Re: [Puppet Users] SEC State and Dashboard
On 04/21/2011 03:21 PM, Glenn Buckholz wrote: I was wondering if anyone has, or is aware of puppet dashboard integration with secstate (https://fedorahosted.org/secstate/) . A use case would be, I run a compliance report in secstate, it shows up on the puppet dashboard and allows me to see where I'm out of compliance and where I can remediation with puppet content if I have it written and available. Just looking for pointers I'm new to the puppet world. -Glenn Make a security module, then everything related will be auto-tagged security. THen you can add your own tag to an arbitrary resource that say is required by PCI or some such tag = security_pci, and then use the report processor for dashboard with some tiny modifications to get a security overview. So, I guess the answer is no to your question but i think it's not that hard to do. -- -- Joe McDonagh Operations Engineer AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] finding consultants or full time puppet experts?
On 05/20/2011 11:31 AM, Mark wrote: We are looking to hire a full time (or possibly a consultant) in Boston with experience in AWS and Puppet (or Chef :) http://www.fiksu.com/company/careers/cloud-operations-manager Any good leads on other places to look for someone like that? Thanks! Although I do currently have a great $dayjob, I also work nights and weekends consulting in areas I specialize it, similar to what you're asking for. I am in Boston (Somerville/Charlestown line actually), have been a heavy (for many months I was doing Puppet 6-8 hours+ a day) Puppet user for a total of about three years, currently managing 200+ RHEL boxes at one site and 100+ Ubuntu 6.06/8.04/10.04 in addition to several OpenBSD boxes. I certainly do have other specialities in areas like Security, Firewalling, and general automation really. However, I do not have practical talents with AWS, which looks to be a hard requirement. Regardless, I am open for work nights and weekends. If you're still interested, e-mail me your preferred resume format (or anyone on the list, also open to you if you're in Greater Boston or want remote work) and I'll get it back to you. Thanks! -- Joe McDonagh IT Infrastructure Consultant AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Variable inheritance in Stages
On 05/23/2011 12:34 PM, Chip wrote: I have pre, main, and post stages configured in my manifests. When I assign variables in the node declaration they are present in the main stage, but not my pre-stage. How do I assign variables at the node level that can be referenced in my pre stage? -Chip Schweiss I'm also curious how variables interact with stages in general. I was really anticipating them to solve some long-standing problems at this one gig and it turned out that it worked absolutely nothing I thought it would. -- Joe McDonagh IT Infrastructure Consultant AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Management of MySQL grant tables?
On 07/28/2010 02:58 AM, David Schmitt wrote: On 7/28/2010 12:41 AM, Christopher Johnston wrote: David, Curious on how you handle doing a grant of *.* (all attributes) I looked through your puppet type and I see you are individually listing every type out but you are missing event_priv and trigger_priv as grant types. I haven't worked on those types in a while and it is possible, that those privs only exist in a later version of mysql? Best Regards, David Last time I looked at this there was some stub function in place that just couldn't be found anywhere. Has there been some recent function on it? Also, why the augeas module dependency? Grant state is managed in the db, which is what makes this problem tough to solve for most people. However, I know Dave's no slouch so maybe I am missing something. -- Joe McDonagh IT Infrastructure Consultant AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: RFC: Splitting up the file{} type functionality.
I'd really prefer if the name of this resource didn't change. I understand there are problems but can't you just split the code and have different behavior based on something like filetype =? On 03/22/11 11:10, Nigel Kersten wrote: On Tue, Mar 22, 2011 at 7:20 AM, jcbollingerjohn.bollin...@stjude.org wrote: On Mar 21, 8:53 pm, Nigel Kerstenni...@puppetlabs.com wrote: The file{} type can do all of the following: * manage single files * manage directories * manage symlinks * manage recursive file copies The intersection of all these bits of functionality makes it difficult to understand exactly what is going on when you're new to Puppet, and even experienced users often don't know how combining symlinks/content management is going to work. How would people feel about at least splitting out these into their own types? * symlinks * recursive file copies The intersection of files and directories isn't that big a deal, but we could split out directories too if we wanted. Thoughts? I agree that File is a mishmash, but I don't think symlinks and recursive copying are the key concepts that would be good to split out. Instead, I think splitting directories into their own type would be the way to go. Consider what would happen if symlinks were made their own type. What about dependencies? Right now, I can have service { my_service: require = File[/etc/my_service.conf] } without caring whether File[/etc/my_service.conf] represents an actual file or a symlink. I can even change that in the declaration of the file without having to touch anything that depends on it. If symlinks were modeled via a separate type, however, then I would need everywhere to account for which files were plain and which were symlinks. That's a really good point. One workaround would be to encapsulate such configs into a class and require that. class foo::service { service { my_service: require = Class[foo::config] } } class foo::config { ... } Another would be to flip this around and instead use before instead of require, so the service resource wouldn't need to know what kind of object is required. Or look at it from a modelling angle: a symlink to a regular file is much more like a regular file than a directory is like a regular file, so why does it make sense to split out symlinks but not directories? Because of the clash between defining a symlink and specifying the content of a file. We have edge cases like this: file { /tmp/someobject: ensure = present, content = foo, } Now if /tmp/someobject is a symlink (or even a directory), we need to special case the code so that we log that the content attribute isn't being used. If it's a file, it will be used. It gets worse with the links parameter. file { /tmp/foo: ensure = present, links = follow, recurse = true, source = , } This does all sorts of weird things depending upon whether the object is a symlink, directory or file. We've had requests to support sockets in the file type too, which complicate things further. Parallel arguments can be made about directories and symlinks to directories. As for recursive copying, that's an action, not an observable, manageable artifact, so why would it make sense to create a resource type around it? It could be recast as something like directory hierarchy, but that begs the question of why it should be separate from ordinary directories. If you want to think out of the box, then consider re-implementing recursive directory management via a new (type of) function that dynamically adds all the appropriate Directory and File resources to the catalog. That's anyway what Puppet already does, right? We have fundamentally different kinds of parameters on a recursive file source than we do on a normal directory. Think about the clash between source and content. links. purge. recurse. recurselimit. ignore. All those things *only* make sense with a recursive tree, not with a single file or a single directory. This, then, is the direction that makes the most sense to me: 1) Split out (only) directories into their own type. Among other things, recursive-tree management would go into the new Directory type. 2) Give File and Directory each a link_to property by which these types can be made to manage symbolic links instead of the underlying regular file or directory. like our existing target property? How does it make sense to manage a symlink in a Directory type? I'm not seeing it 3) Once (1) and (2) are done, it will be possible and appropriate to limit the allowed values of both types' ensure properties to absent and present. I recommend seeing how (1) works out before trying to move recursive directory management into its own entity. If that feature is indeed moved out, however, then I truly don't see how it would make sense to make a resource type out of it. Making a function out of it instead would be a better fit. I think you're overlooking the configurable
Re: [Puppet Users] Puppet 2.6 and extlookup... and environments
You have to edit the environment's site.pp to point to the new extdata folder. On 02/22/2011 05:57 PM, Douglas Garstang wrote: I just incorporated environments into my puppet... On the server... [main] ... [pax] manifest = /etc/puppet/env/pax_prod/manifests/site.pp modulepath = /etc/puppet/env/pax_prod/modules [fre] manifest = /etc/puppet/env/fre_prod/manifests/site.pp modulepath = /etc/puppet/env/fre_prod/modules [agent] ... and I changed the environment to be pax_prod on the client accordingly. However, when puppet encounters this: $ns_primary = extlookup(ns_primary, , default_${domain}) it doesn't give $ns_primary a value. The file was previously in the directory /etc/puppet/manifests/extdata, but now with the environments it's been moved to /etc/puppet/env/pax_prod/manifests/extdata. Do I have to do anything special? Doug. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Distributing user configs from a central host?
You can use content = file(/etc/passwd) for example to serve out the content from the master's etc passwd. On 02/17/2011 09:37 AM, Robin Lee Powell wrote: I have a central server, that happens to be the puppetmaster, that has various users on it. I would like to copy out their information (name, uid, password, .bashrc, etc) to all my other hosts, but I want to let the users change their stuff on that host, so I don't want to just stick it in puppet. My inclination is to just make a script that runs through the passwd file and generates puppet instructions out, and also copies the user files in question into a place in the puppetmaster directories. Is there a more-idiomatic way to do that? -Robin -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Do people walk the filebucket tree searching by path?
I care a lot and had thought that the path would eventually be the main key for retrieving files, with the checksum being sort of like a revision, with some extra metadata when you interfaces with the filebucket... On 02/17/2011 03:46 PM, Nigel Kersten wrote: https://projects.puppetlabs.com/issues/6353 Our old behavior was that when files were backed up to a filebucket, we also wrote out the path information to the 'paths' file in the checksum directory. Do people actually use this functionality? Our sanctioned interface puppet filebucket only ever restored files by checksum, not by path, but from the wiki and some tickets it looks like we do have users who construct find/exec commands to search by path. This leaves us in a somewhat frustrating position. We've broken functionality that at least some people use, but was essentially poking into a private implementation of the filebucket. The whole point of the filebucket at least from a design perspective was to store and retrieve files by checksum, not by path. However that doesn't appear to be how everyone uses it. How much do you all care? -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Do people walk the filebucket tree searching by path?
On 02/17/2011 03:55 PM, Nigel Kersten wrote: On Thu, Feb 17, 2011 at 12:48 PM, Joe McDonagh joseph.e.mcdon...@gmail.com wrote: I care a lot and had thought that the path would eventually be the main key for retrieving files, with the checksum being sort of like a revision, with some extra metadata when you interfaces with the filebucket... ok. So it's unacceptable for you to refer to logs or reports to get the checksum for a given replacement and then restore the file that way? I'm not sure 'unacceptable' is the word, I'm not going to stop using puppet because PL didn't make the filebucket interface to my spec. Just sayin, that's how I envisioned it back when I started using Puppet... and now with all the fancy doo dads in puppet I'd figure the filebucket would have lots of ways to access the data inside. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet in the DMZ
You can put a puppet server in the DMZ that you deploy puppet manifest changes to via SSH, then only allow 8140 access to the dmz boxes. I would say shipping catalogs out there is sort of overkill. You can also make this master use a separate CA, etc. I think a few simple measures like this would make it as secure as trying to do some esoteric 'ultra-secure' techniques. On 02/11/2011 01:25 AM, John Warburton wrote: Curse GW Bush and his 'Axis of Evil' - my google searches are contaminated with hits to Korea, and other such fun... Does anyone have any experiences with puppet in the DMZ they can share? At my puppet master training (Hi Hunter), it was mentioned some people compile their catalogs inside, then ship them out to servers in the DMZ to be applied. I understand that fine, but we use facts quite a bit to get state information, so the traditional part of the client server/model where facts are shipped back from the client to the puppet server is missing. How do people get around the common rule that DMZ servers should not initiate network connections back to the internal network? Should we have a puppet server in the DMZ? Thanks John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Stored configs in MySQL
Sounds like you're running the wrong version of the mysql rubygem. If memory serves, this was a known issue. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Pre-auth of nodes?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alternatively to using auto-sign, you can do server-side cert generation with puppetca -g, then figure a good secure way to transfer that stuff during OS install. On 11/14/2010 01:09 PM, Matthew Macdonald-Wallace wrote: Hi all, I'm trying to work out the best way to ensure that my systems run puppet at first boot without having to run puppetca --sign or have wildcards in my auth file. All nodes are stored in an external database so what I want to tell puppet is if it's in the database, authenticate it, othwise ignore it. Is this possible using the external-node classifier? Thanks in advance, Matt - -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJM4LXdAAoJEFKvc4++22tcPjkP/1F4WraUcgvq2V6L9ZnafZij LV2WrA0ogZGWTdmpOuSCkUFSj9HOex29vPE7rIA4DMPs0wXOXj/ETVPhq2KLUbnR +YwPj7y6jFCrQ63fSOTGpsgfBSnqgplSnXqi9Lc6Gg89SAtzARsrhUjb6rjSDb1e ATB62IJt1pJQVqtFo+/J9PMC3Me6QWAdLJwZIauERgIpnTjws/0bGc+yhZYHP1xn mEusS6gvyNxny/SirZq6H/x8FiMud6bOj+8gUM8lcl+XgJaDKCW08TZVMqvgQmZT U82B9jW8dodFj8Zg6pguVJZ6mTIfjKvdS/51RsAxChnMLrc+y5sW5veeO27odcGd ScVPa8TCmP24xoxWgNY7KQB+t2sSXBPueYczzCpPzmmlXKB16aSIAL4cgc51wUBn WnwJNce51qJVpbABxEF4HwQEAdpgW40UJJ3Eq8fvdhJdbTJ6RR3Cvs91xsrgmiWk X6XbdqqRRnfmXiB+PKP/YnihECdfYVEZslNWoEVWXC8NTwHsoIs+C6uGIKwge92d Qns9pboOvImbvgWLuLYsSYxSdCOPWfTypQKJUqUtbLU7OMcZS9OopeiKMRWMkFR6 BfzSs8KEIQSoslKTtr0BICy81zG1qOiUBu+PpAMwJpzYy84sNoanU3eEp2BQwQST xr2nx5oQt++50KrUOHPj =ftkI -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet Module Repository
On 11/10/2010 01:14 PM, Yushu Yao wrote: Hi Experts, I am just wondering is there anything like a Puppet Module Repository in production yet? For the Puppet Module Repository I am looking for two main features: 1. Versioning control of each individual module 2. automatic dependency resolution, one module will be able to say which module (at which version) this module depend on. Basically, something like python easy_install or ruby gems will be the best. Thanks a lot! -Yushu -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. http://forge.puppetlabs.com/ -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Patch Management
++ RIP, I've piloted mcollective but have not yet deployed as a standard CC tool. It is the future IMO, so if you're starting from scratch, it's probably what you want to go with, as I sort of view puppet as not being the tool for this job For this stuff now, I use a combo of Nagios and capistrano. Nagios can tell me when nodes are out of date via the check_cluster plugin (info generated dynamically from puppet) as a cluster of the check_apt plugin. Capistrano can easily pull my nodes from puppet stored configs, dynamically stuff them into roles based on hostname (mcollective does not have the limitation of relying on hostnames), and I can update to various groups of hosts based on OS, DC/location, or type of service such as webservers, smtp servers, etc. I suppose some logic could be coded into my capfile to get this info more gracefully than simple hostname parsing, but at that point I would just deploy mcollective. I have some really simple code I can share if you need to, but I am warning you right now, capistrano is not a scalable tool. It barfs, last time I checked, on more than 30 or so simultaneous ssh connections. This could be a limitation of the ssh-agent, but I've worked around it and haven't done any stress testing in months. Security stuff like CVE's would be a little more involved. The company I work for scans for this stuff, but we don't really have an automated fix integration process. We generate remediation reports, but that just tells a human what to do. Like I said, mcollective is the future for this kind of stuff, but cap is sort of easier to get going with since it's plain ssh connections. I guess it depends on a few factors like, size of your infrastructure, how quick you need it, etc. If you have time, go with mcollective. On 11/02/2010 10:38 AM, R.I.Pienaar wrote: - Joel Merrickjoel.merr...@gmail.com wrote: Is there any way this could be accomplished? I suppose the nirvana for me would be to be able to instantly see if a package needs updating, based upon a CVE/DSA/RSA etc similar to the way pakiti does it [1].. (although I suppose a sources.list with just security sources would do) and then use something like mcollective to slowly, but safely upgrade the package. not sure if this will solve all your needs but it should be trivial to write something for mcollective to parse 'yum check-update' output and aggregate that over your entire estate. -- -- Joe McDonagh Operations Engineer AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Strange problem with StoredConfigs overwriting files with old versions
On 11/04/2010 01:16 PM, PBWebGuy wrote: We just ran into a condition when a templatized configuration file would get replaced with something that I had no clue where it came from and the content is no where in the puppet source tree. On subsequent updates the proper file would appear. I've been able to consistently reproduce the problem on multiple nodes that have the same role. We discovered a discrepancy in the last modified dates of the file in question. When we ran the update the first time it would create a file with an old date. On the subsquent update it would generate it with today's date. We figured then it was being cached. I therefore turned off stored configs and presto my issue disappeared. There appears to be a SERIOUS bug in stored configs that under certain conditions is stuffing the incorrect versions of files out on the node. Worse is that when watching the logs for the update, it shows the correct DIFF's of the file being made and then under the covers it writes an old version of the file to the node. I'm curious if anyone has experienced anything like this before? Regards, John Are you running the node that exports from its catalog to update the exported resource BEFORE you re run the collecting node catalog? You'll see this fairly often with Nagios due to the $runinterval window between nodes, resulting in updated information taking something near $runinterval to update. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Variable Interpolation (double interpolation)
On 10/27/2010 04:39 PM, Roberto Bouza wrote: Hello, I have a group of variables like $a_logs_project1 = machine1 $b_logs_project2 = machine2 then on the definition I'm genrating a variable like: $machine_name = ${letter}_logs_${project} So $machine name will be something like: a_logs_project1 Now I need to convert that (or interpolate it somehow) into the real value machine1 So I have a variable $machine_name which has the name of the variable which has the real value. Do you have any ideas how to obtain this value? Any help will be appreciated. Thank you. This works, but... yea: $machine_name = machine1 $machine1 = thordur $value = inline_template(%= scope.lookupvar(machine_name) -%) notice(machine 1 is $value) -- -- Joe McDonagh Operations Engineer AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Variable Interpolation (double interpolation)
On 10/27/2010 07:37 PM, Roberto Bouza wrote: Thanks!!! It worked like a charm. On Oct 27, 3:23 pm, Joe McDonaghjoseph.e.mcdon...@gmail.com wrote: FYI, if you're using 2.6, the new pure Ruby stuff might look better. Unfortunately I have not yet deployed 2.6 for prod so I don't have much experience using the pure Ruby DSL stuff. -- -- Joe McDonagh Operations Engineer AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Facter ignores interfaces with non eth names
On 10/04/2010 05:35 PM, Christopher Johnston wrote: Does facter support NICs that are not named ethX? I happen to use custom names on my systems. Just a quick look at the code I don't see why it wouldn't but the behavior I am seeing is very different. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. On OpenBSD NIC devices are named based on the driver they use, and in some cases the meta-type of the NIC (trunkX, carpX). Those all show up in facter on those machines. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Looking for High Mid-Sr. Level Unix/Linux person with puppet skills in Los Angeles, CA, USA
Please e-mail me off list if you're looking for a contract-perm position in LA, close to LAX near Boeing and the other defense companies. The role is fairly senior and involves mostly Linux and Unix systems. Puppet experience is a win, also is OpenBSD for routing/firewalling. More details to be given off list if you contact me. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] confused about exported resources
On 09/22/2010 09:10 AM, Baker, Luke wrote: I've been looking at this example in the puppetdocs.pdf class nagios-target { @@nagios_host { $fqdn: ensure = present, alias = $hostname, address = $ipaddress, use = generic-host, } @@nagios_service { check_ping_${hostname}: check_command = check_ping!100.0,20%!500.0,60%, use = generic-service, host_name = $fqdn, notification_period = 24x7, service_description = ${hostname}_check_ping } } class nagios-monitor { package { [ nagios, nagios-plugins ]: ensure = installed, } service { nagios: ensure = running, enable = true, #subscribe = File[$nagios_cfgdir], require = Package[nagios], } # collect resources and populate /etc/nagios/nagios_*.cfg Nagios_host || Nagios_service || How is /etc/nagios/nagios_*.cfg populated using these two exported resources? That's the syntax for collecting resources. This is the classic example- every node gets the exported resource (the one with @@ in front of it), which means it is marked in the database as exported. Then on your nagios server you use the collection syntax to collect all the exported resources of that type. This means you can auto configure daemons like nagios that require node information for the configuration. A more general question is that I'm confused on the purpose of exported resources. The purpose is to distribute information between nodes. The second example you gave is pretty useless, but another common scenario is a command and control server that needs the proper host keys for your nodes. In each node's config you would export the ssh key and then collect it on the CC server, that way none of your scripts are failing because of the wrong host keys. -- Joe McDonagh Operations Engineer AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] API: Get a list of servers that include a certain module/class
On 09/07/2010 03:06 AM, phred wrote: Hi there Is there a possibility to get all servers via API that e.g. have import production whereas production is a module/class. I want to use that host list for doing push deployments - something that needs to be live immediately. Greets Philipp I use Ruby to get stuff like this from the stored config DB. I'm sure with 2.6 you can do some funky cool stuff with the REST API though... -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] SVN pre-commit hook on wiki
On 09/02/2010 02:34 PM, Carl Caum wrote: On the wiki page http://projects.puppetlabs.com/projects/1/wiki/Puppet_Version_Control, the SVN Pre-Commit Hook script needs to be fixed to not check the syntax on files getting deleted. The following line: $SVNLOOK changed -t $TXN $REPOS | awk '{print $2}' | grep '\.pp$' | while read line needs to be: $SVNLOOK changed -t $TXN $REPOS | grep -v ^D | awk '{print $2}' | grep '\.pp$' | while read line Sort of moot since the pre-commit was operational in the first place, there should be no syntax errors in any committed files... I think there might be a problem or two with that pre-commit in other areas. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] extlookup in 2.6.1 defaults
On 08/22/2010 02:42 AM, Douglas Garstang wrote: This seems a bit weird to me. The second parameter isn't optional (I think the 2nd and 3rd parameters should be switched), which means that you MUST have a default value in there, which means, you might as well use the same value as in the file, which means the file is somewhat redundant. Anyone else see that? Doug. extlookup has always supported defaults, which were always optional. A cursory look of the current code appears that it's also still an optonal default. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: puppet dashboard gui looks odd from apache2
On 08/21/2010 05:45 PM, Rustler wrote: This is what I have in my httpd.conf file and apache is running as the user puppet - LoadModule passenger_module /opt/passenger-2.2.15/ext/apache2/ mod_passenger.so PassengerRoot /opt/passenger-2.2.15 PassengerRuby /usr/bin/ruby PassengerHighPerformance on PassengerMaxPoolSize 20 PassengerPoolIdleTime 1500 PassengerStatThrottleRate 120 PassengerDefaultUser puppet RailsAutoDetect On Often, people are surprised to find major apache2 settings in weird places in Debian... I know I've definitely had some head scratchers that resembled this issue before because of it. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Push changes to clients
On 08/13/2010 05:05 AM, ScubaDude wrote: I was wondering how to configure the puppet clients to only listen, not to periodically pull configs down from the puppetmaster. I'd rather push the configs out from the puppetmaster with puppetrun... At a guess I need to set runinterval to 0 in /etc/puppet/puppet.conf? For this to work you'd also have to transfer all the manifests to the clients. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] SVN hooks
Hello list, I'm planning to deploy and use Puppet at work. For this, I've set up a SVN server to keep track of all changes in modules manifests. Reading documentation to be able to define coding rules, I want to put some SVN hooks to ensure for correct syntax and coding rules respect. Does anybody here use such scripts ? Are some public version available ? Or am I wrong going this way ? This is mine, it does some extra syntax checking: #!/bin/bash # This file is managed by Puppet export TMPDIR=/tmp/svntmp if [ ! -e TMPDIR ]; then mkdir -p $TMPDIR chmod 1777 $TMPDIR fi export ERRCOUNT=0 export PATH=/usr/bin:/bin export REPOS=$1 export TMPFILE=$(mktemp -p $TMPDIR) export TXN=$2 while read LINE; do svnlook cat -t $TXN $REPOS $LINE $TMPFILE if [ $? -ne 0 ]; then echo Warning: Failed to checkout $LINE 2 fi EXT=$(echo $LINE | awk -F'.' '{ print $NF }') case $EXT in erb) erb -x -T '-' $TMPFILE | ruby -c if [ $? -ne 0 ]; then echo ERB parsing error in $LINE 2 let ERRCOUNT+=1 fi ;; pp) /usr/bin/puppet --color=false --parseonly --ignoreimport $TMPFILE if [ $? -ne 0 ]; then echo Puppet syntax error in $LINE 2 let ERRCOUNT+=1 fi ;; rb) ruby -c $TMPFILE if [ $? -ne 0 ]; then echo Ruby syntax error in $LINE 2 let ERRCOUNT+=1 fi ;; sh) bash -n $TMPFILE if [ $? -ne 0 ]; then echo Bash syntax error in $LINE 2 let ERRCOUNT+=1 fi ;; *) continue ;; esac done (svnlook changed -t $TXN $REPOS | awk '{print $2}') rm -f $TMPFILE exit $ERRCOUNT -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Optionally ensuring a service is running
On 08/11/2010 12:27 PM, Marc Zampetti wrote: I want puppet to normally manage the running state of a service, so that if the service stops, it is restarted, etc. But during maintenance windows, I want puppet to leave the service in whatever state it is in. My idea is to have a file that can be checked to see if the service is in maintenance mode, and if so, then skip the ensure check. To do this, I see two issues. 1) How do I test for the existence of a file? The docs don't seem to be able to do so. I'm guessing I would need to define a custom fact for that, right? 2) How do make it so that the service ensure property is correct? Right now, it appears that only running or notrunning is valid. Would ignored or undef or something like that work? Is there a better way to achieve what I'm trying to do? Marc Zampetti Marc, you might want to look into the schedule resource, and use that. As for your questions: 1. You would need a custom fact. 2. There are more options for ensure for services, such as enabled, installed, etc. I'm not sure undef would work. If you set a schedule for it though, it shoudl only apply the resource during that schedule. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] install package based on operatingsystem AND operatingsystemrelease
On 08/11/2010 11:55 AM, Jason Amato wrote: How can I create a class to install a RPM based on the o/s type and the o/s release. I want to install a package on SLES, but only if it's release 11, not 10. I can do this, but how do I incorporate the release in here... thanks in advance! class packages1 { $lsb = $operatingsystem ? { OEL = redhat-lsb, SLES = lsb, default = redhat-lsb } package { $lsb: ensure = installed } } -Jason Try using a nested selector in the package name selector, and setting 10 = absent. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] using puppet ssl certs for other applications
On 08/06/2010 10:47 AM, Bob Belnap wrote: Hello, As I've been building up my puppet infrastructure, I've started using puppet certs for all of my services that require ssl. Usually this is in the form of links: Bob, you're absolutely right it's a big win. I didn't even use links, I just pointed Splunk at the puppet ssl certs. -- -- Joe McDonagh Operations Engineer AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] exec not finding shell builtins/functions?
On 07/30/2010 12:18 AM, Daniel Pittman wrote: James Turnbullja...@puppetlabs.com writes: Richard Crowley wrote: On Thu, Jul 29, 2010 at 3:23 PM, Greg Grafgreg.g...@rackspace.com wrote: [...] I saw the same thing happen with a few for-loops and had to wrap them up in /bin/sh -c '...' for 2.6. Now that I look for it, I can't find anything about this behavior change in the release notes for 2.6. Was it coincidental that it ever worked? See: http://projects.puppetlabs.com/issues/4288 http://projects.puppetlabs.com/issues/4299 For some history and comments on this. We'd welcome some input into what you think should be safe and expected behaviour here. If this is a voting matter, let me put in a vote for passing a simple string to the shell, and passing an array direct to exec, which is consistent with the use of 'system' style commands in a whole bunch of sysadmin scripting languages. Eg, this: exec { foo: command = ['/bin/ls', '|' 'foo'] } will pass '|' 'foo' to the ls command, compared to: exec { foo: command = /bin/ls | foo } ...which passes it to the default system shell. Daniel That seems like the implementation would be tricky and error-prone, compared to having people add sh/bash/ksh -c to the beginning of the command in the exec. I mean, is that really such a big deal? -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Bizarre Stuff in Puppet 2.6.0
On 07/30/2010 02:43 PM, Douglas Garstang wrote: Is it just me, or are others having all sorts of weird experiences with puppet 2.6.0? Specifically with parameterized classes I just had a situation where I restarted the client, got an error, restarted the client again, and the error went away. Then, I intentionally put an error in the config, restarted the client again, and the client didn't report any problems. After restarting the server and client a few more times, this error is still not being reported by the client. Doug. Yes, see the 'empty catalogs' bug. I'm guessing it's near the same. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet DDNS and Preseed -- Any easier alternative
On 07/14/2010 10:15 AM, Harihara Vinayakaram wrote: Hi I have a set up that runs puppetmasterd, DDNS , DHCP etc on one server . I have managed to PXE boot Ubuntu 10.04 clients and setup puppet clients . The ultimate goal is to run Hadoop on the nodes. I have some observations on the process and I am wondering if there is any easier way to do . I am running this on 50 physical nodes. 1. Puppet clients work only if the DNS (both forward and revese work ). For DDNS to work (at least on Ubuntu clients) secure DDNS in the only way . This needs a dhclient-exit-hook per machine and also a send fqdn.fqdn from each machine's dhclient.conf . To solve this my preseed.cfg contains a late-command which transfers a script to the client machine which does a series of wget and some sed manipulations . Looking from the outside it does looks a bit complicated and I see a maintenance proble Is there a easier way to do this ? Regards Hari Hari, this is sort of OT but I've been lightly piloting Ubuntu 10.04 and I've noticed that for some reason my partman-auto recipe which worked fine in 8.04 is creating disproportionately large swap partitions. Are you using partman-auto? If so, could I see the config block? Thanks. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Variable Scoping: What do you want?
On 07/02/2010 04:45 AM, David Schmitt wrote: On 6/30/2010 1:47 AM, Joe McDonagh wrote: Also, it would be *huge* to be able to append to vars. Right now I open fw ports via a variable in the node def like: $open_tcp_ports = 22,443 If I could always open 22 in the node def, but += inside classes for httpd, nfs, etc. things would be nice. I'm guessing this might be a little difficult because all the variables in the catalog would have to be assembled before applying the catalog. Please model your ports as resources: fw::port { 20: ensure = open } Even if this only drops a concat snippet somewhere, this is brings you so much benefits I don't know where to start. Best Regards, David This brings nothing to the table for me and means I would have to add a ridiculous amount of puppet code and risk breaking all of production. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Setting permissions on nagios service check file
On 07/02/2010 12:11 PM, Druwerd wrote: Is there a better way to set the permissions on the cfg files generated by the nagios_service type? I want each nagios service check to have it's own file, but don't want to write it out each time. Is there a way to set default permissions for the nagios_service cfg files? # Monitor ntp services @@nagios_service{ nrpe_ntp: target = /etc/nagios/conf.d/ services/${fqdn}_nrpe_ntp.cfg check_command = check_nrpe!check_ntp_time } # Change the permissions of the nagios ntp check file @@file{ /etc/nagios/conf.d/services/${fqdn}_nrpe_ntp.cfg: owner = root, group = root, mode = 444, require = Nagios_service[nrpe_ntp], tag = nagios, } You use a combination of overrides and an exec that fixes the permissions. Nagios_service { notify = Exec[fix_nagios_perms]; } exec { fix_nagios_perms: command = /bin/chmod -R 755 /etc/nagios3, notify = Service[nagios], refreshonly = true; service { nagios: ensure = running; } -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] realize virtual definition ?
On 06/22/2010 08:32 PM, tehcook wrote: Hi New to the puppet. I'm trying to make a user management module users, which has one definition and a bunch of classes. Here is my structure under $modulepath : users/manifests/classes/evergent.pp users/manifests/classes/admins.pp users/manifests/classes/list.pp users/manifests/classes/outside.pp users/manifests/classes/dbas.pp users/manifests/defines/account.pp users/manifests/init.pp Definition is : define users::account($realname, $userid, $password) { } It creates user, group, $HOME, adds user's public ssh key and chown -R his whole $HOME Then there is a class users::list that has all users like this : @users::account { root: realname = Root user, userid = 1000, password = xxx, } The idea is that all users are defined as a virtual definition and will be realized later. Now there is class users:admins that has all sysadmins : class users::admins { realize Users::Account[root] } Then in site.pp I import my users module : import users and in one of the nodes I include sysadmins : node host1.test.com inherits default { include users::admins } Now when I run puppetd -o -t -v on that node I get error : err: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to realize virtual resources Users::Account[root] on node host1.test.com Do I do something not supported by the puppet ? I understand everyone suggests making virtual resource user and then realize them in the class. But I want add some thing like chown -R $HOME, ssh keys and more. Can I use virtual definition same way as virtual resources ? What am I doing wrong ? Any pointers to something similar would help a lot. I've checked Pulling strings with Puppet book but it does not show any example of the virtual definitions like this. Thanks Is that just an example or are you actually trying to make an account named root with uid 1000? -- -- Joe McDonagh Operations Engineer AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] header for puppet managed files
On 06/20/2010 03:37 PM, Psyber wrote: Anyone have any ideas on adding a default header to puppet managed files and templates? This might be tricky because of the different methods of adding comments for different types of files but I'm certainly open to suggestions that would enforce the existence of a header. Generally I add in by hand, and I make sure it says whether this is managed as a template or plain file, and what module it can be found in. -- Joe McDonagh Operations Engineer AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: How to pass a array to define?
On 06/21/2010 09:51 AM, Matt Keating wrote: Not to hijack your thread, but I'm having a similar issue with trying to pass an array to a define: class solr { $configFileList = [admin-extra.html, elevate.xml] define configFiles ( $solrIndex, $fileName ) { file { /var/solr/$solrIndex/conf/$fileName : ensure = present, owner = tomcat, source = puppet://puppetmaster.dennisinteractive.co.uk/files/solr/conf/$fileName } } } Then If I call it like so: solr::configFiles { $title : fileName = $configFileList, solrIndex = $title, require = File[/var/solr/$title/conf/xslt], } It doesnt seem to pass the $configFileList through correctly. Any idea's on what I should be doing? Try wrapping fileName = [ $configFileList ] like that. Might work that way. -- -- Joe McDonagh Operations Engineer AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] erb templating support for case statements?
On 06/21/2010 11:07 AM, CraftyTech wrote: Hello All, Can you guys point out to me, how do I do a case statement within a template? i.g: my.cnf max_allowed_packet=% case ($memorysize=4) = 8M, case ($memorysize=8) = 16M)? I've tried different combinations, but so far no luck. The syntax checker coughs up hair balls Thanks, Henry Anything inside % % uses standard ruby coding, however it does *not* put stdout into the file. Take this for example: % if somevar == 100 -% variable=this % else -% variable=that % end -% This is how you would print out a setting for a variable. -- -- Joe McDonagh Operations Engineer AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How to pass a array to define?
On 06/20/2010 12:10 PM, Silviu Paragina wrote: Not sure how to do it, but what I would try: (see inline) On 18.06.2010 13:46, daniel wrote: Hey, guys! These days I'm keep on setting up my puppet automation environment, but I got a problem that made me confused. I have a define to add users ,which as follows : define usermgr::add_user ($usershell='/bin/bash', $groups) { 4 5 file 6 { /home/$title: 7 owner = $title, 8 group = $title, 9 mode= 755, 10 ensure = directory; 11 } 12 13 user { 14 $title: 15 shell = $usershell, 16 groups = [$groups], Try changing this to groups = $groups 17 ensure = present, 18 home = /home/$title, 19 } 20 21 22 file 23 { /home/$title/.ssh: 24 owner = $title, 25 group = $title, 26 mode= 700, 27 ensure = directory, 28 require = File[/home/$title]; 29 } then i want to pass some parameters to this define to add user tester who belongs to group root and adm: class usermgr::project1 { 6 usermgr::add_user { 7 tester: 8 usershell = /bin/bash, 9 groups = ['root','adm'] 10} 11 } but it always failed as follows: err: //usermgr::project1/Usermgr::Add_user[tester]/User[flex1]/groups: change from tester to tester,rootadm failed: Could not set groups on user[tester]: Execution of '/usr/sbin/usermod -G tester,rootadm tester' returned 6: usermod: group 'rootadm' does not exist the information seems like that the groups parameter is parsed wrong , does anyone have idea to parse this array parameter right ? Thanks so much: Silviu You can't set group on a resource if the group doesn't exist, so in each resource that needs that group you would need to require = Group[whatever]. -- -- Joe McDonagh Operations Engineer AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Multiple environments and mail
On 06/18/2010 02:18 PM, Nigel Kersten wrote: On Fri, Jun 18, 2010 at 10:34 AM, Robert Scheerr...@xs4all.net wrote: To facilitate developing, testing and releasing puppet code, we use different environments. That works very well. The only problem is that I cannot prevent puppet from mailing a report, nor direct it somewhere else, when using a different environment. Unfortunately, tagmail does not do per-environment settings. I put in a feature request for this a while ago, go thumbs it up! -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Collecting _all_ ssh keys
On 06/09/2010 04:57 AM, Klaus Ethgen wrote: Exact. And I still read that sources. With the Sshkey type there is still a implemented solution to collect that keys and export them to all hosts. But that Type only allow to export one of the two hostkeys a host have. And that is the source of my question. Klaus, I assume you mean both the dsa and rsa key types; the sshkey type provides for specifying which you want. From the docs at http://docs.puppetlabs.com/references/stable/type.html: type The encryption type used. Probably ssh-dss or ssh-rsa. Valid values are |ssh-dss| (also called |dsa|), |ssh-rsa| (also called |rsa|). -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Collecting _all_ ssh keys
On 06/08/2010 01:54 PM, Klaus Ethgen wrote: Hi, Am Di den 8. Jun 2010 um 17:15 schrieb Michael Semcheski: I'm not sure I understand your question, but doesn't this work? ssh-keyscan -t dsa,rsa hostname Sure. But that is exact the point. If I collect the information with ssh-keyscan there is a little change that the key is wrong and not the one of the machine. Puppet give a nice way to collect the ssh keys of all hosts it manage from facter. And it provides also a nice way to spread all that collected keys to all machines known-hosts file. Unfortunately the key for the key (ehem, I hope you can follow. ;-) is the host name so you have to choose which one of each host you want to spread to all machines. This is one of the cases where 'tags' are really useful. You can tag something like tag = for_collection in the exported resource, then when you collect the exported resource, you would do Sshkey | tag = for_collection |. Regards Klaus Ethgen Ps. Disclaimer: This mail is in British English and not in puppet English. That means I use terms like collect in the British meaning and _not_ for the puppet meaning. Right but it serves no one including yourself to continue using a technical term in a technical forum when you really mean some other concept or principle. It seems like exactly what you want is collecting exported resources. I recommend checking wiki:ExportedResource if what I am saying makes no sense. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Collecting _all_ ssh keys
On 06/06/2010 12:47 PM, Klaus Ethgen wrote: Sure. And they get collected by facter without problems. But I am only able to disperse one of them to all hosts. regardless, you can collect like this Ssh_authorized_key| type = rsa || Ssh_authorized_key| type = dsa || Oh, seems to be a misunderstanding. I do not mean the authorized keys I do mean the host keys of the machines. (The ones found in /etc/ssh/ssh_host_{rsa,dsa}_key.pub.) I feel like you may be using the term 'collected' without knowing that it is actually a technical term within puppet. You probably want to check out the exported resources wiki page, since the principals are the same for exporting and collecting resources of any type. -- Joe McDonagh Operations Engineer AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Collecting _all_ ssh keys
On 06/06/2010 06:16 AM, Klaus Ethgen wrote: Hello, I read and find a way (well, there seems to be several equal implementations) to collect the ssh keys of machines. However they all give only the choice to choose between the key formats. But is there a way to collect both keys of a machine, the rsa _and_ the dss key (and maybe the rsa1 too)? I didn't find a way to solve this as the key is the machine name and it have to be unique. Regards Klaus Ethgen Klaus, do you all your machines by defualt actually have both DSA and rsa types? regardless, you can collect like this Ssh_authorized_key | type = rsa || Ssh_authorized_key | type = dsa || -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Collecting _all_ ssh keys
On 06/06/2010 08:00 AM, Joe McDonagh wrote: On 06/06/2010 06:16 AM, Klaus Ethgen wrote: Hello, I read and find a way (well, there seems to be several equal implementations) to collect the ssh keys of machines. However they all give only the choice to choose between the key formats. But is there a way to collect both keys of a machine, the rsa _and_ the dss key (and maybe the rsa1 too)? I didn't find a way to solve this as the key is the machine name and it have to be unique. Regards Klaus Ethgen Klaus, do you all your machines by defualt actually have both DSA and rsa types? regardless, you can collect like this Ssh_authorized_key | type = rsa || Ssh_authorized_key | type = dsa || Slight typo there enclosed inside those little brackets it's | | -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Toplevel domain and facter
On 05/27/2010 02:51 PM, Klaus Ethgen wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Am Do den 27. Mai 2010 um 17:57 schrieb Nigel Kersten: You'll need to be logged in. Ah. Bad. I have no account there and I dislike the idea to create a account anywhere to just report a bug. I have that many accounts sprayed around the net that I do not want to manage one more, sorry. That's kind of a crappy approach don't you think? Do you really think so? Have you ever dealt with a bug reporter that accepts anonymous bug reports? Do you know debian? Do you know /usr/bin/reportbug? Do you know RT? There are many bug tracker out there where reporting by e-mail is the usual way. It's almost impossible to treat such reports seriously as you're often not quite sure whether you've fixed the issue or not because you can't get in contact with the original reporter. With bug reports by e-mail this is normally not anonymous. Also usual you can get in contact with the reporter. More over, you do not need to go to any web page, you even need no web browser. You can write comfortable with your preferred mail reader and editor. There are many bugs out there. Sometimes they can be reported by the distribution bug tracker but if you install software directly or know that the bug is upstream it is of no use to have a maintainer between. And if you need to register with your shoe size (attention, I do exaggerate) often at least I let the bug be and might fix it locally so the software will not get better. This registration stuff for all is such a broken concept at all! Also mailing lists is not the best form of communication but it is ok that far as I can configure it in my mail reader to sort it in a nice way. (Ever use nntp? This concept is much better than Foren and mailing lists!) However, I will not create a user account on this site too. Take the bug report I gave here or let it be. If you are not interested in the report, well, that's yours. If you are interested, I stay here or by PM to answer questions or doing debugging. (And you might notice that I am not anonymous, I even sign my mails.) Regards Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgenkl...@ethgen.de Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBS/6/Pp+OKpjRpO3lAQr/vwf/Q7cJW+djFrQQJCCEFzGCNhJ7+CBXDlsM cDNthtphyWZKfk3EL8q4P+QDSw1MOuylkcTvGFzmcDPQz1yqVZ2KhDP3CTMWLOG7 8Zg3Ip93K5ZPLnTF28xgPsLGLjMEODTB9bDh6fymGCHYIVt8YW2lG+uN7EkJMy6e f8iAdmRZWCEdT57uHpDwBmNMoSYDZd2RY5Qhor75YI9G5ikGqyvjbYlAlKmSYfFd 8eJkXbwoJb+2AuzplrUn6nl4Kb0tKxmWeNM3GMnpRRe4iJCuqXbMI+azakngIt0s DTKoEvSK8bpSmEHBixfz9NLzKnGoaJodlJOe6FE+k4Uee2Qw5EeXBA== =cz9H -END PGP SIGNATURE- Regardless of your intentions, etc, this is somewhat insulting IMO to an open-source/foss project. It's almost like saying Well I appreciate the thousands of lines of code you've given me for free, and the man-hours it took to write that code, and the man-hours you've saved me, but I'm not willing to give you five minutes to create a log in to your bug tracker. Just sayin'. If you really can't be bothered feel free to hop on IRC, I will file the bug for you. -- Joe McDonagh Operations Engineer AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Nagios checks
On 05/27/2010 02:37 PM, Peter Berghold wrote: Has anybody out there written a custom check for Nagios to determine if puppetd and/or puppetmasterd is running? I am considering writing one if not. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. I use the one that came with the source download, however it requires a rubygem that IMO it probably shouldn't use. -- -- Joe McDonagh Operations Engineer AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Toplevel domain and facter
Rather than continue with this sort of semi-argument, I've gone and created an issue in redmine, #3909. -- -- Joe McDonagh Operations Engineer AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] External Nodes Require a Forklift?
What's the state of storedconfigs these days? Doug. In what sense? I am using it right now for other pieces of infrastructure, works pretty nicely but I am not exactly large scale. What did you want to accomplish with it? -- -- Joe McDonagh Operations Engineer AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Best-practice way of handling IP addresses
On 05/23/2010 10:08 AM, andreash wrote: Hi, I think the idea with the static DHCP leases is a good one :) But even then, wouldn't I want to set the DHCP config via puppet, so I would need to define all the IPs inside puppet? Cheers, Andreas. On 23 Mai, 15:50, Joe McDonagh joseph.e.mcdon...@gmail.com wrote: On 05/22/2010 04:59 PM, andreash wrote: Hi, thanks for your input. I had already thought about that, but initially wanted to be able to set the ip addresses using puppet. Or is that a bad idea? Hi, you should probably use DHCP static leases, but in situations where you can't, it is possible to create a define that uses an ERB template so you can config network interfaces from inside puppet. I do this right now with Ubuntu, though I think it would be even easier on RHEL/CentOS. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en. Yes, you keep the dhcpd.conf in puppet and serve it out via source or as a template via content in a file resource, then notify a dhcpd service definition. The dhcpd.conf is pretty much part of the bootstrap phase, so I don't think you'd want to rely on a stored config export/collect setup to build the file. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Toplevel domain and facter
On 05/25/2010 05:29 PM, Klaus Ethgen wrote: Hello, I was stumbling over the fact that I use a (not existing) toplevel domain in my environment. So I set up the dnsdomainname to print out the correct domain (without fullstop ('.')). Additional I limited the search path in resolv.conf to end with a '.'. That seems to tangle facter. As I read the code it needs a '.' anywhere in domainname to work and the fallback to parse /etc/resolv.conf cannot handle trailing '.'. The last is easy to handle by $1.sub(/\.$/, '') but the first I do not know how to handle correctly for every case (At least on debian there seems to be '(none)' if it is not defined correctly.) Could that go into upstream code respective how to fix the first case proper? Regards Klaus Ethgen Did you file a bug? -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Best-practice way of handling IP addresses
On 05/22/2010 04:59 PM, andreash wrote: Hi, thanks for your input. I had already thought about that, but initially wanted to be able to set the ip addresses using puppet. Or is that a bad idea? Hi, you should probably use DHCP static leases, but in situations where you can't, it is possible to create a define that uses an ERB template so you can config network interfaces from inside puppet. I do this right now with Ubuntu, though I think it would be even easier on RHEL/CentOS. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Issue with naginator and elusive nagios cfg file corruption (#3712)
On 05/03/2010 03:33 PM, Joe McDonagh wrote: Hello, I have run into a data corruption problem with naginator that is fairly difficult for me to track down. Hand-written configurations do not suffer from this fate. This was present in .24.8, and still present in .25.4. I'd love to complete this automatic nagios project, if anyone has some ideas on narrowing down the source after reading the bug report (http://projects.reductivelabs.com/issues/3712) please let me know. If anyone was wondering, I traced this back to a custom-compiled nagios package. It must have been compiled against a buggy library or something; the official canonical nagios3 package for 10.04 LTS seems to have rectified the issue. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Want to talk at the USENIX Configuration Workshop (Boston, Thursday, June 24)
On 05/14/2010 01:21 PM, Michael DeHaan wrote: The afternoon during the USENIX Configuration Management workshop is going to be for set user talks + a barcamp format. Currently the organizers are looking for folks to do some user topics, such as How I used X to do Foo, or Automating a Blarg or ... maybe you've got something more exciting :) If you were planning on going and interested, let me know, and I'll hook you up with the organizers. (Note: we'll also be presenting at Red Hat Summit on Wednesday -- so I hope to see lots of Puppet people in Boston, one way or the other!) http://www.usenix.org/event/config10/ --Michael How long are the time-slots? -- -- Joe McDonagh Operations Engineer AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] multiple OS support conventions?
On 05/11/2010 05:45 AM, Dick Davies wrote: I've been using Puppet very happily for the last 6 months or so to manage our CentOS and RHEL servers. Over the summer I want to knock things up a notchbam /, and part of that is going to be supporting a wider range of OSes. First on the hit list are likely to be Solaris 10 and Suse (SLES). I know a lot of people do support multiple OSes, just wondered what sort of approach you've found works best? Of course at the end of the day it's a question of 'case $operatingsystem' statements, but I wondered whether you create a dedicated 'os' module, or whether you structure each module in a standard way, or something else. Thanks for any pointers. Generally if the changes are really profound, I will split a module into os-specific classes inside init.pp using an operatingsystem case statement. If the changes are small I will use selectors in the resources. I also set a bunch of resource defaults in site.pp to make multi-os modules more readable. An example is OpenBSD; there is no root group, so I do this: File { backup = main, ensure = present, group = $kernel ? { Linux = root, OpenBSD = wheel }, owner = root } -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] multiple OS support conventions?
On 05/11/2010 05:45 AM, Dick Davies wrote: I've been using Puppet very happily for the last 6 months or so to manage our CentOS and RHEL servers. Over the summer I want to knock things up a notchbam /, and part of that is going to be supporting a wider range of OSes. First on the hit list are likely to be Solaris 10 and Suse (SLES). I know a lot of people do support multiple OSes, just wondered what sort of approach you've found works best? Of course at the end of the day it's a question of 'case $operatingsystem' statements, but I wondered whether you create a dedicated 'os' module, or whether you structure each module in a standard way, or something else. Thanks for any pointers. I forgot to add- the splitting inside init.pp allows for generic includes- like you just say include common, and it gets the os-specific class such as common::solaris through black magic. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Have I found a bug with variables in nodes?
On 05/11/2010 02:11 AM, Brian Gallew wrote: (vastly trimmed code) /manifests/site.pp:/ import base /module/base/manifests/init.pp/: import baselines/*.pp import infrastructures/*.pp import nodes.pp /nodes.pp: /node 'pslave1' inherits rnc { notice($my_puppet_master) } /infrastructures/geographical.pp:/ node rnc inherits basenode { $my_puppet_server = puppetmaster } And after all the, the notice emitted is empty. My understanding is that node inheritance should bring $my_puppet_master into the scope of node pslave1, so the notice should ahve the right value. I'm reasonably sure this worked correctly under Puppet 0.24.mumble, but the new 0.25.4 instance I'm working is seems to behave differently. Should I file a bug report on this? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. This never worked, check out http://projects.puppetlabs.com/projects/puppet/wiki/Frequently_Asked_Questions in the Common Misconceptions area. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Issue with naginator and elusive nagios cfg file corruption (#3712)
On 05/04/2010 04:38 PM, Joe McDonagh wrote: On 05/04/2010 03:00 PM, David Schmitt wrote: Am 03.05.2010 21:33, schrieb Joe McDonagh: Hello, I have run into a data corruption problem with naginator that is fairly difficult for me to track down. Hand-written configurations do not suffer from this fate. This was present in .24.8, and still present in .25.4. I'd love to complete this automatic nagios project, if anyone has some ideas on narrowing down the source after reading the bug report (http://projects.reductivelabs.com/issues/3712) please let me know. David, just wanna say thanks for responding to this as it's driving me absolutely insane and causing a project I want to end to linger forever. You can try using a hex editor or similar to see what the actual corruption is. David, I tried this and got absolutely nowhere. I'm willing to believe I am doing something wrong when analyzing the data, but the tests I've tried which I think will narrow down the corruption actually make it more difficult to diagnose. For example, if apt-proxys.cfg was having the problem, and i renamed the hostgroup to , it would then claim the error was in the next alphabetical hostname, say domino-servers, until i get past a few and it runs. Also, can you post a minimal configuration example that causes the problem? Here's the error: Error: Host ' ' specified in host group 'ad-servers' is not defined anywhere! Here's the .cfg file: # HEADER: This file was autogenerated at Mon May 03 13:59:19 -0400 2010 # HEADER: by puppet. While it can still be managed manually, it # HEADER: is definitely not recommended. define hostgroup { hostgroup_name ad-servers alias Active Directory Servers } Here is a hex dump 000 2023 4548 4441 5245 203a 6854 7369 6620 020 6c69 2065 6177 2073 7561 6f74 6567 656e 040 6172 6574 2064 7461 4d20 6e6f 4d20 7961 060 3020 2033 3331 353a 3a39 3931 2d20 3430 100 3030 3220 3130 0a30 2023 4548 4441 5245 120 203a 7962 7020 7075 6570 2e74 2020 6857 140 6c69 2065 7469 6320 6e61 7320 6974 6c6c 160 6220 2065 616d 616e 6567 2064 616d 756e 200 6c61 796c 202c 7469 230a 4820 4145 4544 220 3a52 6920 2073 6564 6966 696e 6574 796c 240 6e20 746f 7220 6365 6d6f 656d 646e 6465 260 0a2e 6564 6966 656e 6820 736f 6774 6f72 300 7075 7b20 090a 6f68 7473 7267 756f 5f70 320 616e 656d 2020 2020 2020 2020 2020 2020 340 2020 2020 6120 2d64 6573 7672 7265 0a73 360 6109 696c 7361 2020 2020 2020 2020 2020 400 2020 2020 2020 2020 2020 2020 2020 2020 420 6341 6974 6576 4420 7269 6365 6f74 7972 440 5320 7265 6576 7372 7d0a 000a 453 Now I change the file to this: # HEADER: This file was autogenerated at Mon May 03 13:59:19 -0400 2010 # HEADER: by puppet. While it can still be managed manually, it # HEADER: is definitely not recommended. define hostgroup { hostgroup_name ZZ alias Active Directory Servers } And I get this: Error: Host ' ' specified in host group 'ZZ' is not defined anywhere! It indicates to me that the file is fucked somehow. This is written out from an exported and collected resource. Is it possible database encoding comes into play here? From where have you installed puppet? Packages, source? Can you confirm that the installation is pristine? I make my own packages but they are basically just dsc's from ftp.ubuntu.org that I build for 8.04 LTS since the 8.04 LTS package is so old. They are installed via apt. Are you using storeconfigs? Is there maybe something wrong in the database? That's what I am wondering but I don't know what to look for. Things look fine. The file itself, looks fine. There's corruption at the byte level that isn't apparent to the human eye. Any idea what to check in the DB? I've used the nagios types from 0.25.4 today and they worked flawlessly. I know, I think I may have even taken some inspiration from your modules. Best regards, David Anybody else care to chime in on this issue? Any mysql gurus? -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] custom facts run three times?
On 05/06/2010 11:37 AM, Michael DeHaan wrote: On Mon, May 3, 2010 at 4:32 PM, Marcus, Allan Bal...@lanl.gov wrote: I put a puts running my fact into a custom fact. Then I run puppetd from a client in debug mode. I see the running my fact three times. Does this mean that the custome fact code is executing three times on the client every time? Hmm, that wouldn't be good. First question -- what versions of Puppet and facter? Secondly, can you share your fact code with us? (a gist on github.com perhaps, or just paste it if it's small?) --Michael I have this similar issue- I notice the loading facts in message twice when running puppet. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Issue with naginator and elusive nagios cfg file corruption (#3712)
On 05/04/2010 03:00 PM, David Schmitt wrote: Am 03.05.2010 21:33, schrieb Joe McDonagh: Hello, I have run into a data corruption problem with naginator that is fairly difficult for me to track down. Hand-written configurations do not suffer from this fate. This was present in .24.8, and still present in .25.4. I'd love to complete this automatic nagios project, if anyone has some ideas on narrowing down the source after reading the bug report (http://projects.reductivelabs.com/issues/3712) please let me know. David, just wanna say thanks for responding to this as it's driving me absolutely insane and causing a project I want to end to linger forever. You can try using a hex editor or similar to see what the actual corruption is. David, I tried this and got absolutely nowhere. I'm willing to believe I am doing something wrong when analyzing the data, but the tests I've tried which I think will narrow down the corruption actually make it more difficult to diagnose. For example, if apt-proxys.cfg was having the problem, and i renamed the hostgroup to , it would then claim the error was in the next alphabetical hostname, say domino-servers, until i get past a few and it runs. Also, can you post a minimal configuration example that causes the problem? Here's the error: Error: Host ' ' specified in host group 'ad-servers' is not defined anywhere! Here's the .cfg file: # HEADER: This file was autogenerated at Mon May 03 13:59:19 -0400 2010 # HEADER: by puppet. While it can still be managed manually, it # HEADER: is definitely not recommended. define hostgroup { hostgroup_name ad-servers alias Active Directory Servers } Here is a hex dump 000 2023 4548 4441 5245 203a 6854 7369 6620 020 6c69 2065 6177 2073 7561 6f74 6567 656e 040 6172 6574 2064 7461 4d20 6e6f 4d20 7961 060 3020 2033 3331 353a 3a39 3931 2d20 3430 100 3030 3220 3130 0a30 2023 4548 4441 5245 120 203a 7962 7020 7075 6570 2e74 2020 6857 140 6c69 2065 7469 6320 6e61 7320 6974 6c6c 160 6220 2065 616d 616e 6567 2064 616d 756e 200 6c61 796c 202c 7469 230a 4820 4145 4544 220 3a52 6920 2073 6564 6966 696e 6574 796c 240 6e20 746f 7220 6365 6d6f 656d 646e 6465 260 0a2e 6564 6966 656e 6820 736f 6774 6f72 300 7075 7b20 090a 6f68 7473 7267 756f 5f70 320 616e 656d 2020 2020 2020 2020 2020 2020 340 2020 2020 6120 2d64 6573 7672 7265 0a73 360 6109 696c 7361 2020 2020 2020 2020 2020 400 2020 2020 2020 2020 2020 2020 2020 2020 420 6341 6974 6576 4420 7269 6365 6f74 7972 440 5320 7265 6576 7372 7d0a 000a 453 Now I change the file to this: # HEADER: This file was autogenerated at Mon May 03 13:59:19 -0400 2010 # HEADER: by puppet. While it can still be managed manually, it # HEADER: is definitely not recommended. define hostgroup { hostgroup_name ZZ alias Active Directory Servers } And I get this: Error: Host ' ' specified in host group 'ZZ' is not defined anywhere! It indicates to me that the file is fucked somehow. This is written out from an exported and collected resource. Is it possible database encoding comes into play here? From where have you installed puppet? Packages, source? Can you confirm that the installation is pristine? I make my own packages but they are basically just dsc's from ftp.ubuntu.org that I build for 8.04 LTS since the 8.04 LTS package is so old. They are installed via apt. Are you using storeconfigs? Is there maybe something wrong in the database? That's what I am wondering but I don't know what to look for. Things look fine. The file itself, looks fine. There's corruption at the byte level that isn't apparent to the human eye. Any idea what to check in the DB? I've used the nagios types from 0.25.4 today and they worked flawlessly. I know, I think I may have even taken some inspiration from your modules. Best regards, David -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Issue with naginator and elusive nagios cfg file corruption (#3712)
Hello, I have run into a data corruption problem with naginator that is fairly difficult for me to track down. Hand-written configurations do not suffer from this fate. This was present in .24.8, and still present in .25.4. I'd love to complete this automatic nagios project, if anyone has some ideas on narrowing down the source after reading the bug report (http://projects.reductivelabs.com/issues/3712) please let me know. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Is this an intermediate / advanced puppet users list??
Gabriel - IP Guys wrote: Dear Guys (and girls and autobots), I look at the issues that some people have on this list, and I am genuinely embarrassed to post my issues! I'm only trying to write some simple recipies, that do things like install basic software and such, but some of the code snippets posted, do not seem for the new guy. Is there another resource that I've missed that allow a guy like me get up to speed with puppet, before posting to groups like this? I have never encountered anybody in this community who was anything but helpful, even when I was a puppet newb. If you've looked at a beginner tutorial and have a question, just post it. Or like someone else said the IRC channel is usually pretty helpful too. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Grouping user and ssh_authorized_key in one virtual class.
Dax wrote: Hi all Word of warning. Puppet newbie. I have tried something similar to this for trying out user management. http://serverfault.com/questions/58790/how-can-i-have-puppet-deploy-ssh-keys-for-virtual-users This works, but not the way I really wanted. I would like to realize a user and the have a type of group or class the will 1. create the user, 2 add the public key, 3 set files for user environment. The way I did it was to realize the user, then realize the sshkey and then realize something else. I just want a nice package where I can say: class user::ops inherits user::virtual { realize( User[bill], User[richard], ) } class user::overlords inherits user::virtual { realize( User[linus], User[richard], ) } And it will do all of the above in one realize. Is it possible to make a class virtual and have one for each user? Thanx a mil Dax I do this with a definition, and yes you can have more than one ssh key per user, as the authorized key type supports that, you would just need to require the user also if you add any keys. If you'd like to see the code ping me on irc (joe-mac) at some point this week and I will sanitize and pastie it. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Why we wont use zpool ever again
Peter Meier wrote: Hi But we won't use the zpool type ever again. Its just not worth it. Here's what happened: . one of our servers lost knowledge about one of its zfs pools . puppet didn't find the pool and .. went on to zpool create it . we did indeed have a backup, but would have lost all data if not Creating zpools is a manual thing in every case, since one has to know the devices participating. The names of which tend to be a little bit different from one server to the next. Add that to the possibility of major data loss (like we just experienced) and get a negative yield for the 'zpool' type. there was recently a similar discussion about that with the new available fs and lvm type on the puppet-dev list. these are indeed very dangerous operations, where it should somehow be possible to lock them. the problem is clearly that if puppet fails to determine the correct state it tries to transfer into the right state, which might have (obviously) - ehhh - nasty side-effects on such operations. maybe you can catch that discussion up and give your thoughts about it how puppet should behave and how it would be possible to lock such operations. cheers pete I see this as being distinctly part of the provisioning portion of a server life-cycle. I haven't looked at the discussion on -dev, but i'm not sure these types really belong in core puppet. They're not unix-agnostic resources for one (has that fundamental bit of philosophy changed?), and they're unlikely to change in a way that you want puppet to 'correct'. That being said, some people have 'bootstrap' envs, which would be a better place to have these destructive resources than in your production environment. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Why we wont use zpool ever again
Kaspar Schiess wrote: Hi everyone, Just wanted to tell you a little story. We've been enthusiastic puppet users since about a year ago here at the Geographic Institute of the University of Zürich. But we won't use the zpool type ever again. Its just not worth it. Here's what happened: . one of our servers lost knowledge about one of its zfs pools . puppet didn't find the pool and .. went on to zpool create it . we did indeed have a backup, but would have lost all data if not Creating zpools is a manual thing in every case, since one has to know the devices participating. The names of which tend to be a little bit different from one server to the next. Add that to the possibility of major data loss (like we just experienced) and get a negative yield for the 'zpool' type. Hoping to inspire a few.. kaspar Thunderbird and/or GMail just flaked so apologies if this is sent twice: I see this as being distinctly part of the provisioning portion of a server life-cycle. I haven't looked at the discussion on -dev, but i'm not sure these types really belong in core puppet. They're not unix-agnostic resources for one (has that fundamental bit of philosophy changed?), and they're unlikely to change in a way that you want puppet to 'correct'. That being said, some people have 'bootstrap' envs, which would be a better place to have these destructive resources than in your production environment. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Best practises for managing secret keys with puppet?
Daniel Pittman wrote: G'day. Hey Daniel, your puppet SSL keys can be used for other services as well. I successfully used them as authentication for Splunk's SSL receiver when I was piloting the software. IDK if this helps you, but I feel like this tidbit may get overlooked sometimes. How do you currently manage your puppet keys? -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Using Puppet for application deployment
David Schmitt wrote: Which leads me to another idea: inter-node dependencies: | node a { mysql_db { foo: ... } } | | node b { app { x: after = AMysql_db[foo]; } } David, are you suggesting this, or are you saying that this works? -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Using Puppet for application deployment
David Schmitt wrote: [crossposting to puppet-dev, please trim follow-ups appropriately] On 3/16/2010 11:52 AM, Jesús Couto wrote: On Mon, Mar 15, 2010 at 3:18 PM, Michael DeHaan mich...@reductivelabs.com mailto:mich...@reductivelabs.com wrote: that are very much procedural while Puppet manifest are more useful on a description of required software level. Sort of. The long story is that we don't have a really native feeling way to model multinode deployments and workflow now, but we can think of modeling it based on a set of checkpoint conditions. On a complete pipe-dream, I'm not the one with the skills to do this comment, I think it would be great to extend the Puppet language toward site configurations. As exported resources, but more. If you could define, say, an application resource that is not on a node but on several nodes, that would model the application - this app is this and this running on those 2 servers who are on loadbalancing and this and that on those other 2, and the parts on the webservers requires the parts on the appservers that requires the parts on the database servers...dont know at what level could it be modeled to be flexible enough and not one size deploy model for all, but the idea would be to make it like Puppet goes from let me script this to let me describe how it should be, with you describing your application structucture and relationships and such. If you want to prototype something like this, you can use a define outside of a node in the site.pp and use checks against $fqdn to distribute resources among hosts. Maybe even use the external_resource type that's currently floating around to sequence the deployment. Which leads me to another idea: inter-node dependencies: | node a { mysql_db { foo: ... } } | | node b { app { x: after = AMysql_db[foo]; } } (please ignore the crude syntax) Best Regards, David I don't immediately see it in my dev list, but I'll take your word for it. I am with you on the inter-node dependencies. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Using Puppet for application deployment
Michael DeHaan wrote: On Mon, Mar 8, 2010 at 9:46 AM, Julian Simpson simpsonjul...@gmail.com wrote: Given that there are so many ways to skin the same cat, I'm wondering how others are doing their application deployments using Puppet. Or, if you are using Puppet but do your app deployments via some other mechanism, how do you do it, and why aren't you using Puppet to do it? Pete I use capistrano for application deployment. I've managed to use both Puppet and Capistrano for deployment: Cap for the business code, and Puppet to ensure that dependencies are met. Puppet was called from Capistrano. J. Can you share some examples of where your dividing line is and some of the tasks that are hard to handle in Puppet today? Ideally I'd like to figure out how to incorporate more of that into puppet-core.Bruce has been working on a version control type, that could be used to check sources out of version control and eliminate some packaging needs for hosted apps, though I'm curious as to what other niches might not be covered. --Michael Example of what puppet can do best: Configure a system with apache2, a basic security configuration, some enabled modules, a bunch of packages admins expect to have available (screen, irb, etc). Example of what capistrano can do best: A. Deploy your puppet manifests to your puppet server. B. Deploy your web content out of svn onto your web server. They're two distinct areas of 'deployment'. Puppet is more like, systems deployment, cap is app or content deployment in my eyes. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Using Puppet for application deployment
Michael DeHaan wrote: On Mon, Mar 8, 2010 at 9:46 AM, Julian Simpson simpsonjul...@gmail.com wrote: Given that there are so many ways to skin the same cat, I'm wondering how others are doing their application deployments using Puppet. Or, if you are using Puppet but do your app deployments via some other mechanism, how do you do it, and why aren't you using Puppet to do it? Pete I use capistrano for application deployment. I've managed to use both Puppet and Capistrano for deployment: Cap for the business code, and Puppet to ensure that dependencies are met. Puppet was called from Capistrano. J. Can you share some examples of where your dividing line is and some of the tasks that are hard to handle in Puppet today? Ideally I'd like to figure out how to incorporate more of that into puppet-core.Bruce has been working on a version control type, that could be used to check sources out of version control and eliminate some packaging needs for hosted apps, though I'm curious as to what other niches might not be covered. --Michael Sorry for double e-mails and slightly OT, but cap is also kung-fu ninja awesome at ad-hoc command execution across multiple hosts. (Like your func). Except I think func may scale to a lot more hosts since the ssh-agent isn't so good at a lot of parallel connections. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Using Puppet for application deployment
Pete Emerson wrote: I'm using puppet to deploy new versions of our application to our server instances. I do this by having a custom puppet node classifier that talks to a database that defines what version of an application is supposed to be on a particular node: parameters: application: webapp, webapp_version: 0.5, webapp_config: 123, webapp_symlink: 0.4 My puppet recipe then makes sure that webapp version 0.5 is installed (via yum and rpms), makes sure the right versioned configuration files are in place, and makes sure that the current symlink points at 0.4 so that we can roll to a different version by flipping a symlink. The puppet recipe has a lot of requires to make sure that the upgrade of the application is graceful and does things in the right order. My upgrade then goes like this, all controlled via a custom web interface: 1) Insert a jobgroup for the upgrade and a job for each server instance into a db 2) A job processor then takes the first group of machines to upgrade, changes their webapp version to the new version, and runs puppet on them 3) Lather, rinse, repeat step 2 until complete (roll the application out to prevent downtime), although if there is a puppet failure, all pending jobs get cancelled. Given that there are so many ways to skin the same cat, I'm wondering how others are doing their application deployments using Puppet. Or, if you are using Puppet but do your app deployments via some other mechanism, how do you do it, and why aren't you using Puppet to do it? Pete I use capistrano for application deployment. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] syntax
Len Rugen wrote: Thanks! That one works with only a warning: warning: parenthesize argument(s) for future version but I can't figure out where it would like parens. This is the problem with web/wiki doc, you never know if it's REALLY right. I couldn't get any regex option working in a template either, but then, I don't know regex. That (regex in a template) is a function of ruby, and probably a slight syntactic issue, like putting the tilde on the wrong side of the equals sign, forgetting to encapsulate your regex in //, etc. It seems I'm presented with 2-3 new things a week that I'm supposed to fully understand and know the syntax in full detail. It's not going to happen If you're in the infrastructure business, sounds like par for the course. This is why we make the big bucks. As far as the docs go, you may just be on an older version of puppet. Running 'puppetdoc' with no arguments will spit out docs for the running version on your system. Now back to something called maven.. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Explicitly set $servername?
Tim wrote: Hiya, Having a bit of a problem with a new puppet installation that I believe is DNS related and I was hoping someone could assist with. My puppetmaster server has two interfaces.. One sits on a management network while one points to the outside world. Both interfaces have a FQDN (hostname.mydomain.com and hostname.internal.mydomain.com).. everything seemed to be going fine. I'm using bindaddress to force Puppet just to listen on my preferred interface (internal).. but it's still opting to use the hostname.mydomain.com fqdn rather than the hostname.internal.mydomain.com fqdn for its $servername. This seems to be causing problems for the fileserver so I was wondering if there is a way I can force Puppet to use 'hostname.internal.mydomain.com' rather than the other one? Cheers! Set certname to the FQDN you want in puppet.conf. Does that help? -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Nagios based on David Schmitt's Complete Config : variables are empty
gehel wrote: Hello ! I'm trying to implement a Nagios solution based on David Schmitt's Complete Config. But I the following error when running puppetd -t - v : notice: Starting catalog run err: //Node[monitoring]/nagios::target/Nagios::Host[]/File[/conf.d/ _host.cfg]/ensure: change from absent to present failed: Could not set present on ensure: No such file or directory - /conf.d/ _host.cfg.puppettmp at /etc/puppet/modules/nagios/manifests/init.pp:40 notice: Finished catalog run in 3.91 seconds As far as I understand, the problem comes from : define host($ip= $fqdn, $short_alias = $fqdn) { @@file { ${nagios_cfgdir}/conf.d/${name}_host.cfg: ensure = present, content = template( nagios/host.erb ), mode = 644, owner = root, group = root, tag = 'nagios', } } When this definition is run, it seems that ${nagios_cfgdir} and $ {name} are undefined. I am probably missing something quite simple, but I cant put my finger on it ... Any help ? My Nagios class is as follow : class nagios { $nagios_cfgdir = '/etc/nagios3' include apache package { nagios3 : alias = 'nagios', ensure = latest; [ 'nagios3-common', 'nagios-plugins-basic' ]: ensure = installed, before = Package['nagios']; } service { 'nagios3': alias = 'nagios', ensure = running, hasstatus = true, hasrestart = true, } file { $nagios_cfgdir/htpasswd.users: content = admin:QqtpoTN5OGzmA, mode = 0640, owner = root, group = www-data, } File | tag == 'nagios' | define host($ip= $fqdn, $short_alias = $fqdn) { @@file { ${nagios_cfgdir}/conf.d/${name}_host.cfg: ensure = present, content = template( nagios/host.erb ), mode = 644, owner = root, group = root, tag = 'nagios', } } class target { debug ( $fqdn has $nagios_parent as parent ) nagios::host { $fqdn: } } } And my nodes.pp : node 'monitoring' inherits basenode { include apache include nagios $nagios_parent = generic-host include nagios::target } Thanks a lot ! Guillaume Unfortunately, the variable is out of scope. I ran into this problem too and sadly ended up hard coding the value all over the place because it would have been difficult to set it in one proper spot, short of site.pp. Which I may end up doing, since I hate repeating myself. That project got put on the back burner but I will be re visiting fairly soon. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Y[es] on Upgrade whith puppet
Ghislain Mokolomboka wrote: 2. Question: How can I do to tell [Y] to puppet-master or to the puppet-client to install these packages. Thx for your help! Ghislain. * I use apt-get, but I also need (in addition to -y) --force-yes -o Dpkg::Options::=--force-confold. I forget exactly why but I know I ran into something that bit me in the ass so I added those options. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Finding the source of errors
Paul Lathrop wrote: Hello, How are people locating the host that is having problems? Is everyone getting reports via email? I'm only using store, log and unfortunately the log messages don't identify the source host (I haven't investigated the stored reports yet). Curious how others are solving this problem. --Paul I use tagmail's err tag. It's fairly new (the built-in err tag) as in late .24.x series. Beware an error in some common or base class that is across all nodes may pwn your e-mail address, or your group's mailing list whichever it is. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Augeas pam.d argument checking
David Lutterkort wrote: On Sun, 2010-02-21 at 15:06 -0500, Joe McDonagh wrote: I have not thought about using augeas because last time I tried to build it for our standard OS (Ubuntu 8.04) IIRC it needed a newer version of glibc. I haven't seen that problem - but if you run into it again, I'd very much appreciate any build logs you have (compiler output etc.) I try very hard to make Augeas only rely on a very minimalistic C library (it builds on AIX ;) David Since someone else said they built it on 8.04 I might have just gotten distracted by something else. And I didn't even get the day off I was counting on to get something done... -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Augeas pam.d argument checking
David Lutterkort wrote: On Thu, 2010-02-18 at 18:33 -0500, Joe McDonagh wrote: I created a ticket about a pam type nearly a year ago and hopefully I can have a working type with the parsedfile provider sometime within the next week (I should have a real-live day off Friday). I did do some planning for type features while on a plane ride but ended up falling asleep... so that's as far as I am right now. I'll post to the list once I have something that resembles a working pam type. Have you thought about doing this based on Augeas rather than ParsedFile ? Depending on what exactly you want your type to do, you might even be able to write it as a 'define' in puppet, rather than having to drop to Ruby. If the logic in your type is complex enough, though, and you have to write it in Ruby, you can still use Augeas to access, query and modify the pam entries. David I have not thought about using augeas because last time I tried to build it for our standard OS (Ubuntu 8.04) IIRC it needed a newer version of glibc. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Augeas pam.d argument checking
seph wrote: Joe McDonagh joseph.e.mcdon...@gmail.com writes: I have not thought about using augeas because last time I tried to build it for our standard OS (Ubuntu 8.04) IIRC it needed a newer version of glibc. I didn't have any trouble building the current ubuntu augeas packages for 8.04. I followed the pretty normal dpkg build process for it. (apt-get source; apt-get build-dep; debuild) No glibc weirdness. seph That's weird, maybe I ran into something else or just flat out got distracted/pulled in another direction. I was thinking it might be useful for this type to have both a parsedfile and augeas provider. What do you guys think? And yes I do usually use definitions for stuff like this, but I just feel like puppet should have some security types, and IIRC the solaris ones don't differ much from the linux ones so it's partly a unix-agnostic type. Anybody else have more input on that last statement? -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Augeas pam.d argument checking
Nigel Kersten wrote: On Sun, Feb 21, 2010 at 6:43 PM, Joe McDonagh joseph.e.mcdon...@gmail.com wrote: seph wrote: Joe McDonagh joseph.e.mcdon...@gmail.com writes: I have not thought about using augeas because last time I tried to build it for our standard OS (Ubuntu 8.04) IIRC it needed a newer version of glibc. I didn't have any trouble building the current ubuntu augeas packages for 8.04. I followed the pretty normal dpkg build process for it. (apt-get source; apt-get build-dep; debuild) No glibc weirdness. seph That's weird, maybe I ran into something else or just flat out got distracted/pulled in another direction. I was thinking it might be useful for this type to have both a parsedfile and augeas provider. What do you guys think? And yes I do usually use definitions for stuff like this, but I just feel like puppet should have some security types, and IIRC the solaris ones don't differ much from the linux ones so it's partly a unix-agnostic type. Anybody else have more input on that last statement? add OS X to the Solaris/Linux PAM mix too? :) OS X 10.6 in particular makes PAM a lot more useful and authoritative. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. It's good to hear that from you- I wasn't completely sure they had a PAM implementation, cause for instance OpenBSD doesn't (which is the BSD I currently use the most these days). -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Cascaded conditionals possible ?
Marcello de Sousa wrote: I've been trying to use a resolv_conf recipe to setup the DNS servers based on $domain and $location (a custom fact). So I cascade the 2 conditionals, but it's not working. Is it supposed to work ? Or should I look for an alternative ? -- resolv_conf { location_based_resolv: domainname = $domain, searchpath = [$domain], # Here is the cascaded conditional. If I'm in domain1 I want to test 3 different locations. nameservers = $domain ? { domain1.local = $location ? { Default-First-Site-Name = ['10.2.38.10','10.128.38.21'], HeadOffice = ['10.128.36.20','10.128.36.11'], default = ['10.128.36.10','10.2.36.21'], } domain2.local = ['10.128.36.20','10.128.36.10'], default = ['10.128.36.10','10.2.36.20'], } } -- ## If I test only one level it works: #nameservers = $location ? { # Default-First-Site-Name = ['10.2.38.10','10.128.38.21'], # HeadOffice = ['10.128.36.20','10.128.36.11'], # default = ['10.128.36.10','10.2.36.21'], # } -- Am I missing something ? Or should I do it differently ? Cheers, Marcello The goggles! They do *nothing*! Please check out RI Pienaar's extlookup utility over at devco.net. This can be shortened to have no conditionals and the data can be grabbed via location-specific csv files. It's also worth mentioning that any language features can be tested by writing a .pp file and running: puppet --parseonly whatever.pp -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] satellite sites management
right now kicks a lot of ass. RL can do what they want obviously, but they should look at this tool. Mike, have you checked this tool out? You should if you haven't had the chance yet. It's just a custom parser function, two lines in your site.pp and a master restart. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Port 8139 needs to be open between machine running puppetrun and a client puppetd machine, correct?
options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com mailto:puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com mailto:puppet-users%2bunsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com mailto:puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com mailto:puppet-users%2bunsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Nothing comes easy that is done well. -Harry F. Banks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. Does netstat -tnlp show puppetd listening on port 8139? -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] vmwaretools
Marc Fournier wrote: should be without asking. When I run it in the bash It ends in a minute, without asking any thing. Ok, I suppose this is the part where it compiles a kernel module, which can indeed take a while. You have a timeout parameter which can be used in this case: exec { /usr/bin/vmware-config-tools.pl -d: timeout = -1 } I found only this bug (http://photographersofficeonline.com/issues/910), but it's old one and is closed (solved?). I wonder why redmine is suddenly reachable through photographersofficeonline.com ? Is this new ? It seems like an error. Marc Wow I never knew about this option to vmware tools, thanks. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] satellite sites management
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nat wrote: Hi, We have got puppet set up and running at our main office with no issues. We are using an external node classifier instead of directly creating node definition files. We would like to manage our remote offices using puppet also. A little about our set up. From our main site we have VPN links out to a remote site. each site is generally identical with the same number of servers and roughly the same services running on each server. Essentially the only differences at each remote site the subnet and related IP addresses. Since we are using an external node classifier we do not explicitly have node definition so we can not inherit a class and override a default value. Is there a way to do this using node classifiers? An example will probably show this better Site1: + location UK + subnet 192.168.1.0/24 + gateway 192.168.1.254 (acts also as nameserver and local dns etc for all servers at site 1, for example ntp will use the closest time source geographically) + sever1 ip - 192.168.1.1 gateway of 192.168.1.254 + sever2 ip - 192.168.1.2 gateway of 192.168.1.254 Site 2: + location US + subnet 192.168.2.0/24 + gateway 192.168.2.254 (acts also as nameserver and local dns etc for all servers at site 2, for example ntp will use the closest time source geographically) + sever1 ip - 192.168.2.1 gateway of 192.168.2.254 + sever2 ip - 192.168.2.2 gateway of 192.168.2.254 As you can see most details are identical between sites except for a few network and geographical differences. Has there been any consensus within the community on the best way to manage situations like this? Well, I think a large portion of users have discovered that RI Pienaar's (Volcane on IRC) extlookup.rb add on is good for this sort of stuff. It's basically a function that looks up data in a csv file. So say your locations are domains like us.yourcompany.com. You can have a file called us.yourcompany.com.csv in a directory under /etc/puppet, or you set a location some other way you can have a us.csv file in the directory. I call my external lookup directory 'extdata', and it looks up in the order of something like fqdn, domain, location, common (if it fails to find one csv, it moves on to the next). Then inside your manifest you set variables like: $something = extlookup(something) It's really got so many uses I encourage you to use it. It was the only way I could solve a lot of puppet problems I ran into. Here is the page: http://www.devco.net/?s=extlookup - -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkt05q4ACgkQRkBieEaRmuZWDgCfdk89Fk1eyC9ichJIbjN9Jldj z1wAn0lUYhjxeqAinqjSZuS7MqkG+hnp =SZh3 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Storeconfigs connection pool problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel Kerwin wrote: Hi list, i just enabled storeconfigs and cannot use puppetrun on more than 5 hosts. When i try 6+ i get the error message: puppetmasterd[16209]: could not obtain a database connection within 5 seconds. The max pool size is currently 5; consider increasing it. My Mysql setup allows a lot more connections (500). Any suggestions? Thanks, Daniel Do you have the proper rubygem for mysql installed? I think on deb/ubuntu it's something like libmysql-ruby1.8. - -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkt05xoACgkQRkBieEaRmubRKACglFzvJCGtN1rChmbuZqfJKN7/ yYUAn1/KdvVfD8DURsk+lzc+/VAxb1fG =lPum -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Building a better puppetrun and related ideas
Michael DeHaan wrote: Additional ideas for stuff you would like to see? --Michael Please take out the 'feature' that you need LDAP hosts to run puppetrun on a wide scale. The utility becomes useless for a large portion of people. I searched the thread quickly and didn't see this mentioned... -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Building a better puppetrun and related ideas
Michael DeHaan wrote: Joe McDonagh wrote: Michael DeHaan wrote: Additional ideas for stuff you would like to see? --Michael Please take out the 'feature' that you need LDAP hosts to run puppetrun on a wide scale. The utility becomes useless for a large portion of people. I searched the thread quickly and didn't see this mentioned... I hadn't even thought of supporting LDAP, actually :) First data sources will be simple wildcards of the certs we have, second data source will be the dashboard DB (and anything else that follows this schema). LDAP would be a good patch for later, I'm guessing, but probably not something I'd do initially. --Michael It already does support LDAP. In fact if you try to use puppetrun -a it *requires* LDAP. That's my beef with it. Why can't it look at my nodes.pp and get all the nodes from there? -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Building a better puppetrun and related ideas
Michael DeHaan wrote: Joe McDonagh wrote: Michael DeHaan wrote: Joe McDonagh wrote: Michael DeHaan wrote: Additional ideas for stuff you would like to see? --Michael Please take out the 'feature' that you need LDAP hosts to run puppetrun on a wide scale. The utility becomes useless for a large portion of people. I searched the thread quickly and didn't see this mentioned... I hadn't even thought of supporting LDAP, actually :) First data sources will be simple wildcards of the certs we have, second data source will be the dashboard DB (and anything else that follows this schema). LDAP would be a good patch for later, I'm guessing, but probably not something I'd do initially. --Michael It already does support LDAP. In fact if you try to use puppetrun -a it *requires* LDAP. That's my beef with it. Why can't it look at my nodes.pp and get all the nodes from there? Yes, I'm aware. We may need to support that going forward for mantainability, I need to investigate but we definitely won't require LDAP. As for nodes.pp -- nodes.pp can contain regexen, IIRC.I suppose technically that might be possible, but short term, we probably won't do this. There's nothing saying we can't look at the list of certs, which is what Func did, but I also want it to be able to use extended metadata and info from the dashboard interface (or anything else that uses that schema). It may also be interesting to maintain an external json catalog of nodes and tags, TBD... I don't want to overdesign that bit too much up front -- YAGNI, and what all. (We also need a CLI for dashboard... so it's easy to add nodes and tag them here... we don't want people using the extended DB to have to click around a WebUI if they don't want to, and it would be helpful with batch population). --Michael Good point, your idea for list of certs is also valid, I am also down with metadata, I just think the tool right now is kinda useless. If this is improved I can ditch capistrano for scalable administration and leave it to deploys. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Join AD using Likewise
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Taylor wrote: Hi All, I'm reading the docs and various references available for Puppet but can't seem to find a better way of accomplishing my goal of binding my Linux Servers to Active Directory. (Please don't berate me for the premise.) Quick Background: I've become enamored with likewise-open as a method and tool for binding linux machines to AD. It's clean and simple. (http:// anothersysadmin.wordpress.com/2008/04/06/howto-active-directory- authentication-in-ubuntu-804/) But I can't get past the command line requirement and being forced to run an exec that stores a domain admin password in a text file. Here is my recipe so far: class likewise{ file { likewise-preseed: path = /var/cache/debconf/likewise.preseed owner = root, group = root, mode = 400, source = puppet:///likewise/likewise.preseed } package{ likewise-open: ensure = latest, responsefile = /var/cache/debconf/likewise.preseed, require = file[likewise-preseed] } exec{ domainjoin-cli join at.sfsu.edu svc_bind PASSWORD: path = [/usr/bin, /usr/sbin] } That recipe is obviously not complete, but I'm hung at the exec command. It doesn't seem right to me from a philosophical perspective. There should be a better way that doesn't require me to store a password in the recipe. Does anyone have a suggestion of a better way of doing this? I'm sure I'm missing something obvious. I did take a look at the NSSwitch LDAP recipe (http:// reductivelabs.com/trac/puppet/wiki/Recipes/LDAPClientNSSwitch) and that might accomplish the same goal but seems more complex and unnecessary when an elegant solution such as likewise-open exists. Thanks for your thoughts. You don't need to be a domain admin to bind to AD- so the answer is create an account that can only bind machines to AD. - -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAktzduoACgkQRkBieEaRmua1vgCeMQO+6uC2BrzFjms6VnMC8Tvr dE4AniEZFWvesG9p521OBY8BzOkDvNrJ =KO0b -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Living with Puppet...
R.I.Pienaar wrote: hello, - Michael DeHaan mich...@reductivelabs.com wrote: I've written an application, which aims to solve all of the missing peaces around puppet - http://theforeman.org Ohad, as you've said I've written an application, which aims to solve all of the missing peaces around puppet. Obviously you've done a lot of work here, but I need to communicate something from a community perspective -- the proper place to fix missing pieces in Puppet is by contributing to Puppet -- our vision is to have no such missing pieces. Hence things done outside of core tend to fragment the userbase and make things harder to install/use/manage/maintain. The future of this workflow tool is going to be Puppet's Dashboard. Where there are barriers to doing this, we will remove them. As a non affiliated community member who spend a lot of my time on Puppet I think this is a particularly unfriendly and in fact alarming statement for someone from RL to make. Though I have nowhere near the contributor-status that Nigel or R.I have, I basically agree with Michael here. Foreman is a great tool in wide-use as I understand it, but I'm not sure the best action for the future of both Foreman AND puppet is to continue development on two separate tracks. This could have possibly been better elucidated by Michael, but I don't think many of us are experts in communications. Let's not forget that Luke's original vision was to create a tool to bring us all together (hopefully that didn't sound too hippie like) because there was such a huge amount of fragmentation in the infrastructure management community. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Only send report email if resource failed during run
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ohad Levy wrote: Hi, Latest version of foreman (http://theforeman.org) supports this feature. cheers, Ohad On Tue, Feb 9, 2010 at 9:00 PM, symfrog wpdut...@gmail.com wrote: Hi I have configured puppet to send reports via email using tagsmail. The problem is that it sends all the log messages every run (without a metric summary), which is not so useful. Is it possible to only send a report with the metrics only if one or more resources failed? Thanks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. Puppet has supported an 'err' tag since like .24.6, however if your distro comes with something old, you may not have success trying to use this. - -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEUEARECAAYFAktyBF8ACgkQRkBieEaRmuY36ACeNRfJiTCyM4GNAyrbgQmUYLET yMMAlRPRBoCknJyi3rUxRJKomC4ghVE= =is5Z -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet 0.25.4 and Facter 1.5.7 debs available in debian unstable.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nigel Kersten wrote: packages.debian.org is lagging in terms of what it's showing, but $ rmadison -u debian {puppet,facter} | grep unstable puppet | 0.25.4-1 | unstable | source, all facter |1.5.7-1 | unstable | source, all they're both up there now. -- nigel What is rmadison??? - -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAktyBNsACgkQRkBieEaRmuZ+oACeLL1MQaet6adDl3PBXtusGvVV dPMAn3tPsihxfyB/lRrsXicu5Hh/PXs3 =cv6U -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Living with Puppet...
Jesús Couto wrote: Hi. As I think I mentioned (here or in IRC, dont know), I'm doing a kind of grant to investigate Puppet for my company. So far I've been learning the language and trying to model some of our infrastructure on a small test server I've set up. This is going fine, I'm learning a lot... but. This doesnt give me a picture of how is Puppet used on a real enviroment. So, I was kind of hoping if some sucessfull Puppet users on this list could have some time to chat about how they are using Puppet. How are your machines and services life-cycles managed - all with Puppet, from install to decommision? How do you deal with dynamic changes or process (been a theme of discussion lately here) and having Puppet enforcing a state? Do you work always inside Puppet or some task have you shut down it till you get it done correctly and then model it on Puppet? How many people work with your Puppet configuration and how do you manage access - basically how you use Puppet and distribute task to junior members or other teams or... Provisioning is sort of outside the scope of the server lifecycle that puppet manages. I use preseed to provision, lots of people use kickstart. From there, puppet takes over and brings it to state X. Dynamic changes in processes are rare and can either be handled outside of puppet or be dynamically generated in other ways such as database queries. In very rare cases, like troubleshooting problems, I will stop puppet and make certain changes, then restart puppet when I am done, however it will be brought back to state X. Any permanent changes to state *always* go in puppet for too many reasons to list here. Three people have access to make puppet changes, and this is all handled by subversion and one unix group. With subversion you can easily manage write access to less important modules with a unix group something like junior_admins to only edit a certain module, and possibly not even deploy- just commit. What kind of benefits have you got from using Puppet? What kind of drawbacks? Have any taks you tried it and decided it was not suited? Are you using tools like Capistrano/MCollective/Func/etc with Puppet? Why? How do you coordinate that? I don't think I would be able to do my job in a 40 hour work week without puppet. The only drawback is the slight overheard of writing a module to configure something new. I use capistrano to deploy the corporate website, to deploy openbsd configurations, and to deploy puppet. I also have a Capfile that loads up its roles from the puppet stored config db so that I can run arbitrary commands across nodes of a particular type/class. This is better suites to mcollective however because of all the ssh threading problems with capistrano (it's not very scalable.) ... yep, tons of things I know is generic stuff that is in part on the Who is using Puppet page, but I want to see if I can get some more detailed approximation of how do you live with Puppet as your system configuration management tool, instead of the common lets log in via SSH and do stuff admin model we all know by default. If you want to answer here for anybody to see, great, but I would really like to get in touch with, say, 2 or 3 advocates that could spend, say, 1 h or so, talking about how do they do their work with Puppet, so if you want to help, please send me a mail at this address. Most people will charge for that sort of thing but if you go on IRC and just chat you might find yourself in a better position. Best regards, -- Jesús Couto F. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Certificate BitRate
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hey Guys, I looked at one of my puppet certs while troubleshooting a problem getting Splunk to use them, and I discovered they look to be 1024 bits. Is there a way to change this to at the very least 2048 bits? I prefer 3072 or 4096, but if it's not an option maybe I should file a feature request. - -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAktvBhYACgkQRkBieEaRmuZDAQCdFK+vHGJBGwYS/wdrCvsLoXkk BqgAnihyTED3ft1hqxI1zcOmv5o53gOE =+LSj -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Certificate BitRate
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 James Turnbull wrote: On 8/02/10 5:27 AM, Joe McDonagh wrote: Hey Guys, I looked at one of my puppet certs while troubleshooting a problem getting Splunk to use them, and I discovered they look to be 1024 bits. Is there a way to change this to at the very least 2048 bits? I prefer 3072 or 4096, but if it's not an option maybe I should file a feature request. Joe Can you please log a feature request for it. I don't think it's rocket science to change but a) I've been wrong before and b) it'll need a little bit of testing. Cheers James Turnbull Will do James, thanks. - -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAktvRzIACgkQRkBieEaRmuaK5QCfdpI0bR7bXObsgpCf7chijWi+ 2dkAoIuzuc2mx8xlgf+viD63MwRutloN =kWUz -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] defining nagios hostgroupescalations
Matthew Delves wrote: Hey All, I'm looking for a way to get puppet to define nagios hostgroupescalations. Is this possible and if so, what is the syntax? Thanks, Matt Delves You would create a define, and then inside that define have a file resource that uses a template to create a nagios .cfg file. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Making the new users experience easier
Michael DeHaan wrote: Just one more email and I'll let you go for a few hours :) One of the things I like to see in apps is that they are immediately intuitive and easy to use for new users. I think Puppet is really good here, but there's opportunity to make everything better. We want everyone to love Puppet from their first few minutes using it, all the way through to datacenter nirvana. With Puppet, if you're just learning it, what were some of your stumbling blocks? If you are an existing user, think back to that time, or times when you were talking with new users? One of the ideas I had from cobbler was cobbler check which was a tool you could run to identify some of these problems. I'm not sure if it makes sense for Puppet, but it may do some things like say you appear to have DNS problems resolving this, you should try... and so forth. What else might there be? Obviously one of the things I'm going to be looking for are what questions keep coming up on IRC ... Are there mainly questions around puppetca? Should scaling be easier to set up out of the box and in the default configuration (right after RPM or deb install)? Are there easy additions or changes to the software we can make to make error messages clearer and self-resolving? Obvious things in the documentation/manpages we can clean up?(Aside: I think Puppet Dashboard has a LOT of opportunity to help with this too, so watch this space!) I'm going to be looking into this myself, but I'd love to hear from you. Any and all data is welcome. (If you'd prefer to reply personally or talk over IRC, that's fine too.) Thanks! --Michael Hey Mike, SSLSSLSSLSSLSSL... SSL, it 'makes my brain bleed' as plathrop of digg once said. SSL has probably caused more suicides than drugs, first semester at MIT, and chronic depression combined. I'm not sure anything can be done about it though, that is the sucky part. I'm not sure any programmatic check is going to solve the difficulties associated with SSL auth. Maybe better error messages such as CN does not match DNS name, rather than whatever it says now (can't even remember). Everything has already been mentioned in this thread that stumps beginners, but as far as troubleshooting, RI Pienaar (Volcane) wrote up the best puppet troubleshooting doc I have seen yet as a blog post over at devco.net. I think maybe RL should ask him if they can throw it on the wiki or something. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] A required definition dependency in a module manifest cannot be retrieved.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Paul Nguyen wrote: Hello, I'm hoping someone can help me out with this problem. I am having this problem where I have a custom mount definition in one module manifest file, and require it in another manifest file in the same module. However when the client retrieves its catalog, it cannot retrieve the dependency. This worked fine before when I had these two outside of a module, but since I moved this over to a module, it started to fail. Can someone please help me out with this? Thanks, Paul Here is the error message: rescomp2:~ # puppetd --test info: Caching catalog for rescomp2 err: Could not apply complete catalog: Could not retrieve dependency 'Mount_nfs_dir[/linuxdeploy]' of Package[monit] at /etc/puppet/modules/rescomp2/manifests/rescomp_pkgs.pp:16 /etc/puppet/manifests/nodes/rescomp2.pp node rescomp2 { include rescomp2::rescomp_mounts include rescomp2::rescomp_pkgs } /etc/puppet/modules/rescomp2/manifests/rescomp_mounts.pp: class rescomp2::rescomp_mounts { define mount_nfs_dir ($device, $options) { file { $name: ensure = directory, } mount { $name: ensure = mounted, fstype = nfs, atboot = true, device = $device, options = $options, require = File[$name], } } mount_nfs_dir { /linuxdeploy: device = nas-filer7:/vol/vol1/linuxdeploy, options = rw,rsize=32768,wsize=32768,hard,intr,fg, } } /etc/puppet/modules/rescomp2/manifests/rescomp_pkgs.pp: class rescomp2::rescomp_pkgs inherits rescomp2::rescomp_mounts { package { monit: ensure = present, provider = rpm, source = /linuxdeploy/RPM/monit/monit-5.0.3-1.x86_64.rpm, *require = Mount_nfs_dir[/linuxdeploy]*, } file { /etc/monitrc: ensure = present, source = puppet:///modules/rescomp2/etc/monitrc, owner = root, group = root, mode= 600, require = Package[monit], } } Requiring definitions that reside inside classes have to be fully-qualified, and capitalized like this: require = Rescomp2::Rescomp_mounts::Mount_nfs_dir[/linuxdeploy] Even then, it might not work out this way. It seems a little weird to me. - -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAktejlQACgkQRkBieEaRmuYaRACdG5SUYez3rJ9wElSGzx+OMNQt ri4AmQHB12UmNOSSm6EMWYL8vnWMh/z8 =+kzM -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] per environment tagmail settings?
JL wrote: Is it possible to disable tagmail reports for one environment but not another? For example, when I run 'puppetd --test -- environment=testing', I do not want to receive an email. I tried adding !testing to to tagmail.conf, but that didn't work. Alternatively, I would like to add a statement to the top of the reports that would state the environment, but I'm not sure how to do that. It looks like most of the puppet functions for logging (err, alert, critical, etc.) log to the server not the client. Thanks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. I have a feature request in for this, feel free to thumbs-up it. -- Joe McDonagh Silent Penguin Services Operations Engineer AIM: YoosingYoonickz IRC: joe-mac on freenode Blog: www.colonfail.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.