Re: [External] Re: [Puppet Users] legitimate puppet code?

[John Warburton]

May I highly recommend Visual Studio Code with the puppet plugin - it picks
up also sorts of things like this before you even start testing your code

A huge leap in productivity for me!

John

On Wed, 12 Feb 2020 at 01:43, 'Prentice Bisbal' via Puppet Users <
puppet-users@googlegroups.com> wrote:

> Yup, that fixed it. Thanks for the help.
>
> Prentice
>
> On 2/10/20 4:53 PM, Ramin K wrote:
> > Looks like single quoting params is causing the problem. This passes
> > validation
> >
> >   class { 'cis::iptables::configure':
> > level => $level,
> > type  => $type,
> > roles => $roles,
> >   }
> >
> > Ramin
> >
> > On 2/10/2020 12:38 PM, 'Prentice Bisbal' via Puppet Users wrote:
> >> Is this legitimate puppet code? I'm trying to pass arguments instead
> >> of using global variables (ie, don't keep looking them up in hiera).
> >> This syntax works elsewhere, but I've yet to use it within a class.
> >> When I run 'puppet parser validate', I get an error.
> >>
> >> class cis::iptables (
> >>Integer $level,
> >>String $type,
> >>Array $roles ) {
> >>
> >>include cis::iptables::install
> >>class {'cis::iptables::configure': 'level' => $level, 'type' =>
> >> $type, 'roles' => $roles}   #This line
> >>class {'cis::iptables::service': 'level' => $level, 'type' =>
> >> $type, 'roles' => $roles}   # and this line
> >> }
> >>
> >
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/bd98ec7d-e541-2759-abd3-f0bbe418c89e%40pppl.gov
> .
>


-- 
John Warburton
Ph: 0417 299 600
Email: jwarbur...@gmail.com

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAAJLFxW4PtgYmNnhH1k_btKXWBXDYPKeVye8epO0iTEpODOjdQ%40mail.gmail.com.

Re: [Puppet Users] PuppetDB Using Puppetlabs Postgresql Module on Linux

[John Warburton]

You need to set it in globals. This is what we do:

class { 'postgresql::globals':
version  => $postgresql_version,
datadir  => "${postgres_top}/postgresql/data",
}

John

On Wed, 18 Dec 2019 at 01:49, Peter Krawetzky  wrote:

> I was looking through the documentation and couldn't find my answer.  I
> want to use both the PuppetDB and Postgresql supported modules to install
> and manage both.  I don't want to use the default database directory
> "/var/lib/postgresql/..." but want to specify my own.  What do I use to
> point the database directory to another physical location?  If a different
> location is specified, does the Postgresql module correctly configure
> systemctl stop/start/restart process?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/e01f26bb-b7cf-4d22-ab95-deb8336189b6%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/e01f26bb-b7cf-4d22-ab95-deb8336189b6%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>


-- 
John Warburton
Ph: 0417 299 600
Email: jwarbur...@gmail.com

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAAJLFxUYNkEGrn0SG5pZXTmkun-O2taP-MRXzq2_HLj6nn%3DfHQ%40mail.gmail.com.

Re: [Puppet Users] Accessing the list of classes assigned to a node from within puppet

[John Warburton]

Thanks Dan

But we are not using an ENC, so "classes" is not set. The lookup in site.pp
yields:
Error: Could not retrieve catalog from remote server: Error 500 on SERVER:
Server Error: Function lookup() did not find a value for the name 'classes'

I am programatically looking for the content of
/opt/puppetlabs/puppet/cache/state/classes.txt

Thanks for looking

Regards

John

On Thu, 8 Aug 2019 at 13:11, 'Dan White' via Puppet Users <
puppet-users@googlegroups.com> wrote:

> How about a variation on this :
> # In site.pp, outside of any node definitions and below any top-scope
> variables: lookup('classes', Array[String], 'unique').include
>
> Lose the “include” and you have :
> $class_list = lookup('classes', Array[String], 'unique')
>
> —-
>
> "Sometimes I think the surest sign that intelligent life exists elsewhere
> in the universe is that none of it has tried to contact us."
>
> Bill Waterson (Calvin & Hobbes)
>
> On Aug 7, 2019, at 9:48 PM, John Warburton  wrote:
>
> Hi Everyone
>
> Back in the day of 2.x/3.x, I used to access the "classes" top scope
> variable and dump into templates - like this
> <https://groups.google.com/d/msg/puppet-users/R-y4bPTna24/BHWhi4WOJ6oJ>.
>
> I can't see to find the equivalent in puppet 6.x. Nothing in the built in
> variables doc
> <https://puppet.com/docs/puppet/6.7/lang_facts_and_builtin_vars.html>
>
> Am I looking in the wrong place or do I have to try and access through the
> internal API
> <https://www.rubydoc.info/gems/puppet/Puppet/Resource/Catalog#classes-instance_method>
> ?
>
> Thanks
>
> John
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/230b487d-b9ae-42c3-a686-826a5c8caa89%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/230b487d-b9ae-42c3-a686-826a5c8caa89%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/6E44817D-4C94-4800-BDA0-EE89DF2B0405%40icloud.com
> <https://groups.google.com/d/msgid/puppet-users/6E44817D-4C94-4800-BDA0-EE89DF2B0405%40icloud.com?utm_medium=email&utm_source=footer>
> .
>


-- 
John Warburton
Ph: 0417 299 600
Email: jwarbur...@gmail.com

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAAJLFxXBW5m1LV7so29E4ACes%3DjWuR8A4K_AFcfN5Us8CBp63g%40mail.gmail.com.

[Puppet Users] Accessing the list of classes assigned to a node from within puppet

[John Warburton]

Hi Everyone

Back in the day of 2.x/3.x, I used to access the "classes" top scope 
variable and dump into templates - like this 
.

I can't see to find the equivalent in puppet 6.x. Nothing in the built in 
variables doc 


Am I looking in the wrong place or do I have to try and access through the 
internal API 

?

Thanks

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/230b487d-b9ae-42c3-a686-826a5c8caa89%40googlegroups.com.

Re: [Puppet Users] Registry module not working

[John Warburton]

Puppet 3 and registry simply do not work

I had to upgrade all my clients to puppet 5 to get it to work correctly

John

On Wed, 27 Feb 2019 at 05:16, Ben Ford  wrote:

> Can you include the actual error message along with this snippet of the
> stack trace?
>
> Also Puppet 3.x went EOL 787 days ago on December 31, 2016. You should
> REALLY consider upgrading, especially since your master has already been
> upgraded. It's generally recommended to run the same versions of master &
> client.
>
> On Mon, Feb 25, 2019 at 11:22 AM SUDISH MADATHIL 
> wrote:
>
>> *Error:
>> /Stage[main]/Firewallon/Registry_value[hklm\Software\Pluralsight1\PuppetO*
>> *nWindows]: Could not evaluate: undefined method `RegQueryValueExW' for
>> Puppet::U*
>> *til::Windows::Registry:Module*
>>
>> Issue when trying to use registry module specific to updating values in
>> registry. Can you help with this message?
>>
>> Puppet master version : - 4.10.12
>> Puppet client/agent version :- 3.8.7
>>
>> Trace logs: -
>>
>> >>
>>
>>
>> C:/ProgramData/PuppetLabs/puppet/var/lib/puppet/provider/registry_value/registry
>> .rb:38:in `block (2 levels) in exists?'
>> C:/Program Files/Puppet
>> Labs/Puppet/puppet/lib/puppet/util/windows/api_types.rb:
>> 30:in `block in from_string_to_wide_string'
>> C:/Program Files/Puppet
>> Labs/Puppet/puppet/lib/puppet/util/windows/api_types.rb:
>> 26:in `initialize'
>> C:/Program Files/Puppet
>> Labs/Puppet/puppet/lib/puppet/util/windows/api_types.rb:
>> 26:in `new'
>> C:/Program Files/Puppet
>> Labs/Puppet/puppet/lib/puppet/util/windows/api_types.rb:
>> 26:in `from_string_to_wide_string'
>>
>> C:/ProgramData/PuppetLabs/puppet/var/lib/puppet/provider/registry_value/registry
>> .rb:37:in `block in exists?'
>> C:/Program Files/Puppet
>> Labs/Puppet/sys/ruby/lib/ruby/2.0.0/win32/registry.rb:38
>> 9:in `open'
>> C:/Program Files/Puppet
>> Labs/Puppet/sys/ruby/lib/ruby/2.0.0/win32/registry.rb:49
>> 6:in `open'
>>
>> Thanks.
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/puppet-users/bb2a3fcc-6762-4194-bfb0-7b67e3a398ae%40googlegroups.com
>> <https://groups.google.com/d/msgid/puppet-users/bb2a3fcc-6762-4194-bfb0-7b67e3a398ae%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/CACkW_L78gUxJXPEZ1NO4rAMPD4eVpQJW_7T9htBP81HNJBoEXQ%40mail.gmail.com
> <https://groups.google.com/d/msgid/puppet-users/CACkW_L78gUxJXPEZ1NO4rAMPD4eVpQJW_7T9htBP81HNJBoEXQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>


-- 
John Warburton
Ph: 0417 299 600
Email: jwarbur...@gmail.com

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAAJLFxXrR_7jLHdJg%3Dq8YnJPvFD--sxRD8DN806%3DJZBj4ZLuAQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] puppet cert clean cleaning over and over

[John Warburton]

These are held in the CA inventory .../puppet/ssl/ca/inventory.txt

See
https://ask.puppet.com/question/25818/how-to-manage-size-of-inventorytxt/
for a discussion about cleaning it up, but essentially - delete your test
host entries here

John

On 23 April 2018 at 00:32, Marc Haber  wrote:

> Hi,
>
> I do have a certain host that I use for testing. It thus gets deleted
> and re-created (in Foreman) over and over again. Eventually, rebuilding
> the host times out at the puppet cert clean state.
>
> Foreman issues "puppet cert clean FQDN". When I invoke that from the
> command line, I get "Notice: Revoked certificate" for a number of
> serials, filling screens:
>
> Notice: Revoked certificate with serial 4898
> Notice: Revoked certificate with serial 4903
> Notice: Revoked certificate with serial 4904
> Notice: Revoked certificate with serial 4945
> Notice: Revoked certificate with serial 4946
> Notice: Revoked certificate with serial 5149
>
> When the foreman cert clean has eventually finished, the foreman-proxy
> has timed out in the mean time, and the build fails. Repeating the
> puppet cert clean results in the same serials being revoked again and
> again.
>
> Is there a method to clean up the puppet CA so that puppet cert clean
> doesn't try revoking certificates that do no longer exist at all?
>
> There is no file matching the FQDN in /var/lib/puppet/ssl at all.
>
> Greetings
> Marc
>
> --
> 
> -
> Marc Haber | "I don't trust Computers. They | Mailadresse im Header
> Leimen, Germany|  lose things."Winona Ryder | Fon: *49 6224 1600402
> Nordisch by Nature |  How to make an American Quilt | Fax: *49 6224 1600421
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/puppet-users/20180422143251.i5t7v77ed3el5p7e%40torres.zugschlus.de.
> For more options, visit https://groups.google.com/d/optout.
>



-- 
John Warburton
Ph: 0417 299 600
Email: jwarbur...@gmail.com

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAAJLFxVctYSeKEz9whgUERnQBw7WqZ%3DxBoCuMA9vM2jkuiooog%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] R10K in an existing infrastructure OR How to write yourself into a corner.

[John Warburton]

Thanks Rob

On Thursday, 29 September 2016, Rob Nelson  wrote:

> Whoops, it's called lab_config in that project (site_config is my private
> repo for the home lab) and can be found at https://github.com/
> puppetinabox/lab_config. There's not as much to that since it's a
> reference project, but for example DNS updates are pushed out every 15
> minutes from it (agents check in every 30 minutes, though), so it's just a
> matter of pushing a change to 'master' in that repo and boom, deployed
> within the hour.
>
> On Thursday, September 29, 2016, John Warburton  > wrote:
>
>>
>> On Thursday, 29 September 2016, Rob Nelson  wrote:
>>
>>> The 'site_configs' module is pretty equivalent to the 'data' module you
>>> propose - odd config files, SSL certs, etc.
>>
>>
>> Rob
>>
>> I can't find site_configs on the forge or google. Any pointers?
>>
>> Thanks
>>
>> John
>>
>>
>> --
>> John Warburton
>> Ph: 0417 299 600
>> Email: jwarbur...@gmail.com
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit https://groups.google.com/d/ms
>> gid/puppet-users/CAAJLFxXZSAxxUY-6sRR7f_3dZEAriMqzHgfrxzfcjY
>> UM1XFvaw%40mail.gmail.com
>> <https://groups.google.com/d/msgid/puppet-users/CAAJLFxXZSAxxUY-6sRR7f_3dZEAriMqzHgfrxzfcjYUM1XFvaw%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
> --
>
> Rob Nelson
> rnels...@gmail.com 
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com
> 
> .
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/puppet-users/CAC76iT-aiwZcD1-7B%3DYy0brzbRrpz0-
> Z6Ck9_ULsDJE7D%2B-CKw%40mail.gmail.com
> <https://groups.google.com/d/msgid/puppet-users/CAC76iT-aiwZcD1-7B%3DYy0brzbRrpz0-Z6Ck9_ULsDJE7D%2B-CKw%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>


-- 
John Warburton
Ph: 0417 299 600
Email: jwarbur...@gmail.com

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAAJLFxVuAhY%3DQqGMJBS37yA4VgBkYSxLejU78wC_C7tzYGK0hw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] R10K in an existing infrastructure OR How to write yourself into a corner.

[John Warburton]

On Thursday, 29 September 2016, Rob Nelson  wrote:

> The 'site_configs' module is pretty equivalent to the 'data' module you
> propose - odd config files, SSL certs, etc.


Rob

I can't find site_configs on the forge or google. Any pointers?

Thanks

John


-- 
John Warburton
Ph: 0417 299 600
Email: jwarbur...@gmail.com

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAAJLFxXZSAxxUY-6sRR7f_3dZEAriMqzHgfrxzfcjYUM1XFvaw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] puppet facter for password hashing algorithm on a per OS basis

[John Warburton]

Ah manual changes...

Ok you need some way to identify which hosts use which hash type and
classify them as such.

We have an external node classifier, and we would set a parameter for the
host to say hash_type => 'bsdmd5' for example. You could default if
osfamily is Redhat to not even look for the parameter as all Centos nodes
will be the same

No node classifier? Not sure how you would do this? A custom fact
interrogating the hash type?

John

On Thursday, 11 February 2016, warron.french 
wrote:

> John/Garret, thanks but the hash-type isn't specific to os&release, it is
> manually defined/altered by the sysadmin.
>
> Does that help any?
>
> To be more detailed, I might have something like the following:
>
> CentOS-6.X. 12 nodes all hash=sha-512,
> Solaris 10u6 13 nodes all hash=bsdmd5, but...
> Solaris 10u6 4 nodes all hash=sha-512, AND
> Solaris 10u11 8 nodes all hash=bsdbf, but...
> Solaris 10u11 3 nodes all hash=sha-512.
>
> I can see where you might say, then patch and augment all up to Solaris
> 10u11 with hash=sha-512; I work in a secured VERY BUSY environment so it's
> not quite that simple.
>
> Thank you both,
> On Feb 10, 2016 7:13 PM, "John Warburton"  > wrote:
>
>> Warron
>>
>> Use the operatingsystemrelease fact and decide the hash to use based on
>> that.
>>
>> It will spit out something like 10_u9 by reading /etc/release. This isn't
>> too bad, but if you patch a server built as u9 with a current patch set,
>> the actual OS will be u11 no matter what /etc/release says, so beware
>>
>> You can look at projects.puppetlabs.com/issues/11082 you can see the
>> mapping between 1/06 (I hear ya) and the update number. There is a link to
>> the Oracle document that maps that out too
>>
>> John
>>
>> On Thursday, 11 February 2016, Warron French > > wrote:
>>
>>> Hello, I was hoping someone could help with answering this question, for
>>> the following scenario.
>>>
>>> On our network we have some OLD ( I mean 1/06, up to 1/09) Solaris 10
>>> SPARC servers and workstations along with newer Solaris 10 SPARC servers
>>> (running even the lastest revisions, like 1/13); and we have CentOS servers
>>> and workstations.
>>>
>>> The password hashing algorithm is different between the OLD Solaris 10
>>> SPARC servers and workstations versus the newer *recently rebuilt* Solaris
>>> 10 1/13 SPARC servers and workstations; the *older ones *run with *MD5*
>>> for password hashing, we don't want that.  Even some of the Solaris 10
>>> machines that running the newer Solaris 10 1/13 (build a couple of years
>>> ago) might be running with the MD5 hashing algorithm.  *All* of our
>>> CENTOS systems though, thank goodness, are running with the sha-512 (yay!).
>>>
>>>
>>> Anyway, we have a potential project to use puppet to populate/generate 
>>> *LOCAL
>>> *(not AD/LDAP) accounts across all of our systems and want our
>>> passwords for each of the accounts added to be the same; but of course, if
>>> the
>>> *password* attribute given to the *user* resource in the puppet code is
>>> of an incorrect hash-type, then that account will not work properly.
>>>
>>> That is why I am asking for help, to achieve this particular goal.
>>>
>>> Thank you in advance,
>>> Warron
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Puppet Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to puppet-users+unsubscr...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/puppet-users/ccd6ba2d-6f0e-45b7-9946-e99ec9cd78fe%40googlegroups.com
>>> <https://groups.google.com/d/msgid/puppet-users/ccd6ba2d-6f0e-45b7-9946-e99ec9cd78fe%40googlegroups.com?utm_medium=email&utm_source=footer>
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>
>> --
>> John Warburton
>> Ph: 0417 299 600
>> Email: jwarbur...@gmail.com
>> 
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users+unsubscr...@googlegroups.com
>> 
>> .
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/puppet-users/CAAJLFxXmSU-H20DhyU

Re: [Puppet Users] puppet facter for password hashing algorithm on a per OS basis

[John Warburton]

Warron

Use the operatingsystemrelease fact and decide the hash to use based on
that.

It will spit out something like 10_u9 by reading /etc/release. This isn't
too bad, but if you patch a server built as u9 with a current patch set,
the actual OS will be u11 no matter what /etc/release says, so beware

You can look at projects.puppetlabs.com/issues/11082 you can see the
mapping between 1/06 (I hear ya) and the update number. There is a link to
the Oracle document that maps that out too

John

On Thursday, 11 February 2016, Warron French 
wrote:

> Hello, I was hoping someone could help with answering this question, for
> the following scenario.
>
> On our network we have some OLD ( I mean 1/06, up to 1/09) Solaris 10
> SPARC servers and workstations along with newer Solaris 10 SPARC servers
> (running even the lastest revisions, like 1/13); and we have CentOS servers
> and workstations.
>
> The password hashing algorithm is different between the OLD Solaris 10
> SPARC servers and workstations versus the newer *recently rebuilt* Solaris
> 10 1/13 SPARC servers and workstations; the *older ones *run with *MD5*
> for password hashing, we don't want that.  Even some of the Solaris 10
> machines that running the newer Solaris 10 1/13 (build a couple of years
> ago) might be running with the MD5 hashing algorithm.  *All* of our
> CENTOS systems though, thank goodness, are running with the sha-512 (yay!).
>
>
> Anyway, we have a potential project to use puppet to populate/generate *LOCAL
> *(not AD/LDAP) accounts across all of our systems and want our passwords
> for each of the accounts added to be the same; but of course, if the
> *password* attribute given to the *user* resource in the puppet code is
> of an incorrect hash-type, then that account will not work properly.
>
> That is why I am asking for help, to achieve this particular goal.
>
> Thank you in advance,
> Warron
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com
> 
> .
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/ccd6ba2d-6f0e-45b7-9946-e99ec9cd78fe%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/ccd6ba2d-6f0e-45b7-9946-e99ec9cd78fe%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>


-- 
John Warburton
Ph: 0417 299 600
Email: jwarbur...@gmail.com

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAAJLFxXmSU-H20DhyUTxRYwWT56nHVbJLd1qkGYfx4GB-8AWHQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Augeas editing of fstab

[John Warburton]

On Saturday, March 21, 2015 at 1:20:22 AM UTC+11, Anthony Clark wrote:
>
> Hi there,
>
> I'm trying to add the nobarrier option to our XFS mount options in 
> /etc/fstab using Augeas.  I've tried this:
>
>  Possibly a bit heretical on this list, but I find Augeas is more trouble 
than it is worth and you are usually better off using templates or native 
resources

For your case, have you tried managing the mount points with the mount 
resource and passing the list of options to the options parameter?

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/b9a5632c-546a-4903-8300-8d53a56411ae%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Solaris package installation unattended does not work

[John Warburton]

You need an admin(4) file to set some defaults to questions like this.
Here's mine

% tail -15 modules/base/files/var/sadm/install/admin/puppet
#   Notes: * man -s 4 admin
#  * default pkgadd admin file to just install everything
#  * quit rather than carry on like
/var/sadm/install/admin/noprompt
#
mail=
instance=overwrite
partial=quit
runlevel=nocheck
idepend=quit
rdepend=quit
space=quit
setuid=nocheck
conflict=nocheck
action=nocheck
basedir=default

And how I use it

package { 'SUNWpmr':
ensure=> absent,
adminfile => '/var/sadm/install/admin/puppet',
before=> File['/etc/default/power'],
}

John


On 20 February 2015 at 02:13, Andreas Dvorak 
wrote:

> Dear all
>
> I am trying to install a Solaris package but it does work. Puppet uses -n
> to run unattended, but interaction is required.
>
> package{'CSWpkgutil':
>   ensure => installed,
>   source => "
> http://sv2653/repo/solaris/CSWpkgutil-${::hardwareisa}.pkg";,
> }
>
> Error message:
> Execution of '/usr/sbin/pkgadd -d
> http://sv2653/repo/solaris/CSWpkgutil-i386.pkg -n CSWpkgutil' returned 5:
> This package contains scripts which will be executed with super-user
> permission during the process of installing this package. Please see
> /opt/csw/share/doc/pkgutil/license for license information. Installation of
>  was suspended (interaction required). No changes were made to
> the system.
>
> Can somebody please help me?
>
> Andreas
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/ff789a40-88b2-419b-9ebd-dcc57c1c8fe3%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/ff789a40-88b2-419b-9ebd-dcc57c1c8fe3%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>



-- 
John Warburton
Ph: 0417 299 600
Email: jwarbur...@gmail.com

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAAJLFxWnR9g1NLNVX9U7s5_0pQX2M0dt1F%3DT1O8MYSRSkRz7WQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Fact is incorrect when show all facts, correct when on commandline

[John Warburton]

gt;> computation is
>>> > already running in Ruby.  Even if you want to do the whole job with an
>>> > external pipeline, 'sed' would be a lighter-weight (and simple-syntax)
>>> > choice.  Nevertheless, I don't see how that could contribute to
>>> differing
>>> > results.
>>> >
>>> >
>>> > John
>>> >
>>> > --
>>> > You received this message because you are subscribed to the Google
>>> Groups
>>> > "Puppet Users" group.
>>> > To unsubscribe from this group and stop receiving emails from it, send
>>> an
>>> > email to puppet-users+unsubscr...@googlegroups.com.
>>> > To view this discussion on the web visit
>>> >
>>> https://groups.google.com/d/msgid/puppet-users/f0aa94a6-aa55-4420-97f0-1f82c55c6207%40googlegroups.com
>>> .
>>> >
>>> > For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/CAO1ctWe0xJPd43M5ck%2BJcmYA32YZ%3DO-mCk6jSyuLV7s0ng%2Bi5Q%40mail.gmail.com
> <https://groups.google.com/d/msgid/puppet-users/CAO1ctWe0xJPd43M5ck%2BJcmYA32YZ%3DO-mCk6jSyuLV7s0ng%2Bi5Q%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>
> For more options, visit https://groups.google.com/d/optout.
>



-- 
John Warburton
Ph: 0417 299 600
Email: jwarbur...@gmail.com

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAAJLFxXgDy%2BAAcirMjwZVuZd9dqy5qz0UjM_i2Lr4EQjMCpboQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] augeas, sshd and multiple onlyif requirements

[John Warburton]

On 10 October 2014 13:34, Chris  wrote:

>
> Any help, suggestions, alternatives would be greatly appreciated.
>

Stop using Augeas and start using templates


Here's an extreme example from the the most popular SSH module
 on the forge -
https://github.com/saz/puppet-ssh/blob/master/templates/sshd_config.erb,
although I find Garrett's easier to read if you were new to templating -
https://github.com/ghoneycutt/puppet-module-ssh/blob/master/templates/sshd_config.erb

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAAJLFxUJdfFy0JUrQNV%2B%2BXhqNE9hjUS6xRh29XzXKTGOeaizzA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet Explorer 1.3.0

[John Warburton]

On Saturday, September 20, 2014, Spencer Krum 
wrote:

> Puppet Explorer and PuppetBoard are both superior to the Puppet Dashboard.
> Puppet
>

Do any of these also give the ability to spit out the current state as csv
that the dashboard does? We use it extensively for reporting

Thanks

John


-- 
John Warburton
Ph: 0417 299 600
Email: jwarbur...@gmail.com

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAAJLFxW41-GbbwAQoXDK-eybcSfFM25XSRW7Pi%3DShGn%2BNzSpMQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Augeas hates me!!!

[John Warburton]

On 14 August 2014 01:22, randal cobb  wrote:

> ok, that didn't seem to help.  I now have this result:
> Debug: Augeas[apache2](provider=augeas): Opening augeas with root /, lens
> path , flags 64
>

You may find templates much easier to manage

I gave up on Augeas a long time ago due to this complexity, lack of lenses
and because to someone looking at a file, it wasn't obvious augeas/puppet
was managing it. A file with VCS artefacts at the top makes it more obvious
what is going on..

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAAJLFxVEpDqc%2BtHpxpcPRVGecKuGXF%3DD6MXNeN2W-Y7jMMpLPw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] jenkins workflow

[John Warburton]

On 7 August 2014 02:17, Bernard Clark  wrote:

> I'm setting up a jenkins server to perform continuous integration on my
> puppet codebase, and I'm interested in running at least the following tests:
>
>- puppet parser validate
>- puppet lint
>
> These are cheap to do. Give yourself immediate feedback by making them pre
commit hooks -
http://puppetlabs.com/blog/how-set-git-commit-hooks-puppet-enterprise

>
>- rspec-puppet
>- test-kitchen
>
> Have I overlooked any other worthwhile tests, and has the community
> distilled any wisdom about best practices, particularly regarding git
> workflow? Any advice would be much appreciated!
>
Look at server spec as well - http://serverspec.org/

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAAJLFxV%2BmR%3D88Wkh-GXYqOuZdboXdH2YTV%3DtAM47n0yUVNegKQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Hiera - how to include all files inside a directory

[John Warburton]

I presume you just want the information for the one customer, and not all
customers?

If the first, I assume you set the customer name, and you just dump the
information in a file named after the customer. If you want all customers,
dump it all in one common file.

Whilst, we're still using extlookup, the idea is the same (and we set the
client name in our node classifier). We have client information based on
location or just general, with global overrides in "common"

$extlookup_precedence = ["host_%{fqdn}",
 "%{client}.location_%{location}",
 "%{client}",
 "location_%{location}",
 "common"]

John


On 24 July 2014 22:27, Juan Moreno  wrote:

> Hi,
>
> I would like to know if exists the possibility to include all the yaml
> files of a directory in hiera.
>
> The hiera config looks like:
>
> :hierarchy:
>   - %{hostname}
>   - secrets
>   - customers/*
>
> :backends:
>   - yaml
> :yaml:
>   :datadir: '/etc/puppet/data'
>
> Cheers,
> Juan Moreno
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/e069d96d-7ec4-4bb2-bd68-76143609596b%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/e069d96d-7ec4-4bb2-bd68-76143609596b%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>



-- 
John Warburton
Ph: 0417 299 600
Email: jwarbur...@gmail.com

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAAJLFxWfCgBCZJg58kY4HLj5GNu6PV%2Bd5sAtscmYu%3DGhDODx6w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: how to change root password for all nodes

[John Warburton]

On 10 July 2014 01:53, mahesh vijapure  wrote:

> Please tell me any puppet module that can automatically resets the root
> password when they are >60 days old, and stores the new password in a
> central encrypted location
> Thanks in advance for all your valuable inputs.
>
I want to update root password for all vms registered with Puppet. Please
>> someone assist me here.
>>
>
> You are describing a product something like
http://www.cyberark.com/product-detail/enterprise-password-vault

There may be open source alternatives that achieve the same, but it is not
directly (or solely) a puppet solvable problem

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAAJLFxVZSgtBM10OMSsqaGaokJxwqvog99PSH5iHNkd5gA8uAA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Server acceptance unit testing

[John Warburton]

On 17 June 2014 16:17, Eric Shamow  wrote:

> There is Beaker, which is an internal (but open) PL testing framework:
>
> https://github.com/puppetlabs/beaker/wiki
>
> Beaker has an rspec variant, but it also has its own DSL which is much,
> much simpler.
>
>
Thanks Eric

I've looked at it, and the language is still a barrier

However, we are likely to adopt it in the test pipeline where we have a gap
testing new modules after simple syntax checks and catalog compiles

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAAJLFxV3%2Be-rotCGk7RCy9sYrR0%2BDMiy%2BSE8J2wzKqFV4zVriw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Server acceptance unit testing

[John Warburton]

On 17 June 2014 16:13, Nan Liu  wrote:

If you are looking for something that's low barrier of entry and shell is
> your target, have you considered something like bats?
> https://github.com/sstephenson/bats
>
> Thanks Nan - that escaped me. Will take a look. The best I could find was "Sh
Unit 2 " which seemed more complicated

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAAJLFxXO%3DjQ6sDUcShuFeEN82EG9UYuXcZ8MTD%3Dnzm5Z_o%2BmfA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Server acceptance unit testing

[John Warburton]

Hi Everyone

We want to unit test our servers with something like serverspec, but we do
not have the coding skills in the team to write ruby/rspec, and we want a
low barrier to entry for writing tests



Our site isn't small with 3.5K servers, 200 modules, 400 manifests covering
3K resources. Each server averages about 650 resources



I was wondering what others do for server acceptance testing given a
similar set of requirements. Based on my quick reviews on what is out
there, Jenkins with perl's Test::Harness looks a good fit, which is a
little scary



Am I missing something?



Thanks



John



Requirements:

   - Use industry standard test harness


   - Use industry standard formatter / dashboard (Jenkins?)
   - Lightweight, not monolithic. One test = one file


   - Command line based


   - Independent of central server for initiating checks


   - Roll up checks into arbitrary domains such as role, profile, location,
   environment


   - Can be run on production servers


   - Check actual state, not puppet results (we already do that)
   - Run not just at build, but all the time and alert on deviations
   through monitoring system
   - Some checks run on servers, but some run elsewhere that check other
   systems (accurate data centre inventory records, console access, DNS
   reverse address exists, etc)
   - Do not want to be restricted by language to write tests in. We have a
   wide range of programming abilities in team (averaging little or none), and
   expect most checks to be written in shell, and if they have to be -
   perl/python. Very rarely ruby





Reviewed:

   - Serverspec
  - Ruby / rspec. No chance of widespread adoption


   - Beaker
  - Ruby / rspec. No chance of widespread adoption
   - Does allow shell outs...
   - Bigger than a test harness - whole test environment creation. Probably
  more than what we'd need
   - Focus seems to test puppet modules - cannot run in production and test
  arbitrary states


   - xUnit
  - Language specific? Difficult to have tests in different languages
  - Need to deploy each language specific test runner
  - Jenkins can eat xUnit test results


   - Perl
  - Test::Harness  by
  default exists on every server
  - Different languages supported if in different directories
  - Jenkins eats TAP test results

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAAJLFxW42sjKQ6PyLM9bUzwCPcmQ_0RcLZShdsM-BXA6mv3bfw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] puppet-lint questions

[John Warburton]

We are in the middle of a similar task

We are manually fixing lint issues and putting a string '#PUPPET_LINT' at
the end of each fixed file. The pre commit hook checks for this string
before doing the lint check

All new puppet modules get the string put in immediately

At some time in the future, we will flip the logic and string change
to  '#NO_PUPPET_LINT'
for the challenging files and lint check by default

John

On Friday, April 11, 2014, Rich Burroughs  wrote:

> I saw one of the Puppet Labs webinars about setting up your Puppet
> development environment, and at one point it mentioned using a git hook to
> run puppet-lint before committing. We do that where I work with "puppet
> parser validate," but right now a lot of our code would not pass a
> puppet-lint run with no options.
>
> I'm curious how many people actually are that strict about it.
>
> Also, I have a couple of specific questions about errors that show up in
> our manifests commonly.
>
> We get this a lot:
>
>   WARNING: quoted boolean value found on line 39
>
> With code like this:
>
> $foo=hiera('foo', 'false'),
>
> We've given a default of false for a Hiera lookup. It doesn't seem like
> there's a way around this, it seems like it actually needs to be quoted.
>
> One other example:
>
>   WARNING: double quoted string containing no variables on line 57
>
> We get this when we are doing a tidy and are globbing:
>
>   tidy { $log_directory:
> schedule => weekly,
> backup   => false,
> type => ctime,
> recurse  => true,
> matches  => "foo.out*",
> age  => 97d,
>   }
>
> Again, I think this is supposed to be double quoted (I found some examples
> on the Puppet Labs site that had double quotes).
>
> I know I can pass options to disable those checks, but in both cases there
> are times we might legitimately make a mistake that would cause that error,
> and I wouldn't want to ignore those...
>
>
> Rich
>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to 
> puppet-users+unsubscr...@googlegroups.com
> .
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/c459b945-cc6d-46c7-9dff-0ae6eab814e6%40googlegroups.com<https://groups.google.com/d/msgid/puppet-users/c459b945-cc6d-46c7-9dff-0ae6eab814e6%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>


-- 
John Warburton
Ph: 0417 299 600
Email: jwarbur...@gmail.com

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAAJLFxVk3XkTi%3Dr17hJv_WBNvTX4orhJKKjDMybcTb_pGLmmHQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Port for ENC requests?

[John Warburton]

On 4 February 2014 09:00, Jon Yeargers  wrote:

> I'm trying to debug a new ENC setup. I created a short perl script to
> output a few lines of YAML. It runs fine on the puppet server but when I
> try it on a client I get this error:
>
> Warning: Error 400 on SERVER: Failed to find client.domain.org via exec:
> Execution of the '/etc/puppet/ENC/plug0.pl client.domain.org' returned 13:
>


> Somewhere else I should be looking for errors? What does error 13 imply?
>
> # grep 13 /usr/include/sys/errno.h
#define EACCES  13  /* Permission denied

The user running the puppet master cannot access (read/execute?) your
script. Try running it as that user from the command line

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAAJLFxXtoaoy0Xn7Yo3c%2BtycpAp1-3xSWp7XFhaK_hdUZphzqQ%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] yamlyzer

[John Warburton]

On 13 December 2013 15:07, Stuart Cracraft  wrote:

> Our Security Group would like to  have complete visibility to logs in
> simple formats they can parse
> and understand and socialize it to the C-suite with. Also, it can be used
> to analyze Puppet's proposed
> operations in noop mode prior to an eventual turnup in full 7x24x365 mode
> for selected subsets of
> our cloud.
>

Are you using puppet dashboard? You can get the same information in CSV
format from http://localhost:3000/nodes.csv. It has the same information as
the yaml reports, but in "easier" (familiar) to manage CSV format, and
always up to date when you suck it from the dashboard. Here's a line of an
out of sync resource:

hostname,pending,736,34,0,702,File,/etc/sudoers,0.483092,/modules/sudoers/manifests/init.pp,22,2013-12-11
23:16 UTC,0,1,false,false

You don't get everything (like a diff on the file),and it is a good idea to
omit in sync resources (!~ /,0,0,[a-z]*,false/)

And why hasn't someone written exactly what you want? Because probably
no-one has the exact requirements of your organisation. So, at some stage
you're going to have to do some custom work.

Or even better, engage puppet labs to do what you want, and ensure it gets
rolled back into the product for the community. That's where the totting up
the # resources and states and the CSV dump of the dashboard came from...

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAAJLFxVfb8A9TwsEng%2B2VK_eFarRa7a%3DkRMMGYu9hu%2BTvmBUGw%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Puppet Labs issue tracker migration 16 Dec 2013

[John Warburton]

>
> * Everybody needs to create a new account on JIRA, since we can’t migrate
> passwords from redmine to jira.
>

Is the JIRA link available? From the front page, Bug
Trackerpoints at RedMine . Or do I
need to hold my horses?

Thanks

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAAJLFxVyN4SOX%2Bi3t%3Dx_LaVX8EhuMEYYhcLJAa5_t3hoYN_M7A%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] noop = true and what for test?

[John Warburton]

On 4 December 2013 04:54, Stuart Cracraft  wrote:

> The rationale for the above methodology is: hosting firm doing database
> hosting in a (very)
> highly secured environment seeking to ensure extreme care of the "crown
> jewels."
>
> We realize it is not an exciting use case.
>

We run a similarly unexciting puppet environment with strict change
control, so no "standard" updating every 30 minutes. We run a puppet noop
twice a day from cron (not daemon mode), which reports back to the puppet
dashboard.

We can then extract the dashboard information as a CSV and report on non
conformity, especial some modules like "security". See some examples
in a previous
post 

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAAJLFxWoQBGrc83%3Dd_jxDkhcTReenKSN_ovWg63gREQmiVaBew%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: Puppet Manage Cisco ASA

[John Warburton]

On 26 August 2013 15:12, aussielunix  wrote:

>
> On Friday, 1 March 2013 02:13:27 UTC+11, James Turnbull wrote:
>>
>>
>> Cisco is working on integration and we hope to have some news on this
>> soon.
>>
>>
> What is the current state of Cisco device management with Puppet ?
>
>
Cisco gave a presentation at PuppetConf 2013 and the slides are just up at
http://www.slideshare.net/getyourbuildon/cisco-automation-with-puppet-and-onepk

IMHO it was disappointing Cisco is going with running a puppet agent on
their systems as we have to wait for them to support new (and older)
hardware as well as supported puppet providers on their schedule. From what
I can gather, Juniper on the other hand focuses on managing the device API.
Since OnePK also supports API management, I can see the community pushing
ahead there rather than waiting on Cisco. We shall see

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Possible for each user to have their own testing environment?

[John Warburton]

On 16 August 2013 00:14, Sandra Schlichting wrote:

> Hello all =)
>
> What I would like is a way so multiple people can make changes to all
> files in /etc/puppet/, but only after they have tested their changes then
> they "git push" so /etc/puppet is updated. The git repo is in /etc/puppet.
> When I read about environments [1] I get the impression that is only for
> module development, is that correct?
>
> Ideally what I would like is each user to have their private environment
> where they can "git pull" to. E.g.
>


> Can something like this be done? And if so, what would my
> /etc/puppet/puppet.conf look like?
>

This is exactly what we do - each admin has their own environment. We use
SVN, so substitute where required, but essentially we force a particular
directory structure for every admin and reflect that in the
puppetmaster.conf of our lab server. NB the SVN work spaces must be on the
same server as the lab puppet server for this to work

# Replicate this, and change "username" as appropriate (one per line)
#[Lusername]
#modulepath = /u1/username/svn-workspace/puppet/Lusername/modules
#manifest =
/u1/username/svn-workspace/puppet/Lusername/manifests/site.pp
#manifestdir = /u1/username/svn-workspace/puppet/Lusername/manifests

Because we have different yum/pkg repos per environment, that capital L for
the environment allows us to do some generic regexp matching to override to
a single "lab" repo and not one per admin

All changes are a feature
branch,
and we wrap the creation of a JIRA ticket, new feature branch name based on
JIRA ticket number (UX-) and sym link
/u1/username/svn-workspace/puppet/Lusername to
/u1/username/svn-workspace/puppet/branches/UX- in a script

We then set the environment of whatever development VM/server we need to
develop/test the code - including full rebuilds and "it just works". We
have another script which checks for a valid peer review (reviewboard) then
merges the changes back into develop/trunk, and updates the JIRA ticket

The only gotcha is if you have multiple feature branches at any time and
managing the sym link

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: Decomission node process (puppet / puppetdb / dashboard)

[John Warburton]

On 25 July 2013 22:54, yannig rousseau  wrote:

> Do you know if it's possible to lauch it from a script (maybe a sql
> request ?)


rake --silent node:del name=deleteme RAILS_ENV=production

I also run a job each day to tidy up the database:

# Purged nodes leave behind orphaned records:
#
http://docs.puppetlabs.com/pe/2.0/welcome_known_issues.html#consoles-reportsprune-task-leaves-orphaned-data
# http://projects.puppetlabs.com/issues/6717
rake --silent RAILS_ENV=production reports:prune:orphaned >> $LOG 2>&1

# Recover/pack space from deletions with table optimization
# http://dev.mysql.com/doc/refman/5.0/en/mysqlcheck.html
DATABASE=`grep database:
/local/puppet/dashboard/dashboard/config/database.yml | awk '{print $2}'`
USER=`grep username: /local/puppet/dashboard/dashboard/config/database.yml
| awk '{print $2}'`
PASSWORD=`grep password:
/local/puppet/dashboard/dashboard/config/database.yml | awk '{print $2}'`
mysqlcheck -u $USER --password=$PASSWORD --optimize --databases $DATABASE
>> $LOG 2>&1


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: High Availability of Puppet server for separate geographical location

[John Warburton]

On 9 May 2013 10:59, Felipe Salum  wrote:

>
> Easy solution would be something that would be easier to setup, or maybe
> it is just me trying to complicate things. :)
>
> I suppose all HA solutions are difficult - they have to suit your site's
definition of HA and meet cost/complexity needs. Sometime a one pager set
of instructions is good enough, but Puppet Labs aren't going to be able to
meet everyone's HA needs

I was lucky that this was my second puppet deployment and I had a design
that was HA from the start - so built it all in from the start. Keep
plugging away

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: High Availability of Puppet server for separate geographical location

[John Warburton]

On 9 May 2013 05:57, Felipe Salum  wrote:

> Is Puppetlabs planning some easy solution for this ?
>

I run 12 puppet servers around the world. They work in a multiple puppet
master solution where any client from any location can work with any puppet
server in any location with dns_alt_names. We have an easy/simple solution:

One puppet server is designated puppet-ca.example.com. All client's
configuration files look like this:

ca_server = puppet-ca.example.com

A second puppet server is randomly chosen to be puppet-ca2.example.com. A
rsync job runs every minute on puppet-ca2 to only suck down the
.../etc/ssl/ca directory from puppet-ca

If puppet-ca becomes unavailable, we move the puppet-ca CNAME to
puppet-ca2. That lag is acceptable to us. You may chose to use other load
balancing options like an F5

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: Anyone managed to integrate Ambari/Hortonworks with an existing puppet installation?

[John Warburton]

On 18 April 2013 14:35, Yusaku Sako  wrote:

> Hi John,
>
> You are looking at an old version of HDP (1.1).
>


> The Puppet library that is used by the Ambari agent is completely
> sandboxed - it will not interfere with your existing Puppet installation.
> Yusaku
>

Thanks Yusaku - that will make us much happier

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Anyone managed to integrate Ambari/Hortonworks with an existing puppet installation?

[John Warburton]

Hi All

We're investigating the Hortonworks Hadoop Data Platform. It uses the
Apache Ambari installer, and we are running into problems as the
installation notes (http://hortonworks.com/hdp110-hmc-quick-start-guide/)
for the application say (and I kid you not):

*Remove or disable any existing Puppet agent configurations
*
It seems that its management centre runs as a puppet master and all nodes
are puppet agents. So, it is implying we can't run the management centre
using *our* puppet masters. And really, we're not going to do that - we're
not going back to having special little snow flakes scattered around the
place

So, do people use Hortonworks/Ambari within their own puppet installations?
And what do people think about this sort of package that assumes it is the
only puppet installation within an organisation? It seems Ambari are aware
of the situation (https://issues.apache.org/jira/browse/AMBARI-665), but
aren't doing much about it

Thanks

John
-- 
John Warburton
Ph: 0417 299 600
Email: jwarbur...@gmail.com

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] replacing mkdir -p

[John Warburton]

On 5 April 2013 03:23, Mike Power  wrote:

> Puppet right now requires every element of a path to have an individual
> file definition.  This makes it had to take an arbitrary path as a
> parameter.  You are forced to require your client to make the entire path
> structure for you or instead you use an exec resource and call mkdir -p.
> Using an exec resource does not generate an File resources so autorequire
> does not work.
>
> I didn't like this, I wanted to be able to once specify a path and have
> puppet do that autorequire as needed.
>
> People have been requesting this feature for over 7 years (
http://projects.puppetlabs.com/issues/86). It won't be accepted as there is
not enough consensus as how to implement it. Read the very long arguments
in the ticket notes for the intricacies

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] PuppetCA and saved certs

[John Warburton]

We've had the occasional fat finger in the client certs directory and all
certs being deleted. Everything carried on as usual...

John


On 13 March 2013 20:36, Felix Frank  wrote:

> Hi,
>
> I concur that cryptographically, there is absolutely no sense in keeping
> the signed certificates around.
>
> That being said, I'm not entirely sure that the puppet master will work
> after removing them, but I expect it will.
>
> Just give it a shot. You can always move them back in :-)
>
> Cheers,
> Felix
>
> On 03/08/2013 05:36 PM, Mason Turner wrote:
> > This may be a crazy question, but do we have to keep the generated
> client certs on the puppetca? What would be the harm in deleting them?
> >
> > I ask because we have our puppetca geographically redundant, and we keep
> the certs synced with our old friend rsync.
> >
> > If we didn't even try to store the certs, we wouldn't have to keep them
> in sync. We could run the CAs active-active. I'm pretty sure puppet-agent
> and server will continue to work just fine, right?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>


-- 
John Warburton
Ph: 0417 299 600
Email: jwarbur...@gmail.com

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] puppetlabs-lvm and --guess-fstype

[John Warburton]

On 26 February 2013 03:30, Chuck  wrote:

> Yep.. Red Hat was nice enough to take "--guest-fstype" out of RHEL 6.4.
>
> On Friday, February 22, 2013 4:25:04 AM UTC-6, steve foster wrote:
>>
>> Logged a bug:
>>
>> http://projects.puppetlabs.**com/issues/19410
>>
>> On Friday, 22 February 2013 09:47:33 UTC, Mathieu Bornoz wrote:
>>>
>>> Hi,
>>>
>>>
I have tested Mathieu's patch per his pull
requestin the
bug ticket and it works like a charm (RHEL 6.4, ext4 only). Thanks
Mathieu!

How do we get this into an official update of the lvm module on the forge?

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Stomp connector deprecated ?

[John Warburton]

On 18 February 2013 23:19, R.I.Pienaar  wrote:

> No eta for when the 2.2.x branch will move forward, no eta for when this
> adapter
> will be removed from production code, no need to panic.  But if you're
> starting
> out now you should look to using one of the new connectors I posted links
> to.
>
> The ActiveMQ and RabbitMQ connectors are just specialised versions of the
> Stomp
> ones, they were introduced to the production branches 2012/04/30 and
> 2012/09/13
> so they've had a good bit of time to be tested before we are now finally
> warning
> that we will at some point in the future move to them as standard.
>
> I'll update the docs with this information hopefully this week
>

Thanks for the detailed response RI - appreciated

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Stomp connector deprecated ?

[John Warburton]

On 18 February 2013 22:47, Drew Blessing  wrote:

> You are absolutely fine to continue with your roll out.  However, you
> should work the specific ActiveMQ or RabbitMQ connector into that rollout
> if you want to be fully forward-compatible.  Ellison posted the link to the
> docs previously.
>

Thanks for the clarification Drew & the docs Ellison. Reading that through
and checking my config made me very happy - I moved to the activemq
connector a few days ago to enable SSL :-)

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Stomp connector deprecated ?

[John Warburton]

On 17 February 2013 22:45, R.I.Pienaar  wrote:

>  A deprecation is just a warning telling you that it will go away, we do
> not
> remove features from the middle of a production series
>
> Is this mcollective version 3.x or 2.3.x?


> So you should be good to continue using it for a few months to come, but
> when
> the next production series comes around it will really be gone.  It's an
> early
> headsup.
>
> Hmm - I'm 3/4 way through my proof  of concept and rolling out into lab
over the coming 6-8 weeks. Production should be in 2-3 months. Should I
continue with mcollective 2.2.x / stomp 1.2.2 / Active MQ 5.5 or wait a bit
longer?

Thanks

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] How do I manage puppet.conf? Let me count the ways.

[John Warburton]

On 18 January 2013 09:14, Ashley Gould  wrote:

> But why so many methods?  Why is there not a single recommended best
> practice method for managing puppet.conf?
>
> ANSWER: Because puppet.conf lacks an include statement.


So, we generate puppet.conf at jumpstart/kickstart and never ever touch it
again, so I don't quite understand why you need to manage it...


> Sorry for the rant.  I'm sure the above suggestion would have issues
> too.  I'm now on my 3rd major overhaul of our puppet infrastructure
> classes solely because of this one file.  I refuse to believe this is a
> conspiricy just to get us to purchase PE.  But there must be a better
> way.
>

This is what we have:
* External node classifier - you really do need one of these (IMHO)
* Web interface to ENC
* Wrapper script to puppet agent called by cron
* We query the ENC when we generate puppet.conf at jumpstart/kickstart

The wrapper script does a wget to the ENC for the host to determine its
environment and location. From that it determines what its puppet server/CA
server is. All servers (puppet, report, CA) are CNAMEs

The only time we ever regenerate a puppet.conf is if we move the server
in/out of lab as our lab has separate puppet server/CA/report to production

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Puppet LVM create volume maximum size

[John Warburton]

On 8 January 2013 22:22, ollies...@googlemail.com
wrote:

>
> Never mind sorted it with the help of
> http://projects.puppetlabs.com/issues/14718
>

Nice one. I thought it was just my wrapper around it. The doc
implies setting size to
"undef", which I've never been able to get working:

   - size

   The size of the logical volume. Set to undef to use all available space

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Managing core files using coreadm (Solaris + Puppet)

[John Warburton]

Whilst the format is undocumented, if you stick to what coreadm -p
produces, you should be fine. It's just not really worth the hassle. Here's
what we do:

# The format of /etc/coreadm.conf is *undocumented* and subject to
change
# without notice, this *should* use coreadm(1) to check and edit, but
# in the absence of a provider or custom type we just retain the file.
# NOTE: "coreadm -u" rewrites the file, replacing any comments with
# a standard header, so cannot keep version info there or puppet will
# keep trying to overwrite the updated file with it's source copy.
# The "source" below must be kept identical to "coreadm -u" output;
# if the options change, use coreadm to update them on a system, then
# take an exact copy of it's output file to replace the file below.
file { '/etc/coreadm.conf':
ensure => present,
owner  => root,
group  => other,
mode   => 0644,
source => 'puppet:///modules/security/etc/coreadm.conf',
notify => Exec['coreadm'],
}
exec { 'coreadm':
command => 'coreadm -u',
refreshonly => true,
path=> '/bin:/usr/bin',
}



On 9 January 2013 08:50, skhan@  wrote:

> Did anyone ever get this working.  I am also looking to modify the core
> parameters on my system.  Any help would be appreciated.
>
>
> On Saturday, May 30, 2009 4:46:07 AM UTC-4, Greg wrote:
>>
>> Martin,
>>
>> I'm also not a fan of trying to retrofit stuff on top of undocumented
>> features. My problem is that Puppet runs already take 1 minute every
>> half hour, I am trying to reduce it if possible - otherwise I am
>> going
>> to start getting complaints by users about me taking their precious
>> CPU time...
>>
>> I haven't implemented a type of my own before, has anyone got
>> a guide on what needs to be implemented, etc.? Also how are types
>> delivered to the puppet clients? Is there something similar to
>> factsync?
>>
>> Greg
>>
>> On May 29, 6:47 pm, martin  wrote:
>> > Greg,
>> >
>> > knowing better than to mess with (readable) but unpublished
>> > interfaces. /etc/coreadm.conf clearly states that you shouldn't edit
>> > file directly, which means that they can introduce a new field in a
>> > patch, which may get you into a world of hurt :)
>> >
>> > I use option number 2) - the overhead really isn't that much, but if
>> > you want to get it down as much as possible:
>> > create a new type which runs "coreadm" without any options (which
>> > outputs the contents of /etc/coreadm.conf) and parse that, and adjust
>> > the incorrect values.
>> >
>> > cheers,
>> > /Martin
>> >
>> > On May 28, 2:10 am, Greg  wrote:
>> >
>> > > Hi all,
>> >
>> > > I have an interesting one - Solaris uses a lot of commands to
>> > > configure specific items. A simple
>> > > example is coreadm. In this example:
>> >
>> > ># coreadm -p "/var/core/core_%n_%f_%u_%g_%**t_%p"
>> >
>> > > will set the directory and filename to dump core files (with some
>> > > expansion).
>> >
>> > > The question is - how to get this to run only if the config has
>> > > changed. I have come up with 2 options, neither of which I'm that
>> > > happy with, so I'm open to ideas...
>> >
>> > > Option 1: Manage the resulting config file.
>> >
>> > > file { "/etc/coreadm.conf":
>> > >   owner => root,
>> > >   group => other,
>> > >   mode => 644,
>> > >   source => "puppet:///cores/coreadm.conf"**}
>> >
>> > > exec { "/usr/bin/coreadm -u":
>> > >   refreshonly => true,
>> > >   subscribe => File["/etc/coreadm.conf"]
>> >
>> > > }
>> >
>> > > Option 2: Check for individual changes using coreadm:
>> >
>> > > exec { "/usr/bin/coreadm -p /var/core/core_%n_%f_%u_%g_%t_**%p":
>> > >   onlyif => 'test `coreadm | grep "global core file pattern:" | awk
>> > > '{print $5}'` -ne /var/core/core_%n_%f_%u_%g_%t_**%p'
>> >
>> > > }
>> >
>> > > The problem with option 1 is that Sun don't recommend messing with
>> the
>> > > config file directl

Re: [Puppet Users] Does facter 2.x need cfengine key support?

[John Warburton]

On 8 December 2012 04:34, Peter Meier  wrote:

>  And why shouldn't it?
>

Nagios is being
removed
from
core . Cfengine isn't core, and
falls under the same logic

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Does facter 2.x need cfengine key support?

[John Warburton]

We were tripped up (we shot ourselves) on facter 1.6.x looking in a missing
NFS mounted /usr/local, which got me thinking - does facter 2.x really need
this?

https://github.com/puppetlabs/facter/blob/2.x/lib/facter/Cfkey.rb

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet report aggregation

[John Warburton]

On 6 December 2012 20:29, Luke Bigum  wrote:

> I haven't looked at The Foreman in a while but in my mind it's more like
> Puppet Dashboard - correct me if I'm wrong. What I'm aiming for is a tool
> that can aid change / release management where we run Puppet --noop across
> the estate, gather all the reports, then summarise what changes will be
> applied (resolv.conf changes on all hosts, fstab changes on 20 hosts,
> service X refreshes on Y hosts).
>
> I don't really want to be searching for explicit resources changing across
> hosts, it's the resources I don't know about that worry me ;-) Is the
> foreman worth a look in this case?
>
> Luke, we use the puppet dashboard which aggregates all the reports and
then lets us suck down a CSV ("Export nodes as CSV" on front page) which
contains a status of all resources on all machine reporting. We run puppet
in noop all the time, so need similar reports you are requesting. It is
just a matter of slicing & dicing the csv to get what you want

% wget http://localhost:3000/nodes.csv

# Omit all the resources in sync
% egrep -v ',0,0,false,false' nodes.csv | wc -l
146057
% wc -l nodes.csv
612762 nodes.csv
% echo "scale=2; 146057*100/612762" | bc
23.83

Almost 24% of all resources (600K mind you) out of sync

We can check our security module compliance:
% egrep -v ',0,0,false,false' nodes.csv | grep modules/security|wc -l
6992
% grep modules/security nodes.csv|wc -l
30433
% echo "scale=2; 6992*100/130433" | bc
5.36

5% *resources* out of sync from our security module. Not bad. We can dice
it to give percentages of hostnames too

Top 10 resources out of sync:
% egrep -v ',0,0,false,false' nodes.csv | awk -F, '{print $7, $8}' | sort |
uniq -c | sort -rn | head
898 File /etc/sudoers
801 File /opt/local/sbin/run-puppet.sh
792 File ntp.conf
754 File vposend-test.pl
752 File /opt/local/sbin/puppet-register.sh
751 File /var/puppet/etc/local_puppet_info
745 File /etc/default/passwd
711 File /local/apps
710 File /etc/default/nfs
705 File /etc/ssh/sshd_config

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Please document reports:prune Task Leaves Orphaned Data in Dashboard Documentation

[John Warburton]

Dear Puppet Labs

I recently upgraded dashboard from 1.2.2 to 1.2.14. It was somewhat painful
given the number of orphaned records that needed purging during database
conversion

Some weeks later, my 20 Gb mysql partition fills up with what should be a
1.5 Gb database. I assumed that with the orphaned record script being
created, the purging old records would no longer create orphaned records in
1.2.14

I was wrong, and see it is documented for PE (
http://docs.puppetlabs.com/pe/2.0/welcome_known_issues.html#consoles-reportsprune-task-leaves-orphaned-data)
but not in the open source dashboard (
http://docs.puppetlabs.com/dashboard/manual/1.2/maintaining.html)

Can you please save others my experience and update the open source page?
I've created https://projects.puppetlabs.com/issues/17712 for this request

Thanks

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Have Class Only Perform Actions When There Is Work To Do (i.e. Making Them Idempotent)

[John Warburton]

On 30 October 2012 01:59, jcbollinger  wrote:
> On Friday, October 26, 2012 1:50:53 PM UTC-5, Dave Mankoff wrote:
>>
>> [...] I wanted to avoid package management systems only because they are
>> way more complicated than a basic install of python requires:

> There is a bit of a learning curve for building your own packages,
> multiplied by the number of packaging systems you actually need to deal

https://github.com/jordansissel/fpm

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Variables and autoloading

[John Warburton]

On 16 October 2012 01:03, jcbollinger  wrote:

> In fact, in a reprise of my "voice crying in the wilderness" routine, I
> will urge you to avoid writing new parametrized classes for any
>

I hear you

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Create a variable variable

[John Warburton]

On 15 October 2012 23:12, rvlinden  wrote:

> Hi all,
>
> I'm wondering if puppet can create a variable based on another variable ??
> Here is an example
>

A quick google of "puppet variable variables" found me
https://blog.kumina.nl/2010/09/puppet-tipstricks-variable-variables/

I've used the method described

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Autosign frequency

[John Warburton]

On 30 August 2012 14:03, Peter Bukowinski  wrote:

> How many nodes is your puppetmaster currently servicing? I have one
> servicing about 700 nodes, splayed over an hour check-in interval, and any
> new nodes I add (that fall into my autosign subdomain) get signed
> immediately on their first puppet run.
>
> We run puppet twice daily (6am & 6pm splayed over an hour), and most
builds are done outside of that time frame so the puppet server is pretty
idle as you can see in my example - just one catalog compile to do in
between request & signing

Here's an example of a signing request on an idle server last week before
the short name certificates (no correlation to restarting the daemon
here...)

Aug 23 10:37:43 cornadm010 puppet-master[25783]: [ID 702911 daemon.notice]
blkasec001.domain.com has a waiting certificate request
Aug 23 10:44:24 cornadm010 puppet-master[25783]: [ID 702911 daemon.notice]
Signed certificate request for blkasec001.domain.com

Thanks for taking a look

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Autosign frequency

[John Warburton]

Hi Puppet Gurus

I am running puppet 2.6.16, ruby 1.8.7-p249, on puppet server with
passenger on Apache. These are my gems:
builder (2.1.2)
fastthread (1.0.7)
mysql (2.8.1)
passenger (2.2.14)
rack (1.1.0)
rake (0.8.7)

We manually manage autosign.conf to allow new builds to continue so
certificates can be signed automatically. This has been working well for a
couple of years, but I've always wondered what triggers the puppet master
to sign the certificate. We can wait 5-10 minutes for a signing request to
be fulfilled.

We made a change last week to now use short names as the certificate names
(not FQDN) and now we're looking closer to 30 minutes for a request to be
signed :-(

The only correlation I can see in the logs is that just before a request is
signed, a new puppetmasterd is spawned by passenger:

Aug 28 22:15:09 engnadm010 puppet-master[26047]: [ID 702911 daemon.notice]
labcsvr004 has a waiting certificate request
Aug 28 22:24:06 engnadm010 puppet-master[26031]: [ID 702911 daemon.notice]
Compiled catalog for engnadm010.bfm.com in environment lab in 19.65 seconds
Aug 28 22:37:11 engnadm010 puppet-master[26031]: [ID 702911 daemon.notice]
labcsvr004 has a waiting certificate request
Aug 28 22:39:47 engnadm010 puppet-master[27717]: [ID 702911 daemon.notice]
Starting Puppet master version 2.6.16
Aug 28 22:40:52 engnadm010 puppet-master[26047]: [ID 702911 daemon.notice]
Signed certificate request for labcsvr004

Here are my passenger Apache config entries:
PassengerHighPerformance on
PassengerMaxPoolSize 15
PassengerPoolIdleTime 300
PassengerUseGlobalQueue on
PassengerStatThrottleRate 120
RackAutoDetect Off
RailsAutoDetect Off

Is there any way I can speed up things so that puppet signs the request
immediately?

Thanks

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] thoughts on puppet 2.7 vs 3.0

[John Warburton]

On 30 August 2012 00:52, Jason Antman  wrote:

> For anyone in the know, given this situation, would you recommend building
> on puppet 2.7.18, or trying to draw things out as much as possible and wait
> for a stable 3.x release? Does anyone have any general idea of when one
> might be forthcoming (weeks? months? next year?)
>
> I'm in a similar position with 1000 hosts, 100 odd modules, 2K+ resources
managed by puppet on 2.6.x. Given the deprecation warnings, and changes in
2.7, then 3.x, I'm using 2.7 both as a stepping stone to 3 (code cleanup)
and added functionality (puppet DB)

Seeing how 2.7 wasn't suitable *for me* until 2.7.10 due to some specific
bugs, I think you should move to 2.7 unless you have a simple setup and
prepared to wait for 3


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] newish puppet on RHEL4 and/or SLES9?

[John Warburton]

On 16 August 2012 00:41, Jason Antman  wrote:


> by the same system. That list is about 95% RHEL/Cent 5 or 6, but there's a
> few RHEL4 and SLES9 machines on the "must have" list. As upgrades are very
> unlikely, I'd like to be on the newest version possible - ideally, 2.7.12+
> on the master so I can leverage puppetDB.
>
> Is anyone out there running new-ish puppet (2.7, or else 2.6) on such
> ancient beasts? If so, can anyone point me at sources for the packages, and
> dependencies? Or perhaps have spec files to share?
>
> I'd like to say I can spend the time to build and test puppet and all the
> dependencies, but alas, that is very far from the case.
>
> The big hurdle is getting a modern ruby running on the older release. Then
any version of puppet/facter should work

Here's a post from 3 years (
https://groups.google.com/forum/?fromgroups#!topic/puppet-users/PeZ3ffCnW6I[1-25])
ago of me giving instructions to get ruby/puppet running on VMWare ESX 3.5
which was derived from RHEL 3. Shoud work for RHEL 4

You may be struggling to find a fully functional puppet tool chain for an
older RHEL - some work may be required

Regards

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Announce: Facter 2.0.0rc1 Available

[John Warburton]

On 16 May 2012 10:15, Matthaus Litteken  wrote:


> Facter 2.0 is designed to accompany the upcoming Puppet 3.0 release
> and has breaking changes from Facter 1.6.x. Facter 2.0 is not
> backwards compatible with Puppet 2.6 or 2.7.
>

Will you be documenting the "breaking changes"?

Thanks

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet 3.0 and Hiera

[John Warburton]

Thanks R.I. & Craig Dunn

On 8 May 2012 21:43, R.I.Pienaar  wrote:

>
> If you want the same abilities that CSV has then this would be your YAML:
>
> sysadmin: y...@your.com
> nameservers: [1.2.3.4, 2.3.4.5]
>
> just that simple, I think this is much clearer than CSV.  If people really
> are


That's great - an easy migration then

Cheers

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet 3.0 and Hiera

[John Warburton]

On 8 May 2012 20:00, Derek J. Balling  wrote:

>
> On May 7, 2012, at 12:47 PM, Christopher Wood wrote:
> > Wrapper script (similar concept for anywhere with a yaml reader):
>
> Still have to *write* the YAML files.
>
> Oh yeah. This is my big motivator sticking with extlookup and not
converting to Hiera - anyone in the team can do CSV. But YAML is starting
to push well into the dev camp and far away from ops (IMHO)

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Creating a system module path (starting with Telly)

[John Warburton]

+1

A couple of requests:
- Notifications on module updates:
https://projects.puppetlabs.com/issues/12587
- Testing - I'd like to confirm these module paths support environments

John

On 24 April 2012 07:03, Michael Stahnke  wrote:

> There was some discussion and concern about moving the Nagios
> types/providers out of the core area of Puppet for Telly.  We made a
> mistake of talking about a point solution to a problem rather than the
> vision on where we’d like it to go, and why.  We’ve attempted to
> outline this a bit more so you can hopefully have a better
> understanding of our ideas.  As always, feel free to comment and voice
> concerns.  This isn’t set in stone and at this point is a proposal.
>
> == The Problem ==
>
> Bundling types and providers into the core of Puppet has a few problems.
>
> The most important problem is that it ties releases of the types or
> providers to releases of core Puppet.  That is a pretty slow moving
> (for stability) system, and it is also a system where most of the
> investment goes into supporting new releases rather than improving
> older releases.
>
> We want to keep our core stable, while allowing the community platform
> experts, distro maintainers and other users to enhance the experience
> with certain aspects of Puppet without having to wait for the next
> major release.
>
> The secondary problem is that it plays favourites - some platform
> types are in core, others are not.  Some monitoring systems, or disk
> management systems are in core, others are not.  That doesn't reflect
> the real importance of those types, or that some are more special or
> more stable than others - just happenstance of time.
>
> On the other hand, having Puppet work out of the box is awesome.  You
> should be able to install Puppet and immediately get started, managing
> your platform and generally doing awesome things.
>
> Puppet with no types, and no providers, is not awesome.  It can't do
> anything - and "install twenty things, then ..." is not a good
> introductory experience.
>
> == Proposed Solution ==
>
> We want to take some of the great lessons from other platforms - Perl,
> Python, and Ruby - and apply them to this problem:
>
> We are proposing to pull more types and providers out of Puppet, so
> they get the benefit of an independent release cycle, and the
> advantages of full forge integration.
>
> We also propose to have a "system" module path: a set of modules that
> ship with core Puppet, taken from the forge, and available by default
> at install time.  They will ensure that Puppet is still awesome out of
> the box - but that you can list modules and their versions, and can
> update freely.
>
> We also plan a "vendor" module path, and a "site" module path.  Other
> platforms have shown the value of this: when distributions package
> Puppet, they might want more or different modules to support their
> systems better.  Allowing them to drop into the vendor module path and
> operate in the same way as our system modules makes it easy to use
> normal modules in an awesome way.
>
> Finally, the "site" module path allows for easy deployment of modules
> through other packaging systems like yum and apt, internally to
> companies and sites that want a different path for versioning modules.
>  They separate the mutable path used by the local tool and the managed
> path for self-packaged modules.
>
> This seems to offer the best of both worlds: we can take full
> advantage of the strengths of modules, but without giving up the
> awesomeness of Puppet that does great things out of the box.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>


-- 
John Warburton
Ph: 0417 299 600
Email: jwarbur...@gmail.com

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] configuration version variable?

[John Warburton]

On 7 April 2012 03:12, psychobyte  wrote:

> Thanks for the reply Patrick but, I should have been more specific.
>
> I wanted the "puppet configuration version" as in
>
> info: Applying configuration version '1333729957'
>
> So any file that gets manipulated by puppet has it in a header.
>
>
This is a good question - its been on my to do list for a while.

http://docs.puppetlabs.com/guides/faq.html#are-there-variables-available-other-than-those-provided-by-facter

ok - looks good

% vi local_puppet_info.erb
#
# Puppet server:
modulepath:  <%= scope.lookupvar('settings::modulepath') %>
manifest:<%= scope.lookupvar('settings::manifest') %>
manifestdir: <%= scope.lookupvar('settings::manifestdir') %>
config_version:  <%= scope.lookupvar('settings::config_version') %>

yields:
#
# Puppet server:
modulepath:  /local/file-repo/lab/modules
manifest:/local/file-repo/lab/manifests/site.pp
manifestdir: /local/file-repo/lab/manifests
config_version:  cat /local/file-repo/lab/version

Oh noes - well its correct but doesn't return what I really want:

info: Applying configuration version 'lab-r49068'

I suspect Patrick's hiera magic may have the same issue

Any suggestions where we go from here?

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] stdlib module not working

[John Warburton]

On 30 March 2012 20:18, Stefan Wiederoder
wrote:

> thanks Eric,
>
> ensure did the trick, now I´m stuck while trying to use a facter variable
> within the line statement:
>
> file_line { "tmpfs entry":
> line => "tmpfs  /dev/shmtmpfs   size=${kis_tmpfs_size}  0 0",
> path => "/etc/fstab.d/system.fstab",
> ensure => present
> }
>
> maybe it´s better to try validate_string.
>

Per Dan White - you should be using puppet built in resources for the job:
the "host" resource for modifying /etc/hosts and the "mount" resource for
modifying /etc/fstab -
http://docs.puppetlabs.com/references/latest/type.html

I define $tmpfs_size elsewhere

mount{ "/tmp":
ensure  => mounted,
device  => "tmpfs",
fstype  => "tmpfs",
pass=> "0",
dump=> "0",
options => "size=${tmpfs_size}m,mode=1777",
}

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] puppet eating solaris 10 crontab for lunch

[John Warburton]

On 14 March 2012 09:16, Romeo Theriault  wrote:

> Here are the logs the solaris 10 box returns after it's crontab gets
> destroyed:
>
> ERR Puppet  Could not prefetch cron provider 'crontab': Could not read
> crontab for root: No child processes
> NOTICE  /Stage[main]/Puppet/Cron[puppet]/ensure created
> NOTICE  Puppet  Finished catalog run in 2.52 seconds
>
> After this the only thing that exists in the crontab is the entry we
> have puppet adding.
>
> I found this bug:
>
> http://projects.puppetlabs.com/issues/1672
>
> which says there was a fix and it was merged but we're still seeing
> this issue...
>
> puppet agent v. 2.7.9
> facter v. 1.6.5
>
>
It could be this bug - https://projects.puppetlabs.com/issues/5752

That and https://projects.puppetlabs.com/issues/9854 are keeping me from
pushing migrating to 2.7 up my priority list

Indeed, there are 5 issues marked Urgent in the 2.7.x bucket

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] How do I quote a percent sign in the text of a template?

[John Warburton]

On 9 March 2012 09:58, Garrett Honeycutt  wrote:

> On 3/8/12 4:28 PM, John Warburton wrote:
> > I am turning my kickstart files into templates, but am having issues
> > with percent signs in free form text. This returns a syntax error:
> > %post
>


ERB should not have any problems with percent signs in a template. I use
> the following bash function to help me with syntax checking.
>
> # puppet template syntax checking
> function pt()
> {
>if [ -z $1 ]; then
>echo "usage: pt "
>return;
>fi
>/usr/bin/erb -P -x -T '-' $1 | /usr/bin/ruby -c
> }
>
>
Thanks to an off list discussion, my problem was really with a line that
looked like "%post --logfile /root/ks-postinstall.log" and the "-P" in the
pre-commit hook told erb to ignore lines starting with a "%" for checking

I have updated the erb checks in
https://projects.puppetlabs.com/projects/puppet/wiki/Puppet_Version_Controlto
include "-P"

Thanks Garrett

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] How do I quote a percent sign in the text of a template?

[John Warburton]

Hi

I am scratching my head on this not being a ruby person...

I am turning my kickstart files into templates, but am having issues with
percent signs in free form text. This returns a syntax error:
%post

OK, fine , let me escape it:

%%post

No error, but the end result is
%%post

Not quite what I wanted

I'm missing something blindingly obvious - can someone point me to it? :-)

Thanks

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: How do I track updates to forge modules?

[John Warburton]

On 11 February 2012 01:15, Kelsey Hightower  wrote:

> On Feb 2, 5:55 pm, John Warburton  wrote:
> > Is there a way to "watch" modules and be notified if they are updated?
> >
> > I can't see anything obvious in the documentation
>


> Currently there is no easy way to "track" when modules are updated on
> the Forge. One way I can think of to track updates to modules, but not
> necessarlly releases to the Forge, would be to follow the project on
> Github.
>
>

> This also sounds like a really good feature request which can be
> opened here: https://projects.puppetlabs.com/projects/module-site
>
> Thanks Kelsey - raised https://projects.puppetlabs.com/issues/12587

Regards

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: How do I track updates to forge modules?

[John Warburton]

On 3 February 2012 09:55, John Warburton  wrote:

> Is there a way to "watch" modules and be notified if they are updated?
>
> I can't see anything obvious in the documentation
>

Anyone? Bueller?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] How do I track updates to forge modules?

[John Warburton]

Is there a way to "watch" modules and be notified if they are updated?

I can't see anything obvious in the documentation

Thanks

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Chef knife equivalent in puppet

[John Warburton]

On 2 February 2012 12:28, Nick Fagerlund wrote:

> This is done:
>
> http://docs.puppetlabs.com/pe/2.0/console_classes_groups.html#rake-api
> http://docs.puppetlabs.com/dashboard/manual/1.2/rake_api.html
>
> Thanks Nick - that's great

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Chef knife equivalent in puppet

[John Warburton]

On 2 February 2012 11:16, Nick Fagerlund wrote:

> Like this?
>
> http://docs.puppetlabs.com/pe/2.0/console_classes_groups.html#rake-api
>
> It needs a few more tasks added, and then I'll C&P it to the dashboard
> manual too.
>
> Very nice. Thanks!

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Chef knife equivalent in puppet

[John Warburton]

On 2 February 2012 09:25, Nan Liu  wrote:

>  Using the rake task is reasonably straightforward. I'm not finding an
> authoritative documentation, but you can use this page as starting
>

Nan, this has been bugging me for a while - I've raised this as an issue -
http://projects.puppetlabs.com/issues/12366

Regards

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet Dashboard Questions

[John Warburton]

n 6 December 2011 11:49, hai wu  wrote:

> Great! Is there any API to use to retrieve these information from
> dashboard database, so that we could generate a nice report via email,
> with short and verbose versions for such report?
>
>
API? Unix text tools, perl, ruby, Excel - choose your poison as you can
wget the URL from "Export nodes as CSV" on the front page

You may want to use my grep in
http://projects.puppetlabs.com/issues/7687#note-3 to trim down what you
have to deal with

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Using puppet+augeas to modify multiple files

[John Warburton]

On 29 November 2011 01:17, Graham Leggett  wrote:

> On 27 Nov 2011, at 20:04, Graham Leggett wrote:
>
> > I have a task to convince puppet and augeas to modify multiple postfix
> > files, most specifically /etc/postfix/main.cf and /etc/postifx/
> > acceptdomains.cf (and other LDAP related files), and I'm struggling to
> > find out how to do that. I have found examples on how to use augeas to
>

Graham - the initial allure of Augeas is attractive, but we ended up using
puppet's File resource with files and templates. It enabled us to have the
files & templates under version control (big win) and gave us the
flexibility if we need to change other parts of the config file - you don't
end up with an Augeas resource per line of the file! And its much more
intuitive at a glance as to what is going on

Regards

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] URL too long...

[John Warburton]

On 12 October 2011 06:52, Matthew Nicholson
wrote:

>
> 414 Request-URI Too Large
> 
> Request-URI Too Large
>


> Which run just fine. All the clients involved have identical puppet
> versions (2.6.7, the master is 2.7.1). I know I can change the URL
>
> It looks like http://projects.puppetlabs.com/issues/6117. Can you try with
a client running 2.7.x as well?

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Hostname fact doesn't handle hostnames with periods

[John Warburton]

On 8 October 2011 09:26, Adrien Thebo  wrote:

> You can effectively override a fact by setting the weight, as follows
>
> Facter.add(:hostname) do
>  has_weight 200
>  setcode do
># your own hostname implementation
>  end
> end
>
>
Now that is something worth knowing. Can this be added to the documentation?
I can't see reference to it in
http://docs.puppetlabs.com/guides/custom_facts.html or
http://projects.puppetlabs.com/projects/1/wiki/Adding_Facts

Thanks

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Source of external node data?

[John Warburton]

On 16 September 2011 07:32, Douglas Garstang wrote:

> Where are people more likely to source external node data from?
>
> a) By using extlookup, hiera etc within each puppet module to load
> data specific to that module, OR
> b) Having the external node script source everything at once from, say
> a database, and then dump all the variables that the node will ever
> need.
>

Both. The rule we have is:
- extlookup - more than one host where we can group data
- ENC for one off's

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] ANNOUNCE: Puppet Module Tool version 0.3.4

[John Warburton]

On 10 August 2011 11:24, Scott Smith  wrote:

> How will it know which directory in your modulepath to install it?
>
That's the point. You need to explicitly cd to the correct modulepath
directory first. Per my example at the bottom

$ cd /path/to/forge/modules
$ puppet-module install puppetlabs-lvm

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] ANNOUNCE: Puppet Module Tool version 0.3.4

[John Warburton]

On 10 August 2011 08:47, James Turnbull  wrote:

> We've just released version 0.3.4 of the puppet-module tool used to
> create and retrieve modules from the Puppet Labs Forge
> (http://forge.puppetlabs.com).
>
> excellent


> Will now be installed into your module path as:
>
> apache
>

No, actually it won't install into your module path: "This archive is then
automatically unpacked into a new directory under your current directory" --
unless you are in your module path

So reading the section "Install a module release" it says "You can then add
this *module directory* to your Puppet configuration files to use it". My
mind went huh? Seems like I'm not the only one (
http://groups.google.com/group/puppet-users/browse_thread/thread/6ae174f50e5f7364
)

After 20 minutes of googling and Mr Google telling me there was a section on
the forge in Chapter 8 of Pro Puppet, I read the examples and worked out
that I need to install into modulepath as set in my puppetmaster config file

modulepath seems to be the key text missing in the instructions & examples.
It may be obvious for people who have been doing this, but first timers, its
not quite there.

So, if I was doing this, I'd have something like:

[environment]
modulepath = /path/to/environment/modules:/path/to/forge/modules

$ cd /path/to/forge/modules
$ puppet-module install puppetlabs-lvm

[BTW this doesn't sit too well with me - seems to manual. I may end up
creating an RPM/pkg for each module to install...]

Hope this helps someone out there

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Validating a puppet configuration

[John Warburton]

On 1 August 2011 15:47, Nikolay Sturm  wrote:

> * Lars Kellogg-Stedman [2011-07-29]:
> > I am trying to place some sanity checks (currently as git pre-commit
> > hooks) in our configuration repository to avoid committing invalid
> > Puppet configurations.
>
> This is exactly the use case for cucumber-puppet. It compiles your
>

Does anyone do this on a large scale? I have 140 manifests managing over
1600 resources. Writing cucumber for all that seems quite burdensome

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Solaris mount provider question

[John Warburton]

On 14 July 2011 09:06, Stefan Schulte wrote:

> On Wed, Jul 13, 2011 at 02:54:07PM -0700, Aaron Grewell wrote:
> > I'm trying to mount multiple swap partitions in Solaris, but I'm not sure
> > how to create a working syntax for that.  Since the mountpoint for a swap
> > partition is '-' adding more than one is going to result in a multiple
> > declaration.
>


> You cannot manage a mountpoint (here "-") twice because puppet uses the
>  mount point to identify your resource.
> (there is an old bug report about your exact same usecase:
> http://projects.puppetlabs.com/issues/611)
>
> That's the problem - Solaris swap entries in vfstab do not have unique
names for the mount point - just a "-". I sort of hinted at this in
https://projects.puppetlabs.com/issues/6845#note-12 (which Stefan sorted -
so he's the guru on this)


> Puppet just needs something to identify a resource and for the mounttype
> it is the mount point. You probably can use an exec resource like
>
>
Maybe someone else has better ideas?
>
> I can think of nothing short of modifying the mount provider to accept a
different name for the specific case of swap mount entries. Not pretty.
Maybe it could be merged into https://projects.puppetlabs.com/issues/7188:-)

Regards

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] puppet-dashboard delayed workers

[John Warburton]

On 13 July 2011 13:49, Nathan  wrote:

> Hello
>
> I have just installed puppet dashboard from git.
>
> everything seems to load ok except it seems as though background tasks
> are not being run.
>
> You have to start them up yourself. An init script is a good idea to ensure
they get started at boot time


> According to the code README:
>
> running: # env CPUS=4 RAILS_ENV=production /.../script/delayed_job -p 
> dashboard -n $CPUS -m start
>
>
> will start the worker.
>
> You need to take that example with a grain of salt and do what works for
you. For me, on Solaris that invocation silently quit. Maybe it was the
"env". This worked for me:

% RAILS_ENV=production ./script/delayed_job -p dashboard -n 2 -m start

however it seems as though it is not running (or if it is how can I check?)
>
> "ps" :-)

 % ps -ef|grep delayed_job
  puppet  7984 1   0   Jul 03 ?   0:11 ruby ./script/delayed_job
-p dashboard -n 2 -m start
  puppet  7980 1   0   Jul 03 ? 745:31 ruby ./script/delayed_job
-p dashboard -n 2 -m start
  puppet  7979 1   0   Jul 03 ?   0:12 ruby ./script/delayed_job
-p dashboard -n 2 -m start
  puppet  7988 1   0   Jul 03 ? 748:59 ruby ./script/delayed_job
-p dashboard -n 2 -m start

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Has anyone noticed this - mount resource type and Solaris

[John Warburton]

Its a known issue http://projects.puppetlabs.com/issues/6845 - introduced in
2.6.7, fixed in 2.6.9 (which is currently in rc stage - please test it)

John

On 16 June 2011 09:46, Jacob Helwig  wrote:

> On Thu, 16 Jun 2011 09:31:06 +1000, Jonathan Elliott wrote:
> >
> > Hi,
> >
> > I've been having trouble with this resource type on Solaris using the
> > packages from the OpenCSW repository.
> >
> > Delving into the code, I've found that the operatingsystem fact isn't
> being
> > retrieved correctly by the parsed.rb code for the resource type.  This
> > results in the default fields being used to populate /etc/vfstab and this
> > causes mounts to fail owing to incorrectly formatted lines.
> >
> > My workaround has been to change the following code fragment:
> >
> > case Facter["operatingsystem"]
> >   when "Solaris"
> > @fields = [:device, :blockdevice, :name, :fstype, :pass, :atboot,
> > :options]
> >   else
> >
> > (blah blah blah)
> >
> > to
> >
> > case Facter.value(:operatingsystem)
> >   when "Solaris"
> > @fields = [:device, :blockdevice, :name, :fstype, :pass, :atboot,
> > :options]
> >   else
> >
> > And everything seems to work just fine.
> >
> > My questions are as follows:
> >
> > 1. Is this a known issue?
> > 2. If so, is it a problem with Puppet 2.6.x, all Puppet versions (I don't
> > recall having issues with 0.25.x, for example) or just the OpenCSW
> packages?
> > 3. How do I raise a bug report if it turns out that I have some kind of
> > clue?
> >
> > Note that I do _not_ speak Ruby and what I've done has been based on a
> > combination of some tactical use of Google and educated guesswork.  I
> fully
> > expect to be told that I've got this whole issue completely wrong.  If
> > that's the case, I'd appreciate any pointers as to where my error(s)
> > lies/lie.
> >
> > Thanks.
> >
> > --
> > You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> > To post to this group, send email to puppet-users@googlegroups.com.
> > To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> > For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
> >
>
> We've started work on reworking the the whole mount type into it's
> component pieces (the fstab & active mounts) as a plugin[1][2].  We also
> started with Solaris support, and it would be great to get more eyes on
> it to test it out.  It currently has a few limitations (can't specify
> the fstype on the mountpoint type, and mountpoint resources really won't
> work without a proper entry in the vfstab), but it should be usable for
> most cases.
>
> As far as the questions you directly asked:
>
>  1) Not really sure off hand.  Unfortunately, the mount type has a whole
>slew of issues (which is one of the motivating forces behind breaking
>up that monolithic beast).
>
>  2) I doubt it's specific to the OpenCSW packages, but I'm not sure off
>hand if it's 2.6 specific or not.
>
>  3) Pop on over to the redmine instance[3], and file a bug report.
>Doesn't hurt to mention that you've done so on here.
>
> [1] https://github.com/puppetlabs/puppetlabs-mount-providers
> [2] http://projects.puppetlabs.com/issues/7188
> [3] http://projects.puppetlabs.com
>
> --
> Jacob Helwig
>
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iQGcBAEBAgAGBQJN+URwAAoJEHJabXWGiqEBdYUMAKbCu1X2NjiaiwQ8ZKNc+LSw
> g0ok9teq/h+mT//HXITjCxTjbLfHM1HK1U3Lt0zobNygl1OY3bAOT9MrvttADCAC
> ywnCni0/WhbembZhg3XLbtD95RNC8kQTbIauAtlw/JHvnoW4IyluBlPSkcIrdpdv
> GL/yTmvZdBKs+kxa9AEHmslQpM+qRVinJugI7XD1V3/HEF/YLmsok7M2tXHJlT4f
> Tm+CGt3kApmj+KrEgjfmFFayPdoodVG3l8NBliiEfTIy/RkzTZbIH62NlPaApgei
> RgBEdbkaFTlDRexjcByk4zRNe70Kr10svDWr9zpZh9WI+flHIBgslQAKXDM19l5a
> Asdy/UZa/MYfQpBtR1EhIhL2AO0gmehOUQu0gZw/qLA7knOrq/rzWXBQ4/EQ2KbN
> b2QHVGGtyWk0XPw4tQmqAJDqBW8j8J0MR65qNMQjodASvXgjiP/bZ0G/sVyi+lMM
> micASZqJyb+azgs9utRP+XoQjSAFnKhyoTgwvQn6mQ==
> =RQPl
> -END PGP SIGNATURE-
>
>


-- 
John Warburton
Ph: 0417 299 600
Email: jwarbur...@gmail.com

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Dealing with samhain

[John Warburton]

gt;>- -- Trevor Vaughan
> > >>  Vice President, Onyx Point, Inc.
> > >>  email: tvaug...@onyxpoint.com
> > >>  phone: 410-541-ONYX (6699)
> > >>
> > >>- -- This account not approved for unencrypted sensitive information --
> > >>-BEGIN PGP SIGNATURE-
> > >>Version: GnuPG v1.4.9 (GNU/Linux)
> > >>
> > >>iEYEARECAAYFAktH5JEACgkQyWMIJmxwHpTUQQCgrGD90YQcMiUV7SbsrNNIrY7h
> > >>884An0f6XKVrqGKnXKVkWfoFwBPbtQfC
> > >>=wp0h
> > >>-END PGP SIGNATURE-
> > >>--
> > >>You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> > >>To post to this group, send email to puppet-users@googlegroups.com.
> > >>To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> > >>For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
> > >>
> > >>
> > >
> >
> > --
> > You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> > To post to this group, send email to puppet-users@googlegroups.com.
> > To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> > For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
> >
>
> --
> http://singinst.org/ :  Our last, best hope for a fantastic future.
> Lojban (http://www.lojban.org/): The language in which "this parrot
> is dead" is "ti poi spitaki cu morsi", but "this sentence is false"
> is "na nei".   My personal page: http://www.digitalkingdom.org/rlp/
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>


-- 
John Warburton
Ph: 0417 299 600
Email: jwarbur...@gmail.com

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] installing puppet client

[John Warburton]

On 24 May 2011 23:55, CHEBRIAN  wrote:

> how to install puppet client thru puppet master .
>
> My requirement is to install puppet client nearly 400 client servers.
>
> its difficult to install puppet client in all the servers by apt-
> get .
>
> As others have said, a for loop ssh if you have root trust to your 400
servers

As an FYI, we have 5.5K servers, and the way we are installing puppet is
doing a server rebuild (with puppet) - so the puppet client is installed at
jumpstart/kickstart time

As you can imaging, it will be time consuming. I think you might just have
to accept the initial hit of work for the puppet goodness that will follow

Regards

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] The quantum effect when loading classes

[John Warburton]

On 21 May 2011 01:22, Nigel Kersten  wrote:

> On Thu, May 19, 2011 at 8:45 PM, John Warburton wrote:
>
>> Can anyone comment / expand upon
>> http://www.nico.schottelius.org/blog/puppet-sometimes-loads-a-class/
>>
>> % cat modules/dns_server/manifests/init.pp
>> import "*.pp"
>> include dns_server
>>
>
> You should avoid import in favor of include like this:
>
> # modules/dns_server/manifests/init.pp
> class dns_server {
>   # actual contents of your dns_server class.
> }
>
> and then your ENC or site.pp just does "include dns_server".
>
> That's what I did below - it seems to have cleaned up the weird behaviour


>
>> % ls -l modules/dns_server/manifests
>> total 56
>> -rw-r--r--   1 warbjoh  unxadmin   22296 Mar 15 18:38 dns_server.pp
>> -rw-r--r--   1 warbjoh  unxadmin 489 Mar 15 18:38 init.pp
>>
>> I have modified the module by renaming dns_server.pp to init.pp and hence
>> removing the "import *.pp"
>>
>>
I was hoping anyone could comment on
http://www.nico.schottelius.org/blog/puppet-sometimes-loads-a-class/

Thanks

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] The quantum effect when loading classes

[John Warburton]

Can anyone comment / expand upon
http://www.nico.schottelius.org/blog/puppet-sometimes-loads-a-class/

I am experiencing a case which may be related. We have an ENC, and recently
on our twice daily noop runs from cron, puppet has reported some servers
aren't in sync because they do not have a certain module/class (dns_server)
even though they are not subscribed to the dns_server module in the ENC

I can't reproduce it from the command line (yay), so am stumped debugging
the issue, however, our dns_server module is not standard, and is probably
causing the screw up

% cat modules/dns_server/manifests/init.pp
import "*.pp"
include dns_server

% ls -l modules/dns_server/manifests
total 56
-rw-r--r--   1 warbjoh  unxadmin   22296 Mar 15 18:38 dns_server.pp
-rw-r--r--   1 warbjoh  unxadmin 489 Mar 15 18:38 init.pp

I have modified the module by renaming dns_server.pp to init.pp and hence
removing the "import *.pp"

I am now waiting to see if that has fixed the issue, but if it has (I
suspect it will), why and how does this happen?

Thanks

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: [Puppet-dev] ANNOUNCE: Puppet 2.6.8rc1 available!

[John Warburton]

On 15 April 2011 11:47, Nigel Kersten  wrote:

> On Thu, Apr 14, 2011 at 4:41 PM, James Turnbull 
> wrote:
> > Stefan Schulte wrote:
> >> Any chance to address #6845 in this release (patch already sent to
> >> puppet-dev)? The mountprovider is currently not working at all on
> >> Solaris (the title »mount tmpfs on Solaris fail« is misleading).
> >>
> >
> > Stefan
> >
> > I've been talking to Nigel.  Answer shortly/tomorrow.
>
> Yes, this was oversight. Lets merge it.
>
> This was not merged into the final 2.6.8 release

Now I am 2 releases behind...

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppetmaster best practice for multiple zones

[John Warburton]

On 20 April 2011 01:49, James Bailey  wrote:

> Hello,
>
> sorry if this is a stupid question but I currently have inherited
> three "security zones" LAN, DMZ and PROD. I currently have Puppet and
> Foreman running in the LAN zone on a host called puppet-lan and I am
> starting to manage the LAN based systems with them.
>
> I am bit stuck however for how best I can managed the remaining two
> zones.  Do create another two puppetmasters and configure them to use
> the existing storeconfigs DB I am currents.  Or do I have two
> additional standalone puppetmasters?  If do the later how will I be
> able to unify my view of the three zones?
>
> All answers welcome, including links to docs I may have missed.
>
> It all depends on your security model. This thread may give you some food
for thought -
http://groups.google.com/group/puppet-users/browse_thread/thread/a1b84a67ee712f93

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] RFC: Refactoring the mount provider.

[John Warburton]

On 23 March 2011 10:21, Nigel Kersten  wrote:

> On Tue, Mar 22, 2011 at 4:05 PM, Stefan Schulte
>  wrote:
>
> > So splitting the mounttype can lead to better reports when puppet sync
> > mountpoint and entry in fstab seperatly. Because I'm lazy I'll propably
> > write a define (maybe I will call it mount) that will create two
> > resources for the two new types.
>
> If we did decide to make this change, we would probably try to get
> such a define/wrapped type that preserved existing semantics into core
> as well, so people could choose to use it.
>

Creating a define to wrap the two resources is essentially option 3 then,
isn't it?

+1 option 3

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] extlookup == bad?

[John Warburton]

OK, I'll bite

In the newly published Style Guide (
http://docs.puppetlabs.com/guides/style_guide.html), right at the end it
says

Modules should avoid the use of extlookup() in favor of ENCs or other
alternatives

But there is no reason as to why.

We have a rule of thumb where we use the ENC to set specific information for
a host, and extlookup for groups of servers (based on class, location, etc
set in the ENC). It works well, and we even received a thumbs up in a recent
Puppet Labs audit of our manifests as we have clear separation of
configuration and data.

So, why should we avoid extlookup()? What should we use instead?

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Node classifier not loading any defined classes

[John Warburton]

On 8 April 2011 19:09, Felix Frank  wrote:

> > *Parts* of your modules.  You can't have custom resource types or custom
> > functions per environment.  And that sucks.
>
> You can't? Is there a bug for this that I can vote on?
>
> http://projects.puppetlabs.com/issues/4409

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] SSL issues: Separate CA, multiple load balanced masters

[John Warburton]

On 7 April 2011 04:02, Andrei Serdeliuc  wrote:

> Hi,
>
> I've been at it for about 4 days now and I just can't figure it out.
> I'm getting the following error when running puppet agent on my
> masters: SSL_connect returned=1 errno=0 state=SSLv3 read server
> certificate B: certificate verify failed
>

It took me a bit longer than 4 days, but using
http://bodepd.com/wordpress/?p=7 as a guide, I did this:

1. CA server is a puppet server with the exact same configuration on all
puppet servers. ca_server is puppet-ca.example.com

2. Same certname everywhere: puppet.example.com. Manage the certs in puppet:
  $etc/ssl/ca/signed/puppet.example.com.pem
  $etc/ssl/certs/puppet.example.com.pem
  $etc/ssl/private_keys/puppet.example.com.pem
  $etc/ssl/public_keys/puppet.example.com.pem

3. Same certdnsname everywhere with every possible combination of name the
client contacts the puppet master with. I have heard (but not tried) you can
use wild cards. This includes puppet-ca.example.com, puppet.example.com, ...

4. I keep all $etc/ssl/ca files managed in puppet too

Note that I use CNAMEs everywhere so I don't have to change certificates if
I replace a machine. Adding machines will require a new cert

Keep playing. Once it works, it works well. I can deploy a new puppet server
in the blink of an eye!

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: manage /etc/passwd and /etc/group

[John Warburton]

On 4 April 2011 23:20, stefanero  wrote:

> Okey,
>
> thank you for this information, so augeas cannot handle this type of
> requests.
>

I noted this a few years ago, and so did a simple line append. (
http://projects.puppetlabs.com/projects/1/wiki/Simple_Text_Patterns)

You may want to file a feature request with the Augeas people to get it to
understand netgroups in the password file

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] mount tmpfs on Solaris fail with 2.6.7

[John Warburton]

Apologies - I haven't had time to test the release candidates. This is a
kicker for us, as I want to start using the new features from the dashboard
& inventory in 2.6.7

https://projects.puppetlabs.com/issues/6845

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: [Puppet-dev] ANNOUNCE: Puppet 2.6.7 final!

[John Warburton]

On 25 March 2011 11:42, Nigel Kersten  wrote:

> On Thu, Mar 24, 2011 at 5:10 PM, Thomas S Hatch wrote:
>
>> These accelerated releases are going to keep us on our toes!
>>
> This is the downside of monthly releases, particularly when we have an
> extra, out of cycle release like we did for 2.6.6.
>

 Also an issue for those of us that don't run mainstream (Solaris :-)
systems where edge case changes may not be tested. I haven't had time in th
epast weeks to test the release candidates, but downloaded 2.6.7 just now
and found massive changes in the mount provider failing on /tmp. Bug to be
filed

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: puppet-dashboard Explorer 8

[John Warburton]

On 13 August 2010 18:59, ScubaDude  wrote:

> Ticket filed (bug, refactor)
>
> On Aug 13, 7:56 am, Matt Robinson  wrote:
> > We weren't aware as none of us are using Internet Explorer.  We'll
> > have to have someone get a copy to test with at some point.
> >
> > Can you file a ticket?
> >
> > http://projects.puppetlabs.com
> >
> > Thanks,
> > Matt
> >
> > On Thu, Aug 12, 2010 at 6:40 AM, ScubaDude 
> wrote:
> > > puppet-dashboard on internet exploder 8:
> >
> > > Layout borked and no graphs?
> > > I was wondering if you were aware of this?
>

Am I the only other person interested in this?
https://projects.puppetlabs.com/issues/4530

Its driving our managers nuts to copy & paste URLs from email to Firefox (if
they have it) rather than just clicking on the dashboard URL and having it
work with the corporate SOE

Please "watch" this ticket if you are interested

Thanks

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] symlink noop error

[John Warburton]

On 11 March 2011 20:57, Stefan Schulte wrote:

> On Fri, Mar 11, 2011 at 03:20:20PM +1100, John Warburton wrote:
> > file {"/path/created/by/some/package/link":
> > source => "/path/created/by/some/package/source",
> > require => Package["somepackage"],
> > }
> >
>
> Currently you're copying a file from source to link. If you want to
> create a symlink do:
>
> file { '/path/created/by/some/package/link':
>  target  => "/path/created/by/some/package/source",
>  ensure  => link,
>  require => Package["somepackage"],
> }
>
> Oh duh, thanks Stefan - couldn't see the wood for the trees!

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] symlink noop error

[John Warburton]

Hi All

I have a bit of a strange one, and am not sure I'm doing this right. This is
with 2.6.4 on Solaris 10

We want to create a sym link from a source file that is created by a
package. If the package isn't installed, puppet in noop is registering an
error (big red in the dashboard) because it cannot stat the source file of
the link.

root@warbjohn# cat /tmp/symlink2.pp
package {"somepackage":
ensure => installed,
}
file {"/path/created/by/some/package/link":
source => "/path/created/by/some/package/source",
require => Package["somepackage"],
}

root@warbjohn# puppet --verbose --noop /tmp/symlink2.pp
info: Applying configuration version '1299817006'
notice: /Stage[main]//Package[somepackage]/ensure: current_value absent,
should be present (noop)
err: /Stage[main]//File[/path/created/by/some/package/link]: Could not
evaluate: Could not retrieve information from source(s)
/path/created/by/some/package/source at /tmp/symlink2.pp:7
notice: Finished catalog run in 10.63 seconds

IMHO, I don't think this should be an error from noop. Is this a bug, or am
I pushing my luck?

Thanks

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Passenger Install Success / Question about logs

[John Warburton]

On 10 March 2011 07:44, Christopher Lee  wrote:

> Hello,
>
> Well I spent the morning getting passenger installed on my RHEL 5 server
> and finally got it working and was able to run an agent update.  But now I
> have a questions about logs, before when we were working we would tail -f
> puppetmaster.log file to see notices and errors, but now this log files is
> not getting updated (makes since), but were can I view the logs now that
> passenger is running?
>
> Logs go to syslog by default

You will have to wait for 2.6.6 to be released for nice autoflushed logs in
passenger to a file other than syslog (
https://projects.puppetlabs.com/issues/4139)

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Proposal: "strict" mode for manifests

[John Warburton]

On 9 March 2011 09:37, Robin Bowes  wrote:

> I'd really like puppet to blow-up at this stage and tell me that I've
> used an variable without defining it first. Those familiar with perl
> will recognise this as "use strict;".
>

Yes please!

There are lots of places where puppet continues where IMHO it should abort.
Here are a few I've been watching:
- syntax errors in config file do not abort daemon:
https://projects.puppetlabs.com/issues/4372
- Invalid settings in config blocks should produce a warning -
https://projects.puppetlabs.com/issues/5218
- Option to make Puppet fail as soon as a resource fails -
https://projects.puppetlabs.com/issues/3933

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] finished, yet execution expired

[John Warburton]

I'd suggest waiting for 2.6.6 to be fully released

>From http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.5
Faster Passenger support

Bug #6257 <http://projects.puppetlabs.com/issues/6257>: Rack POST and PUT
request handling is very slow.

The speed of the Rack HTTP handler has been dramatically improved. This
should prevent timeouts that some users were experiencing when running under
Passenger.

John

On 9 March 2011 03:24, Angelo Corbo  wrote:

> I would like to follow up on this issue, because it was never really
> addressed, as the OP switched to nginx.
>
> I am experiencing a few of those "finished, yet execution expired" runs,
> and I can see from the agent's run (using --trace, as suggested by Jeff)
> that there's a timeout (/usr/lib/ruby/1.8/timeout.rb:64:in `rbuf_fill').
>
> Interestingly enough, this event occurs systematically on one type of hosts
> (I only use role based conf defined by environment), while all other types
> are  completing their runs successfully.
>
> Is this the right thread to post in or would it be better to open a new
> one, yet with the same very effective subject?
>
> Many thanks,
>
> Angelo
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>



-- 
John Warburton
Ph: 0417 299 600
Email: jwarbur...@gmail.com

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Role-based access in Dashboard

[John Warburton]

On 3 March 2011 06:02, Randall Hansen  wrote:

> Role-based access will be one of the next big features in Dashboard.  If
> this is something that would help you, will you tell me the minimum features
> that you would consider useful?  That is, the features without which RBAC
> would be useless to you.
>
> Everything everyone else has said plus audit logging of actions taken by
the user, and ways to report on that (even a "last x changes" on the node
view)

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.