Re: [Puppet Users] Exported resources in Puppet 4 without using PuppetDB?
Trevor: PostgreSQL is considered a competing product. We're not allowed to use competing products without getting approval from the corporate information security group, legal, marketing, and a high level corporate officer (I don't remember how high off the top of my head, but at least 4 levels above my manager), and it's a process that takes months to go through. On Sunday, December 18, 2016 at 9:50:18 AM UTC-8, Trevor Vaughan wrote: > > Hi Johnson, > > Do you have any information on why PostgreSQL is taboo? It might help to > justify supporting additional back-end databases. > > To solve your exported resources problem, you can use this as an example > https://github.com/simp/pupmod-simp-ssh/blob/master/lib/puppet/parser/functions/ssh_global_known_hosts.rb > . > > Now, be aware that this will *not* synchronize between multiple servers > but, if you have a single master, it will work just fine. Alternatively, if > you have a shared filesystem it will also work. > > We're working toward revamping these types of items to use a shared > synchronization system but it's not high priority at this time since most > places can use PuppetDB. > > A better bet might be to take this snippet and turn it into something that > writes to a DB that you control and then have a Hiera backend that feeds > your your data as collected from that backend on a regular basis. > > In Puppet functions, you have the entire catalog at your disposal and can > do with the data what you will. > > Good Luck, > > Trevor > > On Fri, Dec 16, 2016 at 5:52 PM, Johnson Earls <darkfo...@gmail.com > > wrote: > >> Hello all, >> >> I was just wondering - has anyone come across a plugin or something that >> would allow the use of exported resources in Puppet 4.x *without* using >> PuppetDB? The company I work for has declared PostgreSQL taboo within the >> corporate network and so I cannot run PuppetDB, and the lack of exported >> resources is really starting to grate. I'm hoping someone has seen >> something out there that can help solve this for me :) >> >> Thanks in advance, >> - Johnson >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to puppet-users...@googlegroups.com . >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-users/95a0f132-7b41-4158-af41-8a9785646aa8%40googlegroups.com >> >> <https://groups.google.com/d/msgid/puppet-users/95a0f132-7b41-4158-af41-8a9785646aa8%40googlegroups.com?utm_medium=email_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > Trevor Vaughan > Vice President, Onyx Point, Inc > (410) 541-6699 x788 > > -- This account not approved for unencrypted proprietary information -- > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/7966276a-e6d6-4447-b2d3-6654667fd1e3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Exported resources in Puppet 4 without using PuppetDB?
Hello all, I was just wondering - has anyone come across a plugin or something that would allow the use of exported resources in Puppet 4.x *without* using PuppetDB? The company I work for has declared PostgreSQL taboo within the corporate network and so I cannot run PuppetDB, and the lack of exported resources is really starting to grate. I'm hoping someone has seen something out there that can help solve this for me :) Thanks in advance, - Johnson -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/95a0f132-7b41-4158-af41-8a9785646aa8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Puppet 4: Property values constrained by feature -vs- parameter constrained by feature
Hey all, Just wondering: Is there a reason I'm not understanding for why property values that include a :required_features option will raise a puppet error if the feature is not available, but parameters that include :required_features are silently [except for a debug message] ignored if the feature is not available? - johnson -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/b940bb5d-e45c-42ba-add6-9ddcc294a9b9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] rspec question: how to test that no resource exists with certain parameters?
RSpec question for all the helpful folks here: How do I test that there is no resource in the catalog that matches certain parameters? I know how to test that a specific resource does not exist, or a specific resource does not match certain parameters. I want to test that, for example, there are no file resources with :ensure = directory set. Is this possible? Thanks in advance, - Johnson -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/89c69357-d468-47ec-80ca-50f847a24a24%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] rspec question: how to test that no resource exists with certain parameters?
Thanks, I'll try that. - Johnson On Monday, July 20, 2015 at 1:30:14 PM UTC-7, Hunter Haugen wrote: There is no helper built in to rspec-puppet to do this, but you can do it by using an rspec expect() around a catalogue.resources check: it has no file resources with ensure = directory do expect(catalogue.resources.select { |r| r.type == File r[:ensure] == directory }).to be_empty end -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/31de11a8-c3e1-4f4e-beb5-f230b6d605fc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] is there any way to get rspec to tell you the contents of the catalog on a failure?
Another rspec question: Is there any way to get rspec to tell you, when a test fails, what the contents of the catalog was, at a high level at least, that generated the failure? I've got a code block that looks right to me, and an rspec test that looks right to me. the test is failing and I have no idea why. Maybe seeing the contents of the catalog would help me figure out what's going on. Thanks in advance, - Johnson -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/f60d5256-2333-4953-8228-5da675f8679d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] puppet agent 4.0 running as root vs puppet server 2.0 running as puppet
All of my systems get the puppet-agent package installed and enabled as part of kickstart. The puppetserver package only later gets installed for servers that will be puppet servers. Is this ordering really that unexpected? On Thursday, May 7, 2015 at 12:06:53 PM UTC-7, Josh Cooper wrote: In practice this happens rarely. Usually you install puppetserver, which brings in puppet-agent as a dependency. -- Josh Cooper Developer, Puppet Labs *PuppetConf 2015 http://2015.puppetconf.com/ is coming to Portland, Oregon! Join us October 5-9.* *Register now to take advantage of the Early Adopter discount https://www.eventbrite.com/e/puppetconf-2015-october-5-9-tickets-13115894995?discount=EarlyAdopter * *—**save $349!* - Johnson -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/c7c9d0c4-6ac2-4b65-8ca8-3bad470c69e2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] puppet 3.7.4 using auth.conf file from github - default acl at end apparently preventing access?
Operating System: Oracle Linux 6.5 Puppet version: Open Source Puppet 3.7.4 (installed via gems) Ruby version: 2.1.0 (locally built package) Apache version: 2.2.15 Passenger version: 5.0.4 I apologise in advance if this post sounds confused and wanders all over; it mirrors its author in that respect. I'm just getting started with puppet. I've got a small 5-node playground set up to play with. I set it up using the Installing Puppet: From Gems instructions (since I wanted to use a newer version of ruby than the 1.8.7 that Oracle Linux comes with), and I thought everything was going great, getting it running under apache/passenger and everything. Then I realized I'd forgotten to install the auth.conf file the last time I rebuilt the puppet directories. As soon as I installed that file and restarted httpd, my agents stopped being able to talk to the server, getting an Error 403 Forbidden for every access. The errors, listed here, indicate that the server is recognizing that the client is authenticated, so apparently it's just not recognizing the URLs being accessed: Warning: Error 403 on SERVER: Forbidden request: rac03n01-dc2.dc2.responsys.com(...) access to /node/rac03n01-dc2.dc2.responsys.com [find] authenticated at :123 Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional resources using 'eval_generate': Error 403 on SERVER: Forbidden request: rac03n01-dc2.dc2.responsys.com(...) access to /file_metadata/pluginfacts [search] authenticated at :123 Error: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet://puppet/pluginfacts: Error 403 on SERVER: Forbidden request: rac03n01-dc2.dc2.responsys.com(...) access to /file_metadata/pluginfacts [find] authenticated at :123 Error 403 on SERVER: Forbidden request: rac03n01-dc2.dc2.responsys.com(...) access to /file_metadata/pluginfacts [find] authenticated at :123 Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': Error 403 on SERVER: Forbidden request: rac03n01-dc2.dc2.responsys.com(...) access to /file_metadata/plugins [search] authenticated at :123 Error: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve file metadata for puppet://puppet/plugins: Error 403 on SERVER: Forbidden request: rac03n01-dc2.dc2.responsys.com(...) access to /file_metadata/plugins [find] authenticated at :123 Error 403 on SERVER: Forbidden request: rac03n01-dc2.dc2.responsys.com(...) access to /file_metadata/plugins [find] authenticated at :123 Error: Could not retrieve catalog from remote server: Error 403 on SERVER: Forbidden request: rac03n01-dc2.dc2.responsys.com(...) access to /catalog/rac03n01-dc2.dc2.responsys.com [find] authenticated at :123 Error: Could not send report: Error 403 on SERVER: Forbidden request: rac03n01-dc2.dc2.responsys.com(...) access to /report/rac03n01-dc2.dc2.responsys.com [save] authenticated at :123 I noticed that the URLs listed (/node/..., /catalog/..., /report/..., and /file_metadata/...) are not listed in the auth.conf at all, but are being inserted by the puppet master: Mar 13 16:43:06 ... puppet-master[13013]: Inserting default '~ ^/catalog/([^/]+)$' (auth true) ACL Mar 13 16:43:06 ... puppet-master[13013]: Inserting default '~ ^/node/([^/]+)$' (auth true) ACL Mar 13 16:43:06 ... puppet-master[13013]: Inserting default '/file' (auth ) ACL Mar 13 16:43:06 ... puppet-master[13013]: Inserting default '/certificate_revocation_list/ca' (auth true) ACL Mar 13 16:43:06 ... puppet-master[13013]: Inserting default '~ ^/report/([^/]+)$' (auth true) ACL Mar 13 16:43:06 ... puppet-master[13013]: Inserting default '/certificate/ca' (auth any) ACL Mar 13 16:43:06 ... puppet-master[13013]: Inserting default '/certificate/' (auth any) ACL Mar 13 16:43:06 ... puppet-master[13013]: Inserting default '/certificate_request' (auth any) ACL Mar 13 16:43:06 ... puppet-master[13013]: Inserting default '/status' (auth true) ACL Mar 13 16:43:06 ... puppet-master[13013]: Inserting default '/v2.0/environments' (auth true) ACL However,apparently, the default deny-all ACL at the end of auth.conf (at line 123 as shown in the errors above) is preventing those default ACLs from taking effect. Once I commented out the default deny-all ACL at the end of auth.conf, my access started working again. Am I reading the logs and auth.conf file correctly in my conclusion that the default deny-all ACL is preventing the puppet-inserted ACLs from taking effect, or am I misconfigured somewhere else? Thanks in advance, - Johnson Earls -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/a2c876de-e57f-4888-aa26-70e43336ed39%40googlegroups.com