Re: [Puppet Users] Facter + storeconfigs missing fact_values
Well, it would help if you can find out if the problem is with storeconfigs of the rest of puppet. Does the fact seem to be affecting the manifest? On Sun, Jun 19, 2011 at 7:48 PM, josbal wrote: > Hi Guys, > > Was wondering if someone could point me in a way to diagnose my issue. > > I have a custom fact that i deployed on all my nodes. If i run the > fact manually i get results as expected. When puppet runs only 5 or so > nodes are storing this particular fact in the storeconfig mysql > database. All other facts are storing fine for every node. As running > the fact manually works on every node, i don't know why this fact for > most nodes isn't populating in the database. > > Any ideas on how i could see what is happening within the puppet/ > facter processing? > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Could not find a default provider for package
On Sat, Jun 18, 2011 at 6:24 PM, d0ugb wrote: > Need some help here. I am using puppet to mange some Gentoo boxes, and > when working with packages I keep getting the following error: > > Could not find a default provider for package > > Version: > > * app-admin/puppet > Latest version available: 0.25.0-r1 > Latest version installed: 0.25.0-r1 > Size of files: 592 kB > Homepage: http://reductivelabs.com/projects/puppet > Description: A system automation and configuration management > software > License: GPL-2 > 1) I really recommend avoiding versions of puppet whos versions end with a ".0" if you want a stable version. 2) This error means that puppet can't decide which "provider" to use for installing. In the case of Ubuntu, this would be "Apt". 3) Look at the type reference http://docs.puppetlabs.com/references/0.25.0/type.html#package and find the section talking about "provider". One of them should mention the comment you use for launching the package manager. (probably the one mentioning emerge) 4) It says catagory is read-only, so remove that. 5) I think "name" isn't needed. After your manifest is working, try removing that. 6) You might want to try to figure out why it didn't get the right provider. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] [SOLVED] line replace triggers file reload
On Wed, Jun 1, 2011 at 11:22 PM, Giovanni Bordello wrote: > Sorted, I've done it using a template: > > search <%= dns_search_path %> > nameserver ... > nameserver ... > > That way the file is (presumably?) created on the master and looks constant > to the client. > > To answer your implicit question. The file is generated on the master and embedded in the catalog. Then the catalog is send to the client. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] PC EU feedback: long online docs pages should be broken up
On Sat, May 21, 2011 at 12:01 AM, R.I.Pienaar wrote: > > > - Original Message - > > On 2011-05-20 22:18, Randall Hansen wrote: > > > http://projects.puppetlabs.com/issues/7601 > > > > > > Our very long docs pages are difficult to use. E.g., > > > http://docs.puppetlabs.com/references/2.6.8/type.html > > > > I'd disagree on one point. It's not the length of the page that > > bother me, because having all on one page is indeed convenient. But the > > disappearance of the left margin when using a tight browser window > > (firefox 3.6) is annoying. A nice bonus would be to have the content > > list floating alongside the main view, but that's a bit tricky when > > the content is longer that the window height. > > +1 the length is not the problem, in fact I too prefer it all on one page. > > I actually second this. I like having them all on one page. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: PC EU feedback: ability to remove all unmanaged resources
On Fri, May 20, 2011 at 3:15 PM, jcbollinger wrote:
>
>
> On May 20, 3:17 pm, Randall Hansen wrote:
> > http://projects.puppetlabs.com/issues/7600
> >
> > I call this the "agent orange" option :)
> >
> > This works, purging all unmanaged hosts entries:
> >
> > resources { 'host':
> > purge => true,
> > noop => true,
> > }
> >
> > We should have a similar property for all (most?) types.
> >
> > Please comment on the ticket or reply here, whichever you prefer.
>
>
> I don't understand. I didn't think the "resources" meta-resource was
> specific to use with the 'host' resource type. Are there any resource
> types that it *doesn't* work with?
>
Err, I assume (hope) it doesn't work with Augeas or File. I'd guess Package
is too dangerous to be useful, but I could be wrong.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] PC EU feedback: virtual resource operator is too magical, hard to read
On Fri, May 20, 2011 at 3:15 PM, Jordan Sissel wrote:
>
>
> On Fri, May 20, 2011 at 1:20 PM, Randall Hansen wrote:
>
>> http://projects.puppetlabs.com/issues/7605
>>
>> The virtual resource operator:
>>
>>@user { luke: ensure => present }
>>
>> Is relatively easy to type but, if you don’t know it, very hard to
>> read. We should consider a word-based syntax, e.g.:
>>
>>virtual user { luke: ensure => present }
>>
>> Please comment on the ticket or reply here, whichever you prefer.
>>
>> Thanks!
>>
>> r
>>
>
> +1 to this. Any change here should also updae the export syntax as well.
>
> replace @@user { foo: ; }
> with export user { foo: ; }
>
+1
Any plans on making the realizing/importing queries changed as well?
>
> realize/query: User <| title == "foo" |>
> export query: User <<| title == "foo" |>>
>
> -Jordan
>
>>
>> P.S. This is in response to feedback from my "Improving the Puppet
>> DSL" session at Puppet Camp EU, 2011. This ticket isn't a promise we
>> will take action, but we could very much like comment and discussion
>> from you good people.
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Plugins don't work the way I think they do?
On Mon, May 16, 2011 at 5:04 PM, Aaron Grewell wrote: > Hi all, > I'm trying to configure a set of network interfaces, so I downloaded the > puppet-network module from the module forge. I enabled plugin sync per > http://docs.puppetlabs.com/guides/plugins_in_modules.htm and added the > module to my module path, but I'm getting an 'invalid resource type' error > indicating that the custom type included in the module isn't found. Can you > help me figure out what I've missed? > > Puppet: > puppet --version > 2.6.6 > > The error: > err: Could not retrieve catalog from remote server: Error 400 on SERVER: > Puppet::Parser::AST::Resource failed with error ArgumentError: Invalid > resource type network_config at > /usr/share/puppet/environments/testing/modules/cluster/manifests/testcluster1.pp:35 > > > Basically, Puppet has two parts. The Type, which must be used during catalog compiliation (usually done on the server), and on the client. The provider uses your type to do all the useful stuff on the client. You're probably getting this error because the server can't find the type when it tries to compile the catalog. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] apt-pinning & puppet package management
If it's pinned like you show, will your computer upgrade to the backports
version if you run "apt-get update && apt-get upgrade" or do you need the
"-t"?
On Mon, May 16, 2011 at 1:49 PM, CoolCold wrote:
> Hello!
> I have question about Debian package management with puppet. I'm
> wondering is there sane way to make puppet respects packages pinning?
> i.e., if I have several repos for one package, let's say it is "nginx"
> which can be found in lenny & lenny-backports repos. I've created
> pinning file like:
> Package: nginx
> Pin: release a=lenny-backports
> Pin-Priority: 600
>
> So, if i have nginx installed from repository "lenny" , 'apt-get
> install nginx' will update (if version is newer of course) nginx from
> lenny-backports .
> When I run puppet, it just ignores package available in pins, I guess
> it thinks package already installed. Package is described like:
> $packagelist = [ "nginx" ]
>
> package { $packagelist:
> ensure => installed,
> }
>
> Using "latest" is not the cure, because it will look only on version
> (as i understand) and not on pins. I've found
> https://github.com/evolvingweb/puppet-apt/blob/master/manifests/force.pp
> which looks like something I need, but may be I'm missing something
> and there is proper way to do this.
>
> My puppet versions:
> root@kappa2:~# dpkg -l|grep puppet
> ii puppet 2.6.2-4~bpo50+1
> Centralized configuration management - agent
> ii puppet-common 2.6.2-4~bpo50+1
> Centralized configuration management
> root@kappa2:~# puppetd --version
> 2.6.2
>
> OS - Debian Lenny amd64, puppet from backports.
>
> P.S. Please, CC me on reply.
>
> --
> Best regards,
> [COOLCOLD-RIPN]
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet updating from relative directories or chroot
On Mon, Dec 13, 2010 at 2:39 PM, Daniel Pittman wrote: > On Fri, Dec 3, 2010 at 22:41, Geoff wrote: > > > Anyone had any experience getting puppet to update multiple OS's on a > > single server? > > Not without a "container" style virtualization solution wrapped around it. > > [...] > > > Can puppet be run in a mode that would take into account relative > > directories. i.e. instead of being / (root) based, it would be /pxe/ > > hostn/ based? > > Nope. > > I didn't respond earlier, as I imagine most people didn't, because we > hoped someone would actually come along and have some experience that > could help you out here. Even if they don't, though, posting a new > message with "bump" in the content doesn't work like a web forum - it > just sends out a new message with that one line in it to everyone > subscribed. I had to dig back through the archives to see what you > were having trouble with so I could respond. > I was able to see the whole question because he either replied to himself or because he copied and pasted. Could your email client be hiding quoted text? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] iteration question
Puppet won't bother other files in a directory it manages unless you turn on "purge => true". On Fri, Dec 3, 2010 at 2:15 PM, Don Jackson < puppet-us...@clark-communications.com> wrote: > > On Dec 3, 2010, at 12:56 PM, Patrick wrote: > > Why not sync the files directly to that directory? > > > There are other files in the parent directory that are not managed by > puppet. > > And the names of the files are dynamic enough that it would be painful to > explicity manage each file in the puppet manifest. > > So, what I prefer to do, is tell puppet: > > Create a directory, and fill it with all contents of a comparable directory > on the puppet file server. > > And then create links from the parent directory into this managed > subdirectory. > > > > > > On Dec 3, 2010, at 12:48 PM, Don Jackson wrote: > > > So here is a scenario: > > > I have a directory: > > > ./foo > > ./foo/file1 > > ./foo/file2 > > ./foo/file3 > > … > > ./foo/fileN > > > I populate this directory on a configured machine via a recursive file > resource. > > > What I would like to do is create a symlink from the parent directory to > each filen in the foo subdirectory? > > > Is there some easy way to get puppet to do that? > > > Basically I would like to iterate thru > > > ln -s ./foo/filen ./filen > > > Short of writing a shell script, downloading it, and Exec'ing it? > > > > -- > > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > > To post to this group, send email to puppet-us...@googlegroups.com. > > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] (RHEL) RHN banning && require package
On Wed, Nov 3, 2010 at 10:37 AM, erikthered wrote: > I'm looking to get around a bit of a problem I've run into with > Puppet. On my puppet master, I have this definition: > > Would that be the best way to handle this issue? Any opinions? > > I think they best way would be to put a caching proxy between your computers and the mirror or run your own mirror. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppetd 0.25.4 with puppetmaster 0.24.8?
Always upgrade the puppetmaster first. Clients will usually not work with a server that has an older major version. I've found that using the lucid (10.4) deb files in karmic (9.10) works fine if You get all the related ones. When ever you upgrade puppet, also upgrade facter. On Wed, Oct 20, 2010 at 11:32 AM, Ed Greenberg wrote: > Our puppetmaster runs 0.24.8 on Ubuntu 9.10. Our clients are either Ubuntu > 9.10 or Ubuntu 8.04. > > We've just brought up our first Ubuntu 10.04 machine. This machine installs > puppetd 0.25.4. > > The Ubuntu 10.04 machine can't seem to present it's certificate request > properly. > > In my masterhttp.log, I see > [2010-10-20 13:09:06] 174-143-141-55.static.cloud-ips.com - - > [20/Oct/2010:13:09:05 CDT] "PUT /production/certificate_request/ > edglucid1.newhostingaccount.net HTTP/1.1" 404 359 getting a 404. > > Also > > [2010-10-20 13:24:52] 174-143-141-55.static.cloud-ips.com - - > [20/Oct/2010:13:24:52 CDT] "GET /production/certificate/ca HTTP/1.1" 404 322 > > There is no certificate pending to sign. > > My command line on the client side was > /usr/sbin/puppetd --no-daemonize --verbose --onetime --server=xxx --fqdn= > edglucid1.newhostingaccount.net > > Am I hitting a version incompatibility, and is there any hope for this > other than installing a newer puppetmaster, from source (since Ubuntu 9.10 > doesn't provide 0.25) or upgrading the puppetmaster server to Ubuntu 10.04? > > > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Proposal to remove redundant info in source => parameters
On Sat, Sep 25, 2010 at 10:33 AM, Nigel Kersten wrote:
> On Sat, Sep 25, 2010 at 10:27 AM, Patrick wrote:
> >
> > On Sep 25, 2010, at 10:23 AM, Nigel Kersten wrote:
> >
> >> On Sat, Sep 25, 2010 at 10:10 AM, Patrick wrote:
> >>>
> >>> On Sep 25, 2010, at 10:02 AM, Nigel Kersten wrote:
> >>>
> On Fri, Sep 24, 2010 at 12:34 PM, Nan Liu wrote:
> > On Fri, Sep 24, 2010 at 11:20 AM, Nigel Kersten
> wrote:
> >> eg the proposal is that if you don't specify the protocol, server
> >> address, modules prefix, module name, it is assumed you are
> referring
> >> to a file path relative to the 'files' subdirectory of the current
> >> module.
> >>
> >> If you wish to fully specify the source URI, you're free to do so.
> >
> > Since we can determine module_name in 2.6, I agree with this change.
> > But we should update template behavior so it's the same as file.
> > Currently for templates:
> >
> > content => template("foo.erb"),
>
> Ah I missed addressing this point.
>
> I don't think we can do this and still have backwards compatibility.
>
> How do you tell whether 'foo/bar.erb' refers to 'foo' the module or a
> subdirectory 'foo' in the current module? Which should take
> precedence? How do we throw a deprecation warning?
>
> I don't think we can feasibly forbid references to templates outside
> the current module. That would have a significant effect upon our
> ability to share modules.
>
> With the benefit of hindsight, we should possibly have made the source
> parameter, file function and template function consistent...
>
> Can we get there from here?
> >>>
> >>> What about instead defining something uncommon to be "module root".
> Something like, as a random example, "~/". Then the syntax goes from
> "file:///modules/$modulename/file" to "~/file".
> >>
> >> I'm normally really reluctant to add more special characters to the
> >> syntax, as I feel like we're way too busy as it stands, but I really
> >> do quite like this idea, using normal *nix syntax for your home vs
> >> other users...
> >>
> >> Let me incorporate your suggestion as I think adding syntax allows us
> >> to make all three consistent.
> >>
> >> modules/$module_name/files/foo
> >> file { source => "~/foo" }
> >>
> >> File (source) from another module 'bar':
> >> file { source => "~bar/foo" }
> >>
> >> modules/$module_name/templates/foo.erb
> >> template("~/foo.erb")
> >>
> >> modules/bar/templates/foo.erb:
> >> template("~bar/foo.erb")
> >>
> >> modules/$module_name/files/foo
> >> file("~/foo")
> >>
> >> modules/bar/files/foo
> >> file("~bar/foo")
> >>
> >>
> >> All of this *only* applies if you are within a module.
> >> We don't deprecate the puppet:// or file:// syntax
> >> Do we deprecate the existing template function syntax?
> >> If not, do we add the existing template function syntax to the file
> >> function for consistency?
> >> We don't support setting the server, or access to static mount points.
> >> If you want those, use the puppet:// syntax.
> >>
> >> This feels good. We're optimizing for the two most common cases,
> >> without removing the most flexible syntax.
> >
> > Here's something to think about. Would it be worth the effort to allow
> "file://server.com/~/file "?
>
> I don't think we mention file:// in the docs at all... I'd always been
> under the impression that we supported "puppet://" for server-side
> URIs and anything else was a local filesystem path.
>
> Testing shows we do support file:///tmp/foo just like /tmp/foo. Huh.
>
> Back to your question... I don't think so, but others may have a
> different opinion.
>
>
That was a typo. I meant
Would it be worth the effort to allow "puppet://server.cxm/~/file"? This
allows you to specify the server, but not give the full path.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] A question about synchronization
On Tue, Sep 21, 2010 at 12:49 PM, 2ead3bcd wrote:
> Hi,
>
> Suppose I have 3 nodes, and I want puppet to perform a set of steps on
> them in a different order:
> Apply step A on each of them, then step B on each of them, then step C
> on each of them, and so on.
> I'm wondering if puppet supports this scenario. Thanks.
>
>
I'm not quite sure what you're saying. A diffierent order than what? Do
you mean you want to specify the order instead of using the default (and
random) order?
Also, the order only matters on each right? There isn't a way to
synchronize actions between computers so if step A needs to finish on all
computers before step B finishes on any computer, you're out of luck. If
you just want to order resources, here's an example.
file { "/tmp/puppet-first":
ensure => present,
}
file { "/tmp/puppet-second":
ensure => present,
require => File["/tmp/puppet-first"],
}
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] auth.conf in puppet 2.6 with Apache + Passenger
On Aug 17, 2010, at 9:51 PM, Sven Schott wrote:
> The config file said those were only used with mongrel so I didn't uncomment
> them. However, after fiddling for while I found that I had missed the exact
> same thing on the apache virtual hosts config. The following lines were
> missing:
>
> RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
> RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
> RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
>
> which are in the instructions on the puppet wiki but not on the instructions
> I had. Once I added that to the virtual hosts config, everything went peachy.
> Thanks for the reply anyways. I appreciate it.
That's half true. Basically, apache and puppet use different header names for
the same thing be default, so you can either tell apache to name them
differently, or tell puppet to look for different header.
> On Wed, Aug 18, 2010 at 1:19 PM, Patrick Mohr wrote:
> I think you might have missed this bit:
>
> Setup your puppet.conf
>
> Make sure you have the following set in your puppetmaster’s puppet.conf:
>
> [puppetmasterd]
>
> ssl_client_header = SSL_CLIENT_S_DN
>
> ssl_client_verify_header = SSL_CLIENT_VERIFY
>
>
>
> On Tue, Aug 17, 2010 at 5:59 PM, Sven Schott wrote:
> Hi everyone
>
> I'm having a problem with a clean install of puppet (2.6.0) on a Mac server
> (Mac OS 10.5.8). I set up puppet initially with MySQL and the puppetmaster
> standalone (Webrick) and that works fine. Clients can connect and there are
> no problems. But when I configured it to use Apache and Passenger, the client
> responds that the request is forbidden.
>
> err: Could not retrieve catalog from remote server: Error 403 on SERVER:
> Forbidden request: XXX.XXX.XXX(xx.xx.xx.xx) access to /catalog/XXX.XXX.XXX
> [find] at line 97
>
> So after going through the mailing lists and google I've found that the
> auth.conf file is the problem. I have stock standard auth.conf which looks
> like this:
>
> http://pastie.org/1098939
>
> And yes, adding auth no to the first four methods does make it work, but I
> know that's not the problem (or the solution). Am I missing something? Is it
> a bug or PEBKAC?
>
> Some of the relevant puppet.conf entries
>
> vardir = /var/lib/puppet
> confdir = /etc/puppet
> puppetdlog = '$logdir/puppetd.log'
> logdir = '$vardir/log'
> rest_authconfig = '$confdir/auth.conf'
> masterlog = '$logdir/puppetmaster.log'
>
> The Gem versions I am using:
>
> facter (1.5.7)
> mongrel (1.1.5)
> passenger (2.2.15)
> puppet (2.6.0)
> rack (1.2.1, 1.1.0)
> ruby-mysql (2.9.3)
>
> The backtrace on the server is:
>
> http://pastie.org/1098964
>
> Ruby version is : ruby 1.8.7 (2009-06-12 patchlevel 174)
>
> Virtualhost entry in apache looks like this:
>
> http://pastie.org/1098973
>
> and the config.ru file looks like this:
>
> http://pastie.org/1098974
>
> The client and server certs are fine (standalone works fine) and there are no
> connectivity problems between the client and server.
>
> Anyone seen this or have any ideas? Any help would be greatly appreciated.
>
> Regards
>
> Sven Schott
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] auth.conf in puppet 2.6 with Apache + Passenger
I think you might have missed this bit: *Setup your puppet.conf* *Make sure you have the following set in your puppetmaster’s puppet.conf:* *[puppetmasterd]* *ssl_client_header = SSL_CLIENT_S_DN* *ssl_client_verify_header = SSL_CLIENT_VERIFY* On Tue, Aug 17, 2010 at 5:59 PM, Sven Schott wrote: > Hi everyone > > I'm having a problem with a clean install of puppet (2.6.0) on a Mac server > (Mac OS 10.5.8). I set up puppet initially with MySQL and the puppetmaster > standalone (Webrick) and that works fine. Clients can connect and there are > no problems. But when I configured it to use Apache and Passenger, the > client responds that the request is forbidden. > > err: Could not retrieve catalog from remote server: Error 403 on SERVER: > Forbidden request: XXX.XXX.XXX(xx.xx.xx.xx) access to > /catalog/XXX.XXX.XXX[find] at line 97 > > So after going through the mailing lists and google I've found that the > auth.conf file is the problem. I have stock standard auth.conf which looks > like this: > > http://pastie.org/1098939 > > And yes, adding auth no to the first four methods does make it work, but I > know that's not the problem (or the solution). Am I missing something? Is it > a bug or PEBKAC? > > Some of the relevant puppet.conf entries > > vardir = /var/lib/puppet > confdir = /etc/puppet > puppetdlog = '$logdir/puppetd.log' > logdir = '$vardir/log' > rest_authconfig = '$confdir/auth.conf' > masterlog = '$logdir/puppetmaster.log' > > The Gem versions I am using: > > facter (1.5.7) > mongrel (1.1.5) > passenger (2.2.15) > puppet (2.6.0) > rack (1.2.1, 1.1.0) > ruby-mysql (2.9.3) > > The backtrace on the server is: > > http://pastie.org/1098964 > > Ruby version is : ruby 1.8.7 (2009-06-12 patchlevel 174) > > Virtualhost entry in apache looks like this: > > http://pastie.org/1098973 > > and the config.ru file looks like this: > > http://pastie.org/1098974 > > The client and server certs are fine (standalone works fine) and there are > no connectivity problems between the client and server. > > Anyone seen this or have any ideas? Any help would be greatly appreciated. > > Regards > > Sven Schott > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Forbidden request: HOSTNAME(IP_ADDRESSE) access to / certificate_revocation_list/ca
On Aug 13, 2010, at 7:22 AM, Christian wrote: > When i run in the webbrowser https://:8140 I'm getting > following message: > > "The environment mus be purely alphanumeric, ''". Is it an problem not > to have an environment defined? My working puppetmaster gives the same error. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Push changes to clients
On Aug 13, 2010, at 7:21 AM, Christopher Johnston wrote: > ignoreschedules = true This will cause puppet to ignore schedule resources. It won't do what you want. > > > Cant you just use those two options to allow puppetruns to work and not have > the client attempt to do updates? > > On Fri, Aug 13, 2010 at 6:44 AM, matonb wrote: > Is there a puppet.conf equivalent to --no-client ? > > All the nodes are RHEL and will use the puppet service (init > script). I'd rather not tweak that if possible. > > Thanks. > > On Aug 13, 11:38 am, Craig Dunn wrote: > > On Fri, Aug 13, 2010 at 10:05 AM, ScubaDude > > wrote: > > > > > I was wondering how to configure the puppet clients to only listen, > > > not to periodically pull configs down from the puppetmaster. > > > > > I'd rather push the configs out from the puppetmaster with > > > puppetrun... > > > > Running puppetd with --no-client should have this effect. > > > > Craig > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Parsing key/value pairs in ruby
On Aug 12, 2010, at 10:55 AM, Rein Henrichs wrote:
> Excerpts from Paul Nasrat's message of Thu Aug 12 06:45:52 -0700 2010:
>> You might use shellwords to handle the quoting.
>>
require 'shellwords'
l = %q(printer-make-and-model='Brother HL-2060 Foomatic/hpijs-pcl5e
(recommended)' printer-state=3 printer-state-change-time=1266621145
printer-state-reasons=none printer-type=8564756)
Shellwords.shellwords(l)
>> => ["printer-make-and-model=Brother HL-2060 Foomatic/hpijs-pcl5e
>> (recommended)", "printer-state=3",
>> "printer-state-change-time=1266621145", "printer-state-reasons=none",
>> "printer-type=8564756"]
>>
>> Paul
>
> Paul, shellwords.rb is one of the many great but little-known Ruby
> standard library tools. Going a little further, we can turn a string of
> shell-quoted key/value pairs separated by an '=' into a hash using:
>
>require 'shellwords'
>
>shellwords = Shellwords.shellwords(your_string)
>pairs = shellwords.map{ |s| s.split('=', 2) }.flatten
>Hash[*pairs]
>
> This may be a little daunting, so let's break it down:
>
> 1) shellwords = Shellwords.shellwords(your_string) turns the string into
> an array of tokens, assuming it's been assigned to your_string.
>
> 2) pairs.map{|s| s.split('=', 2)} takes each string in turn and splits
> it on the first '=', returning a new array containing arrays of
> [before-the-equals, after-the-equals] pairs. Splitting on the first '='
> avoids any possible bugs where there is an = in the value.
>
> 3) .flatten flattens this array of arrays into an array that looks like [
> key, value,
> key, value, ... ]. We'll need this for step 4.
>
> 4) Hash[1, 2, 3, 4] turns the arguments into a hash: { 1 => 2, 3 => 4 }.
> We use this to turn the array above into a Hash. The * is used to
> turn the array into a series of arguments, because Hash[[1,2,3,4]]
> doesn't work, but Hash[*[1,2,3,4]] does. (I often think of * in this
> context as the "unary unarray operator".)
Thanks both of you for the help. It looks like this will do 40% of the work
for me.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Parsing key/value pairs in ruby
I'm making a provider for cups and I need to parse a string into arbitrary key/value pairs. The string looks like this: printer-make-and-model='Brother HL-2060 Foomatic/hpijs-pcl5e (recommended)' printer-state=3 printer-state-change-time=1266621145 printer-state-reasons=none printer-type=8564756 I know almost no ruby. Any advice for what functions or data structures I want to use? It looks like "split" might be what I want to use for parsing, but the quoted strings will give me trouble. For the first version, I'm only using 3 of the values. Do I just want to pull out those manually instead of parsing the whole string? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Optionally ensuring a service is running
On Aug 11, 2010, at 9:31 AM, Joe McDonagh wrote: > On 08/11/2010 12:27 PM, Marc Zampetti wrote: >> I want puppet to normally manage the running state of a service, so that if >> the service stops, it is restarted, etc. But during maintenance windows, I >> want puppet to leave the service in whatever state it is in. My idea is to >> have a file that can be checked to see if the service is in maintenance >> mode, and if so, then skip the ensure check. >> >> To do this, I see two issues. >> 1) How do I test for the existence of a file? The docs don't seem to be able >> to do so. I'm guessing I would need to define a custom fact for that, right? >> 2) How do make it so that the service "ensure" property is correct? Right >> now, it appears that only "running" or "notrunning" is valid. Would >> "ignored" or undef or something like that work? >> >> Is there a better way to achieve what I'm trying to do? >> >> Marc Zampetti >> > Marc, you might want to look into the schedule resource, and use that. > > As for your questions: > > 1. You would need a custom fact. This will give you a race condition if you aren't careful. Something like this should work: *) Stop puppet *) Stop service *) Create File *) Run puppet Also, on some platforms you can modify the server's config so the platform init scripts won't start the service. That might be easier. > 2. There are more options for ensure for services, such as enabled, > installed, etc. I'm not sure undef would work. If you set a schedule for it > though, it shoudl only apply the resource during that schedule. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppetrun with --class argument not working, ver. 0.25.5
I think I've seen a similar error before. If I remember right, the problem is that puppetrun or is looking in the main/puppetrun sections for information about ldap. You have you ldap stuff in puppetmasterd. Try temporarily putting all the ldap stuff in [main]. On Tue, Aug 10, 2010 at 9:14 PM, alcy wrote: > I am experiencing the behavior reported in another bug report (http:// > projects.puppetlabs.com/issues/1006) in version 0.25.5, that is: > > puppetrun --host xyz.def.com --class apache --debug --trace > > gives this: > >You must be using LDAP to specify host classes > > My puppet.conf looks like this: > > [main] > logdir=/var/log/puppet > vardir=/var/lib/puppet > ssldir=/var/lib/puppet/ssl > rundir=/var/run/puppet > factpath=$vardir/lib/facter > templatedir=$confdir/templates > [puppetmasterd] > ssl_client_header = SSL_CLIENT_S_DN > ssl_client_verify_header = SSL_CLIENT_VERIFY > reports=log,foreman > node_terminus=ldap > ldapserver=192.168.1.214 > ldapbase=ou=Hosts,dc=abc,dc=com > ldapuser=cn=admin,dc=abc,dc=com > ldappassword=secret > > And a sample node entry like this: > > dn: cn=xyz.def.com,ou=Hosts,dc=abc,dc=com > objectClass: device > objectClass: ipHost > objectClass: puppetClient > objectClass: top > cn: xyz.def.com > ipHostNumber: 192.168.1.158 > puppetClass: dovecot > puppetClass: apache > puppetClass: imapproxy > environment: production > > The above behavior is see only when mentioning a class explicitly,. > Without the —class argument, it works. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] variable confusion
Why not just move everything to a class in a diffierent file? Then put the
variables directly in that class?
On Mon, Aug 9, 2010 at 9:23 AM, Christopher Johnston wrote:
> Why can't variables be reassigned with a setup like this?
>
> node /.*mydomain.com/ {
> import mydomain.pp
> }
>
> node /*.yourdomain.com/ {
> import yourdomain.pp
> }
>
> In manifest mydomain.pp and yourdomain.pp I have variables that are
> specific to that site that I want to import only for that site (ie,
> dns_nameserver ldap_server). I get errors that variable cannot be
> reassigned. My reasoning for wanting to separate everything into separate
> site specific manifests is mostly because my nodes.pp is getting way too
> cluttered and difficult to manage (over 1k lines of code). It looks like
> stuff is getting imported regardless of the node type (case statements also
> show the same behavior).
>
> err: Could not retrieve catalog from remote server: Error 400 on SERVER:
> Cannot reassign variable site_id at
> /etc/puppet/manifests/nodes/mydomain.pp:5 on node host.yourdomain.com
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] generating catalog files
On Aug 2, 2010, at 5:50 PM, Jon Wilson wrote: > Hiya, > > Is there a way I can easily generate the catalog for a particular > puppet client, without actually running Puppet on that client? > > I'd like to write some unit tests for my Puppet master, which generate > catalogs for a set of clients, and check their content. This will > syntax & sanity check my manifests, without getting stuck in > certificate hell. Here's a command to get you started: puppetmasterd --compile clients.fqdn I'm not sure how, but some magic is being done to get the client's facts. I'm assuming the facts are cached from an earlier run, but this is pure speculation. If you run it with --verbose, it will send that information to stderr. To make the tests much shorter on failure, you probably want to test the erb using "erb -x -P -T '-' $1 | ruby -c " and test the config using --parseonly. Warning: when the catalog is compiled, everything* that would normally be done with storeconfigs will be done. This means running tests like this can affect your existing configuration. *I'm not actually sure it does everything, but it does most of the storeconfigs stuff. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Newbie question - package installation
On Jul 30, 2010, at 2:53 AM, quicksilver03 wrote: > Try adding an ensure => present to your File resource and see if it > avoids downloading the RPM file over and over again. I'm almost sure the problem is he's putting the rpm in /tmp which is nuked by the OS on reboot. One of my solutions was just to put them in a folder that isn't nuked on reboot. > On Jul 29, 10:40 pm, Rustler wrote: >> I am using version 2.6 and it would be nice if you could use a puppet >> url for the package source, but that does not appear to work (docs say >> it has to be a local file). >> >> My other choices seem to be an nfs mount, or a local repo server. >> >> Thanks >> >> On Jul 29, 11:23 am, Patrick Mohr wrote: >> >> >> >>> On Jul 29, 2010, at 9:45 AM, Rustler wrote: >> >>>> This code is working - but due to the file declaration it keeps >>>> downloading the rpm even after the package gets installed. >> >>>> 1. How do I stop the rpm from downloading after the package is >>>> installed? >> >>> Best method: >>> *) If at all possible you should just replace this with a real package >>> repository. >> >>> Should also work: >>> *) Put the rpm files on a webserver and download them as needed. I think >>> rpm can take URLs instead of local paths. >>> or >>> *)Install from a network drive like nfs >> >>> Not recommended: >>> *) Just put the rpms into a folder you create. It will keep growing >>> forever, but it probably won't ever get very big unless you release a lot >>> of packages. Trust me on this, pushing out big files with puppet is >>> probably a mistake. It will put a large load on the puppetmaster, and if >>> you are using a version of puppet less than 2.6.0, the RAM requirements on >>> the client and serve will be horrendous. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Bootstrap
Do you want to run it off the server or install it on the client? What OS? On Jul 29, 2010, at 9:02 PM, parag(PK) wrote: > Can it be possible to boot up a bare metal client ,by downloding the > whole OS from server .when the client is powered on . -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Newbie question - package installation
On Jul 29, 2010, at 9:45 AM, Rustler wrote: > This code is working - but due to the file declaration it keeps > downloading the rpm even after the package gets installed. > > 1. How do I stop the rpm from downloading after the package is > installed? Best method: *) If at all possible you should just replace this with a real package repository. Should also work: *) Put the rpm files on a webserver and download them as needed. I think rpm can take URLs instead of local paths. or *)Install from a network drive like nfs Not recommended: *) Just put the rpms into a folder you create. It will keep growing forever, but it probably won't ever get very big unless you release a lot of packages. Trust me on this, pushing out big files with puppet is probably a mistake. It will put a large load on the puppetmaster, and if you are using a version of puppet less than 2.6.0, the RAM requirements on the client and serve will be horrendous. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Installing Puppet
On Jul 22, 2010, at 9:16 PM, parag(PK) wrote: > > Can anyone describe the exact puppet installation procedure > I am using a Ubuntu 7.04 system Upgrade to Lucid? Really, that's a very old version. Install ruby, facter, augeas, and puppet from source. It's going to be an adventure, and you're not likely to get an exact and in-depth procedure with an OS that old. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] fileserver issues - getaddr info
I would actually try it again with an even shorter path. Here's something that
works for me.
fileserver.conf:
[private]
path /etc/puppet/private/%d/%h
allow *
The file is at
/etc/puppet/private///openvpn/server.conf
Manifest reads:
file { "/etc/openvpn/server.conf":
owner => "root",
group => "root",
mode => 644,
source => "puppet:///private/openvpn/server.conf",
}
Try using this path on your server:
puppet://server/sshd/that.txt
On Jul 22, 2010, at 5:03 PM, tu2bg...@gmail.com wrote:
> Thanks for the reply, I did try various different path locations before I
> posted. I'm guessing that the problem is either in the way that puppet looks
> up hostnames or a problem elsewhere in the actual config.
>
> err: /Stage[main]/Sshd/File[/tmp/that.txt]: Could not evaluate: getaddrinfo:
> Name or service not known Could not retrieve file metadata for
> puppet://server/sshd/files/tmp/that.txt: getaddrinfo: Name or service not
> known at /etc/puppet/modules/sshd/manifests/init.pp:29
>
> on the client I've set:
> [puppetd]
> server = au-mel-master-1.blah.com
>
> According to
> http://projects.puppetlabs.com/projects/puppet/wiki/File_Serving_Configuration
> you need to specify modules for the source as:
> puppet://server/modules//file
>
> and in that case puppet://server/modules/sshd/tmp/that.txt should work
>
> but all variations of that line return:
> "Could not evaluate: getaddrinfo: Name or service not known Could not
> retrieve file metadata"
>
> which sounds like it work out the address and all I see on the puppetmaster
> is
> "debug: File[/tmp/that.txt]: Adding default for ignore"
>
> so there is some communication going between the hosts.
>
> Cheers,
> Denmat
> On , Patrick Mohr wrote:
> > Try using a path of "puppet://server/sshd/files/that.txt" (I removed the
> > word "modules").
> >
> >
> >
> > On Jul 22, 2010, at 6:03 AM, denmat wrote:
> >
> >
> >
> > > Hi all,
> >
> > >
> >
> > > Haven't set puppet up for awhile and have an issue with getting files
> >
> > > served.
> >
> > >
> >
> > > I'm running 2.6 gem on fedora12.
> >
> > >
> >
> > > class sshd {
> >
> > >
> >
> > > file { "/tmp/that.txt":
> >
> > >source => "puppet://server/modules/sshd/files/that.txt",
> >
> > >ensure => present,
> >
> > >mode => 600,
> >
> > >owner => root,
> >
> > >group => root,
> >
> > > }
> >
> > > }
> >
> > >
> >
> > > fileserver.conf
> >
> > > [modules]
> >
> > > allow *
> >
> > >
> >
> > > [sshd]
> >
> > > path /etc/puppet/modules/sshd/files
> >
> > > allow *.hitwise.com
> >
> > >
> >
> > > I can stop the ssh service on the client and puppet restarts it, but
> >
> > > the file will not be sync'd to the client.
> >
> > >
> >
> > > /usr/bin/puppetd --no-daemonize --waitforcert 60 --server au-mel-
> >
> > > master-1.blah.com --verbose --test --fqdn hitw-gc-xen-1.gdn.blah.com --
> >
> > > debug
> >
> > > debug: Puppet::Type::Service::ProviderRedhat: Executing '/sbin/
> >
> > > chkconfig sshd'
> >
> > > debug: file_metadata supports formats: b64_zlib_yaml marshal pson raw
> >
> > > yaml; using pson
> >
> > > err: /Stage[main]/Sshd/File[/tmp/that.txt]: Could not evaluate:
> >
> > > getaddrinfo: Name or service not known Could not retrieve file
> >
> > > metadata for puppet://server/modules/sshd/files/tmp/that.txt:
> >
> > > getaddrinfo: Name or service not known at /etc/puppet/modules/sshd/
> >
> > > manifests/init.pp:29
> >
> > >
> >
> > > I'm using /etc/hosts files while I test this scenario, but the puppet
> >
> > > master is correctly configured in dns.
> >
> > >
> >
> > > What have I done wrong?
> >
> > >
> >
> > > Cheers
> >
> > > Denmat
> >
> > >
> >
> > > --
> >
> > > You received this message because you are subscribed to th
Re: [Puppet Users] checking if a user exists
What about just not setting the uid? It sounds like that's what you are trying
to do.
On Jul 22, 2010, at 12:30 PM, Don Harden wrote:
>
> Hi Folks,
>
> Ive been trying to figure this out on Puppet 2.5.5 but just upgraded
> to 2.6
>
> I have this in a module to make sure zabbix is installed, configured
> and running:
>
> class zabbix_agentd
> {
>user { "zabbix":
> name =>
> 'zabbix',
> ensure =>
> present,
> comment=> "Zabbix Monitoring
> System",
> home => "/var/lib/
> zabbix",
> managehome =>
> false,
> shell => "/sbin/
> nologin",
> uid=>
> "109",
>}
> . rest of class.
>
>
> This works great on puppet clients that do not have the user zabbix,
> but on clients that already have zabbix I get error such as
>
> err: //zabbix_agentd/User[zabbix]/uid: change from 489 to 109 failed:
> Could not set uid on user[zabbix]: Execution of '/usr/sbin/usermod -u
> 109 zabbix' returned 8: usermod: user zabbix is currently logged in
>
> So it seems that I need some way of testing for user zabbix on the
> clients, but I can't figure out how. This seems such a basic and
> easy thing to do that I surprised that I have not already found the
> answer.
>
> Thanks for any suggestions.
>
> Don
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Failing to connect new client to master
On Jul 22, 2010, at 12:20 PM, David Dyer-Bennet wrote: > > On Thu, July 22, 2010 12:27, Patrick Mohr wrote: >> The hostname the client connects to, must match the name on the server's >> certificate. > > I believe I have that right. > > On the server, > > [r...@wrkapp00 ddb]# hostname > wrkapp00.esteemedemployer.local > [r...@wrkapp00 ddb]# puppetca --all --list > + wrkapp00.esteemedemployer.local > > The only certificate is its own, and that's in the name I expect. > > On the client, > > [r...@prc-mn-lnx01 ~]# puppetd --server wrkapp00.esteemedemployer.local > --waitforcert 60 --test > notice: Ignoring --listen on onetime run > err: Could not retrieve catalog from remote server: certificate verify failed > warning: Not using cache on failed catalog > err: Could not retrieve catalog; skipping run > > (Ping from the client shows the name is resolving to the IP I expect it > to; that it's actually talking to the server I checked certificate names > on.) That's strange. Are you running puppet under Passenger or Mongrel? If you don't know, the answer is probably no. What does this command give you on the server? puppetmasterd --genconfig | grep "certname " What does this command give you on the client? puppetd --genconfig | grep "certname " What's in /var/lib/puppet/ssl on the client and server? Does /var/lib/puppet/ssl/certs/ca.pem on the client and server match? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Failing to connect new client to master
The hostname the client connects to, must match the name on the server's certificate. More info at: http://groups.google.com/group/puppet-users/browse_thread/thread/8bcc83b7f52214db On Jul 22, 2010, at 10:02 AM, WEB PAGE: http://www.dyarstraights.com (08/14/04) WEB PAGE: http://www.livejournal.com/users/allyson13/ (08/14/04) David Dyer-Bennet 11/30/04 Minneapolis, Minnesota Address(es): wrote: > I've had a small working puppet setup, reduced by circumstances to 1.5 > clients, for a while. It was up to 6 at one point, but things scaled > down. So I thought I knew how to make the most basic things work. > > But I've been beating my head against the wall trying to get a new > master and new clients set up. (The new master will eventually > replace the old one and take on its client as well.) > > I've got weird naming issues. > > The old master is 192.168.1.4, dns name > wrkapp00.esteemedemployer.local (local DNS) and also a public IP under > wrkapp00.esteemedemployer.com. > > The new master is 192.168.1.19, no dns name (yet; it's going to take > over the old name when we cut over). > > I'm using /etc/hosts files to make it function as > wrkapp00.esteemedemployer.local to itself and the new clients. > > (Puppet, or perhaps merely the documentation, seems very weak on > dealing with systems with no DNS name, and with situations where a > system changes its DNS name. In my experience, when I'm at the stage > of configuring a system where I need to get puppet working, we haven't > settled the DNS name for the system yet. I could probably get > something temporary put in, but then I'd have to switch it later, and > I'm scared of that given how much trouble I'm having with this.) > > In playing with this, I've many times wanted to wipe out all existing > certs on the master. I've been doing that with this command: >rm ` find /var/lib/puppet/ssl -type f ` > (after stopping puppetmaster). This seems to work; when I restart > puppetmaster it seems to create its own cert (files appear, and > puppetca --all --list reports it). > > I've installed a manifest and set of files slightly enhanced from what > worked on the old installation. > > So, on the new client system (192.168.1.22, prc-mn- > lnx01.esteemedemployer.local), I do: > > [r...@prc-mn-lnx01 ~]# puppetd --server > wrkapp00.esteemedemployer.local --waitforcert 60 --test > notice: Ignoring --listen on onetime run > err: Could not retrieve catalog from remote server: certificate verify > failed > warning: Not using cache on failed catalog > err: Could not retrieve catalog; skipping run > > And as you see it fails spectacularly. No signing request appears on > the master, either. > > Clues please! > > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] fileserver issues - getaddr info
Try using a path of "puppet://server/sshd/files/that.txt" (I removed the word
"modules").
On Jul 22, 2010, at 6:03 AM, denmat wrote:
> Hi all,
>
> Haven't set puppet up for awhile and have an issue with getting files
> served.
>
> I'm running 2.6 gem on fedora12.
>
> class sshd {
>
> file { "/tmp/that.txt":
>source => "puppet://server/modules/sshd/files/that.txt",
>ensure => present,
>mode => 600,
>owner => root,
>group => root,
> }
> }
>
> fileserver.conf
> [modules]
> allow *
>
> [sshd]
> path /etc/puppet/modules/sshd/files
> allow *.hitwise.com
>
> I can stop the ssh service on the client and puppet restarts it, but
> the file will not be sync'd to the client.
>
> /usr/bin/puppetd --no-daemonize --waitforcert 60 --server au-mel-
> master-1.blah.com --verbose --test --fqdn hitw-gc-xen-1.gdn.blah.com --
> debug
> debug: Puppet::Type::Service::ProviderRedhat: Executing '/sbin/
> chkconfig sshd'
> debug: file_metadata supports formats: b64_zlib_yaml marshal pson raw
> yaml; using pson
> err: /Stage[main]/Sshd/File[/tmp/that.txt]: Could not evaluate:
> getaddrinfo: Name or service not known Could not retrieve file
> metadata for puppet://server/modules/sshd/files/tmp/that.txt:
> getaddrinfo: Name or service not known at /etc/puppet/modules/sshd/
> manifests/init.pp:29
>
> I'm using /etc/hosts files while I test this scenario, but the puppet
> master is correctly configured in dns.
>
> What have I done wrong?
>
> Cheers
> Denmat
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] 2.6, parameterized classes, external nodes
On Jul 21, 2010, at 5:44 PM, Alan Sparks wrote: > Many of us have the problem of needing to simulate the instantiation of > definitions via external nodes (e.g., the multiple Apache vhosts > situation, or multiple service instantiations with unique > configurations). Since these are singletons, I'm guessing parameterized > classes won't help in solving this problem... Does 2.6 provide any new > support toward solving it? Now I'm confused. Isn't a parameterized class the same as a define except for the class being a singleton? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Installing a module FIRST
On Jul 21, 2010, at 5:16 PM, Douglas Garstang wrote: > On Wed, Jul 21, 2010 at 4:44 PM, Patrick Mohr wrote: >> >> On Jul 21, 2010, at 4:29 PM, Douglas Garstang wrote: >> >>> Anyone, >>> >>> How can I guarantee that all components of the LDAP client module get >>> installed before ANY components of any other module? >> >> Use 2.6.x and use run stages. >> >> -OR- >> >> Use 0.25.x and make all User and Package resources depend on that class. > > Doing that is a sure fire path to cyclic dependency hell. > I'll grant you that. I did it for that package setup, but it was very annoying. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Installing a module FIRST
On Jul 21, 2010, at 4:29 PM, Douglas Garstang wrote: > Anyone, > > How can I guarantee that all components of the LDAP client module get > installed before ANY components of any other module? Use 2.6.x and use run stages. -OR- Use 0.25.x and make all User and Package resources depend on that class. > This is another one of those situations where the ability to have > modules fully installed in order they are listed would be hugely > beneficial. Making everything install in the order it's listed means you can't explicitly specify dependencies. Explicit dependencies are one of the reasons I really like using puppet over shell scripts. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Installping puppet with kickstart -- Cannot find local fact /proc/cpuinfo
On Jul 21, 2010, at 4:47 AM, Harihara Vinayakaram wrote:
> I found this reply from one of the users in the same thread . The
> solution was to
> 1) Copy the existing /etc/rc.local to /etc/rc.local.orig
> 2) Replace the /etc/rc.local with a script that run puppetd , moves /
> etc/rc.local.orig to /etc/rc.local , reboot
>
Just some things to keep in mind:
*) If puppet hangs in rc.local, the startup process will hang in some distros.
*) If puppet's not daemonized, and puppet returns an error, rc.local will stop
executing in some distros.
*) Make sure that nothing changes rc.local back until puppet successfully
finishes the first run.
>
> On Jul 20, 10:28 pm, Patrick Mohr wrote:
>> On Tue, Jul 20, 2010 at 5:23 AM, Tore wrote:
>>> We use Satellite to kickstart our nodes. Have you tried to do this
>>> after %post?
>>
>>> kickstart-file, I've removed a few lines:
>>
>>> install
>>> text
>>> []
>>> %packages
>>> @ Base
>>
>>> %pre
>>> $kickstart_start
>>> $SNIPPET('pre_install_network_config')
>>
>>> %post --nochroot
>>> mkdir /mnt/sysimage/tmp/ks-tree-copy
>>> [...]
>>> cp `awk '{ if ($1 ~ /%include/) {print $2}}' /tmp/ks.cfg` /tmp/ks.cfg /
>>> mnt/sysimage/root
>>
>>> %post
>>> ( # Log %post errors
>>> # --Begin RHN Satellite command section--
>>> [...]
>>> # --End RHN Satellite command section--
>>
>>> [...]
>>> ) >> /root/ks-post.log 2>&1
>>> $SNIPPET('post_install_network_config')
>>
>>> $SNIPPET('spacewalk/1/install_and_config_puppet')
>>
>>> $SNIPPET('post_install_kernel_options')
>>> $SNIPPET('koan_environment')
>>> $kickstart_done
>>
>>> I have no idea if that will work for you, its strange that /proc/
>>> cpuinfo isn't available since I assume anaconda uses that information
>>> during installation.
>>
>> I don't remember much about the redhat install process, but are you
>> chrooting before you run puppet? If so, the probably is probably that /proc
>> is not mounted inside of the chroot environment?
>>
>> On 16 Jul, 13:39, Harihara Vinayakaram wrote:
>>
>>>> Hi
>>>>I have been trying to get puppet working with kickstart. I am
>>>> trying to install Hadoop on the nodes. Installing puppet from
>>>> kickstart work and when the machine restarts, certificates are pulled
>>>> down and hadoop user is created and files are extracted.
>>
>>>>I want all the user creation etc to be done before the machine
>>>> reboots so that I can set up init.d scripts to do a start of hadoop .
>>>> So I run the puppetd --server ... --one-time --no-daemonize as part
>>>> of the late_command with a chroot /target .
>>
>>>>But this fails saying cannot find local fact /proc/cpuinfo . I
>>>> tried to a mount /proc in the script but the machine hangs. Is this a
>>>> known problem
>>
>>>> http://groups.google.com/group/puppet-users/browse_thread/thread/b2e3...
>>>> has a solution but it does not work . The only difference I can see is
>>>> that it runs the puppetd as -in-target instead of a chroot . Any ideas
>>>> will be helpful
>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "Puppet Users" group.
>>> To post to this group, send email to puppet-us...@googlegroups.com.
>>> To unsubscribe from this group, send email to
>>> puppet-users+unsubscr...@googlegroups.com
>>> .
>>> For more options, visit this group at
>>> http://groups.google.com/group/puppet-users?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Installping puppet with kickstart -- Cannot find local fact /proc/cpuinfo
On Tue, Jul 20, 2010 at 5:23 AM, Tore wrote:
> We use Satellite to kickstart our nodes. Have you tried to do this
> after %post?
>
> kickstart-file, I've removed a few lines:
>
> install
> text
> []
> %packages
> @ Base
>
> %pre
> $kickstart_start
> $SNIPPET('pre_install_network_config')
>
> %post --nochroot
> mkdir /mnt/sysimage/tmp/ks-tree-copy
> [...]
> cp `awk '{ if ($1 ~ /%include/) {print $2}}' /tmp/ks.cfg` /tmp/ks.cfg /
> mnt/sysimage/root
>
> %post
> ( # Log %post errors
> # --Begin RHN Satellite command section--
> [...]
> # --End RHN Satellite command section--
>
> [...]
> ) >> /root/ks-post.log 2>&1
> $SNIPPET('post_install_network_config')
>
> $SNIPPET('spacewalk/1/install_and_config_puppet')
>
> $SNIPPET('post_install_kernel_options')
> $SNIPPET('koan_environment')
> $kickstart_done
>
>
> I have no idea if that will work for you, its strange that /proc/
> cpuinfo isn't available since I assume anaconda uses that information
> during installation.
>
I don't remember much about the redhat install process, but are you
chrooting before you run puppet? If so, the probably is probably that /proc
is not mounted inside of the chroot environment?
On 16 Jul, 13:39, Harihara Vinayakaram wrote:
> > Hi
> >I have been trying to get puppet working with kickstart. I am
> > trying to install Hadoop on the nodes. Installing puppet from
> > kickstart work and when the machine restarts, certificates are pulled
> > down and hadoop user is created and files are extracted.
> >
> >I want all the user creation etc to be done before the machine
> > reboots so that I can set up init.d scripts to do a start of hadoop .
> > So I run the puppetd --server ... --one-time --no-daemonize as part
> > of the late_command with a chroot /target .
> >
> >But this fails saying cannot find local fact /proc/cpuinfo . I
> > tried to a mount /proc in the script but the machine hangs. Is this a
> > known problem
> >
> > http://groups.google.com/group/puppet-users/browse_thread/thread/b2e3...
> > has a solution but it does not work . The only difference I can see is
> > that it runs the puppetd as -in-target instead of a chroot . Any ideas
> > will be helpful
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Distributing passwd/group/shadow
On Jul 19, 2010, at 6:11 PM, noob-puppeteer wrote: > Hi, > I am trying to figure out a good "puppet" way to do this. In our old > configuration, we were using cfengine and distributing passwd, group > and shadow files by first running a command on the server that would > filter these files to have just the team users (since we are using > hosting services) into a master file that would get distributed to all > the clients and the clients would apply the master file to its local > passwd, group and shadow files. > > In puppet, as far as I can see, there is no way to run a command to > prep the files on the master, before a puppet client asks for the > catalog or is there? > > We are doing things in this complicated way, because this allows us to > continue use the useradd, usermod commands on the master servers, and > the client servers automatically get the configuration. Plus we dont > have to store the files in version control. Is there a better way to > do this in puppet? Usually I find that putting user accounts in version control is a good idea. Unless you have a reason not to, I would just create the user accounts and group accounts using puppet's "user" and "group" resources. Any reason not to? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Collecting _all_ ssh keys
On Jul 19, 2010, at 7:52 AM, Klaus Ethgen wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Hi,
>
> Am Sa den 12. Jun 2010 um 10:03 schrieb David Schmitt:
>> You'll need to set a properly unique title, and set the namevar explicitely:
>>
>> @@sshkey {
>> "${fqdn}dsa":
>> name => $fqdn,
>> ...
>> "${fqdn}rsa":
>> name => $fqdn,
>> ...
>> }
>
> That idea was pretty good. But then I get the message:
> err: Could not retrieve catalog: Puppet::Parser::AST::Resource failed with
> error ArgumentError: Cannot alias Sshkey[xxx.yyy.chrsa] to xxx.yyy.ch;
> resource Sshkey[xxx.yyy.ch] already exists at
> /etc/puppet/modules/ssh/manifests/init.pp:44 on node xxx.yyy.ch
>
> So, this approach is a dead end too unfortunately.
>
> Best regards and many thanks for the idea.
In practice I think you will only need the rsa key. Try just using rsa (and if
that doesn't work just dsa) and see if you are able to connect without warnings.
If I remember right, ssh clients usually only use one key, and modern clients
usually only use rsa keys.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] What is the "best practices" way to install puppet
On Jul 18, 2010, at 12:19 PM, kevin wrote: > Damn it, is there no acronym for "best practices" yet? ;) > > Ok, I am installing puppet, and wondering which version and from where > should I install. Gems? OS packages? Version? What OS are you using? You might get better answers if we know. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: How can I know if puppetd --no-daemonize --debug --onetime is success
Run "puppetd --genconfig" for commented documentation about puppetd's parameters. Take a look at "puppetd --genconfig | grep _command" if you don't want 5-15 pages of text to wade through. On Jul 16, 2010, at 2:55 PM, Yushu wrote: > Thanks Patrick, > > But where is the post-command? Couldn't find any document in 0.25. > > Thanks > > -Yushu > > > On Jul 16, 2:35 pm, Patrick Mohr wrote: >> You could also test to see if post-command is run. >> >> On Jul 16, 2010, at 12:47 PM, R.I.Pienaar wrote: >> >> >> >>> - "Yushu" wrote: >> >>>> Hi Experts, >> >>>> I'm running "puppetd --no-daemonize --debug --onetime". >>>> Is there a way to figure out if the one time run is success? >>>> I couldn't do it by looking at the return value, it return 0 when >>>> "err: skipping run" >> >>>> Success meaning All definitions are applied and nothing failed. >> >>>> I can of course grep for "err:" but I'm just wondering is there an >>>> official way of doing this? >> >>> slightly less hacky though still hacky is to just add --summarize to the >>> command line and parse that output. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How can I know if puppetd --no-daemonize --debug --onetime is success
You could also test to see if post-command is run. On Jul 16, 2010, at 12:47 PM, R.I.Pienaar wrote: > > - "Yushu" wrote: > >> Hi Experts, >> >> I'm running "puppetd --no-daemonize --debug --onetime". >> Is there a way to figure out if the one time run is success? >> I couldn't do it by looking at the return value, it return 0 when >> "err: skipping run" >> >> Success meaning All definitions are applied and nothing failed. >> >> I can of course grep for "err:" but I'm just wondering is there an >> official way of doing this? >> > > slightly less hacky though still hacky is to just add --summarize to the > command line and parse that output. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppet doing full read on files with replace => no
On Jul 15, 2010, at 10:27 AM, John Cesario wrote:
> Hey all,
>
> This is on puppet 0.25.4:
>
> The manifest for one of the directories looks like this. This class/object
> does not have anything below it (nothing inherits this).
>
> file {
> "/var/lib/data/$name":
> ensure => directory,
> owner=> "data",
> group=> "data",
> recurse => true,
> mode => 750,
> ignore => ".svn",
> replace => false,
> checksum => undef,
> backup => false,
> source => "puppet:///app/app_data/$seed",
> require => File["/var/lib/app_data"]
> }
>
>
> We use this to initialize an applications data directory, and then dump
> ~500GB of data into it.
>
> The problem is that on subsequent puppet runs when the directory is
> populated, strace still shows puppet doing a full read of all the files in
> there.
>
> Any way to stop this besides doing recurselimit => 0. I would like the
> permissions to be managed, and obviously with recurse => 0 shipping the seed
> files over there becomes difficult.
Frankly, I would use something other than puppet for big files. I'd suggest
rsync, nfs, deb packages, or wget+tar.
If you still want to do it:
*) Is puppet still doing this read on the client?
*) Is puppet still doing this read on the server?
*) Are you pretty sure it's a full read and not just puppet running stat on
each file to make sure the file(s) are there?
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How do I get a node to forget its state?
On Jul 15, 2010, at 11:02 AM, hernan wrote: > I had a bad manifest at one point which told puppetd to --recurse on a > massive directory that I didn't actually want it to manage. I reverted the > config. Ever since then however, the nodes that once applied that --recurse > take a much longer time to update themselves. > > What I see is this: > > debug: Storing state > debug: Stored state in 59.66 seconds > > On a fresh node this takes less than five seconds. While "Storing state" is > running the puppetd Ruby process is at 100% CPU. > > Is there any way I can get the affected nodes to forget about that old > config? Or is there any way I can get more information about what state is > being stored to make sure this is the issue? > > Ubuntu 9.10/ > puppetd --version => 0.24.8 Try this: (I don't think I have any typos, but don't be too surprised if I have) service puppet stop #Remove the old puppet state mv /var/lib/puppet /root/ mkdir /var/lib/puppet #Put the certificates back cp -a /root/puppet/ssl /var/lib/puppet/ #Now test it puppetd --test --verbose --debug #If it works, turn puppet back on service puppet start -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Creating a directory fails
I might know the problem. Do you have device files or sockets in
/var/named/chroot? If so puppet might be trying to manage the permissions on
stuff in that folder and failing the sanity check when is sees they aren't
regular files.
On Jul 15, 2010, at 7:21 AM, Christopher Johnston wrote:
> They exist for sure..
>
> # ls -ld /var/named/
> drwxr-x--- 6 root named 4096 2010-07-15 06:20 /var/named/
> # ls -ld /var/named/chroot/
> drwxr-xr-x 5 named named 4096 2010-07-15 06:20 /var/named/chroot/
>
>
> On Thu, Jul 15, 2010 at 12:09 AM, Patrick Mohr wrote:
> I'd check to see if /var/named exists or if /var/named/chroot is a symlink.
>
> On Jul 14, 2010, at 2:24 PM, Christopher Johnston wrote:
>
> > I don't see anything out of the ordinary here, seems like its not honoring
> > the type as a directory but as a file any ideas?
> >
> > err: //bind::slave/File[/var/named/chroot]: Failed to generate additional
> > resources using 'eval_generate': Cannot manage files of type
> > characterSpecial
> >
> > file { '/var/named/chroot':
> > ensure=> directory,
> > owner => named,
> > group => named,
> > mode => 0755,
> > require => Package['bind-chroot'];
> > }
> >
> >
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Puppet Users" group.
> > To post to this group, send email to puppet-us...@googlegroups.com.
> > To unsubscribe from this group, send email to
> > puppet-users+unsubscr...@googlegroups.com.
> > For more options, visit this group at
> > http://groups.google.com/group/puppet-users?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Creating a directory fails
I'd check to see if /var/named exists or if /var/named/chroot is a symlink.
On Jul 14, 2010, at 2:24 PM, Christopher Johnston wrote:
> I don't see anything out of the ordinary here, seems like its not honoring
> the type as a directory but as a file any ideas?
>
> err: //bind::slave/File[/var/named/chroot]: Failed to generate additional
> resources using 'eval_generate': Cannot manage files of type characterSpecial
>
> file { '/var/named/chroot':
> ensure=> directory,
> owner => named,
> group => named,
> mode => 0755,
> require => Package['bind-chroot'];
> }
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet DDNS and Preseed -- Any easier alternative
On Jul 14, 2010, at 7:27 AM, Joe McDonagh wrote: > On 07/14/2010 10:15 AM, Harihara Vinayakaram wrote: >> Hi >> I have a set up that runs puppetmasterd, DDNS , DHCP etc on one >> server . I have managed to PXE boot Ubuntu 10.04 clients and setup >> puppet clients . The ultimate goal is to run Hadoop on the nodes. I >> have some observations on the process and I am wondering if there is >> any easier way to do . I am running this on 50 physical nodes. >> >> 1. Puppet clients work only if the DNS (both forward and revese >> work ). For DDNS to work (at least on Ubuntu clients) secure DDNS in >> the only way . This needs a dhclient-exit-hook per machine and also a >> send fqdn.fqdn from each machine's dhclient.conf . >> >> To solve this my preseed.cfg contains a late-command which >> transfers a script to the client machine which does a series of wget >> and some sed manipulations . Looking from the outside it does looks a >> bit complicated and I see a maintenance proble Is there a easier way >> to do this ? >> >> Regards >> Hari >> >> > Hari, this is sort of OT but I've been lightly piloting Ubuntu 10.04 and I've > noticed that for some reason my partman-auto recipe which worked fine in 8.04 > is creating disproportionately large swap partitions. Are you using > partman-auto? If so, could I see the config block? Thanks. > I hope the attachment comes though. Don't forget to: *) Change line 66 *) Change the passwords *) Changed the groups the created user is added to *) Change the last line if you don't want puppet auto-starting. You should also be aware of https://bugs.launchpad.net/bugs/570805 if you use ext4. Contents of the preconfiguration file (for &releasename;) ### Localization # Locale sets language and country. d-i debian-installer/locale string en_US # Keyboard selection. # Disable automatic (interactive) keymap detection. d-i console-setup/ask_detect boolean false #d-i console-setup/modelcode string pc105 d-i console-setup/layoutcode string us # To select a variant of the selected layout (if you leave this out, the # basic form of the layout will be used): #d-i console-setup/variantcode string dvorak ### Network configuration # netcfg will choose an interface that has link if possible. This makes it # skip displaying a list if there is more than one interface. d-i netcfg/choose_interface select auto # To pick a particular interface instead: #d-i netcfg/choose_interface select eth1 # If you have a slow dhcp server and the installer times out waiting for # it, this might be useful. #d-i netcfg/dhcp_timeout string 60 # If you prefer to configure the network manually, uncomment this line and # the static network configuration below. #d-i netcfg/disable_dhcp boolean true # If you want the preconfiguration file to work on systems both with and # without a dhcp server, uncomment these lines and the static network # configuration below. #d-i netcfg/dhcp_failed note #d-i netcfg/dhcp_options select Configure network manually # Static network configuration. #d-i netcfg/get_nameservers string 192.168.1.1 #d-i netcfg/get_ipaddress string 192.168.1.42 #d-i netcfg/get_netmask string 255.255.255.0 #d-i netcfg/get_gateway string 192.168.1.1 #d-i netcfg/confirm_static boolean true # Any hostname and domain names assigned from dhcp take precedence over # values set here. However, setting the values still prevents the questions # from being shown, even if values come from dhcp. d-i netcfg/get_hostname string unassigned-hostname d-i netcfg/get_domain string unassigned-domain # Disable that annoying WEP key dialog. d-i netcfg/wireless_wep string # The wacky dhcp hostname that some ISPs use as a password of sorts. #d-i netcfg/dhcp_hostname string radish # If non-free firmware is needed for the network or other hardware, you can # configure the installer to always try to load it, without prompting. Or # change to false to disable asking. #d-i hw-detect/load_firmware boolean true ### Mirror settings # If you select ftp, the mirror/country string does not need to be set. #d-i mirror/protocol string ftp d-i mirror/country string manual d-i mirror/http/hostname string us.archive.ubuntu.com d-i mirror/http/directory string /ubuntu d-i mirror/http/proxy string http://aptcacher:3142/ # Alternatively: by default, the installer uses CC.archive.ubuntu.com where # CC is the ISO-3166-2 code for the selected country. You can preseed this # so that it does so without asking. #d-i mirror/http/mirror select CC.archive.ubuntu.com # Suite to install. #d-i mirror/suite string &releasename; # Suite to use for loading installer components (optional). #d-i mirror/udeb/suite string &releasename; # Components to use for loading installer components (optional). #d-i mirror/udeb/components multiselect main, restricted ### Clock and time zone setup # Controls whether or not the hardware clock is set to UTC. d-i clock-setup/utc boolean true # You may set this to any valid setting for $TZ;
Re: [Puppet Users] "Basic Windows support" in Rowlf (2.6.0 RC*) ?
On Jul 13, 2010, at 3:42 PM, Steven Wagner wrote:
> I'm a pretty good candidate for a Puppet-fer-Windows guinea pig here
> as I'd be able to get a lot of mileage out of just being able to use
> the File, Service and Exec types on that platform ("Is game server
> running?" "Has configuration been updated?" etc.) ... but I haven't
> found much in puppet-users about what the current state is of Puppet
> and Facter for Windows.
>
You might want to take a look at
http://projects.puppetlabs.com/projects/puppet/wiki/Puppet_Windows
It looks like some people have gotten farther than you.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppetmasterd screwing the SSL setup
On Jul 13, 2010, at 6:54 AM, Marco Marongiu wrote: > Dear puppeteers > > I am trying to build a tree hierarchy of puppetmasters. The architecture > is aimed to distribute the load among a number of datacenters, while > keeping the puppetmasters in sync by means of puppet itself. > > The architecture I am trying to build is: > > - one "main puppetmaster"; > - many "distribution servers", that will be client of the main > puppetmaster, and masters to other clients > - plain clients > > > Unfortunately puppetmasterd gets in the way (maybe thinking it's so > smart?), screwing up the SSL setup. This was discussed yesterday on IRC; > Volcano suspects that there something in the certificates is at the root > of the problem, and that's why I added a certdnsnames directive, but > with no result so far. > > I am testing this setup on VirtualBox VMs on my desktop (which is > actually a luck since I can use snapshot and rewind back and forth to > different working states). The main puppetmaster is called > mastertest.oslo.osa and has address 192.168.56.108; the distribution > server is called distserver.oslo.osa and has address 192.168.56.111. > Both are on each other's /etc/hosts file. > > First, I configure distserver as a plain puppet client of mastertest. A > couple of runs of puppetd --test will bring it up to speed, and it will > work as expected. > > Then, on mastertest, I create a node file for distserver, which will > define it as a distribution server, and run puppetd again. > /etc/puppet/puppet.conf is rewritten so that it contains the following > certdnsnames in the puppetmasterd section: > > certdnsnames="distserver.oslo.osa:distserver" > > while the server directive is the puppetd section is: > > server=mastertest.oslo.osa > > Eventually, after the new puppet.conf is already in place, puppetmasterd > starts, and screws up the SSL setup: > >> Jul 13 14:00:38 distserver puppetmasterd[2861]: Creating a new SSL key for ca >> Jul 13 14:00:38 distserver puppetmasterd[2861]: Using cached certificate for >> ca, good until Sun Jul 05 12:44:33 UTC 2015 >> Jul 13 14:00:38 distserver puppetmasterd[2861]: Expiring the certificate >> cache of ca >> Jul 13 14:00:38 distserver puppetmasterd[2861]: Removing file >> Puppet::SSL::Certificate ca at '/var/lib/puppet/ssl/certs/ca.pem' >> Jul 13 14:00:38 distserver puppetmasterd[2861]: Retrieved certificate does >> not match private key >> Jul 13 14:00:38 distserver puppetmasterd[2861]: Creating a new SSL >> certificate request for ca >> Jul 13 14:00:38 distserver puppetmasterd[2861]: Signed certificate request >> for ca >> Jul 13 14:00:38 distserver puppetmasterd[2861]: Rebuilding inventory file >> Jul 13 14:00:38 distserver puppetmasterd[2861]: Using cached >> certificate_revocation_list for ca, good until >> Jul 13 14:00:38 distserver puppetmasterd[2861]: Using cached certificate for >> ca, good until Sat Jul 11 12:00:38 UTC 2015 >> Jul 13 14:00:38 distserver puppetmasterd[2861]: Using cached certificate for >> distserver.oslo.osa, good until Sat Jul 11 09:25:03 UTC 2015 >> Jul 13 14:00:38 distserver puppetmasterd[2888]: Reopening log files > > (note the "Removing file" line...) > > > Now, next time I run puppetd --test, all I get is: > >> Jul 13 14:01:08 distserver puppetd[3212]: Could not retrieve catalog from >> remote server: undefined method `closed?' for nil:NilClass >> Jul 13 14:01:08 distserver puppetd[3212]: Not using cache on failed catalog >> Jul 13 14:01:08 distserver puppetd[3212]: Could not retrieve catalog; >> skipping run > > Needless to say, if I stop puppetmasterd and put the old, "client" files > back in place into /var/lib/puppet, this machine starts working again as > a client. > > On mastertest (which has a nginx reverse proxy to four puppetmasterd > instances, again for scalability) I see that the request from distserver > is wrong. In fact, for distserver I have: > >> 192.168.56.111 - - [13/Jul/2010:15:30:09 +0200] "-" 400 0 "-" "-" > > while for working clients (e.g.: mastertest itself) I have something like: > >> 192.168.56.109 - - [13/Jul/2010:15:30:28 +0200] "GET >> /production/catalog/mastertest.oslo.osa?facts_format=b64_zlib_yaml&facts=LONG_BASE64_STRING_HERE > > I honestly can't understand what is going on here... Basically, the puppet packages you are using (and I suspect most others) assume that the client and the server on a given machine are part of the same PKI. It also might be assuming a couple of other things, but my experiments never got that far. > Is there a way to make this all work as intended? WARNING: This fix is almost as destructive as rm -Rf /var/lib/puppet I think everything will just work if you set puppetd and puppetmaster to have a different "ssldir" like this: [main] #remove the ssldir entry from here. [puppetmasterd] ssldir=/var/lib/puppet/ssl_server [puppetd] ssldir=/var/lib/puppet/ssl_client I won't say this is working as intended. The normal way is to make a r
Re: [Puppet Users] Re: puppet capistrano and repository
On Jul 12, 2010, at 6:31 PM, nate wrote: > On Jul 12, 9:33 am, bmort wrote: >> Whew I am struggling on a puppet architecture design learning >> curve. >> >> I believe if i could find a good 'stand alone' example, it would >> clarify a lot of the questions I have and it would help me set up a >> test machine. >> >> I hoping to find an example of a stand alone that has a process flow >> similar to: >> >> - start puppet with Capistrano >> - puppet checks the 'repository' and determines changes have been >> made >> - applies any changes >> >> Please share any instructions or good reads ... >> >> I am looking to support a set of servers that support 10+ clients, >> each client has a dev, test and production server for 5 different web >> applications. >> >> Regards. > > i'm sort of looking to do similar things. basically, i'm trying to > hash out the best way to run puppet without a puppetmaster. > > i support various businesses with mostly lenient outbound firewalls, > though some restrict traffic on high ports and the like. What about running the puppetmaster on a low port? > one way around this is to run puppet locally. i have some basic > groundwork to keep all the manifests and modules, etc. in a git repo > which then gets checked out via http by the clients. > > i'm looking to use git hooks to run puppet. something simple like this > seemed to work, though puppet didn't actually run on the client. no > error checking or anything in this yet… just quick and dirty. > > #!/bin/bash > # post-checkout testing > # stored in .git/hooks/post-checkout > # 100712, initial version, nate > # > /usr/bin/logger -t PUPPET -i "running puppet..." > /usr/bin/puppet -v /etc/pconfig/manifests/site.pp > /usr/bin/logger -t PUPPET -i "puppet run complete" > > > > instead of using capistrano, would a post pull/clone hook do what you > want? > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: ERB / Tagging...
Take a look at http://docs.puppetlabs.com/guides/exported_resources.html. I
think this will give you what you want. It will only work if you turn on
storeconfigs.
On Jul 12, 2010, at 5:43 AM, CraftyTech wrote:
> Thanks for the feedback Jeff. Interesting feature that I had
> unfortunately overlooked until now, but the basic question still
> remains; how would I then generate specific hostfiles based on nodes
> of the same tag? For instance, a web server to only have host entries
> for items tagged webserver only, and not one large on-size-fits-all
> file. Thanks,
>
> On Jul 2, 9:39 pm, Jeff McCune wrote:
>> On Wed, Jun 30, 2010 at 10:40 AM, CraftyTech wrote:
>>> Hello All,
>>
>>> Can someone point me in the right direction here. I'm trying to
>>> create an erb template for my /etc/hosts file, so that when executed,
>>> it populates the /etc/hosts file only with entries that are tag
>>> relevant. For instance, if a server is tagged apache, only the apache
>>> tagged entries would be populated into the /etc/hosts file. Thanks in
>>> advance for you help.
>>
>> I recommend using the built in host type to model and manage entries
>> in /etc/hosts rather than a template.
>>
>> Modeling your configuration using a type rather than a file will allow
>> you to declare the resources as virtual, then simply realize them if
>> they're tagged with the tag you care about. In addition, you'll
>> receive a bunch of additional features "for free" like the
>> relationship graph, meta-parameters, reporting, etc...
>>
>> For example:
>>
>> class apache {
>> @host { "zaphod": ip => "1.2.3.4" }
>>
>> }
>>
>> # Realize host entries tagged with "apache"
>> Host <| tag == "apache" |>
>>
>> --
>> Jeff McCunehttp://www.puppetlabs.com/
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ANNOUNCE: Puppet 2.6.0 - Release Candidate 1 available!
2010/7/10 Jesús M. Navarro > Hi: > > On Saturday 10 July 2010 19:11:12 Patrick Mohr wrote: > > On Jul 10, 2010, at 7:57 AM, Peter Meier wrote: > > > -BEGIN PGP SIGNED MESSAGE- > > > Hash: SHA1 > > > > > > On 07/10/2010 04:54 PM, Patrick Mohr wrote: > > >> On Jul 9, 2010, at 11:58 PM, James Turnbull wrote: > > >>> Certificates cleaned with puppetca (or puppet cert) are now also > > >>> revoked. > > >> > > >> Is there some way to clean a cert (using puppet cert) without > > >> revoking it? Something like "puppet cert --clean hostname.domain > > >> --no-revoke". > > > > > > afaik, not. But could be a feature request. On the other hand, what's > > > the use case? > > > > This isn't my usecase so I don't care, but since you ask... > > > > Suppose you have machines that: > > *) Don't get any sensitive information through puppet. > > *) Are re-imaged often using PXE+preseeding or PXE+kickstart > > *) All the computers have names in the form of "lab-client-*.domainname" > > > > Someone said that in this case you can put "puppetca --clean > > lab-client-*.domainname" as a cron job, and put "lab-client-*.domainname" > > in autosign.conf. > > > > Again, I don't do this, so don't do it for me. > > I don't see that to be a use case in need of a "no-revoke" option. Once > you > delete the old machine and re-image it with "PXE+preseeding or > PXE+kickstart" > it won't get the old certkey so it'll need to be resigned anyway: to all > practical purposes it's a new machine, so no benefit on not revoking the > old > one. > > But I was saying clean out all client certs and private keys (for clients in this group) off the server once per hour. Meaning you are running clean while the client exists and has a valid cert/key combo. I guess you would always do the same thing with two "rm" statements in the cron job instead. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ANNOUNCE: Puppet 2.6.0 - Release Candidate 1 available!
On Jul 10, 2010, at 7:57 AM, Peter Meier wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 07/10/2010 04:54 PM, Patrick Mohr wrote: >> On Jul 9, 2010, at 11:58 PM, James Turnbull wrote: >> >>> Certificates cleaned with puppetca (or puppet cert) are now also >>> revoked. >> >> Is there some way to clean a cert (using puppet cert) without >> revoking it? Something like "puppet cert --clean hostname.domain >> --no-revoke". > > afaik, not. But could be a feature request. On the other hand, what's > the use case? This isn't my usecase so I don't care, but since you ask... Suppose you have machines that: *) Don't get any sensitive information through puppet. *) Are re-imaged often using PXE+preseeding or PXE+kickstart *) All the computers have names in the form of "lab-client-*.domainname" Someone said that in this case you can put "puppetca --clean lab-client-*.domainname" as a cron job, and put "lab-client-*.domainname" in autosign.conf. Again, I don't do this, so don't do it for me. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ANNOUNCE: Puppet 2.6.0 - Release Candidate 1 available!
On Jul 9, 2010, at 11:58 PM, James Turnbull wrote: > Certificates cleaned with puppetca (or puppet cert) are now also revoked. Is there some way to clean a cert (using puppet cert) without revoking it? Something like "puppet cert --clean hostname.domain --no-revoke". File streaming means the client and server don't load the whole file into RAM to send or receive it? Thanks for all the great work. Puppet has made my life so much easier. -Patrick -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: conditional execution of package
On Jul 9, 2010, at 2:33 AM, prudhvi wrote:
> Hi Patrick,
>
> You're right.
> Actually I have a custom source which i have to install it through
> source
> is there any conditional execution like if-case to check whether the
> source files are already in place?
Not creating a package is probably a big mistake, but take a look at the
"onlyif" parameter and the "creates" parameter. onlyif takes a command.
creates says something like "if this file/directory exists, don't run this
command."
> On Jul 9, 12:18 pm, Patrick Mohr wrote:
>> It's probably better to make a package instead.
>>
>> On Jul 8, 2010, at 11:49 PM, prudhvi wrote:
>>
>>> Hi,
>>
>>> I have been installing couchdb from source thorough " make/make
>>> install " using puppet's exec.
>>> The problem I am facing is when ever i run the configuration for the
>>> second time its not recognizing tat its already installed.
>>> couchdb is being installed all over again.
>>> is it the problem becoz , im not using puppet's package resource type
>>> I thought of a plan in which i can check whether a particular file
>>> exists. so if the file doesnt exists, I'll ask puppet to install it
>>> right away.
>>
>> So you're doing something like this?
>>
>> exec { tar xvzf && ./configure && make && make install:
>> path => "whatever",
>> creates => "/usr/bin/program_name",
>>
>> }
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppetmaster REST interface
Right now puppet mostly IS the documentation. You could watch the traffic between the puppetmaster and the client, or look at the source code, but I don't recommend it. Also, it would probably be MUCH easier to enable storeconfigs and ask the MySQL server directly. That's very easy to figure out. On Jul 9, 2010, at 12:36 AM, Cedric Jeanneret wrote: > Hello, > > I'm wondering if there's some way to ask informations to the puppetmaster via > the REST interface. > My aim is to ask, for example "what are all the values for > ". > If so, is there any page about syntaxe ? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] conditional execution of package
It's probably better to make a package instead.
On Jul 8, 2010, at 11:49 PM, prudhvi wrote:
> Hi,
>
> I have been installing couchdb from source thorough " make/make
> install " using puppet's exec.
> The problem I am facing is when ever i run the configuration for the
> second time its not recognizing tat its already installed.
> couchdb is being installed all over again.
> is it the problem becoz , im not using puppet's package resource type
> I thought of a plan in which i can check whether a particular file
> exists. so if the file doesnt exists, I'll ask puppet to install it
> right away.
So you're doing something like this?
exec { tar xvzf && ./configure && make && make install:
path => "whatever",
creates => "/usr/bin/program_name",
}
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Using variables in regex
On Jul 6, 2010, at 6:40 AM, Christian Casar wrote:
> Well, how do I use the content of a variable in regex?
>
> $username = "user1"
> file { "userdata.tar.bz2":
>source => "puppet://$server/modules/$module/
> userdata.tar.bz2",
>ensure => $users ? {
>/$username/ => absent,
>default => present,
>},
> }
>
> $users is a custom fact that contains all local users:
>
> users => at avahi bin daemon dnsmasq ftp games haldaemon lp mail
> messagebus nobody ntp polkituser postfix pulse root sshd suse uuidd
> wwwrun man news uucp puppet user1
>
> When I hardcode "user1" into the regex my test works fine and the file
> is removed.
>
> But things like /$variable/ or /\$variable/ or /#{variable}/ just
> don't work.
> Is it even possible in version 0.25.4?
Try changing #{variable} to ${variable}
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Splitting classes into separate files
On Jul 5, 2010, at 8:20 AM, Dan Carley wrote:
> On 5 July 2010 15:11, Thomas Bellman wrote:
> On 2010-07-03, Jeff McCune wrote:
>
> > In this module, if you use the following orginization puppet will
> > autoload everything:
> >
> > manifests/init.pp contains class apache { }
> > manifests/disable.pp contains class apache::disable inherits apache {}
> > manifests/virtualhost.pp contains define apache::virtualhost(){}
>
> Yuck! Forcing each class or define into its own file sucks royally.
> No sane person wants their code organized like that.
>
> Really? I find it a much more manageable way to work, rather than wading
> through lines of `init.pp` to find the relevant class or maintaining lists of
> slightly artificially named `import` statements. It also provides some more
> reliable behaviour with regards to caching of compilation failures.
I usually put some of the really small classes in init.pp. For instance, do
you put your packages classes in their own file?
class apache::package {
package { apache2: ensure => present }
}
Would you put this in it's own file?
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Splitting classes into separate files
On Jul 5, 2010, at 7:11 AM, Thomas Bellman wrote:
> On 2010-07-03, Jeff McCune wrote:
>
>> In this module, if you use the following orginization puppet will
>> autoload everything:
>>
>> manifests/init.pp contains class apache { }
>> manifests/disable.pp contains class apache::disable inherits apache {}
>> manifests/virtualhost.pp contains define apache::virtualhost(){}
>
> Yuck! Forcing each class or define into its own file sucks royally.
> No sane person wants their code organized like that.
>
>> If you want additional namespaces, they go in directories.
>> class apache::service::disable would go in manifests/service/disable.pp
>>
>> I highly recommend against using import today and in the future.
>
> The cure is in this case worse, *much* worse, than the illness of having
> to do explicit imports. I'd rather have two dozen import lines in site.pp
> (which is what I have now) than having to split my classes and defines into
> almost 200 files in two dozen directories.
I'll try to post an example soon, but you don't have to split it up into "200
files" to take advantage of autoloading. You would need to split it into "two
dozen directories" though.
On the other hand, you can put everything into site.pp. I'm sure you'll agree
that this is a mistake too. I use modules but I don't split a module's
manifest (init.pp) into different files until the file starts to get large.
For instance, you could put all your classes into /modules/module-name/init.pp.
This works well if all but one or two class are really small. This is what I
do by default because if I put "include cups::client" in site.pp, puppet will
auto import:
/modules/cups/init.pp
/modules/cups/client.pp
/modules/cups/client/init.pp (I think this last one is true, but I
don't know)
I like the different folders because it keeps the files and templates with the
manifests, and t makes it easier to tell which files can safely be deleted.
For me, the key to keeping things easy was to remember that I didn't need to
break a module into more than one file, but I could if they got too big.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Installing puppet on clients with kickstart
On Jul 3, 2010, at 5:03 AM, Harihara Vinayakaram wrote: > Hi > I am using PXE boot and kickstart to install Ubuntu 10.04 on the machines . > > I have installed the puppet package as part of the preseed.cfg . Also the > name puppet in the DNS resolves to my puppet master which is running > > But the puppet client daemon does not start . Is there something else that > I need to do to start the client ? Puppet is set not to auto-start. I'm not sure why. I think it's an artifact from when puppet hadn't been split out of puppet-common. I used this: d-i preseed/late_command string sed 's/no/yes/' /target/etc/default/puppet > /root/puppet; cp /root/puppet /target/etc/default/puppet; -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Package requires....
On Jul 1, 2010, at 10:45 PM, Douglas Garstang wrote:
> On Thu, Jul 1, 2010 at 9:11 PM, Patrick Mohr wrote:
>>
>> On Jul 1, 2010, at 9:05 PM, christopher floess wrote:
>>
>> Hey, this is sort of hijacking the thread, so if need be, please, I can
>> start another thread for it, but could someone explain the code from the OP
>> here. I feel like this is sort of the next step in puppet functionality that
>> I need to learn (I'm still new).
>>
>> I'll start by pointing out three things that tripped me up:
>>
>> 1. I've read about the difference between Package (capitalized), and package
>> (lowercase), but in practice I don't understand it.
>>
>> When declaring a resource, use the lowercase one. When referring to an
>> existing resource, use the uppercase one.
>>
>> 2. In the Package { require => Class['yum::client']}, why isn't there a
>> name?
>>
>> This says take care of the whole yum::client class before installing
>> any package. (Technically this is only almost true. There are exceptions.)
>
> Eeeek! What are the exceptions?
First, if you set a require on the resource using "=>" it overrides the global.
Use "+>" to add a require. I also remember hearing something about overriding
resources using inheritance, but I don't remember that.
Second, I assume, but I'm not sure, that declaring two dependencies like the
example below, overrides instead of stacking, but I'm not sure.
site.pp
Package {
require => Exec["global-package-setup"]
}
node 'test-node' {
include install-stuff-class
}
class install-stuff-class {
Package {
require => Exec["extra-package-setup"]
}
package { firefox:
ensure => present
}
}
In this example, I don't know if both execs are guaranteed to run before
firefox is installed.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] [puppet-users] apt and gem package with the same name
On Jun 30, 2010, at 5:02 PM, hernan wrote:
> I'm building a puppet manifest for an Ubuntu machine that needs to
> have both of these on it:
>
> package { "memcached":
>provider => gem,
>ensure => "0.18.0"
> }
>
> package { "memcached":
>provider => apt,
>ensure => installed
> }
>
> This fails with the following error:
>
> err: Could not retrieve catalog: Puppet::Parser::AST::Resource failed
> with error ArgumentError: Duplicate definition: Package[memcached] is
> already defined in file /etc/puppet/manifests/site.pp at line 313;
> cannot redefine at /etc/puppet/manifests/site.pp:221 on node mynode
>
> How do I get around this?
There was a recent message about this. The conclusion was, if you are using
0.25.x or earlier, the only option is to use "exec" for one of them. I don't
remember if the unreleased new version in the repository addresses this.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Package requires....
On Jul 1, 2010, at 9:05 PM, christopher floess wrote:
> Hey, this is sort of hijacking the thread, so if need be, please, I can start
> another thread for it, but could someone explain the code from the OP here. I
> feel like this is sort of the next step in puppet functionality that I need
> to learn (I'm still new).
>
> I'll start by pointing out three things that tripped me up:
>
> 1. I've read about the difference between Package (capitalized), and package
> (lowercase), but in practice I don't understand it.
When declaring a resource, use the lowercase one. When referring to an
existing resource, use the uppercase one.
> 2. In the Package { require => Class['yum::client']}, why isn't there a name?
This says take care of the whole yum::client class before installing any
package. (Technically this is only almost true. There are exceptions.)
> 3. 'yum::client' is a reference to a nested class, right? So what are the use
> cases for nested classes? I'm wondering if maybe I should/could be taking
> advantage of this to clean up my code a bit.
Mostly it's just to reduce the amount of classes you have. The same answer
applies to the question, "Why do people want sub-folders? Why not just put all
folders in the filesystem's root?"
>
> On 07/01/2010 08:56 PM, Douglas Garstang wrote:
>> On Thu, Jul 1, 2010 at 11:22 AM, Dan Carley wrote:
>>
>>> On 1 July 2010 00:32, Douglas Garstang wrote:
>>>
If I have a package { "foo": ensure => installed; require => something
} in a module, AND I also have a Package { require =>
Class['yum::client']} in site.pp, what happens in the module? Does the
package in the module require both 'something' and the yum::client
class, or does the fact I specified a package{} with a require in the
module mean that only the yum::client class is required?
>>> The latter will happen. The default will be replaced by the explicit
>>> statement in package{"foo"}. You might want to look into plusignment (+>) to
>>> do this, but there are some caveats to it's usage. Such as feature #2825.
>>>
>> Yeah. You sort of have to be careful. I had a Package {} resource
>> defined in site.pp, and then in various modules where needed, I had
>> more Package defaults. I've only just realised (I must have gotten
>> lucky) that the one in site.pp was being skipped because of the local
>> modules ones.
>>
>> Doug
>>
>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] selboolean with selinux disabled
On Jul 1, 2010, at 6:31 PM, Markus Falb wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hi, > > err: //cobbler::web/Selboolean[httpd_can_network_connect]: Failed to > retrieve current state of resource: Execution of '/usr/sbin/getsebool > httpd_can_network_connect' returned 1: /usr/sbin/getsebool: SELinux is > disabled > > > Is this behaviour intentional ? I mean, with selinux disabled it does > not make sense to call getsebool or setsebool. For what I want to > achieve (httpd can network connect) a disabled selinux is as good as > setsebool. That isn't quite true because if SELinux is ever re-enabled it might give the admin a nasty surprise if he thought the policies were actually set. I don't have anything else to say because everything else I was going to say is covered better by Frank's email. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] which is more efficient?
I'd say that "this way lies madness". Just do whatever gives you
maintainability. The way that you source a file isn't going to make or break
your server. (Unless you start embedding huge files in your manifest.) If
small changes like this will break your server, your server will die the first
time you run a backup or any other maintenance.
On Jun 30, 2010, at 1:07 PM, Marcus, Allan B wrote:
> With over two thousand client hitting one server, and plans to grow to about
> 5000, efficiency is important.
>
> On Jun 30, 2010, at 12:58 PM, Steven VanDevender wrote:
>
>> Marcus, Allan B writes:
>>> We need to put a script into /usr/local/bin. Which is more efficient,
>>> put the text into a variable and use content =>, or put the file on
>>> the puppetmaster server and use source =>
>>
>> Why do you care about the efficiency of this? It's more important to
>> make things easier to maintain than more efficient in most cases.
>>
>> However, I suspect using file { source => ... } will be both more
>> efficient and easier to maintain.
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-us...@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Variable Scoping: What do you want?
On Jun 30, 2010, at 8:33 AM, R.I.Pienaar wrote:
> hey
>
> - "Patrick Mohr" wrote:
>
>> On Jun 30, 2010, at 3:09 AM, R.I.Pienaar wrote:
>>
>>>
>>> - "Trevor Vaughan" wrote:
>>>
>>>> Also, I'm not entirely convinced that variables can't be
>> overridden.
>>>> I understand that the final compilation is order independent, but
>> I
>>>> believe that the initial run is file order dependent. I.e. if you
>>>> don't declare an 'include' before an 'if' statement checking for
>> the
>>>> included class, then you end up with an 'if' that is not called.
>> Could the
>>>> variable parsing be moved to this layer?
>>>
>>> I'd call this parsing behavior a bug, see my comment about
>> defined(), it's
>>> related to that
>>>
>>> http://projects.reductivelabs.com/issues/3049
>>
>> By the way, ignoring the technical aspect, how do you think defined
>> should work in this case? In this case, what aleart should be printed,
>> or what error should be printed? This is a rather contrived example,
>> but I'm not really sure what puppet should actually do here with your
>> suggestion. (Please excuse my syntax errors).
>>
>>
>>
>> node 'test-node' {
>> include classA
>> include classB
>> }
>>
>>
>> class classA {
>> if !defined Package['apache']
>> {
>> package { 'apache':
>> ensure => installed,
>> }
>>
>> alert("Package apache included by classA")
>> }
>> }
>>
>> class classB {
>> if !defined Package['apache']
>> {
>> package { 'apache':
>> ensure => installed,
>> }
>>
>> alert("Package apache included by classB")
>> }
>> }
>
>
> This would fall under the umbrella of bad manifest design :) I'd expect it to
> print different alerts between runs - today it would be predictable, i think
> but I wouldnt treat that as something to rely on.
I agree it's bad design and I'm not using that code, but I think you need to
know how puppet should treat this case before the problem can be fixed.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Variable Scoping: What do you want?
On Jun 30, 2010, at 3:09 AM, R.I.Pienaar wrote:
>
> - "Trevor Vaughan" wrote:
>
>> Also, I'm not entirely convinced that variables can't be overridden.
>> I understand that the final compilation is order independent, but I
>> believe that the initial run is file order dependent. I.e. if you
>> don't declare an 'include' before an 'if' statement checking for the
>> included class, then you end up with an 'if' that is not called. Could the
>> variable parsing be moved to this layer?
>
> I'd call this parsing behavior a bug, see my comment about defined(), it's
> related to that
>
> http://projects.reductivelabs.com/issues/3049
By the way, ignoring the technical aspect, how do you think defined should work
in this case? In this case, what aleart should be printed, or what error should
be printed? This is a rather contrived example, but I'm not really sure what
puppet should actually do here with your suggestion. (Please excuse my syntax
errors).
node 'test-node' {
include classA
include classB
}
class classA {
if !defined Package['apache']
{
package { 'apache':
ensure => installed,
}
alert("Package apache included by classA")
}
}
class classB {
if !defined Package['apache']
{
package { 'apache':
ensure => installed,
}
alert("Package apache included by classB")
}
}
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] CA issues...
On Jun 29, 2010, at 11:39 AM, salty.cowd...@gmail.com wrote: > OK... > > I started seeing some issues with the certificates between my clients and the > puppetmaster. So I went ahead and removed puppet from the clients and cleaned > up /var/lib/puppet and /etc/puppet. Then I reinstalled puppet, signed the new > cert and things seemed to go OK after that. > > Then the shocker the second run started to fail and i have this message: > > [r...@atlcnag0 ~]# puppetd --test > err: Could not request certificate: Retrieved certificate does not match > private key; please remove certificate from server and regenerate it with the > current key > Exiting; failed to retrieve certificate and waitforcert is disabled > [r...@atlcnag0 ~]# puppetd --test --waitforcert 5 > err: Could not request certificate: Retrieved certificate does not match > private key; please remove certificate from server and regenerate it with the > current key > notice: Run of Puppet configuration client already in progress; skipping > > > Now... the one thing I can think of that might contribute to this could be > the fact of how I set up my systems. This is going to take some explaining: > > the hostname (in this case) for the cilent is atlcnag0. It's DNS entry (for > its main interface) is atlcnag0-eth0 and there is a CNAME pointing back to > its hostname (later there may well be more than one IP address associated > with that name) which I didn't think should cause problems, but maybe it is. > > Any thoughts? I would guess that your problem is the same as http://groups.google.com/group/puppet-users/browse_thread/thread/7591866a273dd4ff -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Deployment Examples
On Jun 29, 2010, at 6:02 AM, Alex Howells wrote: > Good Afternoon, > > Apologies for starting a whole bunch of threads in one afternoon, but > I'm desperately after a bit of information from the community ;( > > I wondered if anyone has written some deployment examples for various > sizes of infrastructure, or if this is something Puppet Labs plans to > address as part of documentation? There are a number of ways of > slicing the apple, including WEBrick for "smaller scale" deployments > through to mod_proxy or mod_passenger for "larger scale" deployments > and some seemingly dated notes in the Wiki about potentially splitting > serving of manifests and files? Sorry if I'm beating a dead horse, but I want to be clear, "Don't use WEBrick if more than 2 or three clients are connecting at the same time." > I appreciate everyone has a home-cooked and favourite way to make > things work, but think we'd all benefit if initial deployment was a > bit easier, better documented, and standardized? > > I've got in mind about three different topologies: > >1) Fifty nodes, managing 400 resources I've got a setup like this running on apache+passenger on a Celeron D with 512 MB of RAM. Clients check-in every 30 min. The server isn't having any trouble with the load. >2) Two hundred nodes, managing 1000 resources >3) One thousand nodes, managing 2000 resources >4) Other suggestions from anyone here? > > Optionally you might mix in the steps necessary to get Dashboard > working as an external node classifier with the setup instructions? > If the hardware and complexity involved in coping with #3 isn't vastly > greater than solving #1 then perhaps that should become the new > 'Recommended' architecture for deploying any non-trivial install? > > If we're just talking about installing Apache, dropping in Puppet via > Rack and mod_passenger, it should be fairly easy to write this from > the context of being distribution neutral? This is true if you want vague steps like "Install Passenger and rack" instead of "Run 'apt-get install librack-ruby libapache2-mod-passenger apache2-mpm-worker apache2-threaded-dev'" In general, it's usually easier to install stuff that's packaged in gems (like passenger) using your distro's package manager if: 1) Your distro's package manager has those packages 2) The packages are up to date. > Please feel free to point me at documentation or blogs if there is > anything particularly suitable out there! Installing Passenger using gems. Make sure to read the README all the way through. http://github.com/reductivelabs/puppet/tree/0.25.x/ext/rack/ -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Ensuring Repo's
Woops, I didn't see your message before I sent mine.
On Jun 28, 2010, at 10:41 PM, Douglas Garstang wrote:
> I got it.
>
> I had to put require => undef in the package {} sections in yum::client.
>
> Doug.
>
> On Mon, Jun 28, 2010 at 10:32 PM, Douglas Garstang
> wrote:
>> So... somehow on a previous implementation, I was able to set
>> everything up so that all my yum repo's where in place before any
>> packages got installed. I'm not exactly sure how I did it due to
>> puppet's awful scoping. Now that I am trying to do it again, it ain't
>> working.
>>
>> I put a:
>>
>>Package {
>>provider => yum,
>>require => [ Class['yum::client'], Exec["yum-clean-all"] ]
>>}
>>
>> in site.pp, where yum::client installs the repo's, but puppet then
>> bitches about cyclic dependancies. Is there a way to do this?
>>
>> Doug
>>
>
>
>
> --
> Regards,
>
> Douglas Garstang
> http://www.linkedin.com/in/garstang
> Email: doug.garst...@gmail.com
> Cell: +1-805-340-5627
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Ensuring Repo's
On Jun 28, 2010, at 10:32 PM, Douglas Garstang wrote:
> So... somehow on a previous implementation, I was able to set
> everything up so that all my yum repo's where in place before any
> packages got installed. I'm not exactly sure how I did it due to
> puppet's awful scoping.
This really isn't a good way to get help in a list where you can assume most
people like puppet.
> Now that I am trying to do it again, it ain't
> working.
>
> I put a:
>
>Package {
>provider => yum,
>require => [ Class['yum::client'], Exec["yum-clean-all"] ]
>}
>
> in site.pp, where yum::client installs the repo's, but puppet then
> bitches about cyclic dependancies. Is there a way to do this?
I assume that Class['yum::client'] is installing a package, or calling an exec
that depends on a package.
Find it like this:
http://bitfieldconsulting.com/puppet-dependency-graphs
The explicitly set the require line for the resource to remove the implicit
dependency.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Seemingly simple question - current status?
On Jun 28, 2010, at 10:31 AM, Luke Kanies wrote: > On Jun 28, 2010, at 6:38 AM, dbs wrote: > >> I have a 3 different puppetmasters running different groups of >> machines (dev, testing, and production). I'd like to very simply say >> "Give me a brief summary of the status of the nodes you manage." >> >> I've been having nightmare dependency problems trying to get things >> like Dashboard running that seem to be able to do this (Ruby, which >> may be an elegant language, is very crunchynew in regards to specific >> versions and stable updates. Frustrating). >> >> What I'd like to see is something like: >> >> $ puppetstatus >> Node etl01.foo.com : Ok (Last contact: 6/28/2010 12:40pm, last update: >> 6/26/2010 11:05am (Module sudoers) >> Node etl02.foo.com : Ok (Last contact: 6/28/2010 11:25am, last update: >> 6/26/2010 11:03am (Module sudoers) >> Node etl03.foo.com : Ok (Last contact: 6/28/2010 12:18pm, last update: >> 6/26/2010 9:05am (Module sudoers) >> Node db02.foo.com: Error (Last contact: 6/28/2010 12:18pm) : Depedency >> not met : MySQL v5.1.20 >> >> Is this possible? I looked at the external nodes methodology, but >> that seems to be a mechanism for just storing node definitions, not >> getting status updates. > > The Puppet Dashboard provides this as long as you hook your reports up to go > to it, plus there are other things like puppetlast and Foreman that can do > similar work. Just a heads up for dbs, puppetlast will tell you when the last run happened. It won't tell you if the run succeeded though. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] "onlyif" for resource type "file"
On Jun 28, 2010, at 9:09 AM, David Schmitt wrote: > On 6/28/2010 5:33 PM, Mohamed Lrhazi wrote: >>> However, I *strongly* urge you to tell us what you problem is >> >> I have a bunch of files that were deployed via kickstart and manual >> provisioning procedures that I am "translating" to Puppet... > > My condolences. > >> This one file, /etc/ldap.conf, is deployed from kickstart, but then >> later, a manual run of a script by an admin, as part of later >> provisioning step, updates ldap.conf with bind password... I need >> /etc/ldap.conf deployed right after initial install, and maintained... >> but don't want the bindpassword overwritten once it has been updated, >> the password is unique to each host What would be the right way to >> maintain such a file? > > Maintain the lists of passwords on the master and provision them using > extlookup and a template. You can still provision a basic ldap.conf on > kickstart, but as soon as puppet kicks in, you'll be in total and perpetual > control of the file. My solution is simpler and easier to implement, but this solution will probably be much easier to deal with in the long run. With David's solution, you won't need to have the admin set the password using the script. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] "onlyif" for resource type "file"
On Jun 28, 2010, at 8:33 AM, Mohamed Lrhazi wrote:
> Thanks a lot Daniel.
>
>> However, I *strongly* urge you to tell us what you problem is
>
> Right, am newbie here, so am sure am doing a lot of things wrong, or
> thinking about them from a wrong way
>
> I have a bunch of files that were deployed via kickstart and manual
> provisioning procedures that I am "translating" to Puppet...
>
> This one file, /etc/ldap.conf, is deployed from kickstart, but then
> later, a manual run of a script by an admin, as part of later
> provisioning step, updates ldap.conf with bind password... I need
> /etc/ldap.conf deployed right after initial install, and maintained...
> but don't want the bindpassword overwritten once it has been updated,
> the password is unique to each host What would be the right way to
> maintain such a file?
You might want to look into Augeas. That would allow you to manage some
settings in the file, but not all the settings. This way you can change any
settings you want even after the password is set.
Here's an example.
augeas { "set_ldap_settings":
#If your ldap.conf is directly in etc, you'll need to change the next
line
context => "/files/etc/ldap/ldap.conf",
changes => [
"set SIZELIMIT 11",
"set BASE dc=exaple,dc=com",
"set URI 'ldap://ldap.exaple.com
ldap://ldap-master.exaple.com:666'"
},
}
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Error 400 : could not find template
Where are your templates?
/etc/puppet/templates
or
/etc/puppet/modules/module-name/templates (I may have a typo in the
path.)
Also, what's the full path to puppet.conf.erb?
On Jun 28, 2010, at 1:04 AM, Pieter Baele wrote:
> Hello,
>
> I did make a stupid fault: not commiting changes to version control :-(
> After the installation of puppet-dashboard, I added a recipe to add
> report = true to puppet config files on clients.
>
> Now all Puppet clients don't update because of an error...
> What can be the various reasons for an '400' error??
> I guess it has something to do with rights.
>
> Jun 28 09:52:36 pm puppetmasterd[22709]: Could not find template
> 'etc/motd.erb' at /etc/puppet/manifests/classes/motd.pp:6 on node
> pm..
> Jun 28 09:52:36 pm puppetd[23432]: Could not retrieve catalog from
> remote server: Error 400 on SERVER: Could not find template
> 'etc/motd.erb' at /etc/puppet/manifests/classes/motd.pp:6 on node
> pm..
>
> Jun 28 09:46:17 tsta puppetd[31413]: Could not retrieve catalog from
> remote server: Error 400 on SERVER: Could not find template
> 'etc/motd.erb' at /etc/puppet/manifests/classes/motd.pp:6 on node
> tsta.
>
>
>
> This is the class to serve the puppet.conf file:
>
> class puppet {
>$puppet_config_dir = "/etc/puppet/"
>$puppet_conf= "$puppet_config_dir/puppet.conf"
>
>user {
>"puppet":
>ensure => present;
>}
>
>file {
>$puppet_config_dir:
>ensure => directory,
>owner => root,
>group => root,
>mode=> 0755;
>
>$puppet_conf:
>owner => root,
>group => root,
>mode=> 0644,
>content => template("etc/puppet/puppet.conf.erb");
>}
>
>service {
>"puppet":
>ensure => running,
>enable => true;
>}
> }
>
>
>
> Met vriendelijke groeten,
> Pieter Baele
> www.pieterb.be
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Borked Client Cert in 0.25
On Jun 27, 2010, at 2:40 PM, Douglas Garstang wrote: > On Sun, Jun 27, 2010 at 1:33 PM, Patrick Mohr wrote: >> >> On Jun 27, 2010, at 12:50 PM, Douglas Garstang wrote: >> >>> On Sun, Jun 27, 2010 at 12:47 PM, Douglas Garstang >>> wrote: >>>> On Sun, Jun 27, 2010 at 12:34 PM, Douglas Garstang >>>> wrote: >>>>> Here we go with puppet 0.25 certificate problems again. >>>>> >>>>> I had a system where puppet was running fine. I reinstalled it. >>>>> Running puppet on the client causes this: >>>>> >>>>> "Could not request certificate: Retrieved certificate does not match >>>>> private key; please remove certificate from server and regenerate it >>>>> with the current key". >>>>> >>>>> Fine... so I run 'puppetca --clean kick01.fr.xxx.com' on the server, >>>>> who responds with: >>>>> >>>>> [r...@inst01 puppet]# puppetca --clean kick01.fr.xxx.com >>>>> kick01.fr.xxx.com >>>>> notice: Removing file Puppet::SSL::Certificate kick01.fr.xxx.com at >>>>> '/var/lib/puppet/ssl/ca/signed/kick01.fr.xxx.com.pem' >>>>> >>>>> I then rerun puppet on the client and I am getting the same error. I >>>>> must have done this hundreds of times with 0.24.8. What am I doing >>>>> wrong now? >>>>> >>>>> Doug. >>>>> >>>> >>>> *sigh* >>>> >>>> On the client, I removed the puppet rpm, blew away /var/lib/puppet, >>>> and reinstalled the puppet rpm again. Started puppet, it requested a >>>> certificate (but it logged nothing on the client about it, even in >>>> debug mode), signed it on the server, and I am still getting this on >>>> the client. >>>> >>>> warning: peer certificate won't be verified in this SSL session >>>> info: Caching certificate for kick01.fr.xxx.com >>>> err: Could not request certificate: Retrieved certificate does not >>>> match private key; please remove certificate from server and >>>> regenerate it with the current key >>>> >>>> *sigh* >>>> >>> >>> Puppet is on crack. Even when the server isn't running, I STILL get this >>> error! >> >> I think I know what the problem is. I ran into this exact error message >> before. Try this: >> >> Step 1, run this on client: >> service puppet stop >> rm -R /var/lib/puppet >> >> Step 2, run this on server: >> puppetca --clean kick01.fr.xxx.com #Make sure to change this back >> >> Step 3, run this on client: >> #Restart the client how ever you like. I recommend this for testing: >> puppetd --test --verbose --debug >> >> >> I'm pretty sure this will work. If it does, I'll by happy to explain why >> you got all those different error messages. > > Thanks Patrick. I got it to work somehow, with some magic combination > of commands, which may be what you suggested. Next time it happens > (and that won't be too far off), I'll try running through your steps. > > Doug. This is an approximation of what probably happened. This is just to give a general idea, and may have some minor errors. When a client wants to get a signed certificate, it normally goes through these steps: 1) Client generates a private key. 2) Client generates a Certificate Sign Request (CSR) from its private key and other information. 3) Client contacts server. 4) If client doesn't have ca.pem, if downloads it from the server at this point 5) Client sends its CSR to the server and asks for its signed certificate. 6) If server has a signed certificate for that client name, it sends the certificate to the client. What probably happened with your client: 1) Client generates a private key. 2) Client generates a Certificate Sign Request (CSR) from its private key and other information. 3) Client contacts server. 4) If client doesn't have ca.pem, if downloads it from the server at this point 5) Client sends its CSR to the server and asks for its signed certificate. 6) If server has a signed certificate for that client name, it sends the certificate to the client. 7) Client is wiped 8) Client generates a private key. 9) Client generates a Certificate Sign Request (CSR) from its private key and other information. 10) Client contacts server. 11) If client doesn't have ca.pem, if downloads it from the server at this point 12) Client sends its CSR to the server and asks for its signed certificate. 13) Server sees that it already has the old signed certificate for that name and sends that certificate and ignores the CSR. 14) Client trys to use its certificate, but the cert matches the old private key instead of the new key so the certificate is unusable. At this point, even if the client can't see the server, it still has a key/cert pair that doesn't match each other so it will still give the same error message. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Borked Client Cert in 0.25
On Jun 27, 2010, at 12:50 PM, Douglas Garstang wrote: > On Sun, Jun 27, 2010 at 12:47 PM, Douglas Garstang > wrote: >> On Sun, Jun 27, 2010 at 12:34 PM, Douglas Garstang >> wrote: >>> Here we go with puppet 0.25 certificate problems again. >>> >>> I had a system where puppet was running fine. I reinstalled it. >>> Running puppet on the client causes this: >>> >>> "Could not request certificate: Retrieved certificate does not match >>> private key; please remove certificate from server and regenerate it >>> with the current key". >>> >>> Fine... so I run 'puppetca --clean kick01.fr.xxx.com' on the server, >>> who responds with: >>> >>> [r...@inst01 puppet]# puppetca --clean kick01.fr.xxx.com >>> kick01.fr.xxx.com >>> notice: Removing file Puppet::SSL::Certificate kick01.fr.xxx.com at >>> '/var/lib/puppet/ssl/ca/signed/kick01.fr.xxx.com.pem' >>> >>> I then rerun puppet on the client and I am getting the same error. I >>> must have done this hundreds of times with 0.24.8. What am I doing >>> wrong now? >>> >>> Doug. >>> >> >> *sigh* >> >> On the client, I removed the puppet rpm, blew away /var/lib/puppet, >> and reinstalled the puppet rpm again. Started puppet, it requested a >> certificate (but it logged nothing on the client about it, even in >> debug mode), signed it on the server, and I am still getting this on >> the client. >> >> warning: peer certificate won't be verified in this SSL session >> info: Caching certificate for kick01.fr.xxx.com >> err: Could not request certificate: Retrieved certificate does not >> match private key; please remove certificate from server and >> regenerate it with the current key >> >> *sigh* >> > > Puppet is on crack. Even when the server isn't running, I STILL get this > error! I think I know what the problem is. I ran into this exact error message before. Try this: Step 1, run this on client: service puppet stop rm -R /var/lib/puppet Step 2, run this on server: puppetca --clean kick01.fr.xxx.com #Make sure to change this back Step 3, run this on client: #Restart the client how ever you like. I recommend this for testing: puppetd --test --verbose --debug I'm pretty sure this will work. If it does, I'll by happy to explain why you got all those different error messages. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Ability to deploy a "skeleton" directory
On Jun 26, 2010, at 12:32 AM, Thomas Bellman wrote:
> Jean-Baptiste Barth wrote:
>
>> I'd like to be able to deploy a skeleton directory through puppet, i.e.
>> puppet deploys it only if it does not exist.
> [...]
>> But I have 2 problems for the moment :
>> - if I don't set owner/group, it takes uid/gid on the puppetmaster, which
>> does not exist on the node ; if I do set these options, the directory is
>> scanned each time and all files are chown'ed to this user/group, which is
>> absolutely not desired behaviour in my case (puppet should not change
>> ownership for files it doesn't manage in my case...)
>> - I'd like puppet to let user change some files in the skeleton as they
>> want, i.e. skip this directory if it just exists
>
> The second problem you can solve by using the 'replace => false'
> parameter to the file type. However, if the user *removes* one
> of the files in the skeleton directory, then Puppet will download
> it again, so maybe it isn't quite enough.
>
> And even with 'replace => false', Puppet will manage ownerships
> and modes of all files.
>
> One solution is to develop a custom fact that gets set to true
> if the target directory already exists, and not set if it doesn't.
> Then you can do
>
>if $dir_opt_foo_data_exists != "true" {
>file {
>"/opt/foo/data": source => ..., recurse => true, ...;
>}
>}
>
> This doesn't scale very well to many directories, though, as you
> need one custom fact for each such directory. Another way is to
> do it with an exec:
>
>exec {
>opt-foo-data:
>command => "wget -r http://.../ && chown -R auser:agroup data",
>cwd => "/opt/foo", path => "/bin:/usr/bin",
>creates => "/opt/foo";
>}
>
> Note the use of the parameter 'creates => "/opt/foo"', which will
> make Puppet only run the command if /opt/foo doesn't already exist.
>
> The disadvantage is that you need to configure and run a web server
> (or ftp server) somewhere as well.
I usually do it this way (using wget and tar), but you could push the directory
somewhere else using puppet and put "cp -a" in the exec.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Ability to deploy a "skeleton" directory
On Jun 25, 2010, at 2:00 AM, Jean-Baptiste Barth wrote: > - I'd like puppet to let user change some files in the skeleton as they want, > i.e. skip this directory if it just exists > > Do you have an idea about how I could do that ? Do you mean you want the users to be able to change all the files? I just pushed the directory using an exec with a "creates". I think I used a combination of wget and tar. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] sysctl
On Jun 25, 2010, at 8:32 AM, Pablo wrote: > Hi > Augeas module will help you in that task > > Just use "/files/etc/sysctl.conf" > > and set "whateverparameter " "value" > Scott, if you have problems with quoting, and want to use Augeas, take a look at http://groups.google.com/group/puppet-users/browse_thread/thread/b4730f74589433e5?pli=1 > > 2010/6/25 nottings : >> Does anyone out there have a module or type for managing sysctl? >> Where can I download it? >> >> I've seen and old one out there that doesn't seem to work with version >> 0.25.x, so I'm hoping to find one that has been kept up to date >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to puppet-us...@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> >> > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] overriding resources
On Jun 24, 2010, at 10:55 PM, Mathijs wrote:
> Hi all,
>
> Is it possible to override the behaviour of all instances of a
> resource from a module?
> I would like to have my "apt" module add a requirement for Exec["apt-
> get update"] to all Package resources.
>
> putting
> Package { require => Exec["apt-get update"] }
> in the module itself won't work, since the scope of that will only be
> in the module itself.
Actually, it's pretty trivial. Just put:
Package { require => Exec["apt-get update"] }
in the root of your manifests. One typical place is the beginning of site.pp.
Technically, I recommend putting all your package init in a class, and
requiring that class in Package like this:
Package { require => Class["apt-presetup"] }
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Refreshing puppetd from within puppetd
On Jun 22, 2010, at 2:43 AM, David Schmitt wrote: > On 6/22/2010 3:03 AM, Patrick Mohr wrote: >> I push out changes to puppet.conf using puppet. (I have gsh as a >> backup for if I really screw things up, but I've never had to use it >> yet.) Is there any safe and/or good way to restart puppet after a >> change is made o it's config? I'm assuming that just defining puppet >> as a service and subscribing to puppet.conf is bad because it will >> stop puppet in the middle of a run which might make other subscribes >> not work. > > Puppetd does reload its configuration automatically when the config file > changes. Any settings that do not get reloaded should be considered bugs and > reported to the bug tracker. > It seemed to me that adding report=true to [puppetd] using augeas didn't cause puppetd to start sending reports each run. I'll check to see that's actually true later today. -Patrick Mohr -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Refreshing puppetd from within puppetd
I push out changes to puppet.conf using puppet. (I have gsh as a backup for if I really screw things up, but I've never had to use it yet.) Is there any safe and/or good way to restart puppet after a change is made o it's config? I'm assuming that just defining puppet as a service and subscribing to puppet.conf is bad because it will stop puppet in the middle of a run which might make other subscribes not work. Anyone have advice? I don't want to put puppet in cron if I can avoid it. -Patrick Mohr -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Augeas and double quotes
On Jun 21, 2010, at 7:05 AM, Guus Houtzager wrote:
> Hi,
>
> I've got a bit of an issue with Augeas in Puppet. I'm trying to
> modify /etc/sysconfig/i18n (RHEL4 system). Original file:
> LANG="en_US.UTF-8"
> SUPPORTED="en_US.UTF-8:en_US:en"
> SYSFONT="latarcyrheb-sun16"
>
> This is the code to change it:
>$filename = $operatingsystem ? {
>redhat => "/etc/sysconfig/i18n",
>sles => "/etc/sysconfig/language"
>}
>
>augeas { "$filename":
>context => $operatingsystem ? {
>redhat => "/files/etc/sysconfig/i18n",
>sles => "/files/etc/sysconfig/language"
>},
>changes => $operatingsystem ? {
>redhat => 'set LANG "en_US"',
>sles => ["set RC_LANG \"en_US\"","set
> ROOT_USES_LANG \"yes\""]
>},
>}
>
> After trying quite a few things with different style quotes (you can
> see another try in the SLES part), I can't get Augeas to do what I
> want. I need:
> LANG="en_US"
> I've been able to do:
> LANG=en_US
> LANG=\"en_US\"
> LANG='en_US'
>
> Client system is running puppet 0.25.5, augeas 0.7.1 and ruby-augeas
> 0.3.0.
>
> Can anybody see what I'm doing wrong? Thanks a lot!!
First, quotes probably aren't needed unless the value has a space in it.
Second, single quotes should work fine.
Anyway, here's an example that will work for something that has a space in it,
and needs to be quoted:
augeas { "auto start tftpd" :
context => "/files/etc/default/tftpd-hpa",
changes => 'set RUN_DAEMON \'"start now"\'',
}
Gives a line that looks like:
RUN_DAEMON="start now"
Here's why it works: http://osdir.com/ml/puppet-users/2009-10/msg00133.html
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] bringing puppet into production
On Jun 21, 2010, at 12:04 AM, christopher floess wrote:
>
>
> On 06/20/2010 08:47 PM, Patrick Mohr wrote:
>> You've got some problems that are caused because the packages didn't do
>> things you need done, and other problems that are unrelated.
>>
>> On the clients, puppetd will automatically look for the server at puppet,
>> and should use the search domain. You really want to change DNS so that the
>> puppetmaster has a DNS name of puppet. If it's working, "ping puppet"
>> should ping the puppet master. At this point the server flag should be
>> needed anymore.
>>
> So the certificate would need to be regenerated at this point. Is it just a
> matter of:
>
> Is it a matter of changing:
>
> 1. certname = servercharlie.bestgroup
>
> to
>
> certname = puppet
>
> 2. restart puppetmasterd (does puppetmasterd know to reconfigure the
> certificates?)
>
> 3. change /etc/hosts/ entry on client node (I guess /etc/puppet/ssl/ has to
> be deleted?)
>
> 4. rerun puppetca on the master.
>
> Sorry, this may seem trivial, but I don't feel like breaking the setup at
> this point.
Because you don't want to re-setup the clients, or because you're worried about
breaking it? Actually, the certificate might already have "puppet" and
"puppet.bestgroup" as aliases.
On the other hand, I was assuming you control DNS for all the clients in one or
two central locations. If you aren't going to use DNS to push the puppet
server's ip, it's probably not worth the bother. It's just nice to do that
because that way you can point the clients are a different location if you need
to. Often in this situation, you can't use puppet to do that, because puppet
is broken.
My fault on the logs. You also need this directory in Ubuntu:
Permissions UserGroup Location
drwxr-x--- puppet puppet /var/log/puppet
I'm guessing that puppet puts the logs there by default, but it might be a
different location since we aren't using the same distro and package.
If the server certificate has the wrong common name, you shouldn't need to
touch the clients. I think you could fix it by following these steps. I have
not tested this. If you attempt it, make sure you have a very good backup. I
only think this *should* work.
service puppetmaster stop
rm /var/lib/puppet/ssl/certs/{Server Name Here}.pem
rm /var/lib/puppet/ssl/private_keys/{Server Name Here}.pem
Change the common name to what ever you need.
service puppetmaster start
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: auth.conf and file_metadata
On Jun 20, 2010, at 5:56 PM, chakkerz wrote:
>> The example auth.conf that came with Ubuntu is 2.3k and very well commented.
>> Would posting that help?
>
> If you've got one handy, yes :)
>
# This is an example auth.conf file, it mimics the puppetmasterd defaults
#
# The ACL are checked in order of appearance in this file.
#
# Supported syntax:
# This file supports two different syntax depending on how
# you want to express the ACL.
#
# Path syntax (the one used below):
# -
# path /path/to/resource
# [environment envlist]
# [method methodlist]
# [auth[enthicated] {yes|no|on|off|any}]
# allow [host|ip|*]
# deny [host|ip]
#
# The path is matched as a prefix. That is /file match at
# the same time /file_metadat and /file_content.
#
# Regex syntax:
# -
# This one is differenciated from the path one by a '~'
#
# path ~ regex
# [environment envlist]
# [method methodlist]
# [auth[enthicated] {yes|no|on|off|any}]
# allow [host|ip|*]
# deny [host|ip]
#
# The regex syntax is the same as ruby ones.
#
# Ex:
# path ~ .pp$
# will match every resource ending in .pp (manifests files for instance)
#
# path ~ ^/path/to/resource
# is essentially equivalent to path /path/to/resource
#
# environment:: restrict an ACL to a specific set of environments
# method:: restrict an ACL to a specific set of methods
# auth:: restrict an ACL to an authenticated or unauthenticated request
# the default when unspecified is to restrict the ACL to authenticated requests
# (ie exactly as if auth yes was present).
#
### Authenticated ACL - those applies only when the client
### has a valid certificate and is thus authenticated
# allow nodes to retrieve their own catalog (ie their configuration)
path ~ ^/catalog/([^/]+)$
method find
allow $1
# allow all nodes to access the certificates services
path /certificate_revocation_list/ca
method find
allow *
# allow all nodes to store their reports
path /report
method save
allow *
# inconditionnally allow access to all files services
# which means in practice that fileserver.conf will
# still be used
path /file
allow *
### Unauthenticated ACL, for clients for which the current master doesn't
### have a valid certificate
# allow access to the master CA
path /certificate/ca
auth no
method find
allow *
path /certificate/
auth no
method find
allow *
path /certificate_request
auth no
method find, save
allow *
# this one is not stricly necessary, but it has the merit
# to show the default policy which is deny everything else
path /
auth any
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] auth.conf and file_metadata
On Jun 20, 2010, at 2:57 PM, chakkerz wrote: > 2) searching for information on this i found references on auth.conf > which (because i deploy an RPM) is generated for me. However it is a > default file, and i'd love to know what to put in it. I can't find any > documentation on the subject. Anyone have a link for me to look at > please? > The default auth.conf that comes with Ubuntu is pretty simple. Every client can see every file in every module. I'm guessing that yours is similar. If you don't want every client to see every file in every module, you might want to change auth.conf. The example auth.conf that came with Ubuntu is 2.3k and very well commented. Would posting that help? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] header for puppet managed files
On Jun 20, 2010, at 12:37 PM, Psyber wrote: > Anyone have any ideas on adding a default header to puppet managed > files and templates? > This might be tricky because of the different methods of adding > comments for different types of files but I'm certainly open to > suggestions that would enforce the existence of a header. I manage: 1) Config files that use "#" or ";" for comments. 2) Html files that use for comments. 3) Pxe config files that use "#" for comments. 4) Binary files that can't have comments. The problem is there's no easy way for puppet to know what format comments are in. There's no common comment format that will work with all files. "#" comments are the most common, but nowhere near universal. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] bringing puppet into production
You've got some problems that are caused because the packages didn't do things you need done, and other problems that are unrelated. On the clients, puppetd will automatically look for the server at puppet, and should use the search domain. You really want to change DNS so that the puppetmaster has a DNS name of puppet. If it's working, "ping puppet" should ping the puppet master. At this point the server flag should be needed anymore. On the master, you need to create a user and group called puppet. This user needs read-only access to everything in/etc/puppet and read-write access to everything in /var/lib/puppet. (These are standard locations for Debian, but they might be in a different place in your version of puppet. Some of the files in these directories should not be world-readable, so it's easier to just make both of them be not world-readable. I'm assuming that you are using puppet version 0.25.4 or above. If you aren't, you should upgrade now. For startup scripts, it's probably easier to get the scripts from the official packages or the examples than it is to write your own. Hints: puppetd is normally be run as root so it can administrate your (puppet) clients. puppetmaster is normally run as puppet because it doesn't need to make changes to the server. Summery: 1) Make sure that running "ping puppet" on the client pings the server. 2) Add a user called puppet 3) Add a group called puppet 4) chown -R root:puppet /etc/puppet 5) chown -R puppet:puppet /var/lib/puppet 6) Set permissions on /etc/puppet to 640 and 750 7) Set permissions on /var/lib/puppet to 660 and 770 PS if you aren't using version control yet, start using it now. Even if you don't use comments, tags, and branches, it will still allow you to: 1) Revert stupid mistakes 2) Do a binary search through your revisions to find out what change caused a bug. On Jun 20, 2010, at 2:38 AM, Christopher wrote: > Hi everyone, > > I’ve been working on getting puppet set up for our systems for the > past week, and all has gone well in learning about writing manifests, > but now that I’m ready to set it into production, I realize that it’s > still unclear to me exactly how that’s supposed to go. > > For instance, during testing it has always been that I manually > started and stopped puppetd and puppetmasterd on their respective > machines with the following commands > > node1 $ puppetd --server servercharlie.bestgroup --waitforcert 60 -- > test > > and on the master > > master $ puppetmasterd --debug --no-daemonize > > But now that it’s time for production, trying to start the puppetd > with my init script, yielded the following error: > > chown: invalid user: ‘puppet:puppet’ > > which made me realize that I haven’t done anything in terms of > configuration on the nodes; I simply always ran the above command. > > So, I have a few specific questions about this, but I’d also > appreciate any insight into things that I might fail to ask, but could > be relevant to this topic. > > 1. The init scripts supplied by the Debian package (which I’m actually > not using, I’m just using the init scripts, logrotate.d and /etc/ > default files, etc) only act on puppetd. So then how is the > puppetmasterd supposed to be started on the master node? I know the > init scripts can be written. I have no fear of that, but I do get the > feeling that I’m missing something. > > 2. I never really saw where in the documentation puppet.conf file is > addressed. I’ve seen that it’s pretty well documented, but again, did > I miss something, especially considering that I have gone through the > online manifest-writing/language documentation for the past week, and > through all of the testing, I never once did something to configure > the client nodes. As mentioned above, I simply ran the puppetd > command. > > Okay, for specific questions that covers it for now, but like I said, > if there is any other general advice in terms these aspects of puppet, > that would be appreciated too. > > As a final note, I should probably point out that I have a Debian > system, but that I haven’t used their package because their libraries > tend to be quite old, and we’ve had a couple of instances where the > web-apps that we develop have actually been derailed because of old > ruby libraries that come as dependencies for these older packages. > > Anyway, thanks in advance. > > Regards, > Chris > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this
Re: [Puppet Users] Augeas problem changing values in postfix/main.cf
On Jun 17, 2010, at 11:04 AM, John Martin wrote:
> I have done some further experimenting and found things even more perplexing.
> The rule is now just adding the new values that I need. The rule is:
>
> augeas { "dkim-postfix-settings":
> require => Package["postfix"],
> context => "/files/etc/postfix/main.cf",
> changes => [
> "set smtpd_milters inet:localhost:20209",
> "set non_smtpd_milters inet:localhost:20209",
> "ins #comment before smtpd_milters",
> "set #comment[.=''] 'Settings for implementation of
> DKIM'",
> ],
> onlyif => "match smtpd_milters size == 0"
> }
This mostly looks fine to me. The solution to the problem is lower down.
Here's some unasked for advice that has almost nothing to do with the problem.
I would break this up into two statements like this:
augeas { "first":
require => ...,
context => ...,
changes => [
"set smtpd_milters inet:localhost:20209",
"set non_smtpd_milters inet:localhost:20209",
]
#No onlyif
}
augeas { "second":
require => Augeas["first"],
context => ...,
changes => [
"ins #comment before smtpd_milters",
"set #comment[.=''] 'Settings for implementation of DKIM'",
]
onlyif => #Test if comment exists
}
This means that if the settings change in value, augeas will set them back.
> When I run 'puppetd -t' on the client, sometimes it adds the lines into the
> main.cf configuration file and on subsequent runs it removes it. It is not
> consistent. I do not understand why it would remove the values.
>
> Also when I run puppetd with the --debug switch I see the following:
>
> debug: Augeas[dkim-postfix-settings](provider=augeas): Opening augeas with
> root /, lens path , flags 0
> debug: Augeas[dkim-postfix-settings](provider=augeas): Augeas version 0.7.1
> is installed
> debug: Augeas[dkim-postfix-settings](provider=augeas): Will attempt to save
> and only run if files changed
> debug: Augeas[dkim-postfix-settings](provider=augeas): sending command 'set'
> with params ["/files/etc/postfix/main.cf/smtpd_milters",
> "inet:localhost:20209"]
> debug: Augeas[dkim-postfix-settings](provider=augeas): sending command 'set'
> with params ["/files/etc/postfix/main.cf/non_smtpd_milters",
> "inet:localhost:20209"]
> debug: Augeas[dkim-postfix-settings](provider=augeas): sending command 'ins'
> with params ["#comment", "before", "/files/etc/postfix/main.cf/smtpd_milters"]
> debug: Augeas[dkim-postfix-settings](provider=augeas): sending command 'set'
> with params ["/files/etc/postfix/main.cf/#comment[.='']", "Settings for
> implementation of DKIM"]
> debug: Augeas[dkim-postfix-settings](provider=augeas): Files changed, should
> execute
> debug: Augeas[dkim-postfix-settings](provider=augeas): Closed the augeas
> connection
> debug: //dkim/Augeas[dkim-postfix-settings]: Changing returns
> debug: //dkim/Augeas[dkim-postfix-settings]: 1 change(s)
> debug: Augeas[dkim-postfix-settings](provider=augeas): Opening augeas with
> root /, lens path , flags 0
> debug: Augeas[dkim-postfix-settings](provider=augeas): Augeas version 0.7.1
> is installed
> debug: Augeas[dkim-postfix-settings](provider=augeas): sending command 'set'
> with params ["/files/etc/postfix/main.cf/smtpd_milters",
> "inet:localhost:20209"]
> debug: Augeas[dkim-postfix-settings](provider=augeas): sending command 'set'
> with params ["/files/etc/postfix/main.cf/non_smtpd_milters",
> "inet:localhost:20209"]
> debug: Augeas[dkim-postfix-settings](provider=augeas): sending command 'ins'
> with params ["#comment", "before", "/files/etc/postfix/main.cf/smtpd_milters"]
> debug: Augeas[dkim-postfix-settings](provider=augeas): sending command 'set'
> with params ["/files/etc/postfix/main.cf/#comment[.='']", "Settings for
> implementation of DKIM"]
> debug: Augeas[dkim-postfix-settings](provider=augeas): Closed the augeas
> connection
> notice: //dkim/Augeas[dkim-postfix-settings]/returns: executed successfully
>
> I'm not sure why it is running the commands twice. Please note when it does
> the two sets of instructions it does add the contents to the main.cf file.
> When it doesn't, it removes the contents. Here is the output when puppet
> removes the contents:
>
> debug: //liferay_system/File[/etc/postfix/main.cf]/content: Executing 'diff
> -u /etc/postfix/main.cf /tmp/puppet-diffing.10996.0'
> --- /etc/postfix/main.cf2010-06-17 14:00:52.0 -0400
> +++ /tmp/puppet-diffing.10996.0 2010-06-17 14:01:15.0 -0400
> @@ -673,6 +673,3 @@
> smtp_sasl_security_options = noplaintext
> smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks,
> reject_unauth_destination
> mailbox_size_limit = 25600
> -# Settings for
Re: [Puppet Users] puppet and CPU
On Jun 10, 2010, at 12:02 AM, Nat wrote: > Hi, > > I am running puppet on my machines (mainly all rhel 5) and notice that puppet > is waking the CPU up between 90 - 100 times a second. > > Is this normal?? it is waking the CPU up more than the kernel itself (when > not under load)!! > > All puppet instances run as a daemon. Just as a test I also get the same > results using red hat 6 beta. > > Does anyone else experience this? > > Any ideas on how to stop it? Puppet is misconfigured under some disros to do bad stuff before it gets its first certificate. Do these machines have a certificate? Also, you are talking about the client right? Some people run the client with cron and tell it do do a single run and then quit. That should solve this problem if you are talking about the client. (If the client has a certificate) -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet and ruby 1.9?
On Jun 7, 2010, at 10:40 AM, DeRailed wrote: > Hi, > > I am just getting started with puppet. Our stack runs on 1.9 and it > seems puppet is not quiet there yet. > I figure I could run puppetmaster on 1.8 but the clients will need > to install and run 1.9. > > Any advise there? or are we doomed for the time being? I know very little about ruby so I could be wrong, but can't just install both versions? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
