[Puppet Users] SSL_read:: shutdown while in init error
Hi I'm using puppet agent 3.8.7 with puppetserver 2.8. Everything worked fine for long period. This week we set update on openssl (version openssl-1.0.2k-7.103.amzn1.x86_6). After that we started to get errors on puppet run: *Error: Could not set 'file' on ensure: SSL_read:: shutdown while in initError: Could not retrieve catalog from remote server: SSL_read:: shutdown while in init*I tried to play with pupptserver and puppet agent config. Added http_keepaalive_timout and set larger body-max-size. This resolve issue on existing servers. But each time I run puppet first time - I see this again. For ex, when I try to create Packer image - it always fail, because of this errors. I've looked for similar errors, but find nothing. Have someone experienced same problem? Thanks. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/d518bdec-620d-4f87-bcaa-567997b06427%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] facing problem in setting up puppet master agent/proxy/device and a backend device.
Modules are always installed on puppermaster. It compike catalog and send it to agent. Catalog is running in agent and apply changes. So answer for your questions: 1. module should be installwd in master 2. node name shoukd be your agent. Generally, in this case it can be master itself. Parameters in module should be related to backend device. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/f475a5c6-9bc5-44ec-a036-ca88d1ca22ce%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Multi environment and multi system
Can you split repositories for manifests and config? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/e8493834-27eb-4075-a2b8-fffc939e90e2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Multi environment and multi system
You can use hiera and set there all environment and system variables. So you'll have same manifest for all environments , but devided code variables. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/4caa7a07-e374-415b-964a-e352c409f5fd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Mcollective puppet-agent doesn't execute commands from custom facts
Hello I met following issue with mcollective puppet agent. I have custom fact that read tags from AWS cli and transform them to facts. Facter.add(role) do setcode do iregion = Facter.value(ec2_region) Facter::Util::Resolution.exec(ec2-describe-tags --region #{iregion} -O KEY -W SEC_KEY --filter \resource-id=$(ec2-metadata -i | cut -d \ \ -f2)\ --filter \key=Role\ | cut -f5 -) end end When I run facter from instance aor puppet agent from instance itself - everything working fine. When I run pupper runnonce from mcollective server - it doesn't read this fact and apply only common manifest. I checked several times and found, that if I set static file with role and use external fact like: #!/bin/bash role=`grep Role /etc/server_facts | awk '{print $NF}'` echo role=$role Mcollective works fine. If Itry to use AWS cli command in script - again fact doesn't wrk. Have someone met such problem with mcollective? Can someone advise? Puppet 3.6.2 Mcollective 2.5.3 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/85a8940b-0a4f-4de4-a568-050af439cb00%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Mcollective puppet-agent doesn't execute commands from custom facts
Tried also full path with ec2-region hardcoded /opt/aws/bin/ec2-describe-tags --region us-east-1 -O KEY -W SEC_KEY --filter \resource-id=$(ec2-metadata -i | cut -d \ \ -f2)\ --filter \key=Role\ | cut -f5 -) Created also sh script in /etc/facter/facts.d with same string: when run locally - it's works, when run with mcollective - it's failed. I also checked with mcollective-facter-facts plugin - it can see these facts. On Saturday, August 2, 2014 10:48:52 PM UTC+3, Jose Luis Ledesma wrote: Hi Probably mco is not loading you environment variables ( like PATH) and this produces this behavior. If the ec2-describe-tags commands is not in the usual path, try exec it with the full path in the fact. Also you can check if the ec2_region fact is get correctly from mco. Hth El 02/08/2014 20:57, Maxim Nikolaev m...@maximnik.com javascript: escribió: Hello I met following issue with mcollective puppet agent. I have custom fact that read tags from AWS cli and transform them to facts. Facter.add(role) do setcode do iregion = Facter.value(ec2_region) Facter::Util::Resolution.exec(ec2-describe-tags --region #{iregion} -O KEY -W SEC_KEY --filter \resource-id=$(ec2-metadata -i | cut -d \ \ -f2)\ --filter \key=Role\ | cut -f5 -) end end When I run facter from instance aor puppet agent from instance itself - everything working fine. When I run pupper runnonce from mcollective server - it doesn't read this fact and apply only common manifest. I checked several times and found, that if I set static file with role and use external fact like: #!/bin/bash role=`grep Role /etc/server_facts | awk '{print $NF}'` echo role=$role Mcollective works fine. If Itry to use AWS cli command in script - again fact doesn't wrk. Have someone met such problem with mcollective? Can someone advise? Puppet 3.6.2 Mcollective 2.5.3 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com javascript:. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/85a8940b-0a4f-4de4-a568-050af439cb00%40googlegroups.com https://groups.google.com/d/msgid/puppet-users/85a8940b-0a4f-4de4-a568-050af439cb00%40googlegroups.com?utm_medium=emailutm_source=footer . For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/73fe7b9d-8161-45e6-aa1a-1ec381ef9093%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: Mcollective puppet-agent doesn't execute commands from custom facts
I've did more checks. I've updated aws api. Now command looks like: aws ec2 describe-tags --filters Name=resource-id,Values=instance_id | grep Role | /bin/cut -f5 Custom and external facts with this string still not works. Facter see it's ok, but mcollective - doesn't. I've created cronjob that run this command and send value to file. Created external fact that cat file and echo role=$role. Mcollective worked fine. On Saturday, August 2, 2014 9:57:07 PM UTC+3, Maxim Nikolaev wrote: Hello I met following issue with mcollective puppet agent. I have custom fact that read tags from AWS cli and transform them to facts. Facter.add(role) do setcode do iregion = Facter.value(ec2_region) Facter::Util::Resolution.exec(ec2-describe-tags --region #{iregion} -O KEY -W SEC_KEY --filter \resource-id=$(ec2-metadata -i | cut -d \ \ -f2)\ --filter \key=Role\ | cut -f5 -) end end When I run facter from instance aor puppet agent from instance itself - everything working fine. When I run pupper runnonce from mcollective server - it doesn't read this fact and apply only common manifest. I checked several times and found, that if I set static file with role and use external fact like: #!/bin/bash role=`grep Role /etc/server_facts | awk '{print $NF}'` echo role=$role Mcollective works fine. If Itry to use AWS cli command in script - again fact doesn't wrk. Have someone met such problem with mcollective? Can someone advise? Puppet 3.6.2 Mcollective 2.5.3 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/db88a075-bf5c-4697-be6d-cb463397c436%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: Mcollective puppet-agent doesn't execute commands from custom facts
Example of external fact that not worked: #!/bin/bash role=`/usr/bin/aws ec2 describe-tags --filters Name=resource-id,Values=instance_id | grep Role | /bin/cut -f5` echo role=$role Fact see this, but mcollective doesn't get. On Saturday, August 2, 2014 9:57:07 PM UTC+3, Maxim Nikolaev wrote: Hello I met following issue with mcollective puppet agent. I have custom fact that read tags from AWS cli and transform them to facts. Facter.add(role) do setcode do iregion = Facter.value(ec2_region) Facter::Util::Resolution.exec(ec2-describe-tags --region #{iregion} -O KEY -W SEC_KEY --filter \resource-id=$(ec2-metadata -i | cut -d \ \ -f2)\ --filter \key=Role\ | cut -f5 -) end end When I run facter from instance aor puppet agent from instance itself - everything working fine. When I run pupper runnonce from mcollective server - it doesn't read this fact and apply only common manifest. I checked several times and found, that if I set static file with role and use external fact like: #!/bin/bash role=`grep Role /etc/server_facts | awk '{print $NF}'` echo role=$role Mcollective works fine. If Itry to use AWS cli command in script - again fact doesn't wrk. Have someone met such problem with mcollective? Can someone advise? Puppet 3.6.2 Mcollective 2.5.3 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/a1b3b84a-a58b-46ed-8ce6-ffba7225abf5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: Mco doesn't apply classes from Hiera
As I understood after several checks - when puppet starts by mcollective, it doesn't provide custom facts to puppet. Can this be related to env in which mcollective start puppet agent? On Thursday, July 31, 2014 4:44:59 PM UTC+3, Maxim Nikolaev wrote: Hello I met some strange things with mco. I installed Puppet with Hiera as ENC. Puppet 3.6.2 I've installed MCO server. MCO version 2.5.3 Configured several classes in hera. Configured Puppet to use Hiera as ENC. When I run puppet agent --no-daemonize --verbose --onetime form server itself - everything is working fine. All classes applied according facts. When I run mco puppet runonce -vv -f -F hostname=HOSTNAME fomr mco server it's run ok, but apply only common class from Hiera. On client I see ps aux | grep puppet root 6976 52.7 4.2 277188 164080 ? Sl 13:11 0:11 /usr/bin/ruby /usr/bin/puppet agent --test --color=false --no-splay If I run this command manually on client /usr/bin/ruby /usr/bin/puppet agent --test --color=false --no-splay - again all classes applied. When run mco - again only common. Can anyone advise? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/6e882acf-49bd-4ebe-9407-f706ce42f682%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Mco doesn't apply classes from Hiera
Hello I met some strange things with mco. I installed Puppet with Hiera as ENC. Puppet 3.6.2 I've installed MCO server. MCO version 2.5.3 Configured several classes in hera. Configured Puppet to use Hiera as ENC. When I run puppet agent --no-daemonize --verbose --onetime form server itself - everything is working fine. All classes applied according facts. When I run mco puppet runonce -vv -f -F hostname=HOSTNAME fomr mco server it's run ok, but apply only common class from Hiera. On client I see ps aux | grep puppet root 6976 52.7 4.2 277188 164080 ? Sl 13:11 0:11 /usr/bin/ruby /usr/bin/puppet agent --test --color=false --no-splay If I run this command manually on client /usr/bin/ruby /usr/bin/puppet agent --test --color=false --no-splay - again all classes applied. When run mco - again only common. Can anyone advise? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/f3520da8-6c43-4a38-aec6-d933be9d2699%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: Reports from puppet
HI I'm using puppetdb-2.1.0-1.el6.noarch Puppetboard installed from pip yesterday, so I suppose it's also last. I get mail about errors, so I know that report is generated. But I can't see it not in Puppetboard ( Overvie). When I check report in Node tab - I see that it's empty. Error on client: puppet agent --no-daemonize --verbose --onetime Info: Retrieving pluginfacts Info: Retrieving plugin Info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb Info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb Info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb Info: Loading facts in /var/lib/puppet/lib/facter/pe_version.rb Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find class rabbitmq::rabbitmq for mcollective-useast-00-d6f9.ec2.internal on node mcollective-useast-00-d6f9.ec2.internal Notice: Using cached catalog Error: Could not retrieve catalog; skipping run In Dashboard I can see error, but in Puppetboard - not. Puppetboard sign node as unchanged and remove it from Overview tab. I can see it in Node, but again as unchanged and not failed. On Monday, July 21, 2014 2:55:16 PM UTC+3, Maxim Nikolaev wrote: Hi I'm using Puppet with Dashboard and PuppetDB and Puppetdb board. I can see all nodes and rfeports. Problem is that when puppet fail to run on instance - i get report unchanged instead of fail. For ex. I've changed postfix manifest to install package postfix1. Puppet failed to run: Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Invalid relationship: File[/etc/postfix/main.cf] { require = Package[postfix] }, because Package[postfix] doesn't seem to be in the catalog But I got unchanged report instead of failed also in dashboard and in puppetdb. Puppet: 3.6.2 Facter: 2.1.0 OS: Amazon Linux -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/bbe9b960-3a07-40cc-8191-95c1c07a2d7d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: Facter unable to parse custom fact
As I understand from Facrer 2 manual (http://docs.puppetlabs.com/facter/2.1/custom_facts.html#adding-custom-facts-to-facter) I can set all custom facts to /etc/facts/facts.d. Fact example: Facter.add(role) do setcode do Facter::Util::Resolution.exec('ec2-describe-tags -O KEY -W KEY --filter resource-id=$(ec2-metadata -i | cut -d -f2) --filter key=Role | cut -f5 -') end end It's not far from examples that are in manual. When I try to set this fact to /etc/facts/facts.d - I get error: Fact file /etc/facter/facts.d/role.rb was parsed but returned an empty data set Even if I try to use simple example from manual ( hardware_platform.rb) - I get same error. On Tuesday, July 15, 2014 5:10:59 PM UTC+3, Maxim Nikolaev wrote: Hello I have strange experience with facter on newly installed servers. Puppet: 3.6.2 Facter: 2.1.0 OS: Amazon Linux when I set custom fact to /etc/facter/facts.d and run facter locally I get following error Fact file /etc/facter/facts.d/services.rb was parsed but returned an empty data set When I copy same file to /usr/lib/ruby/site_ruby/1.8/facter/ and run same command - facter works ok. Can someone advise why thi can happen? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/9e76db90-9ea3-4edf-811c-e29442e871b8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: Facter unable to parse custom fact
The problem is not fact script. I I run it from /usr/lib/ruby/site_ruby/1.8/facter/ it's working. When I set it to /etc/facter/facts.d - I get errors. More. If I make link from /etc/facter/facts.d to /usr/lib/ruby/site_ruby/1.8/facter/ also other fact scripts fail. On Tuesday, July 15, 2014 5:10:59 PM UTC+3, Maxim Nikolaev wrote: I have strange experience with facter on newly installed servers. Puppet: 3.6.2 Facter: 2.1.0 OS: Amazon Linux when I set custom fact to /etc/facter/facts.d and run facter locally I get following error Fact file /etc/facter/facts.d/services.rb was parsed but returned an empty data set When I copy same file to /usr/lib/ruby/site_ruby/1.8/facter/ and run same command - facter works ok. Can someone advise why thi can happen? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/14146309-82e9-44f2-bf77-0a277057534e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Reports from puppet
Hi I'm using Puppet with Dashboard and PuppetDB and Puppetdb board. I can see all nodes and rfeports. Problem is that when puppet fail to run on instance - i get report unchanged instead of fail. For ex. I've changed postfix manifest to install package postfix1. Puppet failed to run: Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Invalid relationship: File[/etc/postfix/main.cf] { require = Package[postfix] }, because Package[postfix] doesn't seem to be in the catalog But I got unchanged report instead of failed also in dashboard and in puppetdb. Puppet: 3.6.2 Facter: 2.1.0 OS: Amazon Linux -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/29057799-8d81-4272-b02d-8df2f8ba38f7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Reports from puppet
No. I haven't this feature. my puppet.conf looks like this: [main] modules = /etc/puppet/modules hiera_config = /etc/puppet/hiera.yaml pluginsync= true server = HOSTNAME #port = 8081 [agent] server = HOSTNAME report = true classfile = $vardir/classes.txt localconfig = $vardir/localconfig [master] certname = HOSTNAME dns_alt_names = HOSTNAME autosign = true reports = store, http, puppetdb, tagmail reporturl = http://HOSTNAME/reports/upload hiera_config = /etc/puppet/hiera.yaml storeconfigs = true storeconfigs_backend = puppetdb I found discussion about this bug: http://projects.theforeman.org/issues/3851 But I want to know if there is any workaround. If catalog fails on client side - I can see error reports. On Monday, July 21, 2014 4:01:43 PM UTC+3, Ken Barber wrote: Hi Maxim, This is not directly reproducible by myself today: https://gist.github.com/kbarber/c6941099bea07096361e ... Perhaps something in your puppet.conf is doing this, I could imagine something like: usecacheonfailure = true Causing this to happen, but I can't reproduce the exact same conditions myself. Here is my basic puppet.conf fwiw: # cat /etc/puppet/puppet.conf [main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter [agent] report = true [master] ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY storeconfigs = true storeconfigs_backend = puppetdb reports = store,puppetdb trusted_node_data = true Perhaps you can share your so we can see what settings may be causing it. ken. On Mon, Jul 21, 2014 at 12:55 PM, Maxim Nikolaev m...@maximnik.com javascript: wrote: Hi I'm using Puppet with Dashboard and PuppetDB and Puppetdb board. I can see all nodes and rfeports. Problem is that when puppet fail to run on instance - i get report unchanged instead of fail. For ex. I've changed postfix manifest to install package postfix1. Puppet failed to run: Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Invalid relationship: File[/etc/postfix/main.cf] { require = Package[postfix] }, because Package[postfix] doesn't seem to be in the catalog But I got unchanged report instead of failed also in dashboard and in puppetdb. Puppet: 3.6.2 Facter: 2.1.0 OS: Amazon Linux -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com javascript:. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/29057799-8d81-4272-b02d-8df2f8ba38f7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/f9cde2d1-0d85-49ec-a5bd-2582dd01ff16%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Facter unable to parse custom fact
Hello I have strange experience with facter on newly installed servers. Puppet: 3.6.2 Facter: 2.1.0 OS: Amazon Linux when I set custom fact to /etc/facter/facts.d and run facter locally I get following error Fact file /etc/facter/facts.d/services.rb was parsed but returned an empty data set When I copy same file to /usr/lib/ruby/site_ruby/1.8/facter/ and run same command - facter works ok. Can someone advise why thi can happen? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/9aecde68-a28d-436b-a28c-9a97432bc739%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.