Re: [Puppet Users] Ruby Class or other API for controlling puppet/mcollective
Not knowing your entire goal but what you could use is the mcollective-client gem in your rails application and have the puppet mcollective agent, which PuppetLabs made, and you can run puppet related commands like you would with puppet resource. So right now you can do something like puppet resource user root and it will return back the definition how it would look in puppet. You can also make changes, using the previous example, by adding on in the command the property fields in key=value format (e.g. puppet resource user root password='password') On Wed, Jun 19, 2013 at 4:47 AM, bjoern pohl pohlbjo...@googlemail.comwrote: HI, i'm currently trying to develop a task-driven rails-based frontend for some tasks that puppet/mcollective is doing in the background ( basically some user-management and some asset queries...). But i'm currently stuck at finding some puppet/mcollective API classes for ruby. (you'll only find results for using ruby within puppet, which is of course more obvious). Is there anything besides the depreciated DSL API and the http REST interface? thanks best regards, Björn -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] How to manually create Puppet CA and client certificates using openssl?
I think you're missing what I'm trying to convey. When you run via Apache or Nginx you are doing SSL termination at the apache and forwarding the requests to a puppetmaster application if you use say passenger. Its not so different than an F5. While I'm not giving you exact details on how to do it I'm giving you enough information to know its possible. The value of ca_server defaults to puppet, that means the certificate of the server it connects to must have that name in the cert and the DNS must match. When you start up the first puppet master, the CA server and not with mod_passenger, it will auto-generate the CA cert because the value of ca defaults to true if its not otherwise specified in the puppet conf. Essentially each puppet master that isnt the CA server is basically just a puppet client meaning when it does its first run it will generate a key, csr, and then try to connect to puppet. You dont actually need a cert for a puppet master if you do the ssl termination at the load balancer. I provided a copy of my apache conf used for a puppetmaster. As long as the puppetmasterd rack is installed it will function as a puppetmaster with that config. You need to generate a signed certificate from the CA for the load balancer dns. Lets say your DNS for one pool is puppetpool01.example.com, that is the cert name you need to generate and install on the apache/nginx load balancer. You need to also configure the load balancer to validate the ssl cert from the client against the CA. Specific parameters need to be passed to puppet, which is specified in the apache conf below. In each puppet master that is load balanced in its conf file in the master section you need to put these two lines ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY You want to go the mod_passenger route then you can do ssl termination otherwise to do the tcp proxy is a real pain in the ass (been there, done that, never again). Below is an example of my apache conf where the communication is unencrypted because of the ssl termination at the load balancer. As long as the cert on the load balancer is signed by the CA and you set it up to pass the correct headers if the SSL cert is validated against the CA then you do not need multiple CA's. That way this setup you can revoke a certificate from one place instead of trying to figure out which CA you need to revoke it from. In each of my datacenters I have at the very minimum two F5 VIPs that go to 4 different puppet masters each with one common CA. I have at the current moment 6 datacenters, meaning I have 25 puppetmasters (24 servers, 1 CA). Hopefully this clarifies the point I am conveying. I know my apache configs, specifically for mod_passenger, might need tweaking but this actually works really good. Also if you pick up one of the puppet books, I forget which one exactly, they actually tell you how do the proxying with apache in a similar fashion to what I explained. # Apache Conf # Listen 18140 PassengerHighPerformance on PassengerMaxPoolSize 12 PassengerPoolIdleTime 30 PassengerMaxRequests 10 PassengerStatThrottleRate 120 PassengerUseGlobalQueue on RackAutoDetect On RailsAutoDetect On VirtualHost *:18140 ServerName ppm001.example.com DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/ RackBaseURI / Directory /usr/share/puppet/rack/puppetmasterd/public/ Options None AllowOverride None Order allow,deny allow from all /Directory SetEnvIf X-SSL-Subject (.*) SSL_CLIENT_S_DN=$1 SetEnvIf X-Client-Verify (.*) SSL_CLIENT_VERIFY=$1 SetEnvIf X-Forwarded-For (.*) REMOTE_ADDR=$1 SetEnvIf X-Forwarded-Proto https HTTPS=1 LogLevel error ErrorLog |/usr/sbin/cronolog /var/log/httpd/puppetmaster_error_log.%Y%m%d -l /var/log/httpd/puppetmaster_error_log CustomLog |/usr/sbin/cronolog /var/log/httpd/puppetmaster_access_log.%Y%m%d -l /var/log/httpd/puppetmaster_access_log combined /VirtualHost # On Thu, Feb 21, 2013 at 9:36 AM, spankthes...@gmail.com wrote: Dear Matt, On Wednesday, February 20, 2013 10:39:51 PM UTC, Matt wrote: I run an F5 load balancer with SSL termination at the F5 and I dont need to put the CA cert anywhere except the F5. The actual CA signs the certs. The CA cert is only really used to authenticate the client cert. This gives the appearance to my puppet clients that I only have one puppet master when in actuality I have around 4-5 per VIP. Unfortunately, I dont have F5 available and all I can have is software based load balancing, either in form of Haproxy (most probably) or Nginx (less probably). As for your last part I'm not really seeing how you think you would need a puppetmaster per user. As one puppetmaster can use one CA at a time to sign/revoke certificates, if you'd have multiple users, you would need multiple puppetmasters,
Re: [Puppet Users] How to manually create Puppet CA and client certificates using openssl?
Oh and to add to my message. The benefit of this is there is no tomfoolery with multiple CAs and the confusion that will cause. If the concern is about letting one puppet client connect to two different pools then you can limit who can retrieve their catalog either through the auth.conf or directives via apache/nginx directives. The only time a new CA would be required is if you cant isolate via auth.conf or apache/ngnix and that would depend on the topology of your network. If you are concerned with a rogue server then you have autosign off then this is less of a issue because you actually have to authorize, by signing the certificate, the client to connect to any puppet master/pool signed by the CA. On Fri, Feb 22, 2013 at 10:31 AM, Matthew Black mjbl...@gmail.com wrote: I think you're missing what I'm trying to convey. When you run via Apache or Nginx you are doing SSL termination at the apache and forwarding the requests to a puppetmaster application if you use say passenger. Its not so different than an F5. While I'm not giving you exact details on how to do it I'm giving you enough information to know its possible. The value of ca_server defaults to puppet, that means the certificate of the server it connects to must have that name in the cert and the DNS must match. When you start up the first puppet master, the CA server and not with mod_passenger, it will auto-generate the CA cert because the value of ca defaults to true if its not otherwise specified in the puppet conf. Essentially each puppet master that isnt the CA server is basically just a puppet client meaning when it does its first run it will generate a key, csr, and then try to connect to puppet. You dont actually need a cert for a puppet master if you do the ssl termination at the load balancer. I provided a copy of my apache conf used for a puppetmaster. As long as the puppetmasterd rack is installed it will function as a puppetmaster with that config. You need to generate a signed certificate from the CA for the load balancer dns. Lets say your DNS for one pool is puppetpool01.example.com, that is the cert name you need to generate and install on the apache/nginx load balancer. You need to also configure the load balancer to validate the ssl cert from the client against the CA. Specific parameters need to be passed to puppet, which is specified in the apache conf below. In each puppet master that is load balanced in its conf file in the master section you need to put these two lines ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY You want to go the mod_passenger route then you can do ssl termination otherwise to do the tcp proxy is a real pain in the ass (been there, done that, never again). Below is an example of my apache conf where the communication is unencrypted because of the ssl termination at the load balancer. As long as the cert on the load balancer is signed by the CA and you set it up to pass the correct headers if the SSL cert is validated against the CA then you do not need multiple CA's. That way this setup you can revoke a certificate from one place instead of trying to figure out which CA you need to revoke it from. In each of my datacenters I have at the very minimum two F5 VIPs that go to 4 different puppet masters each with one common CA. I have at the current moment 6 datacenters, meaning I have 25 puppetmasters (24 servers, 1 CA). Hopefully this clarifies the point I am conveying. I know my apache configs, specifically for mod_passenger, might need tweaking but this actually works really good. Also if you pick up one of the puppet books, I forget which one exactly, they actually tell you how do the proxying with apache in a similar fashion to what I explained. # Apache Conf # Listen 18140 PassengerHighPerformance on PassengerMaxPoolSize 12 PassengerPoolIdleTime 30 PassengerMaxRequests 10 PassengerStatThrottleRate 120 PassengerUseGlobalQueue on RackAutoDetect On RailsAutoDetect On VirtualHost *:18140 ServerName ppm001.example.com DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/ RackBaseURI / Directory /usr/share/puppet/rack/puppetmasterd/public/ Options None AllowOverride None Order allow,deny allow from all /Directory SetEnvIf X-SSL-Subject (.*) SSL_CLIENT_S_DN=$1 SetEnvIf X-Client-Verify (.*) SSL_CLIENT_VERIFY=$1 SetEnvIf X-Forwarded-For (.*) REMOTE_ADDR=$1 SetEnvIf X-Forwarded-Proto https HTTPS=1 LogLevel error ErrorLog |/usr/sbin/cronolog /var/log/httpd/puppetmaster_error_log.%Y%m%d -l /var/log/httpd/puppetmaster_error_log CustomLog |/usr/sbin/cronolog /var/log/httpd/puppetmaster_access_log.%Y%m%d -l /var/log/httpd/puppetmaster_access_log combined /VirtualHost # On Thu, Feb 21, 2013 at 9:36
Re: [Puppet Users] How to manually create Puppet CA and client certificates using openssl?
I think you're trying to over complicate the situation here. Yes its a single point of failure but unfortunately that is not going to change anytime between now and maybe 6 months. You do not need multiple CAs to use multiple puppet masters. The client needs to have the setting ca_server set to the Puppet Master that is the CA. You need to configure that Puppet master with ca = true. The puppet masters you create need to be configured with ca = false. You can have 300 different puppet masters and each client can connect to the different ones as needed. If you need to limit which clients can connect to which puppet masters then you should look at the auth.conf file. As for a web interface around certificate signing, when each client connects into the CA it will submit its request and if autosign is turned off it should be setup to wait for certificate. The web interface can be a wrapper around the puppet cert face so you can get a list of certificates signed and whats waiting to be signed. You can even set it up to revoke or clean out a certificate. You do not need to call to the command line to do this either, you can interface with the puppet api from rubygems. On Tue, Feb 19, 2013 at 3:15 PM, spankthes...@gmail.com wrote: Dear Felix, I think you're getting it wrong, let me clarify it a bit. The goal of this is to be able to write web interface for generating puppetmasters CA's and client certificates on demand. An example: install 3 puppetmasters with loadbalancer in front. Use web interface to generate CA and certificates for chosen clients (lets say, 10 machines). Deploy such generated CA's on puppetmasters, and relevant bits on puppet clients to authorize them against these puppetmasters. Whenever there's need for change, use that CA via web interface to add and delete client certificates, redeploy them on puppetmasters and so on. This, while doable via Subprocess functions (Python is the language of choice for me, but that doesnt really matters) and calls to relevant puppet system commands is extremely ugly and not flexible solution. I would love to do it via openssl library, but to do so, I'd need to have a workable way to build CA's and sign (and revoke) client certs via openssl command - so far I cant reach that goal. I hope this makes more sense now. Regards, S. On Tuesday, February 19, 2013 4:04:32 PM UTC, Felix.Frank wrote: On 02/16/2013 12:20 PM, spankt...@gmail.com wrote: after creating CA and client cert and applying them to puppetmaster, it complains with: Wait, what? You create a new CA, even after agents have already been certified, then create new agent certificates? If your CA changes, you will have to terminate all the (now deprecated) agent certificates and sign new certificates for all agents. Basically, I would expect the outcome you are observing, and you should just follow the instructions given in your log excerpt. Note that you are *not* supposed to remove the CA from the master, only the copy of the agent's certificate. HTH, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] How to manually create Puppet CA and client certificates using openssl?
I run an F5 load balancer with SSL termination at the F5 and I dont need to put the CA cert anywhere except the F5. The actual CA signs the certs. The CA cert is only really used to authenticate the client cert. This gives the appearance to my puppet clients that I only have one puppet master when in actuality I have around 4-5 per VIP. As for your last part I'm not really seeing how you think you would need a puppetmaster per user. On Wed, Feb 20, 2013 at 2:59 PM, spankthes...@gmail.com wrote: Dear Matt, On Wednesday, February 20, 2013 5:41:11 PM UTC, Matt wrote: I think you're trying to over complicate the situation here. Yes its a single point of failure but unfortunately that is not going to change anytime between now and maybe 6 months. I am aware of that, and I am fine with that. You do not need multiple CAs to use multiple puppet masters. The client needs to have the setting ca_server set to the Puppet Master that is the CA. You need to configure that Puppet master with ca = true. The puppet masters you create need to be configured with ca = false. You can have 300 different puppet masters and each client can connect to the different ones as needed. The thing is, the puppetmasters are exposed to puppet clients via loadbalancer, so they actually appear as one puppetmaster, therefore, they all need to have the same CA installed. If you need to limit which clients can connect to which puppet masters then you should look at the auth.conf file. As for a web interface around certificate signing, when each client connects into the CA it will submit its request and if autosign is turned off it should be setup to wait for certificate. The web interface can be a wrapper around the puppet cert face so you can get a list of certificates signed and whats waiting to be signed. You can even set it up to revoke or clean out a certificate. You do not need to call to the command line to do this either, you can interface with the puppet api from rubygems. That, again, would require running puppetmaster per user, something I really, really want to avoid. On Tue, Feb 19, 2013 at 3:15 PM, spankt...@gmail.com wrote: Dear Felix, I think you're getting it wrong, let me clarify it a bit. The goal of this is to be able to write web interface for generating puppetmasters CA's and client certificates on demand. An example: install 3 puppetmasters with loadbalancer in front. Use web interface to generate CA and certificates for chosen clients (lets say, 10 machines). Deploy such generated CA's on puppetmasters, and relevant bits on puppet clients to authorize them against these puppetmasters. Whenever there's need for change, use that CA via web interface to add and delete client certificates, redeploy them on puppetmasters and so on. This, while doable via Subprocess functions (Python is the language of choice for me, but that doesnt really matters) and calls to relevant puppet system commands is extremely ugly and not flexible solution. I would love to do it via openssl library, but to do so, I'd need to have a workable way to build CA's and sign (and revoke) client certs via openssl command - so far I cant reach that goal. I hope this makes more sense now. Regards, S. On Tuesday, February 19, 2013 4:04:32 PM UTC, Felix.Frank wrote: On 02/16/2013 12:20 PM, spankt...@gmail.com wrote: after creating CA and client cert and applying them to puppetmaster, it complains with: Wait, what? You create a new CA, even after agents have already been certified, then create new agent certificates? If your CA changes, you will have to terminate all the (now deprecated) agent certificates and sign new certificates for all agents. Basically, I would expect the outcome you are observing, and you should just follow the instructions given in your log excerpt. Note that you are *not* supposed to remove the CA from the master, only the copy of the agent's certificate. HTH, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com. To post to this group, send email to puppet...@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are
Re: [Puppet Users] Run Puppet Against Master with Local node.pp Manifest?
You would not need to pull the entire SVN, puppet modules, to test out one specific module. The only time you would need to have multiple modules is if there is inter-dependency. You do not need to setup a new puppet master or upload files to the puppet master if your purpose is to test out a new or update module (puppet apply wont talk to the puppet master). Even if you have custom facts, functions, providers, and types they would be executed just the same in puppet apply with the module just like they would on the master. On Thu, Feb 14, 2013 at 5:14 AM, Ralph Bolton ra...@coofercat.com wrote: Pulling our whole puppet master from SVN is indeed an option. It seems like a bit of work, but it's possible. The issue of trying to unit test a puppet install seems to be somewhat addressed by the Puppet solution, although I could see that we could either poke a node.pp manifest onto the real Puppet Master and then run puppet apply on our test VM, or else build a 'fake' Puppet Master in the manner you suggest. I guess I could do that on a build box, and then have the it spin up a VM, and have the VM just puppet off the build box. I see a great deal of funky scripting in my future ;-) Thanks everyone for your suggestions - it's all been very helpful. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Certificate verify fails without indications
What is the versions of the puppet are being used on the client and the server? Assuming master is running on Linux, what distro and release is the master running on? I suspect the openssl might be the issue on the client. On Wed, Feb 13, 2013 at 7:59 AM, Luigi Martin Petrella luigimartin.petre...@gmail.com wrote: Felix, why do you think the problem is related to the --waitforcert option? I tryied to run puppet agent -t --waitforcert 100 , and after signing the request on master, on agent I receive this message: Error: Could not request certificate: Unsupported digest algorithm (SHA256). Error: Failed to apply catalog: Unsupported digest algorithm (SHA256). Error: Could not send report: SSL_CTX_use_PrivateKey:: key values mismatch On 13 February 2013 13:15, Felix Frank felix.fr...@alumni.tu-berlin.de wrote: On 02/11/2013 10:51 PM, Jo Rhett wrote: All cert problems are either time sync or certificate name issues. So it's one of those two. A bold assertion. It may hold true as far as puppet is concerned, though. I generally advise to take the time and lern about x509 and openssl's interface, so one can inspect the actual certificates in question. Exiting; no certificate found and waitforcert is disabled| Hmm, so did you *ever* use --waitforcert on your agent side? If you haven't, that's your problem right there. HTH, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Certificate verify fails without indications
Yes because as part of the fix it checks on the CA, when its signing the cert, whether it can support 256 or not. If it does not it drops down to a lower SHA. If you look at the pull request that is part of the ticket, specifically the changes. If you scroll down to the certificate_signer.rb change it will make more sense. https://github.com/puppetlabs/puppet/pull/1413/files On Wed, Feb 13, 2013 at 10:37 AM, Luigi Martin Petrella luigimartin.petre...@gmail.com wrote: Matthew, you are right, this explain ALMOST everything Puppet is using the Solaris-provided OpenSSL as part of the Ruby install in this case, which runs version 0.9.7 with patches and doesn’t support sha256. I don’t mind the idea of compiling 1.0.x but the issue still seems to stand that you can’t choose the digest method anymore – there is an apparent use of SHA256 regardless of what option you choose. But If I use as master RH4 with openssl-lib 0.9.7 I have no problem connecting the others RH4 nodes. This means tha Puppet don't use always SHA256, but only If it is available from openssl library. Right? So, there are two ways (one harder then the other for me) to solve the issue at openssl level: 1. install opensslib rpm for RH5 on RH4 (but there are a lot of missing dependencies) 2. downgrade openssl lib on Centos 6.3 master from 1.0.0 to 0.9.7 ??? Since --digest option won't work, is there any other way to force puppet not to use SHA256?? On 13 February 2013 16:16, Matthew Black mjbl...@gmail.com wrote: I think this issue is related to your issue since the version discussed is 0.9.7. http://projects.puppetlabs.com/issues/17295 What you will need to do is more than likely is update the openssl on the agent. I dont think it will work too well but you can try to take the srpm from rhel 5 or 6 and build it for rhel 4 On Wed, Feb 13, 2013 at 8:31 AM, Luigi Martin Petrella luigimartin.petre...@gmail.com wrote: Master: Centos 6.3 , Puppet 3.1.0 Ubuntu, Puppet 3.1.0 Agent: Redhat 4, Puppet 3.1.0 Yesterday something strange happened: we tryied to connect RedHat agent with a Puppet Enterprise Master on Centos 6.3, and there wasn't any certificate problems and everything worked. Today we are trying with the same configuratione, but It appeared the same validation errore described before On 13 February 2013 14:12, Matthew Black mjbl...@gmail.com wrote: What is the versions of the puppet are being used on the client and the server? Assuming master is running on Linux, what distro and release is the master running on? I suspect the openssl might be the issue on the client. On Wed, Feb 13, 2013 at 7:59 AM, Luigi Martin Petrella luigimartin.petre...@gmail.com wrote: Felix, why do you think the problem is related to the --waitforcert option? I tryied to run puppet agent -t --waitforcert 100 , and after signing the request on master, on agent I receive this message: Error: Could not request certificate: Unsupported digest algorithm (SHA256). Error: Failed to apply catalog: Unsupported digest algorithm (SHA256). Error: Could not send report: SSL_CTX_use_PrivateKey:: key values mismatch On 13 February 2013 13:15, Felix Frank felix.fr...@alumni.tu-berlin.de wrote: On 02/11/2013 10:51 PM, Jo Rhett wrote: All cert problems are either time sync or certificate name issues. So it's one of those two. A bold assertion. It may hold true as far as puppet is concerned, though. I generally advise to take the time and lern about x509 and openssl's interface, so one can inspect the actual certificates in question. Exiting; no certificate found and waitforcert is disabled| Hmm, so did you *ever* use --waitforcert on your agent side? If you haven't, that's your problem right there. HTH, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe
Re: [Puppet Users] semi-standalone puppet mode
Without fully understanding your modules and how they interact you can always take a copy of the site manifest and modules with the node and then do something like this puppet apply /etc/puppet/manifests/site.pp --modulepath=/etc/puppet/modules I typically do something similar when testing a module without a puppet master. On Tue, Feb 12, 2013 at 8:03 AM, Ivan Lysov ivanm...@gmail.com wrote: Hi All! I do manage some hosts with puppet and it's pretty great. But among those hosts htere are some boxes that are sometimes taken away from my network, used for demonstrations somewhere outside and return back. And I want puppet to manage those hosts even when they are away and alone. And of course I want them to fetch the latest catalogs on the moment they appear in domestic network. I even wrote an ugly script that does something like puppet catalog download and then apply on every boot, but this is ugly, smells and obviousless. Had somebody invented something like that and how? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Run Puppet Against Master with Local node.pp Manifest?
You should be versioning all your puppet manifests and modules. You can then write a simple script to pull down the changes. Once you have the files you can have the manfiests and modules folder look exactly like the puppet master and then type something like this to test. puppet apply /etc/puppet/manifests/site.pp If you want to test one module you can create that node.pp file, which imports the module. You will need to create a modules directory and place your module in that directory then type from command line puppet apply /path/to/node.pp --modulepath=/path/to/modules/dir Ensure that modulepath is to the modules directory you created and not the module itself. On Tue, Feb 12, 2013 at 5:35 AM, Ralph Bolton ra...@coofercat.com wrote: Thanks for the suggestion. I did wonder about copying all the modules and configs off the Puppet Master onto the test box. My concern is really just about keeping that lot up to date, and most importantly to make sure that it behaves the same as it would do if it came from the Master. It could be done this way, but I'm worried it seems simple now, but will turn into a headache later on. If this is the only way to do it, then I guess I'll just have to suck it up :-( This might sound daft, but where's the security issue? If I'm root on a box, and I want to do some wacky install on it, then I already can, regardless of what Puppet thinks. This wouldn't allow me to change anything on the Puppet Master, so I wouldn't be able to alter any boxes except the one I'm on. What additional concern would there be for having this as a feature? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Module to add another puppetmaster?
Never used Netscalers but if its just as simple as adding a server to a pool like on the F5 device its something that can be given to a NOC or L2 resources to do. On Thu, Dec 27, 2012 at 10:27 PM, Tom Fox tom...@gmail.com wrote: Thanks. Good point about the cert. Unfortunately Netscalers are the standard in my environment and to the best of my knowledge there is no love from puppet for them so pool management will still require some key pressing. Matthew Black wrote: The fastest way to rapidly scale is to have SSL terminated at the load balancer so you do not need to update the the ssl certificate. The configuration to do it depends on what is being used for the load balancer. If you are using an F5 LTM then you can easily handle the SSL termination at the F5 and add new puppet servers to the pool with the F5 module from puppetlabs. If you are using Apache then you would follow the same principle with the SSL terminated at the Apache load balancer. If you use mod_passenger you are already terminating SSL at the Apache layer so its not too different at that point. On Thu, Dec 27, 2012 at 2:08 PM, Tom Fox tom...@gmail.com wrote: I'm working on getting my system setup for rapid scaling. Without resorting to some ugly hacks what is the preferred method of adding more puppetmasters? My puppetmasters sit behind a load balancer vip so the certificate needs to be updated when I add a puppetmaster. Does anyone have a module written for this already? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Module to add another puppetmaster?
The fastest way to rapidly scale is to have SSL terminated at the load balancer so you do not need to update the the ssl certificate. The configuration to do it depends on what is being used for the load balancer. If you are using an F5 LTM then you can easily handle the SSL termination at the F5 and add new puppet servers to the pool with the F5 module from puppetlabs. If you are using Apache then you would follow the same principle with the SSL terminated at the Apache load balancer. If you use mod_passenger you are already terminating SSL at the Apache layer so its not too different at that point. On Thu, Dec 27, 2012 at 2:08 PM, Tom Fox tom...@gmail.com wrote: I'm working on getting my system setup for rapid scaling. Without resorting to some ugly hacks what is the preferred method of adding more puppetmasters? My puppetmasters sit behind a load balancer vip so the certificate needs to be updated when I add a puppetmaster. Does anyone have a module written for this already? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] how to scale puppet with F5 load balancer?
The best I was able to do is when you generate the certificate for the puppet master you use dns alt names flag to specify the alternative names for the puppet master. That is the only way I was able to make it work in my environment with the F5. On Sat, Jul 7, 2012 at 6:17 PM, Hai Tao ehai...@gmail.com wrote: How can I configure F5 load balancer to be infront of multiple puppet masters? The SSL will break as the server name if different, hostname of the VIP on the LB vs hostnames of each masters, right? Can you shed some light? Thanks. -- Hai Tao -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Compiled catalog arount 70s
One more thing to keep in mind, the more templates you are compiling also adds to time. On Sat, Jan 28, 2012 at 11:11 AM, Antidot SAS antidot...@gmail.com wrote: Thx for answering, I really appreciated your investment, you gave some serious lead to search, I'll see on Monday and let you know if something comes up. As far as swapping, no sign on the server. On Fri, Jan 27, 2012 at 11:40 PM, jcbollinger john.bollin...@stjude.org wrote: On Jan 27, 11:10 am, Antidot SAS antidot...@gmail.com wrote: Here are the info you wanted: OS: Debian squeeze Puppet: installed from gem version 2.7.9 As I sayed the hardware is an old Poweredge SC1425 with 4 Xeon 2,8 Ghz with 2 Go of Memory Apparently the code is preety ugly since the compiled time is big, I have just share the code:https://github.com/jmauro/puppet-user The code is pretty, but very complicated, especially for the relatively simple job it seems to be trying to do. Clearly that code is not your first cut at this, so did older versions exhibit the same poor compile times? If you go back through your revision history, perhaps you can find the change that made compile times spike. Also, Brice's suggestion to check for swapping is a good one, especially because Puppet sometimes uses a lot of memory. Although your hardware is a bit old, it should be up to this task so long as it hasn't too many competing demands on it. Since your catalog eventually does compile, it might be useful to look at the result, available in YAML form. You might discover that it is a lot more complicated than you thought, and that would yield clues to what needs to be cut back. If all else fails, try disabling as much of the code as possible, then watch compilation times as you re-enable it bit by bit. I suspect that you will find some particular part that consumes the lion's share of the compilation time. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Database calls in puppet manifests
You can look into creating custom functions in ruby to pull back the data. Additionally you could create the manifests in ruby dsl. On Fri, Jan 6, 2012 at 10:25 AM, Jeff Sussna j...@ingineering.it wrote: (How) do folks handle situations where puppet variables need to be populated from dynamic database queries? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet for Oracle Enterprise Linux
Can you provide the resource defined in the error message? On Thu, Dec 1, 2011 at 8:38 PM, Douglas Garstang doug.garst...@gmail.com wrote: Finally got the dependancies sorted out, and on the first run on the client, I am seeing: Dec 1 20:37:35 ip-10-123-21-192 puppet-agent[2562]: Failed to apply catalog: Parameter ensure failed: Provider must have features 'versionable' to set 'ensure' to '9.5.3-1' at /etc/puppet/devmp/modules/openam/manifests/common.pp:9 I thought puppet on OEL was identical to Redhat? Don't see this error on redhat. Doug. On Thu, Dec 1, 2011 at 5:21 PM, Douglas Garstang doug.garst...@gmail.com wrote: Rayson, Thanks. Having all sorts of issues with that. Our server is running 2.6.2, which means that the client packages needs to have 2.6.2 or older, but when I try and install older versions of puppet, I get dependancy failures :( Doug. On Thu, Dec 1, 2011 at 4:37 PM, Rayson Ho raysonlo...@gmail.com wrote: There are only a few minor differences between RHEL, CentOS, and Oracle Linux... so if a package works on RHEL, then it also works on Oracle Linux. IIRC, if you point to the correct repo, you can even update Oracle Linux with CentOS repo. Further, Oracle has a public yum for Oracle Linux even for users not paying for the Oracle Unbreakable Linux Support subscription: http://public-yum.oracle.com/ BTW, Puppet Enterprise 2.0 officially supports Oracle Linux: http://docs.puppetlabs.com/pe/2.0/install_system_requirements.html Rayson = Grid Engine / Open Grid Scheduler http://gridscheduler.sourceforge.net/ Scalable Grid Engine Support Program http://www.scalablelogic.com/ On Thu, Dec 1, 2011 at 7:16 PM, Douglas Garstang doug.garst...@gmail.com wrote: My bad had to do a yum clean all. D'oh. On Thu, Dec 1, 2011 at 4:15 PM, Douglas Garstang doug.garst...@gmail.com wrote: Gonzalo, Nope. Ran: rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm and got the epel repo. Then I ran: $ yum repolist Loaded plugins: security http://epel.mirror.freedomvoice.com/5/x86_64/repodata/d7e9a86e48be583371a8d5a3055017b313dd6cc92d57147c6c8ee03b50a0312b-primary.sqlite.bz2: [Errno 14] HTTP Error 404: Not Found Trying other mirror. http://mirror.its.uidaho.edu/pub/epel/5/x86_64/repodata/d7e9a86e48be583371a8d5a3055017b313dd6cc92d57147c6c8ee03b50a0312b-primary.sqlite.bz2: [Errno 14] HTTP Error 404: Not Found Trying other mirror. http://ftp.linux.ncsu.edu/pub/epel/5/x86_64/repodata/d7e9a86e48be583371a8d5a3055017b313dd6cc92d57147c6c8ee03b50a0312b-primary.sqlite.bz2: [Errno 14] HTTP Error 404: Not Found Trying other mirror. http://mirror.us.leaseweb.net/epel/5/x86_64/repodata/d7e9a86e48be583371a8d5a3055017b313dd6cc92d57147c6c8ee03b50a0312b-primary.sqlite.bz2: [Errno 14] HTTP Error 404: Not Found Trying other mirror. epel/primary_db | 0 B 00:00 ftp://mirror.cs.princeton.edu/pub/mirrors/fedora-epel/5/x86_64/repodata/d7e9a86e48be583371a8d5a3055017b313dd6cc92d57147c6c8ee03b50a0312b-primary.sqlite.bz2: [Errno -3] Error performing checksum Trying other mirror. and so on and so on. Funny cuz that long number file d7e9a86e48be583371a8d5a3055017b313dd6cc92d57147c6c8ee03b50a0312b-primary.sqlite.bz2 doesn't exist when I look at it with a web browser... Doug. On Thu, Dec 1, 2011 at 4:09 PM, Gonzalo Servat gser...@gmail.com wrote: Try the EPEL repo -- http://fedoraproject.org/wiki/EPEL. - Gonzalo On Fri, Dec 2, 2011 at 11:07 AM, Douglas Garstang doug.garst...@gmail.com wrote: On Thu, Dec 1, 2011 at 4:03 PM, Michael Stahnke stah...@puppetlabs.com wrote: Puppet works fine on OEL. You can add yum.puppetlabs.com as a repo and use the el based stuff. rpm -Uvh http://yum.puppetlabs.com/el/5/products/i386/puppetlabs-release-5-1.noarch.rpm That should get you going. Mike Mike, Almost see below. As I said, there are NO other repo's installed. I guess puppet doesn't provide ruby-augeas... $ yum install puppet Loaded plugins: security Setting up Install Process Resolving Dependencies -- Running transaction check --- Package puppet.i386 0:2.7.1-1 set to be updated -- Processing Dependency: facter = 1.5 for package: puppet -- Processing Dependency: ruby-augeas for package: puppet --- Package puppet.x86_64 0:2.7.1-1 set to be updated -- Processing Dependency: ruby-augeas for package: puppet -- Running transaction check --- Package facter.i386 0:1.6.0-1 set to be updated --- Package puppet.i386 0:2.7.1-1 set to be updated -- Processing Dependency: ruby-augeas for package: puppet --- Package puppet.x86_64 0:2.7.1-1 set to be updated -- Processing Dependency: ruby-augeas for package: puppet -- Finished Dependency Resolution puppet-2.7.1-1.i386 from puppetlabs-products has depsolving problems -- Missing Dependency: ruby-augeas is needed by package puppet-2.7.1-1.i386
Re: [Puppet Users] Re: Hostname fact doesn't handle hostnames with periods
You are confusing Standards (RFC) and POSIX. They are typically mutually exclusive in their roles. RFC dictates the standards the information should be presented. POSIX dictates the API that the information is obtained. The difference can be plainly seen in message protocols, like smtp. http://nemo.its.uiowa.edu/reference/sendmail-rfc.html I would rather facter had a way to override fact definitions, so I could use custom facts for things like hostname. Instead of having Facter.add(:hostname) it would be Facter.replace(:hostname), then the problem would be solved by creating a custom hostname and domain facts for people who want to go against the standards. In fact the idea of replacing facts with custom facts might be handy in other situations and I vote to have that added instead of changing how facter pulls information. Although until sometime as that is in place you can always modify the hostname.rb and domain.rb in facter lib to present the data the way you want it for your environment. On Fri, Oct 7, 2011 at 11:54 AM, easybeats dext...@gmail.com wrote: Hi Tim, IMO, you've got to be clear what the underlying information model that puppet / facter supports is. In particular, if you simply say that the facts are the data reported by the underlying tools, then you've got zero abstraction of the model and it's 'an exercise for the user to handle the differences between platforms. I agree with you there needs to be clarity as to what standard/ information model is to be supported. To me there are two standards in operation here and an assumption being made. At this time to me DNS is assumed to be the only valid overarching directory service and naming standard. POSIX the underlying Unix standard makes no such assumptions as to which overarching directory service or naming standard will be in operation. Hypothetically should a site admin choose to support WINS (heaven forbid) or some other standard, POSIX which has portability in mind caters for that. I concede DNS is the most widely used directory standard, naming service around but it is still an assumption. If DNS is the only valid naming standard that can apply to the hostname is to the exclusion of IEEE Std 1003.1-2008 (POSIX:2008) which to my knowledge doesn't comment on the restriction of character sets for hostnames, so currently puppet at this point in time can not report on a POSIX compliant hostname from the Kernel if it contains a period (.). (NB if puppet were to support this I'm suggesting a different fact so as to not interfer with current operations) http://pubs.opengroup.org/onlinepubs/9699919799/functions/uname.html If to support multiplatform (IE Windows), one must allow for and consider other valid directory naming standards and directory services and or the underlying OS standard. Alternatively, you can define a canonical ontology and how the different tools map onto that ontology. Even with such an ontology, you probably need to include platform specific types in the data model. fwiw, I'm also a big fan of encouraging best practice in the use of the tools, so in this instance, the teaching/documentation would show how to avoid naming pitfalls introduced by differences in standards and how to remediate an environment that's fallen into such a trap. Otherwise, the tools get bogged down in handling nasty inconsistencies, which are impossible to cope with cleanly in code as they depend on implicit or explicit customer organisational policies - and the tool gets blamed for any shortfalls, while the organisation keeps digging itself deeper into the trap. I agree with promoting best practice, however which standard(s) is/are to be supported on a given platform should be taken into account. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Exec {rake db:mgirate } not working
One thing you might want to try, which could resolve the issue is use cwd meta for exec. I would also split the actions up, like below, with refreshonly meta set to true so it doesnt execute them on every puppet run. You would need a resource that would trigger them, like package install or something. exec { redmine-db-migrate: command = rake db:migrate, refreshonly = true } exec { redmine-install-gems: command = rake gems:install, refreshonly = true, notify = Exec[redmine-db-migrate] } On Fri, Oct 7, 2011 at 5:03 PM, damniamgood kotharini...@gmail.com wrote: Hello, I have master and agent puppet server setup and i am running the manifest which includes the exec block exec{install-gems: command = cd /opt/redmine/current rake gems:install rake db:migrate, } When i run on the client side , the execution of the install-gems fails and returns non-zero. Can you possibly tell the reason ? Is there any other way to handle this.? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] RFC: Being able to exclude resources from reporting.
I could see a use case for it. When generating the facts.yaml for use with mcollective, the reports are showing always at 1 change because of that even if I set the log level to debug. That file will always change every run because the information stored in facter is changes with each run. I can't think of another use case but I'm sure there might be others. On Oct 4, 2011, at 1:30 PM, Daniel Pittman wrote: On Tue, Oct 4, 2011 at 10:16, Nigel Kersten ni...@puppetlabs.com wrote: As per: https://projects.puppetlabs.com/issues/7555 it looks like we've got some use cases around excluding some resources from being reported on to reduce noise. This feels like solving the problem on the wrong side to me. Should we implement a metaparameter like this? Do the use cases justify breaking the consistency of the model (report on everything) ? This is worse than that: it bakes in the assumption that the reports are *not* a graph, or that we can just discard structural elements in that graph, by allowing us to ditch what would otherwise be a vertex. One of the proposed enhancements to the report - which I think is hugely valuable - is that we return the augmented graph from the client side, where things like file recursion, or autorequires, can change the catalog we sent down. Excluding something from that may be a huge structural change, and it is certainly going to make correlation between that graph and the original catalog extremely difficult to discover. So, no, I do not believe we should support this. Better, I think, to support that feature in our reporting tools, or make it easier for people to build that in their tools. Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Hostname fact doesn't handle hostnames with periods
If facter switched to using uname on unix/linux, it would be a problem. If I type uname -n it will spit out the fqdn to me. If I type hostname -s, it gives me the short, the actual hostname. I don't think a switch like that will solve the original issue provided. On Oct 4, 2011, at 6:20 AM, Ken Barber wrote: So again quoting Dexter (who should really be participating in this discussion himself :-P). Perhaps a more POSIX purist set of facts based around the posix/opengroup standards would be desirable: http://pubs.opengroup.org/onlinepubs/009604599/basedefs/sys/utsname.h.html http://pubs.opengroup.org/onlinepubs/009695399/utilities/uname.html For example ... uname_nodename: is uname -n only and isn't contrived uname_release: is uname -r uname_version: is uname -v ...etc... This duplicates a lot of facts in behaviour - but sticks to the posix compliance interpretation only. I'm not 100% on weither this is the correct approach but the idea sounds sane enough - the question is really if it is core worthy or not. If this is implemented how many people would prefer or use this directly (besides Doug of course - who has made his sentiments clear :-P)? My main concern here is that this implementation is not truly cross-platform - only POSIX specific (which is pretty good coverage anyway - but not complete). The point and vision of facter (and most puppet resources) is to provide cross-os compatibility where possible if anything providing a later that binds POSIX and other non-posix OS to one type of data ... so I see these facts as binding puppet content to POSIX only machines. So while the interface may be there ... we would want to be careful to avoid using it directly in cross-os resources and puppet code. Having said that, this would not be the first time we have had to provide OS specific facts :-). IMO - If implemented I can envision providing this interface and on POSIX machines just using these facts to glean things like 'kernelversion' on compatible machines instead of duplicating the uname -v call again. ken. On Mon, Oct 3, 2011 at 11:59 PM, Doug Balmer doug.bal...@gmail.com wrote: about. In fact, I think if you were to use periods it would confuse DNS resolve because it follows the same convention as stated in the RFC. If I were external trying to look up host.server.domain.com, my DNS would try to look for a nameserver for server.domain.com. You would still be forced to use a new zone file for server.domain.com. man resolv.conf See options ndots If I have a host with FQDN foo.bar.example.com and I have options ndots:2\nsearch example.com in /etc/resolv.conf then I can resolve foo.bar. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Hostname fact doesn't handle hostnames with periods
I think you missed the point I was trying to convey. Anyway you want to try to flip it, you are still going against the grain with using a period in the hostname. Even libc it states what a hostname is and what a fqdn is, see below. So if libc defines a hostname like below, then facter will be the least of your issues down the road. In DNS, the full host name is properly called the FQDN (Fully Qualified Domain Name) and consists of the hostname, then a period, then the domain name. The domain name itself usually has multiple components separated by periods. So for example, a system's hostname may be ‘chicken’ and its domain name might be ‘ai.mit.edu’, so its FQDN (which is its host name) is ‘chicken.ai.mit.edu’. http://www.gnu.org/s/hello/manual/libc/Host-Identification.html On Oct 3, 2011, at 6:59 PM, Doug Balmer wrote: about. In fact, I think if you were to use periods it would confuse DNS resolve because it follows the same convention as stated in the RFC. If I were external trying to look up host.server.domain.com, my DNS would try to look for a nameserver for server.domain.com. You would still be forced to use a new zone file for server.domain.com. man resolv.conf See options ndots If I have a host with FQDN foo.bar.example.com and I have options ndots:2\nsearch example.com in /etc/resolv.conf then I can resolve foo.bar. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] mysql database
No that is one of the ways to do it. The alternative is to write your own provider and type. As for whether your method is correct, if it is working for you and scales then its the correct procedure for you. On Sun, Oct 2, 2011 at 11:41 AM, CHEBRIAN ksd@gmail.com wrote: Hi, How to create mysql database thru puppet. I fired thru exec . it it creating. but i feel it is not a correct procedure. Please share your suggestions -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] run puppet service type with specific user
Take a look at http://www.yolinux.com/TUTORIALS/LinuxTutorialInitProcess.html I forget exactly the usage of the daemon but you need to include the functions, which is shown at the init script example. If you read that functions file it will give you an idea of how to use it to start up a service and have it run as a different user. On Sat, Sep 24, 2011 at 7:31 AM, Dieter De Meyer dieterdeme...@gmail.comwrote: Thanks for the reply. I modified the rc script to run as a user. But now I'm facing the following problem: I have to include some nasty puppet code for adding the service before i can use the service resource type. And the service resource type returns ok, but the service is in fact not started. When i do it manually, it requires a password for that user. So, I tried to manage the user with puppet and provided a password, but get the message: Provider useradd does not support features manages_passwords; not managing attribute password I know this is a problem with Puppet and CentOS, but I have ruby-shadow and shadow-utils installed on my CentOS 6.0 VM. I also don't know if this is going to help with starting the service. I want to use the service type to start the service with a specific user, but without asking for a password. Any help would be appreciated. Regards. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/9sm5V3MccfoJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Deployment of applications
Thats because puppet isn't a tool meant to build applications from source. You could do it but its one of those things where it doesn't make sense. If you need to build from SVN, you might as well look at something like Jenkins that can monitor an SCM and pull out changes and do a bunch of things around it. Then package it up into an RPM, which puppet handles nicely from my experience. run deck might be a good solution for you on your problem in terms of deploying to one system first before the others. If you had the knowledge with writing web applications you could easily use MCollective to do that too and put a nice GUI in front of the job. On Sep 13, 2011, at 6:33 PM, Ashley Penney wrote: can't think of any other good way to say do a one time run of project::build_core on the following matching nodes: x, y, z. I am really just using rundeck for the equivalent of that. Other things I would think of using this for is handling deploying a bunch of servers where server 1 has to be fully provisioned before 2 and on 2 at least one service has to be up before 3 can do its thing. It's something that's still a hassle to do well within Puppet. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Source of external node data?
It depends on the job you want to do. My project we use an oracle db backend to store our whole environment information for application deployments. So we have a ruby DSL class that is an entry point where it looks up the node in the database and processes it depending on its function. The solution depends on how complex you need it to be. On Sep 15, 2011, at 5:32 PM, Douglas Garstang wrote: I asked this question a few weeks ago. Didn't get a reply, so I thought I'd try again. Where are people more likely to source external node data from? a) By using extlookup, hiera etc within each puppet module to load data specific to that module, OR b) Having the external node script source everything at once from, say a database, and then dump all the variables that the node will ever need. ? Doug. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
RE: [Puppet Users] Re: how to do conditional check?
I haven’t used torque or yaim but what you want to do in a fact is something like this to determine installation. if File.exists?('/path/to/config') end I don’t usually install anything on a system without doing it in puppet, so I don’t typically write facts to find out if something is installed or not. -Original Message- From: puppet-users@googlegroups.com [mailto:puppet-users@googlegroups.com] On Behalf Of Sans Sent: Tuesday, June 14, 2011 10:01 AM To: Puppet Users Subject: [Puppet Users] Re: how to do conditional check? On Jun 14, 2:48 pm, Patrick kc7...@gmail.com wrote: 1) Why not use puppet to decide if Torque should be installed in the first place? Then you can use that logic to decide if the file should be created/put in place? I can't: torque is a vital part of the middleware, which needs to be installed and configured at the time of middleware installation. And n the other hand, I use Puppet to prepare the environment for the middleware to be installed (by yaim). After that installation (and initial configuration), I wanna make sure that config file is always there with correct values. 2) Does is matter if you create the file if the package isn't installed? As I explained above, if the I create the [especially] the directory- path, yaim will skip a things, thinking it's an upgrade or re-install, even though installing for first time. Hope, I've made it a bit clearer now. Cheers!! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
RE: [Puppet Users] Re: how to do conditional check?
Not sure if it does, I'm going with the assumption it would not. Though there is a Dir.exists that you could use. -Original Message- From: puppet-users@googlegroups.com [mailto:puppet-users@googlegroups.com] On Behalf Of Sans Sent: Tuesday, June 14, 2011 1:54 PM To: Puppet Users Subject: [Puppet Users] Re: how to do conditional check? On Jun 14, 6:12 pm, Matthew Black mjbl...@gmail.com wrote: I haven’t used torque or yaim but what you want to do in a fact is something like this to determine installation. if File.exists?('/path/to/config') Does it work for directory as well? -San -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
RE: [Puppet Users] Re: how to do conditional check?
After reading the other responses my question to you is what exactly are you attempting to do? -Original Message- From: puppet-users@googlegroups.com [mailto:puppet-users@googlegroups.com] On Behalf Of Sans Sent: Monday, June 13, 2011 5:22 AM To: Puppet Users Subject: [Puppet Users] Re: how to do conditional check? Any suggestion from anyone else? Is there a way to check if a directory (or file) already exists, then do something in Puppet? Cheers!! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: how to do conditional check?
Sounds like what you want to do is to create a fact to find out that status of whether torque is installed or not. As for the configuration file, without better understanding the contents of the file, I would in conjunction with the fact do a file resource surrounded by an if statement that utilizes the fact. If its something that is pretty much the same across the board except for some values, like host names or what not, then you could use templates to create the file and keep it that way. so for example if $torque_installed == true { file { '/var/torque/mom_priv/config': ensure = present, content = template(...) } } On Mon, Jun 13, 2011 at 8:00 PM, Sans r.santanu@gmail.com wrote: Well, the file I mention is actually one of the Torque (formerly PBS batch system) config file (location: /var/torque/mom_priv/config), which is auto generated by yaim but the thing is: if the file is already there yaim won't touch it. Let's just say that I don't want yaim to create this file (it messes it up very often and ended up with wrong value) but wanna make sure that the file is in correct shape, otherwise jobs won't run properly. On the other hand, that file doesn't mean anything at all, if Torque is not install in the first place. That's why I want to put that check in. Cheers!! On Jun 13, 6:50 pm, Matthew Black mjbl...@gmail.com wrote: After reading the other responses my question to you is what exactly are you attempting to do? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
RE: [Puppet Users] Re: How do I enable repositories and install packages
It fails because the yum repository by default is requiring the package be signed. If you update the repo configuration, with the option below, you would not need to do a --nogpgcheck with the package install. The only other time that this option would not work is if you are doing a localinstall via yum, which there is no repo configuration involved. gpgcheck=0 -Original Message- From: puppet-users@googlegroups.com [mailto:puppet-users@googlegroups.com] On Behalf Of hyzhang Sent: Friday, June 03, 2011 1:11 PM To: Puppet Users Subject: [Puppet Users] Re: How do I enable repositories and install packages Thank you all for the response. I applied the patch. It seems work partially, but failed due to packages is not signed. So that raises another question - is there a puppet patch for nogpgcheck? On Jun 1, 12:41 pm, Jacob Helwig ja...@puppetlabs.com wrote: If you want to enable the repositories on a per-package basis as was shown in the examples (with the --enablerepo flag), then you'll definitely want to watch vote for #4113[1]. If you want to have the repositories always enabled, then you should be able to do that through the yum configuration. I'm not all that familiar with the details though since I've tended not to use the RPM based systems. [1]http://projects.puppetlabs.com/issues/4113 -- Jacob Helwig On Wed, 01 Jun 2011 09:31:51 -0700, Nathan Clemons wrote: The package resource type will allow you to install packages via Yum, but does not (last I checked) support specifying repos to enable/disable (which I'd dearly love if it was added). Which means you either get to write your own extension to package to add that functionality, or use exec. -- Nathan Clemons http://www.livemocha.com The worlds largest online language learning community On Wed, Jun 1, 2011 at 9:19 AM, hyzhang hyzh...@jcvi.org wrote: Hi, My shell script is as below. How do I translate them to puppet language? I think I can use exec directly. But is there a better way? /usr/bin/yum clean all /bin/echo -e \n/usr/bin/yum -y --enablerepo=base,rpmforge install mplayer mplayer-skins /usr/bin/yum -y --enablerepo=base,rpmforge install mplayer mplayer- skins /usr/bin/yum clean all /bin/echo -e \n/usr/bin/yum -y --nogpgcheck install RealPlayer AdobeReader_enu flash-plugin /usr/bin/yum -y --nogpgcheck install RealPlayer AdobeReader_enu flash- plugin /usr/bin/yum clean all /bin/echo -e \n/usr/bin/yum -y --enablerepo=base install pidgin /usr/bin/yum -y --enablerepo=base install pidgin Thanks, -Haiyan signature.asc 1KViewDownload -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ruby dsl manifests
Thanks for the reply, from what you said it might be better for me to go about it in a different direction. On Thu, Jun 2, 2011 at 1:07 AM, Dan Bode d...@puppetlabs.com wrote: you should be able to do something like: call_function(:defined, 'Foo['bar']') just keep in mind that the defined function (or anything for resource detection) is parse order dependent which can lead to unexpected results. On Wed, Jun 1, 2011 at 9:04 PM, Matt mjbl...@gmail.com wrote: I've been searching and havent found an answer yet. Is there a scope or variable that I can parse to find out if a resource is defined? I know there is the defined command in puppet manifests. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How to check if a package exists
You can put a requires in the file resource require = Package[packagename] then it will install the package first then put in the symlink. On Sat, Apr 30, 2011 at 5:12 AM, Sans r.santanu@gmail.com wrote: Dear all, I'm trying to do this. Say for example, I want this link: liblcgdm.so - liblcgdm.so.1.8.0 to be present on the client only if lcgdm- libs-1.8.0-1sec.sl5 is already listed. I already have this to create the link: file { 'liblcgdm.so': ensure = symlink, name = '/opt/lcg/lib/liblcgdm.so', target = 'liblcgdm.so.1.8.0'; } but how do I check the existence of that particular package beforehand? Thanks in advance for your time. Cheers!! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] learning, but puppet does not detect change
I think there is some confusion, where is the ntp manifest located? Is it in its own module or the site manifest directory. If its the latter, then you need to import that manifest into the site manifest. If its a module, then you still need to do the import for the module. Try updating your site manifest with an import of ntp. So your site manifest should be import nodes import ntp On Fri, Mar 4, 2011 at 2:19 PM, mark bradley gopearl...@gmail.com wrote: Hi, My site.pp: [root@S manifests]# cat /etc/puppet/manifests/site.pp import nodes.pp [root@S manifests]# I copied ntp.pp into init.pp as you've suggested: [root@S manifests]# cp ntp.pp init.pp [root@S manifests]# diff ntp.pp init.pp [root@S manifests]# I started the server as follows: [root@S training]# puppet master --debug The results of running the command normally: [root@S ~]# puppet agent --test --server=S.domain.com info: Caching catalog for S.domain.com info: Applying configuration version '1299265059' notice: Finished catalog run in 0.07 seconds [root@S ~]# with the (master) output in the log file as: Mar 4 14:07:50 S puppet-master[5716]: Expiring the node cache of S.domain.com Mar 4 14:07:50 S puppet-master[5716]: Not using expired node for S.domain.com from cache; expired at Fri Mar 04 14:06:50 -0500 2011 Mar 4 14:07:50 S puppet-master[5716]: Caching node for S.domain.com Mar 4 14:07:51 S puppet-master[5716]: Compiled catalog for S.domain.comin environment production in 0.24 seconds Mar 4 14:07:51 S puppet-agent[7169]: Caching catalog for S.domain.com Mar 4 14:07:51 S puppet-agent[7169]: Applying configuration version '1299265059' Mar 4 14:07:51 S puppet-agent[7169]: Finished catalog run in 0.07 seconds The output from your suggested command (with -d -v) provided as an attachment. root@S manifests]# puppet agent --test --server=S.domain.com -d -v /tmp/bar.txt [root@S manifests]# wc -l /tmp/bar.txt 214 /tmp/bar.txt [root@S manifests]# Thanks very much for any help, Mark On Sat, Feb 26, 2011 at 10:15 PM, yzhk...@gmail.com yzhk...@gmail.com wrote: 1、site.pp: import nodes.pp 2、ntp.ppshould be $module_path/manifests/init.pp 3、puppet agent --test --server=S -d -v Have a look at http://projects.puppetlabs.com/projects/puppet/wiki/Puppet_Best_Practice On Sun, Feb 27, 2011 at 8:01 AM, mark bradley gopearl...@gmail.com wrote: Hi, I've just installed Puppet on two CentOS 5.5 servers, S for A. A does not have the ntp package installed nor of course ntp running. The Puppet server is started on S with the ntp class from this tutorial: http://bitfieldconsulting.com/puppet-tutorial (included below) however when I run the agent on A it don't produce a notice that a change needs to be applied: root@A ~]# puppet agent --test --server=S info: Caching catalog for A.domain.com info: Applying configuration version '1298756440' notice: Finished catalog run in 0.07 seconds [root@A ~]# Apparently it should not notifying me that ntp needs to be installed and started. ntp.pp on S: class ntp { package { ntp: ensure = installed } service { ntp: ensure = running } } nodes.pp on S: node A { include ntp } Did I miss some crucial set in the installation or configuration? I know it's seeing the files since if I introduce syntax errors into them Puppet complains. Thanks for any help, Mark -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] External CA: Could not run: Could not retrieve certificate for puppetsrv and not running on a valid certificate authority
That process still works, but you need to have a CA puppet master, a non-CA puppet master, and one client for that to work. The client needs to be told where the CA server is though which in that link tells you how to update the puppet.conf. I use this process and it works great, there was some tweaking needing for it to work for 2.6 On Sat, Mar 5, 2011 at 4:53 PM, Mohamed Lrhazi lrh...@gmail.com wrote: I just run into the same issue... I was trying to follow this procedure: http://bodepd.com/wordpress/?p=7 My goal is to be able to run my nodes against either of two puppetmasters My first master starts fine, but the second dies with this same error: Could not run: Could not retrieve certificate for puppetmaster-fqdn and not running on a valid certificate authority Is the procedure outdated? Is it supposed to work with puppet 2.6 ? Thanks, Mohamed. On Thu, Aug 19, 2010 at 2:38 PM, Yushu Yao yao.yu...@gmail.com wrote: Hi Experts, I'm trying to generate my own certificates (all of them, including certs for CA, server and client) for puppet to use. and I'm getting Could not run: Could not retrieve certificate for puppetsrv and not running on a valid certificate authority Just wondering what the problem could be? What I did is: 1. generate a self signed CA cert, and save the files to ca.crt, ca.prk, ca.puk, ca.pass. 2. generate a keypair, request, then sign with the above CA and save the files ssldir/public_keys/puppetsrv.pem, ssldir/private_keys/puppetsrv.pem, ssldir/certificate_requests/puppetsrv.pem, ssldir/certs/puppetsrv.pem (All certs work fine with openssl verify) 3. Puppet configuration file: ca = false cakey=$ssldir/ca.prk passfile=$ssldir/ca.pass cacert=$ssldir/ca.crt capub=$ssldir/ca.puk 4. run puppet master: /usr/sbin/puppetmasterd --no-daemonize --verbose --debug --certname puppetsrv Full log (added some breakpoints and printed some tracebacks): debug: Failed to load library 'selinux' for feature 'selinux' debug: Failed to load library 'ldap' for feature 'ldap' debug: /File[/opt/cloudcrv/varpuppet/lib]: Autorequiring File[/opt/cloudcrv/varpuppet] debug: /File[/opt/cloudcrv/confpuppet/puppet.conf]: Autorequiring File[/opt/cloudcrv/confpuppet] debug: /File[/opt/cloudcrv/varpuppet/run/puppetmasterd.pid]: Autorequiring File[/opt/cloudcrv/varpuppet/run] debug: /File[/opt/cloudcrv/varpuppet/ssl/certs/puppetsrv.pem]: Autorequiring File[/opt/cloudcrv/varpuppet/ssl/certs] debug: /File[/opt/cloudcrv/varpuppet/ssl/private]: Autorequiring File[/opt/cloudcrv/varpuppet/ssl] debug: /File[/opt/cloudcrv/varpuppet/rrd]: Autorequiring File[/opt/cloudcrv/varpuppet] debug: /File[/opt/cloudcrv/varpuppet/bucket]: Autorequiring File[/opt/cloudcrv/varpuppet] debug: /File[/opt/cloudcrv/varpuppet/log]: Autorequiring File[/opt/cloudcrv/varpuppet] debug: /File[/opt/cloudcrv/varpuppet/facts]: Autorequiring File[/opt/cloudcrv/varpuppet] debug: /File[/opt/cloudcrv/varpuppet/log/masterhttp.log]: Autorequiring File[/opt/cloudcrv/varpuppet/log] debug: /File[/opt/cloudcrv/varpuppet/ssl]: Autorequiring File[/opt/cloudcrv/varpuppet] debug: /File[/opt/cloudcrv/varpuppet/state]: Autorequiring File[/opt/cloudcrv/varpuppet] debug: /File[/opt/cloudcrv/confpuppet/fileserver.conf]: Autorequiring File[/opt/cloudcrv/confpuppet] debug: /File[/opt/cloudcrv/varpuppet/ssl/certificate_requests]: Autorequiring File[/opt/cloudcrv/varpuppet/ssl] debug: /File[/opt/cloudcrv/confpuppet/auth.conf]: Autorequiring File[/opt/cloudcrv/confpuppet] debug: /File[/opt/cloudcrv/confpuppet/manifests]: Autorequiring File[/opt/cloudcrv/confpuppet] debug: /File[/opt/cloudcrv/varpuppet/ssl/public_keys/puppetsrv.pem]: Autorequiring File[/opt/cloudcrv/varpuppet/ssl/public_keys] debug: /File[/opt/cloudcrv/varpuppet/yaml]: Autorequiring File[/opt/cloudcrv/varpuppet] debug: /File[/opt/cloudcrv/varpuppet/reports]: Autorequiring File[/opt/cloudcrv/varpuppet] debug: /File[/opt/cloudcrv/varpuppet/ssl/public_keys]: Autorequiring File[/opt/cloudcrv/varpuppet/ssl] debug: /File[/opt/cloudcrv/varpuppet/ssl/certs]: Autorequiring File[/opt/cloudcrv/varpuppet/ssl] debug: /File[/opt/cloudcrv/varpuppet/ssl/private_keys]: Autorequiring File[/opt/cloudcrv/varpuppet/ssl] debug: /File[/opt/cloudcrv/varpuppet/run]: Autorequiring File[/opt/cloudcrv/varpuppet] debug: /File[/opt/cloudcrv/varpuppet/ssl/private_keys]: Changing mode debug: /File[/opt/cloudcrv/varpuppet/ssl/private_keys]: 1 change(s) debug: /File[/opt/cloudcrv/varpuppet/ssl/private_keys]/mode: mode changed '755' to '750' debug: /File[/opt/cloudcrv/varpuppet/ssl/private]: Changing ensure debug: /File[/opt/cloudcrv/varpuppet/ssl/private]: 1 change(s) debug: /File[/opt/cloudcrv/varpuppet/ssl/private]/ensure: created debug: Finishing transaction 70044884792200 with 2 changes
Re: [Puppet Users] External CA: Could not run: Could not retrieve certificate for puppetsrv and not running on a valid certificate authority
I had to add this to my puppet conf files for the master section. ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY The one error you see from generating the cert is fine because its trying to delete the non-existent CSR, which is because you generated. On Sat, Mar 5, 2011 at 6:06 PM, Mohamed Lrhazi lrh...@gmail.com wrote: I guess it's the tweaks fo 2.6 that I must be missing... Here is my process: On puppetmaster1: sudo rm -rf /etc/puppet/ssl /var/lib/puppet/ssl sudo puppet cert --generate --certdnsnames puppet.uis.example.com:puppet.example.com:puppet puppet-prod.uis.example.com sudo puppet cert --generate --certdnsnames puppet-test.uis.example.com:puppet-test.example.com:puppet-test pirates.uis.example.com Note: these last two commands seem to work, even though they also print an error: The first command for example prints this: notice: Signed certificate request for ca notice: Rebuilding inventory file notice: puppet-prod.uis.example.com has a waiting certificate request notice: Signed certificate request for puppet-prod.uis.example.com notice: Removing file Puppet::SSL::CertificateRequest puppet-prod.uis.example.com at '/var/lib/puppet/ssl/ca/requests/puppet-prod.uis.example.com.pem' notice: Removing file Puppet::SSL::CertificateRequest puppet-prod.uis.example.com at '/var/lib/puppet/ssl/certificate_requests/puppet-prod.uis.example.com.pem' err: Could not call generate: Could not find certificate request for puppet-prod.uis.example.com Why is that? anyways, continuing, I edit puppet.conf to add: [master] certname=puppet-prod.uis.example.com ca=true Now starting puppet master seems to work fine, no errors. Now, on puppetmaster2: sudo rm -rf /etc/puppet/ssl /var/lib/puppet/ssl copy these thre files from puppetmaster1, to puppetmaster2 /var/lib/puppet/ssl/private_keys/pirates.uis.example.com.pem /var/lib/puppet/ssl/ca/signed/pirates.uis.example.com.pem /var/lib/puppet/ssl/ca/ca_crt.pem I put the certs in /var/lib/puppet/ssl/certs and the key in /var/lib/puppet/ssl/private_keys Edit puppet.conf to have: [master] certname=pirates.uis.example.com ca=false ca_server=puppet-prod.uis.example.com Now starting the puppet master fails with error: Could not run: Could not retrieve certificate for pirates.uis.example.com and not running on a valid certificate authority What am I doing wrong? Thanks, Mohamed. On Sat, Mar 5, 2011 at 5:25 PM, Matthew Black mjbl...@gmail.com wrote: That process still works, but you need to have a CA puppet master, a non-CA puppet master, and one client for that to work. The client needs to be told where the CA server is though which in that link tells you how to update the puppet.conf. I use this process and it works great, there was some tweaking needing for it to work for 2.6 On Sat, Mar 5, 2011 at 4:53 PM, Mohamed Lrhazi lrh...@gmail.com wrote: I just run into the same issue... I was trying to follow this procedure: http://bodepd.com/wordpress/?p=7 My goal is to be able to run my nodes against either of two puppetmasters My first master starts fine, but the second dies with this same error: Could not run: Could not retrieve certificate for puppetmaster-fqdn and not running on a valid certificate authority Is the procedure outdated? Is it supposed to work with puppet 2.6 ? Thanks, Mohamed. On Thu, Aug 19, 2010 at 2:38 PM, Yushu Yao yao.yu...@gmail.com wrote: Hi Experts, I'm trying to generate my own certificates (all of them, including certs for CA, server and client) for puppet to use. and I'm getting Could not run: Could not retrieve certificate for puppetsrv and not running on a valid certificate authority Just wondering what the problem could be? What I did is: 1. generate a self signed CA cert, and save the files to ca.crt, ca.prk, ca.puk, ca.pass. 2. generate a keypair, request, then sign with the above CA and save the files ssldir/public_keys/puppetsrv.pem, ssldir/private_keys/puppetsrv.pem, ssldir/certificate_requests/puppetsrv.pem, ssldir/certs/puppetsrv.pem (All certs work fine with openssl verify) 3. Puppet configuration file: ca = false cakey=$ssldir/ca.prk passfile=$ssldir/ca.pass cacert=$ssldir/ca.crt capub=$ssldir/ca.puk 4. run puppet master: /usr/sbin/puppetmasterd --no-daemonize --verbose --debug --certname puppetsrv Full log (added some breakpoints and printed some tracebacks): debug: Failed to load library 'selinux' for feature 'selinux' debug: Failed to load library 'ldap' for feature 'ldap' debug: /File[/opt/cloudcrv/varpuppet/lib]: Autorequiring File[/opt/cloudcrv/varpuppet] debug: /File[/opt/cloudcrv/confpuppet/puppet.conf]: Autorequiring File[/opt/cloudcrv/confpuppet] debug: /File[/opt/cloudcrv/varpuppet/run/puppetmasterd.pid
Re: [Puppet Users] apache vhosts in puppet
looks like you're not including the apache class, which has the definition that puppet is complaining about. On Wed, Mar 2, 2011 at 7:58 PM, Tim Dunphy bluethu...@gmail.com wrote: hello puppet list!! I sincerely appreciate your help in the past and hope you don't mind me bouncing this scenario off of you. I am attempting to define apache vhosts with a puppet module but things are not going according to plan at the moment ## error [root@kromep1 ~]# puppetd --test info: Caching catalog for kromep1.example.net err: Could not run Puppet configuration client: Could not find dependent Service[httpd] for File[/etc/httpd/conf.d/web1.ops.example.com.conf] at /etc/puppet/modules/apache/manifests/virtual_host.pp:11 ## /etc/puppet/modules/apache/init.pp class apache { $packagelist = [httpd,webalizer,mod_ssl] package { $packagelist: ensure = installed } apache::apache_files { /etc/httpd/conf/httpd.conf: source = puppet:///apache/httpd.conf } service { httpd: enable = true, ensure = running, hasrestart = true, hasstatus = true, require = Package[httpd] } } ## /etc/puppet/modules/apache/manifests/virtual_host.pp define apache::virtual_host($ip, $ensure = enabled) { $file = /etc/httpd/conf.d/$name.conf $document_root = /var/www/html/$name file { $file: ensure = $ensure ? { enabled = present, disabled = absent }, content = template(apache/virtual_host.erb), notify = Service[httpd] } file { $document_root: ensure = $ensure ? { enabled = directory, disabled = absent }, require = File[$file] } } # /etc/puppet/modules/apache/templates/virutal_host.erb VirtualHost %= ip % DocumentRoot %= document_root % ServerName %= name % /VirtualHost ## /etc/puppet/manifests/nodes.pp node 'mclient.example.net' inherits webserver { } node 'kromep1.example.net' inherits mailserver { apache::virtual_host { ext-kromep1.ops.example.com: ip = 50.xx.xxx.255 } apache::virtual_host { web1.ops.example.com: ip = 50.xx.xxx.255 } } node 'kromep2.example.net' inherits webserver { apache::virtual_host { web2.ops.example.com: ip = 174.xx.xxx.60 } } node 'kromedb1.example.net' inherits dbserver { } I would like to take this opportunity to thank you again. the puppet community has been amazing!! all help that has been rendered and any that may be is sincerely appreciated! tim -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] problems creating a user
Inside my basenode definiton, which is being inherited by another node definition it is doing realize(User[admin],Group[admin]) The strange thing is if remove the specified node definition and just have the basenode it works correctly. On Tue, Feb 1, 2011 at 12:59 PM, Jeff McCune j...@puppetlabs.com wrote: How are you realizing the user? -- Jeff McCune - (+1-503-208-4484) On Feb 1, 2011, at 12:54 PM, Matt mjbl...@gmail.com wrote: I have this problem where I'm trying to create a user and the error message I am getting is: err: Could not run Puppet configuration client: Could not find user admin Here is what I have in the manifest and I am realizing the user at the basenode level and all my nodes inherit the basenode. @user { admin: ensure = present, uid = 1100, gid = 1100, comment = Admin User, shell = /bin/bash, managehome = true, } @group { admin: ensure = present, gid = 1100 } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] problems creating a user
I tried what you suggested and it seems to have made no difference, I am still getting the same error. On Tue, Feb 1, 2011 at 1:30 PM, Jeff McCune j...@puppetlabs.com wrote: On Tue, Feb 1, 2011 at 1:20 PM, Matthew Black mjbl...@gmail.com wrote: Inside my basenode definiton, which is being inherited by another node definition it is doing realize(User[admin],Group[admin]) The strange thing is if remove the specified node definition and just have the basenode it works correctly. This may be a bug then. In general, I prefer User | title == admin | over realize(User[admin]), so you may want to try that. I'd also try using two realize calls with only one resource per call and trying an array: realize([ User[admin], Group[admin] ]) Hope this helps, -- Jeff McCune http://www.puppetlabs.com/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] problems creating a user
The virtual user is in a class, that class is included at the basenode. I did put a log message in there and on the master it is loading the class. From the master perspective it looks like everything is fine. On Tue, Feb 1, 2011 at 1:50 PM, Nan Liu n...@puppetlabs.com wrote: Really silly question here, is the virtual user in a class? In the basenode are you including the class that contains the virtual user? If the virtual user is in a class, can you put a notify resource in there to make sure the class is included as expected? HTH, Nan On Tue, Feb 1, 2011 at 10:39 AM, Matthew Black mjbl...@gmail.com wrote: I tried what you suggested and it seems to have made no difference, I am still getting the same error. On Tue, Feb 1, 2011 at 1:30 PM, Jeff McCune j...@puppetlabs.com wrote: On Tue, Feb 1, 2011 at 1:20 PM, Matthew Black mjbl...@gmail.com wrote: Inside my basenode definiton, which is being inherited by another node definition it is doing realize(User[admin],Group[admin]) The strange thing is if remove the specified node definition and just have the basenode it works correctly. This may be a bug then. In general, I prefer User | title == admin | over realize(User[admin]), so you may want to try that. I'd also try using two realize calls with only one resource per call and trying an array: realize([ User[admin], Group[admin] ]) Hope this helps, -- Jeff McCune http://www.puppetlabs.com/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
RE: [Puppet Users] use current array element when declaring multiple resources using an array
What you are looking for is a loop which does not exist in puppet, except for templates. I've never tried it but I've speculated it could be possible to create a manifest template and then use puppet to generate that manifest file in a similar fashion you are looking to do. -Original Message- From: puppet-users@googlegroups.com [mailto:puppet-us...@googlegroups.com] On Behalf Of luke.bigum Sent: Wednesday, November 10, 2010 10:19 AM To: Puppet Users Subject: [Puppet Users] use current array element when declaring multiple resources using an array Hi list, When declaring multiple resources at once with an array like this: file { [ foo, bar ]: ... } Is there a way to access the current array element so as to pass this value as a parameter? So the foo resource has a parameter value foo and bar with a parameter value bar? This is a broken example showing that Puppet looks to be evaluating owner = $array1 in it's entirety (and perhaps only taking the first element for a File resource?): $array1 = [ /tmp/one, /tmp/two, /tmp/three ] file { $array1: ensure = present, owner = $array1, } err: /Stage[main]/Test/File[/tmp/three]: Could not evaluate: Could not find user /tmp/one err: /Stage[main]/Test/File[/tmp/two]: Could not evaluate: Could not find user /tmp/one err: /Stage[main]/Test/File[/tmp/one]: Could not evaluate: Could not find user /tmp/one What I want to see is: err: /Stage[main]/Test/File[/tmp/three]: Could not evaluate: Could not find user /tmp/three err: /Stage[main]/Test/File[/tmp/two]: Could not evaluate: Could not find user /tmp/two err: /Stage[main]/Test/File[/tmp/one]: Could not evaluate: Could not find user /tmp/one Is there an equivalent of Perl's $_ variable? Perhaps with some inline_template Ruby magic? This would make some config I'm trying to write a great deal more concise. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
RE: [Puppet Users] Process to upgrade from 0.24.8 to 2.6.x ?
There was a big change from 0.25 to 2.6 and I believe you need to upgrade both client and server from what I remember. The best way to do is get a remote execution daemon like func and you could issue a command to all servers like yum upgrade puppet. -Original Message- From: puppet-users@googlegroups.com [mailto:puppet-us...@googlegroups.com] On Behalf Of Matt Wallace Sent: Wednesday, November 10, 2010 11:56 AM To: puppet-users@googlegroups.com Subject: Re: [Puppet Users] Process to upgrade from 0.24.8 to 2.6.x ? On Wednesday 10 Nov 2010 10:30:02 nemo wrote: Hello, I'm really kind of newbie in the Puppet's world but this tool is quite impressive. So I wish to thank the authors first and all people participating to this amazing project. Now get straight to business :) I'm responsible of a platform containing almost 100 servers all managed by Puppet in version 0.24.8 (clients and server). I know this is an outdated version and I'm in the process of upgrading to the latest version. Hence what should be the best approach to upgrade ? For information, servers run centos 5.5 64bit If you've got Epel installed, pull puppet from there instead of rpmforge - it's 0.25.$something and we're running it without issue here. The only caveat as far as I am aware is to upgrade the server first, then the clients, but I'm sure I'll be corrected on that if I'm wrong! :) We're not looking to upgrade to 0.26 any time soon because we don't need any of the fancy features (yet!). Cheers, M. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
RE: [Puppet Users] Re: multiple package installation at same location
An alternative is to have puppet push out the contents of the RPM instead of trying to install from RPM. The problem with RPM is its not designed to have two different packages owning the same files, but there are ways around it. You would need to install the RPM via the RPM command with --force to make RPM ignore the conflict. -Original Message- From: puppet-users@googlegroups.com [mailto:puppet-us...@googlegroups.com] On Behalf Of Bakul Sent: Tuesday, November 09, 2010 11:14 AM To: Puppet Users Subject: [Puppet Users] Re: multiple package installation at same location I know that would be better option but it's not possible to do it at this point (due to some non-technical issue). Is there anyway this can be handled in puppet. Thanks. On Nov 5, 8:26 am, jcbollinger john.bollin...@stjude.org wrote: On Nov 4, 3:28 pm, Bakul bakul.ghug...@gmail.com wrote: I'm trying to install 2 packages where 2nd packages replaces certain files from first packages. package { jboss: provider = yum, ensure = latest } package { jboss-fix: provider = yum, ensure = latest } This seems to error out with message like file ... from install of jboss-fix conflicts with file from package jboss On command line I can use sudo yum -y install jboss jboss-fix and it works (or use rpm with replacefiles option for second rpm). You should be able to configure yum to always act as if the -y switch had been passed. See the assumeyes parameter. However, packages replacing others' files is a bad idea. That's why by default it requires confirmation or special options. I urge you to consider instead building packages that do not require such treatment. If you download the jboss source RPM, you should be able to quickly build an alternative jboss rpm that incorporates your changes. (Perhaps you would call *that* jboss-fix.) You can make such an alternative package satisfy other packages' dependencies on jboss by appropriate use of the Provides: header. Regards, John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] file_exists function
I am still new to the ruby language and I figured I'd share my file_exists function to see if it is the correct approach and to offer it out there for people who may have the same issue. We build our vhosts based off a template and have come across the need to add in items for specific customers in their vhost. The problem is if you file() and the file does not exist puppet throws an error and does not continue to run that manifest. The solution was to add in a file_exists function to allow us to bypass that issue. require 'puppet' module Puppet::Parser::Functions newfunction(:file_exists, :type = :rvalue) do |args| if File.exists?(args[0]) return 1 else return 0 end end end define customer::vhost($env, $url = , $aliases = ) { if file_exists(customers/$name/$env/web/httpd.conf) == 1 { $extra = file(customers/$name/$env/web/httpd.conf) } file { $name.conf: path = /etc/httpd/conf.d/$name.conf, owner = root, group = root, mode = 644, require = Package[httpd], content = template(customers/cust-vhost.erb), } } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.