Re: [Puppet Users] libvirt modules
Hi Carla, I'm guessing we'll want to take this over to the -devel list as it gets developed. What I'd really like to see here, is one unified type (called virt), and one provider (called libvirt). While Puppet does have a system for multiple providers, libvirt is an abstraction layer, so this works best if libvirt is a provider, and we have one type called virt. Later, if virtualization types were not supported by libvirt, we could have additional providers. Does this make sense? --Michael On Wed, Jun 16, 2010 at 10:50 AM, Carla Araujo carla.aso...@gmail.com wrote: Hello Doug! I'm building this module. You can see it's progress at [0]. You can also help submitting features and bugs at GSoC project in puppet's redmine [1] [0] github.com/carlasouza/puppet-virt [1] http://projects.puppetlabs.com/projects/gsoc Thanks for your interest :) -- Carla On Wed, Jun 16, 2010 at 11:22 AM, Doug Warner d...@warner.fm wrote: Does anyone have any modules they could share to work with libvirt/kvm/qemu? I saw there was a GSOC going on related to this; is there public progress somewhere that I could help with (submit bugs, testing, etc)? -Doug -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] using puppetforge modules
On Mon, Jun 7, 2010 at 3:18 AM, Marc Fournier marc.fourn...@camptocamp.com wrote: Hello, My question is this. Are the modules intended to be used with the author-modulename naming convention? If so, did I do something wrong or is there something wrong with the camptocamp-apt module that is not allowing this? This module was indeed made to be used as apt not camptocamp-apt. You raise an interesting question, which I'm not sure of the answer... Should module authors modify their modules to match the forge namespace ? Or is it expected that users rename modules downloaded from the forge before using them ? Does anyone have an idea of right the way to do this ? Marc The intent is to have the modules downloaded from the module tool, as with RPM, though obviously if you grab them via the download button they can be named whatever they like. I think the modules should be written so that they assume they are named after what they are in forge. (It seems we should be making a better note of that in the instructions for the module tool.) --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Simple config question
On Sun, Jun 6, 2010 at 5:13 PM, David Schmitt da...@dasz.at wrote: Am 04.06.2010 18:34, schrieb Dan: Most of my machines are pretty cookie-cutter, so I have one class and config file setup for different services. For example, pretty much have one hosts.allow that goes out everywhere. However, there are always exceptions. So I have 3 hosts that have similar configs but have more things open, so what's the 'best practice' way to centralize those? Do I really need to create a whole new class and assign that one config file to it for one host? The simplest way would be to use class inheritance and override the source of the file: class extended inherits base { File[/etc/hosts.allow]{source = ...} } A more maintainable way would be to manage the file's content more fine-grained than that. Look into the augeas type whether there is a lens to manage that syntax. Then you could use a simple define to wrap this all nicely into a resource you can use: define hosts_allow(...) { augeas {...} } class base { hosts_allow { ... } } class other_stuff { hosts_allow { ... } } You could manage it via two seperate templates, and otherwise keep the class the same. Or you could have a $variable in the template that turns on the extra hosts when set. --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: authenticating new nodes that are created by provisioning
On Fri, Jun 4, 2010 at 5:25 PM, Todd Zullinger t...@pobox.com wrote: Oded wrote: Never tried it myself but I think you can create the certificate as a part of the provisioning process, and then somehow place it in the new server. http://serverfault.com/questions/19462/how-can-i-pre-sign-puppet-certificates Without reading the link to see if it's similar to what I do, I have a script I run on the puppet master to pre-generate certificates and package them as rpm's. These then go into a repository which the install is setup to use and the certificate package is installed by kickstart. The package, if you're curious is at: http://tmz.fedorapeople.org/packages/puppet-host-package-0.6.0-1.el5.src.rpm It's not polished in any way. It's one of those works for me, someday I should finish and improve it things. But I prefer this to enabling autosign. Nice ideaI like that. I had toyed with adding such an autosign-simulating feature to Cobbler that ohad mentioned (but different*), but I don't see how that provides any greater security, as once you have automated provisioning via TFTP (it's an open protocol by design), it's really a moot point to claim you're layering extra security on top.Also Anaconda doesn't support access control around accessing kickstarts. * = rather than enabling autosign, the system would note what hosts just started kickstart, and let cobblerd sign that specific host once it shows up in 'puppetca', polling periodically, until the host indicates it reaches 'kickstart done' status, or after 30 minutes, whichever is sooner. That way there's no need to enable autosign, but it's effectively the same thing.The system could also remove certificates for hosts that we being reinstalled if kicked off from a secure interface (can't really trust PXE and HTTP requests). --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: External Nodes Examples
On Mon, Jun 7, 2010 at 3:02 PM, Alan Barrett a...@cequrux.com wrote: On Sun, 06 Jun 2010, Nicolas Szalay wrote: - Douglas Garstang doug.garst...@gmail.com a =??crit : | I was just doing a little research on the best way to switch over to | external nodes. It seems like you can't use a combination of the two | systems. Apparently if the external node tool can't find an external | node (because it hasn't been cut over yet), then that's a failure. | This makes moving from 'internal' nodes to external nodes BLOODY | difficult. FYI -- we've talked about supporting definitions (and other resources) within external_nodes in future releases. I don't have enough info to give a timetable though. (Plus they'll also be able to do parameterized classes). --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] RHEL-3
On Mon, Jun 7, 2010 at 1:46 PM, Daniel Wittenberg dwittenberg2...@gmail.com wrote: I was working on updating some of our RHEL-3 systems, and looks like putting puppet on there is a little harder due to older libraries, so before I went and tried retro-fitting these guys I thought I'd see if anyone was using it with luck there and any tips/tricks I might watch out for? Thanks! Dan Yeah, I would suspect building your own Ruby is the initial problem, as well as building RPMs for Puppet, as there is no EPEL for RHEL 3. We should get a Wiki page put together on this once we get the info gathered together. Unrelated note -- I assume you're using the Extra Long Lifetime Support? Because otherwise RHEL3 is basically end-of-life. Moving off of it is really the best bet :) --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] using puppetforge modules
I would prefer shortname, let puppet fail when there are collisions. Or maybe initials could be used for namespacing. ds_apache (tough luck Danielle Steel) Let's think about how the package manager's do it as this is essentially a (really really primitive) package manager. Hmm, they don't do it :) Point. FWIW, in this case, the download path of the module (from pmt) needs to be somehow indicated to be apache and not foo-apache, so it's still a case of needing to know what to save it when downloading directly from the webapp, right? And pmt needs to know to name it apache. So there's still something that we need to tweak, it seems. --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] combining arrays in site.pp
On Fri, May 28, 2010 at 11:57 AM, Kenton Brede kbr...@gmail.com wrote: I'm running 0.25.4. What I'd like to do is place an array of users under the default node. These users rarely change. Then within each subsequent node, have another array of users added to the original array. These users change more frequently. These users are then be snarfed into a template. The setup I've been using is adding all the users to one array in each node definition. I've read that using += will add arrays to one another, but I keep getting a Could not parse for environment testing: Syntax error at '='; expected '}' at /etc/puppet/manifests/testing/site.pp:54 error. Is += just not allowed in site.pp? This is an example of what I have. site.pp - node basenode { $users_group = ['user0', 'user1'] } node server1 inherits basenode { $users_group += ['user2', 'user3', 'user4'] } Puppet uses + for appending to arrays. Here's the feature where it was added: http://projects.puppetlabs.com/issues/1584 --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Question about templates from variables
$template_list = [template1,template2,template3] content = template($template_list), Puppet has a split() function that splits a string into an array, that should do what you want there. template(split($template_list)) --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Question about templates from variables
On Fri, May 28, 2010 at 12:40 PM, Michael DeHaan mich...@puppetlabs.com wrote: $template_list = [template1,template2,template3] content = template($template_list), Puppet has a split() function that splits a string into an array, that should do what you want there. template(split($template_list)) --Michael Sorry, I posted too quickly, you can also specify the delimiter: http://docs.puppetlabs.com/references/latest/function.html -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet Labs Announces Puppet Forge, a Central Repository for Puppet Modules
On Thu, May 27, 2010 at 10:26 AM, Gabriel - IP Guys gabr...@impactteachers.com wrote: This is good news :) Thank you guys, (and girls) for setting that up for the community. -Original Message- From: puppet-users@googlegroups.com [mailto:puppet-us...@googlegroups.com] On Behalf Of Scott Olson Sent: 27 May 2010 14:57 To: Puppet Users Subject: [Puppet Users] Puppet Labs Announces Puppet Forge, a Central Repository for Puppet Modules Details and links to the Puppet Forge can be found here: http://www.puppetlabs.com/blog/puppet-labs-announces-puppet-forge-a-cent ral-repository-for-puppet-modules/ I think it goes without being said, but now is the time for everyone to sign up, and populate the forge with lots of great content, so it attracts more users, that add more content, that... I think you get the idea :) The more modules it gathers, the more useful it becomes for everyone. I think folks will continue to keep their modules in github (or bitbucket, or their tool of choice) and publish releases on the forge, for everyone to find them in a central location. Let us know if you encounter any problems or have questions/ideas. We have a bug tracker up at http://projects.puppetlabs.com/projects/module-site for filing any problems/requests you might have -- right now, you can use that tracker for both the puppet-module-tool and the web site itself. One of the features we want to add is a watch/notification feature so you can see if any modules you are watching have updates. We also want to add a comment system so folks can share problems/tips about specific modules. Currently if you have a problem with a specific module, the home page of that module is the best place to start -- for instance, github has a built in issue tracker. Thoughts on how to make all of this even better are welcome, consider this an open thread. --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppetd checkin time??
Sure, there's a way to do that ... in puppet.conf [puppetd] runinterval = 60 you can do puppetd --genconfig to look at all the available options and their current values as set by the configuration file (or defaults, if not mentioned in the file). --Michael On Thu, May 27, 2010 at 11:42 AM, CraftyTech hmmed...@gmail.com wrote: Hello All, Is there a way that I can change the check in time for puppetd (check in with puppet master)? I've looked through the docs and don't seem to be able to find anything on that topic. Basically I'd like to be able to to change from the default 30 mins checkin time to let's say 1 hr... Thanks, Henry -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppetd checkin time??
On Thu, May 27, 2010 at 12:09 PM, Michael DeHaan mich...@puppetlabs.com wrote: Sure, there's a way to do that ... in puppet.conf [puppetd] runinterval = 60 Sorry, you want 3600 here ... it's specified in seconds. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppetmaster directly on the Internet
On Thu, May 27, 2010 at 10:33 AM, Gabriel - IP Guys gabr...@impactteachers.com wrote: I would suggest to make your puppet master available on the net or via a firewall forwarding, and then configure your puppetmaster/firewall to only accept connections from those IPs that belong to your clients. I assume your clients all have static IP's otherwise you would not have floated the internal DNS idea. This works very well for me for a number of services that I have internally, like my email servers. Probably ok with firewalling. I'd also make sure you turn autosign off, just in case, because otherwise you run a risk of someone connecting and getting the default configuration applied to them, even if they don't deserve access to those files. Similar to the if one node compromised issue. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] External Nodes Require a Forklift?
On Thu, May 27, 2010 at 1:23 PM, Douglas Garstang doug.garst...@gmail.com wrote: On Thu, May 27, 2010 at 9:55 AM, Nigel Kersten nig...@google.com wrote: On Thu, May 27, 2010 at 9:35 AM, Douglas Garstang doug.garst...@gmail.com wrote: Does switching to external nodes require a forklift approach? The other day, I specified an external node script in puppet.conf, and puppet complained about every single node that wasn't handled by the external script. It would be nice (and more realistic) to be able to cut one node over at a time. Is this possible? Absolutely. My external node script just returns the default config for any node it can't find a specific config for. That's not going to work. When the node isn't defined as an external node, I want it to use the node manifest file, not a default. If I was going to start using external nodes, some nodes would be external and some nodes would not be external, until they where all converted. It looks like while this was the case, nothing would work. As I understood things, external nodes is supposed to work as an overlay on top of site.pp Is this not working if you just return an empty list of classes/variables for a node? IIRC this works this way today -- let us know if there's a problem with it. --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] External Nodes Require a Forklift?
Aw Jeez... I wonder if someone could, like, document just how that works? :) I'll file a bug on myself to clean up that section of the doc site. I'd suspect that returning nothing is an error because it's not YAML, but I'll have to check. --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Want to talk at the USENIX Configuration Workshop (Boston, Thursday, June 24)
The afternoon during the USENIX Configuration Management workshop is going to be for set user talks + a barcamp format. Currently the organizers are looking for folks to do some user topics, such as How I used X to do Foo, or Automating a Blarg or ... maybe you've got something more exciting :) If you were planning on going and interested, let me know, and I'll hook you up with the organizers. (Note: we'll also be presenting at Red Hat Summit on Wednesday -- so I hope to see lots of Puppet people in Boston, one way or the other!) http://www.usenix.org/event/config10/ --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Multiple Puppet Servers
On Fri, May 14, 2010 at 2:26 PM, Kinzel, David david.kin...@encana.com wrote: Hi, Is there any way to define multiple puppet servers in client configuration so that if my one puppet server is down then my production config changes can be applied from other puppet server. I am using apache and Mongrel for puppet load balancing. Shouldn't your load balancing take care of that, then? *yes* .. that, or as mentioned round robin DNS works, provided you have your trust set up correctly. We recommend using just one host as the certificate authority though, and then you just make sure the same puppet manifests are checked out on all nodes. IMHO we need better docs on setting up trust in the those configurations on our web site -- pointers on how people are doing it today would be good to include. --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Want to talk at the USENIX Configuration Workshop (Boston, Thursday, June 24)
Somewhere in the 20-40 minute range. I don't think it's been quite decided yet. On Fri, May 14, 2010 at 1:49 PM, Joe McDonagh joseph.e.mcdon...@gmail.com wrote: On 05/14/2010 01:21 PM, Michael DeHaan wrote: The afternoon during the USENIX Configuration Management workshop is going to be for set user talks + a barcamp format. Currently the organizers are looking for folks to do some user topics, such as How I used X to do Foo, or Automating a Blarg or ... maybe you've got something more exciting :) If you were planning on going and interested, let me know, and I'll hook you up with the organizers. (Note: we'll also be presenting at Red Hat Summit on Wednesday -- so I hope to see lots of Puppet people in Boston, one way or the other!) http://www.usenix.org/event/config10/ --Michael How long are the time-slots? -- -- Joe McDonagh Operations Engineer AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Cannot make autosign works
Hmm Does this thread help you? We should fix the error message, also, IMHO. http://markmail.org/message/aydpf243lu6uub5a#query:uninitialized%20constant%20Puppet%3A%3ANetwork%3A%3AAuthStore+page:1+mid:lelvuzkis2xzruyc+state:results --Michael On Thu, May 13, 2010 at 7:15 PM, Eric epaschoal...@gmail.com wrote: Thanks all. I've removed the entire ssl dir as suggested and started puppetmaster again but got the following error: ubu...@domu-12-31-39-00-65-47:~$ sudo rm -rf /var/lib/puppet/ssl ubu...@domu-12-31-39-00-65-47:~$ sudo puppetmasterd --verbose --no- daemonize info: Creating a new SSL key for ca info: Creating a new SSL certificate request for ca notice: Signed certificate request for ca notice: Rebuilding inventory file info: Creating a new certificate revocation list info: Creating a new SSL key for domu-12-31-39-00-65-47.compute-1.internal info: Creating a new SSL certificate request for domu-12-31-39-00-65-47.compute-1.internal notice: domu-12-31-39-00-65-47.compute-1.internal has a waiting certificate request /usr/lib/ruby/1.8/puppet/ssl/certificate_authority.rb:91:in `autosign_store': uninitialized constant Puppet::Network::AuthStore (NameError) from /usr/lib/ruby/1.8/puppet/ssl/certificate_authority.rb:67:in `autosign' from /usr/lib/ruby/1.8/puppet/ssl/certificate_request.rb:48:in `save' from /usr/lib/ruby/1.8/puppet/ssl/host.rb:147:in `generate_certificate_request' from /usr/lib/ruby/1.8/puppet/ssl/host.rb:175:in `generate' from /usr/lib/ruby/1.8/puppet/ssl/host.rb:27:in `init_localhost' from /usr/lib/ruby/1.8/puppet/util/cacher.rb:106:in `send' from /usr/lib/ruby/1.8/puppet/util/cacher.rb:106:in `cached_value' from /usr/lib/ruby/1.8/puppet/util/cacher.rb:46:in `localhost' from /usr/lib/ruby/1.8/puppet/application/puppetmasterd.rb:93:in `main' from /usr/lib/ruby/1.8/puppet/application.rb:226:in `send' from /usr/lib/ruby/1.8/puppet/application.rb:226:in `run_command' from /usr/lib/ruby/1.8/puppet/application.rb:217:in `run' from /usr/lib/ruby/1.8/puppet/application.rb:306:in `exit_on_fail' from /usr/lib/ruby/1.8/puppet/application.rb:217:in `run' from /usr/sbin/puppetmasterd:66 ubu...@domu-12-31-39-00-65-47:~$ Thanks for all the help. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Provisioning VM in Xen via Puppet - Howto??
On Tue, May 11, 2010 at 3:48 PM, Gabriel - IP Guys gabr...@impactteachers.com wrote: Dear All, I've finally managed to get xen installed on a remote system via puppet http://puppetnewbie.blogspot.com/2010/05/installing-xen-instance.html I was about to create my test machines manually, when it occurred to me, that I should be doing this via puppet. Hence my question in the subject. I was given some advice on the irc channel, but it didn't really sink in very much. If anyone has any ideas, please feel free to send me a note, I'll be working on this privately, and post my findings and ideas, back to the list. The way I have installed xen is noted in my blog if you would like to reference it. It's little consolation, but we have a Google Summer of Code project (starting towards the end of this month) that will offer some very nice provisioning and maintaince of Xen and qemu/KVM Puppet types (using libvirt). You do not have long to wait :) No xm create or virtinst commands will be required. In the meantime, if you're running Fedora, CentOS, or RHEL, you may want to take a look at the koan tool that comes with Cobbler, which is a pretty good start to that kind of integration for creating VMs. I am, however, a little biased :) Even if you aren't using Puppet, I would highly recommend looking at using Xen through libvirt tooling (virsh, virtinst, etc) rather than /sbin/xm, then your investment in software to manage your virtualization does not need to be repaid if you decide to switch hypervisors. --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Cannot make autosign works
On Thu, May 13, 2010 at 6:04 AM, Mathias Gug math...@ubuntu.com wrote: Hi, On Wed, May 12, 2010 at 07:35:18PM -0700, Eric wrote: I'm a first time user of puppet and I'm playing around with it using Amazone EC2 instances in order to learn it. The OS is Ubuntu 10.04 server and puppet version is 0.25.4. Right now I'm facing a hard time to make autosign feature work. You may wanna have a look at the blog series [1] I wrote about using Ubuntu images in EC2. I've outlined an architecture to not use auto signing on the puppetmaster. [1]: http://ubuntumathiaz.wordpress.com/2010/03/25/using-puppet-in-uecec2-automating-the-signing-process/ Essentially by making your own specialized alternative autosigner, yes :) We (Mattias, I, others) were all talking about this Monday, our consenus was that we're going to consider making a way to teach the autosigner to accept the name of an external script (much akin to external_nodes) that could be called to decide whether or not to autosign a certain cert. In any event, if you can't get basic autosign to work, the above would be no easier -- I would suggest starting with what Dan had said and let us know where you get from there. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] External Nodes
If I can't have resources of any type in an external node, what's the point? And... how can I do this? The reason I am looking at external nodes again, even though I still think the concept is misguided is because I need to write custom scripts to parse the node manifests, and that's a pain in the ass. Hey Doug, You're right in that Puppet can't do this presently -- but we're looking at adding the ability to specify these in external_nodes (and in Dashboard) probably in the release after 0.26 ... so, probably not soon enough for you, but I agree it's pretty important. (0.26 adds parametrized classes, which is definitely useful as well). Previously the thinking is that forcing each node to assign itself to a class is a best practice, but there's a tradeoff to be made there, and in the case of lots of heterogeneousness, that means a lot more classes that you probably want to avoid :) I think node classification itself is quite useful (not as you say misguided), but incomplete... yes :) Once we have parametrized classes this will allow us the ability to do things in Dashboard like allow prompting for required parameters when assigning a class to a node... so it should be pretty slick. Separating the rules/policy/model of your infrastructure from the person who tells machines what each machine what to do is the basic idea here -- so you can turn over the reins to someone who is different than the person who writes your Puppet code ... and in many cases, that's via an external application. --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Setting up a Xen instance
Now, if I understand puppet correctly, if these entries are in site.pp, then each client that connects will install sudo, ssh client and server, and nano text editor, and any node that inherits xenboxen, will also install xen. Have you signed the certificates for the client yet? as root: # puppetca --list Perhaps if that's not it, paste the output of a puppetd --no-daemonize --debug run to show what happens when it talks to the server. There could perhaps be an error in your configuration files? --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] List of available variables for use in templates
On Wed, May 5, 2010 at 5:07 PM, Ed Greenberg e...@greenberg.org wrote: When writing an ERB template, I know that I can define variables in my nodes and classes, and that the facter variables for the node are available. I'd like to know if there are any other predefined puppet variables available. In specific, I'd like the node's name in the node definition. node foobar { include this include that } I'd like to get foobar. In my case, this is probably NOT the facter variable fqdn or hostname. I can't find this documented anywhere. Any particular reason you're not using the node name as the hostname? Nodes can either use the shortname or the fqdn. --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] determine whether host responds to an IP address
On Wed, May 5, 2010 at 2:38 PM, Casey Feskens cfesk...@willamette.edu wrote: Hey folks, I'm looking for a best practice for determining whether a host has a specific IP address configured on it, in order to make puppet configuration decisions. I know there are a list of facts for each interface with an associated IP address, but am trying to determine whether ANY interface matches a corresponding IP. I haven't found a good way to cleanly iterate through multiple facts. Does anyone have a good way for doing this? Should I be using a custom type? Thanks, Casey I'm inclined to say you're going to need something like that, but probably a custom /function/, rather than a custom type. That way you could ideally do things like: if has_ip('192.168.5.5') { ... } Though I'm a bit curious as to what kind of configuration decisions you're making, as it would be ideal if a manifest didn't key off that, but rather on the types of classes assigned to it. A class that behaves differently if installed on a different server seems to imply an inherited class would be useful. --Michael -- - Casey Feskenscfesk...@willamette.edu System Administrator/Network Svcs. Consultant Willamette Integrated Technology Services Willamette University, Salem, OR - -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: puppet for switches
On Wed, May 5, 2010 at 8:53 PM, Geoff Crompton geo...@trinity.unimelb.edu.au wrote: seph wrote: Geoff Crompton geo...@trinity.unimelb.edu.au writes: This might be a crazy idea, but it just popped into my head, and I wanted to know if it's possible. Perhaps not possible right now, but possible in a theoretical sense. Is it possible that puppet could be modified to be used to manage switches that have a command line based interface? I think there's a lot of value in configuration management system for network stuff. Though I don't think puppet is a good fit. Puppet has lots of types that don't really make sense in that context. http://www.netomata.com is the most recent thing I've seen in this space. I'm not sure how far along they are. seph I posted a similar question on sage-au just after my puppet post. Someone pointed me to http://www.netomata.com. While it looks like it has a little way to go, it looks so good that it deflated my enthusiasm for using puppet for this. Naturally TMTOWTDI. -- +-Geoff Crompton +--Debian System Administrator +---Trinity College Just to add a similar 'this would be neat' comment to it, I know several of the Cobbler guys have talked about wanting to see a libswitch kind of similar to a libvirt. If we had such a thing, making a Puppet type for it seems quite logical. This sounds like it would be along similar lines. Next steps: X-10 home automation hooks :) --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] custom facts run three times?
On Mon, May 3, 2010 at 4:32 PM, Marcus, Allan B al...@lanl.gov wrote: I put a puts running my fact into a custom fact. Then I run puppetd from a client in debug mode. I see the running my fact three times. Does this mean that the custome fact code is executing three times on the client every time? Hmm, that wouldn't be good. First question -- what versions of Puppet and facter? Secondly, can you share your fact code with us? (a gist on github.com perhaps, or just paste it if it's small?) --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: GSoC - Introducing myself
On Thu, May 6, 2010 at 2:50 PM, Dan Bode d...@puppetlabs.com wrote: Hi Carla, I am currently working on a noder type that I will use to model cloud provisioning with puppet. It would be nice if we could use the same type specification. Let me get what I have checked in to github so you can at least have a peek at the specification. Also, here is a primitive example of virtual machine modeling in Puppet lang. http://github.com/puppetlabs/puppetlabs-nodes -Dan Can you give some examples of your system in practice Dan? I'm confused as to why the YAML is there as an intermediate layer. Ideally I want to be able to do something like this on a host: virt { vmname = 'example-host', virt_ram = 512, # Megs, changeable install_kernel = '/path/to/vmlinuz', install_initrd = '/path/to/initrd.img', virt_disk_size = 100 # GB, not changeable ensure = running, autoboot = true, } FYI, some things I want to make sure we can do: * install qemu and KVM guests * install Xen guests both fullvirt and paravirt * kernel + initrd installs (not image based) if the given VM name does not exist (if we do images, we do them second). * change RAM assigned to virtual machine * control virtual machine start/stop state as well as autoboot at next OS restart state * change number of virtual CPUs. Eventually we'll want to augment install_kernel and install_initrd to take an image, and then for bonus points, a cobbler profile or system name and a server address, in which case, it wouldn't need to supply any parameters other than the name of the profile/system. --Michael On Thu, May 6, 2010 at 11:44 AM, Carla Araujo carla.aso...@gmail.com wrote: Hi! On Thu, May 6, 2010 at 3:17 PM, Marc Fournier marc.fourn...@camptocamp.com wrote: Cool, I'm looking forward to check out your work ! Just wondering if there are plans to use libvirt, which supports much more systems than just xen and kvm ? It even seems to have ruby bindings. Marc Yes, I will use libvirt. Initially I plan to test it using XEN and KVM, and then further technologies will be added =) --Carla -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: GSoC - Introducing myself
On Thu, May 6, 2010 at 4:54 PM, Michael DeHaan mich...@puppetlabs.com wrote: On Thu, May 6, 2010 at 2:50 PM, Dan Bode d...@puppetlabs.com wrote: Hi Carla, I am currently working on a noder type that I will use to model cloud provisioning with puppet. It would be nice if we could use the same type specification. Let me get what I have checked in to github so you can at least have a peek at the specification. Also, here is a primitive example of virtual machine modeling in Puppet lang. http://github.com/puppetlabs/puppetlabs-nodes -Dan Can you give some examples of your system in practice Dan? I'm confused as to why the YAML is there as an intermediate layer. Ideally I want to be able to do something like this on a host: virt { vmname = 'example-host', virt_ram = 512, # Megs, changeable install_kernel = '/path/to/vmlinuz', install_initrd = '/path/to/initrd.img', virt_disk_size = 100 # GB, not changeable ensure = running, autoboot = true, } In the above, I mean: virt { vmname: } FYI, some things I want to make sure we can do: * install qemu and KVM guests * install Xen guests both fullvirt and paravirt * kernel + initrd installs (not image based) if the given VM name does not exist (if we do images, we do them second). * change RAM assigned to virtual machine * control virtual machine start/stop state as well as autoboot at next OS restart state * change number of virtual CPUs. Eventually we'll want to augment install_kernel and install_initrd to take an image, and then for bonus points, a cobbler profile or system name and a server address, in which case, it wouldn't need to supply any parameters other than the name of the profile/system. --Michael On Thu, May 6, 2010 at 11:44 AM, Carla Araujo carla.aso...@gmail.com wrote: Hi! On Thu, May 6, 2010 at 3:17 PM, Marc Fournier marc.fourn...@camptocamp.com wrote: Cool, I'm looking forward to check out your work ! Just wondering if there are plans to use libvirt, which supports much more systems than just xen and kvm ? It even seems to have ruby bindings. Marc Yes, I will use libvirt. Initially I plan to test it using XEN and KVM, and then further technologies will be added =) --Carla -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: GSoC - Introducing myself
I am working on an EC2 type/provider, here is an example of its usage: noder{'blah': ensure = present, user = 'user', password = 'password', image = 'ami-84db39ed', desc = 'happy instance', } your noder example looks good ... you could add a virt_type and not use a lot of the fields when doing non-EC2/cloud. A big part of what I want to do is to not require using the images, so that's definitely going to be a new thing. (It also requires a new field kernel_options ...) If it's in a branch there though with a separate provider (link), we could easily have Carla fork it and extend it. Providers could raise errors if they are used with incompatible arguments. --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: GSoC - Introducing myself
On Thu, May 6, 2010 at 5:21 PM, Michael DeHaan mich...@puppetlabs.com wrote: I am working on an EC2 type/provider, here is an example of its usage: noder{'blah': ensure = present, user = 'user', password = 'password', image = 'ami-84db39ed', desc = 'happy instance', } your noder example looks good ... you could add a virt_type and not use a lot of the fields when doing non-EC2/cloud. A big part of what I want to do is to not require using the images, so that's definitely going to be a new thing. (It also requires a new field kernel_options ...) If it's in a branch there though with a separate provider (link), we could easily have Carla fork it and extend it. Providers could raise errors if they are used with incompatible arguments. --Michael Here's what I mean by virt type: noder { provider = 'libvirt', virt_type = 'qemu' } The idea is that we could reuse the one provider to do all the libvirt development, and EC2 could be a different provider. (Optionally, we could create a libvirt library, and have providers for EC2, xen, and qemu seperately, but they share way so much in common). (Also for those that don't know, qemu is the virt type underlying KVM. If kvm-intel or an equivalent kernel module is present, /dev/kvm exists, and the OS is then accelerated. Xen paravirt works a little differently, meaning it isn't accelerated, but requires a specially modified OS. Xen fullvirt can use any OS, but requires special hardware. When using Xen, we'd also need to pass around paravirt = true or paravirt = false. Virtualization is complicated. Fun, but complicated :) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Using classes from extnode to define config files?
This will work, but I'd use a selector. Search for selector in this document: http://docs.puppetlabs.com/guides/more_language.html The reason being, is you could supply a default if no match was found, rather than it just generating an error. I would use one to assign a variable to the template name, and just do template($template_name) as normal, that way you don't evaluate template() more than once. A node can belong to more than one class, so I wouldn't rely on the idea of using $CLASSNAME.(For instance, the external nodes system could say I'm a webserver, and I'm also an appserver later. Since you're using cobbler, you any --ksmeta variables you set are available as variables in Puppet. (Others can see docs on this here: https://fedorahosted.org/cobbler/wiki/UsingCobblerWithConfigManagementSystem ) Parameterized classes, coming in the next release, will make this a lot easier -- though it's something Cobbler's going to have to adapt to. --Michael On Fri, Apr 30, 2010 at 6:10 AM, Peter Meier peter.me...@immerda.ch wrote: but I'm not too sure how to set the value of $CLASSNAME. we do something similar: file{'/etc/exim/exim.conf': source = [ puppet://$server/modules/site-exim/${fqdn}/exim.conf, puppet://$server/modules/site-exim/${exim_type}/exim.conf, puppet://$server/modules/site-exim/exim.conf, puppet://$server/modules/exim/exim.conf ], require = Package['exim'], notify = Service['exim'], owner = root, group = mail, mode = 0640; } http://git.puppet.immerda.ch/?p=module-exim.git;a=blob;f=manifests/base.pp;h=a0b2d02ca3e1a95b0ddc0b48fa54efb5d2981774;hb=76f594abd5dabffe86bdaeecb99b15bda4b968fc#l13 what we do then is to set per node the variable (or in an external node tool called parameter) $exim_type to set it to something like 'antivirus', 'webhosting' or whatever. and then have in site-exim/files/antivirus/ the appropriate config file. btw: we nearly got rid off that, as we started to split the exim configuration into different subfiles and including them. We then deploy only these include files based on exim_type. This has the advantage, that we have only one identical main-exim config and do all the tweaks in little files we just include. cheers pete -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Some advice on using hashes in ERB templates needed
Now I want to iterate over the 'workers' inside the ERB template and tried (among others) this: 16 % workers.each do |worker| -% 17 %= @m_worker = Marshal.load(worker) % 18 worker.%= worker %.type=%= @m_worker.type % ... 25 26 % end -% Accessing the 'workers' hash works, but accessing 'worker.type' and 'worker.host' not. I guess I will have to learn Ruby now ;-) but in the meantime, can some Ruby expert please tell me how to do this? Thanks a lot in advance! Bernd worker['type'] and worker['host'] is the way the Ruby should look. --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Some advice on using hashes in ERB templates needed
On Fri, Apr 30, 2010 at 9:18 AM, Michael DeHaan mich...@puppetlabs.com wrote: Now I want to iterate over the 'workers' inside the ERB template and tried (among others) this: 16 % workers.each do |worker| -% 17 %= @m_worker = Marshal.load(worker) % 18 worker.%= worker %.type=%= @m_worker.type % ... 25 26 % end -% Accessing the 'workers' hash works, but accessing 'worker.type' and 'worker.host' not. I guess I will have to learn Ruby now ;-) but in the meantime, can some Ruby expert please tell me how to do this? Thanks a lot in advance! Bernd worker['type'] and worker['host'] is the way the Ruby should look. Also, you shouldn't need Marshal.load and the @m_worker either. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] use both ldap and text files
/etc/puppet/manifests/site.pp (which probably loads your nodes.pp) and an external node source can be used together. So if you have an external nodes tool that queries LDAP, it would also work with site.pp http://docs.puppetlabs.com/guides/external_nodes.html On Fri, Apr 30, 2010 at 7:07 AM, walexey wale...@gmail.com wrote: How can i use for node definitions both /etc/puppet/manifests/nodes.pp and ldap? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] LF complete recipe bundle
On Fri, Apr 30, 2010 at 9:26 AM, Alan McKay alan.mc...@gmail.com wrote: http://projects.reductivelabs.com/projects/puppet/wiki/Complete_Configuration Excellent! I had not found that! This was my biggest problem with Puppet the last time I looked at it about 6 or 7 months ago - I understood the concepts of what the docs were telling me, but I needed a big picture to see how it all fits together in a real-world scenario. I also stumbled upon the book and picked up a copy, which has been a big help for me as well. You might also want to go to our Puppet class... it's very good for understanding why you would use all of the various components in conjunction with one another. We've got one in DC coming up soon and are going to be in the Bay Area in a few months as well. http://www.puppetlabs.com/category/events/upcoming/ I'd really recommend it for anyone who's starting out and wants to get best practices down. --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] macaddress fact
On Fri, Apr 30, 2010 at 2:16 AM, Daniel Pittman dan...@rimspace.net wrote: Marcus, Allan B al...@lanl.gov writes: How does puppet determine the macaccess fact? For example, my MacPro has two enternet ports. macaddress = 00:25:00:ef:fb:ce macaddress_en0 = 00:25:00:ef:cf:a1 macaddress_en1 = 00:25:00:ef:fb:ce if I change the wire to the other port (and set the IP address appropriately in network), I get the same factor results. It seems factor always report en1 as the macaddress. Is macaddress supposed to be the active mac address? I suppose it would be difficult to determine 'active' if the computer was plugged into two networks at the same time, but that is rarely the case in my environment. Any ideas on how to get the 'active' mac address? Er, you noted that you fixed this elsewhere, but... The 'macaddress' fact is a load of random garbage with no meaningful connection to reality: it picks a random address from the output of ifconfig, rather than anything useful. The idea of an active MAC is meaningless: my laptop currently has two active MAC addresses: 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.45 metric 1 192.168.201.0/24 dev wlan0 proto kernel scope link src 192.168.201.109 metric 2 169.254.0.0/16 dev eth0 scope link metric 1000 default via 192.168.1.1 dev eth0 proto static macaddress_eth0 = 00:1c:25:1e:26:6f macaddress_wlan0 = 00:1d:e0:55:48:45 There is no meaningful way to talk about one of those being active to the exclusion of the other: both are active, have real routes, and are interacting with external devices. You can even fail-over traffic between the two. The right fix would be to put that poor, meaningless fact to sleep before someone mistakes it for something actually *significant*. Yep. The goal for Facter is to have these facts eventually namespaced, though we probably will have to keep existing fact names for backwards compatibility. That is to say, I want to be able to use:nic::wlan0::mac_address and nic::eth0::ip_address, etc. ipaddress itself is not so predictable either in a multi NIC setup, so being explicit is good.Even virtual machines can be dual homed. --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Using classes from extnode to define config files?
Does anyone know how to achieve the above in a prettier fashion? Thinking about it some more... Create a baseclass called exim and subclasses called exim:web and exim:smtp Have the class webserver include exim:web and the class smtpserver include exim:smtp. --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Odd error
What version of Puppet? Anything interesting in the logs? I see similar errors in google history but nothing mentioning 'puppetreports.report' ... --Michael On Thu, Apr 29, 2010 at 3:36 PM, Baker, Luke Jefferson bake...@missouri.edu wrote: Hello, On our ‘dev’ puppetmaster, we are experiencing a weird error, or bug. If I manually call puppet (or let the schedule kick it off) this is returned.. err: Could not retrieve catalog from remote server: Error 400 on SERVER: private method `gsub' called for :puppetreports.report:Symbol warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run This is occurring on the dev puppetmaster itself and one of our clients out in the wild. Any thoughts? ;) --Luke Baker -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] gem provider and alternate Ruby installs
There's not a parameter for that, though it seems like it could be added. How about filing a feature request at projects.puppetlabs.com? In the meantime, you could copy the code for the gem provider and call yours gemee or similar, making a very small modification? --Michael On Thu, Apr 29, 2010 at 2:16 PM, Mark Plaksin ha...@usg.edu wrote: Hi: Can I give the gem package provider the path to the gem command? I can't see a way to do that. We'd like to do it to, for example, install gems into our ruby-ee install. Thanks! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] clients stopped retrieving catalog - error 403 forbidden request - possible corruption?
On Thu, Apr 29, 2010 at 1:08 PM, Jason Amato amato_ja...@yahoo.com wrote: All 150 , except two, clients have suddenly stopped retrieving catalogs from the master. Something happened last night, no changes were made. I have been running everything for many months now. Maybe something with the certificates? I can I sync the certs from the master back to the clients? Did you mean to say can I?. I'd want to know if that was the root problem first... it might not be. Have you tried restarting the puppetmaster and/or clients to see what happens? Anything interesting in the logs? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] RSS feed correction
If anyone's wondering why our feedburner feed is not updating, it's because it's pointing at the wrong URL. You may want to subscribe to http://www.puppetlabs.com/category/blog/blog/feed/ directly using your RSS reader. --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] storeconfigs seems to disable external nodes
I'm wondering if you're getting an error somewhere that could help explain this, it certaintly is not expected. Anything interesting in the logs? Could you run the puppetmaster in --no-daemonize --debug mode and see if you get any output when doing this? --Michael On Wed, Apr 28, 2010 at 9:05 AM, robertbogdon robertbog...@gmail.com wrote: I have a working configuration using external nodes, but when I enable storeconfigs using either Sqlite or MySQL, nodes no longer get assigned their classes from the external nodes script. I'm currently using the 0.25.4-2ubuntu6 packages from Ubuntu 10.4. Disabling storeconfigs and restarting puppetmaster causes nodes to be assigned classes from the external nodes script. I've done some looking and haven't seen anything that says these two are mutually exclusive. Any help would be appreciated. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] RHEL 6
On Tue, Apr 27, 2010 at 5:54 PM, Marc Fournier marc.fourn...@camptocamp.com wrote: Quick question: Has anyone tried Puppet on the RHEL 6 beta? We have to start gearing up at work to replace our RHEL5 servers with RHEL6 to resolve a bunch of long running issues we have, and I didn't even want to download the iso until I knew someone else had given it a whirl with cobbler/puppet. There seem to be some weirdness with facter I didn't investigate further yet. Puppet apparently runs fine but I didn't throw hundreds of resources to my test machine yet. Being RHEL6 is based on Fedora, I shouldn't expect any weirdness; lots of people (including Fedora itself) are using Puppet on that platform. Definitely open up bugs on those facter issues you are seeing, hard to fix what you might be seeing without specifics :) --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] status of cpan provider?
On Tue, Apr 27, 2010 at 5:02 PM, Alan McKay alan.mc...@gmail.com wrote: Hi folks, I was just digging through the archives and found some comments from Sept 2008 about CPAN provider being immature. Personally, I wouldn't want a CPAN provider -- if you can get content from OS packages (debian is particularly good about this), I would use those. CPAN's need to build things locally and update at unpredictable intervals (and frequently not building) means I really wouldn't want to connect a production machine directly to it. Doing really minimal packaging for the CPAN modules you use, if not already packaged, would be worth it in my opinion. --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] status of cpan provider?
On Wed, Apr 28, 2010 at 12:04 PM, Alan McKay alan.mc...@gmail.com wrote: On Wed, Apr 28, 2010 at 11:04 AM, Michael DeHaan mich...@puppetlabs.com wrote: Doing really minimal packaging for the CPAN modules you use, if not already packaged, would be worth it in my opinion. I'm biased towards, when possible, distributing package content via RPM or deb ... but ideally, those too. You are free to ignore that, but those are my preferences. If a CPAN library requires libcurl and libcurl isn't installed, that's something the OS package manager can deal with for you. I like having all my dependencies in the system, in other words, and also having (where possible) only one package manager. So how do you mean? One thing I was thinking of is building once on a central machine and then sticking it from there into puppet to distribute as a filesystem. But I'd have to take care about 32/64 bits and OS differences. Well, there are noarch packages, but for those that contain native code, yes. I prefer not to do builds on production machines. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Zenoss joint partnership announcement
Hi folks, See a recent post on our blog that we're pretty excited about: http://www.puppetlabs.com/blog/zenoss-and-puppet-labs-partner-to-deliver-integrated-it-monitoring-and-automation-for-next-generation-datacenters/ If you're interested in using Zenoss and Puppet together, we can now more easily work together to help you with your infrastructure. Integration with other management tools is going to be a big theme for Puppet in the future, whether from setting up monitoring, being monitored, integrating with logging systems, virtualization systems, etc.Look for more of this sort of thing in the future. --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Fabric vs ControlTier
You probably mean that just for firing commands over group of machines, it's better to be done in SSH loop tools, like Func/Fabric/ etc, as it doesn't require client installation? Just to clarify, Func does not use SSH.It uses XMLRPC over SSL, very similar to how Puppet works (no REST though), and has a daemon. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Fabric vs ControlTier
I see, so Fabric is actually the only tool which allows agent-less operations. aka Distributed SSH? There are others, not sure of any that make it into more of a language. Are there any Puppet modules available for Func and MCollective agents? Not for Func, but I'm sure they would like it if you wrote one :) Here's the current list: https://fedorahosted.org/func/wiki/ModulesList It's simple enough to just call command execute and invoke puppetd, which is what most people do (if they are doing that). The module would just shorten the command. https://fedorahosted.org/func/wiki/CommandModule You could also pretty easily make a module that surfaced facts for augmenting the data in Func-Inventory: https://fedorahosted.org/func/wiki/FuncInventory However that's kind of extra if you are also using storeconfigs, so I'm not sure you'd want to do that, but you could. --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ad hoc tasks with puppet
On Mon, Apr 19, 2010 at 12:42 PM, Sukh Khehra skhe...@proofpoint.com wrote: I have a need to audit user accounts on all of my puppet clients. Essentially, I need to collect the password and shadow file from all of my clients to one central location and analyze them. How would someone do this using puppet. Is there any mechanism to ship files to the master from the client? From the recent Fabric vs ControlTier thread, it sounds like people end up using other tools to do stuff like this but I was wondering if I can use puppet for this… There is a backup facility, though it's probably not want you want in this case. Currently it's not highly instrumented for combing through backups and finding what you want to look at, and stores things named after md5sums. http://docs.reductivelabs.com/guides/types/file.html You could use Puppet to execute something like rdiff-backup ? Another, unrelated, question I have is regarding tags. Can I do “puppetrun --host hostA --tags classA” if classA is not otherwise assigned to hostA? Tags are really not about classes, tags are a seperate concept. --tags means run resources tagged with this value. Puppetrun is due for some upgrades -- though these are going to wait a bit in priority behind some other things, as we're doing a lot of improvements to the way the internals of the catalog/etc behave and want to make a puppetrun that works well with multiple sources of node information, rather than just LDAP, which it does now. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ad hoc tasks with puppet
On Mon, Apr 19, 2010 at 2:51 PM, Sukh Khehra skhe...@proofpoint.com wrote: Thanks for your reply. On my tags question I used the class as an example because I read that puppet auto creates a tag using the class name. My question really is whether the resource referenced by the tag should already be assigned to the host via node classification for this to work. Yes, it means of all the resources assigned to the host, run the ones that are tagged foo. E.g. lets say I have a class like this. class preupgrade { exec { /etc/init.d/httpd stop: tag = stopapache } } I don't want to assign this class to all nodes but want to be able to trigger it on an ad hoc basis. So my question is can I do this on the master without first assigning the preupgrade class to hostA? puppetrun --host hostA --tags stopapache In other words, does puppet look for the tagged resources in the entire config codebase or just the stuff that is applicable to the node by virtue of node classification. You could use conditionals, right? Though that might be a little weird, and seems like it could result in a Apache that restarts /often/ if you have it configured with puppetd. I'm not sure I like the idea of something that requires that puppetd *not* be in use to work as you intend it. Anyway, see conditional docs: http://docs.reductivelabs.com/guides/more_language.html However it's a little bit of a fringe usage to use the model to do this presently. I'd much rather just be able to use ralsh remotely to call the exec. That being said, I'd *love* for this kind of thing to be possible. I'd like to describe my power management configuration for a class of hardware in Puppet, for instance. ( Example: https://fedorahosted.org/cobbler/wiki/PowerManagement ) Hope this makes sense. -Original Message- From: puppet-users@googlegroups.com [mailto:puppet-us...@googlegroups.com] On Behalf Of Michael DeHaan Sent: Monday, April 19, 2010 11:07 AM To: puppet-users@googlegroups.com Subject: Re: [Puppet Users] ad hoc tasks with puppet On Mon, Apr 19, 2010 at 12:42 PM, Sukh Khehra skhe...@proofpoint.com wrote: I have a need to audit user accounts on all of my puppet clients. Essentially, I need to collect the password and shadow file from all of my clients to one central location and analyze them. How would someone do this using puppet. Is there any mechanism to ship files to the master from the client? From the recent Fabric vs ControlTier thread, it sounds like people end up using other tools to do stuff like this but I was wondering if I can use puppet for this... There is a backup facility, though it's probably not want you want in this case. Currently it's not highly instrumented for combing through backups and finding what you want to look at, and stores things named after md5sums. http://docs.reductivelabs.com/guides/types/file.html You could use Puppet to execute something like rdiff-backup ? Another, unrelated, question I have is regarding tags. Can I do puppetrun --host hostA --tags classA if classA is not otherwise assigned to hostA? Tags are really not about classes, tags are a seperate concept. --tags means run resources tagged with this value. Puppetrun is due for some upgrades -- though these are going to wait a bit in priority behind some other things, as we're doing a lot of improvements to the way the internals of the catalog/etc behave and want to make a puppetrun that works well with multiple sources of node information, rather than just LDAP, which it does now. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet
Re: [Puppet Users] Re: Fabric vs ControlTier
Are there any Puppet modules available for Func and MCollective agents? Ah, Puppet modules. I read that backwards, sorry :) Func: http://puppet-modules.git.puzzle.ch/?p=module-func.git Nice! Yeah, just basic service-package-file. Looks good! --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Fabric vs ControlTier
On Fri, Apr 16, 2010 at 3:25 PM, SyRenity stas.os...@gmail.com wrote: Hi. I'll throw a couple more into the mix --- Func also runs on your CentOS machine and can use Puppet certs in the latest source version. How Func compares to Fabric? By puppet certs, you mean it's enough to add Puppet client to Puppet master, and Func can re-use the created certificates? Yes. https://www.redhat.com/archives/func-list/2010-March/msg3.html There's also Capistrano and mcollective. (And a lot of distributed ssh tools on the side.) I actually tried Capistrano sometimes ago, didn't quite like it due to extensive Ruby use (which admittedly I don't have much expired with). MCollective looks interesting, any how it compares to Func/Puppet? It introduces a message bus and does groups a little differently. Volcane would be the best person to ask. Func has a concept of modules where you can make reusable things to trigger remotely, though many people just use it for shell commands. I don't like to look at these as deployment tools -- I strongly prefer packaging applications properly and pushing them out with Puppet, but it's good for ad-hoc tasks like power these off now, or initiate OS reinstall. I find this approach problematic, as I won't have control over which box is being deployed. Moreover, it's not as clear for DB schema updates. Where you don't want packages, take a look at using something like http://github.com/reductivelabs/puppet-vcsrepo to check out code from source, right on your puppet managed machines. I presume this module supports a checkout of code right on the application machines? Yes. Again, I need to control exactly which deployment steps are performed on each machine, and it seems that Puppet requires a lot of work to achieve this, compared to other existing tools. I understand inter-machine orchestration is difficult, yes, there have been quite a few threads on this lately about what we might do to make this better in the future.Search for external resource for starters of what this may become. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Fabric vs ControlTier
On Thu, Apr 15, 2010 at 4:17 AM, SyRenity stas.os...@gmail.com wrote: Hi. While this not entirely related question to Puppet, I noticed many hear use Fabric for deployments and remote control. I'm currently checking a tool called ControlTier (namely ct_exec), as Fabric doesn't currently run on my CentOS machine. Can anyone say about the difference between these 2 deployment tools? Regards. I'll throw a couple more into the mix --- Func also runs on your CentOS machine and can use Puppet certs in the latest source version. http://fedorahosted.org/func (which I helped write) There's also Capistrano and mcollective. (And a lot of distributed ssh tools on the side.) I don't like to look at these as deployment tools -- I strongly prefer packaging applications properly and pushing them out with Puppet, but it's good for ad-hoc tasks like power these off now, or initiate OS reinstall.Func was really designed to be a reusable component for building secure remote applications, as we wrote one and found there wasn't a good framework to use for that. Where you don't want packages, take a look at using something like http://github.com/reductivelabs/puppet-vcsrepo to check out code from source, right on your puppet managed machines. --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Tags in Puppet
I'm not sure about tagging nodes versus tagging resources like a class. That all being said, I don't think the right modelling here is to use tags to determine behavior. Rather I'd have something like: class autofs class autofs::server inherits autofs class autofs::laptop inherits autofs and then in the node: node foo { include autofs::server } That will be more manageable as you aren't relying on what are essentially magic variables assigned to the node. Tags are useful for when you want to evaluate just part of the configuration, etc, such as tagging a class and running just the security parts, but I wouldn't use them in this way. On Wed, Apr 14, 2010 at 8:47 AM, Mark Nelson m...@tardis.cx wrote: Hello I am trying to use tags to differentiate between machines that are servers and machines that are clients. I am using the tag statement within the node definition as shown below - node shadow inherits default { tag(server) } The default node is defined as follows - node default { include root-ssh-key include dns include puppet include sshd include autofs } Within the class definition I am testing to see if the machine has been tagged as a server and setting variables accordingly. class autofs { if tagged(server) { $auto_master=puppet://puppet/files/common/etc/auto.master.server $auto_mt=puppet://puppet/files/common/etc/auto.master.server $auto_home=puppet://puppet/files/common/etc/auto.home.server } else { $auto_master=puppet://puppet/files/common/etc/auto.master.laptop $auto_mt=puppet://puppet/files/common/etc/auto.master.laptop } file { /etc/auto.master: source = $auto_master, owner = root, group = root, mode = 444, notify = Service[autofs]; } } When I run puppetd --test -dv, the following error appears - err: //autofs/File[/etc/auto.master]: Failed to retrieve current state of resource: Could not retrieve information from source(s) puppet://puppet/files/common/etc/auto.master.laptop at /etc/puppet/manifests/classes/autofs.pp:32 It appears that the if statement is failing. Am I using the tag feature incorrectly? I am using the following software - Operating System: Scientific Linux SL release 5.3 (Boron), Scientific Linux is a rebuild of Redhat Enterprise Ruby version: ruby-shadow-1.4.1-7.el5.x86_64 ruby-irb-1.8.5-5.el5_3.7.x86_64 ruby-libs-1.8.5-5.el5_3.7.x86_64 ruby-rdoc-1.8.5-5.el5_3.7.x86_64 ruby-1.8.5-5.el5_3.7.x86_64 ruby-augeas-0.3.0-1.el5.x86_64 ruby-ldap-0.9.7-3.el5.x86_64 Puppet Version: puppet-0.25.5-0.1.rc1.el5.noarch puppet-server-0.25.5-0.1.rc1.el5.noarch Any help gratefully received. Mark. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Total newbie question: customization of configuration files managed by a Puppet server
On Wed, Apr 14, 2010 at 6:37 AM, jerome moliere jerome.moli...@gmail.com wrote: Hi, excuse me if this question is a stupid one I'm about convincing my customers to use Puppet before this, I 'd like to make a POC with part from the current complexity ... Like any company (I guess) , we have different envrionments: - development - staging - production... Applications are deployed on 2 sites (40km of fiber channel wires between these 2 sites) Each environment induces a different list from IPs (servers), HA constraints present or not and so on.. I'd like to make a POC with one the service deplyoed here (the one I'm responsible of) Jboss servers: - Java applications (so require a JRE) - Unix service present - different config files (many in the Java world) On each machine I want to start 4 instances of the same Jboss service using different VIP addresses (ethernet bonding) so I want to do something like this (this is a very simplistic view because each server has got hundred of different config files but who cares): / / jboss1 server all deploy log4j.xml /jboss2 server all deploy log4j.xml /jboss3 server all deploy log4j.xml /jboss4 server all deploy log4j.xml This looks like a good place to use a defined type for a java app server, and use that resource multiple times with different variables passed in. The files under control will have the structure and quitely same contents (template) but they will use different IPs, different machine names, different ports and so on... I'd like to know if it was possible to manage such kind of structure because manys amples use static files ...(/etc/passwd). Does Puppet enable to manage /etc/passwd$i files ? Contents from this file would be scripted using ruby of course Not sure what you mean by /etc/password$i ... do you mean something like building a file out of smaller parts? In this case, absolutely... Actually in that case you what to use the User resource, but in cases where you want to build a common file out of multiple pieces created by multiple defined resources, this is a good place to use the File Fragment idiom, which you can see a bit of here: http://www.devco.net/archives/2010/02/19/building_files_from_fragments_with_puppet.php --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet high-availability
It would do for active/passive though.How about setting up an alias for ca that moved when the ca wasn't accessible (using --certname), and load balance the puppet serving parts since there's no race issues there. --Michael On Wed, Apr 14, 2010 at 10:06 AM, David Schmitt da...@dasz.at wrote: On 4/14/2010 3:42 PM, Michael DeHaan wrote: On Tue, Apr 13, 2010 at 7:39 PM, Christopher Johnston chjoh...@gmail.com wrote: How to deal with ssl certs, I have a similar situation where I have two puppetmasters per site and I would like to see them both handle serving puppet data at anytime from a VIP (primary/failover) type of operation. How about shared storage for the SSL dir? Would that be race-free with regards to updating the serial number and stuff? Best Regards, David -- dasz.at OG Tel: +43 (0)664 2602670 Web: http://dasz.at Klosterneuburg UID: ATU64260999 FB-Nr.: FN 309285 g FB-Gericht: LG Korneuburg -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Yum provider using version-release as version?
I think you're saying that Puppet isn't comparing installed packages quite the way yum does, and that yum would be able to find the match if executed with just the version and not the release, right? Yes this is correct. Its all about being less precise in your match. Ok, I agree this is a bug. Please file one if there isn't one already. I don't think we need a new regex matching parameter or anything, just that the internals of the provider do not seem to be correct when they don't work the same way as the yum CLI. --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How to push config from master ?
On Wed, Apr 7, 2010 at 6:58 PM, Bruce Richardson itsbr...@workshy.org wrote: On Mon, Apr 05, 2010 at 04:54:30PM +1000, Daniel Pittman wrote: thank you so much for the reply. i have bunch of webserver, i want to able be able run svn update to all the webserver from master. this is not what puppet specializes in. you can probably do it, but you will almost certainly find it more productive to use some alternate tool to implement this feature. I disagree. There's nothing wrong with doing this with Puppet, and we see this to be a very good way to deploy, for example, hosted apps and things that are traditionally hard to package. For instance, you can do a checkout at a specific git revision (I'm not positive the SVN module does this yet... but it should). Take a look at http://github.com/bruce/puppet-vcsrepo for a nice example of how to do this. If you can share other reasons why this doesn't work for you, or have additional ideas for improvements, let everyone know, and we can make it better. I don't see it desirable to manage the OS seperately from app deployments -- that's an incomplete model -- and our current limitation in this area is in modelling interactions /between/ servers. In the case of doing a simple SVN checkout, not a problem. And for the idea of gating conditions on external resources, we're making strides in that direction. http://github.com/reductivelabs/puppet-external-resource --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] File Size
On Wed, Apr 7, 2010 at 1:38 PM, Patrick kc7...@gmail.com wrote: I second this. Puppet will load the whole file into ram, and puppet never deallocates memory. It's almost always better to move big files by putting them into a package or using an Exec type with creates. Just to be clear, the deallocation beyond a threshold is largely a present-version-of Ruby limitation. That isn't to say there aren't some other things we can do to make fileserving better -- such as the streaming improvements in the next release (this should help a fair amount!) As I just mentioned one of them on the list, there are a couple alternatives to fileserving you can look at now if you want to transfer content. One (not so suitable for binary content) is something like http://github.com/reductivelabs/puppet-vcsrepo using source control. Another recommended approach, and really it's the right thing to do in many cases, are read only NFS mounts with copies sourcing of those locations. You could also, if you really wanted, use an Exec+rsync, though I'd go the NFS (or samba, etc) approach first. Fileserving is definitely something you'd continue to want to do with templates and such, but not so much for app deployment. Moving forward, I think you'll see more support and features around alternative ways to deploy files, such as vcsrepo. If there's another use case around this that I'm missing, where NFS or source control won't work, let me know. --Michael On Apr 7, 2010, at 10:21 AM, Daniel Kerwin wrote: Not sure about a limit but puppet isn't very good at transfering really big files. This may lead to memory problems afaik -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] File Size
On Wed, Apr 7, 2010 at 8:20 PM, Christopher Johnston chjoh...@gmail.com wrote: Nfs is not always feasible in controlled environments. I run kernels with the nfs stack completely removed to cut out kernel bloat (for size). And it can be slow and annoying, yes :) Rsync integration into puppet directly would be attractive and very useful. What would you see this doing beyond an Exec call, or would it just be sugar around that call? I'm wondering what the don't execute if conditions might be, in other words to avoid hitting the server, or if that's meaningful. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet Dashboard packages now available!
On Tue, Apr 6, 2010 at 3:48 AM, James Turnbull ja...@lovedthanlost.net wrote: Hi all I've created RPM and DEB packages for the Puppet Dashboard 1.0.0rc1. These are available via APT and Yum repositories hosted by Puppet Labs. Cool. A puppetlabs-release RPM might be nice for this. --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Could not find dependency
define adduser ($shell, $group, $fullname, $ingroups=, $uid=, $home=) { group { $group : ensure = present } user { $name : ensure = present, comment = $fullname, gid = $group, groups = $ingroups, membership = minimum, shell = $shell, home = $home, uid = $uid, } } It perhaps runs the risk of referencing the group twice if you add a user with the same main group more than once. Take a look at http://docs.puppetlabs.com/guides/virtual_resources.html for how to handle that. --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Mongrel : Can't download files
On Wed, Mar 31, 2010 at 6:05 AM, smain kahlouch smain...@gmail.com wrote: Hi, i'm following the steps of the documentation but the links are not working. I can't download the files : http://projects.reductivelabs.com/projects/puppet/wiki/Using_Mongrel_On_Debian Thanks for your help, Grifith This looks like this might have happened as part of the redmine conversion, as the attachment still references a URL in Trac. It could also be a problem with the rewrite rules having changed since the site migration. (James, do you know anything about attachment migration?) I've seen some other docs that had attachments migrated, though I'm not sure why this one is an outlier. --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] REST API for puppet
On Tue, Mar 30, 2010 at 8:36 PM, Paul Lathrop paul.lath...@gmail.comwrote: It does exist! Sadly, the documentation is the code, as far as I've been able to determine. You can get a fair amount of information if you are using a webserver like Apache in front of puppetmasterd by watching your access logs. --Paul One of the things I want eventually is for us to have documentation on what is possible in a user API at docs.puppetlabs.com. Our top end API doesn't have a lot for you to drive the puppetmaster or dashboard programmatically yet, and it's more puppetmaster-to-node. I think you'll see that evolve over time. We should definitely clarify a bit more (in those docs) what is possible via REST now for scripting against Puppet, though I think for the most part you can look at REST today as largely an internals feature (faster/better RPC) and over the long hall you'll see that become more of a strategic documented integration API.It's certaintly the kind of thing we want to enable, allowing other tools to latch on to Puppet to use it as their configuration management engine. (Just as we want to (and do) enable Puppet to latch on to those external systems, as we do with things like custom functions and external nodes). Hope that helps, --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Reminder: student Google Summer of Code signups close April 9th
As I mentioned previously, Puppet is part of Google Summer of Code this year. I'm really excited to see this. If you are or know a student who might like to work on Puppet and related tools, sign up for Google Summer of Code ends April 9th. If you'd like to talk about questions/concerns/thoughts/ideas, or just can't figure out that incredibly complicated Google Summer of Code web tool, please email me off list. If you don't know a student, perhaps you should camp outside a college with signs and distribute literature? Uncle Puppet needs you! --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Could not find dependency
On Wed, Mar 31, 2010 at 6:30 PM, Darvin Denmian darvin.denm...@gmail.comwrote: Hello, I have the following define: define adduser ($shell, $group, $fullname, $ingroups = none, $home = none) { user { $name: ensure = present, comment = $fullname, gid = $group, groups = $ingroups, membership = minimum, shell = $shell, home = $home, require = Group[$group] } } and the following call for this define: adduser { teste : shell = /bin/bash, group = teste,fullname = teste Workgroup,ingroups = admin } and . the following error: err: Could not run Puppet configuration client: Could not find dependency Group[teste] for User[teste] at /etc/puppet/modules/sysadmin/manifests/init.pp:13 Can somebody help me with this error? Thanks ! Dependencies for groups are implicit when they are listed with a user, so what you have for $ingroups (I could be wrong here), should cover you and you won't need the require. However, where's the group, right? You will not be able to reference an explicit dependency unless somewhere in your configuration you are declaring the Group. In the above example, you don't have the Group declared, so most likely it is not present, hence the problem. I may be lacking some additional context, but from what you've shared, that looks like the problem to me. --Michael = -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: How to manipulate contents of directory without affecting parent directory
I was hoping that there was a way for Puppet to remember the subdirectories and only chmod on new subdirectories that are not mode 700... or if that is too complicated to support internally, then something simple like: If file{} had globbing ability, then [pseudo] file { /foo/*: ... } for item in /foo/* if item is not a directory: then continue if item mode != 700: then chmod 700 item Thus the server doesn't know what files the client has, so it can't presently do that -- it couldn't build the resource graph. Exec in your usage may feel like the thermonuclear option, but you're using it in a fairly limited way... be sure it's executed with a require in the right place in the dependency chain and it's not too unreasonable IMHO, as it's not a resource intensive command. It's there to fill in the gaps for things that are hard to model. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Calling a function from a template
On Fri, Mar 26, 2010 at 11:08 AM, Mike mruncie...@gmail.com wrote: On Mar 26, 10:59 am, Michael DeHaan mich...@puppetlabs.com wrote: Does scope.function_echo([temp]) work instead? That did it! Thanks a lot! Great, I'll add some info to our docs about this. If anyone else has suggestions on similar tricks/things that are not covered with respect to custom functions, types/providers, etc, let me know! --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Changing multiple files
On Tue, Mar 23, 2010 at 5:03 PM, jsearles jsear...@gmail.com wrote: Thanks for the suggestion Michael, but I am not able to control what yum repos are in the directory. This is more of a check to make sure if a repo is there and is enabled that the gpgcheck is also enabled. John Ok, I don't know enough about augeas details to say whether it can wildcard multiple files like that. However, yum.conf does allow you to set the global default for gpgcheck in yum.conf, which while it doesn't prove someone didn't disable gpgcheck, is still a good idea. If you're allowing folks to install their own files in yum.repos.d, then it's still possible for them to install packages with gpgcheck=0 in between Puppet runs.I assume that's probably for a desktop user kind of case, in server land, I'd be worried if I didn't know what repos a machine was attached to, because I might be getting a newer/different version of a package. For instance, sometimes versions in a repo like freshrpms/dag/etc will sometimes override something in OS base with an incompatible version (and a higher package version). If you don't know which ones you are installing that sometimes can cause problems.More reason to manage them all by Puppet if you can, and locally mirror what content you want to roll out (use yumdownloader to do selective mirroring versus a full reposync, if pulling content from those repositories). Sorry for the tangent :) Probably a good question for augeas-devel. --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] sharing variables between definitions
On Wed, Mar 24, 2010 at 3:10 PM, Gustavo Soares gustavosoa...@gmail.comwrote: Hi everybody! I would like to share a group of variables between definitions and I don't know what it is the best approach to do this... First, let me explain the situation... I were using a class and defining those variables inside of it.. then I used inheritance to this class to get the variables instantiated. For instance: class common_variables { $a_var = hello world } class class_a inherits common_variables { notice($a_var) } class class_b inherits common_variables { notice($a_var) } If I understand this correctly, you'd like to use different variables with the same definitions? This sends 5 as a notice value: class base { $x=3 define yell($what) { notice($what) } } class outera inherits base { $x=4 base::yell { some title : what = $x } } class outerb inherits base { $x=5 base::yell { some title : what = $x } } Let me know if I misunderstood. --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] sharing variables between definitions
On Wed, Mar 24, 2010 at 5:11 PM, Michael DeHaan mich...@reductivelabs.comwrote: On Wed, Mar 24, 2010 at 3:10 PM, Gustavo Soares gustavosoa...@gmail.comwrote: Hi everybody! I would like to share a group of variables between definitions and I don't know what it is the best approach to do this... First, let me explain the situation... I were using a class and defining those variables inside of it.. then I used inheritance to this class to get the variables instantiated. For instance: class common_variables { $a_var = hello world } class class_a inherits common_variables { notice($a_var) } class class_b inherits common_variables { notice($a_var) } If I understand this correctly, you'd like to use different variables with the same definitions? This sends 5 as a notice value: class base { $x=3 define yell($what) { notice($what) } } class outera inherits base { $x=4 base::yell { some title : what = $x } } class outerb inherits base { $x=5 base::yell { some title : what = $x } } Sorry for the confusion -- I'm missing a include base at the very bottom of my example. If that's not what you meant about variables in defines, please clarify. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] sharing variables between definitions
On Wed, Mar 24, 2010 at 5:51 PM, Gustavo Soares gustavosoa...@gmail.comwrote: Hi, Michael! thanks for your reply! actually it is the opposite.. :) i.e, I want to use the same variable, but in different definitions... Ok, sorry for the confusion. I would have thought $common_variables::x would have worked to reference something in a parent, but it does not. Perhaps someone else can share a workaround as I'm not too familiar with scoping in this case. I know you can do variables at top scope or through your external nodes classifier, but that is not ideal. --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Changing multiple files
On Tue, Mar 23, 2010 at 10:21 AM, jsearles jsear...@gmail.com wrote: Hello, I am trying to check for each enabled repo in /etc/yum.repos.d/ that the gpgcheck is set to 1. I wanted to do this with Augeas, but I cant seem to get it to work. I tried something like the following but it does not work. augeas{ /etc/yum.repos.d-gpgcheck : context = match /files/etc/yum.repos.d//*[enabled ='1'], changes = set gpgcheck 1, } Anyone have any ideas on how to accomplish this? Hi John, Have you seen this... http://docs.reductivelabs.com/references/stable/type.html#yumrepo ? You may want to manage all yum repos with puppet and use 'purge' to remove repos that aren't puppet managed (that are user created outside of Puppet), making sure you include the repos you need from the distribution. --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet is part of Google Summer of Code this year
As posted previously to Twitter, though I don't think I emailed it out, Puppet is part of Google Summer of Code this year. We don't know yet how many student slots we're going to get, but we've asked for 2 right now. If you know of students who would like to work on Puppet (and get paid!) (not by us!) (thank you Google!), please let us know. We have some ideas of our own but are also open to suggestions as long as they are generally widely usable by a lot of people. There's a huge amount of investment into mentoring a project to manage a Ms. Pacman machine, as amazingly cool as that might be :) If you're a student and would like to propose a project, you can email me off list with your ideas. http://socghop.appspot.com/ We have a starter list here: http://projects.reductivelabs.com/projects/gsoc/wiki --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] certificates
On Mon, Mar 22, 2010 at 2:01 PM, Arnauld a.micheli...@gmail.com wrote: Hi, It may be obvious but I don't understand what the 'ca/ca_*.pem' and the 'certs/ca.pem' files stand for :( It sounds a bit 'redundant' to me Someone has an explanation ? Hi Arnauld, Have you seen http://projects.reductivelabs.com/projects/puppet/wiki/Certificates_And_Security... it goes into a bit more detail than you would like, perhaps. CA means certificate authority. PEM is a certificate format. In short (copying from Dan's notes): 1. ca/private/ca.pass - stores the password for the CA's private key. 2. ca/signed/ - directory where all signed certificates are stored, these are created by puppet --sign (or automatically is auto-signing is enabled) 3. ca/requests/ - this is where pending requests are stored, they are removed when puppetca --sign is run 4. ca/ca_key.pem - Private key for the CA (this is what it uses to sign things?) 5. ca/ca_crl.pem - this the the list of certificates that have been revoked. 6. ca/ca_crt.pem - this is the self signed certificate for the CA. 7. ca/ca_pub.pem - public key 8. ca/inventory.txt - list of all keys that have been signed. 9. ca/serial - CA's counter that ensures a unique ID for each key. Hope that helps! --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Templates : about puppet syntax
Modules can't currently take parameters (I think you intend to really pass parameters to a class, not a module, right?); they can however make use of variables, whether set by an external nodes classifier or in site.pp. Parameterized classes, however, are coming soon and would do what you want. For now I'd just use a variable. --Michael On Mon, Mar 22, 2010 at 3:33 PM, Smain Kahlouch smain...@gmail.com wrote: Hi, I just have a question about puppet syntax. I would like to give a parameter to my ldap module. In the node definition i would like to specify the domain. Example : ldapnode { include ldap::master::domain(domain.tld) } And in the manifest : define ldap::master::domain() {...} but i don't know how to do it. Could you please help me ? Regards, Grifith -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Doc site upgrades and Wiki question
Hi folks, I've been working on adding content to http://docs.reductivelabs.com (not pushed just yet) ... the goal for docs.reductivelabs.com is to be a great place to point people learning puppet, that produces a good gentle introduction but also contains the meat of the information, all in one place, without going too far in, but that also shows you where you can go. It's all open for contribution (Creative Commons) of course and is based on what is being done with the Ruby on Rails guides -- contributions can be made using the feedback tab, filing a bug in redmine, or just forking the project on github and sending a pull request.Most important to mention, 90%+ of the content is borrowed from the Wiki and would not be possible without it. A huge huge huge thanks there, cannot be said enough. We have awesome resources adding to our docs and they are tremendous asset to Puppet Land. So in getting together what you would need to learn Puppet, and making it a bit more organized (splitting some articles, merging others, etc), it's obvious that if we also have this content on the Wiki the two will drift apart, and we would like to minimize the pain of this happening.We'd also like to keep all the good things we have going with the Wiki going.So, seeing we have a process for maintaining things on the new docsite, and we only intend the docsite for content that will not change /as/ often, what does everyone think at moving some of the more introductory pages into the doc site? These would be things like: * About Puppet * Adding Facts * Development Complete Resource Example * Development Creating Custom Types * Development Practical Types * Development Provider Development * Exported Resources * External Nodes * File Serving Configuration (maybe) * Getting Started * Module Organisation * Module Standards * Plugins In Modules * Style Guide * Using Mongrel (linking to other content still on Wiki) * Using Passenger (linking to other content still on Wiki) * Using Stored Configuration * Using Tags (maybe) etc Things that would never move to the doc site would be things like: * Recipes / Patterns * FAQ (we may include a subset of the FAQ on the docsite for the most common items) * Best Practices At X * Cool Strategies for X * Making X work on my platform * What I Did With X * Workaround for X * Development Lifecycle * Testing information * Who Is Using Puppet * etc (basically most of the Wiki) Doc site would still link to the Wiki and make folks know of all the content that was there. We'd also try to spotlight some of the key Wiki topics. For those we're thinking about moving, I would suggest leaving all the actual Wiki pages in place (breaking bookmarks would be terrible), and replacing their content with a link to the docs page for the content that is also duplicated there. Where the page content was not wholly reproduced on the doc site, we would do this to that page. (absolutely no information loss). The doc site also explains how to contribute on page 1 (it will when I push it), and we also add this info to the WIki -- including about what goes where. We would definitely want to keep any rapidly evolving content on the Wiki, and the Wiki is definitely the place for site specifc best practices suggestions, modules, and all that other good stuff. We then keep our Wiki collaboration space rocking, and we also have a good resource to point new users to. (I also intend to make a zipfile of our docs site, so it's easy to download and take with you, on a plane, etc). Does that seem reasonable?Other suggestions? --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] dependencies
On Wed, Mar 17, 2010 at 7:35 PM, Christopher Johnston chjoh...@gmail.com wrote: I guess my only gripe here is I have about 2 dozen modules most of install some form of a pkg from yum. So they all have a direct dependency on my yum module to do the right thing. I would hate to have to put a require in every single instance that I call the method to install a pkg. Any ideas on on how to simplify this to ensure yum is the very first thing that gets configured on my system? require = [ Class[yum], What if we taught the yum provider to know about yum groupinstall ? That way you could add packages into comps.xml and reference them together, which would also be faster than referencing each one by one. While it would not technically be a 'package' this might be also a decent workaround solution to the 'yum transactions are not batched' problem. package { stuff ensure = latest, is_group = true, ... } Thoughts? --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] subscribe require
On Thu, Mar 18, 2010 at 10:07 AM, Daniel Kerwin dan...@linuxaddicted.de wrote: On Thu, Mar 18, 2010 at 2:57 PM, Christopher Johnston chjoh...@gmail.com wrote: Can some help explain the differences and use cases of subscribe and require. They seem to have a bit overlap in the sense that they do the same thing almost. I understand a require sets up a dependency. So for eg the following below would setup a dependency on the package pam to be installed in order for the file type to run. package { 'pam': ensure = latest, } file { '/etc/pam.d/system-auth': ensure = symlink, target = 'system-auth-ac', require = Package['pam'] } But what I am confused about is how is subscribe different? Doesn't that handle the same relationship of saying that you are subscribing (and/or) requiring something? Subscribe and notify are responsible for notifying resources of changes in another resource. For example: file { /etc/apache2/httpd.conf; ... require = Package[apache], notify = Service[apache], } The require statement ensures that the package apache is installed before the file is managed. When the file httpd.conf is updated the service apache is notified to restart/reload. Hope this helps To put it another way, subscribe is a special case of require with added magic in it.They both imply the same ordering relationship, but require adds the additional 'restart if this is changed' logic. Similarly, notify is like before, with that same extra magic, just specified in a different way.It does the same thing. You could write all of your Puppet language with 'subscribe' and 'require' instead of 'notify' and 'before' if it made it simpler for you. You can think of 'require' as reading like 'after'. --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] dependencies
On Thu, Mar 18, 2010 at 10:03 AM, Christopher Johnston chjoh...@gmail.com wrote: Being able to install yum groups would be a nice value add. Sucks having to list out 8-9 packages and hope rpm/yum deps get sorted out. But what I am really griping about though is something like this. Well, if the packages *do* have proper dependencies, installing one will install the dependencies. I would hope there's no hoping on that, though it may be you have packages that don't have good dependencies yet. In that case, fix the packages and that problem goes away :) Say you have 2 modules, one called ntpd and one called snmpd. Two totally different types of configurations because not every system might get ntpd configured (only my DNS servers do). In each of my manifests they have to install packages, but both modules have a direct dependency on my yum module to have been run and successfully setup in order to get packages from the right repo. It gets a little out of control to have to remember to put a require for the yum module every time I call a package type. Modelling it as a yum module seems a little weird to me (though I can see where it would save typing in fairly homogenous environments), I'd think it might work better if you keep the package requirements inside the modules that need them. That is to say, if you have an NTP class/module, require the packages needed for NTP there? --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] subscribe require
To put it another way, subscribe is a special case of require with added magic in it. They both imply the same ordering relationship, but require adds the additional 'restart if this is changed' logic. That should read but subscribe adds the additional... Similarly, notify is like before, with that same extra magic, just specified in a different way. It does the same thing. You could write all of your Puppet language with 'subscribe' and 'require' instead of 'notify' and 'before' if it made it simpler for you. You can think of 'require' as reading like 'after'. --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] dependencies
On Thu, Mar 18, 2010 at 10:25 AM, Todd Zullinger t...@pobox.com wrote: Michael DeHaan wrote: What if we taught the yum provider to know about yum groupinstall ? That way you could add packages into comps.xml and reference them together, which would also be faster than referencing each one by one. While it would not technically be a 'package' this might be also a decent workaround solution to the 'yum transactions are not batched' problem. package { stuff ensure = latest, is_group = true, ... } Thoughts? This might be nice for installs, but what happens when someone wants to remove a group? Using yum groupremove isn't the inverse of groupinstall. This can easily remove far more than users intend, especially if you don't realize that groupremove isn't the exact opposite of groupinstall. Indeed, you almost never want to do yum groupremove as you may be removing things that yum groupinstall didn't add. I think it would be a documentation item, with notable skull and crossbones about it. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] dependencies
We set a resource default at the top level of our manifests like this: Package { require = Class[package::apt::update] } Beat me to it :) and that class manages it's own internal dependencies so that before any package is installed, we're guaranteed to have run: apt-get update apt-get -f install dpkg --configure -a apt-get dist-upgrade Then when it comes to setting up repositories, we do them all with File types in a certain hierarchy, so we set a default at that level of: File { owner = root, group = root, mode = 0644, before = Class[package::apt::update] } so we know that when putting down any new repositories, they will occur before the apt updating class does, and any package installation will occur after that. -Chris On Thu, Mar 18, 2010 at 10:14 AM, Michael DeHaan mich...@reductivelabs.com wrote: On Thu, Mar 18, 2010 at 10:03 AM, Christopher Johnston chjoh...@gmail.com wrote: Being able to install yum groups would be a nice value add. Sucks having to list out 8-9 packages and hope rpm/yum deps get sorted out. But what I am really griping about though is something like this. Well, if the packages *do* have proper dependencies, installing one will install the dependencies. I would hope there's no hoping on that, though it may be you have packages that don't have good dependencies yet. In that case, fix the packages and that problem goes away :) Say you have 2 modules, one called ntpd and one called snmpd. Two totally different types of configurations because not every system might get ntpd configured (only my DNS servers do). In each of my manifests they have to install packages, but both modules have a direct dependency on my yum module to have been run and successfully setup in order to get packages from the right repo. It gets a little out of control to have to remember to put a require for the yum module every time I call a package type. Modelling it as a yum module seems a little weird to me (though I can see where it would save typing in fairly homogenous environments), I'd think it might work better if you keep the package requirements inside the modules that need them. That is to say, if you have an NTP class/module, require the packages needed for NTP there? --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- nigel -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] subscribe require
On Thu, Mar 18, 2010 at 10:21 AM, Christopher Johnston chjoh...@gmail.com wrote: I keep writing these exec types to things like service something restart, sounds like I dont need them and could just use subscribe which will in effect do the same thing. exec { 'sssd-restart': command = '/sbin/service sssd restart', refreshonly = true, require = File['/etc/sssd/sssd.conf'] } It sounds like I just need to make my server subscribe to the file and eliminate the exec. -Chris Exactly. It looks like this: package {'ntp': ensure = present } file {'/etc/ntp.conf': owner = 'root', group = 'root', mode= '644', source = '/etc/puppet/files/ntp/ntp.conf', require = Package['ntp'], } service {'ntpd': enable= true, ensure= running, subscribe = File['/etc/ntp.conf'], } --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Puppet freezes in the middle of runs
On Thu, Mar 18, 2010 at 12:45 PM, Thomas tommyfis...@gmail.com wrote: Puppet is version 0.25.4 The machines are all running under similar hardware, sorry if the word class was misleading. The database machines are failing to run puppet, while all of the other servers (mostly application servers) have no problem. Can you also check http://projects.reductivelabs.com/search/index/puppet?q=hangsscope=all_words=1issues=1submit=Submit for any open items that may apply to your case? --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] If defined() ?
On Thu, Mar 18, 2010 at 3:04 PM, Peter Meier peter.me...@immerda.ch wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 and this: if ! defined(File[/data/syslog/${remote_host}/archive]) { file { /data/syslog/${remote_host}/archive: ensure = directory; } } this should work. both of which resulted in errors. As I said, the documentation really isn't clear if functions CAN be used inside a manifest. That has always confused me and I wish someone would clear up the docs. Incidentally I'm working on doing a lot of work on docs.reductivelabs.com (adding new content, etc) at the moment. I could use *any* pointers on anything that's not clear you can find -- on that /or/ the Wiki. I'm also interested in whether the docs covered things in Puppet in the way you thought you should learn them. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Choosing the web server
On Tue, Mar 16, 2010 at 2:00 AM, Smain Kahlouch smain...@gmail.com wrote: Hi everybody, I just want to know what is the best web server between passenger and mongrel. I don't understand what are the benefits of each solution. Do you have a part of the answer please? We seem to be directing folks to passenger if they are running a new enough Puppet in the docs, yet this seems to conflict: http://www.mail-archive.com/puppet-users@googlegroups.com/msg04745.html (any updates on this?) I agree with the need to choose one performant default suggestion and not leave someone with the task of evaluating/testing lots of options. --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Choosing the web server
On Wed, Mar 17, 2010 at 9:14 AM, Christopher Johnston chjoh...@gmail.com wrote: Mongrel was very easy to setup as the packages are all available in Fedora. The solution here seems to help packaging for Fedora (and EPEL, if possible) along. Has anyone attempted packaging it previously? --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Choosing the web server
if anyone is looking for RPMS, I've created one for passenger (RHE5). Sorry, missed this earlier. Excellent. Can you give me the URL to the source RPM, specfile, and tarball? I'd like to push this through to Fedora review so we can get it built for EPEL (at least RHEL 5) and be available via yum. Getting that approved should also help with CentOS Extras, I'd imagine. --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Rio puppet meetup?
On Wed, Mar 17, 2010 at 4:29 PM, Martin Englund martin.engl...@sun.com wrote: Oi Gente! I'm going to be in Rio (de Janeiro) in a couple of months and would love to have a good puppet talk if anyone is interested... cheers, /Martin Can it be on the scale of Rock in Rio and have a DVD release? :) --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Apps that are using facter as a library or shell out to facter?
Exactly, just add a ttl-hint: 24 (hours) value to the JSON. Hmm I'd saw this as something that would be a property of the fact, rather than the output of the fact. That is, I didn't see a need for variable timeouts. That being said, if we do the fact.d for plugins, those scripts will want to also use this mechanism, so perhaps those /do/ speak it in JSON. On the other hand, stuff like --test should probably ignore such hints. Yep. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Using Puppet for application deployment
On Tue, Mar 16, 2010 at 1:14 PM, David Schmitt da...@dasz.at wrote: On 3/16/2010 6:13 PM, Joe McDonagh wrote: David Schmitt wrote: Which leads me to another idea: inter-node dependencies: | node a { mysql_db { foo: ... } } | | node b { app { x: after = AMysql_db[foo]; } } David, are you suggesting this, or are you saying that this works? I'm suggesting something like this. Internally it'd probably work like external_resource (see -dev list for details) but would query the storeconfig DB instead of calling a script on the client. Yeah I had the same idea. I think Luke was suggesting a higher level of modelling, but that can work now, provided there's a way to easily create the content for the remote resource check. The Func-like approach would be for each node to surface what it's gates were, and then set up authorization to allow other nodes to ask them if a particular task was performed. I'm not /quite/ sure that is sufficient though, or otherwise the gates would have to be pretty smart -- for controlling an app upgrade you would need more of a check than just seeing if the DB was present or a version number was in a table. --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Apps that are using facter as a library or shell out to facter?
As we're pondering future enhancements to facter, it seems useful to better understand things (other than Puppet) that are using facter. Do you have a script/application that shells out to facter or uses it from as a Ruby library to collect information? (I'm aware of mcollective supporting facter, but that's about it). If so, can you tell us a little more about it?What does it do? Also, are their other datasources you would like to see in the core 'facts' out of the box (without having to write your own), that aren't there presently? --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Using Puppet for application deployment
that are very much procedural while Puppet manifest are more useful on a description of required software level. Sort of. The long story is that we don't have a really native feeling way to model multinode deployments and workflow now, but we can think of modeling it based on a set of checkpoint conditions. Meanwhile you can see a bit of a preview here: http://github.com/reductivelabs/puppet-external-resource external_resource { some remote condition: frequency = 1, timeout = 30, check = /some/external/script/that/will/return/true } The trick is of course that the remote check software does not exist as part of anything in Puppet core, yet, so that would be up to you. However blocking until a database is present on a remote server is actually possible now. (Provided you write the script to check for it). I would agree that the concept of taking a node out of a load balanced configuration and modelling that configuration is more difficult to do intelligently, as the system needs to understand a fair amount of context about your HA environment. It's not so much of an issue of declarative vs procedural, but more so a question of can the system model your configuration. Right now, those systems today that are 'procedural' don't model at all, they are more of raw code. --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Apps that are using facter as a library or shell out to facter?
Yeah that's certainly one of the things I want to do, as is if we're calling out to a command to parse it and can cache/process it in one time as opposed to calling a billion ifconfig/dmidecodes that'd be good too. Yep, if you're shelling out or executing 'puppet' without the daemon, in memory caching doesn't work. (But how slow are we really?) Cache dir would be simple though... You could simply stat the file and see when the last fact storage run happened, and each module could set (or not set) a timeout on a case-by-case basis. No timeout would mean don't cache, so it would automatically work with any existing facts, and the facts wouldn't have to implement the caching themselves. Things like OS version are inexpensive but wouldn't have to be checked too frequently, I'd bet :) --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: memorysize returned as string - maybe
On Wed, Mar 10, 2010 at 1:24 AM, Ohad Levy ohadl...@gmail.com wrote: another option that I use is to extend the string class in ruby, that would allow you to do something like: Facter.memorysize.to_gb in order to do that add somewhere (e.g. before your custom fact) class String def to_gb begin value,unit=self.match(/(\d+|.+) ([KMG]B)$/i)[1..2] case unit.to_sym when nil, :B, :byte then (value.to_f / 1000_000_000) when :GB, :G, :gigabyte then value.to_f when :MB, :M, :megabyte then (value.to_f / 1000) when :KB, :K, :kilobyte, :kB then (value.to_f / 1000_000) else raise Unknown unit: #{unit.inspect}! end rescue raise Unknown string end end end Ohad I'd rather look into fixing the problem than doing code monkeypatching in everyday environments and require folks to write facts to get this data. Let's look at making things like this available today in facter. Patch material? I generally think facts shouldn't include units anyway, yet we don't want to break existing things that depend on them. --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Is it possible for puppet to compile packages?
On Wed, Mar 10, 2010 at 4:04 AM, James Turnbull ja...@lovedthanlost.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/03/10 8:02 PM, Ohad Levy wrote: I'm not saying its a good thing, but I've created an rpm for passenger, which compiles the apache modules in the post installation scripts. all of the required packages for building it are part of the rpm package requirements... What Ohad said. If, and it is rarely, I have to do this then I build some own RPM packages and stick them in a custom Yum repo and manage them like that. Regards James Turnbull which compiles the apache modules in the post installation scripts Apache modules can easily be shipped as seperate packages (mod_python as an example) that contain loadable modules. (Forgive my ignorance, but is that not doable for passenger?) Anyway, from a best practices perspective, it would be better to do the rebuilds on your build server as James said. You don't want to be doing compilation on production servers, and you won't have very good granularity into what happens if something goes wrong. rpm %post sections of any sufficient complexity are to be avoided. --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How to efficiently manage multiple packages installing in the same directory
site.pp import classes/install_foo.pp import classes/install_bar.pp node 'standard.node.local' { include install_foo include install_bar } --- classes/install_foo.pp: class install_foo { file { /: ensure = directory, recurse = true, source = puppet:///files/foo } } --- classes/install_bar.pp: class install_bar { file { /: ensure = directory, recurse = true, source = puppet:///files/bar } } -- Yeah, I would recommend not doing this, and would want to know more about the use case around why you wanted to do it that way. If you have multiple sets of applications that you don't want to package into something LSB compliant, it would be better to install each seperate app in /opt or /srv, such as /opt/foo and /opt/bar That's not great by best practices' guidelines, but it works and gets the job done if you don't want to package things so that they fully understand /etc and /var and such. The error you get is because Puppet will not allow the same resource to be represented twice, but the larger problem is you're also kind of subverting the point of the package manager if you are overlaying files all over the file system. You lose the ability manage dependencies and see how what got where, hence I'd really recommend asking why the use case is like that. If you're not deploying a full app, just perhaps a set of data files or content, be more specific about where it should go: file { /this/is/where/where/the/files/go: ensure = directory, recurse = true, source = puppet:///files/wherever/bar } Versus doing paths relative to root. Further, I don't really know how many files you are distributing this way, but if it's the whole OS, that is going to be rather slow and not entirely deseriable. If you strictly have to do this, you might as well just rsync the content with an Exec task ... though again, it's better if you can do something else. --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.