C:/Windows/dir/file.exe" ', provider => powershell, creates => 'C:/Windows/dir/file.exe' } } package { 'client_package': } -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/67ccb8fe-8479-405a-adf0-64fa9347faf2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] file resource issue?
Thank you for the input Arnau, That was good suggestions. Since we were bound by the meta data returned from the webserver we chose to do it slightly different. Instead we created a local vsts repo, cloned the Azure/WaLinuxAgent and next we will set up a task to sync to that repo every so often. This ensure we are up to date and meta data will be created on our puppet masters. If/when etag is supported in file resource then i will tear this process down but for now this was the way we went. Thank you for you help. On Friday, June 1, 2018 at 7:58:37 AM UTC-5, Arnau wrote: > > Hi, > > Looks like you're not the only one having such issue: > https://tickets.puppetlabs.com/browse/PUP-6624 > > > A workaround is to force md5 checksumming: > > With apache, set ContentDigest On > <https://httpd.apache.org/docs/2.4/de/mod/core.html#contentdigest> and > use: > > puppet apply -e 'file { "/tmp/foo": source => "http://localhost/bar";, > checksum => md5 }' > > > > unfortunately I don't think you can modify the webserver confgiuration in > githubusercontent.com. > > Maybe adding an extra step where you do wget first, then file -> source => > file:///my_path then the other exec? > > something like: (I've not tested the code, only giving the idea): > > > > exec {'get_file': > command => 'wget > https://raw.githubusercontent.com/Azure/WALinuxAgent/master/config/66-azure-storage.rules > ' > cwd => 'tmp', > } > > file { 'azure_udev_rule': > path => '/etc/udev/rules.d/66-azure-storage.rules', > ensure => 'file', > require => Exec['get_file], > source => '/tmp/ 66-azure-storage.rules ', > notify => Exec['azure_udev_reload'], > } > > exec { 'azure_udev_reload': > command => 'udevadm control --reload-rules && udevadm > trigger --subsystem-match=block', > path=> ['/usr/sbin', '/usr/bin'], > refreshonly => true, > } > > > for content hosted in a git repository I use the vcsrepo puppet module > https://forge.puppet.com/puppetlabs/vcsrepo. > > HTH, > Arnau > > > 2018-06-01 2:22 GMT+02:00 Jason McMahan >: > >> Good day, >> I am using the file resource to check if a file has changed or altered on >> github. >> the code i am using is >> >> file { 'azure_udev_rule': >> path => '/etc/udev/rules.d/66-azure-storage.rules', >> ensure => 'file', >> source => ' >> https://raw.githubusercontent.com/Azure/WALinuxAgent/master/config/66-azure-storage.rules >> ', >> notify => Exec['azure_udev_reload'], >> } >> >> exec { 'azure_udev_reload': >> command => 'udevadm control --reload-rules && udevadm >> trigger --subsystem-match=block', >> path=> ['/usr/sbin', '/usr/bin'], >> refreshonly => true, >> } >> >> The problem i have is every puppet run it sees the content as changed. >> Notice: /Stage[main]/Profile::Azure/File[azure_udev_rule]/content: >> >> Info: Computing checksum on file /etc/udev/rules.d/66-azure-storage.rules >> Info: /Stage[main]/Profile::Azure/File[azure_udev_rule]: Filebucketed >> /etc/udev/rules.d/66-azure-storage.rules to puppet with sum >> b775eb19522b919062b1e4aaff4c018e >> Debug: HTTP GET request to >> https://raw.githubusercontent.com/Azure/WALinuxAgent/master/config/66-azure-storage.rules >> >> returned 200 OK >> Notice: /Stage[main]/Profile::Azure/File[azure_udev_rule]/content: >> content changed '{mtime}2018-05-31 16:28:31 -0500' to '{mtime}2018-05-31 >> 16:31:11 -0500' >> Info: /Stage[main]/Profile::Azure/File[azure_udev_rule]: Scheduling >> refresh of Exec[azure_udev_reload] >> Debug: /Stage[main]/Profile::Azure/File[azure_udev_rule]: The container >> Class[Profile::Azure] will propagate my refresh event >> Debug: Exec[azure_udev_reload](provider=posix): Executing 'udevadm >> control --reload-rules && udevadm trigger --subsystem-match=block' >> Debug: Executing: 'udevadm control --reload-rules && udevadm trigger >> --subsystem-match=block' >> Notice: /Stage[main]/Profi
[Puppet Users] file resource issue?
Good day, I am using the file resource to check if a file has changed or altered on github. the code i am using is file { 'azure_udev_rule': path => '/etc/udev/rules.d/66-azure-storage.rules', ensure => 'file', source => 'https://raw.githubusercontent.com/Azure/WALinuxAgent/master/config/66-azure-storage.rules', notify => Exec['azure_udev_reload'], } exec { 'azure_udev_reload': command => 'udevadm control --reload-rules && udevadm trigger --subsystem-match=block', path=> ['/usr/sbin', '/usr/bin'], refreshonly => true, } The problem i have is every puppet run it sees the content as changed. Notice: /Stage[main]/Profile::Azure/File[azure_udev_rule]/content: Info: Computing checksum on file /etc/udev/rules.d/66-azure-storage.rules Info: /Stage[main]/Profile::Azure/File[azure_udev_rule]: Filebucketed /etc/udev/rules.d/66-azure-storage.rules to puppet with sum b775eb19522b919062b1e4aaff4c018e Debug: HTTP GET request to https://raw.githubusercontent.com/Azure/WALinuxAgent/master/config/66-azure-storage.rules returned 200 OK Notice: /Stage[main]/Profile::Azure/File[azure_udev_rule]/content: content changed '{mtime}2018-05-31 16:28:31 -0500' to '{mtime}2018-05-31 16:31:11 -0500' Info: /Stage[main]/Profile::Azure/File[azure_udev_rule]: Scheduling refresh of Exec[azure_udev_reload] Debug: /Stage[main]/Profile::Azure/File[azure_udev_rule]: The container Class[Profile::Azure] will propagate my refresh event Debug: Exec[azure_udev_reload](provider=posix): Executing 'udevadm control --reload-rules && udevadm trigger --subsystem-match=block' Debug: Executing: 'udevadm control --reload-rules && udevadm trigger --subsystem-match=block' Notice: /Stage[main]/Profile::Azure/Exec[azure_udev_reload]: Triggered 'refresh' from 1 events Is this a bug, am i doing something wrong? Any help or suggestions would be greatly appreciated. I tried using checksum => mtime and ctime but that did not help either. The masters are 5.3.3 version. Thank you -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/27d76968-bce6-4c17-aa7d-092ea9b0a768%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] agent_catalog_run.lock
Thank you for the prompt reply R.I. I appreciate the help. On Wednesday, May 23, 2018 at 8:46:32 AM UTC-5, R.I. Pienaar wrote: > > > > On Wed, 23 May 2018, at 15:16, Jason McMahan wrote: > > Has anyone else run into the problem where an agent run gets stuck per > say? > > We have found at times the agent runs could be stuck for multiple days. > > > > I was trying to come up with an option that would automatically stop the > > agent run if it lasted over 24 hrs per say so we dont have to go back to > > servers and remove the lock file. > > > > Anyone else have ideas or suggestions? > > > > Usually when it occurs we remove the lock file perform a run and all is > > well, it is just getting to however many that are affected in a timely > > manner and clearing the lock. > > try setting runtimeout=1000 where 1000 is seconds you want to give it as a > max run > > -- > R.I.Pienaar / www.devco.net / @ripienaar > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/68b05a35-4477-4046-a715-d5c7c768506f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] agent_catalog_run.lock
Has anyone else run into the problem where an agent run gets stuck per say? We have found at times the agent runs could be stuck for multiple days. I was trying to come up with an option that would automatically stop the agent run if it lasted over 24 hrs per say so we dont have to go back to servers and remove the lock file. Anyone else have ideas or suggestions? Usually when it occurs we remove the lock file perform a run and all is well, it is just getting to however many that are affected in a timely manner and clearing the lock. Thank you. Jason -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/59060fd9-ef8f-4140-be95-f242b45c8adb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] removing resource on windows?
Imagine that, it was a pebcak error Sigh, i apologize for not seeing my mistake prior to posting. Thank you Rob On Monday, May 21, 2018 at 2:08:19 PM UTC-5, Rob Nelson wrote: > > Can you show the actual code you're using in your manifest? That example > is good for the CLI but is not valid puppet DSL. > > > Rob Nelson > rnel...@gmail.com > > On Mon, May 21, 2018 at 2:07 PM, Jason McMahan > wrote: > >> Good day, >> I am a bit confused. >> I can go to the command line type >> puppet resource package 'VMware Tools' ensure=absent >> >> and puppet will remove the package happily. >> >> However i have the same exact code in my manifest and it complains at >> agent run that it requires source. >> >> Doesnt this seem a little absurd i can kill the package from command line >> without any source parameter but not the manifest? >> >> Help or suggestions would be appreciated. >> >> Thank you >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to puppet-users...@googlegroups.com . >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-users/f3983844-5df5-4cf8-9793-4fec7f857c9b%40googlegroups.com >> >> <https://groups.google.com/d/msgid/puppet-users/f3983844-5df5-4cf8-9793-4fec7f857c9b%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/d960528e-82b1-4de9-bcab-9bf88c9ace52%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] removing resource on windows?
Good day, I am a bit confused. I can go to the command line type puppet resource package 'VMware Tools' ensure=absent and puppet will remove the package happily. However i have the same exact code in my manifest and it complains at agent run that it requires source. Doesnt this seem a little absurd i can kill the package from command line without any source parameter but not the manifest? Help or suggestions would be appreciated. Thank you -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/f3983844-5df5-4cf8-9793-4fec7f857c9b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] is anyone using winad module?
Is anyone using https://forge.puppet.com/shoneslab/winad -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/cf1db149-5c3b-4186-a177-6061a121c0dc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: puppet provider password decryption?
Thank you both for your reply. The scenario i have is as follows. I need to create/destroy/modify active directory group. There is a winad module, once i was able to get it working to create the group it was doing it under my user context. To have it run properly i would need to supply it a credential. Unless i am missing it i would need to execute powershell with username and password pass it to get-credential and populate a variable. Then take a variable pass that to -credential and it would create the group as i need or destroy. I am grateful for any help suggestions. Thank you again. Jason On Tuesday, April 10, 2018 at 12:41:27 PM UTC-5, Jason McMahan wrote: > > Good day, > I wanted to toss this out there to see if anyone has tried this. > > Could i perform a hiera lookup from within a custom puppet provider? > > > My thinking is to lookup an encrypted password, then use the lookup to > decrypt and pass the username and password to a powershell that i need to > execute within that provider. > > Thoughts? > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/0561815c-1560-41be-ba96-5bfae8019b3a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] puppet provider password decryption?
Good day, I wanted to toss this out there to see if anyone has tried this. Could i perform a hiera lookup from within a custom puppet provider? My thinking is to lookup an encrypted password, then use the lookup to decrypt and pass the username and password to a powershell that i need to execute within that provider. Thoughts? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/a35c7a11-594c-4a64-8334-dbaae5063320%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Puppet type provider help?
Thank you for the Reply Josh, I am new to working with types and providers. This module is me trying to learn because winad module is something we really need. I was thinking if i could tell the winad module to use powershell module for its commands that would be great but i am not sure how to do that. The module i am trying to get working for us is https://forge.puppet.com/shoneslab/winad Any help or directions is greatly appreciated. On Wednesday, April 4, 2018 at 4:47:47 PM UTC-5, Josh Cooper wrote: > > Not sure what's the issue is... but could you use the powershell module > instead https://github.com/puppetlabs/puppetlabs-powershell? > > On Wed, Apr 4, 2018 at 2:09 PM, Jason McMahan > wrote: > >> Good day, >> I am reviewing a type and provider and would like input or help to better >> understand. >> >> The provider is >> require 'puppet/util' >> Puppet::Type.type(:winad_group).provide(:powershell) do >> confine :operatingsystem => :windows >> defaultfor :operatingsystem => :windows >> >> commands :powershell => Puppet::Util::Powershell.getPowershellCommand >> >> The type is >> Puppet::Type.newtype(:winad_group) do >> >> Then lastly there is a file /puppet/util/powershell.rb >> class Powershell >> def self.getPowershellCommand() >> if >> File.exists?("#{ENV['SYSTEMROOT']}\\sysnative\\WindowsPowershell\\v1.0\\powershell.exe") >> >> "#{ENV['SYSTEMROOT']}\\sysnative\\WindowsPowershell\\v1.0\\powershell.exe" >> elsif >> File.exists?("#{ENV['SYSTEMROOT']}\\system32\\WindowsPowershell\\v1.0\\powershell.exe") >> >> "#{ENV['SYSTEMROOT']}\\system32\\WindowsPowershell\\v1.0\\powershell.exe" >> else >> 'powershell.exe' >> end >> end >> end >> >> If i copy the syntax >> commands :powershell => >> if >> File.exist?("#{ENV['SYSTEMROOT']}\\sysnative\\WindowsPowershell\\v1.0\\powershell.exe") >> >> "#{ENV['SYSTEMROOT']}\\sysnative\\WindowsPowershell\\v1.0\\powershell.exe" >> elsif >> File.exist?("#{ENV['SYSTEMROOT']}\\system32\\WindowsPowershell\\v1.0\\powershell.exe") >> >> "#{ENV['SYSTEMROOT']}\\system32\\WindowsPowershell\\v1.0\\powershell.exe" >> else >> 'powershell.exe' >> end >> >> Into my provider i am able to run the command correctly, why can i not >> autoload the powershell.rb file and properly use it across multiple >> providers? >> >> Thank you for any help. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to puppet-users...@googlegroups.com . >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-users/dc8c6918-683d-4d1f-ae2c-b94761c79239%40googlegroups.com >> >> <https://groups.google.com/d/msgid/puppet-users/dc8c6918-683d-4d1f-ae2c-b94761c79239%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > Josh Cooper | Software Engineer > jo...@puppet.com | @coopjn > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/acec8542-a0fd-4bd0-ac69-dc2956390a01%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Puppet type provider help?
Good day, I am reviewing a type and provider and would like input or help to better understand. The provider is require 'puppet/util' Puppet::Type.type(:winad_group).provide(:powershell) do confine :operatingsystem => :windows defaultfor :operatingsystem => :windows commands :powershell => Puppet::Util::Powershell.getPowershellCommand The type is Puppet::Type.newtype(:winad_group) do Then lastly there is a file /puppet/util/powershell.rb class Powershell def self.getPowershellCommand() if File.exists?("#{ENV['SYSTEMROOT']}\\sysnative\\WindowsPowershell\\v1.0\\powershell.exe") "#{ENV['SYSTEMROOT']}\\sysnative\\WindowsPowershell\\v1.0\\powershell.exe" elsif File.exists?("#{ENV['SYSTEMROOT']}\\system32\\WindowsPowershell\\v1.0\\powershell.exe") "#{ENV['SYSTEMROOT']}\\system32\\WindowsPowershell\\v1.0\\powershell.exe" else 'powershell.exe' end end end If i copy the syntax commands :powershell => if File.exist?("#{ENV['SYSTEMROOT']}\\sysnative\\WindowsPowershell\\v1.0\\powershell.exe") "#{ENV['SYSTEMROOT']}\\sysnative\\WindowsPowershell\\v1.0\\powershell.exe" elsif File.exist?("#{ENV['SYSTEMROOT']}\\system32\\WindowsPowershell\\v1.0\\powershell.exe") "#{ENV['SYSTEMROOT']}\\system32\\WindowsPowershell\\v1.0\\powershell.exe" else 'powershell.exe' end Into my provider i am able to run the command correctly, why can i not autoload the powershell.rb file and properly use it across multiple providers? Thank you for any help. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/dc8c6918-683d-4d1f-ae2c-b94761c79239%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Help for hopeless please.
Good day, I am trying to get the module shoneslab/winad working in our environment. I was able to modify (hack) the module so it actually creates a new group as it should (using my user context, adding a param for service account and password is my next trial) but every time it runs it wants to modify the group. The report shows this for description, group_scope and group_category. The example is below desc changed '"Windows AD Group Managed by Puppet"' to 'Windows AD Group Managed by Puppet' I looked through his code and believe this is where the trouble is caused. winad/lib/puppet/provider/winad_group/powershell.rb Line 52-56 def desc "\"" + @resource[:desc].to_s + "\"" end def desc=(value) end It is like it only checks against the parameters you pass it but when it returns the string it appends double quotes inside the single quotes. Any suggestions of guidance is greatly appreciated as i feel like i am just spinning my wheels going no where. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/4b01fd75-6755-447a-aef4-38820a3a480a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] active directory module mod 'shoneslab-winad', '0.1.2'
Has anyone recently used mod 'shoneslab-winad', '0.1.2' We have added it our puppet puppetfile then created a manifest and applied it to a node however it isnt working. When and agent run is completed the following error occurs. Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while e valuating a Resource Statement, Evaluation Error: Error while evaluating a Resource Statement, Could not autoload puppet /type/winad_features: Could not autoload puppet/provider/winad_features/powershell: no such file to load -- puppet/util/ powershell at /etc/puppetlabs/code/environments/ics_runtime_agent/site/profile/manifests/test/agent.pp:21:11 on node atest.com The manifest has winad_features { 'net_framework_core': ensure => present, } I have tried this for winad_group, as well as winad_features as shown above. Any help to troubleshoot and get this working would be really appreciated. The module is on the forge https://forge.puppet.com/shoneslab/winad/readme -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/b36ca979-58b6-4345-8513-a3adfd7f49bc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: Creating a PowerShell based fact to get Drive Letters and Labels
We use the windows disk facts module at https://forge.puppet.com/dylanratcliffe/windows_disk_facts That should give you what you want then you can use it within your manifests. On Tuesday, October 17, 2017 at 4:22:20 PM UTC-5, Ryan Murphy wrote: > > So I have the following powershell command that gives me the data I want, > but I'm not sure how I can get Puppet to ingest it as a fact. > > Get-WMIObject Win32_Volume | Where-Object {$_.DriveType -eq "3" -and > $_.Label -ne "System Reserved" } | select Name, Label > > The Output looks like this. > Name > Label > > - > E:\ > EVol > D:\ > DVol > C:\ > > I wanted to get the Drive letters and labels in to a single fact in Puppet > so that I could build Nagios disk checks off of them, But I'm not sure how > to get the output to a format that Puppet will like. > > Any powershell / puppet fact outputs out there able to help? > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/89e7a419-4f86-44b2-8d9a-728c5649af84%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Autofs suggestions
Hello, We are looking to remove our auto mounts from ldap and manage in puppet. We have the puppet/autofs module. One thing we would like to do is break auto mounts from all to specific. For instance we do not want all servers to get oracle auto mounts however they are in the same map file. direct: mount: '/-' mapfile: '/etc/auto.direct' mapcontents: - '/oracledb -fstype=nfs,vers=3,proto=tcp,timeo=600,wsize=32768,rsize=32768 filer:/orarcledb01/stuff' - '/data -fstype=nfs,vers=3,proto=tcp,timeo=600,wsize=32768,rsize=32768 filer:/common/data01' Everyone should get /data but only oracle nodes should get /data and /oracledb. We have tossed ideas to try Hiera, considered concatenating files or strings together and placing into a auto.direct file. Any help or suggestions is greatly appreciated. Thank you -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/ae3ba795-59f3-4bcf-8a4d-22a35d4dc116%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: One master per environment, or one to rule them all?
I agree with Trey, ours is very similar to his as well. It works well when testing the latest Puppetdb for example. On Sunday, October 15, 2017 at 8:07:41 AM UTC-5, treydock wrote: > > I think a combination of the two makes sense, and that's what we do. Our > production masters have many environment to segregate systems. We also > have a test master with isolated CA, mcollective, PuppetDB and Foreman to > test changes to those systems. > > Our test environment uses a dedicated puppet environment that way we can > use a single r10k managed control repo across all systems. So things like > roles and profiles and hiera data can be shared between prod and test > puppet with separate changes managed in branches. > > - Trey > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/35a7477f-44b0-4822-978d-10f05b4fb0ec%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] get physical disk for lvm usage?
Good day, We were working on the lvm module from the forge and one item that came to mind was the ability to dynamically retrieve the disks then determine which ones may be used for Lvm. For example sda,sdb,sdc are present. We would like to get the disk in an array or hash possibly and remove or ignore the first item (sda) then add sdb,sdc to lvm for usage. I thought Facter disks like below but was a little unsure best option after that. $disks = Facter['os']['disks'] { fd0 => { size => "4.00 KiB", size_bytes => 4096 }, sda => { model => "Virtual Disk", size => "128.00 GiB", size_bytes => 137438953472, vendor => "Msft" }, sdb => { model => "Virtual Disk", size => "400.00 GiB", size_bytes => 429496729600, vendor => "Msft" }, sdc => { model => "Virtual Disk", size => "100.00 GiB", size_bytes => 107374182400, vendor => "Msft" } } Suggestions to good information or help would be greatly appreciated. Thank you -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5e2761d1-14b4-47b5-8d77-66b1c5a66a43%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] puppet in the dmz?
Good day, We are looking at managing our infrastructure in the dmz as we do our internal nodes with puppet. We are running multiple masters with foreman as our enc. R10k ensure the manifests on all masters are updated regularly. Does anyone have suggestion to integrate the dmz into our current layout as well as ensure security? We have mainly windows machines, with a handful of linux ones in the dmz. Thoughts have been, place a master in the dmz all agents talk to that master. But then what should we do? Have a connection to puppetdb internal? Create a copy of what we have internal in the dmz? That is the least favorable option. Any help of input is greatly appreciated. Thank you -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/3abd0b97-ed16-407c-98a1-4476be75358a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] revoke / delete node certificate from puppet ca remotely?
Thank you Martin, Still running into problems. I must not be using correct certificate most likely. Appreciate the response. On Thursday, August 17, 2017 at 10:00:42 AM UTC-5, Martin Alfke wrote: > > > > On 17 Aug 2017, at 14:23, Jason McMahan > wrote: > > > > Good morning, > > We installed a puppet agent on our citrix mgmt servers. > > The problem became that the way it is done a golden image is used, > server_dev. Once sealed that spins off multiple other servers for stage and > prod environments. > > > > We want to know about the servers, ensure they are in configuration and > not drifting between rebuilds and keep reports for a history on them. > > > > The idea was to once they are done stop the service (not disable), > delete the ssl directory, then revoke and delete the cert on the puppetca. > > > > > > Has anyone else attempt to revoke and delete cert remotely from the > puppetca? > > > > We are attempting a curl command like > > curl -X DELETE --tlsv1 --cacert > /etc/puppetlabs/puppet/ssl/certs/ca.pem --cert > /etc/puppetlabs/puppet/ssl/certs/server.pem--key > /etc/puppetlabs/puppet/ssl/private_keys/server.pem -H "Accept: > application/json" -H "Content-Type: application/json" -d > '{"desired_state":"revoked"}' > https://puppetcat:8140/puppet-ca/v1/certificate_status/server?environment=production > > > > > But everytime we get forbidden 403 whether running curl command from > remote server or even the puppetca itself. > > Attemped to add ip to > /etc/puppetlabs/puppetserver/conf.d/puppetserver.conf as well as > /etc/puppetlabs/puppetserver/conf.d/ca.conf but still same error. > > You must allow access to puppet ca api via auth.conf > > Check the following links: > https://docs.puppet.com/puppet/5.0/config_file_auth.html > https://docs.puppet.com/puppetserver/latest/config_file_auth.html > > hth, > Martin > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/11d449ab-9cdc-4eb0-b5bd-d6e570aae211%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] revoke / delete node certificate from puppet ca remotely?
Good morning, We installed a puppet agent on our citrix mgmt servers. The problem became that the way it is done a golden image is used, server_dev. Once sealed that spins off multiple other servers for stage and prod environments. We want to know about the servers, ensure they are in configuration and not drifting between rebuilds and keep reports for a history on them. The idea was to once they are done stop the service (not disable), delete the ssl directory, then revoke and delete the cert on the puppetca. Has anyone else attempt to revoke and delete cert remotely from the puppetca? We are attempting a curl command like curl -X DELETE --tlsv1 --cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem --cert /etc/puppetlabs/puppet/ssl/certs/server.pem--key /etc/puppetlabs/puppet/ssl/private_keys/server.pem -H "Accept: application/json" -H "Content-Type: application/json" -d '{"desired_state":"revoked"}' https://puppetcat:8140/puppet-ca/v1/certificate_status/server?environment=production But everytime we get forbidden 403 whether running curl command from remote server or even the puppetca itself. Attemped to add ip to /etc/puppetlabs/puppetserver/conf.d/puppetserver.conf as well as /etc/puppetlabs/puppetserver/conf.d/ca.conf but still same error. Any help or suggestions would be greatly appreciated. Thank you -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/1271e65b-f4bd-4e8d-83ce-c32af069618f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Re: Scheduled_task?
Thank you for confirming my suspicion Josh. On Wednesday, May 17, 2017 at 11:09:14 AM UTC-5, Josh Cooper wrote: > > > > On Wed, May 17, 2017 at 5:34 AM, Jason McMahan > wrote: > >> The full error is >> >> Error: Failed to call >> #::NewWorkItem >> with HRESULT: -214702489 >> 3.: The system cannot find the path specified. >> Error: >> /Stage[main]/Profile::Windows::Applications::Sysinfo::Base/Scheduled_task[Automation/Inventory]/ensure >> : change from absent to present failed: Failed to call >> #::New >> WorkItem with HRESULT: -2147024893.: The system cannot find the path >> specified. >> >> The folder exists but the task is not created nor seen. >> >> I believe i may just need to create it in the root but would like >> verification. >> >> Thank you >> >> >> >> On Tuesday, May 16, 2017 at 6:59:17 PM UTC-5, Jason McMahan wrote: >>> >>> Good day, >>> We were using the scheduled_task resource to create a task. It creates >>> the task however we nwed to create the task in a folder under task >>> scheduler. >>> \automation\inventory >>> >>> We tried name => '\automation\inventory\ >>> But at run says can not find path. >>> We looked at working_dir but that didn't sound promising either. Any >>> suggestions would be greatly appreciated. Thank you >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to puppet-users...@googlegroups.com . >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-users/53648950-dc88-4188-b2e4-678a1a14dec0%40googlegroups.com >> >> <https://groups.google.com/d/msgid/puppet-users/53648950-dc88-4188-b2e4-678a1a14dec0%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > > Puppet only supports v1 of the Windows task scheduler API (which is > present in 2003 and up), so I'm inclined to think folders are a v2 API > feature, which is filed as https://tickets.puppetlabs.com/browse/PUP-6455. > > Josh > > -- > Josh Cooper | Software Engineer > jo...@puppet.com | @coopjn > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/3fac12f3-1ebf-45af-9d04-4459bb0ffda4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: Scheduled_task?
The full error is Error: Failed to call #::NewWorkItem with HRESULT: -214702489 3.: The system cannot find the path specified. Error: /Stage[main]/Profile::Windows::Applications::Sysinfo::Base/Scheduled_task[Automation/Inventory]/ensure : change from absent to present failed: Failed to call #::New WorkItem with HRESULT: -2147024893.: The system cannot find the path specified. The folder exists but the task is not created nor seen. I believe i may just need to create it in the root but would like verification. Thank you On Tuesday, May 16, 2017 at 6:59:17 PM UTC-5, Jason McMahan wrote: > > Good day, > We were using the scheduled_task resource to create a task. It creates the > task however we nwed to create the task in a folder under task scheduler. > \automation\inventory > > We tried name => '\automation\inventory\ > But at run says can not find path. > We looked at working_dir but that didn't sound promising either. Any > suggestions would be greatly appreciated. Thank you > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/53648950-dc88-4188-b2e4-678a1a14dec0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Scheduled_task?
Good day, We were using the scheduled_task resource to create a task. It creates the task however we nwed to create the task in a folder under task scheduler. \automation\inventory We tried name => '\automation\inventory\ But at run says can not find path. We looked at working_dir but that didn't sound promising either. Any suggestions would be greatly appreciated. Thank you -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/6bb98114-17a8-4b1f-afee-fb70d8b91ad4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: theforeman\foreman module?
James thank you for the input. That is a good option if i had a foreman server only, unfortunately when we built our first server it is foreman & puppetca. Dominic, After restarting the service (sorry over sight i thought i had done that.) the ssl file shows appropriately in the foreman gui. We are still having problems with the error i originally listed and i believe as you said it is permissions. Currently our foreman2 server has an ls -la as [root@oilvp064 ~]# ls -la /etc/puppetlabs/puppet/ssl/ total 8 drwxrwx--x. 7 root root 116 Apr 5 13:47 . drwxr-xr-x. 3 root root 71 Apr 20 14:17 .. drwxr-xr-x. 2 root root 39 Apr 5 13:47 certificate_requests drwxr-xr-x. 2 root root 53 Apr 20 13:59 certs -rw-r--r--. 1 root root 6938 Apr 5 13:47 crl.pem drwxr-x---.2 root root6 Apr 5 13:25 private drwxr-x---.2 root root 39 Apr 5 13:25 private_keys drwxr-xr-x. 2 root root 39 Apr 5 13:25 public_keys Foreman1 shows the following because it foreman and Puppetca [root@oilvp044 ~]# ls -la /etc/puppetlabs/puppet/ssl/ total 40 drwxrwx--x. 8 puppet puppet 4096 Apr 19 16:08 . drwxr-xr-x. 3 root root 4096 Apr 28 11:03 .. drwxr-xr-x. 5 puppet puppet 4096 Apr 28 10:53 ca -rw-r--r--. 1 root root 1960 Apr 19 16:08 cert drwxr-xr-x. 2 puppet puppet6 Apr 25 17:38 certificate_requests drwxr-xr-x. 2 puppet puppet 4096 May 1 07:49 certs -rw-r--r--. 1 puppet puppet 8409 May 1 07:49 crl.pem drwxr-x---. 2 puppet puppet6 Nov 18 15:04 private drwxr-x---. 2 puppet puppet 4096 Apr 25 17:41 private_keys drwxr-xr-x. 2 puppet puppet 4096 Apr 25 17:41 public_keys In our code it shows the limited changes we are making. Thank you On Tuesday, April 25, 2017 at 12:34:42 PM UTC-5, Jason McMahan wrote: > > Has anyone else used the foreman puppet module to create a new formean > host? > We used the module, created the host, and manually added it to our f5 but > odd things show up. > > If i go to https://foreman.com (load balancer) go to infrastructure > > smart proxy > click on puppetca host and look at certificates 1 out of 2 > times it is fine. > If i go to https://foreman1.com (our original formean server that is also > the certificate authority) ever proxy looks fine, life is happy. > > If i go to https://foreman2.com (the new foreman we created with the > theforeman module logon is fine, hosts report ok but when i go to smart > proxy it shows red and give the error > > *Error: *Unable to communicate with the proxy: Permission denied @ > rb_sysopen - /etc/puppetlabs/puppet/ssl/private_keys/foreman2.com.pem and > Please check the proxy is configured and running on the host. > > The full trace shows the following > > *Errno::EACCES* > *Permission denied @ rb_sysopen - > /etc/puppetlabs/puppet/ssl/private_keys/foreman2.com.pem* > /usr/share/foreman/lib/proxy_api/resource.rb:19:in `read' > /usr/share/foreman/lib/proxy_api/resource.rb:19:in `initialize' > /usr/share/foreman/lib/proxy_api/puppet.rb:5:in `initialize' > /usr/share/foreman/app/services/proxy_status/base.rb:41:in `new' > /usr/share/foreman/app/services/proxy_status/base.rb:41:in `api' > /usr/share/foreman/app/services/proxy_status/puppet.rb:6:in `block in > environment_stats' > /usr/share/foreman/app/services/proxy_status/base.rb:49:in `block in > fetch_proxy_data' > /opt/rh/sclo-ror42/root/usr/share/gems/gems/dalli-2.7.4/lib/active_support/cache/dalli_store.rb:105:in > > `block in fetch' > /opt/rh/sclo-ror42/root/usr/share/gems/gems/dalli-2.7.4/lib/active_support/cache/dalli_store.rb:359:in > > `block in instrument' > /opt/rh/sclo-ror42/root/usr/share/gems/gems/activesupport-4.2.5.1/lib/active_support/notifications.rb:166:in > > `instrument' > /opt/rh/sclo-ror42/root/usr/share/gems/gems/dalli-2.7.4/lib/active_support/cache/dalli_store.rb:359:in > > `instrument' > /opt/rh/sclo-ror42/root/usr/share/gems/gems/dalli-2.7.4/lib/active_support/cache/dalli_store.rb:104:in > > `fetch' > /usr/share/foreman/app/services/proxy_status/base.rb:48:in > `fetch_proxy_data' > /usr/share/foreman/app/services/proxy_status/puppet.rb:4:in > `environment_stats' > /usr/share/foreman/app/controllers/smart_proxies_controller.rb:59:in > `puppet_environments' > /opt/rh/sclo-ror42/root/usr/share/gems/gems/actionpack-4.2.5.1/lib/action_controller/metal/implicit_render.rb:4:in > > `send_action' > /opt/rh/sclo-ror42/root/usr/share/gems/gems/actionpack-4.2.5.1/lib/abstract_controller/base.rb:198:in > > `process_action' > /opt/rh/sclo-ror42/root/usr/share/gems/gems/actionpack-4.2.5.1/lib/action_controller/metal/rendering.rb:10:in > > `process_action' > /opt/rh/sclo-ror42/root/usr/share/gems/gems/actionpack-4.2.5.1/lib/abstract_contr
Re: [Puppet Users] theforeman\foreman module?
Thank you for the quick response Dominic, When i look under settings foreman1 = (the original working) SSL CA file /etc/puppetlabs/puppet/ssl/certs/ca.pemSSL CA file that Foreman will use to communicate with its proxies SSL certificate /etc/puppetlabs/puppet/ssl/certs/foreman1.com.pem SSL Certificate path that Foreman would use to communicate with its proxies SSL client cert env SSL_CLIENT_CERTEnvironment variable containing a client's SSL certificate SSL client DN env SSL_CLIENT_S_DNEnvironment variable containing the subject DN from a client SSL certificate SSL client verify env SSL_CLIENT_VERIFYEnvironment variable containing the verification status of a client SSL certificate SSL private key /etc/puppetlabs/puppet/ssl/private_keys/foreman1.com.pem SSL Private Key file that Foreman will use to communicate with its proxies foreman2: SSL CA file /etc/puppetlabs/puppet/ssl/certs/ca.pem SSL CA file that Foreman will use to communicate with its proxies SSL certificate /etc/puppetlabs/puppet/ssl/certs/foreman1.com.pem SSL Certificate path that Foreman would use to communicate with its proxies SSL client cert env SSL_CLIENT_CERT Environment variable containing a client's SSL certificate SSL client DN env SSL_CLIENT_S_DN Environment variable containing the subject DN from a client SSL certificate SSL client verify env SSL_CLIENT_VERIFY Environment variable containing the verification status of a client SSL certificate SSL private key /etc/puppetlabs/puppet/ssl/private_keys/foreman1.com.pem SSL Private Key file that Foreman will use to communicate with its proxies When i look in the settings.yaml foreman1: :ssl_certificate: /etc/puppetlabs/puppet/ssl/certs/foreman1.com.pem :ssl_ca_file: /etc/puppetlabs/puppet/ssl/certs/ca.pem :ssl_priv_key: /etc/puppetlabs/puppet/ssl/private_keys/foreman1.com.pem foreman2: :ssl_certificate: /etc/puppetlabs/puppet/ssl/certs/foreman2.com.pem :ssl_ca_file: /etc/puppetlabs/puppet/ssl/certs/ca.pem :ssl_priv_key: /etc/puppetlabs/puppet/ssl/private_keys/foreman2.com.pem On Wednesday, April 26, 2017 at 6:00:06 AM UTC-5, Dominic Cleal wrote: > > On 25/04/17 18:34, Jason McMahan wrote: > > Has anyone else used the foreman puppet module to create a new formean > host? > > We used the module, created the host, and manually added it to our f5 > > but odd things show up. > > > > If i go to https://foreman.com (load balancer) go to infrastructure > > > smart proxy > click on puppetca host and look at certificates 1 out of 2 > > times it is fine. > > If i go to https://foreman1.com (our original formean server that is > > also the certificate authority) ever proxy looks fine, life is happy. > > > > If i go to https://foreman2.com (the new foreman we created with the > > theforeman module logon is fine, hosts report ok but when i go to smart > > proxy it shows red and give the error > > > > *Error: *Unable to communicate with the proxy: Permission denied @ > > rb_sysopen - /etc/puppetlabs/puppet/ssl/private_keys/foreman2.com.pem > > and Please check the proxy is configured and running on the host. > > The certificate used by Foreman to communicate with its smart proxies is > set by the ssl_* settings under Administer > Settings > Auth. > > theforeman/puppet configures this via /etc/foreman/settings.yaml, and > it's controlled by the "client_ssl_ca", "client_ssl_cert", and > "client_ssl_key" parameters on the "foreman" class > ( > http://www.puppetmodule.info/modules/theforeman-foreman/puppet_classes/foreman). > > > > Check what values are appropriate for your smart proxy instance, perhaps > compare against your existing Foreman server, then set these parameters > to the same values. > > -- > Dominic Cleal > dom...@cleal.org > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/4853cf92-dc30-4b0c-ac26-eed75e8e1240%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] theforeman\foreman module?
Has anyone else used the foreman puppet module to create a new formean host? We used the module, created the host, and manually added it to our f5 but odd things show up. If i go to https://foreman.com (load balancer) go to infrastructure > smart proxy > click on puppetca host and look at certificates 1 out of 2 times it is fine. If i go to https://foreman1.com (our original formean server that is also the certificate authority) ever proxy looks fine, life is happy. If i go to https://foreman2.com (the new foreman we created with the theforeman module logon is fine, hosts report ok but when i go to smart proxy it shows red and give the error *Error: *Unable to communicate with the proxy: Permission denied @ rb_sysopen - /etc/puppetlabs/puppet/ssl/private_keys/foreman2.com.pem and Please check the proxy is configured and running on the host. The full trace shows the following *Errno::EACCES* *Permission denied @ rb_sysopen - /etc/puppetlabs/puppet/ssl/private_keys/foreman2.com.pem* /usr/share/foreman/lib/proxy_api/resource.rb:19:in `read' /usr/share/foreman/lib/proxy_api/resource.rb:19:in `initialize' /usr/share/foreman/lib/proxy_api/puppet.rb:5:in `initialize' /usr/share/foreman/app/services/proxy_status/base.rb:41:in `new' /usr/share/foreman/app/services/proxy_status/base.rb:41:in `api' /usr/share/foreman/app/services/proxy_status/puppet.rb:6:in `block in environment_stats' /usr/share/foreman/app/services/proxy_status/base.rb:49:in `block in fetch_proxy_data' /opt/rh/sclo-ror42/root/usr/share/gems/gems/dalli-2.7.4/lib/active_support/cache/dalli_store.rb:105:in `block in fetch' /opt/rh/sclo-ror42/root/usr/share/gems/gems/dalli-2.7.4/lib/active_support/cache/dalli_store.rb:359:in `block in instrument' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activesupport-4.2.5.1/lib/active_support/notifications.rb:166:in `instrument' /opt/rh/sclo-ror42/root/usr/share/gems/gems/dalli-2.7.4/lib/active_support/cache/dalli_store.rb:359:in `instrument' /opt/rh/sclo-ror42/root/usr/share/gems/gems/dalli-2.7.4/lib/active_support/cache/dalli_store.rb:104:in `fetch' /usr/share/foreman/app/services/proxy_status/base.rb:48:in `fetch_proxy_data' /usr/share/foreman/app/services/proxy_status/puppet.rb:4:in `environment_stats' /usr/share/foreman/app/controllers/smart_proxies_controller.rb:59:in `puppet_environments' /opt/rh/sclo-ror42/root/usr/share/gems/gems/actionpack-4.2.5.1/lib/action_controller/metal/implicit_render.rb:4:in `send_action' /opt/rh/sclo-ror42/root/usr/share/gems/gems/actionpack-4.2.5.1/lib/abstract_controller/base.rb:198:in `process_action' /opt/rh/sclo-ror42/root/usr/share/gems/gems/actionpack-4.2.5.1/lib/action_controller/metal/rendering.rb:10:in `process_action' /opt/rh/sclo-ror42/root/usr/share/gems/gems/actionpack-4.2.5.1/lib/abstract_controller/callbacks.rb:20:in `block in process_action' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activesupport-4.2.5.1/lib/active_support/callbacks.rb:117:in `call' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activesupport-4.2.5.1/lib/active_support/callbacks.rb:117:in `call' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activesupport-4.2.5.1/lib/active_support/callbacks.rb:555:in `block (2 levels) in compile' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activesupport-4.2.5.1/lib/active_support/callbacks.rb:505:in `call' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activesupport-4.2.5.1/lib/active_support/callbacks.rb:505:in `call' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activesupport-4.2.5.1/lib/active_support/callbacks.rb:498:in `block (2 levels) in around' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activesupport-4.2.5.1/lib/active_support/callbacks.rb:313:in `call' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activesupport-4.2.5.1/lib/active_support/callbacks.rb:313:in `block (2 levels) in halting' /opt/theforeman/tfm/root/usr/share/gems/gems/rails-observers-0.1.2/lib/rails/observers/action_controller/caching/sweeping.rb:73:in `around' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activesupport-4.2.5.1/lib/active_support/callbacks.rb:455:in `public_send' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activesupport-4.2.5.1/lib/active_support/callbacks.rb:455:in `block in make_lambda' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activesupport-4.2.5.1/lib/active_support/callbacks.rb:312:in `call' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activesupport-4.2.5.1/lib/active_support/callbacks.rb:312:in `block in halting' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activesupport-4.2.5.1/lib/active_support/callbacks.rb:497:in `call' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activesupport-4.2.5.1/lib/active_support/callbacks.rb:497:in `block in around' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activesupport-4.2.5.1/lib/active_support/callbacks.rb:505:in `call' /opt/rh/sclo-ror42/root/usr/share/gems/gems/activesupport-4.2.5.1/lib/active_support/callbacks.rb:505:in `call' /opt/rh/sclo-ror42/root/usr/share/gems/gems/act
Re: [Puppet Users] build version tag?
I am sorry i do not quite catch your meaning Rob. Could you please explain? Thank you On Tuesday, February 28, 2017 at 9:26:01 PM UTC-6, Rob Nelson wrote: > > If you're using a control repo, you can change the catalog version number > from seconds since epoch to git commit hash, which should allow you to > reconstitute all the modules in use at that time if you pin all external > modules in your Puppetfile (included would already be part of that hash). > -- > Rob Nelson > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5232619f-fbfa-4047-84eb-3a80d5114088%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] build version tag?
Good day, I was wondering if others could offer their thoughts, advice? We would like to tag any new servers built with a build version, and tie that build version to all modules that were used for building it? For instance if i built server test1 and it was tagged with build.2_28_2017_1.0 we could know it was built today with version 1.0 of the automated process. Then we could look at version 1.0 to see it includes motd version 1.2 and sendmail version 2 or so on? What would be great is to tag a build and then show the progress of the module updates so that we would know what module a server currently has as well as those that built it. If any one has suggestions or thoughts please let me know. Thank you very much Jason -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/8f8dc887-3f7c-44e4-9204-04d6f419e5a9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] modifying registry values?
Good day, We are using the puppetlabs-registry module and would like to know is it possible to replace specific string with in a registry key then write it back? For example if i wanted to set the following firewall rule (and i know there are modules, but would this is the best example i could come up with currently.) v2.22|Action=Block|Active=TRUE|Dir=In|Protocol=1|Profile=Private|Profile=Public|ICMP4=8:*|Name=@FirewallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502| to v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=1|Profile=Private|Profile=Public|ICMP4=8:*|Name=@FirewallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502| Is it possible to do this and if so could anyone suggest methods or a place i could read up on how to do this? Thank you in advance, i appreciate any help or guidance. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/9f3dc9ff-d6ab-42c0-a3c9-71a3b8ef1e90%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] help with checking presence of multiple file resources in profile manifest.
Good day, I am attempting to create a profile manifest for installation of one of our windows applications. The application upon install creates multiple services and equivalent exe. The current structure we use is as shown below class profile::application { ## Install application package package { 'application': ensure => installed, source => //server/share/application.msi, } -> file {'C:/Program Files (x86)/application/app1.exe': ensure => present, } ~> service {'app1': ensure => 'running', enable => true, } } This is our normal, however since this application creates multiple exe and services I need to ensure all are present and running. But want to ensure all files are present before moving to the service. class profile::application { ## Install application package package { 'application': ensure => installed, source => //server/share/application.msi, } -> file {'C:/Program Files (x86)/application/app1.exe': ensure => present, } file {'C:/Program Files (x86)/application/app2.exe': ensure => present, } ~> service {'app1': ensure => 'running', enable => true, } service {'app2': ensure => 'running', enable => true, } } If I were to do it the way above will it ensure all files are present then move to service validation or ensure app2.exe is present then move to services? Any help or guidance is appreciated. Thank you -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/fd7208e9-d711-4600-9b49-41742e03065f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: windows feature module for converting user shell between core/minimal/gui?
Thank you, You are correct that was an oversight on my part. I corrected that in my code when I ran the apply and still had the error. For now I have decided to instead install windows 2012 r2 gui, then convert to core. This ensure the binaries are still present and I can convert back and forth easily but requires roughly 18gb os disk. Thank you and have a great night. On Wednesday, November 9, 2016 at 3:01:36 PM UTC-6, Akai wrote: > > Am Mittwoch, 9. November 2016 18:49:35 UTC+1 schrieb Jason McMahan: >> >> >> Error: Could not retrieve catalog from remote server: Error 500 on >> SERVER: {"message":"Server Error: Syntax error at 'restart' at >> /etc/puppetlabs/code/environments/production/site/profile/manifests/windowsfeature_shell_gui.pp:5:5 >> >> on node >> > > Your first Error Message said you have a syntax error in your ressource > declaration at 'restart'. Take a look - you forget a comma at > > restart => true *,* >> > > Not sure if i can help on your main problem, but for all readers it might > be helpful if you fix your code first to be formal right and then post your > new error output again. > > Best Regards > > Akai > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/669f518b-f48c-4b3c-81ec-43040582719e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] windows feature module for converting user shell between core/minimal/gui?
Good day, We are attempting to minimize our template size, to do this we create a windows 2012r2 core template. However we will need to convert from core > minimal > gui and or back or forth. Our first thought is to copy the wim to the a directory on the template. C:\install\install.wim this allows us to ensure the wim is local and we can use it if binaries are needed then use the following class profile::windowsfeature_shell_gui { windowsfeature {'Server-Gui-Shell': ensure => present, restart => true source => 'wim:c:\install\install.wim:2' } } If I remove that syntax in source the windows feature command doesn't know where the binaries are from the wim, I only have the path fails with the following syntax. Error: Could not retrieve catalog from remote server: Error 500 on SERVER: {"message":"Server Error: Syntax error at 'restart' at /etc/puppetlabs/code/environments/production/site/profile/manifests/windowsfeature_shell_gui.pp:5:5 on node server.domain.com","issue_kind":"RUNTIME_ERROR","stacktrace":["/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/pops/parser/parser_support.rb:127:in `on_error'","/opt/puppetlabs/server/apps/puppetserver/puppet-server-release.jar!/META-INF/jruby.home/lib/ruby/1.9/racc/parser.rb:271:in `_racc_evalact'","/opt/puppetlabs/server/apps/puppetserver/puppet-server-release.jar!/META-INF/jruby.home/lib/ruby/1.9/racc/parser.rb:202:in`_racc_yyparse_rb'","/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/pops/parser/lexer2.rb:712:in `scan'","/opt/puppetlabs/server/apps/puppetserver/puppet-server-release.jar!/META-INF/jruby.home/lib/ruby/1.9/racc/parser.rb:174:in `_racc_yyparse_rb'","org/jruby/RubyKernel.java:1242:in `catch'","/opt/puppetlabs/server/apps/puppetserver/puppet-server-release.jar! /META-INF/jruby.home/lib/ruby/1.9/racc/parser.rb:168:in `_racc_yyparse_rb'","(eval):3:in `yyparse'","/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/pops/par ser/parser_support.rb:240:in `_parse'","/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/pops/parser/parser_support.rb:84:in `parse_file'","/opt/puppetlabs/pu ppet/lib/ruby/vendor_ruby/puppet/pops/parser/evaluating_parser.rb:41:in `parse_file'","/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/e4_parser_adapt er.rb:31:in `parse'","/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/type_loader.rb:86:in `parse_file'","/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/ puppet/parser/type_loader.rb:123:in `load_files'","org/jruby/RubyArray.java:1613:in `each'","/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/type_load er.rb:107:in `load_files'","/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/type_loader.rb:97:in `import_from_modules'","/opt/puppetlabs/puppet/lib/ru by/vendor_ruby/puppet/parser/type_loader.rb:68:in `try_load_fqname'","org/jruby/RubyArray.java:1613:in `each'","/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/pupp et/parser/type_loader.rb:66:in `try_load_fqname'","/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/resource/type_collection.rb:234:in `find_or_load'","/opt/p uppetlabs/puppet/lib/ruby/vendor_ruby/puppet/resource/type_collection.rb:176:in`find_hostclass'","/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/com piler.rb:382:in `evaluate_classes'","org/jruby/RubyArray.java:2409:in `collect'","/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/compiler.rb:381:in ` evaluate_classes'","/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/compiler.rb:252:in `evaluate_node_classes'","/opt/puppetlabs/puppet/lib/ruby/vendo r_ruby/puppet/parser/compiler.rb:180:in `compile'","/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/profiler/around_profiler.rb:58:in `profile'","/opt/p uppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/profiler.rb:51:in `profile'","/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/compiler.rb:180:in `co mpile'","/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/context.rb:65:in `override'","/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet.rb:241:in `override '","/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/compiler.rb:162:in `compile'","/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/compiler. rb:33:in `compile'","/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/indirector/catalog/compiler.rb:266:in `compile'","/opt/puppetlabs/puppet/lib/ruby/vendor _ruby/puppet/util/profiler/around_profiler.rb:58:in `profile'","/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/profiler.rb:51:in `profile'","/opt/puppe tlabs/puppet/lib/ruby/vendor_ruby/puppet/indirector/catalog/compiler.rb:264:in `compile'","/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:223:in `be nchmark'","/opt/puppetlabs/server/apps/puppetserver/puppet-server-release.jar!/META-INF/jruby.home/lib/ruby/1.9/benchmark.rb:295:in `realtime'","/opt/puppetlabs /puppet/lib/ruby/vendor_ruby/puppet/util.rb:222:in `benchmark'","/opt/puppe
[Puppet Users] info for class loadings?
Good day, I was wondering what others are doing to illustrate when a class is loaded during debug mode? I know when you run a puppet agent -t --debug it shows the info: loading facts for instance. Does everyone use notice then what you want to say? Thank you for any help. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/722a83ab-e26d-48d7-aa6f-f72991505827%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] module puppetlabs/motd question?
I am new to puppet, and git but I had a question surrounding the module puppetlabs/motd When I use this module for my windows servers the spacing is messed up and the motd looks jagged per say. * hello world * (this should have like 4 trailing white spaces for example) I thought it was how the registry entry was created, defaulting to string instead of multi string value or even an array. I attempted to alter # vi /etc/puppetlabs/code/environments/production/modules/motd/spec/classes/motd_spec.rb Line 112 :type=> 'string', to :type=> 'array', but the registry key is still created on the windows server as string. Any suggestions? I tried to add issue on the github project for motd but did not see a place to do so. Thank and I appreciate any help/guidance. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/16fa3344-74c1-4505-9ec9-55ec47b4f7cd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Puppet agent install question?
I have been thinking about this for a time and really feel this should be an easy question, hoping I am just over thinking. If I would like to automate the install of puppet agent on a windows server am I required to provide puppet_server and puppet_ca_server? I thought msiexec /qn /norestart /i C:\TEMP\puppet-agent-x64-latest.msi PUPPET_MASTER_SERVER=puppet.domain.com would work fine, then the master would redirect to the ca, once the agent has a cert then it would allow communication. In my testing though it seems I am required to enter puppet_ca_server also. Thank you -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/dce66ee5-183a-4f9b-97c0-54254fb4882e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] puppet resource package?
Good day, We are working on a fresh roll out of puppet o our company. We created a module to install an application but we quickly realized the application is not appearing in add remove programs. It was soon apparent that we could not check for the package name if it does not appear there. Does anyone have suggestions for the best course of action? I read using a custom fact as one suggestions. basically we are package { 'client': name => 'client', ensure => installed, source => '//path/file.exe', } service { 'client': name => 'client', ensure => running, } I can see the system has the application, and the service is running but puppet resource package doesn't see it nor does add remove programs. If I go into the registry under HKLM:Software\Microsoft\Windows\CurrentVersion\Uninstall\ {GUID} I see the application information here. Any help or suggestions are greatly appreciated. Thank you -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/e7292ef8-6b9e-466c-bd33-9828b9c83d99%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.