[Puppet Users] SSL_read:: shutdown while in init error
Hi I'm using puppet agent 3.8.7 with puppetserver 2.8. Everything worked fine for long period. This week we set update on openssl (version openssl-1.0.2k-7.103.amzn1.x86_6). After that we started to get errors on puppet run: *Error: Could not set 'file' on ensure: SSL_read:: shutdown while in initError: Could not retrieve catalog from remote server: SSL_read:: shutdown while in init*I tried to play with pupptserver and puppet agent config. Added http_keepaalive_timout and set larger body-max-size. This resolve issue on existing servers. But each time I run puppet first time - I see this again. For ex, when I try to create Packer image - it always fail, because of this errors. I've looked for similar errors, but find nothing. Have someone experienced same problem? Thanks. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/d518bdec-620d-4f87-bcaa-567997b06427%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] facing problem in setting up puppet master agent/proxy/device and a backend device.
Modules are always installed on puppermaster. It compike catalog and send it to agent. Catalog is running in agent and apply changes. So answer for your questions: 1. module should be installwd in master 2. node name shoukd be your agent. Generally, in this case it can be master itself. Parameters in module should be related to backend device. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/f475a5c6-9bc5-44ec-a036-ca88d1ca22ce%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Multi environment and multi system
Can you split repositories for manifests and config? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/e8493834-27eb-4075-a2b8-fffc939e90e2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Multi environment and multi system
You can use hiera and set there all environment and system variables. So you'll have same manifest for all environments , but devided code variables. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/4caa7a07-e374-415b-964a-e352c409f5fd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Mcollective puppet-agent doesn't execute commands from custom facts
Hello
I met following issue with mcollective puppet agent.
I have custom fact that read tags from AWS cli and transform them to facts.
Facter.add(role) do
setcode do
iregion = Facter.value(ec2_region)
Facter::Util::Resolution.exec(ec2-describe-tags --region #{iregion} -O
KEY -W SEC_KEY --filter \resource-id=$(ec2-metadata -i | cut -d \ \
-f2)\ --filter \key=Role\ | cut -f5 -)
end
end
When I run facter from instance aor puppet agent from instance itself -
everything working fine.
When I run pupper runnonce from mcollective server - it doesn't read this
fact and apply only common manifest.
I checked several times and found, that if I set static file with role and
use external fact like:
#!/bin/bash
role=`grep Role /etc/server_facts | awk '{print $NF}'`
echo role=$role
Mcollective works fine. If Itry to use AWS cli command in script - again
fact doesn't wrk.
Have someone met such problem with mcollective? Can someone advise?
Puppet 3.6.2
Mcollective 2.5.3
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/85a8940b-0a4f-4de4-a568-050af439cb00%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Mcollective puppet-agent doesn't execute commands from custom facts
Tried also full path with ec2-region hardcoded
/opt/aws/bin/ec2-describe-tags --region us-east-1 -O KEY -W SEC_KEY
--filter \resource-id=$(ec2-metadata -i | cut -d \ \ -f2)\ --filter
\key=Role\ | cut -f5 -)
Created also sh script in /etc/facter/facts.d with same string: when run
locally - it's works, when run with mcollective - it's failed.
I also checked with mcollective-facter-facts plugin - it can see these
facts.
On Saturday, August 2, 2014 10:48:52 PM UTC+3, Jose Luis Ledesma wrote:
Hi
Probably mco is not loading you environment variables ( like PATH) and
this produces this behavior.
If the ec2-describe-tags commands is not in the usual path, try exec it
with the full path in the fact.
Also you can check if the ec2_region fact is get correctly from mco.
Hth
El 02/08/2014 20:57, Maxim Nikolaev m...@maximnik.com javascript:
escribió:
Hello
I met following issue with mcollective puppet agent.
I have custom fact that read tags from AWS cli and transform them to
facts.
Facter.add(role) do
setcode do
iregion = Facter.value(ec2_region)
Facter::Util::Resolution.exec(ec2-describe-tags --region #{iregion} -O
KEY -W SEC_KEY --filter \resource-id=$(ec2-metadata -i | cut -d \ \
-f2)\ --filter \key=Role\ | cut -f5 -)
end
end
When I run facter from instance aor puppet agent from instance itself -
everything working fine.
When I run pupper runnonce from mcollective server - it doesn't read this
fact and apply only common manifest.
I checked several times and found, that if I set static file with role
and use external fact like:
#!/bin/bash
role=`grep Role /etc/server_facts | awk '{print $NF}'`
echo role=$role
Mcollective works fine. If Itry to use AWS cli command in script - again
fact doesn't wrk.
Have someone met such problem with mcollective? Can someone advise?
Puppet 3.6.2
Mcollective 2.5.3
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users...@googlegroups.com javascript:.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/85a8940b-0a4f-4de4-a568-050af439cb00%40googlegroups.com
https://groups.google.com/d/msgid/puppet-users/85a8940b-0a4f-4de4-a568-050af439cb00%40googlegroups.com?utm_medium=emailutm_source=footer
.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/73fe7b9d-8161-45e6-aa1a-1ec381ef9093%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: Mcollective puppet-agent doesn't execute commands from custom facts
I've did more checks. I've updated aws api. Now command looks like:
aws ec2 describe-tags --filters Name=resource-id,Values=instance_id |
grep Role | /bin/cut -f5
Custom and external facts with this string still not works. Facter see it's
ok, but mcollective - doesn't.
I've created cronjob that run this command and send value to file. Created
external fact that cat file and echo role=$role. Mcollective worked fine.
On Saturday, August 2, 2014 9:57:07 PM UTC+3, Maxim Nikolaev wrote:
Hello
I met following issue with mcollective puppet agent.
I have custom fact that read tags from AWS cli and transform them to facts.
Facter.add(role) do
setcode do
iregion = Facter.value(ec2_region)
Facter::Util::Resolution.exec(ec2-describe-tags --region #{iregion} -O
KEY -W SEC_KEY --filter \resource-id=$(ec2-metadata -i | cut -d \ \
-f2)\ --filter \key=Role\ | cut -f5 -)
end
end
When I run facter from instance aor puppet agent from instance itself -
everything working fine.
When I run pupper runnonce from mcollective server - it doesn't read this
fact and apply only common manifest.
I checked several times and found, that if I set static file with role and
use external fact like:
#!/bin/bash
role=`grep Role /etc/server_facts | awk '{print $NF}'`
echo role=$role
Mcollective works fine. If Itry to use AWS cli command in script - again
fact doesn't wrk.
Have someone met such problem with mcollective? Can someone advise?
Puppet 3.6.2
Mcollective 2.5.3
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/db88a075-bf5c-4697-be6d-cb463397c436%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: Mcollective puppet-agent doesn't execute commands from custom facts
Example of external fact that not worked:
#!/bin/bash
role=`/usr/bin/aws ec2 describe-tags --filters
Name=resource-id,Values=instance_id | grep Role | /bin/cut -f5`
echo role=$role
Fact see this, but mcollective doesn't get.
On Saturday, August 2, 2014 9:57:07 PM UTC+3, Maxim Nikolaev wrote:
Hello
I met following issue with mcollective puppet agent.
I have custom fact that read tags from AWS cli and transform them to facts.
Facter.add(role) do
setcode do
iregion = Facter.value(ec2_region)
Facter::Util::Resolution.exec(ec2-describe-tags --region #{iregion} -O
KEY -W SEC_KEY --filter \resource-id=$(ec2-metadata -i | cut -d \ \
-f2)\ --filter \key=Role\ | cut -f5 -)
end
end
When I run facter from instance aor puppet agent from instance itself -
everything working fine.
When I run pupper runnonce from mcollective server - it doesn't read this
fact and apply only common manifest.
I checked several times and found, that if I set static file with role and
use external fact like:
#!/bin/bash
role=`grep Role /etc/server_facts | awk '{print $NF}'`
echo role=$role
Mcollective works fine. If Itry to use AWS cli command in script - again
fact doesn't wrk.
Have someone met such problem with mcollective? Can someone advise?
Puppet 3.6.2
Mcollective 2.5.3
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/a1b3b84a-a58b-46ed-8ce6-ffba7225abf5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: Mco doesn't apply classes from Hiera
As I understood after several checks - when puppet starts by mcollective, it doesn't provide custom facts to puppet. Can this be related to env in which mcollective start puppet agent? On Thursday, July 31, 2014 4:44:59 PM UTC+3, Maxim Nikolaev wrote: Hello I met some strange things with mco. I installed Puppet with Hiera as ENC. Puppet 3.6.2 I've installed MCO server. MCO version 2.5.3 Configured several classes in hera. Configured Puppet to use Hiera as ENC. When I run puppet agent --no-daemonize --verbose --onetime form server itself - everything is working fine. All classes applied according facts. When I run mco puppet runonce -vv -f -F hostname=HOSTNAME fomr mco server it's run ok, but apply only common class from Hiera. On client I see ps aux | grep puppet root 6976 52.7 4.2 277188 164080 ? Sl 13:11 0:11 /usr/bin/ruby /usr/bin/puppet agent --test --color=false --no-splay If I run this command manually on client /usr/bin/ruby /usr/bin/puppet agent --test --color=false --no-splay - again all classes applied. When run mco - again only common. Can anyone advise? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/6e882acf-49bd-4ebe-9407-f706ce42f682%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Mco doesn't apply classes from Hiera
Hello I met some strange things with mco. I installed Puppet with Hiera as ENC. Puppet 3.6.2 I've installed MCO server. MCO version 2.5.3 Configured several classes in hera. Configured Puppet to use Hiera as ENC. When I run puppet agent --no-daemonize --verbose --onetime form server itself - everything is working fine. All classes applied according facts. When I run mco puppet runonce -vv -f -F hostname=HOSTNAME fomr mco server it's run ok, but apply only common class from Hiera. On client I see ps aux | grep puppet root 6976 52.7 4.2 277188 164080 ? Sl 13:11 0:11 /usr/bin/ruby /usr/bin/puppet agent --test --color=false --no-splay If I run this command manually on client /usr/bin/ruby /usr/bin/puppet agent --test --color=false --no-splay - again all classes applied. When run mco - again only common. Can anyone advise? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/f3520da8-6c43-4a38-aec6-d933be9d2699%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: Reports from puppet
HI
I'm using puppetdb-2.1.0-1.el6.noarch
Puppetboard installed from pip yesterday, so I suppose it's also last.
I get mail about errors, so I know that report is generated. But I can't
see it not in Puppetboard (
Overvie). When I check report in Node tab - I see that it's empty.
Error on client:
puppet agent --no-daemonize --verbose --onetime
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb
Info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb
Info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb
Info: Loading facts in /var/lib/puppet/lib/facter/pe_version.rb
Error: Could not retrieve catalog from remote server: Error 400 on SERVER:
Could not find class rabbitmq::rabbitmq for
mcollective-useast-00-d6f9.ec2.internal on node
mcollective-useast-00-d6f9.ec2.internal
Notice: Using cached catalog
Error: Could not retrieve catalog; skipping run
In Dashboard I can see error, but in Puppetboard - not. Puppetboard sign
node as unchanged and remove it from Overview tab. I can see it in Node,
but again as unchanged and not failed.
On Monday, July 21, 2014 2:55:16 PM UTC+3, Maxim Nikolaev wrote:
Hi
I'm using Puppet with Dashboard and PuppetDB and Puppetdb board. I can see
all nodes and rfeports.
Problem is that when puppet fail to run on instance - i get report
unchanged instead of fail.
For ex. I've changed postfix manifest to install package postfix1. Puppet
failed to run:
Error: Could not retrieve catalog from remote server: Error 400 on SERVER:
Invalid relationship: File[/etc/postfix/main.cf] { require =
Package[postfix] }, because Package[postfix] doesn't seem to be in the
catalog
But I got unchanged report instead of failed also in dashboard and in
puppetdb.
Puppet: 3.6.2
Facter: 2.1.0
OS: Amazon Linux
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/bbe9b960-3a07-40cc-8191-95c1c07a2d7d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: Facter unable to parse custom fact
As I understand from Facrer 2 manual
(http://docs.puppetlabs.com/facter/2.1/custom_facts.html#adding-custom-facts-to-facter)
I can set all custom facts to /etc/facts/facts.d.
Fact example:
Facter.add(role) do
setcode do
Facter::Util::Resolution.exec('ec2-describe-tags -O KEY -W KEY --filter
resource-id=$(ec2-metadata -i | cut -d -f2) --filter key=Role | cut
-f5 -')
end
end
It's not far from examples that are in manual.
When I try to set this fact to /etc/facts/facts.d - I get error: Fact file
/etc/facter/facts.d/role.rb was parsed but returned an empty data set
Even if I try to use simple example from manual (
hardware_platform.rb) - I get same error.
On Tuesday, July 15, 2014 5:10:59 PM UTC+3, Maxim Nikolaev wrote:
Hello
I have strange experience with facter on newly installed servers.
Puppet: 3.6.2
Facter: 2.1.0
OS: Amazon Linux
when I set custom fact to /etc/facter/facts.d and run facter locally I get
following error
Fact file /etc/facter/facts.d/services.rb was parsed but returned an empty
data set
When I copy same file to
/usr/lib/ruby/site_ruby/1.8/facter/
and run same command - facter works ok.
Can someone advise why thi can happen?
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/9e76db90-9ea3-4edf-811c-e29442e871b8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: Facter unable to parse custom fact
The problem is not fact script. I I run it from /usr/lib/ruby/site_ruby/1.8/facter/ it's working. When I set it to /etc/facter/facts.d - I get errors. More. If I make link from /etc/facter/facts.d to /usr/lib/ruby/site_ruby/1.8/facter/ also other fact scripts fail. On Tuesday, July 15, 2014 5:10:59 PM UTC+3, Maxim Nikolaev wrote: I have strange experience with facter on newly installed servers. Puppet: 3.6.2 Facter: 2.1.0 OS: Amazon Linux when I set custom fact to /etc/facter/facts.d and run facter locally I get following error Fact file /etc/facter/facts.d/services.rb was parsed but returned an empty data set When I copy same file to /usr/lib/ruby/site_ruby/1.8/facter/ and run same command - facter works ok. Can someone advise why thi can happen? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/14146309-82e9-44f2-bf77-0a277057534e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Reports from puppet
Hi
I'm using Puppet with Dashboard and PuppetDB and Puppetdb board. I can see
all nodes and rfeports.
Problem is that when puppet fail to run on instance - i get report
unchanged instead of fail.
For ex. I've changed postfix manifest to install package postfix1. Puppet
failed to run:
Error: Could not retrieve catalog from remote server: Error 400 on SERVER:
Invalid relationship: File[/etc/postfix/main.cf] { require =
Package[postfix] }, because Package[postfix] doesn't seem to be in the
catalog
But I got unchanged report instead of failed also in dashboard and in
puppetdb.
Puppet: 3.6.2
Facter: 2.1.0
OS: Amazon Linux
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/29057799-8d81-4272-b02d-8df2f8ba38f7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Reports from puppet
No. I haven't this feature.
my puppet.conf looks like this:
[main]
modules = /etc/puppet/modules
hiera_config = /etc/puppet/hiera.yaml
pluginsync= true
server = HOSTNAME
#port = 8081
[agent]
server = HOSTNAME
report = true
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
[master]
certname = HOSTNAME
dns_alt_names = HOSTNAME
autosign = true
reports = store, http, puppetdb, tagmail
reporturl = http://HOSTNAME/reports/upload
hiera_config = /etc/puppet/hiera.yaml
storeconfigs = true
storeconfigs_backend = puppetdb
I found discussion about this bug:
http://projects.theforeman.org/issues/3851
But I want to know if there is any workaround.
If catalog fails on client side - I can see error reports.
On Monday, July 21, 2014 4:01:43 PM UTC+3, Ken Barber wrote:
Hi Maxim,
This is not directly reproducible by myself today:
https://gist.github.com/kbarber/c6941099bea07096361e ...
Perhaps something in your puppet.conf is doing this, I could imagine
something like:
usecacheonfailure = true
Causing this to happen, but I can't reproduce the exact same conditions
myself.
Here is my basic puppet.conf fwiw:
# cat /etc/puppet/puppet.conf
[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
[agent]
report = true
[master]
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
storeconfigs = true
storeconfigs_backend = puppetdb
reports = store,puppetdb
trusted_node_data = true
Perhaps you can share your so we can see what settings may be causing it.
ken.
On Mon, Jul 21, 2014 at 12:55 PM, Maxim Nikolaev m...@maximnik.com
javascript: wrote:
Hi
I'm using Puppet with Dashboard and PuppetDB and Puppetdb board. I can
see
all nodes and rfeports.
Problem is that when puppet fail to run on instance - i get report
unchanged instead of fail.
For ex. I've changed postfix manifest to install package postfix1.
Puppet
failed to run:
Error: Could not retrieve catalog from remote server: Error 400 on
SERVER:
Invalid relationship: File[/etc/postfix/main.cf] { require =
Package[postfix] }, because Package[postfix] doesn't seem to be in the
catalog
But I got unchanged report instead of failed also in dashboard and in
puppetdb.
Puppet: 3.6.2
Facter: 2.1.0
OS: Amazon Linux
--
You received this message because you are subscribed to the Google
Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send
an
email to puppet-users...@googlegroups.com javascript:.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/29057799-8d81-4272-b02d-8df2f8ba38f7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/f9cde2d1-0d85-49ec-a5bd-2582dd01ff16%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Facter unable to parse custom fact
Hello I have strange experience with facter on newly installed servers. Puppet: 3.6.2 Facter: 2.1.0 OS: Amazon Linux when I set custom fact to /etc/facter/facts.d and run facter locally I get following error Fact file /etc/facter/facts.d/services.rb was parsed but returned an empty data set When I copy same file to /usr/lib/ruby/site_ruby/1.8/facter/ and run same command - facter works ok. Can someone advise why thi can happen? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/9aecde68-a28d-436b-a28c-9a97432bc739%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
