[Puppet Users] Installing Virtualbox on Mac osx with pkg dmg provider
Hello I can't manage to install VB on osx via puppet and pkgdmg provider. puppet client : 2.6.8 on osx snow leopard 10.6.7 puppetmaster : 2.6.8-1~bpo60+1 on debian squeeze The puppet logs say : [...] debug: Puppet::Type::Package::ProviderPkgdmg: Executing '/usr/bin/curl -o /tmp/VirtualBox-4.0.8-71778-OSX.dmg -C - -k -s --url https://web3/apps/VirtualBox-4.0.8-71778-OSX.dmg' debug: Success: curl transfered [VirtualBox-4.0.8-71778-OSX.dmg] debug: Puppet::Type::Package::ProviderPkgdmg: Executing '/usr/bin/hdiutil mount -plist -nobrowse -readonly -noidme -mountrandom /tmp /tmp/VirtualBox-4.0.8-71778-OSX.dmg' debug: Puppet::Type::Package::ProviderPkgdmg: Executing '/usr/sbin/installer -pkg /private/tmp/dmg.5hKSb9/VirtualBox.mpkg -target /' debug: Puppet::Type::Package::ProviderPkgdmg: Executing '/usr/bin/hdiutil eject /private/tmp/dmg.5hKSb9' err: /Stage[main]/Aptitude::Info/Pkginstall[VirtualBox-4.0.8-71778-OSX.dmg]/Package[VirtualBox-4.0.8-71778-OSX.dmg]/ensure: change from absent to present failed: Execution of '/usr/sbin/installer -pkg /private/tmp/dmg.5hKSb9/VirtualBox.mpkg -target /' returned 1: installer: Package name is Oracle VM VirtualBox installer: Installing at base path / installer: The install failed (Le programme d’installation a rencontré une erreur qui a provoqué l’échec de l’installation. Contactez l’éditeur du logiciel pour obtenir de l’aide.) The /var/log/install.log : Jun 8 15:02:16 info-starbuck installer[85815]: JS: Hardware architecture detected: i386 Jun 8 15:02:16 info-starbuck installer[85815]: JS: OS version detected: 10.6.7 Jun 8 15:02:17 info-starbuck installer[85815]: -[IFDInstallController(Private) _buildInstallPlan]: location = file://localhost Jun 8 15:02:17 info-starbuck installer[85815]: -[IFDInstallController(Private) _buildInstallPlan]: file://localhost/private/tmp/dmg.OT7NZT/VirtualBox.mpkg/Contents/Packages/VBoxKEXTs.pkg Jun 8 15:02:17 info-starbuck installer[85815]: -[IFDInstallController(Private) _buildInstallPlan]: file://localhost/private/tmp/dmg.OT7NZT/VirtualBox.mpkg/Contents/Packages/VBoxStartupItems.pkg Jun 8 15:02:17 info-starbuck installer[85815]: -[IFDInstallController(Private) _buildInstallPlan]: file://localhost/private/tmp/dmg.OT7NZT/VirtualBox.mpkg/Contents/Packages/VirtualBox.pkg Jun 8 15:02:17 info-starbuck installer[85815]: -[IFDInstallController(Private) _buildInstallPlan]: file://localhost/private/tmp/dmg.OT7NZT/VirtualBox.mpkg/Contents/Packages/VirtualBoxCLI.pkg Jun 8 15:02:17 info-starbuck runner[85823]: Administrator authorization granted. Jun 8 15:02:17 info-starbuck installer[85815]: Will use PK session Jun 8 15:02:17 info-starbuck installer[85815]: Starting installation: Jun 8 15:02:17 info-starbuck installer[85815]: Configuring volume "OsX" Jun 8 15:02:17 info-starbuck installer[85815]: Preparing disk for local booted install. Jun 8 15:02:17 info-starbuck installer[85815]: Free space on "OsX": 474.14 Go (474139660288 bytes). Jun 8 15:02:17 info-starbuck installer[85815]: Create temporary directory "/var/folders/zz/zzzivhrRnAmviuee+++/-Tmp-//Install.85815HtcZhN" Jun 8 15:02:17 info-starbuck installer[85815]: IFPKInstallElement (4 packages) Jun 8 15:02:17 info-starbuck installer[85815]: PackageKit: - Begin install - Jun 8 15:02:17 info-starbuck installer[85815]: PackageKit: request=PKInstallRequest <4 packages, destination=/> Jun 8 15:02:17 info-starbuck installer[85815]: PackageKit: packages=(\n "PKJaguarPackage ",\n "PKJaguarPackage ",\n "PKJaguarPackage ",\n "PKJaguarPackage "\n) Jun 8 15:02:17 info-starbuck installer[85815]: PackageKit: Extracting file://localhost/private/tmp/dmg.OT7NZT/VirtualBox.mpkg/Contents/Packages/VBoxKEXTs.pkg (destination=/var/folders/zz/zzzivhrRnAmviuee+++/Cleanup At Startup/PKInstallSandbox-tmp/Root, uid=0) Jun 8 15:02:18 info-starbuck installer[85815]: PackageKit: Extracting file://localhost/private/tmp/dmg.OT7NZT/VirtualBox.mpkg/Contents/Packages/VBoxStartupItems.pkg (destination=/var/folders/zz/zzzivhrRnAmviuee+++/Cleanup At Startup/PKInstallSandbox-tmp/Root, uid=0) Jun 8 15:02:19 info-starbuck installer[85815]: PackageKit: Extracting file://localhost/private/tmp/dmg.OT7NZT/VirtualBox.mpkg/Contents/Packages/VirtualBox.pkg (destination=/var/folders/zz/zzzivhrRnAmviuee+++/Cleanup At Startup/PKInstallSandbox-tmp/Root, uid=0) Jun 8 15:02:27 info-starbuck installer[85815]: PackageKit: Extracting file://localhost/private/tmp/dmg.OT7NZT/VirtualBox.mpkg/Contents/Packages/VirtualBoxCLI.pkg (destination=/var/folders/zz/zzzivhrRnAmviuee+++/Cleanup At Startup/PKInstallSandbox-tmp/Root, uid=0) Jun 8 15:02:28 info-starbuck installer[85815]: PackageKit: Shoving /var/folders/zz/zzzivhrRnAmviuee+++/Cleanup At Startup/PKInstallSandbox-tmp/Root (3 items) to / Jun 8 15:02:28 info-starbuck installer[85815]: PackageKit: Executing script "./postflight" in /tmp/dmg.OT7NZT/Virtu
[Puppet Users] Deploying Xcode 4.3.2 with Puppet
Hello I can't find the good provider to deploy Xcode4 with puppet. Apple gives a .dmg which containing a .app, but in order to install Xcode, you have to execute this .app like a pkg. Anybody knows if it's possible actually with puppet ? Thanks for your help -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Deploying Xcode 4.3.2 with Puppet
Hi again On 27 mar, 10:12, Marc wrote: > Hello > > I can't find the good provider to deploy Xcode4 with puppet. > > Apple gives a .dmg which containing a .app, but in order to install > Xcode, you have to execute this .app like a pkg. > > Anybody knows if it's possible actually with puppet ? > > Thanks for your help Forget my question. Xcode 4 is a normal add and have to be deployed by appdmg. It just ask to install "Mobile device framework" at first launch that caused a confusion for me:) Bye. Marc -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Problems parsing array to a define in puppet manifest
I have searched wide and far for a solution to this issue, but didn't find any real solution that I could use. I am running puppet ver. 3.0.2, and my problem is when I try to parse an array to a define in a manifest. My code looks as the following: $testaccess = hiera('testaccess') define testdefine () { notify{"Parsed following to define: ${name} : } } which gives the following output: Parsed following to define: test1test2 It seems that the array is concatenated into one string, instead of parsing each entry in the array to the define. Can anyone shed some light into this issue, would be much appreciated :) /Marc -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Problems parsing array to a define in puppet manifest
Sorry - forgot to supply the call to the define: testdefine { "$testaccess": } Again - any feedback on the usage here would be much appreciated. /Marc Den fredag den 1. februar 2013 11.19.51 UTC+1 skrev ma...@ml4.dk: > > I have searched wide and far for a solution to this issue, but didn't find > any real solution that I could use. > > I am running puppet ver. 3.0.2, and my problem is when I try to parse an > array to a define in a manifest. > > My code looks as the following: > > $testaccess = hiera('testaccess') > > define testdefine () { > notify{"Parsed following to define: ${name} : } > } > > which gives the following output: > Parsed following to define: test1test2 > > It seems that the array is concatenated into one string, instead of > parsing each entry in the array to the define. > > Can anyone shed some light into this issue, would be much appreciated :) > > /Marc > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Problems parsing array to a define in puppet manifest
Of course - why did I miss that? Thanks for the resolution Pienaar, now I can move on with the manifest :) /Marc Den fredag den 1. februar 2013 11.28.33 UTC+1 skrev R.I. Pienaar: > > > > - Original Message - > > From: ma...@ml4.dk > > To: puppet...@googlegroups.com > > Sent: Friday, February 1, 2013 11:19:51 AM > > Subject: [Puppet Users] Problems parsing array to a define in puppet > manifest > > > > I have searched wide and far for a solution to this issue, but didn't > find > > any real solution that I could use. > > > > I am running puppet ver. 3.0.2, and my problem is when I try to parse an > > array to a define in a manifest. > > > > My code looks as the following: > > > > $testaccess = hiera('testaccess') > > > > define testdefine () { > > notify{"Parsed following to define: ${name} : } > > } > > > > which gives the following output: > > Parsed following to define: test1test2 > > > > It seems that the array is concatenated into one string, instead of > parsing > > each entry in the array to the define. > > > > Can anyone shed some light into this issue, would be much appreciated :) > > You're not showing how you pass the array to the define but I would guess > you're doing: > > testdefine{"$testaccess": } this turns the array into a string, you > probably > should just remove the "s and make it testdefine{$testaccess: } > > > > /Marc > > > > -- > > You received this message because you are subscribed to the Google > Groups > > "Puppet Users" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to puppet-users...@googlegroups.com . > > To post to this group, send email to > > puppet...@googlegroups.com. > > > Visit this group at http://groups.google.com/group/puppet-users?hl=en. > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Puppet 2.7 deprecation warnings
Hello all. I am modifying puppet code in order to make it puppet v3 compliant. Currently I am running puppet 2.7. When it comes to deprecation warnings I got 2 different types. *Type 1:* *puppet-master[6426]: Dynamic lookup of $apache_port at /etc/puppet/environments/production/modules/apache/manifests/init.pp:24 is deprecated. For more information, see http://docs.puppetlabs.com/guides/scope_and_puppet.html. To see the change in behavior, use the --debug flag.* *Type 2:* *puppet-master[6246]: Dynamic lookup of $apache_ldap_auth is deprecated. For more information, see http://docs.puppetlabs.com/guides/scope_and_puppet.html. To see the change in behavior, use the --debug flag.* * * As you can see, type 2 has no reference to the code. Am I right to assume that type 2 logs are related to ruby functions or .erb templates? Thank you! -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Enable puppet agent by default
Hello I am trying puppet 3.5.1 on a Debian Jessie. How can I enable Puppet by default on new installations ? I need to do that, for Debian deployment. I use Debian FAI to install Debian on my workstations. After the deployment, Puppet is launched. I just have to sign them on Puppet Master in order to launch the post install with puppet (AD integration, CUPS configuration...). So now, I can't do that because the /etc/default/puppet file is not read by the system. The only solution I see, is to add a cron task @reboot. Am I wrong ? Thanks for your help Marc -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/03699c7c-510a-4ecd-8977-9bfc760f221e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] No rubygem-deep-merge RPM in EL7 Yum repo
Hi, Puppetizing my first Centos7 I realized there is no rubygem-deep-merge RPM in: http://yum.puppetlabs.com/el/7/dependencies/x86_64/ Is this intended? Cheers, Marc -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/58643257-4526-4b60-87b3-1586ee09a7a5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] What is wrong with this code?
Hi all, The code snippet below is an isolation of the problem I am facing. I don't understand why this produces a duplicate declaration. Can anyone give an explanation? *$ cat test.pp * *class foo { contain foo::bar }* *class foo::bar { class { 'bar': } }* *class bar { notify { 'hello': } }* *include foo* *$ puppet apply test.pp* *Error: Duplicate declaration: Class[Foo::Bar] is already declared; cannot redeclare at /home/marc/test.pp:2 on node carbon.demo.lan* *Error: Duplicate declaration: Class[Foo::Bar] is already declared; cannot redeclare at /home/marc/test.pp:2 on node carbon.demo.lan* Thank you! Marc -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5a4b1b8f-09bf-4595-9a48-70090682fe5c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] What is wrong with this code?
Hi Craig, That makes sense. In fact, now I remember this is not the first time it bites me. I'll stick a post-it in my forehead. Thank you! On Tuesday, August 19, 2014 12:55:53 PM UTC+2, Craig Dunn wrote: > > > > > On Tue, Aug 19, 2014 at 12:33 PM, Marc > > wrote: > > Hi all, >> >> The code snippet below is an isolation of the problem I am facing. >> I don't understand why this produces a duplicate declaration. >> Can anyone give an explanation? >> >> *$ cat test.pp * >> *class foo { contain foo::bar }* >> *class foo::bar { class { 'bar': } }* >> *class bar { notify { 'hello': } }* >> *include foo* >> >> > Within class foo::bar "bar" is being found in local scope (eg: it's > declaring itself). Thats why fully qualified is always a good way to go to > be explicit about these things. You need to explicitly require ::bar, not > bar... > > class foo::bar { class { '::bar': } } > > Craig > > > -- > *Enviatics *| Automation and configuration management > http://www.enviatics.com | @Enviatics > Puppet Training http://www.enviatics.com/training/ > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/9b641d21-c2ca-4115-a3bd-e630927359a9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Re: File 'replace => false' doesn't match my expectations...
Using 'replace => false' should not trigger a checksum operation but given the time it takes with big files I think it does. Does it make sense to perform checksum when 'replace' is set to false? * exec { 'wget -O - http://repo01.demo.lan/coreos/coreos_qemu.img.bz2 | bzcat > /root/coreos/core01/core01.img':* *path=> '/usr/bin',* *creates => '/root/coreos/core01/core01.img',* * }* * file { [ '/root/coreos/core02/core02.img',* * '/root/coreos/core03/core03.img',* * '/root/coreos/core04/core04.img' ]:* *ensure => file,* *replace => false,* *source => '/root/coreos/core01/core01.img',* *owner => 'root',* *group => 'root',* *mode=> '0644',* * }* Marc On Thursday, February 5, 2009 at 5:59:06 AM UTC+1, Luke Kanies wrote: > > On Jan 30, 2009, at 9:54 AM, Jeff wrote: > > > > > On Jan 28, 7:18 pm, Andrew Shafer wrote: > >> Jeff, > >> > >> What version of Puppet are you using? > > > > Andrew, > > > > Each time I used a template, it overwrote a changed file. Each time I > > used a source, it did not. > > > > Version: 0.24.4 > > > > I just tested one more time to make sure. The results were the same. > > If I used a template AND replace => false, it still overwrote a > > modified file. If I used source AND replace => false, it did not. > > > Definitely not the right behaviour, and fixed in recent releases. > > -- > The leader of Jamestown was "John Smith" (not his real name), under > whose direction the colony engaged in a number of activities, > primarily related to starving. -- Dave Barry, "Dave Barry Slept Here" > - > Luke Kanies | http://reductivelabs.com | http://madstop.com > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/b2d3014f-b8de-4cb4-8b92-e62a7a9d9d6b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Re: File 'replace => false' doesn't match my expectations...
I have filed a ticked: https://tickets.puppetlabs.com/browse/PUP-3866 Thank you, Marc On Wednesday, January 21, 2015 at 2:56:20 PM UTC+1, jcbollinger wrote: > > > > On Tuesday, January 20, 2015 at 1:28:33 PM UTC-6, Marc necro'd an ancient > thread: >> >> Using 'replace => false' should not trigger a checksum operation but >> given the time it takes with big files I think it does. >> Does it make sense to perform checksum when 'replace' is set to false? >> >> * exec { 'wget -O - http://repo01.demo.lan/coreos/coreos_qemu.img.bz2 >> <http://repo01.demo.lan/coreos/coreos_qemu.img.bz2> | bzcat > >> /root/coreos/core01/core01.img':* >> *path=> '/usr/bin',* >> *creates => '/root/coreos/core01/core01.img',* >> * }* >> >> * file { [ '/root/coreos/core02/core02.img',* >> * '/root/coreos/core03/core03.img',* >> * '/root/coreos/core04/core04.img' ]:* >> *ensure => file,* >> *replace => false,* >> *source => '/root/coreos/core01/core01.img',* >> *owner => 'root',* >> *group => 'root',* >> *mode=> '0644',* >> * }* >> >> > > I appreciate that you've been searching the archives for information about > your issue. Nevertheless, when you have a new question (which yours is), > please start a new thread. > > I agree that it doesn't seem useful to checksum a File configured with > "replace => false". If you can confirm that checksums are in fact being > computed, then you should consider filing a bug report > <https://tickets.puppetlabs.com/secure/Dashboard.jspa>. In any case, a > work-around and possible diagnostic test would be to set "checksum => > 'mtime'" on your affected File resources. A straight workaround with no > diagnostic value would be to simply set "checksum => 'none'". > > > John > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/90ca988b-f3b5-491a-a2ad-765f5d8524d5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Re: File 'replace => false' doesn't match my expectations...
You cannot specify source when using checksum 'none' Marc On Monday, February 2, 2015 at 12:35:31 PM UTC+1, Thomas Müller wrote: > > > > Am Dienstag, 20. Januar 2015 20:28:33 UTC+1 schrieb Marc: >> >> Using 'replace => false' should not trigger a checksum operation but >> given the time it takes with big files I think it does. >> Does it make sense to perform checksum when 'replace' is set to false? >> > > what about setting "checksum => none"? > > > https://docs.puppetlabs.com/references/latest/type.html#file-attribute-checksum > > - Thomas > > > >> >> * exec { 'wget -O - http://repo01.demo.lan/coreos/coreos_qemu.img.bz2 >> <http://repo01.demo.lan/coreos/coreos_qemu.img.bz2> | bzcat > >> /root/coreos/core01/core01.img':* >> *path=> '/usr/bin',* >> *creates => '/root/coreos/core01/core01.img',* >> * }* >> >> * file { [ '/root/coreos/core02/core02.img',* >> * '/root/coreos/core03/core03.img',* >> * '/root/coreos/core04/core04.img' ]:* >> *ensure => file,* >> *replace => false,* >> *source => '/root/coreos/core01/core01.img',* >> *owner => 'root',* >> *group => 'root',* >> *mode=> '0644',* >> * }* >> >> Marc >> >> On Thursday, February 5, 2009 at 5:59:06 AM UTC+1, Luke Kanies wrote: >>> >>> On Jan 30, 2009, at 9:54 AM, Jeff wrote: >>> >>> > >>> > On Jan 28, 7:18 pm, Andrew Shafer wrote: >>> >> Jeff, >>> >> >>> >> What version of Puppet are you using? >>> > >>> > Andrew, >>> > >>> > Each time I used a template, it overwrote a changed file. Each time I >>> > used a source, it did not. >>> > >>> > Version: 0.24.4 >>> > >>> > I just tested one more time to make sure. The results were the same. >>> > If I used a template AND replace => false, it still overwrote a >>> > modified file. If I used source AND replace => false, it did not. >>> >>> >>> Definitely not the right behaviour, and fixed in recent releases. >>> >>> -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/d9e1b577-94ee-4d84-9c66-9e17048f536f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Updating from 3.2.4 to 3.7.4 problem with exported resources
Hi all, This is my current situation: Master A has: - port 8140 - puppet server 3.2.4 - puppetdb terminus 1.6.2 Master B has: - port 8141 - puppet server 3.7.4 - puppetdb terminus 1.6.2 PuppetDB has: - puppetdb 1.6.2 Client has: - puppet client 3.2.4 And my node manifest is: *node 'marc-test.demo.lan' {* *@@file { '/tmp/foo/bar':* *ensure => present,* *} * *}* Where '/tmp/foo' does not exist. So, given the above information, if I issue the following command in the client, everything works as expected: *[r...@marc-test.demo ~]# puppet agent -t --environment marc_villacorta --masterport 8140* *...* *Info: Applying configuration version '1424959728'* *Notice: Finished catalog run in 19.06 seconds* But when I try the same against the 3.7.4 master the managed node attempts to realize the exported resource: *[r...@marc-test.demo ~]# puppet agent -t --environment marc_villacorta --masterport 8141* *...* *Info: Applying configuration version '1424959869'* *Error: Could not set 'present' on ensure: No such file or directory - /tmp/foo/bar at 5:/etc/puppet/environments/marc_villacorta/manifests/nodes/marc-test.demo.lan.pp* *Error: Could not set 'present' on ensure: No such file or directory - /tmp/foo/bar at 5:/etc/puppet/environments/marc_villacorta/manifests/nodes/marc-test.demo.lan.pp* *Wrapped exception:* *No such file or directory - /tmp/foo/bar* *Error: /Stage[main]//Node[marc-test.demo.lan]/File[/tmp/foo/bar]/ensure: change from absent to present failed: Could not set 'present' on ensure: No such file or directory - /tmp/foo/bar at 5:/etc/puppet/environments/marc_villacorta/manifests/nodes/marc-test.demo.lan.pp* *Notice: Finished catalog run in 98.65 seconds* I have tried to update the client to 3.7.4 but I get the same result. My puppet infrastructure is about 4 years old maybe I have configs with deprecated stuff ... Any idea? A bug perhaps? Cheers Marc -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/87387bcd-9cdd-44cb-98b1-c9bc03822a0a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: Updating from 3.2.4 to 3.7.4 problem with exported resources
Update: Looks like whatever is affecting me was introduced in puppet server 3.6.2 3.2.4 Works 3.3.2 Works 3.4.3 Works 3.5.1 Works 3.6.0 Works 3.6.1 Works 3.6.2 Fails 3.7.3 Fails 3.7.4 Fails The release notes for 3.6.2: Puppet 3.6.2 Security Fixes Feature: Disabling Deprecation Warnings Fix for Directory Environments Under Webrick Fixes to purge_ssh_keys Default environment_timeout increased General Bug Fixes Not sure where to start looking but we use config-files environments ... I think I will update to 3.6.1 and start hunting deprecation warnings from there. Thanks, Marc On Thursday, February 26, 2015 at 3:18:22 PM UTC+1, Marc wrote: > > Hi all, > > This is my current situation: > > Master A has: > - port 8140 > - puppet server 3.2.4 > - puppetdb terminus 1.6.2 > > Master B has: > - port 8141 > - puppet server 3.7.4 > - puppetdb terminus 1.6.2 > > PuppetDB has: > - puppetdb 1.6.2 > > Client has: > - puppet client 3.2.4 > > And my node manifest is: > > *node 'marc-test.demo.lan' {* > > *@@file { '/tmp/foo/bar':* > *ensure => present,* > *} * > *}* > > Where '/tmp/foo' does not exist. > > So, given the above information, if I issue the following command in the > client, everything works as expected: > > > *[r...@marc-test.demo ~]# puppet agent -t --environment marc_villacorta > --masterport 8140* > *...* > *Info: Applying configuration version '1424959728'* > *Notice: Finished catalog run in 19.06 seconds* > > But when I try the same against the 3.7.4 master the managed node attempts > to realize the exported resource: > > > *[r...@marc-test.demo ~]# puppet agent -t --environment marc_villacorta > --masterport 8141* > *...* > *Info: Applying configuration version '1424959869'* > *Error: Could not set 'present' on ensure: No such file or directory - > /tmp/foo/bar at > 5:/etc/puppet/environments/marc_villacorta/manifests/nodes/marc-test.demo.lan.pp* > *Error: Could not set 'present' on ensure: No such file or directory - > /tmp/foo/bar at > 5:/etc/puppet/environments/marc_villacorta/manifests/nodes/marc-test.demo.lan.pp* > *Wrapped exception:* > *No such file or directory - /tmp/foo/bar* > *Error: /Stage[main]//Node[marc-test.demo.lan]/File[/tmp/foo/bar]/ensure: > change from absent to present failed: Could not set 'present' on ensure: No > such file or directory - /tmp/foo/bar at > 5:/etc/puppet/environments/marc_villacorta/manifests/nodes/marc-test.demo.lan.pp* > *Notice: Finished catalog run in 98.65 seconds* > > I have tried to update the client to 3.7.4 but I get the same result. > My puppet infrastructure is about 4 years old maybe I have configs with > deprecated stuff ... > > Any idea? A bug perhaps? > > Cheers > Marc > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/e57bc68e-8cf8-40a6-aa69-14f51f7a3ec6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Puppet Guideline : for file service to puppet client
Excerpts from sanjiv.singh's message of Tue Jul 05 10:05:41 +0200 2011: > Hi All, > I am facing performance degrade of both puppet master and puppet > client, when my manifests are designed for serving more and more files > (flat file, jars,wars/templates). > > what could be the best approach to handle this? It is possible to let a "real" webserver take care of static file serving, and only use the puppetmaster for catalog compilation. One tried and tested solution is described in this blog post: http://www.masterzen.fr/2010/03/21/more-puppet-offloading/ Cheers, Marc -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Apache module for RHEL6
Hello, Excerpts from Vorik's message of Tue Jul 05 10:31:54 +0200 2011: > > What is a good module to manage Apache on RHEL6 that is known to work? > I want to be able to create vhosts, nothing that fancy. > > Currently, I'm trying camptocamp-apache. Unfortunately, the readme > file only states how to do some authentication stuff. Yes, I agree their README is totally useless... Shame on them ;-) You'll find more useful documentation running puppetdoc against this module (or reading the comments in the manifest files). > Configuration (found at the camptocamp-tomcat plugin) > ---%<--- > class webserver_base { > > package { "httpd": ensure => installed } > service { "httpd": ensure => running } > > apache::vhost {"www.dus123camptocamp.nl": > ensure => present, > } > > } > ---%<--- > > It fails with this error: > ---%<--- > err: Could not run Puppet configuration client: Could not find > dependency File[/usr/local/sbin/a2ensite] for Exec[enable vhost > www.dus123camptocamp.nl] at /etc/puppet/modules/apache/manifests/ > definitions/vhost.pp:251 > ---%<--- If you try something like: ---%<--- class webserver_base { include apache apache::vhost {"www.dus123camptocamp.nl": ensure => present, } } ---%<--- ... you should have a much more pleasant experience. If you take a peep into apache/manifests/init.pp you'll see that the "apache" class includes other classes based on which distribution you are running. As we have both RHEL and Debian servers, we have made quite an effort to make this module abstract away the distribution specific bits (paths and so). You should be able to use it on RHEL without any hassle. We have modified this module to add support for RHEL6 a couple of months ago. Please be sure to use a recent checkout: https://github.com/camptocamp/puppet-apache Cheers, Marc -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppetmaster setup with separate CA server configuration help
Kevin, I'm not sure I perfectly understand your setup but I reckon your problem is that ... Excerpts from linuxbsdfreak's message of Fri Jul 08 14:48:19 +0200 2011: > [...] > Following are the nginx/puppet.conf configs of loadbalancer01 > -- > > [main] > logdir = /var/log/puppet > rundir = /var/run/puppet > ssldir = $vardir/ssl > > [agent] > classfile = $vardir/classes.txt > localconfig = $vardir/localconfig > server = loadbalancer01 > listen = true > > [master] >ssl_client_header = SSL_CLIENT_S_DN >ssl_client_verify_header = SSL_CLIENT_VERIFY >ca = false ... SSL_CLIENT_S_DN and SSL_CLIENT_VERIFY don't exist because nginx and puppetmaster don't speak SSL anymore at this point, only plain HTTP. Referring to your nginx configuration below: > --- puppetmasterlb.conf -- > [...] > proxy_redirect off; > proxy_set_header Host $host; > proxy_set_header X-Real-IP $remote_addr; > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > proxy_set_headerX-Client-Verify $ssl_client_verify; > proxy_set_headerX-Client-DN $ssl_client_s_dn; > proxy_set_headerX-SSL-Subject$ssl_client_s_dn; > proxy_set_headerX-SSL-Issuer $ssl_client_i_dn; ... you are setting the values the puppetmaster needs in the X-Client-Verify and X-Client-DN HTTP headers. Therefore, you could try changing your puppetmaster settings to read: [master] ssl_client_header = HTTP_X_CLIENT_DN ssl_client_verify_header = HTTP_X_CLIENT_VERIFY > However i get the following error while trying to receive the catalog: > > notice: Ignoring --listen on onetime run > err: Could not retrieve catalog from remote server: Error 403 on > SERVER: Forbidden request: pclient(192.168.122.12) access to / > certificate_revocation_list/ca [find] at line 93 > warning: Not using cache on failed catalog > > - I think this may be related to the auth.conf I would suspect that this error is only a side effect. Your client is not considered authenticated by the master and therefore gets denied access to whatever resource it is asking for. > --- Auth.conf on loadbalancer01 > [...] > # allow all nodes to access the certificates services > path /certificate_revocation_list/ca > method find > allow * > No "auth no" found here, which would explain... Hope this helps ! Cheers, Marc -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Trying to mount a bunch of directories using a hash
I am trying to use a hash to mount a bunch of directories but I am unsure how to get the value for the key. Feel free to tell me I am going about this the wrong way. This is the error I get from my module (init.pp listed below): Could not retrieve catalog from remote server: Error 400 on SERVER: value is a required option for Puppet::Parser::Resource::Param at /etc/puppet/modules/sandbox/mount-content-new/manifests/init.pp:27 on node bos-test01.contentstore.net Obviously I don't know how to refer to the inside the mount type - init.pp - # # $Id:$ # class mount-content-new { $content = { '/content/music/beggars' => 'bos-netapp01:/vol/Indy_1/beggars', '/content/music/bmg' => 'bos-netapp02:/vol/bmg/bmg' } $keys = split(inline_template("<%= content.keys.join(',') %>"), ",") file {["/content","/content/music"]: ensure => directory, owner => root, group => root, mode => 0755, } file {$keys: ensure => directory, mode => 0755, } mount {$keys: atboot => true, device => $content[$keys], ensure => "mounted", fstype => "nfs", options => "rw,bg,hard,intr,rsize=32768,wsize=32768,vers=3,proto=tcp,timeo=600,retrans=2", dump => "0", pass => "1" } } -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] using an array with file
I have a bunch of files in some directory that I need to link to someother directory What I want to do is something like this: $file_list = [ "filea", "fileb", "filec"] file {$file_list: ensure => link, path => "/some_directory/", target => "/someother_directory/", } So, the question is what do I replace with to make this work I know I could have $file_list be the full path to the files, but I would rather not do that Thanks for any help Marc -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Using a defined function in another class?
I have a function defined in one class that I would like to use in another class, but I can not seem to get it to work, I set up a simple test case and I get the following error: Could not retrieve catalog from remote server: Error 400 on SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError: Invalid resource type testfn at /etc/puppet/modules/sandbox/one/manifests/init.pp:3 on node bos-test01.contentstore.net /etc/puppet/modules/sandbox/one/manifests/init.pp class one { include two testfn { test:} } /etc/puppet/modules/sandbox/two/manifests/init.pp class two { define testfn () { notify {foo: } } } What am I doing wrong? Thanks Marc -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
RE: [Puppet Users] Using a defined function in another class?
Oops grabbed the path from the puppet output not the directory structure. The files should be: /etc/puppet/modules/sandbox/one/manifests/init.pp class one { include two testfn { test:} } /etc/puppet/modules/sandbox/two/manifests/init.pp class two::test { testfn {test: } } the following class works as it is in the same module as the define: /etc/puppet/modules/sandbox/two/manifests/test.pp class two::test { testfn {test: } } I tried ::one::testfn{test: } that also failed with the error: Could not retrieve catalog from remote server: Error 400 on SERVER: Invalid tag "::one::testfn" at /etc/puppet/modules/sandbox/one/manifests/init.pp:3 on node bos-test01.contentstore.net -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Unusual puppet template usecase? not sure if it works - appreciate help!
You appear to be trying to have some sort of "generic" template that fills in the values using two-phase variable interpretation. As has pointed out, that probably won't work. You should look at using extlookup instead of what are you trying here. That can do variable substitution in a manner similar to what you are trying to do. Combine that with the ability to call puppet functions from within a template, and I think you are a lot closer to what you need. Don't forget that templates have the full power of Ruby. You may need to use more code, and it will definitely be harder to read, but gives you more flexibility. May even what to write a custom function that does the additional manipulations that you need, and then use that in your templates. Marc On 12/6/11 7:27 AM, denmat wrote: Hi, I have doubts about what you are trying to do will even compile. I suggest you take a look at the puppet docs on templating to get a clearer picture: http://docs.puppetlabs.com/guides/templating.html and after that you should take a look at variables: http://docs.puppetlabs.com/learning/variables.html That should make some things a little clearer for you. Cheers, Den On Tue, Dec 6, 2011 at 2:18 PM, Vitthal Gogate wrote: bit more explaination on what I am trying and appreciate if some one can throw some light on how to get it working? I define bunch of global variables in puppet Site.pp and try generate the hadoop configuration file based on that using puppet template. We expect "value" in the config.erb template to be substituted by the actual value of global_jobtracker_host. This is two phase substitution, first value is substituted as "<%= global_jobtracker_host %>:50030" then "global_jobtracker_host" part should be replaced by actual value "myhost.xxx.com". Is it possible? Site.pp === global_jobtracker_host = myhost.xxx.com global_namenode_host = myhost.xxx.com conf_map = { 'mapred.job.tracker' => '<%= global_jobtracker_host %>:9000', 'mapred.job.tracker.http.address' => '<%= global_jobtracker_host %>:50030' } file {"$hadoop_conf_dir/mapred-site.xml": ensure => present, content => template ("/tmp/config.erb") } /tmp/config.erb <% conf_map.each do |key,value| -%> <%= key %> <% value %> <% end -%> == On Dec 5, 12:14 pm, Vitthal Gogate wrote: I have following erb template in my puppet module. The "value" itself is template expression e.g.<%= some_puppet_global_variable %>. I expect this value to be substituted and evaluated to finally have the value of "some_puppet_global_variable" substituted in the content. Pl. let me know how to achieve it? puppet template file: <% conf_category_map.each do |key,value| -%> <%= key %> <% value %> <% end -%> -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: how to link items together -- all happen together?
It sounds like he wants to not only assue that foo happens before bar, but that nothing happens between foo and bar. I think the only way to ensure that is to use stages, and have a separate stage for the two items that need to be executed together. On Dec 8, 1:58 pm, Jacob Helwig wrote: > On 2011-12-08 11:07 , Jo Rhett wrote: > > > I've found some problems due to the extremely random ordering puppet > > does. It is necessary for some of these items to all happen together, > > with no other random resources executed in between. Is there some way > > to arrange this with puppet? > > > -- > > Jo Rhett > > Net Consonance : consonant endings by net philanthropy, open source and > > other randomness > > Have you tried specifying the dependencies between your resources? > > package { 'foo': > ensure => installed, > > } > > file { '/etc/foo.conf': > ensure => file, > source => 'puppet:///module/foo/foo.conf', > require => Package['foo'], > > } > > service { 'foo': > ensure => running, > subscribe => File['/etc/foo/foo.conf'], Package['foo'], > > } > > Both subscribe and require will setup ordering between resources. > > -- > Jacob Helwighttp://technosorcery.net/about/me > > signature.asc > < 1KViewDownload -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: right way to multiuser development
We wrote some scripts to use the Rackspace api to create two servers, set up one as a puppet master, then one as a client. It grabs the modules and node config from svn. We then test modules, mess with them, commit to svn when we're done, then destroy the servers. On Dec 23, 2:00 am, Alexey Wasilyev wrote: > Hello! > > Guys, who can share expirience in multiuser development of puppet modules? > I try to configure different environments for every user, but faced that > custom facts and functions are global for every environment.. > How do you solve such problems? > > -- > wbr, alw -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] File selection for template() similar to source
I want to be able to have Puppet determine which file to use as the source of a template() call in a manner similar to the source parameter. Basically, I want to have a file resource that will use the most appropriate file for a template. While I can do: file { "file.conf" : source => [ "puppet:///module/file.conf.${hostname}", "puppet://module/file.conf.${groupname}", "puppet:///module/file.conf"], } I cannot do: file { "file.conf" : content => [ template("module/file.conf.${hostname}"), template("module/file.conf.$ {groupname}"), template("module/file.conf")] } This fails in 0.25.5 if the first file for the template call does not exist. I know I can use a case statement or selector to set a variable name, but that won't do what I want. Basically, I want puppet to use the first file it finds for the source of the template() call, just like the source version. For some nodes, or some groups, there will be such a file, and in other cases, the default file will be used. Anyone know how to do this? The alternative would be to have some way to test if the file exists in the paths. Anyone know how to do that? This isn't a test to see if the file exists on the client, but in the puppet repo, so in client/server mode, this would be testing if the file exists on the server. Any suggestions are greatly appreciated. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppet meet-up, Zürich, 17-18 septem ber
Hello, Next friday & saturday, the FrOSCamp[¹] conference will take place in Zürich/Switzerland, alongside Fedora's annual FUDCon[²]. The Swiss Puppet User Group will be giving a workshop[³] for beginners on saturday afternoon, as well as holding a hackfest[⁴] where we plan to work together on puppet modules, types/providers, etc. Definitely many reasons to be around Zürich next week-end :-) Looking forward to meet other puppet-eers on this occasion ! Cheers, Marc & the other SPUG folks. [¹] http://wiki.froscamp.org/Welcome [²] https://fedoraproject.org/wiki/FUDCon:Zurich_2010 [³] http://wiki.froscamp.org/2010:Talks_and_Workshops#Puppet [⁴] http://wiki.froscamp.org/2010:Hackfests#Swiss_Puppet_User_Group -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet + Passenger error - /var/lib/puppet/.puppet
This is a known bug. You need to set vardir and confdir for the [puppetmasterd] section explicitly, otherwise you get the default of .puppet for the var dir. Do this, and running puppet from passenger should be fine. On 9/12/10 1:09 PM, cyrus_mc wrote: I am trying to setup Puppet + Passenger with Apache. After initially setting it up, on the client I was getting 403 errors when trying to access /catalog, /plugins, etc. Pretty much anything that my client tried to access I received a 403 error. I then looked in the /var/log/messages file and found the following: Sep 10 16:27:25 ls1314p puppet-master[26378]: Creating a new SSL key for ls1314p.encana.com Sep 10 16:27:25 ls1314p puppet-master[26378]: Creating a new SSL certificate request for ls1314p.encana.com Sep 10 16:27:25 ls1314p puppet-master[26378]: Starting Puppet server version 0.25.5 Sep 10 16:27:25 ls1314p puppet-master[26378]: Inserting default '~ ^/catalog/([^/]+)$'(auth) acl because /var/lib/puppet/.puppet/ auth.conf doesn't exist Sep 10 16:27:25 ls1314p puppet-master[26378]: Inserting default '/file'(non-auth) acl because /var/lib/puppet/.puppet/auth.conf doesn't exist Sep 10 16:27:25 ls1314p puppet-master[26378]: Inserting default '/certificate_revocation_list/ca'(auth) acl because /var/lib/puppet/.puppet/auth.conf doesn't exist Sep 10 16:27:25 ls1314p puppet-master[26378]: Inserting default '/report'(auth) acl because /var/lib/puppet/.puppet/auth.conf doesn't exist Sep 10 16:27:25 ls1314p puppet-master[26378]: Inserting default '/certificate/ca'(non-auth) acl because /var/lib/puppet/.puppet/auth.conf doesn't exist Sep 10 16:27:25 ls1314p puppet-master[26378]: Inserting default '/certificate/'(non-auth) acl because /var/lib/puppet/.puppet/ auth.conf doesn't exist Sep 10 16:27:25 ls1314p puppet-master[26378]: Inserting default '/certificate_request'(non-auth) acl because /var/lib/puppet/.puppet/auth.conf doesn't exist Sep 10 16:27:25 ls1314p puppet-master[26378]: (access[/]) defaulting to no access for lv1779p.encana.com Sep 10 16:27:25 ls1314p puppet-master[26378]: Denying access: Forbidden request: lv1779p.encana.com(10.56.32.105) access to /catalog/lv1779p.encana.com [find] at line 0 Sep 10 16:27:25 ls1314p puppet-master[26378]: Forbidden request: lv1779p.encana.com(10.56.32.105) access to /catalog/lv1779p.encana.com [find] at line 0 As you can see, it seems to be looking for the auth.conf file in /var/ lib/puppet/.puppet. As a quick work around I created the /var/lib/ puppet/.puppet/auth.conf file but it just lead to more issues. Not sure why it is thinking the (I believe auth.conf is in the confdir) is /var/lib/puppet/.puppet. Here is my puppet.conf on puppetmaster. main] # The Puppet log directory # The default value is '$vardir/log'. logdir = /var/log/puppet # Where the Puppet PID files are kept. # The default value is '$vardir/run'. rundir = /var/run/puppet # Where the SSL certificates are kept. # The default value is '$confdir/ssl'. ssldir = $vardir/ssl confdir = /puppet/development #external_nodes = /usr/bin/cobbler-ext-nodes #node_terminus = exec [puppetd] # The file in which puppetd stores a list of the classes # associated with the retrieved configuration. Can be loaded in # the seperate ``puppet`` executable using the ``-- loadclasses`` # option. # The default value is '$confdir/classes.txt'. classfile = $vardir/classes.txt # Where puppetd caches the local configuration. An # extension indicating the cache format is added automatically. # The default value is '$confdir/localconfig'. localconfig = $vardir/localconfig [puppetmasterd] ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY certificate_revocation = false Here is my config.ru which is owned by puppet # a config.ru, for use with every rack-compatible webserver. # SSL needs to be handled outside this, though. # if puppet is not in your RUBYLIB; # $:.unshift('/opt/puppet/lib') $0 = "master" # if you want debugging: ARGV<< "--debug" ARGV<< "--rack" #require 'puppet/application/master' require 'puppet/application/puppetmasterd' # we're usually running inside a Rack::Builder.new {} block, # therefore we need to call run *here*. #run Puppet::Application[:master].run run Puppet::Application[:puppetmasterd].run I am running puppet 0.25 on RHEL v5.5. Any help would be appreciated as I have been unable to get around this issue. Thanks -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Specifying version for shared packages
I've been banging my head on this all day, and I cannot seem to figure out how to do it. I have a package for Apache HTTPd. I want to be able to specify the exact version of the package to use for a particular installation. And it is also possible that I want to have two separate modules install the same package. So, what I end up with is the following class app-apache { package { "apache" : ensure => installed, noop => true } } class app-apache-server1 inherits app-apache { Package["apache"] {ensure => "2.2.15", noop => false} } class app-apache-server2 inherits app-apache { Package["apache"] {ensure => "2.2.15", noop => false} } Basically, I have two servers configured. Now, it is possible that both servers could end up on the same host, depending upon a number of facters. When that happens, I get an error about not being able to override the "ensure" method in app-apache-server2 because it was already overridden in app-apache-server1. Anyone have any ideas on how to do this? I need to be able to specify the version I want for a particular class, and that can change from class to class. I realize that if two different classes define two different versions and both classes end up on the same node, I will get errors from YUM. I'm ok with that. Marc Zampetti -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Specifying version for shared packages
Basically, I'm trying to build modules that implement best practices (the app-apache module), and then admins that need to build specific apache instances just create a new module that inherits from the base class and provides the information they need. So, admin A wants to build apache server 1, and thus creates app-apache-server1. They set the version of apache they need, any other required information (like docroot, etc.), and add anything else specific to that application. Admin B wants to build apache server 2, and thus creates app-apache-server2. They go through the same process as admin A. Notice, there are no nodes in this discussion. Its all about defining an application. Then its time to say which nodes that apps will run on. In this case, I want a single node to run both apps. Whenever I try to do that with Puppet, I keep getting duplicate errors related to the package. All of this assumes that the appropriate coordination has occurred to make sure that both app definitions. That means that they are both trying to use the same version of the package, don't conflict with files or ports, etc. Also, I think I forgot to mention that I am using puppet 0.25.5. Marc On 9/14/10 4:39 PM, Silviu Paragina wrote: On 14.09.2010 23:12, Marc Zampetti wrote: I've been banging my head on this all day, and I cannot seem to figure out how to do it. I have a package for Apache HTTPd. I want to be able to specify the exact version of the package to use for a particular installation. And it is also possible that I want to have two separate modules install the same package. So, what I end up with is the following class app-apache { package { "apache" : ensure => installed, noop => true } } class app-apache-server1 inherits app-apache { Package["apache"] {ensure => "2.2.15", noop => false} } class app-apache-server2 inherits app-apache { Package["apache"] {ensure => "2.2.15", noop => false} } Basically, I have two servers configured. Now, it is possible that both servers could end up on the same host, depending upon a number of facters. When that happens, I get an error about not being able to override the "ensure" method in app-apache-server2 because it was already overridden in app-apache-server1. Anyone have any ideas on how to do this? I need to be able to specify the version I want for a particular class, and that can change from class to class. I realize that if two different classes define two different versions and both classes end up on the same node, I will get errors from YUM. I'm ok with that. Marc Zampetti I don't see any way to do what you want directly. But in your specific case you may add another level of inheritance, that specifies the version, and inherit both of your classes from that, and you will get an error from puppet for double override in that case. You shouldn't feed much into yum as you might get an actual response in package management... As an alternative you may get the version from a variable for the specified class, but this would leave you with somewhat of a nightmare for double inclusion. Leaving that aside what are you trying to do? What you are doing doesn't seem right to me. Any code that uses copy/paste should be refactored to call that common piece of code instead of the programmer/admin doing a copy paste of that code. Silviu -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Specifying version for shared packages
I don't think I've made my problem clear. The issue is NOT how to specify a version for a package. I know how to do that. And I know how to use a define to do it as well. The issue is that if I call the define from two different classes on the same node, I get Duplicate errors. I also know how to make the define a virtual resource, but then the problem is I don't know how to pass in the version number when I do the realize. How can I include the same package more then once on a host, with the option of specifying the version to install on a module/class basis. On 9/14/10 5:47 PM, Darren Chamberlain wrote: I do this kind of thing in a few places, for things like different or specific versions of mysql, tomcat, libraries, and so on. I use a define to wrap this up, and the declare is called from within the node defitions. A simplified example of our method: define install ($version) { package { $name: ensure => $version, } } node foo { install { "apache": version => "2.2.5" } } node bar { install { "apache": version => "2.2.15" } } * Marc Zampetti [2010/09/14 16:55]: Basically, I'm trying to build modules that implement best practices (the app-apache module), and then admins that need to build specific apache instances just create a new module that inherits from the base class and provides the information they need. So, admin A wants to build apache server 1, and thus creates app-apache-server1. They set the version of apache they need, any other required information (like docroot, etc.), and add anything else specific to that application. Admin B wants to build apache server 2, and thus creates app-apache-server2. They go through the same process as admin A. Notice, there are no nodes in this discussion. Its all about defining an application. Then its time to say which nodes that apps will run on. In this case, I want a single node to run both apps. Whenever I try to do that with Puppet, I keep getting duplicate errors related to the package. All of this assumes that the appropriate coordination has occurred to make sure that both app definitions. That means that they are both trying to use the same version of the package, don't conflict with files or ports, etc. Also, I think I forgot to mention that I am using puppet 0.25.5. Marc On 9/14/10 4:39 PM, Silviu Paragina wrote: On 14.09.2010 23:12, Marc Zampetti wrote: I've been banging my head on this all day, and I cannot seem to figure out how to do it. I have a package for Apache HTTPd. I want to be able to specify the exact version of the package to use for a particular installation. And it is also possible that I want to have two separate modules install the same package. So, what I end up with is the following class app-apache { package { "apache" : ensure => installed, noop => true } } class app-apache-server1 inherits app-apache { Package["apache"] {ensure => "2.2.15", noop => false} } class app-apache-server2 inherits app-apache { Package["apache"] {ensure => "2.2.15", noop => false} } Basically, I have two servers configured. Now, it is possible that both servers could end up on the same host, depending upon a number of facters. When that happens, I get an error about not being able to override the "ensure" method in app-apache-server2 because it was already overridden in app-apache-server1. Anyone have any ideas on how to do this? I need to be able to specify the version I want for a particular class, and that can change from class to class. I realize that if two different classes define two different versions and both classes end up on the same node, I will get errors from YUM. I'm ok with that. Marc Zampetti I don't see any way to do what you want directly. But in your specific case you may add another level of inheritance, that specifies the version, and inherit both of your classes from that, and you will get an error from puppet for double override in that case. You shouldn't feed much into yum as you might get an actual response in package management... As an alternative you may get the version from a variable for the specified class, but this would leave you with somewhat of a nightmare for double inclusion. Leaving that aside what are you trying to do? What you are doing doesn't seem right to me. Any code that uses copy/paste should be refactored to call that common piece of code instead of the programmer/admin doing a copy paste of that code. Silviu -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Specifying version for shared packages
So does this mean that I need a new intermediate class for every possible version of the package? Just relying on using the "latest" is REALLY BAD in production. It means that I can NEVER know for sure that when I re-build a host that it is in the EXACT state I defined it as. You have to remember I'm operating in an an environment were we DO NOT let Red Hat do updates whenever it wants, and Puppet is not running in daemon mode. We only approve OS updates on a patch by patch basis, and only apply changes when we are ready to apply them. Please don't tell me "that is a bad thing to do". First, I completely disagree. I don't know how many times I've been burned badly because Red Hat decided to "fix" something that broke my app. The whole point of Puppet is that ensure me that the host is in the exact state I want it to be. And yes, if I have 1000 applications, I know I will need to update the version of the package 1000 times, since I cannot simply upgrade all applications all at once. For every upgrade, I have to test and validate the changes, no matter how small. I have a lot of hosts, and have to support a lot of different versions of a packages across those hosts. While I am not trying to support multiple versions of a package on a single host, I at least have to be able to specify for a given module/class what version to use. And telling me I have to manage that at the node level seems counter-intuitive as well. The whole point of Puppet is that the hosts become somewhat abstracted. I simply define what constitutes an application, including the versions of things, and then say to Puppet "make this host be like this". Is everyone really just installing one app per host, or not caring what version of a package is installed? Marc On 9/14/10 5:42 PM, Silviu Paragina wrote: Skipping the practices part, you can achieve the final objective by adding another level of inheritance (apache-app-ver-2) and the two classes in the end would inherit from, or include, this new class. Logically if there is any reason for apache having the same version in both application 1 and 2, that "reason" with it's specific configuration should go in a common manifest. Your logic for naming the intermediary class should then become apache-app-reason. If there is no reason I don't see why you aren't using latest/installed, with or without a private repository. IMHO in puppet you should specify what an application needs, not everything down to the version, or at least set the version somewhere common to all the classes that need to use it. Think of it this way, if you get to have 1000 applications, and need to upgrade apache because of a security flaw you will have to edit that in 1000 places, instead of a single class or using latest. A case where this shouldn't apply is virtual boxes, where there is only one function for the machine, and you might want the version of every software you use to be fixed. For how it would be ideal to do it, I'm not sure, I'm waiting for comments too. :) Silviu On 14.09.2010 23:55, Marc Zampetti wrote: Basically, I'm trying to build modules that implement best practices (the app-apache module), and then admins that need to build specific apache instances just create a new module that inherits from the base class and provides the information they need. So, admin A wants to build apache server 1, and thus creates app-apache-server1. They set the version of apache they need, any other required information (like docroot, etc.), and add anything else specific to that application. Admin B wants to build apache server 2, and thus creates app-apache-server2. They go through the same process as admin A. Notice, there are no nodes in this discussion. Its all about defining an application. Then its time to say which nodes that apps will run on. In this case, I want a single node to run both apps. Whenever I try to do that with Puppet, I keep getting duplicate errors related to the package. All of this assumes that the appropriate coordination has occurred to make sure that both app definitions. That means that they are both trying to use the same version of the package, don't conflict with files or ports, etc. Also, I think I forgot to mention that I am using puppet 0.25.5. Marc On 9/14/10 4:39 PM, Silviu Paragina wrote: On 14.09.2010 23:12, Marc Zampetti wrote: I've been banging my head on this all day, and I cannot seem to figure out how to do it. I have a package for Apache HTTPd. I want to be able to specify the exact version of the package to use for a particular installation. And it is also possible that I want to have two separate modules install the same package. So, what I end up with is the following class app-apache { package { "apache" : ensure => installed, noop => tr
Re: [Puppet Users] Specifying version for shared packages
That is an interesting option. One question though, will I still get the Dup error if I end up calling the pkg() define twice with the same version from two different modules? That seems to be the root of my problem. Marc On 9/15/10 9:49 AM, R.I.Pienaar wrote: - "Marc Zampetti" wrote: So does this mean that I need a new intermediate class for every possible version of the package? Just relying on using the "latest" is REALLY BAD in production. It means that I can NEVER know for sure that when I re-build a host that it is in the EXACT state I defined it as. You have to remember I'm operating in an an environment were we DO NOT let Red Hat do updates whenever it wants, and Puppet is not running in daemon mode. We only approve OS updates on a patch by patch basis, and only apply changes when we are ready to apply them. Please don't tell me "that is a bad thing to do". First, I completely You can use extlookup[1] to handle the versions for you, then you can manage it outside of your code and just control it in data. define pkg() { $version = extlookup("pkg_${name}", "present") package{$name: ensure => $version} } class apache::install { pkg{"httpd": } } That code is configurable per host/dc/country/whatever you want without changing manifest, just data. [1] http://docs.puppetlabs.com/references/2.6.1/function.html#extlookup -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Specifying version for shared packages
Thanks, I'll take a look. However, I'm not on 2.6.1, and don't plan to be for awhile. I think I saw reference to your extlookup being available for 0.25.5. Where can I find that? Marc On 9/15/10 10:15 AM, R.I.Pienaar wrote: - "Marc Zampetti" wrote: The problem is that I'm trying to do just what you suggest. I have a single class that defines the package and a default version, or just installed. Then I have sub classes that try to override the version. So, the base class is my generic "apache" class, and has all the logic to install apache on the host and configure the basics. Then the child classes add the instance specific stuff. As part of that, I need to specify the version to use. Using my proposed solution, you don't need all these classes, just update the data don't make more classes. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Turning off client bucket
How does one turn of the file bucket feature for puppetd. I simply don't want backup copies of the files. I deal with things like that in a different way. I cannot see how to turn it off. Marc -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: RFC: Make file content specification methods consistent.
I would avoid the use of a plural version of a parameter. To easy to make a mistake and since it is valid won't be easy to diagnose. The _concat would be fine. Also, isn't there already a parameter that influences the behavior if the "source" parameter? I don't recall the exact name, something like sourceselect I think. How would that factor into all of this? On Oct 31, 2010, at 4:54 AM, "Al @ Lab42" wrote: > On Oct 30, 4:45 pm, Nigel Kersten wrote: >> http://projects.puppetlabs.com/issues/5158 >> >> --- Ticket description --- >> >> We have four main ways we can specify file content in a file resource. >> >> The source parameter >> The content parameter >> The file function >> The template function >> >> These behave inconsistently in the following ways. >> >> The source parameter, file function and template function all can take >> an array. For source/file, the first file that exists will be used. >> For the template function, we concatenate the templates instead. >> >> The file function takes fully qualified paths only. The template >> function takes fully qualified paths, or dereferences relative paths >> as follows. ‘foo/bar.erb’ –> modules/foo/templates/bar.erb >> >> The latter problem is relatively easily solved, particularly if we >> implement #4885 >> >> We are going to have to break backwards compatibility to solve the >> first problem however. >> >> My feeling is that more people make use of the multi-select logic in >> the source parameter/file function than make use of the concatenation >> of the template function. >> --- >> >> I'm opening this up for discussion here on the user list as we need to >> all agree whether it's worth chasing consistency here at the cost of >> breaking backwards compatibility. >> >> It appears that people use both the concatenation and multi-select >> logic. How can we provide both bits of functionality for all these >> methods? >> >> Here's a terrible suggestion that hopefully inspires a better one. >> An array indicates multi-select logic, separation with a colon means >> concatenate. >> >> 1a. Use the first source that exists. >> >> file { "/tmp/somefile": >> source => ["puppet:///modules/foo/somefile.$hostname", >>"puppet:///modules/foo/somefile.default",] >> >> } >> >> file { "/tmp/somefile": >> content => template("foo/somefile.$hostname.erb", >> "foo/somefile.default.erb"), >> >> } >> >> 1b. Concatenate multiple objects >> >> file { "/tmp/somefile": >> source => >> "puppet:///modules/foo/somefile.$hostname:puppet:///modules/foo/somefile.default", >> >> } >> >> file { "/tmp/somefile": >> content => template("foo/somefile.$hostname.erb:foo/somefile.default.erb"), >> >> } >> >> Is this so unsatisfactory that we need to add more parameters? What if >> we pluralized for the concatenation with "sources" and "contents" ? >> >> 2b. New parameter for concatenation. >> >> file { "/tmp/somefile": >> sources => ["puppet:///modules/foo/somefile.$hostname", >> "puppet:///modules/foo/somefile.default",] >> >> } >> >> file { "/tmp/somefile": >> contents => [template("foo/somefile.$hostname.erb", >> template("foo/somefile.default.erb")], >> >> } > > > IMHO both the alternatives are OK, and, referring to the post's > followups, I prefer something like sources to source_concat and would > avoid the use of a "concatenate" boolean parameter to influence the > behaviour of another parameter (source/content): better to have the > information of how files are provided in a single parameter. > > But basically it's just a matter of aestetics. > >> Alternatively, do we really need to fix this? I think we do, as >> consistency matters a lot to me, but maybe I'm on my own here > > Not at all, you're right, this has to be fixed. > > My c > Al > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Multiple packages installation in one yum call
I agree with this sentiment, and feel that making this a "low" priority for Puppet Labs is somewhat strange. Like it or not, Red Hat Linux (or one of its off-shoots like CentOS) is one of the most popular versions in production. Package management is one of the most central and important things a system like Puppet handles. The fact that Puppet cannot manage packages in RPM format in an efficient and correct way seems just ridiculous. And saying that the problem is with the package manager is wholly pointless. That is how it works, and it is therefore up to Puppet to work with the OS. Or is Puppet Labs saying that they really only want to design a system that works with non-Red Hat derived Linux distros? Should I be looking to rip out Puppet and find something that is more open to working with my OS of choice, like Chef? What else does Puppet Labs not like about Red Hat Linux that I don't know about yet? Marc Zampetti On 1/17/11 1:11 PM, Mike Lococo wrote: On 01/17/2011 12:40 PM, Matt wrote: Unfortunately thats a limitation of RPM which has been worked around with YUM. YUM will do the resolution of dependencies if they are also in one of the repositories configured on the system. Unfortunately RedHat will blacklist systems that run yum too often so you either must: 1) Not manage packages with circular dependencies using puppet. This is what I've opted to do, although I find it unfortunate since puppet would be my preferred venue to do this kind of thing otherwise. 2) Use the yum-driven options *AND* run your own satellite server so you can ping it as often as you like. This is possible but is a not insignificant amount of unnecessary work. 3) Use the yum-driven options and reduce the frequency of puppet-runs to a few times per day in order to stay below the RedHat's abuse threshold. 4) Use rpm -i exec's instead of the package provider. While these workarounds are all feasible, none of them are nearly as desirable as batched transactions that properly support circular dependencies. I know Luke has also expressed his opinion that this is an upstream problem that affects an insignificant number of users (http://projects.puppetlabs.com/issues/1935), but I would *really* like to see this patch land. Between bugs 1935, 4893, 3156, 2198, and this thread, it looks like at least 8 people have reported this affecting them over the last two years. The batchable transactions fix is straightforward, improves performance of puppet-runs, and has no downside that has been discussed in its bug. Cheers, Mike Lococo -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] apache service start problem
The root issue is that the "service" resource only depends upon the Package. You need to include all of the other resources in the require, or chain the requires in such a way that all of the other work is done before puppet tries to start apache. That will fix the "double run" issue. Marc Zampetti On 3/17/11 6:06 PM, Denmat wrote: Hi, Looks like you're over engineering a bit here. You are creating directories that I think will be created by the package manager. You can obviously sets perms on those directories but I would drop unnecessary creates. Also you don't have any order in the structure. You need to include 'notify', 'requires' and 'before' as mentioned on the other thread. Cheers, On 17/03/2011, at 9:04, Tim Dunphy wrote: Hey guys, Thanks for your input! I have yet to start paring down the execs as per your suggestion, however I did implement your suggestion of using the absent attribute as opposed to the Tidy resource type. file { "/etc/httpd/conf.d/ssl.conf": ensure => absent, require => Package["httpd.$architecture"] } service { "httpd": enable => "true", ensure => "running", hasrestart => "true", hasstatus => "true", require => Package["httpd.$architecture"] } However this issue still persists.. I still need to run the puppet run at least twice in order for the apache service to start... the full apache class is shown below as it stands now... thanks again for your input! class apache { $packagelist = ["httpd.$architecture","httpd-devel.$architecture","webalizer.$architecture","php.$architecture","php-common.$architecture","php-devel.$architecture","php-xmlrpc.$architecture","php-gd.$architecture", "php-pear.noarch", "php-pdo.$architecture", "php-mcrypt.$architecture", "php-mhash.$architecture", "php-mysql.$architecture", "php-cli.$architecture", "php-soap.$architecture", "php-xml.$architecture", "mod_ssl.$architecture"] package { $packagelist: ensure => "installed" } exec { "create httpd dir": command => "/bin/mkdir -p /etc/httpd", creates => "/etc/httpd" } exec {"create apache module dir": command => "/bin/mkdir -p /usr/lib/httpd/modules", creates => "/usr/lib/httpd/modules/mod_file_cache.so" } exec { "create apache module link": command => "/bin/ln -s /usr/lib/httpd/modules /etc/httpd/modules", require => Exec["create apache module dir"], creates => "/etc/httpd/modules" } exec { "create apache log dir": command => "/bin/mkdir -p /var/log/httpd/logs", creates => "/var/log/httpd/logs" } exec { "create apache error log": command => "/bin/touch /etc/httpd/logs/error_log", require => Exec["create apache log dir"], creates => "/etc/httpd/logs/error_log" } exec { "create apache log link": command => "/bin/ln -s /var/log/httpd/logs /etc/httpd/logs", require => Exec["create apache log dir"], creates => "/etc/httpd/logs" } exec { "create apache run dir": command => "/bin/mkdir -p /var/run/httpd", creates => "/var/run/httpd" } exec { "create apache run link": command => "/bin/ln -s /var/run/httpd /etc/httpd/run", require => Exec["create apache log dir"], creates => "/etc/httpd/run" } exec { "create httpd conf dir": command => "/bin/mkdir -p /etc/httpd/conf.d", creates => "/etc/httpd/conf.d" } exec { "create httpd vhost conf dir": command => "/bin/mkdir -p /etc/httpd/conf", creates => "/etc/httpd/conf" } file { "/etc/php.ini": owner => root, group => root, mode => 440, source => "puppet:///apache/php.ini" } file { "/usr/lib/httpd/modules/mod_file_cache.so": owner => root, group => root, mode => 766, require => Exec["create apache module dir"], source => "puppet:///apache/krome/httpd/modules/mod_file_cache.so" } file { "/etc/httpd/conf/http
Re: [Puppet Users] erb including other erbs
This is actually quite easy. You just need to call the template() function from the erb template. For example: #!/bin/sample_script_erb some commands here <%= scope.function_template("module_name/template_file.erb") %> some more commands here On 4/6/11 11:48 PM, Ben Hughes wrote: On Wed, Apr 06, 2011 at 02:54:43PM -0700, draeath wrote: "You can also use templates to fill in variables in addition to filling out file contents." template('/path/to/template1','/path/to/template2') This is for in the manifest, so combing them. [ben@Paresthesia:~]% cat erb.pp file{ '/Users/ben/test': content => template('/Users/ben/one.erb','/Users/ben/two.erb') } [ben@Paresthesia:~]% cat one.erb I am the<%= fqdn %> [ben@Paresthesia:~]% cat two.erb I am in the other file and am<%= virtual %> [ben@Paresthesia:~]% puppet apply erb.pp notice: Finished catalog run in 0.02 seconds [ben@Paresthesia:~]% cat test I am the Paresthesia.local I am in the other file and am physical My question: is this done in the ERB file, or in the puppet manifest? It's in the manifest. If done in the ERB file, I assume it also has to be within<% %> tags, but unlike all the other examples in the documentation it is not presented this way. I don't think you can embed ERB inside more ERB. I tried a couple of attempts and Ruby really wasn't keen on the idea. The /path/to/ - is there some way to properly do this, or do I need to do '/etc/puppet/files/templates/./foo.erb' ? $mypath = '/etc/puppet/files/templates/./' file{ '/tmp/foo': content => template( "$mypath/foo.erb" ) } Or if using modules, you can just specify the module name and it will use the template named in there. content => template( 'mymodule/mytemplate.erb' ) From mymodule/templates/mytemplate.erb -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Debian preseed values for puppet deb package
On Mon, 07 Dec 2009 17:09:41 -0500 Joe McDonagh wrote: > It would be nice if we could preseed the puppet installation package > with some values. This way during boot up, preseeding > debian-installer, I could also preseed the puppet package to start in > a certain environment. Beyond that you could preseed certname, > server, etc. Here we use this sort of thing: file { "/var/cache/debconf/sun-java6-bin.preseed": ensure => present, content => "sun-java6-bin shared/accepted-sun-dlj-v1-1boolean true", } package { "sun-java6-bin": ensure => present, responsefile => "/var/cache/debconf/sun-java6-bin.preseed", require => File["/var/cache/debconf/sun-java6-bin.preseed"], } Then anything you can do using preseed is open to you. Hope this helps ! Marc -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] vmwaretools
Hello, > hi, i am trying to run /usr/bin/vmware-config-tools.pl -d, but i was > end with exec timeout. I cannot find any think on google. Have anyone > experience with this? I don't know what the -d switch is for, but AFAIK vmware-config-tools.pl is an interactive script which waits for user input. This could be the reason for the timeout you're having. This doesn't answer your question, but I use openvmtools¹ instead because I found vmware-tools to be much of a pain to maintain (with or without puppet). I just pushed onto github[²] the module I use for debian and redhat. Maybe you'll find it useful. Marc [¹] http://open-vm-tools.sourceforge.net/ [²] http://github.com/camptocamp/puppet-openvmtools -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] vmwaretools
> should be without asking. When I > run it in the bash It ends in a minute, without asking any thing. Ok, I suppose this is the part where it compiles a kernel module, which can indeed take a while. You have a "timeout" parameter which can be used in this case: exec { "/usr/bin/vmware-config-tools.pl -d": timeout => "-1" } > I found only this bug > (http://photographersofficeonline.com/issues/910), but it's old one > and is closed (solved?). I wonder why redmine is suddenly reachable through photographersofficeonline.com ? Is this new ? It seems like an error. Marc -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Magazine article comparing CPU usage of Puppet vs. Cfengine
> The version of CFEngine he is running is 3.0.1b3 > (released ??? Jan or Feb '09, sometime, maybe?) > > The version of Puppet he is running is 0.24.7 > (released 16-Dec-2008) > > So, even though this article was just released, I think it was > written a year > ago. The author said these were the latest stable versions at the > time of writing. The author also mentions that: "In Puppet a server component is mandatory [...]" (probably he missed out the "puppet" interpreter) but that "Cfengine’s configuration agent is independent of a server component". I suppose the benchmarks were made on a machine running puppetmaster + puppetd, but cfengine was run in stand-alone mode. Probably puppet would have performed a bit better if the manifests would have been run in stand-alone mode too. Marc -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ssh_authorized_key - same key, different accounts?
On Fri, 26 Feb 2010 12:58:51 -0700 Alan Sparks wrote: > Puppet 0.24.8... I am trying to use ssh_authorized_key to create > passwordless logins for a couple of accounts. The important thing to > note is I'm trying to get the source ("r...@somehost" below) as part > of the key, and the same key needs to be added to two different > accounts on the system. AFAIK, the last part of an ssh key is a free comment, and it is used by puppet to uniquely identify ssh_authorized_key resources. What I usually do is call my resources something like: ssh_authorized_key { "marc's key on root's account": ... } ssh_authorized_key { "marc's key on marc's account": ... } > It appears that the resource name is the only place I can set the > originating source (whatever the correct term is) for the key. > > ssh_authorized_key { "r...@somehost": >ensure => present, > type=> ssh-rsa, > target => '/home/xx/.ssh/authorized_keys', > key => ' removed for brevity xxx', > user=> "xx", > require => User["xx"] > } The user and target parameters are mutually exclusive. You shouldn't need to use both. I'm not sure which one takes over if both are defined. An ssh key is expected to be one long string without spaces, so I can imagine in this case the ssh_authorized_key type is unable to decide where the key ends and where the comment starts, as the key has whitespaces. Maybe we should file a bug about this: ssh_authorized_key should refuse keys which have whitespaces. In any case, what about doing this instead: # removed for brevity xxx ssh_authorized_key { "r...@somehost": ensure => absent, ... } > So the above will create an authorized_keys value like: > ssh-rsa removed for brevity xxx r...@somehost > > But if I need the same key installed for a different user, I'm stuck > -- I can't use the same resource name to create the "r...@somehost" > restriction. And I can't see another way to specify that value. > > Is there any way to accomplish this, without abandoning > ssh_authorized_key? Thanks in advance. Paul: why do you think ssh_authorized_key is terrible ? Do you think the behaviour should be different ? Marc -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppet booth at openexpo.ch
Hello, This short notice to inform folks from Switzerland & vicinity that we will be holding a small puppet booth at OpenExpo, which takes place in Bern next wednesday an thursday. If you happen to be around, come and find us at the open-source village[¹] ! Cheers, the guys behind spug.ch [¹] http://www.openexpo.ch/openexpo-2010-bern/open-source-projekte/ -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Grouping user and ssh_authorized_key in one virtual class.
> The way I did it was to realize the user, then realize the sshkey and > then realize something else. I just want a nice package where I can > say: > > class user::ops inherits user::virtual { > realize( > User["bill"], > User["richard"], > ) > } > > class user::overlords inherits user::virtual { > realize( > User["linus"], > User["richard"], > ) > } > > And it will do all of the above in one realize. Is it possible to make > a class virtual and have one for each user? As far as I know this isn't possible. But one thing I'm thinking of is something like this: define my::user ($ensure=present, $key) { user { $name: ensure => $ensure, } ssh_authorized_key { $name: ensure => $ensure, type => "rsa", key=> $key, user => $name, } file { "/home/$name/.bashrc": ensure => $ensure, content => template(...), } } class all::my::users { @my::user { "bill":key => "abc..." } @my::user { "richard": key => "def..." } } And then, wherever you like: include all::my::users realise My::User["bill"] The nuisance with this solution is that you cannot have more than 1 ssh key or set of files per user. I hope this helps ! Marc -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: getting a list of rules out of iptables
Seph, Ken, Thanks for your patches on this module ! I love the --comment idea. I will definitely pull this asap. > You shouldn't need the 'before' in the 'iptables' resource. Not quite > sure why its not executing, but how about this ... I do know why it's not executing: unfortunately this iptables type isn't able to notify other resources. I wasn't able to figure out quickly how this should be done, and never really got back to it... I'm not too comfortable with the idea of directly calling iptables-save in the ruby code and saving the output into a file. IMHO, the point of saving the output to a file is to be able to load the firewall at boot time, and the way this is done is distribution specific. I think this should be left out of the ruby part, and maybe put in some puppet class which does the right thing for each distribution. But of course, notify needs to be fixed first... Any pointer on this is very welcome: what sort of magic must be put in a puppet type to allow it to send notification to other resources once it has run ? Thanks ! Marc -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] RHEL 6
> Quick question: Has anyone tried Puppet on the RHEL 6 beta? We have > to start gearing up at work to replace our RHEL5 servers with RHEL6 > to resolve a bunch of long running issues we have, and I didn't even > want to download the iso until I knew someone else had given it a > whirl with cobbler/puppet. There seem to be some weirdness with facter I didn't investigate further yet. Puppet apparently runs fine but I didn't throw hundreds of resources to my test machine yet. Marc -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: GSoC - Introducing myself
Hello, > My name is Carla, and I am one of Google Summer of Code 2010 students > selected to work on Puppet this summer. My proposal is to develop > types for management of virtual machines, initially focus on Xen and > KVM. Cool, I'm looking forward to check out your work ! Just wondering if there are plans to use libvirt, which supports much more systems than just xen and kvm ? It even seems to have ruby bindings. Marc -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] temporarily editing sudoers
On Fri, 7 May 2010 10:10:16 -0700 (PDT) John Philips wrote: > > But this way, /etc/sudoers can't be managed by Puppet, because It > will be overwritten by puppet. You could have your script set the > immutable attribute on the sudoers file. Then puppet won't be able > to change it. > > chattr +i /etc/sudoers > > When you want puppet to start managing the file again, remove the > attribute. > > chattr -i /etc/sudoers > But this will yield puppet errors and feels a bit hackish. What about using loading pam_time.so in /etc/pam.d/sudo ? Checkout time.conf(5) and pam_time(8). You can even manage pam configuration with puppet using the augeas type. Marc -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppet-module-apache
> > I've open-sources Digg's apache module: > > http://github.com/plathrop/puppet-module-apache > > > > I know this isn't much more advanced than what I've seen a lot of > > people using. Here's my proposition, though. Let's get all the > > disparate "apache" modules out there merged together into One > > Awesome Module. What do you think? > > > > One module to rule them all > > One module to find them > > One module to bring them all > > And via Puppet bind them. Excellent initiative ! Things I see missing in most of the apache modules found out there and which we worked on in ours (http://github.com/camptocamp/puppet-apache) include: - abstraction of debian/ubuntu - redhat/centos differences (I agree by debianizing the way apache works on redhat) - management of ssl certificates - selinux support for redhat/centos Furthermore, I'd like to drive your attention to the fact that augeas has experimental support for apache-like configuration files. Maybe would it be an idea to use this to edit config files shipped by the distribution instead of overwriting them with files/templates from the module ? Marc -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] common module [was: puppet-module-apache]
> Since I'm almost convinced that people will keep on doing their own > apache modules and there will hardlly be a monstre module good for > every use [...] I've been thinking about this and about the various attempts to start a "common modules" project that we have seen in the past. I believe the reason it will probably be difficult to build one common apache module that everyone will be happy to use, is that apache is one of these tools that offers many different ways to do the same sort of thing. Then there is the personal/cultural preferences of every sysadmin on how thing should be done. Add this to the various constraints which are imposed to us by the clients/managers which we work for. So either this module will eventually be extremely simple and generic, but will probably not be very useful because all the job of configuring apache will be left to the module user. Or it will be full of cool ideas, will allow the user to skip past the complicated configuration stuff, but will be biased towards the authors habits and constraints. I think this will be the case for any "middleware" tool, not only for apache. By middleware, I mean the tools which the users have direct interaction with (databases, application servers, fileservers, etc). In contrast, ntp, syslog, mta, etc, are much less subject to this problem. Except the sysadmins, nobody usually cares how ntp works, or if it even exists. So what I'm suggesting is that it may be easier to start a set of common modules with this second sort of modules (which probably have at least as many variants as the apache module). Sorry if I sound pessimistic, but to quote Paul, "Let's get all the disparate apache modules out there merged together into One Awesome Module." seems to me like the 12 labors of Hercules. On the other hand, without ambitious people to start such projects, incredible tools like puppet or apache wouldn't exist :-) I'm looking forward to debate this around a belgian beer in Ghent ! Marc -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Writing a properly-formed custom type (configxml)
Hello, > I've split configxml into a provider and a type and it appears to work > properly now. > In more detail, I rewrote "attributes" as a property. > All logic is moved into an eponymous provider in 2 methods: > "attributes" and "attributes=(value)". Just wondering if you are planning to publish your work once it's finished ? I've been doing this sort of thing using Exec's of "xmlstarlet", but a pure puppet type is much smarter ! Marc -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] using puppetforge modules
Hello, > My question is this. Are the modules intended to be used with the > author-modulename naming convention? If so, did I do something wrong > or is there something wrong with the camptocamp-apt module that is not > allowing this? This module was indeed made to be used as "apt" not "camptocamp-apt". You raise an interesting question, which I'm not sure of the answer... Should module authors modify their modules to match the forge namespace ? Or is it expected that users rename modules downloaded from the forge before using them ? Does anyone have an idea of right the way to do this ? Marc -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Could not run Puppet configuration client: undefined method `keys' for nil:NilClass
> I'm getting this error message quite often on the puppet clients. I > don't know what it means. Restarting puppet often helps and the > messages will go away, but suddenly it will come back again. Any > thoughts? This a ruby error. Could you run puppetd with the "--trace" option ? This should provide useful info about which part of the code is having some trouble. Marc -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] managing php pecl modules
On Thu, 8 Jul 2010 10:25:52 -0400 Jon Charette wrote: > Does anyone have a module that handles pecl effectively? More a side note, but if you happen to be using debian or a derivative, you might want to checkout dh-make-php, and use the dh-make-pecl script to build regular .deb packages you can handle with the "package" type. Marc -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Ideas/Best Practices for module versioning
All, We are looking to implement Puppet as part of our config management/provisioning system. I've read a lot of wiki pages, all the Puppet docs, and the forums and mailing list archives. So far, I'm pretty comfortable with most of puppet, but the one area that I am a bit confused about is how to do node-level module version control. Basically, one of the key requirements is that I be able to know exactly which version of a module supposed to be applied to a node. We are not going to run Puppet in "auto update" mode out of cron, but instead push changes as part of our config management work-flow. As such, I need to be able to target a specific version of a module to a specific host, or group of hosts. I know that using an external node script is probably the way to go here, and I'm comfortable with that. What I don't know is how to manage the life-cycle. For example, I have a module, foo at v1. It uses two other modules, bar v2, and zoom v3. I apply that to the nodes I care about, and everything is fine. Then I get updates for foo, and bar. That bumps them to foo v2 and bar v3. But bar is also used by several other modules, and I don't want to have them affected by the changes to bar yet. I only want to apply the changes to the specific nodes that need them. To further complicate all of this, I need to be able to rebuild a machine quickly. That means that I need to be able to reimage the host, and have puppet return it to the same exact state as when it died. We also usually role out changes slowly, updating hosts one at a time in a group, sometimes letting them "burn in" for a day or so to ensure that the changes won't have any production impact that we didn't catch in QA due to things like load, user population, etc. That means that I need to be careful, since during this "burn in period", I still have to be able to handle the "reimage the host" problem. I know about environments, and I see how they might help. I also have looked at some of the info about using VCS-based options, like using git or svn or something like that. What I'm mostly looking for is what others are doing? How have others handled this problem? Are there solutions I don't know about that I can leverage before I go and build on my own? Any insights or help is greatly appreciated. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Ideas/Best Practices for module versioning
Ohad, So does that mean you have a large number of environments? Wouldn't this mean that worse case is that you have a separate environment for each node? Marc On 7/14/10 12:21 PM, Ohad Levy wrote: On Wed, Jul 14, 2010 at 11:39 PM, Cosimo Streppone mailto:cos...@streppone.it>> wrote: On Wed, 14 Jul 2010 17:19:33 +0200, Ohad Levy mailto:ohadl...@gmail.com>> wrote: I use environments for this purpose. the first step is to add versions to your modules, then to automatically generate an environment for that selection of modules (in their respective version) And how do you do that? Tried searching around for 'puppet module versioning' and the like but found almost nothing apart a mention of 'we need to do module versioning'. As puppet modules == code, use your version control system to tag the versions. I ended up putting all stable tagged modules in a special directory, and each environment contain links to the modules that I want to use (which is defined via a puppet define). Ohad -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppet agent 2.6.0 runs very slow
Hello, In your bugreport, you mention: File: 120.92 Do you have a File resource with "recurse => true" on a directory with many files/sub-directories ? In this case puppet will stat each of these files/directories, which can be quite time-consuming. Cheers, Marc -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Help with setting facts for MySQL replication
Hello, > Can anyone share how they configure MySQL for this kind of thing using > puppet given that multiple servers may be replicating different > databases and all servers require a unique ID? This all boils down to each host having different options in it's my.cnf file. There is an official augeas lens for editing mysql's my.cnf file since a couple of days (not in any release yet). If this can be of any help, I used this code for a basic "1 master-1 slave" setup on a few projects: class mysql::master inherits mysql::server { augeas { "my.cnf/replication": context => "/files/etc/my.cnf/mysqld/", changes => [ "set log-bin mysql-bin", "set server-id ${mysql_serverid}", "set expire_logs_days 7", "set max_binlog_size 100M" ], } } class mysql::slave inherits mysql::master { augeas { "my.cnf/slave-replication": context => "/files/etc/my.cnf/mysqld/", changes => [ "set relay-log /var/lib/mysql/mysql-relay-bin", "set relay-log-index /var/lib/mysql/mysql-relay-bin.index", "set relay-log-info-file /var/lib/mysql/relay-log.info", "set relay_log_space_limit 2048M", "set max_relay_log_size 100M", "set master-host ${mysql_masterhost}", "set master-user ${mysql_masteruser}", "set master-password ${mysql_masterpw}", "set report-host ${hostname}" ], } } I used a home-brew augeas lens though. I'm not sure the paths are exactly the same with the official one. Cheers, Marc -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Module/Class Naming/Organization Best Practices
All, Can anyone point me to some best practices for how one should name/organize classes and modules. I know that I should use modules for everything, and that I can references classes in one module from another class in another module. And I know about the class inheritance stuff. What I'm a little confused about is I've seen references to ::install and ::remove and stuff like that. In fact, I'm not sure if the "::" is anything more then naming convention, or if it means something to Puppet. Also, is the "modules" directory a flat directory, or can I have sub dirs? If so, how do I reference things in the sub dirs, or is it all just "magic". Any help is appreciated. Marc Zampetti -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppet (puppet apply) and reporting and fact sync
If I run in the disconnected mode using 'puppet' or 'puppet apply', is it possible to still have reports and facts synced to a central server? I've tried and it doesn't appear to be so, but I thought I would ask to make sure. Marc Zampetti -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Optionally ensuring a service is running
I want puppet to normally manage the running state of a service, so that if the service stops, it is restarted, etc. But during maintenance windows, I want puppet to leave the service in whatever state it is in. My idea is to have a file that can be checked to see if the service is in maintenance mode, and if so, then skip the ensure check. To do this, I see two issues. 1) How do I test for the existence of a file? The docs don't seem to be able to do so. I'm guessing I would need to define a custom fact for that, right? 2) How do make it so that the service "ensure" property is correct? Right now, it appears that only "running" or "notrunning" is valid. Would "ignored" or undef or something like that work? Is there a better way to achieve what I'm trying to do? Marc Zampetti -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Optionally ensuring a service is running
Thanks all for the suggestions so far. A little more info to make it clear what I'm trying to do. Basically, I don't want to stop Puppet from running and managing the rest of the system, I just don't want it changing the state of the service itself. For example, an Apache http server is in maintenance mode because someone is troubleshooting an issue or something like that. I want to be able to have apache running, or not, but I don't want apache to be started or stopped while I'm working on it. For example, debugging some dynamic pages or something like that. I know I can turn off puppet, and in some cases that is the better way to go. But for some things, like say a dev or qa server, where I have other things running that need to be kept up to date, I want the option of controlling the service itself. Once out of maintenance, I want Puppet to resume controlling the running state. I'll report back what I'm able to get to work. Marc On 8/11/10 1:44 PM, Nan Liu wrote: On Wed, Aug 11, 2010 at 12:27 PM, Marc Zampetti mailto:marc.zampe...@gmail.com>> wrote: To do this, I see two issues. 1) How do I test for the existence of a file? The docs don't seem to be able to do so. I'm guessing I would need to define a custom fact for that, right? 2) How do make it so that the service "ensure" property is correct? Right now, it appears that only "running" or "notrunning" is valid. Would "ignored" or undef or something like that work? Depends whether you want puppet to fail the rest of the dependency of this service or simply not perform any changes to the service state but allow the rest of the manifest to process without any issues. In the first scenario, require an exec which checks for file absent. In the second scenario, write a custom fact $maintenance (recommend prefixing your site name to the fact) and simply apply the meta-parameter noop => true and Puppet simply won't make any changes to the service state: # maintenance.rb Facter.add("maintenance") do setcode do File::exists?("/path/to/file") end end # in Puppet Class If ${maintenance} { notice ("System in maintenance mode.") Service { noop => true, } } Not sure if it's ideal, since both solutions will generate a fair amount of logging. Thanks, Nan -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] how to define variables in "module" scope ?
Hello, I have a bunch of variables that are used in several classes and definitions, all part of the same module. As these variables are defined automatically based on system facts, I would like to avoid having to declare them in each node that uses classes or definitions from my module. Where would be the best place to put these variables ? I tried in /manifests/init.pp as well as in an external file imported from within classes/definitions files but none work as I would have expected. Thanks for any hint ! Marc --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: how to define variables in "module" scope ?
Hello, > > I have a bunch of variables that are used in several classes and > > definitions, all part of the same module. > > > > As these variables are defined automatically based on system facts, > > I would like to avoid having to declare them in each node that uses > > classes or definitions from my module. > > > > Where would be the best place to put these variables ? I tried in > > /manifests/init.pp as well as in an external file imported > > from > > within classes/definitions files but none work as I would have > > expected. > > That's a discussion I had several weeks ago on IRC, but I can't > remember with whom. IIRC, it basically makes a difference wheter the > module is autoloaded or imported. My tests so far have shown that > "module-scope" variables, i.e. e.g. such ones defined at the > beginning of init.pp, get included if you import the module, but not > if some class in the module is autoloaded. I think we had concluded > that it would be nice to have "module-scope" variables in autoloaded > classes and definitions, but had not followed the thought or the > tests any further. > > I hope this answers some of your questions, and we can find a > solution that suits everyone. Greetings, Thank you Felix for this idea ! It indeed helped my classes work without having to set variables in the global scope. For future reference, here's the idea: modules/whatever/manifests/init.pp: case $operatingsystem { RedHat: { $wwwuser = "apache" } Debian: { $wwwuser = "www-data" } } import "classes/*.pp" import "definitions/*.pp" In modules/whatever/manifests/*/*.pp I have stuff such as: class wwwuser { user { "$wwwuser": ensure => present, } } And finally in my nodes I do: import "whatever" include wwwuser This solution is convenient enough for my needs. But maybe should we report this as a feature request to puppet developers ? Does someone know if there is a good reason variables in init.pp aren't available in autoloaded classes ? If this is finally the designed behaviour I will put a note somewhere in the wiki about the workaround. Marc --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Puppet Augeas Plugin
>>> hmmm. looks like a patch from Marc Fournier attempts to address the same >>> thing and I'm not sure both are necessary (and they conflict in some >>> cases). I suppose it depends on what behavior is appropriate. >>> >>> Marc's patch will not perform the onlyif get/match if the node doesn't >>> exist (when result.nil?). My patch will still perform the get/match; my >>> thinking was that this would allow to test for the entry not being >>> present (onlyif => "Key =~ ''"). >>> >>> I'm not sure which approach results in a more intuitive behavior but >>> only one should be used. Thoughts? >> >> >> I put a test in there where, assuming no star wars characters exist in >> the file this should run >> >> [...] > > I just noticed that the extra patch got in. I reverted it. The above > still holds. Marc.. does the above solve your use cases? In fact my usual use case is changes => "set Boss Nass", onlyif => "get Boss != Nass ", as a workaround for the issue discussed in this thread: http://thread.gmane.org/gmane.comp.sysutils.augeas.devel/985/focus=9753 The patch I sent indeed focused on the need for this workaround. The behaviour of Joel's patch is definitely better. Thanks ! Marc --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Puppet Augeas Plugin
>> The patch I sent indeed focused on the need for this workaround. The >> behaviour of Joel's patch is definitely better. > > > So.. to verify... you are good? Sorry, I wasn't very clear. Yes Joel's patch works fine for me. Marc --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] possible bug in yumrepo type ?
Hello, I used to have something like this: yumrepo { "foobar": [...] gpgkey => ["file:///etc/pki/rpm-gpg/key1", "file:///etc/pki/rpm-gpg/key2"], } Which as expected used to generate files looking like this: [foobar] gpgkey=file:///etc/pki/rpm-gpg/key1 file:///etc/pki/rpm-gpg/key2 It appears this no longer works with 0.24.6. I'm pretty sure it worked with 0.24.5. I now use this instead: gpgkey => "file:///etc/pki/rpm-gpg/key1\n\tfile:///etc/pki/rpm-gpg/key2", This small change isn't very important from my point of view, but I thought it might be worth pointing out. Should I file a bug report or was it me who was doing things wrong ? Thanks ! Marc --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] libselinux ruby bindings
Hello, Any idea how to get these ruby bindings installed on machines other than fedora >= 10 ? It seems to be required for using selinux with puppet 0.24.7. Thanks ! Marc --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: libselinux ruby bindings
> > Any idea how to get these ruby bindings installed on machines other > > than fedora >= 10 ? It seems to be required for using selinux with > > puppet 0.24.7. > > repackage it from the srpm? didn't do that yet, however i'll have to > do it for centos some time. so would be nice if you can inform about > any success. I've been this way. It appears this ruby binding is part of libselinux. It is generated with swig. {Centos,Redhat} 5.x ship with libselinux 1.33.4. Fedora 10 comes with 2.0.73. The API has changed between both versions. So a regular repackaging would be difficult (things like pam, sysvinit and coreutils depend on it). This leaves us with an interesting packaging challenge ;) It seems to me the way to go would be to have a swig specialist do magic things with the source version of libselinux-1.33.4.rpm. Can anyone help with that ? Marc --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: libselinux ruby bindings
> The Fedora Infrastructure folks are keen to use the SELinux support > and have a mix of Fedora and RHEL boxes. And some of them happen to > sit in the same offices as Dan Walsh, the libselinux maintainer for > Fedora and RHEL. I believe that they're inquiring about enabling the > ruby bindings for RHEL. Ok, good to know ! > So patience might be all that it takes. (Failing that, patching > puppet to use the old, slower stat and matchpathcon calls would > probably be far easier than updating libselinux on RHEL.) Apparently just downgrading the following files from 0.24.7 to 0.24.6 is sufficient to get selinux to work again on redhat/centos 5: lib/puppet/type/file/selcontext.rb lib/puppet/util/selinux.rb Marc --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Fosdem 2009
> Just wondering if anyone else from the Puppet community will be at > FOSDEM and want to meet up for an informal discussion about puppet and > facter. I'll be at FOSDEM too. I won't be missing Raphaël Pinson's talk on Augeas. +1 for meet up & informal discussion :) It seems the Fedora devroom would be the place to gather. Marc --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] trouble diagnosing exported resources
Hello, I want to use exported resources (namely sshkey) and with the following code, each node gets his own ssh key written into /etc/ssh/ssh_known_hosts, but not the others ones. This is with puppet 0.24.7 on redhat. node 'node1' { @@sshkey { "node1": type => rsa, key => $sshrsakey } Sshkey <<| |>> } node 'node2' { @@sshkey { "node2": type => rsa, key => $sshrsakey } Sshkey <<| |>> } ... I have this working as expected on another set of hosts (debian with puppet 0.24.7). When I compare the output of puppetmaster logs with --debug, I obtain this on the working one: debug: Scope(Node[node1]): Collected 1 Sshkey resource in 0.06 seconds And this where exported resources don't work: debug: Scope(Node[node1]): Collected 1 Sshkey resources in 0.00 seconds debug: Scope(Node[node1]): Collected 0 Sshkey resources in 0.00 seconds Another significant difference I noticed so far is that this query returns no rows on the puppetmaster which doesn't work as expected: SELECT * FROM `resources` WHERE (exported=1); I'm seeking pointers on how the exported resource storage mechanism works, how to track down what's misbehaving in my case. Any idea why the collect_exported function in collector.rb seems to be running twice ? Thanks ! Marc --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: trouble diagnosing exported resources
On Wed, 11 Mar 2009 09:49:47 -0400 Todd Zullinger wrote: > Marc Fournier wrote: > > I want to use exported resources (namely sshkey) and with the > > following code, each node gets his own ssh key written into > > /etc/ssh/ssh_known_hosts, but not the others ones. > > > I think this is http://projects.reductivelabs.com/issues/show/1884. > It was fixed in commit 32c2be9. > That's exactly this bug. Thanks a lot ! Marc --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Experiences with RHN Satellite?
> how do you then download *all* the packages installed on the 400 or so > servers from redhat, to seed your local repo ? https://rhn.redhat.com/rhn/software/downloads/SupportedISOs.do You can download the DVD images of the releases and loopback-mount them somewhere under apache's DocumentRoot (or whatever's equivalent) and you're done. This way I only use RHN for post-latest-release packages updates. Marc --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: apache2 template
Hi, > anyone have an apache2 virtualhosts template they like and would like > to share? > > For example I would like to provision quickly > > website1.com > website2.com > website3.com > > and have the docroots be in > > /home/vhosts/website1.com/htdocs/ > /home/vhosts/website2.com/htdocs/ > /home/vhosts/website3.com/htdocs/ Have a look at http://github.com/camptocamp/puppet-apache/tree/master The apache::vhost and apache::vhost-ssl definitions do exactly that. You can use it this way: include apache apache::vhost { ["website1.com", "website2.com", "website3.com"]: } You'll just have to modify the $wwwroot variable. By default, sites are created under /var/www/ Marc --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: iptables anyone?
> About to start looking at managing iptables on our CentOS 5.2 systems, > anyone know if a type/solution already exists for this? Have a look at http://github.com/camptocamp/puppet-iptables/tree/master It's work in progress (and currently stalled). It works for me on a dozen redhat 5.x hosts. Marc --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: camptocamp puppet-iptables constantly applying changes?
Hi, > The same set of rules are applied on each run. I used numbers as the > names to sort the rules accordingly since iptables rules' order does > matter. Has anyone been using this module/plugin? I havent tried > using a-z for the names of the rules, and there are no specified > dependencies of each rule (requires,before,after). It is an issue I am aware of, is irritating me, and must investigate. Using a-z names instead of numbers shouldn't solve the problem. I've only noticed this on hosts with a fair amount of iptable resources declared. So I believe one or several rules built by puppet don't match the output of iptables-save. This leads puppet to think something has changed. I previously used regular require/before/after dependencies but I switched to alphabetical ordering because of another "always running" issue. Unless you declared strictly linear dependencies (first rule before 2nd rule, 2nd rule before 3rd rule, etc) you depended on puppet's random ordering of resources. And in this case, a different ordering might mean something completely different, maybe even the opposite of what is intended. This wasn't too much of an issue when all resources were declared in the same file (for instance inside a node{}). But my idea was to include different iptable{} resources in different modules, which weren't all included on each node. And this led to loads of failed dependencies. I'll try to have a look at this issue soon. Thanks for the feedback ! Marc --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: undefined method `+\' for false:FalseClass
Hello, > The first couple lines look like: > > err: Could not create 01 localhost spoofing in: undefined method > `+' for > false:FalseClass /var/lib/puppet/lib/puppet/type/iptables.rb:451:in > `initialize' /usr/lib/ruby/1.8/puppet/type.rb:1129:in > `new' /usr/lib/ruby/1.8/puppet/type.rb:1129:in > `create' /usr/lib/ruby/1.8/puppet/transportable.rb:91:in > `to_type' /usr/lib/ruby/1.8/puppet/transportable.rb:198:in > `to_catalog' /usr/lib/ruby/1.8/puppet/transportable.rb:126:in `each' Thanks for reporting this. I believe I never ran into this issue because I don't usually run puppet as a daemon. Could you please let me know if the following commit fixes the problem for you ? http://github.com/camptocamp/puppet-iptables/commit/53064851309ffaab0c6ec1cc7d0367e7aa103545 Thanks ! Marc --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Extras .... denizens of the Puppet ext directory
Hello, > I've been meaning to do this for ages In the Puppet tarball is a > directory called "ext" that contains some extras that aren't exactly > mainline but could be useful to people. You can see it's current > contents at: > > http://github.com/reductivelabs/puppet/tree/62534a1622c710eb52b681d96aca8687c597190c/ext > > So the "ext" directory has got a number of useful tools, scripts and > add-ons including: Nice ! Thanks for pointing that out. I noticed that the vim syntax highlight file defines "site" as a keyword along with "class", "define" and "node". Any idea what language feature this might be ? I can't find anything relevant in the wiki... Paul Nasrat also mentions this in this blog post: http://nasrat.livejournal.com/51482.html I would have a couple of improvements to suggest for puppet.vim. Shall I follow wiki:DevelopmentLifecycle or just send a patch to James Turnbull ? Marc --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Puppet Camp Oct 1-2 at SFSU
Hi, > > I look forward to all the people who manage module collections > > putting in their ten cents of approach and design. Woot! Bring on > > the merge fest! > > Yes, something I forgot to mention: I'm totally open to other people > interested in this project to join, commit, and maintain their > modules. We do have a few modules on github[1] and would be glad to share this stuff in such a project. Some of these modules have even been written with reusability and platform independence in mind ! Marc [1] http://github.com/camptocamp --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: POLL: Migrating web changes across load-balanced servers
On Mon, 15 Jun 2009 08:41:31 -0700 (PDT) drmikecrowe wrote: > > Hi Tim, > > That's very close to where I am now, except we use mercurial instead > of svn. :) > > However, I'm more searching for non-same hosts (i.e. no SAN). I'm > basically asking the question of puppet managed ( file > { source=>"puppet:// } ) vs. another scheme. > > My hunch is I do NOT want puppet managing 1000's of files and > propagating them. Maybe have puppet monitor a version file, and when > that changes, execute an rsync to bring the directories into sync. I have similar needs but have not found any satisfying solution yet. Maybe this feature might prove useful, once it is implemented: http://projects.reductivelabs.com/issues/184 I imagine this would allow us to do something like this: file { "/var/www/whatever/": ensure => "r123", source => "svn://myproject.com/svn/repository/" } Marc --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: HTTP as a source for files
Hello, > I've been looking into having Puppet deploy some larger files and I'm > noticing that it ties up puppetmasters quite a bit and can often > result in a timeout if the file is too large. Before I submit a > feature request for a http method for file sources, I would throw it > out to the group and see if anyone had any thoughts on it. > > [...] I'm convinced we could benefit from having other file sources than file:// and puppet://. There already is a (similar) ticket for this: http://projects.reductivelabs.com/issues/184 You might also be interested by Luke Kanies's reply to more or less the same question on puppet-dev a few weeks ago: http://groups.google.com/group/puppet-dev/browse_thread/thread/275658354cd45bab/60b7672fbc35c371 I've started working on this (but unfortunately got preempted and now stalled). It shouldn't be too difficult to implement, but as far as I'm concerned, my knowledge of ruby is currently too low to do this efficiently :-( Marc --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] trouble with passenger and 0.25.0beta2
Hi, I'm currently trying to get my puppetmaster work in passenger, but have not succeeded so far. Passenger itself seems to work (a small "hello world" app runs fine), but when I point a puppet client (0.24.8) to it, I get: info: Retrieving plugins err: Could not call fileserver.list: # err: /File[/var/lib/puppet/lib]: Failed to generate additional resources during transaction: HTTP-Error: 500 Internal Server Error err: Could not call fileserver.describe: # err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of resource: HTTP-Error: 500 Internal Server Error Could not describe /plugins: HTTP-Error: 500 Internal Server Error info: Retrieving facts err: Could not call fileserver.list: # err: /File[/var/puppet/facts]: Failed to generate additional resources during transaction: HTTP-Error: 500 Internal Server Error err: Could not call fileserver.describe: # err: /File[/var/puppet/facts]: Failed to retrieve current state of resource: HTTP-Error: 500 Internal Server Error Could not describe /facts: HTTP-Error: 500 Internal Server Error err: Could not call puppetmaster.getconfig: # err: Could not retrieve catalog: HTTP-Error: 500 Internal Server Error warning: Not using cache on failed catalog and in apache logs, nothing more than a few: "POST /RPC2 HTTP/1.1" 500 20152 "-" "XMLRPC::Client (Ruby 1.8.5)" (this is with "--debug" in config.ru). It's on redhat el5 with the following gems installed: activerecord (2.1.0) activesupport (2.1.0) fastthread (1.0.7) passenger (2.2.2) rack (1.0.0) rake (0.8.1) I previously tried with passenger 2.2.4 but downgraded after coming accross http://projects.reductivelabs.com/issues/2386. With 2.2.4, I had more verbose errors: http://pastie.org/547061 I vaguely suspect a path-related problem, because of the "uninitialized constant Puppet::SSL::Base" I got with 2.2.4, but I have no idea what I should define where. Any hints or pointers welcome ! Thanks, Marc --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: trouble with passenger and 0.25.0beta2
> usually you can get some info by point a browser at your puppetmaster Thanks, I didn't know that ! I was turned away by an ssl certificate error, thinking that my browser had no client cert and that was not an issue. There is indeed quite useful things there: Error message: undefined method `new' for Puppet::Daemon:Module Exception class: NoMethodError Application root: /etc/puppet/rack Backtrace: # File Line Location 0 /srv/puppet/lib/puppet/application/puppetmasterd.rb 36 in `run_preinit' 1 /srv/puppet/lib/puppet/application.rb 213 in `run' 2 config.ru 24 3 /usr/lib/ruby/gems/1.8/gems/passenger-2.2.1/vendor/rack-0.9.1/lib/rack/builder.rb 29 in `instance_eval' 4 /usr/lib/ruby/gems/1.8/gems/passenger-2.2.1/vendor/rack-0.9.1/lib/rack/builder.rb 29 in `initialize' 5 config.ru 1in `new' 6 config.ru 1 Would this be a bug I should report in puppet's bugtracker ? > you can also get a fully working passenger setup from here: > http://github.com/ohadlevy/puppet-multipuppetmaster/tree/master Thanks, I'll look at all this ! Is it required to have the "apache" user in group "puppet" ? I can't find apache2::passenger ? Marc --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: trouble with passenger and 0.25.0beta2
Hello, > The backtrace shows you're using passenger 2.2.1, try removing that > gem and reinstalling 2.2.2. Thanks for pointing that out, John ! The sort of obvious thing I tend to zap when obnubilating over a problem... So I finally sorted this out. After reinstalling passenger 2.2.2, I got the same error as with 2.2.4: http://pastie.org/547061 And as I initially suspected, it indeed was a path related problem. When putting this in my config.ru: $:.push('/srv/puppet/lib') I obtain thee following RUBYLIB search path: ["/usr/lib/ruby/gems/1.8/gems/passenger-2.2.2/vendor/rack-1.0.0-git/lib", "/usr/lib/ruby/gems/1.8/gems/passenger-2.2.2/lib", "/usr/lib/ruby/gems/1.8/gems/passenger-2.2.2/ext", "/usr/lib/ruby/gems/1.8/gems/fastthread-1.0.7/bin", "/usr/lib/ruby/gems/1.8/gems/fastthread-1.0.7/lib", "/usr/lib/ruby/gems/1.8/gems/fastthread-1.0.7/ext", "/usr/lib/ruby/site_ruby/1.8", "/usr/lib64/ruby/site_ruby/1.8", "/usr/lib64/ruby/site_ruby/1.8/x86_64-linux", "/usr/lib/ruby/site_ruby", "/usr/lib64/ruby/site_ruby", "/usr/lib64/site_ruby/1.8", "/usr/lib64/site_ruby/1.8/x86_64-linux", "/usr/lib64/site_ruby", "/usr/lib/ruby/1.8", "/usr/lib64/ruby/1.8", "/usr/lib64/ruby/1.8/x86_64-linux", ".", "/srv/puppet/lib"] And I had an RPM based puppet-0.24.8 installed in /usr/lib/ruby/site_ruby/1.8/puppet which got used instead of 0.25.0beta2 in /srv/puppet/lib... The workaround I used was to put this in my config.ru instead: $:.insert(0, '/srv/puppet/lib') which sets RUBYLIB as so: ["/srv/puppet/lib", "/usr/lib/ruby/gems/1.8/gems/passenger-2.2.2/blabla... I now have a few ssl-cert & permission related problems which are probably easy to figure out. Conclusion: - passenger 2.2.2 seems to currently be the only option - watch out when different puppet versions live on the same host Thanks for you help folks ! Marc --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Change Management Practices.
Hi, > In the course of training and consulting with Puppet, the question of > change management best practices has come up over and over again. On > the edges, we have small teams that can get away with simply version > controlling their code using an SCM as an incremental backups while > rolling out change in a fairly adhoc fashion and larger teams that > need branches, QA, and DEV environments, and perhaps even separate > repositories for each module. There is also the issues of roll back > and testing. We are curious how the community approaches these > problems in hopes of developing some best practices. So what do you > guys/gals do? Here we don't (yet) have different code bases for production and development, but are considering it. Instead, we each have a clone of the manifests in our home-dirs and test new stuff by running: puppetd -t --environment on relevant dev machines, then push/pull the changes into the central repository on the puppetmaster once everything seems ok. As we have different puppetmaster servers (more or less one for each customer), we try to share the most we can by putting almost everything in modules, stored in seperate repositories on github. Then using git-submodule (currently testing git-subtree [1] as a replacement) to glue them all together in one big repository on each puppetmaster. This forces us to write cross-platform manifests, in a "one application = one module" fashion. Marc [1] http://github.com/apenwarr/git-subtree/tree/master --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Yum issues
Hello, > We have majority of RHEL5 servers in our environment. I have noticed > in the process of trying to deploy puppet, that i am getting errors > when yum is trying to install packages. Most of the time it works > flawlessly, however sometime the following will be reported: > [...] > Does anyone have any information as to what is going wrong here? Or > what can be done to stop this from happening. The repo's i am using > are local mirrors I have configured for our company. If you're not using redhat-network. It's probably an idea to put: [main] enabled = 0 in your /etc/yum/pluginconf.d/rhnplugin.conf The only fact that yum won't try to log into RHN each time it gets run might be enough to solve your issue. Marc --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: tidying up
Hello, > I've got a nice little VirtualBox test VLAN with a puppetmaster and 3 > nodes, and I use it for trying out new classes before they go to the > real puppetmaster for testing. > > After a few months of playing around, my poor little puppets are > running all sorts of rubbish; NFS, networked syslog, mysql, apache, > etc. This is entirely my fault, because I just 'unapply' my modules > from the nodes. > > What's the 'best' way to 'deapply', or clear out a resource/class in > Puppet? Do people generally just edit your manifests along the lines > of change 'ensure => present' to 'ensure => absent'? > > Re-Kickstarting is always an option, I suppose ... :) On my test/sandbox machines, I usually setup a single root partition on an LVM volume, then patch /sbin/mkinitrd to make it create an LVM snapshot and mount it instead of the "original" root partition. This way, I just have to reboot the system to "reset" it's state to what it was just after the installation. I believe virtualbox has a disk snapshot functionality, which doesn't require tinkering with mkinitrd. Marc --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] puppet with zypper
hi there i'd like to manage my opensuse 11.1 systems with puppet and zypper. the requirements are the manage the repos and install packages. the only thing i found is the zypper.rb on http://projects.reductivelabs.com/attachments/393 which i copied to /usr/lib/ruby/1.8/puppet/provider/package but i don't understand how to use this zypper provider. what are the names of the valid names of resource type and the valid parameters with there values! thanks. marc --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] puppet @openexpo in Switzerland
Hi, Next wednesday and thursday, a few puppeteers will hold a small booth at OpenExpo in Winterthur¹. If you're somewhere around northern Switzerland/southern Germany/western Austria, you may want to drop by and exchange a few ideas with us. If you're new to puppet, we'll have a couple of demos running and will be glad to explain how all this stuff works ! Hope to see you soon ! ¹http://www.openexpo.ch/openexpo-2009-winterthur/open-source-projekte/#c1132 --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Puppet Camp Schedule Posted
> (I'm working angles to see if we can get presentations > streamed/recorded. +1 for this idea :-) --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: managing debian alternatives
Hello, > there any reason not to configure debian alternatives this way? > > file { > "/etc/alternatives/java": > ensure => "/usr/lib/jvm/java-6-sun/jre/bin/java"; > } I do the same thing this way: exec { "update-java-alternatives --set java-6-sun": unless => 'test $(readlink /etc/alternatives/java) == "/usr/lib/jvm/java-6-sun/jre/bin/java"', require => Package["sun-java6-bin"], } But for alternatives other than java, it probably is fine to do as you describe. Marc --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Puppetmaster config
Douglas, > I'm getting really really frustrated with puppet. I also had a tough time configuring the client and the server part on the same host. I finally settled down to completely seperate the 2, by starting puppetmaster with "--confdir=/etc/puppetmaster". I then have a super simple puppetmaster setup: $ find /etc/puppetmaster/ /etc/puppetmaster/ /etc/puppetmaster/fileserver.conf /etc/puppetmaster/manifests /etc/puppetmaster/facts /etc/puppetmaster/puppet.conf And /etc/puppetmaster/puppet.conf basically breaks down to: [main] vardir = /var/lib/puppetmaster logdir = /var/log/puppetmaster rundir = /var/run/puppetmaster ssldir = $vardir/ssl # puppetmaster needs to read plugins run by clients libdir = /var/lib/puppet/lib environments = prod,test,dev [puppetmasterd] storeconfigs = true dbadapter = mysql ... ... environment configuration follows ... This way I have all the puppet-server stuff in /{etc,var/lib,var/log,var/run}/puppetmaster/ and all the puppet-client stuff in /{etc,var/lib,var/log,var/run}/puppet/ Hope this helps ! Marc --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Problem distributing facts/or debugging
> but the other article is quite interesting because I > was going to use the enviroment for customers .. so instead of > development I would use customer01 Beware that distributing facts and libs in modules doesn't work from environments before 0.25. Marc --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: question regarding case and facts
You can do: case "$factA$factB" { } Or even better, assign them to a new variable: $concatenatedFacts = "$factA$factB" case $concatenatedFacts { } Or if it makes it cleaner for your specific implementation, you may want to check $factA, then have a nested if statement to check $factB. On Feb 13, 5:43 am, Stefan Wiederoder wrote: > Hi group, > > is it possible to AND different facts using a case? > > for example: factA is "BL460c" and factB is "G6", then AND (=concat) > the two arguments: > > case $factA.$factB: { > "BL460cG1" :{ notify {"G1":} } > "BL460cG6" :{ notify {"G6":} } > "BL460cG7" :{ notify {"G7":} } > > } > > thanks, > Stefan -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: overriding parts of a collection of defined resources
I have a couple pointers that may help you. - The default user and group is root. - You can set type defaults like this: File { user => "root", group => "root"} and if you put this in a class, it only applies to the class. If you put it in site.pp, it applies globally. - You can define multiple resources in the same declaration separated by a semi-colon. i.e. file { "/etc/passwd": source => "..."; "/etc/ group": source => "..."} Hopefully these allow you to speed things up a bit. On Feb 19, 12:43 am, David wrote: > Hi- > > Being relatively new to the language, I find myself in a situation where it > seems like there must be an elegant way to handle this situation using the > DSL, but I'm not really certain what it could be. > > I'm trying to describe a configuration that contains 20-30 or so file { } > resources, all with the same attributes except for their mode and source. I > could write them all out explicitly like this: > > file { '/etc/passwd': > uid => root, > gid => root, > mode => 0644, > source => 'puppet:///modulename/etc/passwd',} > > ... > file { '/var/lib/someotherfile': > uid => root, > gid => root, > mode => 0400, > source => 'puppet:///modulename/var/lib/someotherfile', > > } > > but that seems unnecessarily repetitive. I originally started down the path > of writing something like this (ignore the difference in the mode attribute > for a moment): > > file { [ '/etc/passwd', ... , '/var/lib/someotherfile' ]: > uid => root, > gid => root, > mode => 0400, > source => "puppet:///modules/modulename/${title}", > > } > > but this bug:http://projects.puppetlabs.com/issues/5259 > and this mailing list discussion: > https://groups.google.com/d/topic/puppet-users/bj_uPi_WxC4/discussion > > helped me understand that that attempting to reference the title attribute > (the file's namevar) would never work and I would have to use a defined > resource instead. Taking Nan's advice in that thread, I then wrote: > > define basefiles::conf($mode){ > $serversource = 'puppet:///modules/modulename' > > file { "${name}": > source =>"${serversource}/${name}", > owner => root, > group => root, > mode => "${mode}" > } > > } > > basefiles::conf { '/etc/passwd:' mode => 0644 } > ... > basefiles::conf { '/var/lib/otherfile:' mode => 0400 } > > and that's all groovy. The manifest looks concise and readable. > > But here's where I stare at a tree and get lost in the forrest: the > manifest I'm writing contains my base list of files. On some of my > machines, I will want to override that base and substitute a different copy > of one or two files from that list (e.g. I will want a different > /etc/passwd put in place). > > Further research leads me to this discussion of overriding defined > resources and the futility of trying: > > https://groups.google.com/d/topic/puppet-users/SDa1F817UBA/discussion > > That discussion leads me to believe it isn't possible to override defined > resources in the same way you might with a class. That makes me think I > have to either: > a) move the files I might want to override out to their own separate > class or > b) add some logic to the resource definition to do something magical for > certain invocations > > Both of these options seem icky to me because it means the base module has > to be coded in such a way that it has some specific knowledge about when > and how it might be overridden. That feels like bad coding mojo to me. > > So, is there a concise way to describe a collection of file resources, yet > be able to override parts of that collection definition in an equally > elegant fashion? My instinct says there must be (and it is probably > palm-meets-forehead simple), but I can't seem to determine what that might > be. Thanks for any help you can offer! > > -- dNb -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet Sites. Your thoughts?
Does this require that a human being has to be in the loop every time a node joins the site? How would one automate 100% the provisioning of new hosts? With the current system, I can turn on auto-sign and have some simple rules for which nodes I will accept, and trust in the knowledge that I have already ensured my network is secure enough to accept the risk of auto-signing. With that, I can automatically take a bare-metal server, and provision it all the way up to taking traffic without having anyone else involved. From the example above, having to generate the key on the master before I can provision puppet on the node seems to make that much more difficult. Also, it would be good if you specify the issues that Sites is trying to solve in more detail. From my viewpoint, I don't have any issues with the current CA-based model. So I'm struggling to understand what you are trying to "fix". I'm sure I'm not alone, and I am assuming that I missing some details, so putting a more detailed description of the problems that the community is encountering, and how Sites would solve those would help with the discussion. On Thursday, May 10, 2012 2:34:14 PM UTC-4, Daniel Sauble wrote: > > On Thursday, May 10, 2012 10:39:22 AM UTC-7, windowsrefund wrote: >> >> >> On May 10, 12:44 pm, Daniel Sauble wrote: >> > >> >- Securely add nodes to your deployment without manually signing >> >certificates on the CA... >> > - ...so that you can have the advantages of autosigning without >> its >> > security problems. >> > >> >> I'm about to engage on a similar effort and was thinking of writing a >> puppet face to handle this job. Can you elaborate on the work flow and >> solution you're thinking about? >> > > We're looking to implement a Puppet Face to address this need. The > workflow currently looks like: > > >1. Login to the site host >2. Generate a pre-shared key >3. Join a node to the site using the pre-shared key >4. Repeat step 3 for every node you want to add to the site > > > From the command-line, this workflow might be represented as the following: > * > node02$ ssh ad...@site02.domain.com > Last login: Mon May 7 18:15:43 2012 > site02$ mount /media/usbdisk > site02$ puppet site generate key > /media/usbdisk/site.key > site02$ umount /media/usbdisk > site02$ exit > node02$ mount /media/usbdisk > node02$ puppet node join site02.domain.com < /media/usbdisk/site.key > Trying to add node02.domain.com to the site at site02.domain.com... > > Use `puppet site status node02.domain.com` to confirm success > > To stop waiting for the command to complete, press Ctrl-C. > > The command will still complete in the background. > Added node02.domain.com to the site at site02.domain.com* > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/8pW3iqUnj4MJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.