Re: [Puppet Users] Could not find a default provider for package
On Sat, Jun 18, 2011 at 6:24 PM, d0ugb d0u...@gmail.com wrote: Need some help here. I am using puppet to mange some Gentoo boxes, and when working with packages I keep getting the following error: Could not find a default provider for package Version: * app-admin/puppet Latest version available: 0.25.0-r1 Latest version installed: 0.25.0-r1 Size of files: 592 kB Homepage: http://reductivelabs.com/projects/puppet Description: A system automation and configuration management software License: GPL-2 1) I really recommend avoiding versions of puppet whos versions end with a .0 if you want a stable version. 2) This error means that puppet can't decide which provider to use for installing. In the case of Ubuntu, this would be Apt. 3) Look at the type reference http://docs.puppetlabs.com/references/0.25.0/type.html#package and find the section talking about provider. One of them should mention the comment you use for launching the package manager. (probably the one mentioning emerge) 4) It says catagory is read-only, so remove that. 5) I think name isn't needed. After your manifest is working, try removing that. 6) You might want to try to figure out why it didn't get the right provider. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Facter + storeconfigs missing fact_values
Well, it would help if you can find out if the problem is with storeconfigs of the rest of puppet. Does the fact seem to be affecting the manifest? On Sun, Jun 19, 2011 at 7:48 PM, josbal joshua.bald...@gmail.com wrote: Hi Guys, Was wondering if someone could point me in a way to diagnose my issue. I have a custom fact that i deployed on all my nodes. If i run the fact manually i get results as expected. When puppet runs only 5 or so nodes are storing this particular fact in the storeconfig mysql database. All other facts are storing fine for every node. As running the fact manually works on every node, i don't know why this fact for most nodes isn't populating in the database. Any ideas on how i could see what is happening within the puppet/ facter processing? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] [SOLVED] line replace triggers file reload
On Wed, Jun 1, 2011 at 11:22 PM, Giovanni Bordello g...@gentlemail.comwrote: Sorted, I've done it using a template: search %= dns_search_path % nameserver ... nameserver ... That way the file is (presumably?) created on the master and looks constant to the client. To answer your implicit question. The file is generated on the master and embedded in the catalog. Then the catalog is send to the client. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] PC EU feedback: virtual resource operator is too magical, hard to read
On Fri, May 20, 2011 at 3:15 PM, Jordan Sissel j...@semicomplete.com wrote: On Fri, May 20, 2011 at 1:20 PM, Randall Hansen rand...@puppetlabs.comwrote: http://projects.puppetlabs.com/issues/7605 The virtual resource operator: @user { luke: ensure = present } Is relatively easy to type but, if you don’t know it, very hard to read. We should consider a word-based syntax, e.g.: virtual user { luke: ensure = present } Please comment on the ticket or reply here, whichever you prefer. Thanks! r +1 to this. Any change here should also updae the export syntax as well. replace @@user { foo: ; } with export user { foo: ; } +1 Any plans on making the realizing/importing queries changed as well? realize/query: User | title == foo | export query: User | title == foo | -Jordan P.S. This is in response to feedback from my Improving the Puppet DSL session at Puppet Camp EU, 2011. This ticket isn't a promise we will take action, but we could very much like comment and discussion from you good people. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: PC EU feedback: ability to remove all unmanaged resources
On Fri, May 20, 2011 at 3:15 PM, jcbollinger john.bollin...@stjude.orgwrote: On May 20, 3:17 pm, Randall Hansen rand...@puppetlabs.com wrote: http://projects.puppetlabs.com/issues/7600 I call this the agent orange option :) This works, purging all unmanaged hosts entries: resources { 'host': purge = true, noop = true, } We should have a similar property for all (most?) types. Please comment on the ticket or reply here, whichever you prefer. I don't understand. I didn't think the resources meta-resource was specific to use with the 'host' resource type. Are there any resource types that it *doesn't* work with? Err, I assume (hope) it doesn't work with Augeas or File. I'd guess Package is too dangerous to be useful, but I could be wrong. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] PC EU feedback: long online docs pages should be broken up
On Sat, May 21, 2011 at 12:01 AM, R.I.Pienaar r...@devco.net wrote: - Original Message - On 2011-05-20 22:18, Randall Hansen wrote: http://projects.puppetlabs.com/issues/7601 Our very long docs pages are difficult to use. E.g., http://docs.puppetlabs.com/references/2.6.8/type.html I'd disagree on one point. It's not the length of the page that bother me, because having all on one page is indeed convenient. But the disappearance of the left margin when using a tight browser window (firefox 3.6) is annoying. A nice bonus would be to have the content list floating alongside the main view, but that's a bit tricky when the content is longer that the window height. +1 the length is not the problem, in fact I too prefer it all on one page. I actually second this. I like having them all on one page. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] apt-pinning puppet package management
If it's pinned like you show, will your computer upgrade to the backports version if you run apt-get update apt-get upgrade or do you need the -t? On Mon, May 16, 2011 at 1:49 PM, CoolCold coolthec...@gmail.com wrote: Hello! I have question about Debian package management with puppet. I'm wondering is there sane way to make puppet respects packages pinning? i.e., if I have several repos for one package, let's say it is nginx which can be found in lenny lenny-backports repos. I've created pinning file like: Package: nginx Pin: release a=lenny-backports Pin-Priority: 600 So, if i have nginx installed from repository lenny , 'apt-get install nginx' will update (if version is newer of course) nginx from lenny-backports . When I run puppet, it just ignores package available in pins, I guess it thinks package already installed. Package is described like: $packagelist = [ nginx ] package { $packagelist: ensure = installed, } Using latest is not the cure, because it will look only on version (as i understand) and not on pins. I've found https://github.com/evolvingweb/puppet-apt/blob/master/manifests/force.pp which looks like something I need, but may be I'm missing something and there is proper way to do this. My puppet versions: root@kappa2:~# dpkg -l|grep puppet ii puppet 2.6.2-4~bpo50+1 Centralized configuration management - agent ii puppet-common 2.6.2-4~bpo50+1 Centralized configuration management root@kappa2:~# puppetd --version 2.6.2 OS - Debian Lenny amd64, puppet from backports. P.S. Please, CC me on reply. -- Best regards, [COOLCOLD-RIPN] -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Plugins don't work the way I think they do?
On Mon, May 16, 2011 at 5:04 PM, Aaron Grewell aaron.grew...@gmail.comwrote: Hi all, I'm trying to configure a set of network interfaces, so I downloaded the puppet-network module from the module forge. I enabled plugin sync per http://docs.puppetlabs.com/guides/plugins_in_modules.htm and added the module to my module path, but I'm getting an 'invalid resource type' error indicating that the custom type included in the module isn't found. Can you help me figure out what I've missed? Puppet: puppet --version 2.6.6 The error: err: Could not retrieve catalog from remote server: Error 400 on SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError: Invalid resource type network_config at /usr/share/puppet/environments/testing/modules/cluster/manifests/testcluster1.pp:35 Basically, Puppet has two parts. The Type, which must be used during catalog compiliation (usually done on the server), and on the client. The provider uses your type to do all the useful stuff on the client. You're probably getting this error because the server can't find the type when it tries to compile the catalog. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet updating from relative directories or chroot
On Mon, Dec 13, 2010 at 2:39 PM, Daniel Pittman dan...@rimspace.net wrote: On Fri, Dec 3, 2010 at 22:41, Geoff geoffnew...@gmail.com wrote: Anyone had any experience getting puppet to update multiple OS's on a single server? Not without a container style virtualization solution wrapped around it. [...] Can puppet be run in a mode that would take into account relative directories. i.e. instead of being / (root) based, it would be /pxe/ hostn/ based? Nope. I didn't respond earlier, as I imagine most people didn't, because we hoped someone would actually come along and have some experience that could help you out here. Even if they don't, though, posting a new message with bump in the content doesn't work like a web forum - it just sends out a new message with that one line in it to everyone subscribed. I had to dig back through the archives to see what you were having trouble with so I could respond. I was able to see the whole question because he either replied to himself or because he copied and pasted. Could your email client be hiding quoted text? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] iteration question
Puppet won't bother other files in a directory it manages unless you turn on purge = true. On Fri, Dec 3, 2010 at 2:15 PM, Don Jackson puppet-us...@clark-communications.com wrote: On Dec 3, 2010, at 12:56 PM, Patrick wrote: Why not sync the files directly to that directory? There are other files in the parent directory that are not managed by puppet. And the names of the files are dynamic enough that it would be painful to explicity manage each file in the puppet manifest. So, what I prefer to do, is tell puppet: Create a directory, and fill it with all contents of a comparable directory on the puppet file server. And then create links from the parent directory into this managed subdirectory. On Dec 3, 2010, at 12:48 PM, Don Jackson wrote: So here is a scenario: I have a directory: ./foo ./foo/file1 ./foo/file2 ./foo/file3 … ./foo/fileN I populate this directory on a configured machine via a recursive file resource. What I would like to do is create a symlink from the parent directory to each filen in the foo subdirectory? Is there some easy way to get puppet to do that? Basically I would like to iterate thru ln -s ./foo/filen ./filen Short of writing a shell script, downloading it, and Exec'ing it? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] (RHEL) RHN banning require package
On Wed, Nov 3, 2010 at 10:37 AM, erikthered j.e.redd...@gmail.com wrote: I'm looking to get around a bit of a problem I've run into with Puppet. On my puppet master, I have this definition: Would that be the best way to handle this issue? Any opinions? I think they best way would be to put a caching proxy between your computers and the mirror or run your own mirror. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppetd 0.25.4 with puppetmaster 0.24.8?
Always upgrade the puppetmaster first. Clients will usually not work with a server that has an older major version. I've found that using the lucid (10.4) deb files in karmic (9.10) works fine if You get all the related ones. When ever you upgrade puppet, also upgrade facter. On Wed, Oct 20, 2010 at 11:32 AM, Ed Greenberg e...@greenberg.org wrote: Our puppetmaster runs 0.24.8 on Ubuntu 9.10. Our clients are either Ubuntu 9.10 or Ubuntu 8.04. We've just brought up our first Ubuntu 10.04 machine. This machine installs puppetd 0.25.4. The Ubuntu 10.04 machine can't seem to present it's certificate request properly. In my masterhttp.log, I see [2010-10-20 13:09:06] 174-143-141-55.static.cloud-ips.com - - [20/Oct/2010:13:09:05 CDT] PUT /production/certificate_request/ edglucid1.newhostingaccount.net HTTP/1.1 404 359 getting a 404. Also [2010-10-20 13:24:52] 174-143-141-55.static.cloud-ips.com - - [20/Oct/2010:13:24:52 CDT] GET /production/certificate/ca HTTP/1.1 404 322 There is no certificate pending to sign. My command line on the client side was /usr/sbin/puppetd --no-daemonize --verbose --onetime --server=xxx --fqdn= edglucid1.newhostingaccount.net Am I hitting a version incompatibility, and is there any hope for this other than installing a newer puppetmaster, from source (since Ubuntu 9.10 doesn't provide 0.25) or upgrading the puppetmaster server to Ubuntu 10.04? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Proposal to remove redundant info in source = parameters
On Sat, Sep 25, 2010 at 10:33 AM, Nigel Kersten ni...@explanatorygap.netwrote: On Sat, Sep 25, 2010 at 10:27 AM, Patrick kc7...@gmail.com wrote: On Sep 25, 2010, at 10:23 AM, Nigel Kersten wrote: On Sat, Sep 25, 2010 at 10:10 AM, Patrick kc7...@gmail.com wrote: On Sep 25, 2010, at 10:02 AM, Nigel Kersten wrote: On Fri, Sep 24, 2010 at 12:34 PM, Nan Liu n...@puppetlabs.com wrote: On Fri, Sep 24, 2010 at 11:20 AM, Nigel Kersten nig...@google.com wrote: eg the proposal is that if you don't specify the protocol, server address, modules prefix, module name, it is assumed you are referring to a file path relative to the 'files' subdirectory of the current module. If you wish to fully specify the source URI, you're free to do so. Since we can determine module_name in 2.6, I agree with this change. But we should update template behavior so it's the same as file. Currently for templates: content = template(foo.erb), Ah I missed addressing this point. I don't think we can do this and still have backwards compatibility. How do you tell whether 'foo/bar.erb' refers to 'foo' the module or a subdirectory 'foo' in the current module? Which should take precedence? How do we throw a deprecation warning? I don't think we can feasibly forbid references to templates outside the current module. That would have a significant effect upon our ability to share modules. With the benefit of hindsight, we should possibly have made the source parameter, file function and template function consistent... Can we get there from here? What about instead defining something uncommon to be module root. Something like, as a random example, ~/. Then the syntax goes from file:///modules/$modulename/file to ~/file. I'm normally really reluctant to add more special characters to the syntax, as I feel like we're way too busy as it stands, but I really do quite like this idea, using normal *nix syntax for your home vs other users... Let me incorporate your suggestion as I think adding syntax allows us to make all three consistent. modules/$module_name/files/foo file { source = ~/foo } File (source) from another module 'bar': file { source = ~bar/foo } modules/$module_name/templates/foo.erb template(~/foo.erb) modules/bar/templates/foo.erb: template(~bar/foo.erb) modules/$module_name/files/foo file(~/foo) modules/bar/files/foo file(~bar/foo) All of this *only* applies if you are within a module. We don't deprecate the puppet:// or file:// syntax Do we deprecate the existing template function syntax? If not, do we add the existing template function syntax to the file function for consistency? We don't support setting the server, or access to static mount points. If you want those, use the puppet:// syntax. This feels good. We're optimizing for the two most common cases, without removing the most flexible syntax. Here's something to think about. Would it be worth the effort to allow file://server.com/~/file http://server.com/%7E/file? I don't think we mention file:// in the docs at all... I'd always been under the impression that we supported puppet:// for server-side URIs and anything else was a local filesystem path. Testing shows we do support file:///tmp/foo just like /tmp/foo. Huh. Back to your question... I don't think so, but others may have a different opinion. That was a typo. I meant Would it be worth the effort to allow puppet://server.cxm/~/file? This allows you to specify the server, but not give the full path. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] A question about synchronization
On Tue, Sep 21, 2010 at 12:49 PM, 2ead3bcd leoche...@hotmail.com wrote: Hi, Suppose I have 3 nodes, and I want puppet to perform a set of steps on them in a different order: Apply step A on each of them, then step B on each of them, then step C on each of them, and so on. I'm wondering if puppet supports this scenario. Thanks. I'm not quite sure what you're saying. A diffierent order than what? Do you mean you want to specify the order instead of using the default (and random) order? Also, the order only matters on each right? There isn't a way to synchronize actions between computers so if step A needs to finish on all computers before step B finishes on any computer, you're out of luck. If you just want to order resources, here's an example. file { /tmp/puppet-first: ensure = present, } file { /tmp/puppet-second: ensure = present, require = File[/tmp/puppet-first], } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] auth.conf in puppet 2.6 with Apache + Passenger
I think you might have missed this bit: *Setup your puppet.conf* *Make sure you have the following set in your puppetmaster’s puppet.conf:* *[puppetmasterd]* *ssl_client_header = SSL_CLIENT_S_DN* *ssl_client_verify_header = SSL_CLIENT_VERIFY* On Tue, Aug 17, 2010 at 5:59 PM, Sven Schott sven.sch...@gmail.com wrote: Hi everyone I'm having a problem with a clean install of puppet (2.6.0) on a Mac server (Mac OS 10.5.8). I set up puppet initially with MySQL and the puppetmaster standalone (Webrick) and that works fine. Clients can connect and there are no problems. But when I configured it to use Apache and Passenger, the client responds that the request is forbidden. err: Could not retrieve catalog from remote server: Error 403 on SERVER: Forbidden request: XXX.XXX.XXX(xx.xx.xx.xx) access to /catalog/XXX.XXX.XXX[find] at line 97 So after going through the mailing lists and google I've found that the auth.conf file is the problem. I have stock standard auth.conf which looks like this: http://pastie.org/1098939 And yes, adding auth no to the first four methods does make it work, but I know that's not the problem (or the solution). Am I missing something? Is it a bug or PEBKAC? Some of the relevant puppet.conf entries vardir = /var/lib/puppet confdir = /etc/puppet puppetdlog = '$logdir/puppetd.log' logdir = '$vardir/log' rest_authconfig = '$confdir/auth.conf' masterlog = '$logdir/puppetmaster.log' The Gem versions I am using: facter (1.5.7) mongrel (1.1.5) passenger (2.2.15) puppet (2.6.0) rack (1.2.1, 1.1.0) ruby-mysql (2.9.3) The backtrace on the server is: http://pastie.org/1098964 Ruby version is : ruby 1.8.7 (2009-06-12 patchlevel 174) Virtualhost entry in apache looks like this: http://pastie.org/1098973 and the config.ru file looks like this: http://pastie.org/1098974 The client and server certs are fine (standalone works fine) and there are no connectivity problems between the client and server. Anyone seen this or have any ideas? Any help would be greatly appreciated. Regards Sven Schott -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Push changes to clients
On Aug 13, 2010, at 7:21 AM, Christopher Johnston wrote: ignoreschedules = true This will cause puppet to ignore schedule resources. It won't do what you want. Cant you just use those two options to allow puppetruns to work and not have the client attempt to do updates? On Fri, Aug 13, 2010 at 6:44 AM, matonb brett.ma...@googlemail.com wrote: Is there a puppet.conf equivalent to --no-client ? All the nodes are RHEL and will use the puppet service (init script). I'd rather not tweak that if possible. Thanks. On Aug 13, 11:38 am, Craig Dunn li...@codenation.net wrote: On Fri, Aug 13, 2010 at 10:05 AM, ScubaDude brett.ma...@googlemail.comwrote: I was wondering how to configure the puppet clients to only listen, not to periodically pull configs down from the puppetmaster. I'd rather push the configs out from the puppetmaster with puppetrun... Running puppetd with --no-client should have this effect. Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Forbidden request: HOSTNAME(IP_ADDRESSE) access to / certificate_revocation_list/ca
On Aug 13, 2010, at 7:22 AM, Christian wrote: When i run in the webbrowser https://SERVER_NAME:8140 I'm getting following message: The environment mus be purely alphanumeric, ''. Is it an problem not to have an environment defined? My working puppetmaster gives the same error. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Parsing key/value pairs in ruby
On Aug 12, 2010, at 10:55 AM, Rein Henrichs wrote: Excerpts from Paul Nasrat's message of Thu Aug 12 06:45:52 -0700 2010: You might use shellwords to handle the quoting. require 'shellwords' l = %q(printer-make-and-model='Brother HL-2060 Foomatic/hpijs-pcl5e (recommended)' printer-state=3 printer-state-change-time=1266621145 printer-state-reasons=none printer-type=8564756) Shellwords.shellwords(l) = [printer-make-and-model=Brother HL-2060 Foomatic/hpijs-pcl5e (recommended), printer-state=3, printer-state-change-time=1266621145, printer-state-reasons=none, printer-type=8564756] Paul Paul, shellwords.rb is one of the many great but little-known Ruby standard library tools. Going a little further, we can turn a string of shell-quoted key/value pairs separated by an '=' into a hash using: require 'shellwords' shellwords = Shellwords.shellwords(your_string) pairs = shellwords.map{ |s| s.split('=', 2) }.flatten Hash[*pairs] This may be a little daunting, so let's break it down: 1) shellwords = Shellwords.shellwords(your_string) turns the string into an array of tokens, assuming it's been assigned to your_string. 2) pairs.map{|s| s.split('=', 2)} takes each string in turn and splits it on the first '=', returning a new array containing arrays of [before-the-equals, after-the-equals] pairs. Splitting on the first '=' avoids any possible bugs where there is an = in the value. 3) .flatten flattens this array of arrays into an array that looks like [ key, value, key, value, ... ]. We'll need this for step 4. 4) Hash[1, 2, 3, 4] turns the arguments into a hash: { 1 = 2, 3 = 4 }. We use this to turn the array above into a Hash. The * is used to turn the array into a series of arguments, because Hash[[1,2,3,4]] doesn't work, but Hash[*[1,2,3,4]] does. (I often think of * in this context as the unary unarray operator.) Thanks both of you for the help. It looks like this will do 40% of the work for me. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppetrun with --class argument not working, ver. 0.25.5
I think I've seen a similar error before. If I remember right, the problem is that puppetrun or is looking in the main/puppetrun sections for information about ldap. You have you ldap stuff in puppetmasterd. Try temporarily putting all the ldap stuff in [main]. On Tue, Aug 10, 2010 at 9:14 PM, alcy mohit.chawla.bin...@gmail.com wrote: I am experiencing the behavior reported in another bug report (http:// projects.puppetlabs.com/issues/1006) in version 0.25.5, that is: puppetrun --host xyz.def.com --class apache --debug --trace gives this: You must be using LDAP to specify host classes My puppet.conf looks like this: [main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter templatedir=$confdir/templates [puppetmasterd] ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY reports=log,foreman node_terminus=ldap ldapserver=192.168.1.214 ldapbase=ou=Hosts,dc=abc,dc=com ldapuser=cn=admin,dc=abc,dc=com ldappassword=secret And a sample node entry like this: dn: cn=xyz.def.com,ou=Hosts,dc=abc,dc=com objectClass: device objectClass: ipHost objectClass: puppetClient objectClass: top cn: xyz.def.com ipHostNumber: 192.168.1.158 puppetClass: dovecot puppetClass: apache puppetClass: imapproxy environment: production The above behavior is see only when mentioning a class explicitly,. Without the —class argument, it works. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Optionally ensuring a service is running
On Aug 11, 2010, at 9:31 AM, Joe McDonagh wrote: On 08/11/2010 12:27 PM, Marc Zampetti wrote: I want puppet to normally manage the running state of a service, so that if the service stops, it is restarted, etc. But during maintenance windows, I want puppet to leave the service in whatever state it is in. My idea is to have a file that can be checked to see if the service is in maintenance mode, and if so, then skip the ensure check. To do this, I see two issues. 1) How do I test for the existence of a file? The docs don't seem to be able to do so. I'm guessing I would need to define a custom fact for that, right? 2) How do make it so that the service ensure property is correct? Right now, it appears that only running or notrunning is valid. Would ignored or undef or something like that work? Is there a better way to achieve what I'm trying to do? Marc Zampetti Marc, you might want to look into the schedule resource, and use that. As for your questions: 1. You would need a custom fact. This will give you a race condition if you aren't careful. Something like this should work: *) Stop puppet *) Stop service *) Create File *) Run puppet Also, on some platforms you can modify the server's config so the platform init scripts won't start the service. That might be easier. 2. There are more options for ensure for services, such as enabled, installed, etc. I'm not sure undef would work. If you set a schedule for it though, it shoudl only apply the resource during that schedule. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Parsing key/value pairs in ruby
I'm making a provider for cups and I need to parse a string into arbitrary key/value pairs. The string looks like this: printer-make-and-model='Brother HL-2060 Foomatic/hpijs-pcl5e (recommended)' printer-state=3 printer-state-change-time=1266621145 printer-state-reasons=none printer-type=8564756 I know almost no ruby. Any advice for what functions or data structures I want to use? It looks like split might be what I want to use for parsing, but the quoted strings will give me trouble. For the first version, I'm only using 3 of the values. Do I just want to pull out those manually instead of parsing the whole string? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] variable confusion
Why not just move everything to a class in a diffierent file? Then put the variables directly in that class? On Mon, Aug 9, 2010 at 9:23 AM, Christopher Johnston chjoh...@gmail.comwrote: Why can't variables be reassigned with a setup like this? node /.*mydomain.com/ { import mydomain.pp } node /*.yourdomain.com/ { import yourdomain.pp } In manifest mydomain.pp and yourdomain.pp I have variables that are specific to that site that I want to import only for that site (ie, dns_nameserver ldap_server). I get errors that variable cannot be reassigned. My reasoning for wanting to separate everything into separate site specific manifests is mostly because my nodes.pp is getting way too cluttered and difficult to manage (over 1k lines of code). It looks like stuff is getting imported regardless of the node type (case statements also show the same behavior). err: Could not retrieve catalog from remote server: Error 400 on SERVER: Cannot reassign variable site_id at /etc/puppet/manifests/nodes/mydomain.pp:5 on node host.yourdomain.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] generating catalog files
On Aug 2, 2010, at 5:50 PM, Jon Wilson wrote: Hiya, Is there a way I can easily generate the catalog for a particular puppet client, without actually running Puppet on that client? I'd like to write some unit tests for my Puppet master, which generate catalogs for a set of clients, and check their content. This will syntax sanity check my manifests, without getting stuck in certificate hell. Here's a command to get you started: puppetmasterd --compile clients.fqdn I'm not sure how, but some magic is being done to get the client's facts. I'm assuming the facts are cached from an earlier run, but this is pure speculation. If you run it with --verbose, it will send that information to stderr. To make the tests much shorter on failure, you probably want to test the erb using erb -x -P -T '-' $1 | ruby -c and test the config using --parseonly. Warning: when the catalog is compiled, everything* that would normally be done with storeconfigs will be done. This means running tests like this can affect your existing configuration. *I'm not actually sure it does everything, but it does most of the storeconfigs stuff. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Bootstrap
Do you want to run it off the server or install it on the client? What OS? On Jul 29, 2010, at 9:02 PM, parag(PK) wrote: Can it be possible to boot up a bare metal client ,by downloding the whole OS from server .when the client is powered on . -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Newbie question - package installation
On Jul 30, 2010, at 2:53 AM, quicksilver03 wrote: Try adding an ensure = present to your File resource and see if it avoids downloading the RPM file over and over again. I'm almost sure the problem is he's putting the rpm in /tmp which is nuked by the OS on reboot. One of my solutions was just to put them in a folder that isn't nuked on reboot. On Jul 29, 10:40 pm, Rustler coltsixshoo...@gmail.com wrote: I am using version 2.6 and it would be nice if you could use a puppet url for the package source, but that does not appear to work (docs say it has to be a local file). My other choices seem to be an nfs mount, or a local repo server. Thanks On Jul 29, 11:23 am, Patrick Mohr kc7...@gmail.com wrote: On Jul 29, 2010, at 9:45 AM, Rustler wrote: This code is working - but due to the file declaration it keeps downloading the rpm even after the package gets installed. 1. How do I stop the rpm from downloading after the package is installed? Best method: *) If at all possible you should just replace this with a real package repository. Should also work: *) Put the rpm files on a webserver and download them as needed. I think rpm can take URLs instead of local paths. or *)Install from a network drive like nfs Not recommended: *) Just put the rpms into a folder you create. It will keep growing forever, but it probably won't ever get very big unless you release a lot of packages. Trust me on this, pushing out big files with puppet is probably a mistake. It will put a large load on the puppetmaster, and if you are using a version of puppet less than 2.6.0, the RAM requirements on the client and serve will be horrendous. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Newbie question - package installation
On Jul 29, 2010, at 9:45 AM, Rustler wrote: This code is working - but due to the file declaration it keeps downloading the rpm even after the package gets installed. 1. How do I stop the rpm from downloading after the package is installed? Best method: *) If at all possible you should just replace this with a real package repository. Should also work: *) Put the rpm files on a webserver and download them as needed. I think rpm can take URLs instead of local paths. or *)Install from a network drive like nfs Not recommended: *) Just put the rpms into a folder you create. It will keep growing forever, but it probably won't ever get very big unless you release a lot of packages. Trust me on this, pushing out big files with puppet is probably a mistake. It will put a large load on the puppetmaster, and if you are using a version of puppet less than 2.6.0, the RAM requirements on the client and serve will be horrendous. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Installing Puppet
On Jul 22, 2010, at 9:16 PM, parag(PK) wrote: Can anyone describe the exact puppet installation procedure I am using a Ubuntu 7.04 system Upgrade to Lucid? Really, that's a very old version. Install ruby, facter, augeas, and puppet from source. It's going to be an adventure, and you're not likely to get an exact and in-depth procedure with an OS that old. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] fileserver issues - getaddr info
Try using a path of puppet://server/sshd/files/that.txt (I removed the word modules). On Jul 22, 2010, at 6:03 AM, denmat wrote: Hi all, Haven't set puppet up for awhile and have an issue with getting files served. I'm running 2.6 gem on fedora12. class sshd { package info file { /tmp/that.txt: source = puppet://server/modules/sshd/files/that.txt, ensure = present, mode = 600, owner = root, group = root, } } fileserver.conf [modules] allow * [sshd] path /etc/puppet/modules/sshd/files allow *.hitwise.com I can stop the ssh service on the client and puppet restarts it, but the file will not be sync'd to the client. /usr/bin/puppetd --no-daemonize --waitforcert 60 --server au-mel- master-1.blah.com --verbose --test --fqdn hitw-gc-xen-1.gdn.blah.com -- debug debug: Puppet::Type::Service::ProviderRedhat: Executing '/sbin/ chkconfig sshd' debug: file_metadata supports formats: b64_zlib_yaml marshal pson raw yaml; using pson err: /Stage[main]/Sshd/File[/tmp/that.txt]: Could not evaluate: getaddrinfo: Name or service not known Could not retrieve file metadata for puppet://server/modules/sshd/files/tmp/that.txt: getaddrinfo: Name or service not known at /etc/puppet/modules/sshd/ manifests/init.pp:29 I'm using /etc/hosts files while I test this scenario, but the puppet master is correctly configured in dns. What have I done wrong? Cheers Denmat -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Failing to connect new client to master
The hostname the client connects to, must match the name on the server's certificate. More info at: http://groups.google.com/group/puppet-users/browse_thread/thread/8bcc83b7f52214db On Jul 22, 2010, at 10:02 AM, WEB PAGE: http://www.dyarstraights.com (08/14/04) WEB PAGE: http://www.livejournal.com/users/allyson13/ (08/14/04) David Dyer-Bennet 11/30/04 Minneapolis, Minnesota Address(es): wrote: I've had a small working puppet setup, reduced by circumstances to 1.5 clients, for a while. It was up to 6 at one point, but things scaled down. So I thought I knew how to make the most basic things work. But I've been beating my head against the wall trying to get a new master and new clients set up. (The new master will eventually replace the old one and take on its client as well.) I've got weird naming issues. The old master is 192.168.1.4, dns name wrkapp00.esteemedemployer.local (local DNS) and also a public IP under wrkapp00.esteemedemployer.com. The new master is 192.168.1.19, no dns name (yet; it's going to take over the old name when we cut over). I'm using /etc/hosts files to make it function as wrkapp00.esteemedemployer.local to itself and the new clients. (Puppet, or perhaps merely the documentation, seems very weak on dealing with systems with no DNS name, and with situations where a system changes its DNS name. In my experience, when I'm at the stage of configuring a system where I need to get puppet working, we haven't settled the DNS name for the system yet. I could probably get something temporary put in, but then I'd have to switch it later, and I'm scared of that given how much trouble I'm having with this.) In playing with this, I've many times wanted to wipe out all existing certs on the master. I've been doing that with this command: rm ` find /var/lib/puppet/ssl -type f ` (after stopping puppetmaster). This seems to work; when I restart puppetmaster it seems to create its own cert (files appear, and puppetca --all --list reports it). I've installed a manifest and set of files slightly enhanced from what worked on the old installation. So, on the new client system (192.168.1.22, prc-mn- lnx01.esteemedemployer.local), I do: [r...@prc-mn-lnx01 ~]# puppetd --server wrkapp00.esteemedemployer.local --waitforcert 60 --test notice: Ignoring --listen on onetime run err: Could not retrieve catalog from remote server: certificate verify failed warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run And as you see it fails spectacularly. No signing request appears on the master, either. Clues please! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Failing to connect new client to master
On Jul 22, 2010, at 12:20 PM, David Dyer-Bennet wrote: On Thu, July 22, 2010 12:27, Patrick Mohr wrote: The hostname the client connects to, must match the name on the server's certificate. I believe I have that right. On the server, [r...@wrkapp00 ddb]# hostname wrkapp00.esteemedemployer.local [r...@wrkapp00 ddb]# puppetca --all --list + wrkapp00.esteemedemployer.local The only certificate is its own, and that's in the name I expect. On the client, [r...@prc-mn-lnx01 ~]# puppetd --server wrkapp00.esteemedemployer.local --waitforcert 60 --test notice: Ignoring --listen on onetime run err: Could not retrieve catalog from remote server: certificate verify failed warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run (Ping from the client shows the name is resolving to the IP I expect it to; that it's actually talking to the server I checked certificate names on.) That's strange. Are you running puppet under Passenger or Mongrel? If you don't know, the answer is probably no. What does this command give you on the server? puppetmasterd --genconfig | grep certname What does this command give you on the client? puppetd --genconfig | grep certname What's in /var/lib/puppet/ssl on the client and server? Does /var/lib/puppet/ssl/certs/ca.pem on the client and server match? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] checking if a user exists
What about just not setting the uid? It sounds like that's what you are trying to do. On Jul 22, 2010, at 12:30 PM, Don Harden wrote: Hi Folks, Ive been trying to figure this out on Puppet 2.5.5 but just upgraded to 2.6 I have this in a module to make sure zabbix is installed, configured and running: class zabbix_agentd { user { zabbix: name = 'zabbix', ensure = present, comment= Zabbix Monitoring System, home = /var/lib/ zabbix, managehome = false, shell = /sbin/ nologin, uid= 109, } . rest of class. This works great on puppet clients that do not have the user zabbix, but on clients that already have zabbix I get error such as err: //zabbix_agentd/User[zabbix]/uid: change from 489 to 109 failed: Could not set uid on user[zabbix]: Execution of '/usr/sbin/usermod -u 109 zabbix' returned 8: usermod: user zabbix is currently logged in So it seems that I need some way of testing for user zabbix on the clients, but I can't figure out how. This seems such a basic and easy thing to do that I surprised that I have not already found the answer. Thanks for any suggestions. Don -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] fileserver issues - getaddr info
I would actually try it again with an even shorter path. Here's something that works for me. fileserver.conf: [private] path /etc/puppet/private/%d/%h allow * The file is at /etc/puppet/private/domain-name/server-name/openvpn/server.conf Manifest reads: file { /etc/openvpn/server.conf: owner = root, group = root, mode = 644, source = puppet:///private/openvpn/server.conf, } Try using this path on your server: puppet://server/sshd/that.txt On Jul 22, 2010, at 5:03 PM, tu2bg...@gmail.com wrote: Thanks for the reply, I did try various different path locations before I posted. I'm guessing that the problem is either in the way that puppet looks up hostnames or a problem elsewhere in the actual config. err: /Stage[main]/Sshd/File[/tmp/that.txt]: Could not evaluate: getaddrinfo: Name or service not known Could not retrieve file metadata for puppet://server/sshd/files/tmp/that.txt: getaddrinfo: Name or service not known at /etc/puppet/modules/sshd/manifests/init.pp:29 on the client I've set: [puppetd] server = au-mel-master-1.blah.com According to http://projects.puppetlabs.com/projects/puppet/wiki/File_Serving_Configuration you need to specify modules for the source as: puppet://server/modules/module-name/file and in that case puppet://server/modules/sshd/tmp/that.txt should work but all variations of that line return: Could not evaluate: getaddrinfo: Name or service not known Could not retrieve file metadata which sounds like it work out the address and all I see on the puppetmaster is debug: File[/tmp/that.txt]: Adding default for ignore so there is some communication going between the hosts. Cheers, Denmat On , Patrick Mohr kc7...@gmail.com wrote: Try using a path of puppet://server/sshd/files/that.txt (I removed the word modules). On Jul 22, 2010, at 6:03 AM, denmat wrote: Hi all, Haven't set puppet up for awhile and have an issue with getting files served. I'm running 2.6 gem on fedora12. class sshd { file { /tmp/that.txt: source = puppet://server/modules/sshd/files/that.txt, ensure = present, mode = 600, owner = root, group = root, } } fileserver.conf [modules] allow * [sshd] path /etc/puppet/modules/sshd/files allow *.hitwise.com I can stop the ssh service on the client and puppet restarts it, but the file will not be sync'd to the client. /usr/bin/puppetd --no-daemonize --waitforcert 60 --server au-mel- master-1.blah.com --verbose --test --fqdn hitw-gc-xen-1.gdn.blah.com -- debug debug: Puppet::Type::Service::ProviderRedhat: Executing '/sbin/ chkconfig sshd' debug: file_metadata supports formats: b64_zlib_yaml marshal pson raw yaml; using pson err: /Stage[main]/Sshd/File[/tmp/that.txt]: Could not evaluate: getaddrinfo: Name or service not known Could not retrieve file metadata for puppet://server/modules/sshd/files/tmp/that.txt: getaddrinfo: Name or service not known at /etc/puppet/modules/sshd/ manifests/init.pp:29 I'm using /etc/hosts files while I test this scenario, but the puppet master is correctly configured in dns. What have I done wrong? Cheers Denmat -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group
Re: [Puppet Users] Re: Installping puppet with kickstart -- Cannot find local fact /proc/cpuinfo
On Jul 21, 2010, at 4:47 AM, Harihara Vinayakaram wrote: I found this reply from one of the users in the same thread . The solution was to 1) Copy the existing /etc/rc.local to /etc/rc.local.orig 2) Replace the /etc/rc.local with a script that run puppetd , moves / etc/rc.local.orig to /etc/rc.local , reboot Just some things to keep in mind: *) If puppet hangs in rc.local, the startup process will hang in some distros. *) If puppet's not daemonized, and puppet returns an error, rc.local will stop executing in some distros. *) Make sure that nothing changes rc.local back until puppet successfully finishes the first run. On Jul 20, 10:28 pm, Patrick Mohr kc7...@gmail.com wrote: On Tue, Jul 20, 2010 at 5:23 AM, Tore tore.lo...@gmail.com wrote: We use Satellite to kickstart our nodes. Have you tried to do this after %post? kickstart-file, I've removed a few lines: install text [] %packages @ Base %pre $kickstart_start $SNIPPET('pre_install_network_config') %post --nochroot mkdir /mnt/sysimage/tmp/ks-tree-copy [...] cp `awk '{ if ($1 ~ /%include/) {print $2}}' /tmp/ks.cfg` /tmp/ks.cfg / mnt/sysimage/root %post ( # Log %post errors # --Begin RHN Satellite command section-- [...] # --End RHN Satellite command section-- [...] ) /root/ks-post.log 21 $SNIPPET('post_install_network_config') $SNIPPET('spacewalk/1/install_and_config_puppet') $SNIPPET('post_install_kernel_options') $SNIPPET('koan_environment') $kickstart_done I have no idea if that will work for you, its strange that /proc/ cpuinfo isn't available since I assume anaconda uses that information during installation. I don't remember much about the redhat install process, but are you chrooting before you run puppet? If so, the probably is probably that /proc is not mounted inside of the chroot environment? On 16 Jul, 13:39, Harihara Vinayakaram hvr...@gmail.com wrote: Hi I have been trying to get puppet working with kickstart. I am trying to install Hadoop on the nodes. Installing puppet from kickstart work and when the machine restarts, certificates are pulled down and hadoop user is created and files are extracted. I want all the user creation etc to be done before the machine reboots so that I can set up init.d scripts to do a start of hadoop . So I run the puppetd --server ... --one-time --no-daemonize as part of the late_command with a chroot /target . But this fails saying cannot find local fact /proc/cpuinfo . I tried to a mount /proc in the script but the machine hangs. Is this a known problem http://groups.google.com/group/puppet-users/browse_thread/thread/b2e3... has a solution but it does not work . The only difference I can see is that it runs the puppetd as -in-target instead of a chroot . Any ideas will be helpful -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Installing a module FIRST
On Jul 21, 2010, at 4:29 PM, Douglas Garstang wrote: Anyone, How can I guarantee that all components of the LDAP client module get installed before ANY components of any other module? Use 2.6.x and use run stages. -OR- Use 0.25.x and make all User and Package resources depend on that class. This is another one of those situations where the ability to have modules fully installed in order they are listed would be hugely beneficial. Making everything install in the order it's listed means you can't explicitly specify dependencies. Explicit dependencies are one of the reasons I really like using puppet over shell scripts. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Installing a module FIRST
On Jul 21, 2010, at 5:16 PM, Douglas Garstang wrote: On Wed, Jul 21, 2010 at 4:44 PM, Patrick Mohr kc7...@gmail.com wrote: On Jul 21, 2010, at 4:29 PM, Douglas Garstang wrote: Anyone, How can I guarantee that all components of the LDAP client module get installed before ANY components of any other module? Use 2.6.x and use run stages. -OR- Use 0.25.x and make all User and Package resources depend on that class. Doing that is a sure fire path to cyclic dependency hell. I'll grant you that. I did it for that package setup, but it was very annoying. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] 2.6, parameterized classes, external nodes
On Jul 21, 2010, at 5:44 PM, Alan Sparks wrote: Many of us have the problem of needing to simulate the instantiation of definitions via external nodes (e.g., the multiple Apache vhosts situation, or multiple service instantiations with unique configurations). Since these are singletons, I'm guessing parameterized classes won't help in solving this problem... Does 2.6 provide any new support toward solving it? Now I'm confused. Isn't a parameterized class the same as a define except for the class being a singleton? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Installping puppet with kickstart -- Cannot find local fact /proc/cpuinfo
On Tue, Jul 20, 2010 at 5:23 AM, Tore tore.lo...@gmail.com wrote: We use Satellite to kickstart our nodes. Have you tried to do this after %post? kickstart-file, I've removed a few lines: install text [] %packages @ Base %pre $kickstart_start $SNIPPET('pre_install_network_config') %post --nochroot mkdir /mnt/sysimage/tmp/ks-tree-copy [...] cp `awk '{ if ($1 ~ /%include/) {print $2}}' /tmp/ks.cfg` /tmp/ks.cfg / mnt/sysimage/root %post ( # Log %post errors # --Begin RHN Satellite command section-- [...] # --End RHN Satellite command section-- [...] ) /root/ks-post.log 21 $SNIPPET('post_install_network_config') $SNIPPET('spacewalk/1/install_and_config_puppet') $SNIPPET('post_install_kernel_options') $SNIPPET('koan_environment') $kickstart_done I have no idea if that will work for you, its strange that /proc/ cpuinfo isn't available since I assume anaconda uses that information during installation. I don't remember much about the redhat install process, but are you chrooting before you run puppet? If so, the probably is probably that /proc is not mounted inside of the chroot environment? On 16 Jul, 13:39, Harihara Vinayakaram hvr...@gmail.com wrote: Hi I have been trying to get puppet working with kickstart. I am trying to install Hadoop on the nodes. Installing puppet from kickstart work and when the machine restarts, certificates are pulled down and hadoop user is created and files are extracted. I want all the user creation etc to be done before the machine reboots so that I can set up init.d scripts to do a start of hadoop . So I run the puppetd --server ... --one-time --no-daemonize as part of the late_command with a chroot /target . But this fails saying cannot find local fact /proc/cpuinfo . I tried to a mount /proc in the script but the machine hangs. Is this a known problem http://groups.google.com/group/puppet-users/browse_thread/thread/b2e3... has a solution but it does not work . The only difference I can see is that it runs the puppetd as -in-target instead of a chroot . Any ideas will be helpful -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Collecting _all_ ssh keys
On Jul 19, 2010, at 7:52 AM, Klaus Ethgen wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Am Sa den 12. Jun 2010 um 10:03 schrieb David Schmitt: You'll need to set a properly unique title, and set the namevar explicitely: @@sshkey { ${fqdn}dsa: name = $fqdn, ... ${fqdn}rsa: name = $fqdn, ... } That idea was pretty good. But then I get the message: err: Could not retrieve catalog: Puppet::Parser::AST::Resource failed with error ArgumentError: Cannot alias Sshkey[xxx.yyy.chrsa] to xxx.yyy.ch; resource Sshkey[xxx.yyy.ch] already exists at /etc/puppet/modules/ssh/manifests/init.pp:44 on node xxx.yyy.ch So, this approach is a dead end too unfortunately. Best regards and many thanks for the idea. In practice I think you will only need the rsa key. Try just using rsa (and if that doesn't work just dsa) and see if you are able to connect without warnings. If I remember right, ssh clients usually only use one key, and modern clients usually only use rsa keys. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Distributing passwd/group/shadow
On Jul 19, 2010, at 6:11 PM, noob-puppeteer wrote: Hi, I am trying to figure out a good puppet way to do this. In our old configuration, we were using cfengine and distributing passwd, group and shadow files by first running a command on the server that would filter these files to have just the team users (since we are using hosting services) into a master file that would get distributed to all the clients and the clients would apply the master file to its local passwd, group and shadow files. In puppet, as far as I can see, there is no way to run a command to prep the files on the master, before a puppet client asks for the catalog or is there? We are doing things in this complicated way, because this allows us to continue use the useradd, usermod commands on the master servers, and the client servers automatically get the configuration. Plus we dont have to store the files in version control. Is there a better way to do this in puppet? Usually I find that putting user accounts in version control is a good idea. Unless you have a reason not to, I would just create the user accounts and group accounts using puppet's user and group resources. Any reason not to? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] What is the best practices way to install puppet
On Jul 18, 2010, at 12:19 PM, kevin wrote: Damn it, is there no acronym for best practices yet? ;) Ok, I am installing puppet, and wondering which version and from where should I install. Gems? OS packages? Version? What OS are you using? You might get better answers if we know. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How can I know if puppetd --no-daemonize --debug --onetime is success
You could also test to see if post-command is run. On Jul 16, 2010, at 12:47 PM, R.I.Pienaar wrote: - Yushu yao.yu...@gmail.com wrote: Hi Experts, I'm running puppetd --no-daemonize --debug --onetime. Is there a way to figure out if the one time run is success? I couldn't do it by looking at the return value, it return 0 when err: skipping run Success meaning All definitions are applied and nothing failed. I can of course grep for err: but I'm just wondering is there an official way of doing this? slightly less hacky though still hacky is to just add --summarize to the command line and parse that output. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: How can I know if puppetd --no-daemonize --debug --onetime is success
Run puppetd --genconfig for commented documentation about puppetd's parameters. Take a look at puppetd --genconfig | grep _command if you don't want 5-15 pages of text to wade through. On Jul 16, 2010, at 2:55 PM, Yushu wrote: Thanks Patrick, But where is the post-command? Couldn't find any document in 0.25. Thanks -Yushu On Jul 16, 2:35 pm, Patrick Mohr kc7...@gmail.com wrote: You could also test to see if post-command is run. On Jul 16, 2010, at 12:47 PM, R.I.Pienaar wrote: - Yushu yao.yu...@gmail.com wrote: Hi Experts, I'm running puppetd --no-daemonize --debug --onetime. Is there a way to figure out if the one time run is success? I couldn't do it by looking at the return value, it return 0 when err: skipping run Success meaning All definitions are applied and nothing failed. I can of course grep for err: but I'm just wondering is there an official way of doing this? slightly less hacky though still hacky is to just add --summarize to the command line and parse that output. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Creating a directory fails
I might know the problem. Do you have device files or sockets in /var/named/chroot? If so puppet might be trying to manage the permissions on stuff in that folder and failing the sanity check when is sees they aren't regular files. On Jul 15, 2010, at 7:21 AM, Christopher Johnston wrote: They exist for sure.. # ls -ld /var/named/ drwxr-x--- 6 root named 4096 2010-07-15 06:20 /var/named/ # ls -ld /var/named/chroot/ drwxr-xr-x 5 named named 4096 2010-07-15 06:20 /var/named/chroot/ On Thu, Jul 15, 2010 at 12:09 AM, Patrick Mohr kc7...@gmail.com wrote: I'd check to see if /var/named exists or if /var/named/chroot is a symlink. On Jul 14, 2010, at 2:24 PM, Christopher Johnston wrote: I don't see anything out of the ordinary here, seems like its not honoring the type as a directory but as a file any ideas? err: //bind::slave/File[/var/named/chroot]: Failed to generate additional resources using 'eval_generate': Cannot manage files of type characterSpecial file { '/var/named/chroot': ensure= directory, owner = named, group = named, mode = 0755, require = Package['bind-chroot']; } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet DDNS and Preseed -- Any easier alternative
On Jul 14, 2010, at 7:27 AM, Joe McDonagh wrote: On 07/14/2010 10:15 AM, Harihara Vinayakaram wrote: Hi I have a set up that runs puppetmasterd, DDNS , DHCP etc on one server . I have managed to PXE boot Ubuntu 10.04 clients and setup puppet clients . The ultimate goal is to run Hadoop on the nodes. I have some observations on the process and I am wondering if there is any easier way to do . I am running this on 50 physical nodes. 1. Puppet clients work only if the DNS (both forward and revese work ). For DDNS to work (at least on Ubuntu clients) secure DDNS in the only way . This needs a dhclient-exit-hook per machine and also a send fqdn.fqdn from each machine's dhclient.conf . To solve this my preseed.cfg contains a late-command which transfers a script to the client machine which does a series of wget and some sed manipulations . Looking from the outside it does looks a bit complicated and I see a maintenance proble Is there a easier way to do this ? Regards Hari Hari, this is sort of OT but I've been lightly piloting Ubuntu 10.04 and I've noticed that for some reason my partman-auto recipe which worked fine in 8.04 is creating disproportionately large swap partitions. Are you using partman-auto? If so, could I see the config block? Thanks. I hope the attachment comes though. Don't forget to: *) Change line 66 *) Change the passwords *) Changed the groups the created user is added to *) Change the last line if you don't want puppet auto-starting. You should also be aware of https://bugs.launchpad.net/bugs/570805 if you use ext4. Contents of the preconfiguration file (for releasename;) ### Localization # Locale sets language and country. d-i debian-installer/locale string en_US # Keyboard selection. # Disable automatic (interactive) keymap detection. d-i console-setup/ask_detect boolean false #d-i console-setup/modelcode string pc105 d-i console-setup/layoutcode string us # To select a variant of the selected layout (if you leave this out, the # basic form of the layout will be used): #d-i console-setup/variantcode string dvorak ### Network configuration # netcfg will choose an interface that has link if possible. This makes it # skip displaying a list if there is more than one interface. d-i netcfg/choose_interface select auto # To pick a particular interface instead: #d-i netcfg/choose_interface select eth1 # If you have a slow dhcp server and the installer times out waiting for # it, this might be useful. #d-i netcfg/dhcp_timeout string 60 # If you prefer to configure the network manually, uncomment this line and # the static network configuration below. #d-i netcfg/disable_dhcp boolean true # If you want the preconfiguration file to work on systems both with and # without a dhcp server, uncomment these lines and the static network # configuration below. #d-i netcfg/dhcp_failed note #d-i netcfg/dhcp_options select Configure network manually # Static network configuration. #d-i netcfg/get_nameservers string 192.168.1.1 #d-i netcfg/get_ipaddress string 192.168.1.42 #d-i netcfg/get_netmask string 255.255.255.0 #d-i netcfg/get_gateway string 192.168.1.1 #d-i netcfg/confirm_static boolean true # Any hostname and domain names assigned from dhcp take precedence over # values set here. However, setting the values still prevents the questions # from being shown, even if values come from dhcp. d-i netcfg/get_hostname string unassigned-hostname d-i netcfg/get_domain string unassigned-domain # Disable that annoying WEP key dialog. d-i netcfg/wireless_wep string # The wacky dhcp hostname that some ISPs use as a password of sorts. #d-i netcfg/dhcp_hostname string radish # If non-free firmware is needed for the network or other hardware, you can # configure the installer to always try to load it, without prompting. Or # change to false to disable asking. #d-i hw-detect/load_firmware boolean true ### Mirror settings # If you select ftp, the mirror/country string does not need to be set. #d-i mirror/protocol string ftp d-i mirror/country string manual d-i mirror/http/hostname string us.archive.ubuntu.com d-i mirror/http/directory string /ubuntu d-i mirror/http/proxy string http://aptcacher:3142/ # Alternatively: by default, the installer uses CC.archive.ubuntu.com where # CC is the ISO-3166-2 code for the selected country. You can preseed this # so that it does so without asking. #d-i mirror/http/mirror select CC.archive.ubuntu.com # Suite to install. #d-i mirror/suite string releasename; # Suite to use for loading installer components (optional). #d-i mirror/udeb/suite string releasename; # Components to use for loading installer components (optional). #d-i mirror/udeb/components multiselect main, restricted ### Clock and time zone setup # Controls whether or not the hardware clock is set to UTC. d-i clock-setup/utc boolean true # You may set this to any valid setting for $TZ; see the contents of # /usr/share/zoneinfo/ for valid
Re: [Puppet Users] Creating a directory fails
I'd check to see if /var/named exists or if /var/named/chroot is a symlink. On Jul 14, 2010, at 2:24 PM, Christopher Johnston wrote: I don't see anything out of the ordinary here, seems like its not honoring the type as a directory but as a file any ideas? err: //bind::slave/File[/var/named/chroot]: Failed to generate additional resources using 'eval_generate': Cannot manage files of type characterSpecial file { '/var/named/chroot': ensure= directory, owner = named, group = named, mode = 0755, require = Package['bind-chroot']; } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppetmasterd screwing the SSL setup
On Jul 13, 2010, at 6:54 AM, Marco Marongiu wrote: Dear puppeteers I am trying to build a tree hierarchy of puppetmasters. The architecture is aimed to distribute the load among a number of datacenters, while keeping the puppetmasters in sync by means of puppet itself. The architecture I am trying to build is: - one main puppetmaster; - many distribution servers, that will be client of the main puppetmaster, and masters to other clients - plain clients Unfortunately puppetmasterd gets in the way (maybe thinking it's so smart?), screwing up the SSL setup. This was discussed yesterday on IRC; Volcano suspects that there something in the certificates is at the root of the problem, and that's why I added a certdnsnames directive, but with no result so far. I am testing this setup on VirtualBox VMs on my desktop (which is actually a luck since I can use snapshot and rewind back and forth to different working states). The main puppetmaster is called mastertest.oslo.osa and has address 192.168.56.108; the distribution server is called distserver.oslo.osa and has address 192.168.56.111. Both are on each other's /etc/hosts file. First, I configure distserver as a plain puppet client of mastertest. A couple of runs of puppetd --test will bring it up to speed, and it will work as expected. Then, on mastertest, I create a node file for distserver, which will define it as a distribution server, and run puppetd again. /etc/puppet/puppet.conf is rewritten so that it contains the following certdnsnames in the puppetmasterd section: certdnsnames=distserver.oslo.osa:distserver while the server directive is the puppetd section is: server=mastertest.oslo.osa Eventually, after the new puppet.conf is already in place, puppetmasterd starts, and screws up the SSL setup: Jul 13 14:00:38 distserver puppetmasterd[2861]: Creating a new SSL key for ca Jul 13 14:00:38 distserver puppetmasterd[2861]: Using cached certificate for ca, good until Sun Jul 05 12:44:33 UTC 2015 Jul 13 14:00:38 distserver puppetmasterd[2861]: Expiring the certificate cache of ca Jul 13 14:00:38 distserver puppetmasterd[2861]: Removing file Puppet::SSL::Certificate ca at '/var/lib/puppet/ssl/certs/ca.pem' Jul 13 14:00:38 distserver puppetmasterd[2861]: Retrieved certificate does not match private key Jul 13 14:00:38 distserver puppetmasterd[2861]: Creating a new SSL certificate request for ca Jul 13 14:00:38 distserver puppetmasterd[2861]: Signed certificate request for ca Jul 13 14:00:38 distserver puppetmasterd[2861]: Rebuilding inventory file Jul 13 14:00:38 distserver puppetmasterd[2861]: Using cached certificate_revocation_list for ca, good until Jul 13 14:00:38 distserver puppetmasterd[2861]: Using cached certificate for ca, good until Sat Jul 11 12:00:38 UTC 2015 Jul 13 14:00:38 distserver puppetmasterd[2861]: Using cached certificate for distserver.oslo.osa, good until Sat Jul 11 09:25:03 UTC 2015 Jul 13 14:00:38 distserver puppetmasterd[2888]: Reopening log files (note the Removing file line...) Now, next time I run puppetd --test, all I get is: Jul 13 14:01:08 distserver puppetd[3212]: Could not retrieve catalog from remote server: undefined method `closed?' for nil:NilClass Jul 13 14:01:08 distserver puppetd[3212]: Not using cache on failed catalog Jul 13 14:01:08 distserver puppetd[3212]: Could not retrieve catalog; skipping run Needless to say, if I stop puppetmasterd and put the old, client files back in place into /var/lib/puppet, this machine starts working again as a client. On mastertest (which has a nginx reverse proxy to four puppetmasterd instances, again for scalability) I see that the request from distserver is wrong. In fact, for distserver I have: 192.168.56.111 - - [13/Jul/2010:15:30:09 +0200] - 400 0 - - while for working clients (e.g.: mastertest itself) I have something like: 192.168.56.109 - - [13/Jul/2010:15:30:28 +0200] GET /production/catalog/mastertest.oslo.osa?facts_format=b64_zlib_yamlfacts=LONG_BASE64_STRING_HERE I honestly can't understand what is going on here... Basically, the puppet packages you are using (and I suspect most others) assume that the client and the server on a given machine are part of the same PKI. It also might be assuming a couple of other things, but my experiments never got that far. Is there a way to make this all work as intended? WARNING: This fix is almost as destructive as rm -Rf /var/lib/puppet I think everything will just work if you set puppetd and puppetmaster to have a different ssldir like this: [main] #remove the ssldir entry from here. [puppetmasterd] ssldir=/var/lib/puppet/ssl_server [puppetd] ssldir=/var/lib/puppet/ssl_client I won't say this is working as intended. The normal way is to make a real PKI that includes all the servers, but this is probably much easier, and will probably do what you want. -- You received this message
Re: [Puppet Users] Basic Windows support in Rowlf (2.6.0 RC*) ?
On Jul 13, 2010, at 3:42 PM, Steven Wagner wrote: I'm a pretty good candidate for a Puppet-fer-Windows guinea pig here as I'd be able to get a lot of mileage out of just being able to use the File, Service and Exec types on that platform (Is game server running? Has configuration been updated? etc.) ... but I haven't found much in puppet-users about what the current state is of Puppet and Facter for Windows. You might want to take a look at http://projects.puppetlabs.com/projects/puppet/wiki/Puppet_Windows It looks like some people have gotten farther than you. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: puppet capistrano and repository
On Jul 12, 2010, at 6:31 PM, nate wrote: On Jul 12, 9:33 am, bmort propertywholesa...@gmail.com wrote: Whew I am struggling on a puppet architecture design learning curve. I believe if i could find a good 'stand alone' example, it would clarify a lot of the questions I have and it would help me set up a test machine. I hoping to find an example of a stand alone that has a process flow similar to: - start puppet with Capistrano - puppet checks the 'repository' and determines changes have been made - applies any changes Please share any instructions or good reads ... I am looking to support a set of servers that support 10+ clients, each client has a dev, test and production server for 5 different web applications. Regards. i'm sort of looking to do similar things. basically, i'm trying to hash out the best way to run puppet without a puppetmaster. i support various businesses with mostly lenient outbound firewalls, though some restrict traffic on high ports and the like. What about running the puppetmaster on a low port? one way around this is to run puppet locally. i have some basic groundwork to keep all the manifests and modules, etc. in a git repo which then gets checked out via http by the clients. i'm looking to use git hooks to run puppet. something simple like this seemed to work, though puppet didn't actually run on the client. no error checking or anything in this yet… just quick and dirty. #!/bin/bash # post-checkout testing # stored in .git/hooks/post-checkout # 100712, initial version, nate # /usr/bin/logger -t PUPPET -i running puppet... /usr/bin/puppet -v /etc/pconfig/manifests/site.pp /usr/bin/logger -t PUPPET -i puppet run complete instead of using capistrano, would a post pull/clone hook do what you want? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ANNOUNCE: Puppet 2.6.0 - Release Candidate 1 available!
2010/7/10 Jesús M. Navarro jesus.nava...@andago.com Hi: On Saturday 10 July 2010 19:11:12 Patrick Mohr wrote: On Jul 10, 2010, at 7:57 AM, Peter Meier wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/10/2010 04:54 PM, Patrick Mohr wrote: On Jul 9, 2010, at 11:58 PM, James Turnbull wrote: Certificates cleaned with puppetca (or puppet cert) are now also revoked. Is there some way to clean a cert (using puppet cert) without revoking it? Something like puppet cert --clean hostname.domain --no-revoke. afaik, not. But could be a feature request. On the other hand, what's the use case? This isn't my usecase so I don't care, but since you ask... Suppose you have machines that: *) Don't get any sensitive information through puppet. *) Are re-imaged often using PXE+preseeding or PXE+kickstart *) All the computers have names in the form of lab-client-*.domainname Someone said that in this case you can put puppetca --clean lab-client-*.domainname as a cron job, and put lab-client-*.domainname in autosign.conf. Again, I don't do this, so don't do it for me. I don't see that to be a use case in need of a no-revoke option. Once you delete the old machine and re-image it with PXE+preseeding or PXE+kickstart it won't get the old certkey so it'll need to be resigned anyway: to all practical purposes it's a new machine, so no benefit on not revoking the old one. But I was saying clean out all client certs and private keys (for clients in this group) off the server once per hour. Meaning you are running clean while the client exists and has a valid cert/key combo. I guess you would always do the same thing with two rm statements in the cron job instead. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] conditional execution of package
It's probably better to make a package instead. On Jul 8, 2010, at 11:49 PM, prudhvi wrote: Hi, I have been installing couchdb from source thorough make/make install using puppet's exec. The problem I am facing is when ever i run the configuration for the second time its not recognizing tat its already installed. couchdb is being installed all over again. is it the problem becoz , im not using puppet's package resource type I thought of a plan in which i can check whether a particular file exists. so if the file doesnt exists, I'll ask puppet to install it right away. So you're doing something like this? exec { tar xvzf ./configure make make install: path = whatever, creates = /usr/bin/program_name, } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppetmaster REST interface
Right now puppet mostly IS the documentation. You could watch the traffic between the puppetmaster and the client, or look at the source code, but I don't recommend it. Also, it would probably be MUCH easier to enable storeconfigs and ask the MySQL server directly. That's very easy to figure out. On Jul 9, 2010, at 12:36 AM, Cedric Jeanneret wrote: Hello, I'm wondering if there's some way to ask informations to the puppetmaster via the REST interface. My aim is to ask, for example what are all the factname values for hostname. If so, is there any page about syntaxe ? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: conditional execution of package
On Jul 9, 2010, at 2:33 AM, prudhvi wrote: Hi Patrick, You're right. Actually I have a custom source which i have to install it through source is there any conditional execution like if-case to check whether the source files are already in place? Not creating a package is probably a big mistake, but take a look at the onlyif parameter and the creates parameter. onlyif takes a command. creates says something like if this file/directory exists, don't run this command. On Jul 9, 12:18 pm, Patrick Mohr kc7...@gmail.com wrote: It's probably better to make a package instead. On Jul 8, 2010, at 11:49 PM, prudhvi wrote: Hi, I have been installing couchdb from source thorough make/make install using puppet's exec. The problem I am facing is when ever i run the configuration for the second time its not recognizing tat its already installed. couchdb is being installed all over again. is it the problem becoz , im not using puppet's package resource type I thought of a plan in which i can check whether a particular file exists. so if the file doesnt exists, I'll ask puppet to install it right away. So you're doing something like this? exec { tar xvzf ./configure make make install: path = whatever, creates = /usr/bin/program_name, } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Using variables in regex
On Jul 6, 2010, at 6:40 AM, Christian Casar wrote: Well, how do I use the content of a variable in regex? $username = user1 file { userdata.tar.bz2: source = puppet://$server/modules/$module/ userdata.tar.bz2, ensure = $users ? { /$username/ = absent, default = present, }, } $users is a custom fact that contains all local users: users = at avahi bin daemon dnsmasq ftp games haldaemon lp mail messagebus nobody ntp polkituser postfix pulse root sshd suse uuidd wwwrun man news uucp puppet user1 When I hardcode user1 into the regex my test works fine and the file is removed. But things like /$variable/ or /\$variable/ or /#{variable}/ just don't work. Is it even possible in version 0.25.4? Try changing #{variable} to ${variable} -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Splitting classes into separate files
On Jul 5, 2010, at 7:11 AM, Thomas Bellman wrote: On 2010-07-03, Jeff McCune wrote: In this module, if you use the following orginization puppet will autoload everything: manifests/init.pp contains class apache { } manifests/disable.pp contains class apache::disable inherits apache {} manifests/virtualhost.pp contains define apache::virtualhost(){} Yuck! Forcing each class or define into its own file sucks royally. No sane person wants their code organized like that. If you want additional namespaces, they go in directories. class apache::service::disable would go in manifests/service/disable.pp I highly recommend against using import today and in the future. The cure is in this case worse, *much* worse, than the illness of having to do explicit imports. I'd rather have two dozen import lines in site.pp (which is what I have now) than having to split my classes and defines into almost 200 files in two dozen directories. I'll try to post an example soon, but you don't have to split it up into 200 files to take advantage of autoloading. You would need to split it into two dozen directories though. On the other hand, you can put everything into site.pp. I'm sure you'll agree that this is a mistake too. I use modules but I don't split a module's manifest (init.pp) into different files until the file starts to get large. For instance, you could put all your classes into /modules/module-name/init.pp. This works well if all but one or two class are really small. This is what I do by default because if I put include cups::client in site.pp, puppet will auto import: /modules/cups/init.pp /modules/cups/client.pp /modules/cups/client/init.pp (I think this last one is true, but I don't know) I like the different folders because it keeps the files and templates with the manifests, and t makes it easier to tell which files can safely be deleted. For me, the key to keeping things easy was to remember that I didn't need to break a module into more than one file, but I could if they got too big. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Splitting classes into separate files
On Jul 5, 2010, at 8:20 AM, Dan Carley wrote: On 5 July 2010 15:11, Thomas Bellman bell...@nsc.liu.se wrote: On 2010-07-03, Jeff McCune wrote: In this module, if you use the following orginization puppet will autoload everything: manifests/init.pp contains class apache { } manifests/disable.pp contains class apache::disable inherits apache {} manifests/virtualhost.pp contains define apache::virtualhost(){} Yuck! Forcing each class or define into its own file sucks royally. No sane person wants their code organized like that. Really? I find it a much more manageable way to work, rather than wading through lines of `init.pp` to find the relevant class or maintaining lists of slightly artificially named `import` statements. It also provides some more reliable behaviour with regards to caching of compilation failures. I usually put some of the really small classes in init.pp. For instance, do you put your packages classes in their own file? class apache::package { package { apache2: ensure = present } } Would you put this in it's own file? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Package requires....
On Jul 1, 2010, at 10:45 PM, Douglas Garstang wrote: On Thu, Jul 1, 2010 at 9:11 PM, Patrick Mohr kc7...@gmail.com wrote: On Jul 1, 2010, at 9:05 PM, christopher floess wrote: Hey, this is sort of hijacking the thread, so if need be, please, I can start another thread for it, but could someone explain the code from the OP here. I feel like this is sort of the next step in puppet functionality that I need to learn (I'm still new). I'll start by pointing out three things that tripped me up: 1. I've read about the difference between Package (capitalized), and package (lowercase), but in practice I don't understand it. When declaring a resource, use the lowercase one. When referring to an existing resource, use the uppercase one. 2. In the Package { require = Class['yum::client']}, why isn't there a name? This says take care of the whole yum::client class before installing any package. (Technically this is only almost true. There are exceptions.) Eeeek! What are the exceptions? First, if you set a require on the resource using = it overrides the global. Use + to add a require. I also remember hearing something about overriding resources using inheritance, but I don't remember that. Second, I assume, but I'm not sure, that declaring two dependencies like the example below, overrides instead of stacking, but I'm not sure. site.pp Package { require = Exec[global-package-setup] } node 'test-node' { include install-stuff-class } class install-stuff-class { Package { require = Exec[extra-package-setup] } package { firefox: ensure = present } } In this example, I don't know if both execs are guaranteed to run before firefox is installed. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] selboolean with selinux disabled
On Jul 1, 2010, at 6:31 PM, Markus Falb wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, err: //cobbler::web/Selboolean[httpd_can_network_connect]: Failed to retrieve current state of resource: Execution of '/usr/sbin/getsebool httpd_can_network_connect' returned 1: /usr/sbin/getsebool: SELinux is disabled Is this behaviour intentional ? I mean, with selinux disabled it does not make sense to call getsebool or setsebool. For what I want to achieve (httpd can network connect) a disabled selinux is as good as setsebool. That isn't quite true because if SELinux is ever re-enabled it might give the admin a nasty surprise if he thought the policies were actually set. I don't have anything else to say because everything else I was going to say is covered better by Frank's email. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Package requires....
On Jul 1, 2010, at 9:05 PM, christopher floess wrote: Hey, this is sort of hijacking the thread, so if need be, please, I can start another thread for it, but could someone explain the code from the OP here. I feel like this is sort of the next step in puppet functionality that I need to learn (I'm still new). I'll start by pointing out three things that tripped me up: 1. I've read about the difference between Package (capitalized), and package (lowercase), but in practice I don't understand it. When declaring a resource, use the lowercase one. When referring to an existing resource, use the uppercase one. 2. In the Package { require = Class['yum::client']}, why isn't there a name? This says take care of the whole yum::client class before installing any package. (Technically this is only almost true. There are exceptions.) 3. 'yum::client' is a reference to a nested class, right? So what are the use cases for nested classes? I'm wondering if maybe I should/could be taking advantage of this to clean up my code a bit. Mostly it's just to reduce the amount of classes you have. The same answer applies to the question, Why do people want sub-folders? Why not just put all folders in the filesystem's root? On 07/01/2010 08:56 PM, Douglas Garstang wrote: On Thu, Jul 1, 2010 at 11:22 AM, Dan Carleydan.car...@gmail.com wrote: On 1 July 2010 00:32, Douglas Garstangdoug.garst...@gmail.com wrote: If I have a package { foo: ensure = installed; require = something } in a module, AND I also have a Package { require = Class['yum::client']} in site.pp, what happens in the module? Does the package in the module require both 'something' and the yum::client class, or does the fact I specified a package{} with a require in the module mean that only the yum::client class is required? The latter will happen. The default will be replaced by the explicit statement in package{foo}. You might want to look into plusignment (+) to do this, but there are some caveats to it's usage. Such as feature #2825. Yeah. You sort of have to be careful. I had a Package {} resource defined in site.pp, and then in various modules where needed, I had more Package defaults. I've only just realised (I must have gotten lucky) that the one in site.pp was being skipped because of the local modules ones. Doug -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Variable Scoping: What do you want?
On Jun 30, 2010, at 3:09 AM, R.I.Pienaar wrote: - Trevor Vaughan tvaug...@onyxpoint.com wrote: Also, I'm not entirely convinced that variables can't be overridden. I understand that the final compilation is order independent, but I believe that the initial run is file order dependent. I.e. if you don't declare an 'include' before an 'if' statement checking for the included class, then you end up with an 'if' that is not called. Could the variable parsing be moved to this layer? I'd call this parsing behavior a bug, see my comment about defined(), it's related to that http://projects.reductivelabs.com/issues/3049 By the way, ignoring the technical aspect, how do you think defined should work in this case? In this case, what aleart should be printed, or what error should be printed? This is a rather contrived example, but I'm not really sure what puppet should actually do here with your suggestion. (Please excuse my syntax errors). node 'test-node' { include classA include classB } class classA { if !defined Package['apache'] { package { 'apache': ensure = installed, } alert(Package apache included by classA) } } class classB { if !defined Package['apache'] { package { 'apache': ensure = installed, } alert(Package apache included by classB) } } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Variable Scoping: What do you want?
On Jun 30, 2010, at 8:33 AM, R.I.Pienaar wrote: hey - Patrick Mohr kc7...@gmail.com wrote: On Jun 30, 2010, at 3:09 AM, R.I.Pienaar wrote: - Trevor Vaughan tvaug...@onyxpoint.com wrote: Also, I'm not entirely convinced that variables can't be overridden. I understand that the final compilation is order independent, but I believe that the initial run is file order dependent. I.e. if you don't declare an 'include' before an 'if' statement checking for the included class, then you end up with an 'if' that is not called. Could the variable parsing be moved to this layer? I'd call this parsing behavior a bug, see my comment about defined(), it's related to that http://projects.reductivelabs.com/issues/3049 By the way, ignoring the technical aspect, how do you think defined should work in this case? In this case, what aleart should be printed, or what error should be printed? This is a rather contrived example, but I'm not really sure what puppet should actually do here with your suggestion. (Please excuse my syntax errors). node 'test-node' { include classA include classB } class classA { if !defined Package['apache'] { package { 'apache': ensure = installed, } alert(Package apache included by classA) } } class classB { if !defined Package['apache'] { package { 'apache': ensure = installed, } alert(Package apache included by classB) } } This would fall under the umbrella of bad manifest design :) I'd expect it to print different alerts between runs - today it would be predictable, i think but I wouldnt treat that as something to rely on. I agree it's bad design and I'm not using that code, but I think you need to know how puppet should treat this case before the problem can be fixed. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] which is more efficient?
I'd say that this way lies madness. Just do whatever gives you maintainability. The way that you source a file isn't going to make or break your server. (Unless you start embedding huge files in your manifest.) If small changes like this will break your server, your server will die the first time you run a backup or any other maintenance. On Jun 30, 2010, at 1:07 PM, Marcus, Allan B wrote: With over two thousand client hitting one server, and plans to grow to about 5000, efficiency is important. On Jun 30, 2010, at 12:58 PM, Steven VanDevender wrote: Marcus, Allan B writes: We need to put a script into /usr/local/bin. Which is more efficient, put the text into a variable and use content =, or put the file on the puppetmaster server and use source = Why do you care about the efficiency of this? It's more important to make things easier to maintain than more efficient in most cases. However, I suspect using file { source = ... } will be both more efficient and easier to maintain. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Ensuring Repo's
On Jun 28, 2010, at 10:32 PM, Douglas Garstang wrote: So... somehow on a previous implementation, I was able to set everything up so that all my yum repo's where in place before any packages got installed. I'm not exactly sure how I did it due to puppet's awful scoping. This really isn't a good way to get help in a list where you can assume most people like puppet. Now that I am trying to do it again, it ain't working. I put a: Package { provider = yum, require = [ Class['yum::client'], Exec[yum-clean-all] ] } in site.pp, where yum::client installs the repo's, but puppet then bitches about cyclic dependancies. Is there a way to do this? I assume that Class['yum::client'] is installing a package, or calling an exec that depends on a package. Find it like this: http://bitfieldconsulting.com/puppet-dependency-graphs The explicitly set the require line for the resource to remove the implicit dependency. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Ensuring Repo's
Woops, I didn't see your message before I sent mine. On Jun 28, 2010, at 10:41 PM, Douglas Garstang wrote: I got it. I had to put require = undef in the package {} sections in yum::client. Doug. On Mon, Jun 28, 2010 at 10:32 PM, Douglas Garstang doug.garst...@gmail.com wrote: So... somehow on a previous implementation, I was able to set everything up so that all my yum repo's where in place before any packages got installed. I'm not exactly sure how I did it due to puppet's awful scoping. Now that I am trying to do it again, it ain't working. I put a: Package { provider = yum, require = [ Class['yum::client'], Exec[yum-clean-all] ] } in site.pp, where yum::client installs the repo's, but puppet then bitches about cyclic dependancies. Is there a way to do this? Doug -- Regards, Douglas Garstang http://www.linkedin.com/in/garstang Email: doug.garst...@gmail.com Cell: +1-805-340-5627 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Error 400 : could not find template
Where are your templates? /etc/puppet/templates or /etc/puppet/modules/module-name/templates (I may have a typo in the path.) Also, what's the full path to puppet.conf.erb? On Jun 28, 2010, at 1:04 AM, Pieter Baele wrote: Hello, I did make a stupid fault: not commiting changes to version control :-( After the installation of puppet-dashboard, I added a recipe to add report = true to puppet config files on clients. Now all Puppet clients don't update because of an error... What can be the various reasons for an '400' error?? I guess it has something to do with rights. Jun 28 09:52:36 pm puppetmasterd[22709]: Could not find template 'etc/motd.erb' at /etc/puppet/manifests/classes/motd.pp:6 on node pm.. Jun 28 09:52:36 pm puppetd[23432]: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find template 'etc/motd.erb' at /etc/puppet/manifests/classes/motd.pp:6 on node pm.. Jun 28 09:46:17 tsta puppetd[31413]: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find template 'etc/motd.erb' at /etc/puppet/manifests/classes/motd.pp:6 on node tsta. This is the class to serve the puppet.conf file: class puppet { $puppet_config_dir = /etc/puppet/ $puppet_conf= $puppet_config_dir/puppet.conf user { puppet: ensure = present; } file { $puppet_config_dir: ensure = directory, owner = root, group = root, mode= 0755; $puppet_conf: owner = root, group = root, mode= 0644, content = template(etc/puppet/puppet.conf.erb); } service { puppet: ensure = running, enable = true; } } Met vriendelijke groeten, Pieter Baele www.pieterb.be -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] onlyif for resource type file
On Jun 28, 2010, at 8:33 AM, Mohamed Lrhazi wrote: Thanks a lot Daniel. However, I *strongly* urge you to tell us what you problem is Right, am newbie here, so am sure am doing a lot of things wrong, or thinking about them from a wrong way I have a bunch of files that were deployed via kickstart and manual provisioning procedures that I am translating to Puppet... This one file, /etc/ldap.conf, is deployed from kickstart, but then later, a manual run of a script by an admin, as part of later provisioning step, updates ldap.conf with bind password... I need /etc/ldap.conf deployed right after initial install, and maintained... but don't want the bindpassword overwritten once it has been updated, the password is unique to each host What would be the right way to maintain such a file? You might want to look into Augeas. That would allow you to manage some settings in the file, but not all the settings. This way you can change any settings you want even after the password is set. Here's an example. augeas { set_ldap_settings: #If your ldap.conf is directly in etc, you'll need to change the next line context = /files/etc/ldap/ldap.conf, changes = [ set SIZELIMIT 11, set BASE dc=exaple,dc=com, set URI 'ldap://ldap.exaple.com ldap://ldap-master.exaple.com:666' }, } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] onlyif for resource type file
On Jun 28, 2010, at 9:09 AM, David Schmitt wrote: On 6/28/2010 5:33 PM, Mohamed Lrhazi wrote: However, I *strongly* urge you to tell us what you problem is I have a bunch of files that were deployed via kickstart and manual provisioning procedures that I am translating to Puppet... My condolences. This one file, /etc/ldap.conf, is deployed from kickstart, but then later, a manual run of a script by an admin, as part of later provisioning step, updates ldap.conf with bind password... I need /etc/ldap.conf deployed right after initial install, and maintained... but don't want the bindpassword overwritten once it has been updated, the password is unique to each host What would be the right way to maintain such a file? Maintain the lists of passwords on the master and provision them using extlookup and a template. You can still provision a basic ldap.conf on kickstart, but as soon as puppet kicks in, you'll be in total and perpetual control of the file. My solution is simpler and easier to implement, but this solution will probably be much easier to deal with in the long run. With David's solution, you won't need to have the admin set the password using the script. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Seemingly simple question - current status?
On Jun 28, 2010, at 10:31 AM, Luke Kanies wrote: On Jun 28, 2010, at 6:38 AM, dbs wrote: I have a 3 different puppetmasters running different groups of machines (dev, testing, and production). I'd like to very simply say Give me a brief summary of the status of the nodes you manage. I've been having nightmare dependency problems trying to get things like Dashboard running that seem to be able to do this (Ruby, which may be an elegant language, is very crunchynew in regards to specific versions and stable updates. Frustrating). What I'd like to see is something like: $ puppetstatus Node etl01.foo.com : Ok (Last contact: 6/28/2010 12:40pm, last update: 6/26/2010 11:05am (Module sudoers) Node etl02.foo.com : Ok (Last contact: 6/28/2010 11:25am, last update: 6/26/2010 11:03am (Module sudoers) Node etl03.foo.com : Ok (Last contact: 6/28/2010 12:18pm, last update: 6/26/2010 9:05am (Module sudoers) Node db02.foo.com: Error (Last contact: 6/28/2010 12:18pm) : Depedency not met : MySQL v5.1.20 Is this possible? I looked at the external nodes methodology, but that seems to be a mechanism for just storing node definitions, not getting status updates. The Puppet Dashboard provides this as long as you hook your reports up to go to it, plus there are other things like puppetlast and Foreman that can do similar work. Just a heads up for dbs, puppetlast will tell you when the last run happened. It won't tell you if the run succeeded though. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Borked Client Cert in 0.25
On Jun 27, 2010, at 12:50 PM, Douglas Garstang wrote: On Sun, Jun 27, 2010 at 12:47 PM, Douglas Garstang doug.garst...@gmail.com wrote: On Sun, Jun 27, 2010 at 12:34 PM, Douglas Garstang doug.garst...@gmail.com wrote: Here we go with puppet 0.25 certificate problems again. I had a system where puppet was running fine. I reinstalled it. Running puppet on the client causes this: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key. Fine... so I run 'puppetca --clean kick01.fr.xxx.com' on the server, who responds with: [r...@inst01 puppet]# puppetca --clean kick01.fr.xxx.com kick01.fr.xxx.com notice: Removing file Puppet::SSL::Certificate kick01.fr.xxx.com at '/var/lib/puppet/ssl/ca/signed/kick01.fr.xxx.com.pem' I then rerun puppet on the client and I am getting the same error. I must have done this hundreds of times with 0.24.8. What am I doing wrong now? Doug. *sigh* On the client, I removed the puppet rpm, blew away /var/lib/puppet, and reinstalled the puppet rpm again. Started puppet, it requested a certificate (but it logged nothing on the client about it, even in debug mode), signed it on the server, and I am still getting this on the client. warning: peer certificate won't be verified in this SSL session info: Caching certificate for kick01.fr.xxx.com err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key *sigh* Puppet is on crack. Even when the server isn't running, I STILL get this error! I think I know what the problem is. I ran into this exact error message before. Try this: Step 1, run this on client: service puppet stop rm -R /var/lib/puppet Step 2, run this on server: puppetca --clean kick01.fr.xxx.com #Make sure to change this back Step 3, run this on client: #Restart the client how ever you like. I recommend this for testing: puppetd --test --verbose --debug I'm pretty sure this will work. If it does, I'll by happy to explain why you got all those different error messages. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Ability to deploy a skeleton directory
On Jun 26, 2010, at 12:32 AM, Thomas Bellman wrote: Jean-Baptiste Barth wrote: I'd like to be able to deploy a skeleton directory through puppet, i.e. puppet deploys it only if it does not exist. [...] But I have 2 problems for the moment : - if I don't set owner/group, it takes uid/gid on the puppetmaster, which does not exist on the node ; if I do set these options, the directory is scanned each time and all files are chown'ed to this user/group, which is absolutely not desired behaviour in my case (puppet should not change ownership for files it doesn't manage in my case...) - I'd like puppet to let user change some files in the skeleton as they want, i.e. skip this directory if it just exists The second problem you can solve by using the 'replace = false' parameter to the file type. However, if the user *removes* one of the files in the skeleton directory, then Puppet will download it again, so maybe it isn't quite enough. And even with 'replace = false', Puppet will manage ownerships and modes of all files. One solution is to develop a custom fact that gets set to true if the target directory already exists, and not set if it doesn't. Then you can do if $dir_opt_foo_data_exists != true { file { /opt/foo/data: source = ..., recurse = true, ...; } } This doesn't scale very well to many directories, though, as you need one custom fact for each such directory. Another way is to do it with an exec: exec { opt-foo-data: command = wget -r http://.../ chown -R auser:agroup data, cwd = /opt/foo, path = /bin:/usr/bin, creates = /opt/foo; } Note the use of the parameter 'creates = /opt/foo', which will make Puppet only run the command if /opt/foo doesn't already exist. The disadvantage is that you need to configure and run a web server (or ftp server) somewhere as well. I usually do it this way (using wget and tar), but you could push the directory somewhere else using puppet and put cp -a in the exec. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Ability to deploy a skeleton directory
On Jun 25, 2010, at 2:00 AM, Jean-Baptiste Barth wrote: - I'd like puppet to let user change some files in the skeleton as they want, i.e. skip this directory if it just exists Do you have an idea about how I could do that ? Do you mean you want the users to be able to change all the files? I just pushed the directory using an exec with a creates. I think I used a combination of wget and tar. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Refreshing puppetd from within puppetd
On Jun 22, 2010, at 2:43 AM, David Schmitt wrote: On 6/22/2010 3:03 AM, Patrick Mohr wrote: I push out changes to puppet.conf using puppet. (I have gsh as a backup for if I really screw things up, but I've never had to use it yet.) Is there any safe and/or good way to restart puppet after a change is made o it's config? I'm assuming that just defining puppet as a service and subscribing to puppet.conf is bad because it will stop puppet in the middle of a run which might make other subscribes not work. Puppetd does reload its configuration automatically when the config file changes. Any settings that do not get reloaded should be considered bugs and reported to the bug tracker. It seemed to me that adding report=true to [puppetd] using augeas didn't cause puppetd to start sending reports each run. I'll check to see that's actually true later today. -Patrick Mohr -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] bringing puppet into production
On Jun 21, 2010, at 12:04 AM, christopher floess wrote: On 06/20/2010 08:47 PM, Patrick Mohr wrote: You've got some problems that are caused because the packages didn't do things you need done, and other problems that are unrelated. On the clients, puppetd will automatically look for the server at puppet, and should use the search domain. You really want to change DNS so that the puppetmaster has a DNS name of puppet. If it's working, ping puppet should ping the puppet master. At this point the server flag should be needed anymore. So the certificate would need to be regenerated at this point. Is it just a matter of: Is it a matter of changing: 1. certname = servercharlie.bestgroup to certname = puppet 2. restart puppetmasterd (does puppetmasterd know to reconfigure the certificates?) 3. change /etc/hosts/ entry on client node (I guess /etc/puppet/ssl/ has to be deleted?) 4. rerun puppetca on the master. Sorry, this may seem trivial, but I don't feel like breaking the setup at this point. Because you don't want to re-setup the clients, or because you're worried about breaking it? Actually, the certificate might already have puppet and puppet.bestgroup as aliases. On the other hand, I was assuming you control DNS for all the clients in one or two central locations. If you aren't going to use DNS to push the puppet server's ip, it's probably not worth the bother. It's just nice to do that because that way you can point the clients are a different location if you need to. Often in this situation, you can't use puppet to do that, because puppet is broken. My fault on the logs. You also need this directory in Ubuntu: Permissions UserGroup Location drwxr-x--- puppet puppet /var/log/puppet I'm guessing that puppet puts the logs there by default, but it might be a different location since we aren't using the same distro and package. If the server certificate has the wrong common name, you shouldn't need to touch the clients. I think you could fix it by following these steps. I have not tested this. If you attempt it, make sure you have a very good backup. I only think this *should* work. service puppetmaster stop rm /var/lib/puppet/ssl/certs/{Server Name Here}.pem rm /var/lib/puppet/ssl/private_keys/{Server Name Here}.pem Change the common name to what ever you need. service puppetmaster start -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Augeas and double quotes
On Jun 21, 2010, at 7:05 AM, Guus Houtzager wrote: Hi, I've got a bit of an issue with Augeas in Puppet. I'm trying to modify /etc/sysconfig/i18n (RHEL4 system). Original file: LANG=en_US.UTF-8 SUPPORTED=en_US.UTF-8:en_US:en SYSFONT=latarcyrheb-sun16 This is the code to change it: $filename = $operatingsystem ? { redhat = /etc/sysconfig/i18n, sles = /etc/sysconfig/language } augeas { $filename: context = $operatingsystem ? { redhat = /files/etc/sysconfig/i18n, sles = /files/etc/sysconfig/language }, changes = $operatingsystem ? { redhat = 'set LANG en_US', sles = [set RC_LANG \en_US\,set ROOT_USES_LANG \yes\] }, } After trying quite a few things with different style quotes (you can see another try in the SLES part), I can't get Augeas to do what I want. I need: LANG=en_US I've been able to do: LANG=en_US LANG=\en_US\ LANG='en_US' Client system is running puppet 0.25.5, augeas 0.7.1 and ruby-augeas 0.3.0. Can anybody see what I'm doing wrong? Thanks a lot!! First, quotes probably aren't needed unless the value has a space in it. Second, single quotes should work fine. Anyway, here's an example that will work for something that has a space in it, and needs to be quoted: augeas { auto start tftpd : context = /files/etc/default/tftpd-hpa, changes = 'set RUN_DAEMON \'start now\'', } Gives a line that looks like: RUN_DAEMON=start now Here's why it works: http://osdir.com/ml/puppet-users/2009-10/msg00133.html -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Refreshing puppetd from within puppetd
I push out changes to puppet.conf using puppet. (I have gsh as a backup for if I really screw things up, but I've never had to use it yet.) Is there any safe and/or good way to restart puppet after a change is made o it's config? I'm assuming that just defining puppet as a service and subscribing to puppet.conf is bad because it will stop puppet in the middle of a run which might make other subscribes not work. Anyone have advice? I don't want to put puppet in cron if I can avoid it. -Patrick Mohr -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] bringing puppet into production
You've got some problems that are caused because the packages didn't do things you need done, and other problems that are unrelated. On the clients, puppetd will automatically look for the server at puppet, and should use the search domain. You really want to change DNS so that the puppetmaster has a DNS name of puppet. If it's working, ping puppet should ping the puppet master. At this point the server flag should be needed anymore. On the master, you need to create a user and group called puppet. This user needs read-only access to everything in/etc/puppet and read-write access to everything in /var/lib/puppet. (These are standard locations for Debian, but they might be in a different place in your version of puppet. Some of the files in these directories should not be world-readable, so it's easier to just make both of them be not world-readable. I'm assuming that you are using puppet version 0.25.4 or above. If you aren't, you should upgrade now. For startup scripts, it's probably easier to get the scripts from the official packages or the examples than it is to write your own. Hints: puppetd is normally be run as root so it can administrate your (puppet) clients. puppetmaster is normally run as puppet because it doesn't need to make changes to the server. Summery: 1) Make sure that running ping puppet on the client pings the server. 2) Add a user called puppet 3) Add a group called puppet 4) chown -R root:puppet /etc/puppet 5) chown -R puppet:puppet /var/lib/puppet 6) Set permissions on /etc/puppet to 640 and 750 7) Set permissions on /var/lib/puppet to 660 and 770 PS if you aren't using version control yet, start using it now. Even if you don't use comments, tags, and branches, it will still allow you to: 1) Revert stupid mistakes 2) Do a binary search through your revisions to find out what change caused a bug. On Jun 20, 2010, at 2:38 AM, Christopher wrote: Hi everyone, I’ve been working on getting puppet set up for our systems for the past week, and all has gone well in learning about writing manifests, but now that I’m ready to set it into production, I realize that it’s still unclear to me exactly how that’s supposed to go. For instance, during testing it has always been that I manually started and stopped puppetd and puppetmasterd on their respective machines with the following commands node1 $ puppetd --server servercharlie.bestgroup --waitforcert 60 -- test and on the master master $ puppetmasterd --debug --no-daemonize But now that it’s time for production, trying to start the puppetd with my init script, yielded the following error: chown: invalid user: ‘puppet:puppet’ which made me realize that I haven’t done anything in terms of configuration on the nodes; I simply always ran the above command. So, I have a few specific questions about this, but I’d also appreciate any insight into things that I might fail to ask, but could be relevant to this topic. 1. The init scripts supplied by the Debian package (which I’m actually not using, I’m just using the init scripts, logrotate.d and /etc/ default files, etc) only act on puppetd. So then how is the puppetmasterd supposed to be started on the master node? I know the init scripts can be written. I have no fear of that, but I do get the feeling that I’m missing something. 2. I never really saw where in the documentation puppet.conf file is addressed. I’ve seen that it’s pretty well documented, but again, did I miss something, especially considering that I have gone through the online manifest-writing/language documentation for the past week, and through all of the testing, I never once did something to configure the client nodes. As mentioned above, I simply ran the puppetd command. Okay, for specific questions that covers it for now, but like I said, if there is any other general advice in terms these aspects of puppet, that would be appreciated too. As a final note, I should probably point out that I have a Debian system, but that I haven’t used their package because their libraries tend to be quite old, and we’ve had a couple of instances where the web-apps that we develop have actually been derailed because of old ruby libraries that come as dependencies for these older packages. Anyway, thanks in advance. Regards, Chris -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more
Re: [Puppet Users] header for puppet managed files
On Jun 20, 2010, at 12:37 PM, Psyber wrote: Anyone have any ideas on adding a default header to puppet managed files and templates? This might be tricky because of the different methods of adding comments for different types of files but I'm certainly open to suggestions that would enforce the existence of a header. I manage: 1) Config files that use # or ; for comments. 2) Html files that use !-- -- for comments. 3) Pxe config files that use # for comments. 4) Binary files that can't have comments. The problem is there's no easy way for puppet to know what format comments are in. There's no common comment format that will work with all files. # comments are the most common, but nowhere near universal. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] auth.conf and file_metadata
On Jun 20, 2010, at 2:57 PM, chakkerz wrote: 2) searching for information on this i found references on auth.conf which (because i deploy an RPM) is generated for me. However it is a default file, and i'd love to know what to put in it. I can't find any documentation on the subject. Anyone have a link for me to look at please? The default auth.conf that comes with Ubuntu is pretty simple. Every client can see every file in every module. I'm guessing that yours is similar. If you don't want every client to see every file in every module, you might want to change auth.conf. The example auth.conf that came with Ubuntu is 2.3k and very well commented. Would posting that help? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: auth.conf and file_metadata
On Jun 20, 2010, at 5:56 PM, chakkerz wrote: The example auth.conf that came with Ubuntu is 2.3k and very well commented. Would posting that help? If you've got one handy, yes :) # This is an example auth.conf file, it mimics the puppetmasterd defaults # # The ACL are checked in order of appearance in this file. # # Supported syntax: # This file supports two different syntax depending on how # you want to express the ACL. # # Path syntax (the one used below): # - # path /path/to/resource # [environment envlist] # [method methodlist] # [auth[enthicated] {yes|no|on|off|any}] # allow [host|ip|*] # deny [host|ip] # # The path is matched as a prefix. That is /file match at # the same time /file_metadat and /file_content. # # Regex syntax: # - # This one is differenciated from the path one by a '~' # # path ~ regex # [environment envlist] # [method methodlist] # [auth[enthicated] {yes|no|on|off|any}] # allow [host|ip|*] # deny [host|ip] # # The regex syntax is the same as ruby ones. # # Ex: # path ~ .pp$ # will match every resource ending in .pp (manifests files for instance) # # path ~ ^/path/to/resource # is essentially equivalent to path /path/to/resource # # environment:: restrict an ACL to a specific set of environments # method:: restrict an ACL to a specific set of methods # auth:: restrict an ACL to an authenticated or unauthenticated request # the default when unspecified is to restrict the ACL to authenticated requests # (ie exactly as if auth yes was present). # ### Authenticated ACL - those applies only when the client ### has a valid certificate and is thus authenticated # allow nodes to retrieve their own catalog (ie their configuration) path ~ ^/catalog/([^/]+)$ method find allow $1 # allow all nodes to access the certificates services path /certificate_revocation_list/ca method find allow * # allow all nodes to store their reports path /report method save allow * # inconditionnally allow access to all files services # which means in practice that fileserver.conf will # still be used path /file allow * ### Unauthenticated ACL, for clients for which the current master doesn't ### have a valid certificate # allow access to the master CA path /certificate/ca auth no method find allow * path /certificate/ auth no method find allow * path /certificate_request auth no method find, save allow * # this one is not stricly necessary, but it has the merit # to show the default policy which is deny everything else path / auth any -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Augeas problem changing values in postfix/main.cf
On Jun 17, 2010, at 11:04 AM, John Martin wrote: I have done some further experimenting and found things even more perplexing. The rule is now just adding the new values that I need. The rule is: augeas { dkim-postfix-settings: require = Package[postfix], context = /files/etc/postfix/main.cf, changes = [ set smtpd_milters inet:localhost:20209, set non_smtpd_milters inet:localhost:20209, ins #comment before smtpd_milters, set #comment[.=''] 'Settings for implementation of DKIM', ], onlyif = match smtpd_milters size == 0 } This mostly looks fine to me. The solution to the problem is lower down. Here's some unasked for advice that has almost nothing to do with the problem. I would break this up into two statements like this: augeas { first: require = ..., context = ..., changes = [ set smtpd_milters inet:localhost:20209, set non_smtpd_milters inet:localhost:20209, ] #No onlyif } augeas { second: require = Augeas[first], context = ..., changes = [ ins #comment before smtpd_milters, set #comment[.=''] 'Settings for implementation of DKIM', ] onlyif = #Test if comment exists } This means that if the settings change in value, augeas will set them back. When I run 'puppetd -t' on the client, sometimes it adds the lines into the main.cf configuration file and on subsequent runs it removes it. It is not consistent. I do not understand why it would remove the values. Also when I run puppetd with the --debug switch I see the following: debug: Augeas[dkim-postfix-settings](provider=augeas): Opening augeas with root /, lens path , flags 0 debug: Augeas[dkim-postfix-settings](provider=augeas): Augeas version 0.7.1 is installed debug: Augeas[dkim-postfix-settings](provider=augeas): Will attempt to save and only run if files changed debug: Augeas[dkim-postfix-settings](provider=augeas): sending command 'set' with params [/files/etc/postfix/main.cf/smtpd_milters, inet:localhost:20209] debug: Augeas[dkim-postfix-settings](provider=augeas): sending command 'set' with params [/files/etc/postfix/main.cf/non_smtpd_milters, inet:localhost:20209] debug: Augeas[dkim-postfix-settings](provider=augeas): sending command 'ins' with params [#comment, before, /files/etc/postfix/main.cf/smtpd_milters] debug: Augeas[dkim-postfix-settings](provider=augeas): sending command 'set' with params [/files/etc/postfix/main.cf/#comment[.=''], Settings for implementation of DKIM] debug: Augeas[dkim-postfix-settings](provider=augeas): Files changed, should execute debug: Augeas[dkim-postfix-settings](provider=augeas): Closed the augeas connection debug: //dkim/Augeas[dkim-postfix-settings]: Changing returns debug: //dkim/Augeas[dkim-postfix-settings]: 1 change(s) debug: Augeas[dkim-postfix-settings](provider=augeas): Opening augeas with root /, lens path , flags 0 debug: Augeas[dkim-postfix-settings](provider=augeas): Augeas version 0.7.1 is installed debug: Augeas[dkim-postfix-settings](provider=augeas): sending command 'set' with params [/files/etc/postfix/main.cf/smtpd_milters, inet:localhost:20209] debug: Augeas[dkim-postfix-settings](provider=augeas): sending command 'set' with params [/files/etc/postfix/main.cf/non_smtpd_milters, inet:localhost:20209] debug: Augeas[dkim-postfix-settings](provider=augeas): sending command 'ins' with params [#comment, before, /files/etc/postfix/main.cf/smtpd_milters] debug: Augeas[dkim-postfix-settings](provider=augeas): sending command 'set' with params [/files/etc/postfix/main.cf/#comment[.=''], Settings for implementation of DKIM] debug: Augeas[dkim-postfix-settings](provider=augeas): Closed the augeas connection notice: //dkim/Augeas[dkim-postfix-settings]/returns: executed successfully I'm not sure why it is running the commands twice. Please note when it does the two sets of instructions it does add the contents to the main.cf file. When it doesn't, it removes the contents. Here is the output when puppet removes the contents: debug: //liferay_system/File[/etc/postfix/main.cf]/content: Executing 'diff -u /etc/postfix/main.cf /tmp/puppet-diffing.10996.0' --- /etc/postfix/main.cf2010-06-17 14:00:52.0 -0400 +++ /tmp/puppet-diffing.10996.0 2010-06-17 14:01:15.0 -0400 @@ -673,6 +673,3 @@ smtp_sasl_security_options = noplaintext smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination mailbox_size_limit = 25600 -# Settings for implementation of DKIM -smtpd_milters = inet:localhost:20209 -non_smtpd_milters = inet:localhost:20209 debug:
Re: [Puppet Users] puppet and CPU
On Jun 10, 2010, at 12:02 AM, Nat wrote: Hi, I am running puppet on my machines (mainly all rhel 5) and notice that puppet is waking the CPU up between 90 - 100 times a second. Is this normal?? it is waking the CPU up more than the kernel itself (when not under load)!! All puppet instances run as a daemon. Just as a test I also get the same results using red hat 6 beta. Does anyone else experience this? Any ideas on how to stop it? Puppet is misconfigured under some disros to do bad stuff before it gets its first certificate. Do these machines have a certificate? Also, you are talking about the client right? Some people run the client with cron and tell it do do a single run and then quit. That should solve this problem if you are talking about the client. (If the client has a certificate) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet and ruby 1.9?
On Jun 7, 2010, at 10:40 AM, DeRailed wrote: Hi, I am just getting started with puppet. Our stack runs on 1.9 and it seems puppet is not quiet there yet. I figure I could run puppetmaster on 1.8 but the clients will need to install and run 1.9. Any advise there? or are we doomed for the time being? I know very little about ruby so I could be wrong, but can't just install both versions? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.