Re: [Puppet Users] puppetlabs-firewall and removing a parameter
Hi, So... no answers... bug report filed! :-) https://tickets.puppetlabs.com/browse/MODULES-2376 Matthias On Mon, 3 Aug 2015 13:26:07 +0200 Matthias Saou matth...@saou.eu wrote: Hi, I had this applied to my nodes : firewall { ${prenumber}7 portknock let connections through: action = 'accept', chain= 'INPUT', dport= $dports, proto= 'tcp', recent = 'rcheck', rname= ${prefix}_heaven, rseconds = $seconds, } With $seconds set to '3'. Now I want to remove it entirely, which will mean forever, but I just can't figure out how to do it, or even if it's possible at all. When I set to undef, false or even remove the $rseconds line entirely, puppet just leaves the previous value on existing nodes. For new nodes or if I manually remove all iptables rules first, then the new rule gets created without any --seconds 3 as expected. How can I tell puppet to actually remove that parameter from existing rules instead of stop caring about the value? Matthias -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██ Mail/XMPP: matth...@saou.eu ██ ██ GPG: 4096R/E755CC63██ ██ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20150810133509.16e8af53%40r2d2.marmotte.net. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] puppetlabs-firewall and removing a parameter
Hi, I had this applied to my nodes : firewall { ${prenumber}7 portknock let connections through: action = 'accept', chain= 'INPUT', dport= $dports, proto= 'tcp', recent = 'rcheck', rname= ${prefix}_heaven, rseconds = $seconds, } With $seconds set to '3'. Now I want to remove it entirely, which will mean forever, but I just can't figure out how to do it, or even if it's possible at all. When I set to undef, false or even remove the $rseconds line entirely, puppet just leaves the previous value on existing nodes. For new nodes or if I manually remove all iptables rules first, then the new rule gets created without any --seconds 3 as expected. How can I tell puppet to actually remove that parameter from existing rules instead of stop caring about the value? Matthias -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██ Mail/XMPP: matth...@saou.eu ██ ██ GPG: 4096R/E755CC63██ ██ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20150803132607.62797e1d%40r2d2.marmotte.net. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Initial Puppet 4.0.0 Migration Experience
Hi, I have been running for a few weeks puppet 3.7.5 + puppetserver 1.0.2 with the future parser enabled and stringify_facts disabled. I had to do some minor fixing to get everything to work (mostly due to facts type change), but it went overall quite well. Now I have decided to take the next step : puppet 4.0.0 ! All set up, the exact same code *fails* : Error: Could not retrieve catalog from remote server: Error 400 on SERVER: undefined method `key_attributes' for nil:NilClass Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run Ouch! And I was telling everyone that the new parser was sooo much better at reporting errors. So much for that. I still haven't tracked the problem down completely, but after disabling modules one by one, I know in which module it lies, so I've disabled it for now. But next I'm seeing weird things, where a user's home wasn't created and where another was created but subsequent runs complain about his name because it contains 'é' : Error: Could not convert change 'comment' to string: incompatible character encodings: UTF-8 and ASCII-8BIT Error: Could not convert change 'comment' to string: incompatible character encodings: UTF-8 and ASCII-8BIT Error: /Stage[main]/Exyz::Common/Exyz::Shell_user[benja]/User[benja]: Could not evaluate: Puppet::Util::Log requires a message I never had that error with the same user and Puppet 2.x and 3.x before. And a quick search doesn't come up with much relevant. This is a RHEL7 system with the default LANG=en_US.UTF-8... Not going so well so far, I was really hoping for less differences between 3.7 with the future parser and 4.0. I will post followups if anyone is interested. Matthias -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██ Mail/XMPP: matth...@saou.eu ██ ██ GPG: 4096R/E755CC63██ ██ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20150520125145.5f93b36f%40r2d2.marmotte.net. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Re: Initial Puppet 4.0.0 Migration Experience
On Wed, 20 May 2015 03:57:50 -0700 (PDT) Nick Howes nickho...@gmail.com wrote: On Wednesday, 20 May 2015 11:52:06 UTC+1, Matthias Saou wrote: I will post followups if anyone is interested. Count me interested - I'm in the same pre-leap state (3.7 with all the future features enabled) and looking at 4, so I'm keen to hear all the details. Well, for my issue where a system user's comment (name) has UTF-8 characters, I've created this bug report, as the user is created properly with the UTF-8 comment, but subsequent puppet runs trigger the error : https://tickets.puppetlabs.com/browse/PUP-4633 Next, the very cryprtic undefined method `key_attributes' for nil:NilClass message is apparently caused by the change of having empty arrays now evaluate to true. This is the fix I came up with : https://github.com/thias/puppet-rhel/commit/49c000913e53e729d566785b15e86f3e8c117f91 I really thought that behavior was already present when using the future parser in puppet 3, but apparently not. Then there was also a relative definition name still in one of my manifests, also fixed in the commit above. Again, I thought the future parser already enforced that too, but no. Last, for some reason it's no longer possible to use this if the 'packagename' is actually an alias = 'packagename' of the package resource : require = Package['packagename'] I don't know for sure if this should be considered a bug or not, so I've just worked around the problem by switching 'name' and 'alias' around : https://github.com/thias/puppet-selinux/commit/15e863f6e6f7eb61c5df9d76a3b889b7cebe1b65 Right now, I have my first complete catalogs compiling and applying fine using Puppet 4.0.0 ;-) HTH, Matthias -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██ Mail/XMPP: matth...@saou.eu ██ ██ GPG: 4096R/E755CC63██ ██ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20150520142220.2a1ded95%40r2d2.marmotte.net. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Unrecognised escape sequence '\[' in file
On Wed, 27 Aug 2014 05:31:39 -0700 (PDT) Brian Wilkins bwilk...@gmail.com wrote: I am having to escape a regular expression in my match and puppet complains on the puppetmaster of an Unrecognised escape sequence. How do I fix this so the logs don't get cluttered with this message? I am using Puppet 3.6.2. file_line { nagios_monitor_check_${title}: path = '/etc/nagios/nrpe.cfg', line = command[check_${title}]=/usr/lib64/nagios/plugins/check_procs ${proc_check} ${proc_count}, match = ^command\[check_${title}\]=.*, notify = Service[nrpe], } Shot in the dark : Have you tried with two backslashes '\\' ? Because since you're interpolating $title and have double quotes, it could be needed to get the regexp string to contain a single backslash. Also, but why not manage multiple files in /etc/nagios/nrpe.d/ based on templates instead of managing a single file, since that's much trickier? Another useless note : You don't need the '.*' at the end of your regexp if you're not ending it with '$'. Last useless note : I have also encountered problems with the file_line 'match' parameter, the first one being that the official example is broken as the 'line' must match the 'match' regexp. Good luck :-) Matthias -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20140827170749.2b830610%40saou.eu. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Puppet Template for controlling puppet nodes puppet.conf file help
Hi, What I'd recommend is the following in your puppet manifest just before the template() call to your file : $fqdn = downcase($::fqdn) ...and that's it. You will need to puppetlabs-stdlib module. The other solution is to use ruby inside your erb template, with this as the first line of the file for example : % fqdn = scope.lookupvar('::fqdn').downcase -% Then use fqdn (the local ruby variable) instead of @fqdn (the puppet variable) in your %= fqdn %. Matthias On Thu, 7 Aug 2014 09:09:44 -0700 (PDT) Linwood Johnson linwood.john...@hdsupply.com wrote: I have created a module for my environment that would control the content and formatting of the puppet.conf file on my nodes however I have ran into a problem with this. The problem is, I have a few servers out in my environment that was built with their hostnames in all caps. What happens is that when I first connected them to the puppet master and they created their certs everything is in lower case but when the puppet.conf controlling module is applied to the server, the certname in the puppet.conf file on the node gets changed to the All Caps name which brakes its communication to the puppet master. For application reasons I can't change the hostname from All Caps back to lower case so how can I modify my template so that it would populate the certname with the FQDN in lower case letters? So for example: The certname in the puppet.conf file is helpme.puppethelp.com but when my module is applied it changes the certname to HELPME.puppethelp.com - I know that with the %= fqdn % variable, this is getting it from facter which is querying /etc/hosts Below is my templale for the puppet.conf file. [main] # The Puppet log directory. # The default value is '$vardir/log'. logdir = /var/log/puppet # Where Puppet PID files are kept. # The default value is '$vardir/run'. rundir = /var/run/puppet # Where SSL certificates are kept. # The default value is '$confdir/ssl'. ssldir = $vardir/ssl [agent] # The file in which puppetd stores a list of the classes # associated with the retrieved configuratiion. Can be loaded in # the separate ``puppet`` executable using the ``--loadclasses`` # option. # The default value is '$confdir/classes.txt'. classfile = $vardir/classes.txt # Where puppetd caches the local configuration. An # extension indicating the cache format is added automatically. # The default value is '$confdir/localconfig'. localconfig = $vardir/localconfig certname = %= fqdn % server = %= puppetserver % pluginsync = true report = true graph = true Thanks for your help. -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██ Mail/XMPP: matth...@saou.eu ██ ██ GPG: 4096R/E755CC63██ ██ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20140808115141.11e53255%40r2d2.marmotte.net. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Puppet/yum fails to install old packages
Hi, This seems like a problem in your yum repositories, or the rpm packages they contain. On a clean system, without running any of this, what does the following do? Does it work? yum install postgresql92-9.2.8-1PGDG.rhel5 Because according to the output you've sent, yum doesn't find the matching 'libs' package, yet it ends up on the system somehow in the end... Also, in that output, puppet says that the server 8.1.23-10.el5_10 package got installed, but it's not in your final rpm -qa | grep postgres output, so I'm guessing you're not being completely honest with us here :-) Since many details are missing, it could be that you're enabling multiple repositories with a wrong ordering, resulting in puppet not finding all of the packages on the first run. If that's the case, have a look at stages and make sure you manage your yum repo configuration in once which is before 'main'. Matthias On Thu, 7 Aug 2014 07:31:19 -0700 (PDT) Mark Rosedale mrosed...@vivox.com wrote: Hello, So I'm specifying specific packages to install for some of my critical software. This is specifically related to centos/yum. When new packages are released I get errors when running puppet saying that yum has failed to install the specified package because a newer version is available, but the package does in fact install. Upon the second run it sees the correct version and the catalog runs cleanly. Example code. $postgresqlVersion = $::lsbdistrelease ? { '5.10'= 9.2.8-1PGDG.rhel5, '6.5' = 9.2.8-1PGDG.rhel6, default = 9.2.8-1PGDG.rhel6, } package { $packageList: ensure = $postgresqlVersion, } The conflicting package is on centos5 The new version available is 9.2.9-1PGDG.rhel5. First run we get errors like the following Notice: /Stage[main]/Postgresql::Install/Package[postgresql-server-8.1.23-10.el5_10]/ensure: created Error: Could not update: Execution of '/usr/bin/yum -d 0 -e 0 -y install postgresql92-server-9.2.8-1PGDG.rhel5' returned 1: postgres ql92-9.2.8-1PGDG.rhel5.x86_64 from vivox-postgresql has depsolving problems -- Missing Dependency: postgresql92-libs = 9.2.8-1PGDG.rhel5 is needed by package postgresql92-9.2.8-1PGDG.rhel5.x86_64 (vivox-po stgresql) Error: Missing Dependency: postgresql92-libs = 9.2.8-1PGDG.rhel5 is needed by package postgresql92-9.2.8-1PGDG.rhel5.x86_64 (vivox-p ostgresql) You could try using --skip-broken to work around the problem You could try running: package-cleanup --problems package-cleanup --dupes rpm -Va --nofiles --nodigest Wrapped exception: Execution of '/usr/bin/yum -d 0 -e 0 -y install postgresql92-server-9.2.8-1PGDG.rhel5' returned 1: postgresql92-9.2.8-1PGDG.rhel5.x8 6_64 from vivox-postgresql has depsolving problems I get this for all the postgres packages I'm trying to install, however, even with these errors if I check all of the packages have been installed. rpm -qa | grep postgres postgresql-libs-8.1.23-10.el5_10 postgresql92-libs-9.2.8-1PGDG.rhel5 postgresql-libs-8.1.23-10.el5_10 postgresql92-9.2.8-1PGDG.rhel5 So on the second run everything that was missed, due to the errors, gets completed and I now have a clean run. My question is, is there a way to work around this so that puppet doesn't error out on the first run? Thanks, mjr -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██ Mail/XMPP: matth...@saou.eu ██ ██ GPG: 4096R/E755CC63██ ██ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20140808122216.5c7c0073%40r2d2.marmotte.net. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] CF3 to PE 3.3 - Hiera Question
Hi, With hiera, you'll need to base all of your logic on fact values. AFAIK, you can't directly use any regexps, but what you could do to achieve to same goal is create a custom fact which would get assigned a specific value if another fact matches a regexp. Another other solution would be unconditionally include a class, and have the logic inside that class, to include other classes based on things like if $::hostname =~ /^web\d+$/ { include '::foo' }. Combine the ifs as much as you want, using intermediate booleans to make things clearer... HTH, Matthias On Wed, 6 Aug 2014 10:22:22 -0700 (PDT) Tom Tucker tktuc...@gmail.com wrote: I’m in the process of migrating from CFEngine 3 to PE 3.3 so please pardon me if my terminology is off. With CFEngine I could build arrays, define a hostname regex or define network segment variables to gain further control. How do you do this with Hiera? CFEngine Examples ### web_regex expression = classmatch(^web\d+$) mail_servers_array or = { mailA, mailB, mailC, someSYS, someSYS2}; DC1_DEV_NET or = { ipv4_10_225_172 }; DC2_QA_NET or = { ipv4_10_224_136 }; For example…. If your hostname matches the “web_regex” and you reside in the DC2_QA_NET then do X, Y and Z. Thanks in advance for your time and assistance. Tom -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██ Mail/XMPP: matth...@saou.eu ██ ██ GPG: 4096R/E755CC63██ ██ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20140808123306.132a29fe%40r2d2.marmotte.net. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] can't restart auditd
On Sat, 26 Jul 2014 18:09:05 +0300 Cristian Falcas cristi.fal...@gmail.com wrote: Hello list, Because of this https://bugzilla.redhat.com/show_bug.cgi?id=973697, puppet can't do a restart for auditd: Error: /Stage[main]/Auditd::Service/Service[auditd]: Failed to call refresh: Could not restart Service[auditd]: Execution of '/usr/bin/systemctl restart auditd' returned 4: Failed to issue method call: Operation refused, unit auditd.service may be requested by dependency only. Can I fix this somehow? Can I choose which system to use to do the restart (service vs systemctl)? Take a look at : http://docs.puppetlabs.com/references/stable/type.html#service You *should* be able to force the restart command with something like this (untested) : service { 'auditd': restart = '/sbin/service auditd restart', # ... all your other parameters ... } Matthias -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██ Mail/XMPP: matth...@saou.eu ██ ██ GPG: 4096R/E755CC63██ ██ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20140729103602.62c876a3%40r2d2.marmotte.net. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] feeding files/templates to modules
On Fri, 16 May 2014 07:28:23 +0200 David Schmitt da...@dasz.at wrote: easy solution: create a local site module (e.g. matthew) an put every thing there. Manage it like all other modules. I did that at https://github.com/DavidS/dasz-configuration/tree/master/modules/dasz and never looked back. I second that! And it's also quite easy to separate modules that are managed by puppet (or librarian, or r10k, or...) from those which would be custom ones, from a private VCS for instance, into different modulepath directories. I have this in my [master] (puppet 3.4) : manifest = $confdir/environments/$environment/manifests/site.pp modulepath = $confdir/environments/$environment/modules:$confdir/environments/$environment/site With r10k and git branch mapping to $environment, with the site modules managed inside git alongside the Puppetfile, you'll never look back :-) With these tools, hiera and/or an ENC, nowadays it's very easy to have an empty site.pp and no (or empty) node blocks. All nice 'n clean ;-) Also, if you might move manifests between custom modules, I'd suggest you use the $module_path variable in file source parameters and template paths to make your life easier. HTH, Matthias -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██ Mail/XMPP: matth...@saou.eu ██ ██ GPG: 4096R/E755CC63██ ██ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20140516095328.68436d94%40r2d2.marmotte.net. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Announce: Puppet 3.6.0 Released!
On Thu, 15 May 2014 11:42:01 -0700 Eric Sorenson eric.soren...@puppetlabs.com wrote: Hot on the heels of Puppet 3.5 comes Puppet 3.6.0. We said things were going to accelerate in Puppet's open-source release cadence, and here it is. Puppet 3.6.0 is a backward-compatible features and fixes release in the Puppet 3 series. The biggest things in this release are: * Improvements to directory environments, and the deprecation of config file environments * Support for purging unmanaged ssh_authorized_key resources [...] No way!!!??? WAY!!! http://docs.puppetlabs.com/puppet/latest/reference/release_notes.html#feature-purging-unmanaged-ssh-authorized-keys Thank you so so so so so much! Definitely my most wanted feature since... forever :-) Off to try that now... Matthias -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██ Mail/XMPP: matth...@saou.eu ██ ██ GPG: 4096R/E755CC63██ ██ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20140516100122.39619fa3%40r2d2.marmotte.net. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Array becomes string in template
On Thu, 24 Apr 2014 10:18:16 + (UTC) Frederik Himpe fhi...@vub.ac.be wrote: The line in question in the template looks like this: POSTFIX_STYLE_VIRTUAL_DOMAINS = [% @virtualhost.join(', ').each do |v| %%= @v %% end -%] [...] So why has this virtualhost array suddenly become a string when I call the each function on it in the template? Because unless I'm mistaken, you're converting your array to a string with .join(', '). Just remove that, and the .each should be correctly applied to the array. Matthias -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██ Mail/XMPP: matth...@saou.eu ██ ██ GPG: 4096R/E755CC63██ ██ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20140424131155.7b1bbb5d%40r2d2.marmotte.net. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] A file managed by puppet that is left alone if customized
On Thu, 24 Apr 2014 18:41:05 +0200 José Luis Ledesma joseluis.lede...@gmail.com wrote: Idk if i did understand correctly, but there is the replace parameter in the file resource that may help here. I think you've missed the important bit, like I did initially : The replace parameter set to false will have puppet *never* touch the file once it's created. What the OP wants it to have puppet keep updating the file *until it's modified locally*, at which point it should stop. Tricky. I can't think of any simple and clean solution from the top of my head, though I do understand why one would want to do that... I could actually use that behaviour for the initial ~/.gitconfig files I create for system users, for example. Matthias -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██ Mail/XMPP: matth...@saou.eu ██ ██ GPG: 4096R/E755CC63██ ██ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20140424192135.33eb26e7%40r2d2.marmotte.net. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Joining two commands in exec
On Sun, 13 Apr 2014 20:24:22 -0700 (PDT) John S bun...@gmail.com wrote: define hadoop::dir { exec { /usr/bin/hadoop fs -mkdir /user/$title /usr/bin/hadoop fs -chown $title:title /user/$title : creates = /usr/bin/hadoop fs -ls /user/$title, } I'm unsure how the creates will behave here, as it expects a local file (or directory) to check for existence, not a command. What you need to double check is the exit status of all of the commands you are running, as well as change the creates to unless, probably. Run : /usr/bin/hadoop fs -ls /user/foo; echo $? If you see 0 then the exec will no longer run when using unless. Run : /usr/bin/hadoop fs -mkdir /user/foo; echo $? You'll need to see 0 when the HDFS directory didn't exist in order for the '' to then execute to 2nd command. HTH, Matthias -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██ Mail/XMPP: matth...@saou.eu ██ ██ GPG: 4096R/E755CC63██ ██ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20140414132119.73f510c3%40r2d2.marmotte.net. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Possible issue with nagios_* commands
On Tue, 25 Feb 2014 09:01:43 -0800 (PST) JonY ethrbu...@gmail.com wrote: I'm trying to setup a nagios server via puppet to monitor the other servers in the group. I can get the various stored info from puppet db but when the *.cfg files are created in the nagios folder they are all root:root 0600. IE nagios can't read them. I can work around this but I'm wondering if there is some config that I've missed. I recall having the same problem. In fact, here's what I have in my own nagios module : # Work around a puppet bug where created files are 600 root:root file { [ '/etc/nagios/nagios_command.cfg', '/etc/nagios/nagios_contact.cfg', '/etc/nagios/nagios_contactgroup.cfg', '/etc/nagios/nagios_host.cfg', '/etc/nagios/nagios_hostdependency.cfg', '/etc/nagios/nagios_hostgroup.cfg', '/etc/nagios/nagios_service.cfg', '/etc/nagios/nagios_servicegroup.cfg', '/etc/nagios/nagios_timeperiod.cfg', ]: ensure = present, owner = 'root', group = 'nagios', mode = '0640', before = Service['nagios'], } Matthias -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██ Mail/XMPP: matth...@saou.eu ██ ██ GPG: 4096R/E755CC63██ ██ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20140225180713.5ce8b79d%40r2d2.marmotte.net. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Nagios default files being overwritten
On Tue, 11 Feb 2014 06:53:42 -0800 (PST) druide.st...@gmail.com wrote: I have a strange problem here. Most of my Nagios configuration are from file {} directive, but I also need to modify a couple of Nagios' default configuration. To do this, I use classes like this: class nagios::gabarits { nagios_host { 'linux-server': use = 'generic-host', [...] target = '/etc/nagios/objects/templates.cfg', ensure = present, } } Problem is: it replace the content of /etc/nagios/objects/templates.cfg with the new host definition, but everything else in the file is gone! I think that's the expected behaviour. The proper fix is to also declare the other nagios resources you want to see in that file. That's more or less how I solved it in my own module : https://github.com/thias/puppet-nagios/blob/master/manifests/server.pp#L550 (feel free to copy/paste those lines!) Though I did move all of the resources to their default files and stopped using the objects/templates.cfg file. HTH, Matthias -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██ Mail/XMPP: matth...@saou.eu ██ ██ GPG: 4096R/E755CC63██ ██ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20140211171444.45ff5eac%40r2d2.marmotte.net. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] RHEL 7 Repository up on yum.puppetlabs.com
On Mon, 10 Feb 2014 11:46:18 -0800 Melissa Stone meli...@puppetlabs.com wrote: We are pleased to let you know we are currently working on creating RHEL 7 packages. We want to do a thorough testing of these packages, so we are taking our time with this platform. However, we still want to get the packages we do have into your hands. As such, we're going to be slowly populating the RHEL 7 repository on yum.puppetlabs.com for your consumption. Please, let us know if you run into any issues with the available packages by creating an issue at tickets.puppetlabs.com. I'm not going to create an issue just for that, since it's probably known, but I couldn't install facter : Package facter-1.7.5-1.x86_64.rpm is not signed I'll try again it a little while, once puppet is there and once all repos that are enabled by the release package actually exist :-) But it's a good start, much appreciated! Matthias -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██ Mail/XMPP: matth...@saou.eu ██ ██ GPG: 4096R/E755CC63██ ██ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20140211173434.06d5147d%40r2d2.marmotte.net. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] RHEL 7 Repository up on yum.puppetlabs.com
On Tue, 11 Feb 2014 09:07:28 -0800 Moses Mendoza mo...@puppetlabs.com wrote: The package should now be signed. Thanks for reporting that! Yup, works fine now! Woohoo, the future is near!!! :-) kernel = Linux kernelmajversion = 3.10 kernelrelease = 3.10.0-78.el7.x86_64 kernelversion = 3.10.0 operatingsystem = RedHat operatingsystemmajrelease = 7 operatingsystemrelease = 7.0 osfamily = RedHat rubyversion = 2.0.0 Matthias -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██ Mail/XMPP: matth...@saou.eu ██ ██ GPG: 4096R/E755CC63██ ██ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20140211191033.1db431c3%40r2d2.marmotte.net. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Choo choo here comes the FOSDEM train
Hi, Awesome, thanks Daniele! I have just registered for the dinner, though I'm still not 100% sure I'll be there (there's an air controller strike, argh!). But I'll be lurking around, like (almost) every year :-) For a photo : https://github.com/thias I'll be mostly interested in discussing anything related to modules and the Forge, but if any official Puppet Labs representatives are there, I'd also be interested in getting in touch about consulting in Spain and training. Cheers, Matthias On Thu, 30 Jan 2014 05:33:29 -0800 (PST) Daniele Sluijters daniele.sluijt...@gmail.com wrote: Hi everyone, I've booked at Sogno d’Italia for approx. 30 people. They are expecting us somewhere between 19h00 and 19h20 (that's 7PM for the Americans). I've changed the Eventbrite event to allow tickets up to 35 which means there's about 15 places left if you want to join in. So, if you want food, please register :). See you soon! -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██ Mail/XMPP: matth...@saou.eu ██ ██ GPG: 4096R/E755CC63██ ██ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20140130154806.664bec64%40r2d2.marmotte.net. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] A different way of managing POSIX ACLs : fooacl
Hi, I have just published the module I use to manage POSIX ACLs : fooacl I don't consider it the cleanest possible approach to the problem, but it's very efficient and flexible. I would actually call it a hack :-) There's room for improvement, such as splitting out Execs per managed path to avoid useless re-applying on unchanged paths, or using file snippets without concat to avoid depending on that module. Pull requests are more than welcome :-) I'll publish it to the forge shortly, too. https://github.com/thias/puppet-fooacl Short extract of the README : -- Most (all?) other ACL modules implement a type which can be declared only once per file, which isn't flexible. This module takes the unusual approach of creating a single large concatenated script to manage all ACLs recursively in a single run. Ugly, yet very efficient and flexible since ACLs aren't tied to the file type in any way. Features : * Set ACLs for the same path from different parts of your puppet manifests (flexible). * Set global ACL permissions to be applied for all paths managed by the module (flexible). * Automatic purging of ACLs on paths as long as at least one ACL is still being applied by the module (remove users easily and reliably). * Automatic setting of both normal and default ACLs to the same values (shortens declarations, increases code readability). -- Feedback welcome! Matthias -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██ Mail/XMPP: matth...@saou.eu ██ ██ GPG: 4096R/E755CC63██ ██ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20131217121020.26ae07e9%40r2d2.marmotte.net. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Multiple server roles using hiera and facts
On Sun, 1 Dec 2013 20:58:34 -0800 (PST) Shiva Narayanaswamy shiva.narayanasw...@gmail.com wrote: I want to implement a scenario where I can mix and match multiple roles on any managed node. The particular roles played by a node are available as facts (role1=webserver, role2=appserver etc )In development all the roles will be played by one host, and in production a server might play only one role. I was hoping there will be some way I can implement this in hiera. Any clues or pointers would be much appreciated. I've already had to do something similar, and did it the following way : * A single role= fact/variable. * Conditionals such as if rolename in $role { ... It's not the prettiest way, but since facts can't be arrays, it's the best I could think of. My role names are all 3 letter long and unique, meaning that no role name contains another (role app and app1 would cause app to be found in app1). In hiera (or from a fact) I just need to have a role string : role: 'role1,role2,role3' Depending on your environment, it might also make sense to go for completely separate variables for each role, such as: webserver: true appserver: true With matching facts which exist or don't exist. HTH, Matthias -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██ Mail/XMPP: matth...@saou.eu ██ ██ GPG: 4096R/E755CC63██ ██ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20131202142520.300f2ca4%40r2d2.marmotte.net. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Is anyone using puppetlabs-firewall with IPv6?
Hi all, I'm cleaning up some puppet manifests, and thought it would be a good opportunity to move from my own monolithic iptables/ip6tables modules to the official puppetlabs-firewall module. But... what's the deal with IPv6? My first concern was that there is no easy way to have simple rules be applied to both iptables and ip6tables. Fair enough, I just wrote a simple wrapper to duplicate rules and that works. But then... ip6tables rules aren't purged. Ouch. https://github.com/puppetlabs/puppetlabs-firewall/issues/168 Isn't anyone using that module with ip6tables? Is there some option or trivial workaround I'm missing? Matthias -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██ Mail/XMPP: matth...@saou.eu ██ ██ GPG: 4096R/E755CC63██ ██ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Announce: Facter 1.7.2 Available
Stefan Schulte (1): e5b8cd5 (#20321) Be more descriptive in deprecation message -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██ Mail/XMPP: matth...@saou.eu ██ ██ GPG: 4096R/E755CC63██ ██ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] puppetlabs-ntp 1.0.0-rc1
On Tue, 9 Jul 2013 18:21:52 -0400 Ashley Penney ashley.pen...@puppetlabs.com wrote: http://forge.puppetlabs.com/puppetlabs/ntp/1.0.0-rc1 or github is where you can grab the latest if you're willing to test it. If you have any feedback regarding the general design of the module this is an excellent place to hash it out as we'll be out to improve other modules with time. It looks really nice and clean! I would personally only have a few very minor nitpicks : * Shouldn't the placeholder files/README.markdown be removed? * Space between class name and parenthesis inconsistency : class foo(... vs. class foo (... * In the templates, this comment should use single quotes : # Managed by puppet class { ntp: servers = [ ... ] } * In the el template, this variable isn't in the current scope : % if @is_virtual == false -% Add a new params variable for it, similar to $panic? * For real RHEL, the ntp server hostnames used will be centos instead of the original rhel ones. I'm not sure this is worth trying to fix, though. Great work on cleaning up the module! Matthias -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██ Mail/XMPP: matth...@saou.eu ██ ██ GPG: 4096R/E755CC63██ ██ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] puppetlabs-ntp 1.0.0-rc1
On Wed, 10 Jul 2013 17:09:25 +0530 Francis Pereira francispere...@7terminals.com wrote: How do you get the service to restart if the config file changes ? Look at the ~ (and not -) at the bottom of init.pp, where the config class notifies the service class : Anchor['ntp::begin'] - Class['::ntp::install'] - Class['::ntp::config'] ~ Class['::ntp::service'] - Anchor['ntp::end'] Matthias -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██ Mail/XMPP: matth...@saou.eu ██ ██ GPG: 4096R/E755CC63██ ██ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] The handy Grail of Modules Standards
On Mon, 17 Jun 2013 07:32:36 -0700 (PDT) Alessandro Franceschi a...@lab42.it wrote: Thanks for your opinion, even if I don't fully agree with it. Puppet is a language and so people do the same things in different ways, and they all work and do what they are supposed to do. But if we think about modules REUSABILITY and INTEROPERABILITY some patterns have to be followed. Some of the parameters described in the document are somehow REQUIRED, IMHO, if you want to make a really reusable module (for example the ones that let you decide how to manage your configuration files... if you enforce a logic in a module or a specific template and don't allow override by users, then you are not making a reusable module, so for example a parameter like template is just needed). So, since, at least some of, these parameters are needed for a reusable module it's just a matter of defining few naming conventions (and managing external modules dependencies in a sane way) to make different modules happily live better together. Note, I don't say that ALL the modules should have ALL these parameters, I'd consider these Standard Namings as suggestions which people may decide to follow or not (somehow similar to the Code Style suggestions, which leverage the style of the Puppet code and have found tools like puppet-lint to validate them). Once enough good and prominent Puppet modules will follow these naming conventions, it will be easier for people to switch modules, integrate the best ones from different sources (without forking them) , use these parameters from a WEB interface, a a standard framework from smoke testing and have the benefits which are better described in the blog post. Note also that these proposals are based on the current Puppet language specifications, I want to start from what can be used now, with an eye on the evolution on Puppet, but with still feet on the ground: nothing new or to invent, just few basic naming convention to agree upon and *suggest*. I still think that this is at hands reach :-) This is definitely a good initiative, what I'm just saying is that you've opened a can of worms :-) The initial step of creating common guidelines for parameter names is nice, as it can create some consistency across modules, and ease work sharing as well as lower the learning curve for people using 3rd party modules. But it would need to be official (in the puppet documentation as best practices, for instance) and/or enforced on the forge, to become really useful. And after that, things quickly get exponentially complex IMHO. A few examples from the top of my head : * Naming the modules themselves. * Naming the classes and definitions inside the modules. * Multiple modules requiring the same packages (If my module needs rsync, yours too, where do we put the common virtual resource?). * The use of author-specific common modules (I don't like taking a johndoe/apache module and noticing I then need johndoe/common). But don't get me wrong, I like where this is headed, and will participate as much as I can. Matthias -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██ Mail/XMPP: matth...@saou.eu ██ ██ GPG: 4096R/E755CC63██ ██ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] The handy Grail of Modules Standards
Hi, First off... is these some pun I'm not getting, or was it supposed to be Holy Grail? Just wondering :-) Also, when I read Puppet Modules Standard naming conventions, I thought it was just about module names, but it seems to be about parameter naming inside all of the module resources. After reading the shared Google document, I got reminded a lot of what I've seen happen with RPM packaging over the years. Lot of similarities, since both Puppet and RPM are tools which give a lot of freedom in the way things get implemented. Think of GNU/Linux distributions such as Fedora, RHEL, Mandriva, SuSE, etc. which all use RPM packages as their building blocks : They are not to be considered compatible for various reasons, yet they could have been in theory. With Puppet, each author is currently like each distribution using RPM : Doing things in a given ecosystem, with implementation choices being made, all of which can easily differ enough to make modules from different authors incompatible. Now the problem that I see here is that with RPM things have never been able to converge on a global scale. There isn't one single right answer, and it has never been the tool's goal to enforce how it's being used, especially when it's purely cosmetic or related to details that many find irrelevant. Where I'm trying to get at is that I see Puppet as being similar in the fact that it doesn't try to enforce any high-level cosmetic choices, such as parameter names, and I think it's the right behavior for the basic tool itself. From there, I'm all for trying to standardize something, but that's actually much harder than it seems, and won't work unless there is some enforcing being done at some point. One possibility would be to have a review-based approval process for forge modules, where guidelines would have to be enforced before a module gets published. Of course, that's a lot of time and resources, for what boils down to being considered boring work by most. It's what works for many GNU/Linux distributions (Debian, Fedora, etc.). Just my 2¢ ;-) Matthias -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██ Mail/XMPP: matth...@saou.eu ██ ██ GPG: 4096R/E755CC63██ ██ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] any elegant way to iterate/map over data types?
On Mon, 10 Jun 2013 16:41:22 -0400 Martin Langhoff martin.langh...@gmail.com wrote: Sysadmins have the (reasonable?) expectation of installing more than one ssh key. Relevant bits from my current config follows: class rl_users { define ssh_user($uid, $gid, $password, $akey, $ensure=present) { user{ $name : ensure = $ensure, managehome = true, uid = $uid,gid= $gid, password = $password, groups = ['wheel'], require = Group[$name], } group { $name : ensure = $ensure, gid= $gid, } ssh_authorized_key { ${name}-akey: ensure = $ensure, key = $akey, type= 'ssh-rsa', user= $name, require = User[$name], } } @ssh_user { 'foo': uid= 2004 , gid = 2004, password = '$6$foo', akey = 'B3xyz/VFwxhtYhw==', } # how can we support user bar? @ssh_user { 'bar': uid= 2005 , gid = 2005, password = '$6$bar', akey = [ 'B3xyz/VFwxhtYhw==', ''Bz==' ] } Right now I have a fugly kludge in place to support a second akey0 slot. One workaround which comes to mind is to use regsubst on the $akey array in order to make each element unique, and move the ssh_authorized_key call to its own definition. When it comes to iterating with puppet, the usual way to get where you want is to apply a definition to an array. From there, you need to avoid the (also usual) duplicate declarations, by extending and abusing the $title if needed in order to make sure it's unique. So here (these are quick hints, completely untested), something like this should work, since user-sshkey is unique : $user-akey = regsubst($akey, '^(.*)$', ${name}-\1) my_ssh_authorized_key { $user-akey: ensure = $ensure } Then : define my_ssh_authorized_key ( $ensure ) { $user = regsubst($title, '^(.+)-(.+)$', '\1') $akey = regsubst($title, '^(.+)-(.+)$', '\2') ssh_authorized_key { $title: ensure = $ensure, key = $akey, type= 'ssh-rsa', user= $user, require = User[$user], } } If there are more elegant solutions, I'd love to hear about them :-) Matthias -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██ Mail/XMPP: matth...@saou.eu ██ ██ GPG: 4096R/E755CC63██ ██ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Run a File resource only if another file is missing
On Fri, 31 May 2013 07:52:25 -0700 Nan Liu nan@gmail.com wrote: A bit off topic, but you should use file attribute replace = false instead of an exec. Indeed. I'm not sure how I've missed that parameter. And it seems to have existed for a loong time. Thanks a lot for correcting me! Matthias -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██ Mail/XMPP: matth...@saou.eu ██ ██ GPG: 4096R/E755CC63██ ██ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Run a File resource only if another file is missing
There are other ways. None are nice and clean, but a custom fact just for this seems overkill. Here's a quick example of how I've implemented creating a default ~/.gitconfig for users if it doesn't exist, but not modify it if it's already there or has been modified. $gitconfig_user_name = $mymodule::uservar::fullname[$title] $gitconfig_user_email = ${title}@example.com file { ${home}/.gitconfig: owner = $owner, group = $group, mode= '0644', require = Exec[create-gitconfig-${title}], } exec { create-gitconfig-${title}: command = template('mymodule/user/gitconfig.erb'), require = User[$title], creates = ${home}/.gitconfig, } The gitconfig.erb has the following content : /bin/cat %= home %/.gitconfig EOF [user] name = %= @gitconfig_user_name % email = %= @gitconfig_user_email % EOF Basically, just don't have either 'source' nor 'content' for your file resource, and create the initial content using an exec with the 'creates' condition. Matthias Dan White y...@comcast.net wrote: Short Answer: You need to create a custom fact that would drive the decision to create the new file resource. I just went thru this issue and also performing an action based on whether or not a package (RPM in my case) is installed. Same answer to both. For the existence of a file, you can do this: #!/bin/bash test -f /var/www/owncloud/config/config.php rc=$? echo is_my_file_there=${rc} That goes into /etc/facter/facts.d/ as an executable shell script and then in your manifest: if $::is_my_file_there != 0 { file { 'autoconfig.php': . } } “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) - Original Message - From: John Naggets hostingnugg...@gmail.com To: puppet-users@googlegroups.com Sent: Thursday, May 30, 2013 4:04:29 PM Subject: [Puppet Users] Run a File resource only if another file is missing Hi, I would like to run the File resource below: file { 'autoconfig.php': path = '/var/www/owncloud/config/autoconfig.php', ensure = file, owner = 'www-data', group = 'www-data', content = template(owncloud/autoconfig.php.erb), } only when a specific file (in my case: /var/www/owncloud/config/config.php) is missing. Is this somehow possible? Couldn't find my case in the puppet documentation... Thanks! John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Run a File resource only if another file is missing
Hi, Indeed, I had missed that John was mentioning two different files (config.php vs. autoconfig.php). In that case, my only bit of (useless) advice is : You're not using puppet in the way it's most efficient, as it's not meant to manage nodes based on changes it doesn't make itself. Custom fact, it is... Matthias Dan White y...@comcast.net wrote: That is an excellent example, but I think you miss the original point: Your example deals with only one file resource - the dot-gitconfig file Suppose you only wanted to perform this action if git was installed on the system, and do nothing if it was not ? This additional requirement puts it closer to the original question and this is where a custom fact is called for in the opinion of several folks on the list including myself. If you can offer an example that demonstrates otherwise, I would welcome it. I do not believe it possible without the custom fact and I have several hours of frustrated tinkering to show for it. I wanted to set a parameter in a config file but only if (the config file exists and/or the associated package is installed) and found I could not do it completely from within the manifest. “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) - Original Message - From: Matthias Saou matth...@saou.eu To: puppet-users@googlegroups.com Sent: Friday, May 31, 2013 4:00:15 AM Subject: Re: [Puppet Users] Run a File resource only if another file is missing There are other ways. None are nice and clean, but a custom fact just for this seems overkill. Here's a quick example of how I've implemented creating a default ~/.gitconfig for users if it doesn't exist, but not modify it if it's already there or has been modified. $gitconfig_user_name = $mymodule::uservar::fullname[$title] $gitconfig_user_email = ${title}@example.com file { ${home}/.gitconfig: owner = $owner, group = $group, mode= '0644', require = Exec[create-gitconfig-${title}], } exec { create-gitconfig-${title}: command = template('mymodule/user/gitconfig.erb'), require = User[$title], creates = ${home}/.gitconfig, } The gitconfig.erb has the following content : /bin/cat %= home %/.gitconfig EOF [user] name = %= @gitconfig_user_name % email = %= @gitconfig_user_email % EOF Basically, just don't have either 'source' nor 'content' for your file resource, and create the initial content using an exec with the 'creates' condition. Matthias Dan White y...@comcast.net wrote: Short Answer: You need to create a custom fact that would drive the decision to create the new file resource. I just went thru this issue and also performing an action based on whether or not a package (RPM in my case) is installed. Same answer to both. For the existence of a file, you can do this: #!/bin/bash test -f /var/www/owncloud/config/config.php rc=$? echo is_my_file_there=${rc} That goes into /etc/facter/facts.d/ as an executable shell script and then in your manifest: if $::is_my_file_there != 0 { file { 'autoconfig.php': . } } “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) - Original Message - From: John Naggets hostingnugg...@gmail.com To: puppet-users@googlegroups.com Sent: Thursday, May 30, 2013 4:04:29 PM Subject: [Puppet Users] Run a File resource only if another file is missing Hi, I would like to run the File resource below: file { 'autoconfig.php': path = '/var/www/owncloud/config/autoconfig.php', ensure = file, owner = 'www-data', group = 'www-data', content = template(owncloud/autoconfig.php.erb), } only when a specific file (in my case: /var/www/owncloud/config/config.php) is missing. Is this somehow possible? Couldn't find my case in the puppet documentation... Thanks! John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Puppet 3.2.1 default log level change?
Hi, The replies to the 3.2.1 release announcement seem to indicate I'm not the only one to have been bitten by the change. When using puppet agent --onetime --no-daemonize the output used to be at notice level by default. I would typically use --verbose in order to get info level when needed. But with puppet 3.2.1, the default seems to now be info level, meaning that I see the same output with and without --verbose. I haven't seen how to change that from the output of puppet agent --genconfig. I even tried --no-verbose but that doesn't work. How do I switch back to a default log level of notice? Matthias -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██ Mail/XMPP: matth...@saou.eu ██ ██ GPG: 4096R/E755CC63██ ██ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Error: Could not find dependency Yumrepo[puppetlabs-products] for Package[puppet]
On Fri, 24 May 2013 18:19:46 -0700 (PDT) Jagan Kommineni jagan.kommin...@gmail.com wrote: I have installed puppet from puppet-labs yum repository on OEL familiy of Red Hat Enterprise Linux Server release 5.9 (Tikanga) [...] You checked your system's yum repository configuration, which seems to be in order, but given your email's subject, the problem must be in your puppet configuration, where your package resource want the puppetlabs-products yumrepo resource to be present. If you already have that repository configured on your nodes, you can just remove the require = Yumrepo[puppetlabs-products] lines. Otherwise, you will need to add that resource to be declared. Matthias -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██ Mail/XMPP: matth...@saou.eu ██ ██ GPG: 4096R/E755CC63██ ██ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Module for tuned-adm
shameless plug You could also have a look at this other module : https://forge.puppetlabs.com/thias/tuned /shameless plug I just had a look at Romain's, and a provider just for this is overkill. As much as I hate exec, it's fine here since the profile name is exactly contained in a single configuration file. Also, a class is best here instead of a definition since it can only be instantiated once per node. Lastly, using a class makes it trivial to tune nodes using hiera and class parameter auto-lookup in puppet 3. Matthias banjer jash...@gmail.com wrote: Thanks, I was about to roll out a puppet module for tuned-adm and found this. Easy to use and working great in my environment. Cheers! On Friday, January 4, 2013 8:25:16 AM UTC-5, Romain PELISSE wrote: Hi all, tuned-adm module: https://github.com/rpelisse/puppet-tuned I'm using tuned-admhttps://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Power_Management_Guide/tuned-adm.htmlto tune the kernel of the target system according to a profile. I first used exec{} to trigger the profile setting but lead to the exec{} being ran at every Puppet run which I found, at beast, inelegant. I end up doing this module to more and less properly implement the exists? method. The module implementation is rather rudimentory but still nice to have - if you need it. (Note: i've googled a bit before doing that and ran into a couple of existing Puppet module or code for tuned-adm but they were either using exec() internally or just installing the packages and nothing more). (Final note: Before XMas, I've already submitted a completely useless module extension to handle DNS Name, as it turned out Puppet supports this out of the box, so I hope this module proposal will be a tidbit more useful ! :) ) -- Romain PELISSE, *The trouble with having an open mind, of course, is that people will insist on coming along and trying to put things in it -- Terry Pratchett* Belaran ins Prussia (blog) http://blog.wordpress.belaran.eu/ (... finally up and running !) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] problems ensuring that a service is absent
On Thu, 25 Apr 2013 09:50:23 +0200 David Schmitt da...@dasz.at wrote: service { 'foo': ensure = stopped, enable = false } - package { 'foo': ensure = purged } The astute reader will notice that on the second run puppet will complain that the init script for foo is missing: Error: /Stage[main]//Service[foo]: Could not evaluate: Could not find init script for 'foo' Of course, I could either hope that removing the package will properly clean up or implement stopping the service in a exec resource, but both[1] do not appeal to my inner Monk[2]. Well, I'm only most familiar with rpm-based distributions, but I can assure you than any properly built package will make sure to stop and disable any service it contained before it gets removed. So typically you're fine with just ensuring the package is absent, and enclosing the service inside an if $ensure == 'present' or similar. If that's not enough, it should be considered a packaging bug. Matthias -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██ Mail/XMPP: matth...@saou.eu ██ ██ GPG: 4096R/E755CC63██ ██ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Best practice to always fully qualify classes with :: ?
On Fri, 19 Apr 2013 07:08:27 -0700 (PDT) jcbollinger john.bollin...@stjude.org wrote: By the way, are those redactions in your sig? They look like a Space Invader (http://en.wikipedia.org/wiki/Space_Invaders). :-) The answer is obvious to anyone using a fixed-width font ;-) Thanks for your reply. Your explanation matches the behaviour I've seen. Matthias -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██ Mail/XMPP: matth...@saou.eu ██ ██ GPG: 4096R/E755CC63██ ██ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet defined types and defaults parameters
Hi, You shouldn't be trying with a variable. Here's what you should probably be doing instead : /etc/puppet/modules/sensor/manifests/listner.pp define sensor::listner ( $config = 'this is the generic default' ) { notify { $config : } } /etc/puppet/manifests/site.pp Sensor::Listener { config = 'asdf' } node 'dev' { sensor::listner {test_sensor:} } This would show 'asdf' for all of your nodes, since the default would be set inside site.pp, thus inherited globally. Matthias Ole Morten Grodås grod...@gmail.com wrote: How can I use a variable for setting a default parameter in a defined type? The example below illustrates my problem, the $config parameter ends up being undef while I was expecting it to have the asdf value. Any comments or suggestions would be appreciated /etc/puppet/modules/sensor/manifests/listner.pp $myvar=asdf define sensor::listner ( $config = $myvar ) { notify { $config : } } /etc/puppet/manifests/site.pp node 'dev' { sensor::listner {test_sensor:} } root@dev:/home/ole# puppet agent --test Info: Retrieving plugin Info: Caching catalog for dev Info: Applying configuration version '1366464824' Notice: undef Notice: /Stage[main]//Node[dev]/Sensor::Listner[test_sensor]/Notify[undef]/message: defined 'message' as 'undef' Notice: Finished catalog run in 0.02 seconds -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Puppet 3.1, Hiera and a class parameter called service
Thanks for the bug report link! I'll definitely be eagerly waiting for 3.2, and will try the RC for sure. In the meantime, even using the quoted false means that I'll need to adapt my classes, since I'm doing simple existence/bool checks : if $service { ... } So when $service is the false string, the condition is still true. But I don't mind modifying to if $service == true since it's not any dirtier. Matthias On Wed, 17 Apr 2013 14:27:20 -0700 (PDT) Nick Fagerlund nick.fagerl...@puppetlabs.com wrote: Hey Matthias! It's a Puppet bug. Sorry. http://projects.puppetlabs.com/issues/17474 It's fixed in 3.2, which isn't quite out yet -- 3.2.0-rc1 is probably coming out this week. In the meantime, Keith is right: - Put quotes around false in your Hiera yaml files. - In your Puppet code, put a line like: $service_real = str2bool($service) I've been calling that pattern sloppy bools. It will work around the bug for now, and continue to work once the bug is fixed and you start using real booleans in your yaml again. On Wednesday, April 17, 2013 10:09:30 AM UTC-7, Matthias Saou wrote: Hi, I'm trying to clean up some manifests by moving class parameters which I change globally to Hiera lookups. I've been fighting with a boolean parameter for the last hour. My class has a parameter called $service, to enable/disable its service (duh!). When I try to set mymodule::service: false from Hiera, it's ignored for some reason, and the $service variable inside mymodule is always true, because that's the default. If I pass a string, it gets across just fine. I just can't get the one useful value, which is the boolean opposite of the default... Other variable names don't seem to have this problem. It seems that I've been bitten once more by mostly-working-but-reserved-somewhere variable names. Does anyone know Hiera internals enough to confirm this? Do I have any options other than renaming the parameter? Matthias -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██ Mail/XMPP: matt...@saou.eu javascript: ██ ██ GPG: 4096R/E755CC63██ ██ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██ Mail/XMPP: matth...@saou.eu ██ ██ GPG: 4096R/E755CC63██ ██ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Best practice to always fully qualify classes with :: ?
Hi, I've been bitten by this quite a few times now, so it got me wondering... When I have both the following classes available : nagios::client mycompany::nagios::client And I decide to include nagios::client, things get weird. What I've seen is that even if it's from the top scope, puppet can get confused, which in turn gets me confused : From inside the mycompany module, I could understand the ambiguity, but from outside it doesn't make much sense (this is with puppet 3.1.1). Anyway, what does seem to always work is this : include ::nagios::client and of course, this also : class { '::mycompany::nagios::client': ... } And given how puppet's variable scoping works, it makes most sense. But this fully qualified class name syntax isn't present in the documentation[1][2], so I'm wondering : Is this the proper syntax? Has this (or will this) become the best practice? Matthias [1] http://docs.puppetlabs.com/puppet/2.7/reference/lang_classes.html [2] http://docs.puppetlabs.com/puppet/2.7/reference/lang_scope.html -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██ Mail/XMPP: matth...@saou.eu ██ ██ GPG: 4096R/E755CC63██ ██ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Puppet 3.1, Hiera and a class parameter called service
Hi, I'm trying to clean up some manifests by moving class parameters which I change globally to Hiera lookups. I've been fighting with a boolean parameter for the last hour. My class has a parameter called $service, to enable/disable its service (duh!). When I try to set mymodule::service: false from Hiera, it's ignored for some reason, and the $service variable inside mymodule is always true, because that's the default. If I pass a string, it gets across just fine. I just can't get the one useful value, which is the boolean opposite of the default... Other variable names don't seem to have this problem. It seems that I've been bitten once more by mostly-working-but-reserved-somewhere variable names. Does anyone know Hiera internals enough to confirm this? Do I have any options other than renaming the parameter? Matthias -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██ Mail/XMPP: matth...@saou.eu ██ ██ GPG: 4096R/E755CC63██ ██ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Nagios server howto for beginner ?
Hi, Nagios servers tend to quickly become complex beasts :-) I know what all of the advantages of managing them cleanly with puppet are, never missing a single typical check from being added ever again being the main one, but there are so many downsides that I'm still not entirely convinced that it's a setup suitable for everyone. For instance, it's quite hard to get things right in a heterogeneous environment, and implementing simple custom checks becomes exponentially complicated. Anyway, if you plan on trying out my module, feedback or pull requests are very welcome. The httpd dependency on my own module can easily be omitted with nagios::server { apache_httpd = false }, then using any other httpd module of your choosing. Same with php = false if you want to use your own module. I always try to make my modules standalone, and when that's not possible, at least leave people a way to disable dependencies on other of my own modules so that they can use their own instead. Good luck! Matthias On Mon, 15 Oct 2012 02:00:18 -0700 (PDT) ftiff franc...@esl-education.org wrote: Hi all, I would like to install a nagios server without reinventing the wheel. I know there's nagios (client?) functionality in core puppet, and a lot of modules in the forge. Unfortunately, the most promising one, thias/nagios uses thias/apache_httpd, and I would like to stick with puppetlabs/httpd to prevent fragmentation. Has anyone successfully implemented it ? Is there any official documentation besides the type reference ? Should I dig in thias/nagios ? Thanks in advance, Francois -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██ Mail/XMPP: matth...@saou.eu ██ ██ GPG: 4096R/E755CC63██ ██ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: sshkey type purge
On Tue, 24 Jul 2012 09:39:30 -0400 Trevor Vaughan tvaug...@onyxpoint.com wrote: I attempted to set it and it wasn't very happy but your assessment is what I had thought as well. Yup. (Still) Unsupported, unfortunately... See http://projects.puppetlabs.com/issues/1581 Matthias -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██ Mail/XMPP: matth...@saou.eu ██ ██ GPG: 4096R/E755CC63██ ██ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppet-lint crashes and burns
On Wed, 11 Jul 2012 10:39:44 -0400 Peter Berghold salty.cowd...@gmail.com wrote: Yet another reason for me to rebuild that machine with Debian. CentOS tends to be behind in versions... :-( Not sure what you mean... [root@puppet ~]# rpm -q ruby ruby-1.8.7.352-7.el6_2.x86_64 [root@puppet ~]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 6.3 (Santiago) On Wed, Jul 11, 2012 at 10:21 AM, Aaron Russo aaron.n.ru...@gmail.comwrote: Had this exact same problem last night. String.starts_with? wasn't introduced until Ruby 1.8.7. Make sure you have Ruby 1.8.7 or greater installed. -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██ Mail/XMPP: matth...@saou.eu ██ ██ GPG: 4096R/E755CC63██ ██ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppet-lint crashes and burns
On Wed, 11 Jul 2012 10:55:07 -0400 Peter Berghold salty.cowd...@gmail.com wrote: [peter@chits1 manifests]$ ruby -v ruby 1.8.5 (2006-08-25) [x86_64-linux] [peter@chits1 manifests]$ ruby -v ruby 1.8.5 (2006-08-25) [x86_64-linux] [peter@chits1 manifests]$ uname -a Linux chits1.chi.sharkrivertech.com 2.6.18-308.1.1.el5xen #1 SMP Wed Mar 7 04:57:35 EST 2012 x86_64 x86_64 x86_64 GNU/Linux [peter@chits1 manifests]$ cat /etc/redhat-release CentOS release 5.8 (Final) and just ran an update this morning for an unrelated reason. (Normal monthly maintenance) This is indeed not Debian, as an update will never get you to the next major release :-) EL5 is indeed quite old, EL6 has already been available for nearly 2 years and ships with ruby 1.8.7 : It's definitely what you want to be deploying on any new systems. Cheers, Matthias -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██ Mail/XMPP: matth...@saou.eu ██ ██ GPG: 4096R/E755CC63██ ██ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: exec's onlyif parameter fails for a bash one-liner
On Wed, 25 Apr 2012 10:29:23 -0700 (PDT) Shantanu knowshant...@gmail.com wrote: On Apr 25, 11:46 am, Craig Dunn cr...@craigdunn.org wrote: On 25/04/2012 17:01, Shantanu wrote: I would like to 'exec' an installation script 'onlyif' an installation directory is empty. I tried using following bash one-liner however it didn't work: code exec{$one_install_script: require = File[$one_install_script], onlyif = [ \$(/bin/ls -A $one_location)\ ] exit 1 || exit 0 } Puppet wont let you run commands that dont have fully qualified paths, try adding this and it should work... path = /bin Almost worked, it didn't fail while applying the catalog however it failed with following error. {{{ Exec[/tmp/one_install_script]: Could not evaluate: Could not find command '[' }}} That's because [ is usually in /usr/bin, not /bin : $ which [ /usr/bin/[ so path = [ '/bin', '/usr/bin' ] would probably have worked. As suggested by Florian using 'provider = shell' takes care of PATH and shell built-ins as well. That's probably just as good a solution. On an unrelated note, something like the following might be more what you're trying to achieve, since you have a somewhat reversed logic and aren't checking for the directory's existence at all (untested) : onlyif = [ -d $one_location -a -z \$(ls -A $one_location)\ ] Matthias -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Hash iteration order in a template not consistent
On Thu, 29 Mar 2012 10:06:01 +0200 Martijn Grendelman mart...@iphion.nl wrote: [...] ruby hashes are not stored in predictable order so this will happen, the proposed solution should work. But as always the best is just to test it and see how it goes, it wont bite :) % aliases.sort_by {|key, value| key}.each do |key, val| -% seems to do the trick. 'each_pair' doesn't work here, because the sort_by returns an array. Again, I learned something :-) ...and what about those of us which want the hash entries to appear in the exact same order they are present in the puppet manifest? From what I've seen, it was working that way up to 2.6 included, and only gets randomized with puppet 2.7. I've been doing things like this for a while now : mm_cfg_settings = { 'ALLOW_SITE_ADMIN_COOKIES' = Yes, 'PUBLIC_ARCHIVE_URL' = 'https://%(hostname)s/pipermail/%(listname)s', 'MTA' = 'Postfix', 'POSTFIX_STYLE_VIRTUAL_DOMAINS' = 'False', 'DEFAULT_SUBJECT_PREFIX' = '', 'DEFAULT_REPLY_GOES_TO_LIST' = 1, }, % mm_cfg_settings.each do |key,value| -% %= key % = %= value % % end -% In this particular example, order isn't critical other than for readability, but I have some others where items must be in the same order as they appear in the manifest's hash or things will break. Is there a way to keep using hashes if the order from the manifest must be kept in a file generated from the template? Matthias -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Cross-module (package) dependencies
On Wed, 25 Jan 2012 09:59:10 -0500 Nan Liu n...@puppetlabs.com wrote: [...] i.e. Say there were two unrelated modules which said slightly different but *compatible* things: Module a: file { /foo/bar: ensure = 'present', owner = 'root', content = blah blah, } Module b: file { /foo/bar: ensure = 'present', mode = '0774', } Currently Puppet doesn't allow them to co-exist. It would be nice if instead it could be told to check these definitions are consistent, and then enforce the union of the two. The same principle could apply to users, groups, packages, and presumably any other resources. How would this be implemented in a sane way to deal with any attributes that are hash/array? Merge, merge+unique, fail? What if we add relationship (require/before) or other meta-parameters to the mix? If I use the puppet config_version feature to track what resource is changed by which line of puppet code for auditing purpose, how would I audit a single attribute that can be due to multiple line of code? Once I started thinking about define types (which behave like a resource), it's gets rather complex especially with conditional branching in the define type. Don't get me wrong, this clearly would be a useful feature, but I'm interested only if the rules of how this would behave can be clearly expressed and understood, otherwise this will be a maze of pain trying to figure out what part of the code broke something. Getting into this level of detail is interesting, but quite beyond the initial simple use case of the package type. As it has already been pointed out in this thread, the initial problem would be solved by simply allowing duplicates as long as all parameters are identical, since it's typically just package { 'foo': ensure = installed }. That would also have a whole bunch of new implications, as I can imagine people changing a single parameter in one place and getting confused as to why the now get duplicate definition errors, but it would be a heck of a lot simpler than trying to merge definitions together :-) Matthias -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Cross-module (package) dependencies
On Tue, 24 Jan 2012 10:32:31 +0100 Felix Frank felix.fr...@alumni.tu-berlin.de wrote: Perhaps there needs to be some kind of Forge common module that by policy can only ever declare virtual resources (packages are a prominent example). This only takes care of the Forge case. The problem of having the same package being required in multiple places isn't limited to Forge, it's one I run into locally all the time (and I'm sure I'm not the only one). On top of that, once you try to cover multiple distributions where package names diverge, it starts getting hard. And once the packaging itself is different, as in (non-existing) sub-packages... there is no end (1). I don't have the slightest idea as to how all this could be solved in a clean way, but requiring a common bit of high level code isn't the global solution I'm myself hoping for. Matthias (1) Example where a nagios plugin requires the package for the nagios perl bindings. It's nagios-perl for most RPMs, but not split out and in the main nagios-plugins on Gentoo... then for any other plugin from nagios-plugins RPMs, such as nagios-plugins-file_age, same thing. So you get a big mess with duplicate definitions for the main Gentoo nagios-plugins package, or you need yet another layer of high level code hack :-/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: how to create directory recursively (if parents not present)?
Sans r.santanu@gmail.com wrote: Thanks Matthias! I noticed the semicolon typo. What does ${::hostname}-cert.pem implicate (as opposed to ${hostname}- cert.pem)? It just makes explicit that it's a variable from the global scope (as it's a fact) and not from the current local scope. Check out recent puppet docs related to the changes going into 2.7 and soon 2.8. Matthias -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Dynamic lookup of $var
Aaron Grewell wrote : Agreed, facts are the one thing that really should be global IMHO. I'd settle for anything short. If %= ::factname % could have worked, it would have been fine by me. What's the official best practice going to be for facts inside templates with puppet 2.7+? lookupvar all over the templates? Iterative assignments of all used fact values to local scope variables? Have other solutions been looked into? The first that would come to my mind would be having something like fact:: and use %= fact::fqdn %. Short-ish enough, very explicit and entirely isolated (except for anyone having a custom fact module ;-)). Matthias -- Clean custom Red Hat Linux rpm packages : http://freshrpms.net/ Fedora release 14 (Laughlin) - Linux kernel 2.6.35.13-91.fc14.x86_64 Load : 0.10 0.13 0.22 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] how to create directory recursively (if parents not present)?
Sans wrote : As said in the subject line, is there a nice way of creating directory tree if parent is not already there, like using mkdir -p? This will do exactly what you want : $cert_dir = 'globus/cert' exec { 'mkdir_cert_dir': path= [ '/bin', '/usr/bin' ], command = mkdir -p /opt/${cert_dir}, unless = test -d /opt/${cert_dir}, } file { /opt/${cert_dir}/${::hostname}-cert.pem: mode= '0444', owner = 'root', group = 'root', source = puppet:///modules/p_nodes/${::hostname}-cert.pem; require = Exec['mkdir_cert_dir'], } HTH :-) Matthias -- Clean custom Red Hat Linux rpm packages : http://freshrpms.net/ Fedora release 14 (Laughlin) - Linux kernel 2.6.35.13-91.fc14.x86_64 Load : 0.01 0.04 0.13 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] how to create directory recursively (if parents not present)?
Matthias Saou wrote : file { /opt/${cert_dir}/${::hostname}-cert.pem: mode= '0444', owner = 'root', group = 'root', source = puppet:///modules/p_nodes/${::hostname}-cert.pem; require = Exec['mkdir_cert_dir'], } I just noticed that I copy/pasted your original source line, and it has an incorrect trailing semicolon. That needs to be a comma, of course. Matthias -- Clean custom Red Hat Linux rpm packages : http://freshrpms.net/ Fedora release 14 (Laughlin) - Linux kernel 2.6.35.13-91.fc14.x86_64 Load : 0.07 0.06 0.09 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Help with retrieving a user's environment variable
Corey Osman wrote : I need to get the environment variable ORACLE_SID from the OS. I know this can be done with the following: $blah = env(PATH) However, the ORACLE_SID variable is only set under the oracle user account. So I would need a way to login as the oracle account first to retrieve the ORACLE_SID variable. Is there anyway to get the environment variable from a user's account instead of the default account puppet runs under? I'm sorry to not actually be of much help regarding your original question... The thing is that puppet is usually used the other way around, hence this way I use to pre-configure RHEL servers for our bash-using Oracle DBAs : # Oracle profile sourced file file { '/etc/profile.d/oracle.sh': mode= '0755', content = template('/path/to/oracle.sh.erb'), } And the template contains the following : export ORACLE_BASE=/u01/app/oracle export ORACLE_HOME=/u01/app/oracle/oracle/product/%= version %/%= title %%= oracle_home_suffix % export ORACLE_SID=%= oracle_sid % export TNS_ADMIN=$ORACLE_HOME/network/admin if [ `/usr/bin/id -un` == oracle ]; then export PATH=$PATH:$ORACLE_HOME/bin fi Matthias -- Clean custom Red Hat Linux rpm packages : http://freshrpms.net/ Fedora release 14 (Laughlin) - Linux kernel 2.6.35.13-91.fc14.x86_64 Load : 0.01 0.35 0.52 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Facter 1.6.0 and CentOS 6.0
Peter Meier wrote : Is this a known issue? Is there any work-around? It's really breaking my CentOS 6 servers' ability to find their REPOs. :-) You need to have the lsb_release command installed for the lsb* results to appear. Fedora/Redhat have it in the redhat-lsb package, so it possibly has a similar name under CentOS. yes, this is the missing package. It has the same name on centos. The minimal install option doesn't install the redhat-lsb package. I personally prefer it that way, since it pulls in a bunch of useless stuff (in my case, required to be LSB compliant), but it does make it a bit more tricky to detect your OS release. Workaround are simple enough, things like : if $::operatingsystem == RedHat and $::operatingsystemrelease 6 And also selectors like these (note that $operatingsystemrelease includes the minor version such as '5.7' or '6.1') : $foo = $::operatingsystemrelease ? { /^5/ = $rhel5, /^6/ = $thel6, } Of course you can also do this, still without relying on redhat-lsb : $foo = ${::operatingsystem}${::operatingsystemrelease} ? { /^RedHat5/ = $rhel5, /^RedHat6/ = $thel6, } You will need to update that regexp before RHEL 50 ;-) Matthias -- Clean custom Red Hat Linux rpm packages : http://freshrpms.net/ Fedora release 14 (Laughlin) - Linux kernel 2.6.35.13-91.fc14.x86_64 Load : 0.49 0.45 0.42 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Definition parameter defaulting to the definition's own $title?
Matthias Saou wrote : try $name, that should do it, came in somewhere mid 2.6.x series Yup, that was it! Section $name can now be used to set default values in defined resource types in the release notes : https://projects.puppetlabs.com/projects/puppet/wiki/Release_Notes Maybe I'm asking for too much, but is the same thing achievable when calling a definition? I've tried with $name but it takes the value of the parent element. Basically what I'd like to do is : node 'myvmhost' { createvm { [ 'vm01', 'vm02', 'vm03', 'vm04', 'vm05' ]: # VNC Port 59XY for vmXY vncport = regsubst($name, 'vm', '59'), } } For two reasons : * This prevents from iterating many identical calls to the definition * The definition is in a generic module for which it does not make sense to default the parameter to this calculated value. With $name I get the 'myvmhost' string using puppet 2.6.9, but I'd like to have access to the 'vmXY' string instead. Is that possible? Matthias -- Clean custom Red Hat Linux rpm packages : http://freshrpms.net/ Fedora release 14 (Laughlin) - Linux kernel 2.6.35.13-91.fc14.x86_64 Load : 0.21 0.22 0.27 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Definition parameter defaulting to the definition's own $title?
Hi, Maybe I'm going nuts, but I could have sworn reading about a trick or new feature which allowed to have a definition parameter get a default value of the definition's own $title (instead of having the hack around the limitation with selectors and intermediate variables later on). Basically what I want to have working is this : -8- define foo ( $bar = $namevar ) { file { '/tmp/foo': content = $title } file { '/tmp/bar': content = $bar } } # Here I want both to contain foo foo { 'foo': } # Here I want bar to contain bar foo { 'foo': bar = 'bar' } -8- Anything I can use instead of $bar = $namevar to get it working? Matthias -- Clean custom Red Hat Linux rpm packages : http://freshrpms.net/ Fedora release 14 (Laughlin) - Linux kernel 2.6.35.13-91.fc14.x86_64 Load : 0.36 0.40 0.85 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Definition parameter defaulting to the definition's own $title?
R.I.Pienaar wrote : Maybe I'm going nuts, but I could have sworn reading about a trick or new feature which allowed to have a definition parameter get a default value of the definition's own $title (instead of having the hack around the limitation with selectors and intermediate variables later on). try $name, that should do it, came in somewhere mid 2.6.x series Yup, that was it! Section $name can now be used to set default values in defined resource types in the release notes : https://projects.puppetlabs.com/projects/puppet/wiki/Release_Notes And this is the original feature request : https://projects.puppetlabs.com/issues/5061 Thanks for the quick pointer :-) Matthias -- Clean custom Red Hat Linux rpm packages : http://freshrpms.net/ Fedora release 14 (Laughlin) - Linux kernel 2.6.35.13-91.fc14.x86_64 Load : 0.33 0.39 0.55 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] using memorysize fact in manifests
Andreas Kuntzagk andreas.kuntz...@mdc-berlin.de wrote: I want some config depending on memorysize. What I tried was if ($memorysize = 256 * 1024*1024) { ... } But this fails because $memorysize is a string (and contains a G) and can't be compared to an int. Are all facts strings? How do I work with numbers? Typical problem. Not to mention that you happen to have G but that could very easily be M. Here's my workaround for that, which I use for calculations to then set some sysctl.conf values accordingly : # This is ugly, but very useful to get a standard kiB total RAM # to base further calculations upon. Note that we get a string $mem = inline_template(% mem,unit = scope.lookupvar('::memorysize').split mem = mem.to_f # Normalize mem to KiB case unit when nil: mem *= (10) when 'kB': mem *= (110) when 'MB': mem *= (120) when 'GB': mem *= (130) when 'TB': mem *= (140) end %%= mem.to_i %) Here's an example of how I then use it : # kernel.shmmax if $shmmax { $shmmax_final = $shmmax } else { if $oracle { # For non-shm half the RAM for = 4G, 2G otherwise if $mem = 4294967296 { $shmmax_final = $mem / 2 } else { $shmmax_final = $mem - 2147483648 } } else { $shmmax_final = $mem } } HTH, Matthias -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Memory usage for reports
Hi, I very recently upgraded from puppet 0.25.4 to 2.6.8 (both master and all nodes), and I'm now facing serious memory usage issues. On the master, I just added more RAM because I had the resources available (from 2GB to 4GB). But on some nodes with 256MB of RAM, I now see some load peaks and services being affected by high I/O caused by swapping. My manifests haven't changed, only minor compatibility changes, so the catalogs are performing the same. I do see two major differences : * Update from 0.25.4 to 2.6.8 * Enabled 'report' to start using Dashboard (on a separate server) A quick testing reveals that puppet 2.6.8 on the client nodes does use up more memory than 0.25.4 did. Where is remember seeing 40-50MB of resident memory used (from the top of my head), I now see 80-90MB for the same kind of node. Then with reports enabled this goes up to 110-120MB. I already went hunting down useless or non optimized parts of the catalogs, but apart from 2 nodes were I found recurse = true and fixed it (using a different approach, these were nodes other than the one for which I mention the memory usage and had puppetd at 300MB+), I don't see anything more I could optimize, and I have looked in detail, even analyzing a few dot files (the --graph option is really useful!). Two questions : 1) Is it normal that memory usage of puppetd is so much higher just for having the 'report' option enabled? 2) What can I do for low-memory nodes other than switching from puppetd to running puppet from a cron job? (which would help somewhat, but not fix the underlying issues) Any pointers are welcome :-) Matthias -- Clean custom Red Hat Linux rpm packages : http://freshrpms.net/ Fedora release 14 (Laughlin) - Linux kernel 2.6.35.13-91.fc14.x86_64 Load : 0.29 0.27 0.28 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Setting defaults on scoped definitions : Each Word Needs To Be Capitalized
Hi, The documentation section gives a good example for the exec type : http://docs.puppetlabs.com/guides/language_guide.html#resource-defaults But for scoped definitions, I had to figure out that each word needs to be capitalized, not just the first word : Mymod::mydef { 'foo': } gives Syntax error at '::mydef' What works is this (note the second capital 'M') : Mymod::Mydef { 'foo': } Could the documentation section about capitalization be updated to include a scoped example and make it clear for everyone? http://docs.puppetlabs.com/guides/language_guide.html#capitalization I'm sure others will bump into this too, or already have :-) Matthias -- Clean custom Red Hat Linux rpm packages : http://freshrpms.net/ Fedora release 14 (Laughlin) - Linux kernel 2.6.35.13-91.fc14.x86_64 Load : 0.22 0.36 0.46 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Setting defaults on scoped definitions : Each Word Needs To Be Capitalized
Ken Barber k...@puppetlabs.com wrote: Nice idea to hire document writers with clairvoyance skills :-). I'll second that! :-) Thanks for the great work : The documentation has really been improving a lot and my general feeling is that things are much easier to find than before. Matthias On Tue, Jun 14, 2011 at 6:45 PM, Nick Fagerlund nick.fagerl...@puppetlabs.com wrote: On Jun 14, 8:26 am, Matthias Saou th...@spam.spam.spam.spam.spam.spam.spam.egg.and.spam.freshrpms.net wrote: Could the documentation section about capitalization be updated to include a scoped example and make it clear for everyone?http://docs.puppetlabs.com/guides/language_guide.html#capitalization Yes! In fact, I just did that yesterday. It's not live on the site yet, but you can see the commit here: https://github.com/puppetlabs/puppet-docs/commit/68d0cdc1b2a26a5ed89a204ff59fe73f633d433f -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Global scope variables and erb templates in puppet 2.7
Hi, Then I'm guessing the only other solution, which also works with 0.25 and any higher version would be : $local_scope_fqdn = $::fqdn Then : %= local_scope_fqdn % In order to use a local scope variable from within templates. It's really too bad to not be able to use scoped variables from erb templates directly, as it won't ever be as convenient as before for facts and global scope variables. Matthias Alessandro Franceschi a...@lab42.it wrote: scope.lookupvar() works also on Puppet 2.6 and 0.25 and maybe earlier versions, and AFAIK will keep on working in future versions. Incidentally it has the benefit of not throwing an exception when the referred variables is not set (it just returns an empty field) I find it useful to refer to fully qualified variables (ie apache::params::port) that are not usable in the traitional form (%= apache::params::port % Al -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Global scope variables and erb templates in puppet 2.7
Hi, I'm starting to play with the latest puppet 2.7.0rc4, one of my goals being to try and update all of my puppet related files to be compatible with it, with no warnings at all. I've read in detail this page : http://docs.puppetlabs.com/guides/scope_and_puppet.html There is no mention of anything special to do for global scope variables inside templates, such as : file { '/tmp/test': content = inline_template ('%= fqdn %') } Yet when using %= ::fqdn % I get the following : (err): compile error (erb):1: syntax error, unexpected tIDENTIFIER, expecting tCONSTANT _erbout = ''; _erbout.concat(( ::fqdn ).to_s); _erbout How should these global scope variables (facts in this case) be used inside erb templates? Maybe there's some obvious ruby syntax I'm missing? Matthias -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Global scope variables and erb templates in puppet 2.7
Hi, Thanks, using scope.lookupvar() in the templates does work. But will this be the proper way to echo facts in puppet 2.7 and 2.8? Because it does seem like quite an extra burden, and if it's not really decided yet, I prefer sticking with the warnings for now ;-) Matthias Ken Barber k...@puppetlabs.com wrote: Try: inline_template('%= scope.lookupvar(::fqdn) %') ken. On Sun, Jun 12, 2011 at 3:20 PM, Matthias Saou th...@spam.spam.spam.spam.spam.spam.spam.egg.and.spam.freshrpms.net wrote: Hi, I'm starting to play with the latest puppet 2.7.0rc4, one of my goals being to try and update all of my puppet related files to be compatible with it, with no warnings at all. I've read in detail this page : http://docs.puppetlabs.com/guides/scope_and_puppet.html There is no mention of anything special to do for global scope variables inside templates, such as : file { '/tmp/test': content = inline_template ('%= fqdn %') } Yet when using %= ::fqdn % I get the following : (err): compile error (erb):1: syntax error, unexpected tIDENTIFIER, expecting tCONSTANT _erbout = ''; _erbout.concat(( ::fqdn ).to_s); _erbout How should these global scope variables (facts in this case) be used inside erb templates? Maybe there's some obvious ruby syntax I'm missing? Matthias -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Going to publish custom modules : Request for comments
Dan Bode d...@puppetlabs.com wrote: [...] Comments about what I'm doing right and what I'm doing wrong would be very welcome. I really want to know that everything's optimal before investing time in publishing more modules, to not have to later waste time going over all modules again. The code is very easy to read and understand (which is one of the most important criteria) Thanks. And I completely agree about the importance of readability :-) I have an implementation question: 1. Why are you doing the chkconfig exec: exec { chkconfig ${title} on: notify = Service[xinetd], path = [ /sbin, /bin ], onlyif = chkconfig --list ${title} | egrep -q 'off$', } why doesnt: service { $title: enable = 'true' } work for this? Fair question. I'm guessing that I assumed initially that the xinetd sub-services wouldn't work with the puppet provider. I'm now guessing that I should do some testing again and simplify this accordingly. Thanks for the feedback : Exactly the kind I was ultimately looking for by releasing my modules to the public! :-) If there are people familiar with puppetdoc here : Is it possible to generate clean doc for my modules with only relative links to be included in the repo? I do not understand this question. Let me rephrase quickly : From a checkout inside ~/puppet-modules/ when I run something like this : puppetdoc --mode rdoc --outputdir ./doc \ --modulepath modules --manifestdir /var/empty I then get html documentation inside ./doc/ but all of the manifests files are referred to as /home/myuser/puppet-modules which would be quite ugly if included in the git repo or on a website as documentation. I've just tested with 2.6.8 and I still get the same result. There are more details, like the module's main class showing up as xinetd::xinetd instead of just xinetd or my definition's parameters needing to be right after the define line (no empty line in between allowed) or the documented #-- not working to stop further parsing... Are others using puppetdoc for their modules? Are there some good examples out there? The official documentation is useful but seems somewhat limited. Matthias -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] RHEL5 and RHEL6 wiith Puppet
Steve Shipway wrote : 1. The syslod has changed to rsyslog [...] 2. The snmpd has changed the location of its var file [...] 3. The use of UDEV for all devices [...] Has anyone else spotted any other changes requiring alteration to the Puppet manifests and modules? There are probably plenty more. A couple from the top of my head : * RPC stuff : portmap changed to rpcbind * Default MTA : sendmail changed to postfix Matthias -- Clean custom Red Hat Linux rpm packages : http://freshrpms.net/ Fedora release 14 (Laughlin) - Linux kernel 2.6.35.10-72.fc14.x86_64 Load : 0.05 0.05 0.13 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Appending to Variables in a global context
Spenser Gilliland spenser...@gmail.com wrote: Yeap, I'm seeing that it doesn't exist yet either. I'm thinking maybe I can use exported resources or maybe just an exec that increments a counter on the host. Either way it's not very pretty. My use case is as follows: In Debian, Redmine has the option of being installed as several instances controlled by a single debconf variable. In order to utilize this feature, I need to supply debconf with the name of all instances of Redmine on the server. I've split this out into the following way: A class called Redmine which installs the Redmine package and should hold an array of all the instances of Redmine to feed to debconf using the responsefile parameter. So I think I've come up with a solution in my head but it involves me guaranteeing that the redmine class is instantiated before any of the redmine::instances are defined. Essentially, I'll use an environmental variable or file and clear it with the Redmine class and append to it for each redmine::instance. Maybe like below? class redmine { exec{rm /tmp/instances touch /tmp/instances} } define redmine::instance exec{echo $name /tmp/instances} } I guess the next question is can i guarantee that my class will be instantiated prior to my instances and there is no possibility of the class being re-instantiated during the course of the puppet run? The approach you're suggesting seems very ugly :-) I'd suggest trying one of two different approaches : * Create a definition to which you'll pass an array of all instances, which will then call the redminde::instance for each. This only works of course if you're not trying to add new instances from various puppet classes/definitions. * Create a fact which returns all of the redmine instances of the puppet client. This has quite a few limitations, but might work depending on what you need exactly. HTH, Matthias -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppetd stops when the puppermaster doesn't answer
Hi, Since upgrading from 0.24 to 0.25, I've seen repeatedly puppetd clients just stop when they're unable to reach the puppetmaster for a while. With the normal logging level, they just seem to stop without writing anything in their log. I've seen this with 0.25.1rc1, rc2 and final, which are all of the 0.25.x I've tried (always with the same version on clients and master). Similarly, for the past 3 weeks 0.25 has been running, at the time of our cron.weekly, a huge number of puppetd clients stop in a similar way. Here are the relevant lines of the puppetmaster.log : Sun Nov 01 04:02:05 +0100 2009 Puppet (notice): Reopening log files Sun Nov 01 04:02:05 +0100 2009 Puppet (notice): Starting Puppet server version 0.25.1 Sun Nov 01 04:02:16 +0100 2009 Puppet (warning): require is a metaparam; this value will inherit to all contained resources Sun Nov 01 04:17:33 +0100 2009 Puppet (warning): 'newservice' method already exists; skipping Sun Nov 01 04:18:42 +0100 2009 Puppet (notice): Compiled catalog for foo in 992.54 seconds Sun Nov 01 04:18:58 +0100 2009 Puppet (notice): Compiled catalog for bar in 1007.44 seconds Then until 04:47, many compiled catalogs take up to 2000s, but after that all are back to less than 1s. My first guess, since the puppetd processes contact the puppetmaster every 30 minutes, is be that the ones which have executed their run between 04:02 and 04:17 are the ones that died. I'm using a pretty simple setup, RHEL5 with puppet installed from packages on the master and about 200 clients. Is this a known problem with 0.25 clients? Has anyone seem these problems too? Matthias -- Clean custom Red Hat Linux rpm packages : http://freshrpms.net/ Fedora release 10 (Cambridge) - Linux kernel 2.6.27.30-170.2.82.fc10.x86_64 Load : 0.66 0.51 0.37 --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Puppetd stops when the puppermaster doesn't answer
Peter Meier wrote : Is this a known problem with 0.25 clients? Has anyone seem these problems too? There have been some fixes for it in 0.25.1 [1] but I'm still encountering such issues as well. Especially as I'm connecting some clients over the internet, so I might encounter high latency. I'm in discussion with James (actually I dunno if he already knows it :P ) whether to start a new bug or add there. But I can keep you updated. The main problem is that puppet doesn't rescue from every Exception, hence it get thrown at the top and puppetd exits. cheers pete [1] http://projects.reductivelabs.com/issues/2661 Aha! I missed it since I was searching for open bug reports ;-) Thanks for the link! Matthias -- Clean custom Red Hat Linux rpm packages : http://freshrpms.net/ Fedora release 10 (Cambridge) - Linux kernel 2.6.27.30-170.2.82.fc10.x86_64 Load : 0.28 0.31 0.26 --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
Puppetmaster service removing puppetmasterd executable (was: Re: [Puppet Users] ANNOUNCE: Puppet 0.25.1 released!)
James Turnbull wrote : Puppet 0.25.1 - code name zoot - is now available. The 0.25.1 release is a maintenance release in the 0.25.x branch. I'm seeing something really weird with this release. I wasn't seeing it with either rc1 or rc2. When I update my rpm packages on the master (RHEL 5.4), when the service puppetmaster stop command is run, the /usr/sbin/puppetmasterd file is removed. Ouch! I've just done an strace run of service puppetmaster stop after installing the packages using --noscripts and clearly see this : [pid 413] execve(/bin/rm, [rm, -f, /usr/sbin/puppetmasterd], [/* 6 vars */]) = 0 The packages are using only the init scripts included in the source. Matthias -- Clean custom Red Hat Linux rpm packages : http://freshrpms.net/ Fedora release 10 (Cambridge) - Linux kernel 2.6.27.30-170.2.82.fc10.x86_64 Load : 0.44 0.44 0.32 --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
Re: Puppetmaster service removing puppetmasterd executable (was: Re: [Puppet Users] ANNOUNCE: Puppet 0.25.1 released!)
Todd Zullinger wrote : Matthias Saou wrote: When I update my rpm packages on the master (RHEL 5.4), when the service puppetmaster stop command is run, the /usr/sbin/puppetmasterd file is removed. Ouch! Ouch indeed. This is my fault. :( I've just done an strace run of service puppetmaster stop after installing the packages using --noscripts and clearly see this : [pid 413] execve(/bin/rm, [rm, -f, /usr/sbin/puppetmasterd], [/* 6 vars */]) = 0 The packages are using only the init scripts included in the source. The puppetmaster init script doesn't have the pidfile var set, and the killproc function manages to think /usr/sbin/puppetmasterd is the pid file. I believe the fix is to add a pidfile setting: diff --git i/conf/redhat/server.init w/conf/redhat/server.init index 5505058..4f44206 100644 --- i/conf/redhat/server.init +++ w/conf/redhat/server.init @@ -13,6 +13,7 @@ PATH=/usr/bin:/sbin:/bin:/usr/sbin export PATH lockfile=/var/lock/subsys/puppetmaster +pidfile=/var/run/puppet/puppetmasterd.pid # Source function library. . /etc/rc.d/init.d/functions I'm very sorry for breaking this. I'll test and send a patch off soon. Thanks a lot for your quick reply! Indeed, just adding the pidfile= to the script fixes this. I'm not sure how init scripts can be lead to think that a file under /usr/sbin/ can be the right one to remove, though, that seems like a bug somewhere else. Matthias -- Clean custom Red Hat Linux rpm packages : http://freshrpms.net/ Fedora release 10 (Cambridge) - Linux kernel 2.6.27.30-170.2.82.fc10.x86_64 Load : 0.09 0.11 0.13 --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Warnings with regsubst()
Hi, I've got the following working fine with puppet 0.25.1, which was previously impossible with 0.24 (yepee!) : define dirs ( $dirs = [] ) { # Parent directory for the ones below file { /nfs/skel/${title}: ensure = directory } # Make sure the File namevar is unique by prepending the path $fulldirs = regsubst($dirs, .*, /nfs/skel/${title}/\0) file { $fulldirs: ensure = directory } } Then I call it in a way similar to this : dirs { dir1: dirs = [ inc, bin ] dirs { dir2: dirs = [ inc, bin ] But then I see warnings in the puppetmaster log : Puppet (warning): Unrecognised escape sequence '\0' in file foo.pp [...] I've also tried with ^(.*)$ and \1 but it's the same. So before I go and report this as a minor bug, am I doing something wrong here? Matthias -- Clean custom Red Hat Linux rpm packages : http://freshrpms.net/ Fedora release 10 (Cambridge) - Linux kernel 2.6.27.30-170.2.82.fc10.x86_64 Load : 0.39 0.46 0.35 --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Warnings with regsubst()
Brice Figureau wrote : On Tue, 2009-10-27 at 17:25 +0100, Matthias Saou wrote: I've got the following working fine with puppet 0.25.1, which was previously impossible with 0.24 (yepee!) : define dirs ( $dirs = [] ) { # Parent directory for the ones below file { /nfs/skel/${title}: ensure = directory } # Make sure the File namevar is unique by prepending the path $fulldirs = regsubst($dirs, .*, /nfs/skel/${title}/\0) file { $fulldirs: ensure = directory } } Then I call it in a way similar to this : dirs { dir1: dirs = [ inc, bin ] dirs { dir2: dirs = [ inc, bin ] But then I see warnings in the puppetmaster log : Puppet (warning): Unrecognised escape sequence '\0' in file foo.pp [...] I think puppet string interpolation is warning you that inserting a null byte is forbidden. Try to escape the \0 so that it isn't eaten by the double quote interpolation: $fulldirs = regsubst($dirs, .*, /nfs/skel/${title}/\\0) I could have sworn I had already tried that, but I guess not. Things still work and the warning is gone. Thanks a lot! Matthias -- Clean custom Red Hat Linux rpm packages : http://freshrpms.net/ Fedora release 10 (Cambridge) - Linux kernel 2.6.27.30-170.2.82.fc10.x86_64 Load : 0.42 0.24 0.19 --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Service bug?
Douglas Garstang doug.garst...@gmail.com wrote: [...] It seems to me like there might be a bug here. Puppet appears to think the syslog-ng and syslog service are the same thing and stops syslog-ng instead of syslog. If I change the name of the syslog service, like this... service { XXXsyslog: ensure = stopped, enable = false; } then puppet does NOT stop syslog-ng. Is it doing a regex search on the first part of the service name or something and stopping when it gets a match? I think puppet looks for the process name by default. What you want to do is use hasstatus = true after making sure that service syslog status returns a correct exit status (i.e. zero only when the service is actually running). Matthias --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: new to puppet. how to add condition in a class?
william Famy william.f...@gmail.com wrote: I prefer runing class on my client if thereis a file exemple if the file /etc/mypuppet/condition is present execute the condition class. If you want to do this, you'll likely have to create a simple facter fact for your clients so that the puppetmaster receives true if this file exists or false otherwise. But from my puppet experience, you seem to be taking the problem the opposite way from the usual way. It's much more common to decide if a class is to be included or not based on the existing facts (hostname, fqdn etc.), and from the puppetmaster. Matthias --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Monitoring the puppetmaster
Pete Emerson pemer...@gmail.com wrote: We've got over 150 hosts hitting the one puppetmaster, and based on what I've seen via searching it seems like we're hitting into scalability issues with Webrick, and the recommendation is to switch to Mongrel or Passenger. Looks to me like Passenger is where the focus is, so I'm working on migrating to 0.25 and Passenger, with multiple master nodes for redundancy and scalability. FWIW, we were also seeing our 0.24 puppetmaster stop responding from time to time, requiring a restart. Since upgrading to 0.25.1rc1, reliability has improved a lot, and the load decreased too, while still using the puppetmaster with the included webrick. Matthias --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: [Puppet-dev] ANNOUNCE Puppet 0.25.1rc1 available
Todd Zullinger wrote : James Turnbull wrote: Puppet 0.25.1 Release Candidate 1 is now available for testing. Packages for Fedora 10/11/rawhide and EL 4/5 are available at: http://tmz.fedorapeople.org/repo/puppet/ Please report any packaging or repository bugs to me and not to the Puppet or Fedora bug trackers. And be sure to report any non-packaging bugs to the Puppet bug tracker. :) A package related note : With RHEL 5.4, libselinux-ruby is included at last, so it would be nice to now have the dependency included for the epel5 package too :-) And for the next release, I hope this will be fixed (it's trivial), otherwise you might want to temporarily include a patch : http://projects.reductivelabs.com/issues/2699 (this problem has been there for a while, if no one noticed, it must mean that no one is using a puppetmaster on the non standard port) Matthias -- Clean custom Red Hat Linux rpm packages : http://freshrpms.net/ Fedora release 10 (Cambridge) - Linux kernel 2.6.27.30-170.2.82.fc10.x86_64 Load : 1.66 1.09 0.62 --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Facter and arrays? Or puppet and converting strings to arrays?
Paul Nasrat wrote : My problem here is that facter doesn't seem to be able to return anything other than strings. Is that the case? Because it would be really easier for me to have it return an array of the members : Correct currently facter is essentially a flat key value map. This is something that is on the roadmap to have richer data structures for 2.0, which will begin work after 1.6 ships. Thanks for the explanation. Then, my next problem is that once I get the comma separated string on the server, I don't see how to convert that into an array I could easily use inside classes and definitions. ...Help? :-) 0.25 puppet has split as a function in the puppet language: Split a string variable into an array using the specified split regexp. Aha, this is awesome! I've just had a look at the new features, and all of the new regexp possibilities are opening new horizons too. Thanks, Paul ;-) Matthias -- Clean custom Red Hat Linux rpm packages : http://freshrpms.net/ Fedora release 10 (Cambridge) - Linux kernel 2.6.27.25-170.2.72.fc10.x86_64 Load : 4.17 3.59 2.07 --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---