Re: [Puppet Users] Open Source PuppetDB Code

[Peter Kristolaitis]

https://github.com/puppetlabs/puppetdb


On 2017-06-29 12:12 PM, Peter Krawetzky wrote:
I did a little searching on github but couldn't find it.  Does anyone 
know where the source code is for the PuppetDB server?  I'm really 
looking for the source code that contains the DML (insert, select, 
update, delete).


Thanks.
--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/07a704c4-563b-492c-b08d-e817e78bc113%40googlegroups.com 
.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/4aefe8ef-5570-de62-50cb-d1d67e51f548%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] How would you represent this in hiera?

[Peter Kristolaitis]

If you're trying to use data binding, then it would be:

ssh::server::subsystem::system: '/usr/libexec/sftp-server'

That does, however, have problems if you have multiple instantiations of 
ssh::server::subsystem on a single node with different values, and you'd 
need to define your own hierarchy and explicitly use hiera lookups in 
your manifest in that case.



On 2017-06-01 05:19 PM, Peter K wrote:
Hi all, I'm using the zleslie-ssh 
 module and trying to configure 
it with hiera.
I have all the lines working but this one (this is the output I"m 
seeking):


|
Subsystem sftp /usr/libexec/sftp-server
|

Here is successfully working code that is non-hiera:

|
include ssh::service

ssh::server::subsystem {'sftp':
system =>'/usr/libexec/sftp-server'
}
|

Here is my best guest to how it should be defined with hiera (but it 
doesn't create anything):


|
ssh::server::subsystem::sftp:
-system:'/usr/libexec/sftp-server'
|

Thoughts?
thx
-peter
--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5f4b39eb-bb3b-40d8-91a4-82f16931e53a%40googlegroups.com 
.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/798fafa9-3201-aa83-1420-9715f046177a%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Controlling Puppet class execution order with parameters.

[Peter Kristolaitis]

You need to use 'require' instead of 'import'.


On 5/24/2017 11:57 AM, Harish Kothuri wrote:

Hi,

I have 3 classes and i need to execute class 3 only when class 1 and 
class 2 completes. All of these classes must be attached to a host.


class1($version='1.1.1'){
   .
   .
   .
}
class2($version='2.2.2'){
   .
   .
   .
}

and

class3(){
import class1
import class2
exec{ 'something':
  cmd => 'some command here',
  before => [Class['class1'], Class['class2']]
}
}

When i try to apply the above relation, i get the following error

*Error: Could not retrieve catalog from remote server: Error 400 on 
SERVER: Duplicate declaration: Class[class1] is already declared; 
cannot re declare on node machine.domain.com*

*
*
Can any one guide me how to handle this scenario?

Thanks




--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5e5d0f57-5df3-43f5-8d96-48896ed258b2%40googlegroups.com 
.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/851bb3e1-774c-9584-62a2-5518bf6bc5ee%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Can a resource run more then once in a catalog?

[Peter Kristolaitis]

A subscribed / notified resource will only trigger once. Puppet's basic 
execution model only allows each resource to run once during a catalog 
run, and you can think of notify/subscribe as a special case of using  
'require' to determine execution order.



On 3/3/2017 12:14 PM, Joshua Schaeffer wrote:

Ahoy all,

TL;DR
I'm looking for information on how a catalog runs, in particular if 
you notify an exec resource within a manifest multiple times (from 
different resources) will the exec run multiple times if it has 
refreshonly set to true? I've given more details below:


Background information
Right now I'm creating a series of modules that helps setup a server 
to meet certain specifications after the server OS is installedt. It 
basically comes down to a few general areas:


 1. Create a module and sub-modules that installs basic components,
packages, networking, configuration, etc that is applicable to all
servers.
 2. Create a module and sub-modules that installs company and region
specifics.
 3. Create a module and sub-modules that installs specifics to the
type of server being setup and its purpose.

I'm already done with steps 1 and 2 and working on getting items 
installed and configured that are particular to the application level 
of the people who will use the server (step 3). Unfortunately part of 
there steps are to call a Perl script that sets up the system after 
the OS has been configured and handed over to them. We don't have the 
time to really break out what the Perl script is doing and "puppetize" 
each step, so we have decided to just call the script itself in 
Puppet. Not the ideal way to run Puppet but right now it is what we 
need to do.


Situation
I have to pull the latest code from SVN as part of step 3 described 
above, then copy a few of the files from the repo to another location. 
What I want to do is if any files are copied over then notify an exec 
resource to run the Perl script. So if the file that needs to be 
copied is not in the destination directory, or the file that was 
pulled from SVN is newer/changed then it will update the file in the 
destination directory. This will then send a notify to the exec 
resource which will run the Perl script. However, I only want to call 
the exec resource once. Say that three files are going to be copied 
from the repo to the destination directory. If only one of them is 
actually copied (because the other two are already present and 
current) then the exec resource would only be notified once, however 
if 2 or 3 of the files are actually copied then will the exec resource 
be notified multiple times? If so will it run multiple times?


This is the code I've created for it:

|
# First checkout the packages.
vcsrepo {"/tmp/packages":
ensure=>'latest',
provider =>'svn',
source =>$svn_path,
basic_auth_username =>$svn_username,
basic_auth_password 
=>get_password($svn_username,lookup({name 
=>"${profile::site}::${environment}::dat::hostautomation::${svn_username}"})),

}


# Copy individual files listed in the package map to use when running 
the automation_software script.

svn_pkgs_map.each |$pkg,$pkg_detail|{
file {"${pkg_install_path}/${pkg_detail['name']}"
ensure=>'present',
source 
=>"file:///tmp/packages/${pkg_detail['name']}",

owner =>'ashl',
group=>'autoshel',
mode =>'0644'
notify =>Exec['automation-software'],
require=>Vcsrepo['/tmp/packages'],
}
}


# Next install the packages.
exec{'automation-software':
command =>$cmd,
user =>'ashl',
refreshonly =>true,
}

|

The first step just does a checkout on the repo, the second step 
copies files listed in a map that are specified in Hiera. That step 
requires the SVN step and then if the files are copied/updated will 
notify the exec resource which will actually run the script which 
takes place in the third step.


Question
So my question is if I specify multiple files in my map and Puppet 
actually copies multiple files, will it notify the exec resource 
multiple times? If it does will it run the exec resource multiple times?


Thanks,
Joshua

--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/50aa738a-938f-445a-b52c-51a1a3533459%40googlegroups.com 
.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the 

Re: [Puppet Users] Installing puppet 4 Open Source

[Peter Kristolaitis]

Puppet 4 uses a Java-based server (puppetserver) that is 
self-contained.  The Ruby-based server (puppetmaster) is not supported 
in the 4.x and later series.



On 2/3/2017 11:13 AM, gr...@techforsmbiz.com wrote:

Hey all

I am new to puppet and interested in installing puppet 4 for my 
company.  We don't have the budget to go with the enterprise version 
so I would like to do open source, is it still recommend to use apache 
and passenger for a production type environment for puppet 4 or just 
installing the dropping is fine .


Garth
--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/f75793d8-9018-454b-908c-f0da07b073a1%40googlegroups.com 
.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/b565f4a8-1501-51af-63b0-d1ca7c01a69e%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Design Patterns - Profiles & Shared Information

[Peter Kristolaitis]

We use something that's halfway between the second and third options.

We use standardized namespaces in Hiera that group together logical sets 
of data (we use it mostly for distributed app configuration, but you 
could easily apply this to system configuration), then we pull that into 
our profiles.  Not an actual "data class" like your second option, but a 
little more complex than your third option. For example:


define profiles::vhost (
  $sitename = $title,
  $parent_config = $title,
) {

  $config = merge ( hiera_hash("application::${parent_config}"),
hiera_hash("application::${sitename}")
  )

  $product  = $config['product']
  $branch   = $config['branch']
  $component= $config['component']
  $version  = $config['version']
  $db_user  = $config['db_user']
  $db_pass  = $config['db_pass']
  ...
}

This lets us share things like database passwords among the various 
profiles (vhost, database, etc) and systems that need it, and the hash 
merge lets us share common configuration (e.g. log host or database 
credentials) among many application sub-components that might be on 
different code branches or versions.


This way way have a very, very generic "virtual host" module (or 
"database" module or what have you) at the profile level, and our roles 
define what namespace(s) we use for configuration (and thus, what 
product/component/etc gets deployed, and the data inheritance structure 
between them).


This was developed in response to some really specific business 
requirements at our site, but it works reasonably well for us.


- Peter


On 1/9/2017 6:15 AM, Stefan Schlesinger wrote:

Hi,

I wonder what approaches you are currently using for sharing common information
among multiple Puppet profiles:

To come up with some examples which will need to be maintained for multiple
profiles:

- HTTP proxy settings
- IP ACLs for whitelists (eg. IP of monitoring systems, trusted hosts)
- E-mail addresses for system mails (not only for /etc/aliases)

Any thoughts?

The options I currently have on the table are:

- Don’t do any abstraction and maintain multiple copies of the same information
   in hiera (eg. ::profile::redsocks::proxy_url, ::profile::apt::proxy_url).

   Which in more comprehensive Puppet might not scale so well.

- As Volcane suggested on IRC, use a ::data module to provide an interface for
   hiera key lookups and use ::data::some_common_thing in other profiles.

- Simply use hiera calls directly in modules such as

   class profile::redsocks(
 $proxy_url = hiera(‘proxy_url’)
   )

   Which I personally dislike, as using a module provides options for
   documentation and validation as well as a defined, versionable interface to
   the variables.

Thanks for your feedback!

Best, Stefan.



--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/90faabc0-9e95-448c-eec8-5a71547037c4%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Where is the .msi for Puppet 4.8.1 agent?

[Peter Kristolaitis]

Puppet 4 brought with it some naming and versioning changes. The agent 
package is now called "puppet-agent", and the latest version is 1.8.2.  
The MSI packages are available at the link you provided, way down at the 
bottom.




On 12/15/2016 7:49 AM, lzerw wrote:

Good Morning together,

we change from Puppet 3.8.1 to Puppet 4.8.1.
Iam a little bit confused. The link in the original puppet documentation:

https://downloads.puppetlabs.com/windows/?_ga=1.186249197.570974180.1471607899

didnt list a .msi for the Puppet 4.8.1 The max. Version is 
puppet-3.8.7-x64.msi.
Wich .msi i have to use now when i want running a Windows Node with 
Puppet 4.8.1 ?


Thanks for your advice.

Best Regards
--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/a98799ad-821e-40ad-8c1d-2d8bce93c1e2%40googlegroups.com 
.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/0067fad8-1004-2d76-852b-2e15d834cdcd%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Check if user exist in windows OS.

[Peter Kristolaitis]

Just use the builtin 'user' type.


On 12/13/2016 8:41 AM, Mariusz Gibki wrote:

How to check if user exist in windows OS.

If exist do nothing

if not exist add user

???
--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/bf391cae-c98a-4393-b479-9a543f9e600a%40googlegroups.com 
.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/27ad8e3d-b5d2-4e85-a436-e9cfdd9dec22%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Need puppet lab manuals

[Peter Kristolaitis]

Have you gone through the material in the Puppet Learning VM 
(https://puppet.com/download-learning-vm)?



On 11/24/2016 2:53 PM, shakeel pasha wrote:


Can someone please provide lab manuals or lab scenarios to practise 
puppet

That would be a great help

--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAFfExD9g%2BC7nQMN%2BcuQtkMDgrJydPTdg262dZURmZe8i%3DTMyQg%40mail.gmail.com 
.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/7f7218b6-83ce-bb73-b951-26a1c1e40210%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Default profile or role

[Peter Kristolaitis]

There is no magic involved in roles and profiles -- they're just classes 
that get assigned to nodes based on the node's definition.


Thus, if you want a default role assigned to the default node 
definition... then assign that default role to the default node definition.




On 2016-10-18 01:58 PM, Ugo Bellavance wrote:

Hi,

Is there an equivalent of the default node definition when using 
profiles and roles?


Thanks,
--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/7a443246-ab0f-4872-943f-66780adff83c%40googlegroups.com 
.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/e3afe4b3-0cdf-3478-cb07-a580923f3ba9%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Puppet 4 under Ubuntu 16.04

[Peter Kristolaitis]

Puppet 4 *only* uses the Java-based puppetserver.   puppetmaster is was 
deprecated and is not supported in the current version.



On 2016-10-18 01:18 PM, Ilia Ternovich wrote:

Servus,

Thank you very much for the answer. As I said originally -- I need 
puppet*_master_* 4 (not puppet*_server_*). Then there came advise to 
use puppetserver instead and mess around JDKs.


Thanks

On Tue, Oct 18, 2016 at 7:10 PM, Thomas Hager > wrote:


On Mon, 2016-10-17 at 13:13 +0200, Ilia Ternovich wrote:
> I would like to install puppet first and then manage my oracle jdk
> installation with it. I don't need OpenJDK
>
Well, before managing anything with Puppet, you need a working
puppetserver. And puppetserver has a dependency on OpenJDK, because
it's the only JDK shipped with Xenial.

So, install puppetserver with OpenJDK and write your manifest to
install Oracle's JDK later (you can safely install OpenJDK and Oracle
JDK in parallel on Ubuntu).

But the question remains, why would you want to install Oracle JDK
on the puppetserver? Puppetserver works fine with OpenJDK on Xenial,
been running it for 3-4 months now without a glitch.

Cheers,
Tom.


Thomas "Duke" Hager d...@sigsegv.at 
GPG: 2048R/791C5EB1 http://www.sigsegv.at/gpg/duke.gpg

=
"Never Underestimate the Power of Stupid People in Large Groups."

--
You received this message because you are subscribed to a topic in
the Google Groups "Puppet Users" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/puppet-users/l2SQACok7Us/unsubscribe
.
To unsubscribe from this group and all its topics, send an email
to puppet-users+unsubscr...@googlegroups.com
.
To view this discussion on the web visit

https://groups.google.com/d/msgid/puppet-users/1476810616.12999.1.camel%40sigsegv.at

.
For more options, visit https://groups.google.com/d/optout
.


--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAPP%2BqtDbgJHgTwRMeZEKchWq%2BOPubbzG1M%2BH91CP0kr63%2BAwEw%40mail.gmail.com 
.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/ee677fe1-be73-5fae-399e-973c63e1e711%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet 4 under Ubuntu 16.04

[Peter Kristolaitis]

You need to install the puppetserver package, not puppetmaster.


On 2016-10-14 10:08 AM, Ilia Ternovich wrote:

Hi,

Is there any way of installing puppetmaster 4 into Ubuntu 16.04?

I have read numerous articles in internet regarding 
importing https://apt.puppetlabs.com/puppetlabs-release-pc1-xenial.deb 
-- but this does not work. Latest version is always 3.8


Please advise.

Thanks
--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/ee5bb22d-497a-4be0-83bc-2619d7e77d02%40googlegroups.com 
.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/e358ab10-6c90-d37f-5737-3f1022af980e%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] HOWTO ERB Template generate an array of files

[Peter Kristolaitis]

That's only true if you use symlinks.  Hard links wouldn't have that 
issue, though Puppet currently can't handle those with the file{} resource.


However, the above point is almost irrelevant, because if you have 
people going around and randomly deleting files in /etc, I would argue 
that you have a WAY bigger problem than being worried about whether or 
not a MOTD is displayed, and one that can't be solved with configuration 
management software.


- Peter


On 9/18/2016 4:42 AM, Warron French wrote:


Hi, thanks Peter.

I am writing this module to write it based on the design I have had 
because... being a little lazy I guess you might say/think. I know 
that I could do a link, but I believe for something like this an 
actual file might be required, because if the main file is deleted, 
then the banner is lost entirely because the links will be broken.



Thanks.


On 9/16/2016 3:25 PM, Peter Kristolaitis wrote:


You can create arrays of identical resources:

file { [ '/etc/motd',
 '/etc/issue',
 '/etc/issue.net',
   ]:
  ensure   => file,
  owner=> 0,
  group=> 0,
  content  => template('manage_banners/some_banner_text.erb'),
}

Under the hood, when the catalog is compiled, it still gets split out 
into 3 separate resources that are managed independently, but in your 
manifests you can define them as a single block.


The other option, if these 3 files are always to be the same, is to 
pick one to put the actual content into and then use symlinks or 
hardlinks for the other two files.



On 2016-09-16 02:54 PM, Warron French wrote:

Its probably easiest to explain what I want to accomplish.

I want to create the following 3 files: */etc/motd, /etc/issue, 
/etc/issue.net* from a single (1) puppet file resource using the 
content => template('template.erb') syntax.


I don't want to create 3 separate file resources and use the exact 
same syntax three (3) times.


I have a class (I am a novice puppet code) and here is what I have 
in it so far...


class manage_banners::text {
   { file '/etc/motd':
   ensure  => 'file',
   owner   => '0',
   group   => '0',
   content => template('some_banner_text.erb'),
   }
}

class manage_banners::gdm {
 
}

class manage_banners::kde {
 
}

In the manage_banners::text class I don't want to place 3 file 
resources (one for each of the /etc/ files).


I am thinking that there is a solution for this, but I don't know 
how to keyword search for something like this.


Please help, and thank you,
Warron
--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, 
send an email to puppet-users+unsubscr...@googlegroups.com 
<mailto:puppet-users+unsubscr...@googlegroups.com>.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/c78a1ca7-7839-433f-8483-8976ecad9532%40googlegroups.com 
<https://groups.google.com/d/msgid/puppet-users/c78a1ca7-7839-433f-8483-8976ecad9532%40googlegroups.com?utm_medium=email_source=footer>.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, 
send an email to puppet-users+unsubscr...@googlegroups.com 
<mailto:puppet-users+unsubscr...@googlegroups.com>.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/af6dfdab-311d-7968-1aac-c958386e4829%40alter3d.ca 
<https://groups.google.com/d/msgid/puppet-users/af6dfdab-311d-7968-1aac-c958386e4829%40alter3d.ca?utm_medium=email_source=footer>.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
<mailto:puppet-users+unsubscr...@googlegroups.com>.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/a587b59f-03b1-2c5a-d456-c655a9d0cde6%40gmail.com 
<https://groups.google.com/d/msgid/puppet-users/a587b59f-03b1-2c5a-d456-c655a9d0cde6%40gmail.com?utm_medium=email_source=footer>.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/c5a84f86-60fd-1984-fa5d-e9e761d2a341%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] HOWTO ERB Template generate an array of files

[Peter Kristolaitis]

You can create arrays of identical resources:

file { [ '/etc/motd',
 '/etc/issue',
 '/etc/issue.net',
   ]:
  ensure   => file,
  owner=> 0,
  group=> 0,
  content  => template('manage_banners/some_banner_text.erb'),
}

Under the hood, when the catalog is compiled, it still gets split out 
into 3 separate resources that are managed independently, but in your 
manifests you can define them as a single block.


The other option, if these 3 files are always to be the same, is to pick 
one to put the actual content into and then use symlinks or hardlinks 
for the other two files.



On 2016-09-16 02:54 PM, Warron French wrote:

Its probably easiest to explain what I want to accomplish.

I want to create the following 3 files: */etc/motd, /etc/issue, 
/etc/issue.net* from a single (1) puppet file resource using the 
content => template('template.erb') syntax.


I don't want to create 3 separate file resources and use the exact 
same syntax three (3) times.


I have a class (I am a novice puppet code) and here is what I have in 
it so far...


class manage_banners::text {
   { file '/etc/motd':
   ensure  => 'file',
   owner   => '0',
   group   => '0',
   content => template('some_banner_text.erb'),
   }
}

class manage_banners::gdm {
 
}

class manage_banners::kde {
 
}

In the manage_banners::text class I don't want to place 3 file 
resources (one for each of the /etc/ files).


I am thinking that there is a solution for this, but I don't know how 
to keyword search for something like this.


Please help, and thank you,
Warron
--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/c78a1ca7-7839-433f-8483-8976ecad9532%40googlegroups.com 
.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/af6dfdab-311d-7968-1aac-c958386e4829%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Report processor that log tagmail like reports to a file?

[Peter Kristolaitis]

If you can't find a prebuilt module to do this, it would be super easy 
for you to write your own.  Report processors are pretty straight-forward.


If you started by copying the tagmail module, then ripped out the SMTP 
bits and added in write-to-file bits, you'd have to write... probably 
less than 10 lines of code.



On 9/15/2016 10:56 PM, pyke...@gmail.com wrote:
I searched through all the reports processors on puppet forge but did 
not find one that writes tagmail like reports to file...

Can any one point us to something like this?

Regards,

Daniel
--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/816b6113-85e2-43c8-bf3a-04a0515087a0%40googlegroups.com 
.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/67112dce-4b62-0a5c-dd15-a53c6aa1af77%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] registry workaround for HKCU(HKEY_CURRENT_USER)

[Peter Kristolaitis]

Since HKCU is contextualized to the current user, and the Puppet agent 
generally runs as SYSTEM, this is almost guaranteed not to do what you 
want if you can even get it to work.  You will likely have to write 
PowerShell that knows how to change context to another user to 
accomplish useful things within HKCU.


To solve the errors in your PowerShell example, you will have to escape 
the slashes, e.g.


$path = 
"HKCU:\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\VisualEffects\\"
$command = "(set-ItemProperty -Path $path -Name "VisualFXSetting" -Value 
"1")"


However, as mentioned above, this alone probably won't do what you want 
/ expect, because Puppet is executing in the incorrect user context.



On 2016-09-13 03:17 PM, bkmrk...@gmail.com wrote:

hello all,

I am trying to find a workaround as to how one would set some registry 
entry for HKCU using the registry module, as looking at the 
limitations it states below(so HKCU is not supported)


"Keys within HKEY_LOCAL_MACHINE (hklm) or HKEY_CLASSES_ROOT (hkcr) are 
supported. Other predefined root keys (e.g., HKEY_USERS) are not 
currently supported."


i tried creating the below class, just for the heck of it to see if it 
even works or not...but of course it does not, i get "Unsupported 
predefined key"

class reg_entry {
registry::value { 'VisualFXSetting':
key  => 
'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects',

type => dword,
data => '1',
  }
}

i get the following error when i try to test it out using above class

Error: Failed to apply catalog: Parameter path failed on 
Registry_key[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects]: 
Munging failed for
 value 
"HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\VisualEffects" 
in class path: Unsupported predefined key: 
HKCU\Software\Microsoft\Windows\
CurrentVersion\Explorer\VisualEffects at 
/etc/puppetlabs/code/environments/production/modules/registry/manifests/value.pp:67


so i wanted to find out what are other folks doing with regards to 
setting HKCU keys...i suppose i can use "exec" with powershell to 
accomplish this but how do i set the path for HKCU in the mainfest, 
below does not work and i get error "Unrecognized escape sequence"...


$path = 
"HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\"
$command = "(set-ItemProperty -Path $path -Name "VisualFXSetting" 
-Value "1")"


--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/0c68b9b3-761e--89d5-e3de60aa4ee8%40googlegroups.com 
.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/6dfa41eb-fe0a-e630-f585-5ab337ee8a2a%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] A Scalable HA Setup with on 2 configs, check this out !

[Peter Kristolaitis]

Serial numbers on SSL certificates are important, and your setup will 
generate many duplicate serial numbers.  Ergo, this is bad.


Related problem:  Did you test revoking a client certificate?  I suspect 
not, because the above issue will bite you.



On 2016-09-12 12:48 AM, Ivan Arjune wrote:
Did i figure out something new here, because I've been digging at this 
for a week and don't see anyone doing it like this.


What i'm doing is running multiple puppetmasters behind haproxy.  Each 
puppetmaster is an active ca server and share a common certificate.  
It works like a charm, in a lab.


Step 1. created a common certificate that all the puppetservers will 
share.

Step 2. point webserver.conf to the shared certs.
Not a step 3. hit the masters through haproxy

I posted this up on ask.puppet.com a few days ago and nobody seems 
interest in it.  Either it's a stale forum, which i believe is true, 
or they think i'm crazy.  Maybe you do to, ugg


Here is the orig. post with details on the setup.
Puppet CA Shared Certificate Guide: Scalable Puppet? 



I'm looking to put this into production on an infra. with around 200 
nodes.  I think it's a good idea, but can't figure out why I don't see 
anyone doing it like this yet.


Million dollar question:
Why must i use a centralized the ca server?




--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/6dcd4a20-909c-4373-892f-0f7a3e69d19d%40googlegroups.com 
.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/c5dbbb59-4de7-720f-3424-3135db424522%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] mysql package name

[Peter Kristolaitis]

There is a package_name parameter in the Forge module.  It's designed to 
allow you to install e.g. MariaDB instead of MySQL, but it would work 
fine for your use case as well.




On 2016-08-29 02:00 PM, Suresh Rajagopal wrote:

Hi Lowe,

My concern is with package name. MySQL package name differs for each 
version. In the forge module, if you try installing with 
mysql::server(ensure=>5.6.31) it will fail if you don't pass package 
name as(MySQL-server) an argument.


 5.0/5.1 ---> MySQL-server-community
 5.6 > MySQL-server
 5.7 --->mysql-community-server

How to handle this logic ?

Thanks
Suresh Rajagopal

*From:* Lowe Schmidt 
*To:* puppet-users@googlegroups.com
*Sent:* Monday, August 29, 2016 7:29 AM
*Subject:* Re: [Puppet Users] mysql package name

Have a look at the mysql module in the forge [0]. They solve it by 
having a package_ensure parameter to the mysql::server class which is 
one of [ 'present', 'latest, 'absent', 'x.y.z' ] where "x.y.z" is a 
version string.


[0] https://forge.puppet.com/puppetlabs/mysql#mysqlserver

--
Lowe Schmidt | +46 723 867 157

On 29 August 2016 at 06:42, Suresh Rajagopal > wrote:


Hi,

Puppet 3.4 with hieara.

what is the best place to define package name within a module?
package name varies based on package version.

Thanks
Suresh Rajagopal
-- 
You received this message because you are subscribed to the Google

Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to puppet-users+unsubscribe@ googlegroups.com
.
To view this discussion on the web visit
https://groups.google.com/d/ msgid/puppet-users/c66b04fb-
2591-47da-af56-8f7eda59f964% 40googlegroups.com

.
For more options, visit https://groups.google.com/d/ optout
.


--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC-wWcT%2BD0BgoAa238y2xgn3dV5XByTSewJTk5hGOx4cR2GuQg%40mail.gmail.com 
.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/1151442669.1567854.1472493607331%40mail.yahoo.com 
.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/148610e9-6fb8-ba33-0348-5af4b6c0ed6f%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] "extending" hiera data?

[Peter Kristolaitis]

No problem!   Feeling lost is a little normal -- Puppet is a deceptively 
complex tool.  You will probably go through MANY iterations of 
architecture, module layout, etc, as you ramp up your Puppet skills.  
When I first started with Puppet, I wrote a very clever ENC that did 
some internal-business-logic stuff.  It worked great, and I was very 
proud of myself.  Fast forward a few months, and I realized that I had 
basically reinvented Hiera, in a way that wasn't as good as Hiera, and 
all I had to do to use pure Hiera was write a custom fact and use it in 
my Hiera hierarchy.


The stuff I described is a little hard to understand if you haven't 
dealt with modules before, because it's very abstract. However, it seems 
like you're on the right track.  Group everything to make an "ELK 
server" into a profile module -- including packages, configuration 
files, and network ports, then just include that into a role module that 
gets assigned to a node.  If there is special "data" (say, database 
credentials), that should come from Hiera.  You may find that you may 
need to (or it might just be easier to) split out your ELK module into 
its 3 components, then have the ELK module tie them all together.


However, I would caution you against completely rewriting everything 
from scratch -- there are a lot of really great modules on the Forge -- 
Elasticache, for example, has a really good module that is provided by 
the vendor.  Don't reinvent the wheel.  :) Just write enough 'glue' code 
to tie everything together to meet your business needs.


I would start by watching the video linked to by Rich in his reply to 
this thread.  I haven't watched the whole thing, but what I've watched 
is a pretty awesome intro to a lot of best practices.  There are a 
couple other good videos of the roles & profiles model floating around 
that may be worth your time to watch as well.




On 8/13/2016 9:53 AM, Robert Poulson wrote:

Hi Peter,

thank you for the valuable input!

I read your answer yesterday many times and asked myself: "yes, it's 
clear that I'm doing it wrong, but what is the Right Way™then?".


But many hours later, I might have one of those "aha moments" :)

I always wanted to write modules - or use them in a manner - which 
define the state of the node after the module gets assigned to it. The 
modules either contain the information themselves (like the mounts, 
apache modules etc.) or get these as a parameter; and they always got 
assigned directly to the node.


But it seems to me that in this "roles & profiles" model, one uses the 
modules more like if they were just various libs; they're not assigned 
to the nodes per se, but are just "called" (included) in the node 
classifiers with the parameters.


This way, I don't have to open the port 5601 for Kibana in my ELK 
module, but include the firewall class with port 5601 as a parameter 
within the ELK profile.


Or something similar. Or something different. But I think I got your 
point :)


The good news is, I have very much work ahead of me so I don't mind to 
start creating new modules, and re-doing the existing ones in this 
philosophy.


Thanks; and feel free to correct me if I'm still wrong :)

Rp






On Thu, Aug 11, 2016 at 11:30 PM, Peter Kristolaitis 
<alte...@alter3d.ca <mailto:alte...@alter3d.ca>> wrote:


This is probably a case of trying to use Hiera for stuff you
shouldn't be using it for.  It's important to keep in mind that
Hiera is not really a replacement for manifest files -- or even
better, modules that follow a role & profile architecture.  You
can hack Hiera to do that, but you're going to rip your hair out
debugging it, and there are better architectural ways of dealing
with it anyways. create_resources() seems really cool when you
first learn about it.  That fades quickly as you scale.  ;)

To use your firewall example, "ports opened" depend on the profile
of the system (e.g. what software is installed). All nodes that
have Apache need port 80 and 443 opened, for example.  All SSH
servers need port 22.

In a "roles & profiles" model, every node probably gets a
"baseline firewall" profile assigned to it.  This is where you
would set up iptables policies, default-drop rules, etc.   If
you're using the puppetlabs-firewall module, you'll probably tell
it to purge all non-Puppet-managed firewall rules.

Then in every profile class that requires an open network port,
you would have it add the appropriate firewall rule definition.  
The SSH profile class adds a firewall rule for port 22.  The

Apache class adds firewall rules for ports 80 and 443.

This way, when Puppet is configuring your system, the logic is "I
have Apache installed, so I need ports 80 and 443 opened", instead
of "I'm node ABC and I have po

Re: [Puppet Users] "extending" hiera data?

[Peter Kristolaitis]

This is probably a case of trying to use Hiera for stuff you shouldn't 
be using it for.  It's important to keep in mind that Hiera is not 
really a replacement for manifest files -- or even better, modules that 
follow a role & profile architecture.  You can hack Hiera to do that, 
but you're going to rip your hair out debugging it, and there are better 
architectural ways of dealing with it anyways.   create_resources() 
seems really cool when you first learn about it.  That fades quickly as 
you scale.  ;)


To use your firewall example, "ports opened" depend on the profile of 
the system (e.g. what software is installed).  All nodes that have 
Apache need port 80 and 443 opened, for example.  All SSH servers need 
port 22.


In a "roles & profiles" model, every node probably gets a "baseline 
firewall" profile assigned to it.  This is where you would set up 
iptables policies, default-drop rules, etc.   If you're using the 
puppetlabs-firewall module, you'll probably tell it to purge all 
non-Puppet-managed firewall rules.


Then in every profile class that requires an open network port, you 
would have it add the appropriate firewall rule definition.   The SSH 
profile class adds a firewall rule for port 22.  The Apache class adds 
firewall rules for ports 80 and 443.


This way, when Puppet is configuring your system, the logic is "I have 
Apache installed, so I need ports 80 and 443 opened", instead of "I'm 
node ABC and I have port 80 and 443 opened, but I might or might not 
have Apache installed", which is a situation you can easily get into if 
you're shoving as much as you can into Hiera.


This approach seems like much more work at first, because breaking out 
all your logic into profile modules can be quite verbose and 
time-consuming.  Sometimes you will get a profile class that does 
nothing but install a single package (e.g. if you have multiple profiles 
that require a single Apache module).  That's OK.  It will be MUCH 
easier and less error-prone to manage over the long run, and you'll 
appreciate the architecture if you start using exported resources and 
other features of Puppet.




On 2016-08-11 04:46 PM, Robert Poulson wrote:

Hey List,

during the last weeks I finally managed to spend some quality time :) 
with Puppet and I deepened my knowledge a bit: learned some ruby, 
wrote my first custom ruby facts, used hiera in my latest module... 
it's been fun.


There is one concept with Hiera though which is still unclear for me.

Let's say all of our servers have only port 22 open. But I assign my 
module to a node which installs and configures Apache, so it should 
add port 80 and 443 to the open ports list.


Or I assign my other module to a node which uses SSO and has to enable 
the mod_auth_kerb Apache module. On my ELK nodes I'd like to use some 
more Apache modules as well.


Or a Docker node needs to add some rules to the /etc/sudoers, another 
application some more rules...


I could name a few more examples, but the point is: I can't always 
define something static in a hiera value, like open_ports: / 
apache_modules_enabled: / sudo_commands: etc. but need to dynamically 
manage these arrays when a module is assigned to a node.


How should be this achieved?

A _very_ primitive analogy is like
  $PATH="$PATH:/usr/local/my_app"
where I don't have to take care of the actual content of $PATH, but 
can simply extend it. Something similar would be great in Hiera (or 
elsewhere) instead of using defines for every resource I have.


Thanks
Rp
--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CANwwCtz0nz6%2BzZMX4ksfrfy%3D8sMjmsSi6vrSpZqS49fVUVO-dA%40mail.gmail.com 
.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/efe67a83-ce29-07ef-3e69-1bcdb32f2d05%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Restricting ssh keys?

[Peter Kristolaitis]

There is an attribute on the 'user' type called 'purge_ssh_keys'. If you 
set it to 'true', Puppet will remove all SSH keys from 
~/.ssh/authorized_keys if they are not explicitly managed by Puppet.


So if you have something like:

user { 'appadmin':
   
   purge_ssh_keys: true,
   
}

ssh_authorized_key { 'appadmin_bob':
user: appadmin,

}

ssh_authorized_key { 'appadmin_mary':
user: appadmin,

}

Then when Puppet runs, it will ensure that Bob and Mary's keys, and ONLY 
those keys, are in ~appadmin/.ssh/authorized_keys.


- Peter


On 2016-07-05 10:22 AM, dkoleary wrote:

Hey, all;

I have a number of application administration accounts which can be 
accessed via a select set of ssh keys.  I've seen several 
pages/recipes for using virtual users and the ssh_authorized_key 
resource which look like they work well for adding and deleting keys; 
but, not necessarily for restricting access to *only* those keys.


More specifically, I have ~ 1200 hosts.  On all of them, I have an 
admin account that should have ssh keys for four administrators.  ~ 
90% will have other admin accounts that will have an additional key in 
the file and a few outliers that will have 3 -4 other keys.


Basically, what i"m looking for is having any keys that are not one of 
those automatically removed.


Is there a way to do that outside of using a file resource?  I'm still 
working my way through the ~38,000 google search results and am hoping 
to cut that work down a bit.


Any hints greatly appreciated.

Thanks

Doug O'Leary
--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/d3b3ca4d-209b-412e-8f03-afe3dc8d5328%40googlegroups.com 
.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/577BC68D.2020306%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Inconsistent MCollective plugins across platforms?

[Peter Kristolaitis]

We're in the midst of upgrading from Puppet 3.8 to the latest PC1 
release, and I've found what seems to be inconsistent package behavior 
with MCollective plugins.


Background:  We have historically used 'mco puppet' and 'mco rpc puppet' 
to orchestrate multi-node application deployments.  We do basic system 
configuration using scheduled agent runs, but some resources are tagged 
such that they only run during our orchestrated deploys.  We run a mix 
of Windows and Linux (mostly Ubuntu, but recently we've had to support 
CentOS as well).


Getting the 'mco puppet' command is normally done by installing the 
mcollective-puppet-(agent|client) package.On CentOS, this works fine:


[root@pr01cw-sql01ny ~]# rpm -qa | grep puppetlabs-release
puppetlabs-release-pc1-1.0.0-2.el6.noarch
puppetlabs-release-6-12.noarch

[root@pr01cw-sql01ny ~]# yum install mcollective-puppet-agent
Loaded plugins: fastestmirror
Setting up Install Process
Loading mirror speeds from cached hostfile
 * base: mirror.trouble-free.net
 * extras: repo1.ash.innoscale.net
 * updates: mirror.solarvps.com
Resolving Dependencies
--> Running transaction check
---> Package mcollective-puppet-agent.noarch 0:1.11.0-1.el6 will be 
installed

--> Finished Dependency Resolution
...(snip)...
  Installing : mcollective-puppet-agent-1.11.0-1.el6.noarch 1/1
  Verifying  : mcollective-puppet-agent-1.11.0-1.el6.noarch 1/1

Installed:
  mcollective-puppet-agent.noarch 0:1.11.0-1.el6

Complete!

However, on Ubuntu:

root@pr00fc-pup01va:~# dpkg -l | grep puppetlabs-release
ii  puppetlabs-release 1.0-12 all  
"Package to install Puppet Labs gpg key and apt repo"
ii  puppetlabs-release-pc1 1.0.0-2trusty  
all  Release packages for the Puppet Labs PC1 repository


root@pr00fc-pup01va:~# aptitude install mcollective-puppet-client
The following NEW packages will be installed:
  libruby1.9.1{a} mcollective-common{a} mcollective-puppet-client 
mcollective-puppet-common{a} ruby{a} ruby-json{a} ruby-stomp{a} 
ruby1.9.1{a}

0 packages upgraded, 8 newly installed, 0 to remove and 0 not upgraded.
Need to get 240 kB/2,926 kB of archives. After unpacking 14.1 MB will be 
used.

The following packages have unmet dependencies:
 puppet-agent : Breaks: mcollective-common (< 3.0.0) but 
2.8.4-1puppetlabs1 is to be installed.

The following actions will resolve these dependencies:

 Remove the following packages:
1) puppet-agent
2) puppetserver

Accept this solution? [Y/n/q/?]

So it appears that the dependencies are expressed differently between 
the two platforms -- works on CentOS, breaks on Ubuntu.


Somewhat even more confusingly, Ubuntu has another package called 
'mcollective-plugins-puppetd' that appears to provide identical 
functionality (enable/disable/runonce/etc) that is not present on 
CentOS, and it is NOT compatible with the mcollective-puppet-* commands 
(i.e. issuing an 'mco puppetd' command from an mco client is ignored by 
an mco server that has the 'mco puppet' command available).


From what I've been able to tell,  mcollective plugins were in flux as 
part of the change to PC1, which is why you need to install both the PC1 
and legacy repositories to get some plugins.  But PC1 has been 
'released' for quite a while and I was kind of expecting these sorts of 
issues to be sorted out by now.


Is there a good solution to this?  I'm at the point where I'm thinking 
of just ripping the Ruby file(s) out of one of the packages and managing 
it with a file{} resource and ditching packages completely, but if 
there's a better way to do this, I'd like to hear about it.


And of course, there are no packages for mcollective plugins available 
for Windows at all, as far as I can tell.  But that's a whole other 
issue.  ;)


Thanks,

- Peter

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/577AAB47.9010702%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] puppet exec to test if pattern exist in file

[Peter Kristolaitis]

First of all, I will say that this is probably a sledgehammer approach 
to accomplishing your goal.  Many modern platforms have, in their 
default /etc/profile, support for /etc/profile.d/ that works like a 
run-parts for building the environment.  The Puppet Agent package 
installs its own $PATH entry in this way on both CentOS and Ubuntu. 
So you're probably better off managing a file in that location so that 
it gets auto-included by /etc/profile.


Secondly, your problem is variable interpolation.   Because you're using 
double quotes around the command and onlyif statments, Puppet is 
interpolating $PATH to be (probably) an empty string, rather than a 
literal "$PATH".  You need to either change to single quotes (and then 
adjust the quoting around your grep match string) or escape the $ with \$.


Finally, if you were to use the above solution, it's still a bit of a 
sledgehammer because you're not really modeling state.  The best 
solution would actually be to use something like Augeas to examine the 
file and modify as necessary.  "exec / onlyif" and "exec / unless" are 
kind of measures-of-last-resort in the Puppet world (now, having said 
that, I must admit that I'm completely guilty of using it myself on 
occasion  :p  ).



On 2016-06-29 12:19 PM, Andrew Morgan wrote:
I want to check if pattern exist in a file and then if it doesn;t echo 
 the pattern in the file.


class environment {

exec{'one_run':
path=>'/usr/bin',
command => "echo  'PATH=$PATH:/opt/logstash/bin' >> 
/etc/profile",
onlyif => "grep -qFx 'PATH=$PATH:/opt/logstash/bin' 
/etc/profile",

}
}

The above doesn't work,can anyone help with this please? I want to 
check if PATH=$PATH:/opt/logstash/bin' exists in /etc/profile and if 
not input it only once.

--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/1b36ab52-29ee-455f-8efb-8d647fbd6c9c%40googlegroups.com 
.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5773F8D6.7080703%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] common template instead of two

[Peter Kristolaitis]

On 2016-06-27 11:54 AM, Pearl Raj wrote:


Hi, While setting up persistant load balancer configuration in linux 
virtul server, I ended up with following two templates.


On the load balancer: In lvs/manifests/ifcfg-lo_lb.erb
DEVICE=eth1:lb
IPADDR=
NETMASK=255.255.255.0
ONBOOT=yes
NM_CONTROLLED=no
On the app servers: In lvs/manifests/ifcfg-eth1_lb.erb
DEVICE=lo:lb
IPADDR=
NETMASK=255.255.255.255
ONBOOT=yes


...(snip)...


Is it possible to use one common template instead of two with some 
conditional statements differentiating load balancer and app server?




Absolutely.  There are a couple ways.

Firstly, there's nothing stopping you from setting NM_CONTROLLED=yes ... 
so perhaps the obvious solution is to just define a variable that has 
either the value "yes" or "no" depending on the server's role and you 
fill the value into the template the same way you do with the IP 
address.   You will need to use this approach to template the device name.


The other option is to conditionally include the line.  All you need to 
do is define some variable (doesn't matter if it comes from Hiera or is 
a local variable inside your class) do something like this in your template:


<% if @is_load_balancer -%>
NM_CONTROLLED=no
<% end -%>

When @is_load_balancer evaluates to true, then the line gets included in 
the output.  If it evaluates to false, it gets excluded from the output.


Note the use of "-%>" instead of "%>" -- that prevents you from getting 
extra blank lines in the final output.  Also note the use of "<%" 
instead of "<%=" the "<%" syntax allows you to run any arbitrary 
Ruby code you want, whereas "<%=" outputs the value of a variable.


Because "<%" allows you to execute arbitrary Ruby code, you can not only 
do conditional logic as shown above, but also iteration and other fun 
things, for example:


<% @vhosts.each do |vhost| -%>
<%= vhost %>
<% end -%>

Which would take an array and output each element on its own line.

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/57715700.70404%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Working with hiera and debugging

[Peter Kristolaitis]

You may want to go back and re-read my previous message.

You're missing the very, very critical distinction that Hiera is not 
your node manifest.  Hiera is just data, and does not configure any 
resources for the agent to manage.   You still need to write your node 
manifest files.  Note that this differs from a class manifest.



On 6/27/2016 12:23 AM, Alex Samad wrote:

Hi

Okay, i do it a bit simpler :)

/etc/puppetlabs/puppet/hiera.yaml

i added

message: "This node is using global common data"

  sudo /opt/puppetlabs/bin/puppet agent --noop --verbose -t

didn't see the text message !




On 27 June 2016 at 13:14, Peter Kristolaitis <alte...@alter3d.ca> wrote:

It's important to keep in mind that Hiera is "just data".  You still need to
actually create the resources somehow in your manifest based on that data.

Thus, creating a data element called "classes" in Hiera isn't enough to
actually get those classes applied to the node.  You need to add
hiera_include('classes') in your manifest. More info here:
https://docs.puppet.com/hiera/3.1/puppet.html#assigning-classes-to-nodes-with-hiera-hierainclude

Having said that, until you get more experience with Puppet I would
recommend avoiding using Hiera to assign classes to nodes.  It can be harder
to debug and maintain, and breaks the rule of thumb that Hiera should only
contain configuration data and not class structure.  You may want to look
into the "roles and profiles" model instead.  There ARE valid reasons to
assign classes via Hiera (e.g. assigning a role to the node based on the
output of a custom Hiera backend) but this wouldn't be the approach I
recommend to a newbie.  :)


On 6/26/2016 8:41 PM, Alex Samad wrote:

Hi

Newbie - greenfield install . Centos 6.8 - PC1 puppet. Master puppet setup.

I have installed R10K and git and hiera.

I would like to group my nodes into groups

I'm doing some testing

testnode  - puppet client
masternode  - puppet master

On the master node I have


  cat /etc/puppetlabs/puppet/puppet.conf
# This file can be used to override the default puppet settings.
# See the following links for more details on what settings are available:
# -
https://docs.puppetlabs.com/puppet/latest/reference/config_important_settings.html
# -
https://docs.puppetlabs.com/puppet/latest/reference/config_about_settings.html
# -
https://docs.puppetlabs.com/puppet/latest/reference/config_file_main.html
# - https://docs.puppetlabs.com/puppet/latest/reference/configuration.html
[master]
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /etc/puppetlabs/code

# https://docs.puppet.com/puppetdb/4.1/connect_puppet_master.html
storeconfigs = true
storeconfigs_backend = puppetdb

reports = store,puppetdb


# https://docs.puppet.com/guides/external_nodes.html
node_terminus = exec
external_nodes = /usr/local/bin/puppet_node_classifier




I was use a node classifier at the top level to place nodes into
environments - but I am testing grouping nodes in to groups in 1 env/

all it produces is
---
environment: alex


for now


cat /etc/puppetlabs/puppet/hiera.yaml
# https://docs.puppet.com/hiera/3.1/configuring.html
---
:backends:
   - yaml
:hierarchy:
   - "nodes/%{::trusted.certname}"
   - common

:yaml:
# datadir is empty here, so hiera uses its defaults:
# - /etc/puppetlabs/code/environments/%{environment}/hieradata on *nix
# - %CommonAppData%\PuppetLabs\code\environments\%{environment}\hieradata on
Windows
# When specifying a datadir, make sure the directory exists.
   :datadir:



This is the default hiera setup


cat /etc/puppetlabs/code/environments/alex/hieradata/common.yaml
---
classes:
- profile::mypuppet

message: "This node is using common data"

#Puppet Server Tuning
puppet_enterprise::master::puppetserver::jruby_max_requests_per_instance: 0



cat
/etc/puppetlabs/code/environments/alex/site/profile/manifests/mypuppet.pp
class profile::mypuppet {

 package { 'puppet-agent' :
 ensure => 'present',
 }

 #include ::puppet_agent;

}



then i go to my test node

# for testing ..
sudo /opt/puppetlabs/bin/puppet agent --noop --verbose -t
Notice: Local environment: 'production' doesn't match server specified node
environment 'alex', switching agent to 'alex'.
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Applying configuration version
'ee80ea6b15178f517618992833a8bc3c7c378bd0'
Notice: Applied catalog in 0.04 seconds

I don't see any mention of mypuppet ??

Am i testing the system the right way ?
What am i doing wrong ?

Thanks
Alex







--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-use

Re: [Puppet Users] Working with hiera and debugging

[Peter Kristolaitis]

It's important to keep in mind that Hiera is "just data".  You still 
need to actually create the resources somehow in your manifest based on 
that data.


Thus, creating a data element called "classes" in Hiera isn't enough to 
actually get those classes applied to the node.  You need to add 
hiera_include('classes') in your manifest. More info here: 
https://docs.puppet.com/hiera/3.1/puppet.html#assigning-classes-to-nodes-with-hiera-hierainclude


Having said that, until you get more experience with Puppet I would 
recommend avoiding using Hiera to assign classes to nodes.  It can be 
harder to debug and maintain, and breaks the rule of thumb that Hiera 
should only contain configuration data and not class structure.  You may 
want to look into the "roles and profiles" model instead.  There ARE 
valid reasons to assign classes via Hiera (e.g. assigning a role to the 
node based on the output of a custom Hiera backend) but this wouldn't be 
the approach I recommend to a newbie. :)



On 6/26/2016 8:41 PM, Alex Samad wrote:

Hi

Newbie - greenfield install . Centos 6.8 - PC1 puppet. Master puppet 
setup.


I have installed R10K and git and hiera.

I would like to group my nodes into groups

I'm doing some testing

testnode  - puppet client
masternode  - puppet master

On the master node I have


 cat /etc/puppetlabs/puppet/puppet.conf
# This file can be used to override the default puppet settings.
# See the following links for more details on what settings are available:
# - 
https://docs.puppetlabs.com/puppet/latest/reference/config_important_settings.html
# - 
https://docs.puppetlabs.com/puppet/latest/reference/config_about_settings.html
# - 
https://docs.puppetlabs.com/puppet/latest/reference/config_file_main.html

# - https://docs.puppetlabs.com/puppet/latest/reference/configuration.html
[master]
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /etc/puppetlabs/code

# https://docs.puppet.com/puppetdb/4.1/connect_puppet_master.html
storeconfigs = true
storeconfigs_backend = puppetdb

reports = store,puppetdb


# https://docs.puppet.com/guides/external_nodes.html
node_terminus = exec
external_nodes = /usr/local/bin/puppet_node_classifier




I was use a node classifier at the top level to place nodes into 
environments - but I am testing grouping nodes in to groups in 1 env/


all it produces is
---
environment: alex


for now


cat /etc/puppetlabs/puppet/hiera.yaml
# https://docs.puppet.com/hiera/3.1/configuring.html
---
:backends:
  - yaml
:hierarchy:
  - "nodes/%{::trusted.certname}"
  - common

:yaml:
# datadir is empty here, so hiera uses its defaults:
# - /etc/puppetlabs/code/environments/%{environment}/hieradata on *nix
# - 
%CommonAppData%\PuppetLabs\code\environments\%{environment}\hieradata 
on Windows

# When specifying a datadir, make sure the directory exists.
  :datadir:



This is the default hiera setup


cat /etc/puppetlabs/code/environments/alex/hieradata/common.yaml
---
classes:
   - profile::mypuppet

message: "This node is using common data"

#Puppet Server Tuning
puppet_enterprise::master::puppetserver::jruby_max_requests_per_instance: 
0




cat 
/etc/puppetlabs/code/environments/alex/site/profile/manifests/mypuppet.pp

class profile::mypuppet {

package { 'puppet-agent' :
ensure => 'present',
}

#include ::puppet_agent;

}



then i go to my test node

# for testing ..
sudo /opt/puppetlabs/bin/puppet agent --noop --verbose -t
Notice: Local environment: 'production' doesn't match server specified 
node environment 'alex', switching agent to 'alex'.

Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Applying configuration version 
'ee80ea6b15178f517618992833a8bc3c7c378bd0'

Notice: Applied catalog in 0.04 seconds

I don't see any mention of mypuppet ??

Am i testing the system the right way ?
What am i doing wrong ?

Thanks
Alex







--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/a7bb4a4b-d61b-4db0-bdff-57030d75cb51%40googlegroups.com 
.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 

Re: [Puppet Users] change order of elements

[Peter Kristolaitis]

On 2016-06-20 01:16 PM, Helmut Schneider wrote:

Peter Kristolaitis wrote:


How can I ensure that mpm_* is always the first element in the
array?

Assuming you're trying to solve the problem I think you're trying to
solve (i.e. to have Apache with the correct process model installed
before any additional modules), it's important to note that
reordering the array doesn't guarantee that.  The order in which
Puppet applies resources is non-deterministic unless you have
explicit ordering.

You're probably better off solving this problem in a different way;
for example by creating a new data element (e.g.
profiles::webserver::apache::process_model), and then specifying
explicit ordering between the process_model package and the modules
packages.

I'm using puppetlabs/apache to install apache. I already created 4
classes, apache24::install, apache24::modules, apache24::default_hosts
and apache::config to ensure the ordering of the installation process.

apache24::install includes apache{}, where I define "mpm_module =>
false," to be able to provide my own mpm_ module.

Then I call apache24::modules to install the appropriate mpm_ and other
modules.




Why wouldn't you just set a value for apache::mpm_module?  You're trying 
to re-implement functionality that's already handled by the apache 
module (and has been tested by a bunch of other people).


From a higher-level logical model perspective, this makes more sense -- 
installing an MPM is part of the basic installation of Apache (you must 
have exactly one MPM configured for the system to do anything useful), 
so it belongs in the module that does "install Apache".


Even though technically MPM is implemented as modules on the vast 
majority of systems, it's a very different kind of module than, say, 
mod_rewrite, and should be treated differently.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/57682FF2.6050803%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] change order of elements

[Peter Kristolaitis]

Assuming you're trying to solve the problem I think you're trying to 
solve (i.e. to have Apache with the correct process model installed 
before any additional modules), it's important to note that reordering 
the array doesn't guarantee that.  The order in which Puppet applies 
resources is non-deterministic unless you have explicit ordering.


You're probably better off solving this problem in a different way;  for 
example by creating a new data element (e.g. 
profiles::webserver::apache::process_model), and then specifying 
explicit ordering between the process_model package and the modules 
packages.


This also gives you the added advantage that it becomes impossible to 
have multiple process models listed for a given node, assuming that you 
make the new data element a string rather than an array (since it will 
get overridden instead of merged).


If my understanding of your problem is incorrect, perhaps you could 
describe the problem you're trying to solve.  Relying on the order of 
array elements is probably a poor approach in the Puppet model, so there 
might be a different way to solve the problem.



On 6/19/2016 8:12 AM, Helmut Schneider wrote:

Hi,

Given the following structure:

hiera.yaml:
[...]
:hierarchy:
   - nodes/%{::fqdn}
[...]
   - common
:merge_behavior: deeper

common.yaml:
[...]
profiles:
   webserver:
 apache:
   modules:
 - auth_kerb
 - authnz_ldap
 - cgid
 - status

host.yaml:
profiles:
   webserver:
 apache:
   modules:
 - mpm_event
 - php
 - ssl

hiera_hash ('profiles')['webserver']['apache']['modules'] returns the
following array:

[auth_kerb, authnz_ldap, cgid, status, mpm_event, headers, proxy,
proxy_http, rewrite, ssl]

mpm_event may also be mpm_prefork and mpm_worker.

How can I ensure that mpm_* is always the first element in the array?

Thank you



--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/d6a80f01-015e-688c-b2ee-3c2ef66f3c67%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Upgraded Puppet server from 3.8 to 4.5 and Hiera stopped working

[Peter Kristolaitis]

With the change to "split environments by default", you need to provide 
the environment name on the command line:


[root@sh00cw-pup01ny hieradata]# hiera profiles::packages::centos
nil
[root@sh00cw-pup01ny hieradata]# hiera profiles::packages::centos 
environment=production

["bind-utils", "curl", "nmap", "tcpdump", "unzip", "wget"]

This is done automatically by the Puppet server when compiling the 
manifest, but you need to do it manually on the command line.



On 2016-06-13 12:37 PM, Bret Wortman wrote:
Oh, and my hiera version is now 3.0.6. We lag a bit behind on our 
development & production networks



On Monday, June 13, 2016 at 12:37:03 PM UTC-4, Bret Wortman wrote:

That got me past the error, but I still am getting "nil" no matter
what I ask for.

And I've looked -- the keys I'm querying for are defined, at a
minimum, in
/etc/puppetlabs/code/environments/production/hieradata/common.yaml.


On Monday, June 13, 2016 at 12:06:56 PM UTC-4, Peter Kristolaitis
wrote:

I suspect your hiera install is confused because you have both
the puppet-agent and hiera packages installed.   Hiera now
ships as part of the puppet-agent package and gets installed
as /opt/puppetlabs/bin/hiera; there is no separate hiera
package.  Hiera 1.3.4 is also quite old -- on a box with
puppet-agent v1.5.1 installed, 'hiera -v' gives me version 3.2.0.

You probably need to get rid of the hiera package and make
sure that you're using the new version provided by puppet-agent.


On 2016-06-13 11:54 AM, Bret Wortman wrote:

This morning, I upgraded to Puppet 4 using the PC1 repository
and even through I have the puppet server running, the Hiera
files we rely heavily on aren't being seen. I'm getting false
values for everything which really screwed up some of the
boxes I was testing with.

# hiera -c /etc/puppetlabs/code/hiera.yaml
localtime::timezone -y test.yaml
Could not load YAML scope: LoadError: cannot load such file
-- puppet
# cat /etc/puppetlabs/code/hiera.yaml
---
:backends:
  - yaml

:yaml:
:datadir:
"/etc/puppetlabs/code/environments/${::environment}/hieradata"

:hierarchy:
  - "%{::hostname}"
  - "%{::sitename}"
  - common

# ls
/etc/puppetlabs/code/environments/production/hieradata/common.yaml
/etc/puppetlabs/code/environments/production/hieradata/common.yaml
# cat test.yaml
---
"::hostname": testws
"::sitename": hq
# rpm -qa | grep hiera
hiera-1.3.4-5.el7.noarch
# rpm -qa | grep puppet
puppetdb-3.2.2-1.el7.noarch
puppetserver-2.2.1-1.el7.noarch
puppet-agent-1.3.5-1.el7.x86_64
#

All the files under environments/production/hieradata used to
reside under /etc/puppet/environments/production/data, but
were moved & renamed to accomodate the upgrade. And promptly
stopped working.

Where should I be looking? Do I still need to have the
"puppet" rpm installed?


Bret
-- 
You received this message because you are subscribed to the

Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from
it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit

https://groups.google.com/d/msgid/puppet-users/63b7a931-d52c-4c1a-822d-f9000e87507f%40googlegroups.com

<https://groups.google.com/d/msgid/puppet-users/63b7a931-d52c-4c1a-822d-f9000e87507f%40googlegroups.com>.
For more options, visit https://groups.google.com/d/optout
<https://groups.google.com/d/optout>.


--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
<mailto:puppet-users+unsubscr...@googlegroups.com>.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/25b411ce-855e-4fd2-8d7f-4a724cb25ea5%40googlegroups.com 
<https://groups.google.com/d/msgid/puppet-users/25b411ce-855e-4fd2-8d7f-4a724cb25ea5%40googlegroups.com?utm_medium=email_source=footer>.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/575EE5A5.7070905%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Upgraded Puppet server from 3.8 to 4.5 and Hiera stopped working

[Peter Kristolaitis]

I suspect your hiera install is confused because you have both the 
puppet-agent and hiera packages installed.   Hiera now ships as part of 
the puppet-agent package and gets installed as 
/opt/puppetlabs/bin/hiera; there is no separate hiera package. Hiera 
1.3.4 is also quite old -- on a box with puppet-agent v1.5.1 installed, 
'hiera -v' gives me version 3.2.0.


You probably need to get rid of the hiera package and make sure that 
you're using the new version provided by puppet-agent.



On 2016-06-13 11:54 AM, Bret Wortman wrote:
This morning, I upgraded to Puppet 4 using the PC1 repository and even 
through I have the puppet server running, the Hiera files we rely 
heavily on aren't being seen. I'm getting false values for everything 
which really screwed up some of the boxes I was testing with.


# hiera -c /etc/puppetlabs/code/hiera.yaml localtime::timezone -y 
test.yaml

Could not load YAML scope: LoadError: cannot load such file -- puppet
# cat /etc/puppetlabs/code/hiera.yaml
---
:backends:
  - yaml

:yaml:
  :datadir: "/etc/puppetlabs/code/environments/${::environment}/hieradata"

:hierarchy:
  - "%{::hostname}"
  - "%{::sitename}"
  - common

# ls /etc/puppetlabs/code/environments/production/hieradata/common.yaml
/etc/puppetlabs/code/environments/production/hieradata/common.yaml
# cat test.yaml
---
"::hostname": testws
"::sitename": hq
# rpm -qa | grep hiera
hiera-1.3.4-5.el7.noarch
# rpm -qa | grep puppet
puppetdb-3.2.2-1.el7.noarch
puppetserver-2.2.1-1.el7.noarch
puppet-agent-1.3.5-1.el7.x86_64
#

All the files under environments/production/hieradata used to reside 
under /etc/puppet/environments/production/data, but were moved & 
renamed to accomodate the upgrade. And promptly stopped working.


Where should I be looking? Do I still need to have the "puppet" rpm 
installed?



Bret
--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/63b7a931-d52c-4c1a-822d-f9000e87507f%40googlegroups.com 
.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/575EDA16.9030404%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] function that returns parameters from a webservice

[Peter Kristolaitis]

You can write custom functions[1], but I don't think they can return a 
hash -- only a single value.  This functionality is designed for things 
like calculating password hashes, etc, not generalized data lookup.  
This is probably also completely the wrong approach, in the Puppet 
model, if your goal is to parameterize entire classes.


A much better solution is to keep Hiera, but write a custom backend[2] 
to integrate the data returned by your API into Hiera's structure.  This 
keeps all the benefits of Hiera while also giving you back-end flexibility.


[1] https://docs.puppet.com/guides/custom_functions.html
[2] https://docs.puppet.com/hiera/3.1/custom_backends.html


On 2016-06-10 11:53 AM, Pearl Raj wrote:
I am trying to write a module containing a function that returns 
parameters from a webservice 
- http://localhost:5000/app/api/nodes/node_id. This function should 
return a hash of configuration settings specific to that host. How do 
I do this? I am using puppet 3.0.


pseudo code is as follows

new module.pp

function get_config_from_host(host_id):
call http://localhost:5000/app/api/nodes/node_id and get the 
config hash of host_id

return config hash

I am new to puppet, so confused whether it is possible to do this in 
puppet


[Purpose of this exercise is to replace hiera]
--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/dc8258ac-59f6-4aa0-b3fa-1c989e39fee6%40googlegroups.com 
.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/575AEDF8.2040404%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Hiera Hash Merge Issues

[Peter Kristolaitis]

Did you install the deep_merge gem when using the deeper merge option?  
The gem is required when using deep or deeper merging.



On 2016-06-03 02:38 PM, Leonard Smith wrote:

I've been trying to track down a problem with hiera_hash not merging.

puppet-3.8.6-1.el7
hiera-1.3.4-1.el7

## hiera.yaml
:hierarchy:
  - test
  - common

## test.yaml
---
rabbitmq_profile::vhosts:
  'test' :
ensure: present

## common.yaml
---
rabbitmq_profile::vhosts:
  '/' :
ensure: present

## rabbitmq_profile.pp

class rabbitmq_profile (

$vhosts = hiera_hash('rabbitmq_profile::vhosts',{})

) {

  notify { "<>$vhosts": }
  create_resources(rabbitmq_vhost, $vhosts )
}

## END


When I apply the manifest it creates the vhost specified in test.yaml 
but not the one in comon.yaml. I expected it to merge the has from 
both yamls and create the '/' and 'test' vhosts.


 If I remove test from hiera.yaml it creates the '/' vhost fine. I've 
tried setting the merge_behavior explicitly to native, deep and 
deeper, but I still see the behavior where it picks up the hash form 
the first yaml file it encounters and ignores the rest.



--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/9073d972-61d4-4454-bf0a-8dad4f889062%40googlegroups.com 
.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5751D0C8.2030806%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Erb template

[Peter Kristolaitis]

I can't see how this would work at all, given that templates are filled 
out by the Puppet master and sent to the client.  Even if you used "pure 
Ruby" inside the ERB to process another ERB file, the Puppet master 
would have no way to know that it's supposed to pick up that other file 
and include it in the node's catalog.


This is almost certainly required to be handled in Puppet code with 
explicit resources, probably through one or more abstraction classes.


- Peter


On 5/3/2016 2:35 AM, Lowe Schmidt wrote:
It is probably better two generate the child*.conf from your puppet 
code rather than having an erb template generate another file (I am 
not even sure that works).


What version of puppet are you running and could you show us some code?

--
Lowe Schmidt | +46 723 867 157

On 2 May 2016 at 15:53, Manoj Muraleedharan > wrote:


I have two erb template, one for main config file and another for
child process config file. I need to want to create config file
for 3 child process config file inside main erb template by
calling another erb template inside. these 3 config files has to
be three different name.

I need the following config file create in my puppet agent
/etc/app/main.conf
/etc/app/child1.conf
/etc/app/child2.conf
/etc/app/child3.conf

I have two erb file in my modeule main.erb and child.erb

I want to call only the main.erb and when processing main.erb i
need to create the above child.conf file based on child.erb
-- 
You received this message because you are subscribed to the Google

Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to puppet-users+unsubscr...@googlegroups.com
.
To view this discussion on the web visit

https://groups.google.com/d/msgid/puppet-users/8d13593d-3117-44bf-9132-e4d4e084341b%40googlegroups.com

.
For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC-wWcTqZazBzEM3H88j%2Bb3ZqmCD95_%2B9bMGwq%3Dv5%2B1cSYQXGw%40mail.gmail.com 
.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/7f3c7aa7-d8cd-fde7-3a23-5aff6b9084c5%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] IS it possible to generate dynamically the configuration of a node ?

[Peter Kristolaitis]

This is exactly what an ENC is for: 
https://docs.puppetlabs.com/guides/external_nodes.html



On 3/2/2016 4:56 PM, Martin Rodriguez wrote:

Hi,

I'm new to puppet and a java developer.

I'm looking for a way to force the puppet server to connect to my java 
app to get the configuration of a node ?


If it is possible, could you please give an example of the code like a 
hello world.


I just simply want to generate file type configs dynamically 
(configuration inside database) without to write directly the sites.pp 
file.


Thanks a lot for your help.


--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/47676c1a-6302-4936-8d26-938e9177d4fb%40googlegroups.com 
.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56D76749.3030502%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Monitoring file system and cleanup with puppet

[Peter Kristolaitis]

Puppet is not a monitoring tool, it's a configuration tool.

It can do some things that might, at first glance, look like monitoring 
(i.e. check current system state), but this is only as a side effect of 
that information being necessary to confirm that the configuration is 
correct.




On 02/17/2016 09:33 AM, moonsun1...@gmail.com wrote:
Please let me know what all the things we can monitor with puppet. 
Other than automation of deployments.



Thanks,


On Wednesday, February 17, 2016 at 8:22:52 AM UTC-5, Lowe Schmidt wrote:

No, and you should probably not use Puppet to try and solve that
kind of problem.

You could probably write a script and run it from cron if you need
a quick ad hoc solution.

-- 
Lowe Schmidt | +46 723 867 157


On 17 February 2016 at 02:35, 
wrote:

Hi All,

Is there any way we can monitor the file system (disk usage
percentage) and if it cross >90% run a particular script to
purge it without using nagios in puppet?



Thanks,

-- 
You received this message because you are subscribed to the

Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from
it, send an email to puppet-users...@googlegroups.com
.
To view this discussion on the web visit

https://groups.google.com/d/msgid/puppet-users/128d712f-fad5-4eb7-86f9-89c9f3e64c79%40googlegroups.com

.
For more options, visit https://groups.google.com/d/optout
.


--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/3abe4799-eb99-4dad-833e-ef9605e07558%40googlegroups.com 
.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56C49913.7040709%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Implement custom resource parent/child relationship

[Peter Kristolaitis]

Why not just use arrays for the parent attribute?

|project {'Z':
ensure=>present,
  parent =>[ 'B', 'C' ],
  inherit =>false,
}
|

On 01/12/2016 12:17 PM, Quaternaire wrote:

Hi,

I am creating a Module for Mantis Bug Tracker (an issue tracker, 
https://www.mantisbt.org/), and I need to create new resource types 
for Project and User.


The idea is to have Projects which can inherit from other Projects. 
Each Project can have multiple parent and/or childs, such as:


|
ProjectA
>ProjectB
>>ProjectZ
>ProjectC
>>ProjectZ
|



Where B an C are child of A, and Z is child of both B and C.
Also, project inheritance is parameterized (such a whether a child 
inherit parent properties).


I have no issue implementing the types and providers themselves, it is 
more with the end-user usage. Lets say I want to write a manifest 
representing the example above. The first soluton that comes in mind 
could be:


|
project {'A':
ensure=>present,
}

project {'B':
ensure=>present,
  parent =>'A',
  inherit =>true,
}

project {'C':
ensure=>present,
  parent =>'A',
  inherit =>false,
}

project {'Z':
ensure=>present,
  parent =>'B',
  inherit =>false,
}
# Crap, how can Z have multiple parents?
# Same problem if we use something like "child => 'B'" on A, how could 
A have multiple children?

|


... which is not viable.

Another solution could be:
|
project {'A':
ensure=>present,
}

project {'B':
ensure=>present,
}

project {'C':
ensure=>present,
}

hierarchy {'A>B':
  child =>'B',
  parent =>'A',
  inherit =>true,
}

hierarchy {'B>Z':
  child =>'Z',
  parent =>'B',
  inherit =>false,
}

hierarchy {'C>Z':
  child =>'Z',
  parent =>'C',
  inherit =>true,
}
|



This way it works fine, but it is quite cumbersome to write and maintain.

So another way would be using hashes to define children (of parents):
|

project {'A':
ensure=>present,
  child =>{
name =>'B',
inherit =>true,
}
}

project {'B':
ensure=>present,
  child =>{
name =>'Z',
inherit =>false,
}# We may add more child in this hash...
}

project {'C':
ensure=>present,
  child =>{
name =>'Z',
inherit =>true,
}# We may add more child in this hash...
}
|



Which also works fine, is easier to read, but does it respects Puppet 
conventions? Users will be able to define whatever they want in these 
hashes, and the Puppet mechanism of param/property linked to methods 
would be broken.


What do you think would be the best possibility? Having a Project type 
and using a Hierarchy type to link it together, granting the 
possibility to use hashes, or another solution?


A final note: a similar problem is posed for users. How can we define 
a user resource, and manage user specific parameters for each 
projects? I think answering for projects will solve it for users.


Thanks by advance for your ideas or advices!
--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/c0de16c7-4e56-4dae-a123-058651acc22e%40googlegroups.com 
.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/569539E1.7010804%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] puppet cert list yields no certs

[Peter Kristolaitis]

'puppet cert list' only shows unsigned certs.

'puppet cert list --all' will show all certs.


On 1/7/2016 6:17 PM, Matt Zagrabelny wrote:

Greetings,

I am attempting to get a puppet 3.7 install off the ground. Please
don't ask me to upgrade to 4.X series. :)

On the puppet master (puppet-3-7.example.net):
# puppet master --no-daemonize --debug
[...]
Info: Not Found: Could not find certificate puppet-client.example.net
Debug: Routes Registered:
Debug: Route /^\/v2\.0/
Debug: Route /.*/
Debug: Evaluating match for Route /^\/v2\.0/
Debug: Did not match path ("/production/certificate/puppet-client.example.net")
Debug: Evaluating match for Route /.*/
Info: Not Found: Could not find certificate puppet-client.example.net

On the puppet client:
# puppet agent -t --server puppet-3-7 --debug
[...]
Debug: /File[/var/lib/puppet/ssl/private_keys/puppet-client.example.net.pem]:
Autorequiring File[/var/lib/puppet/ssl/private_keys]
Debug: /File[/var/lib/puppet/ssl/public_keys/puppet-client.example.net.pem]:
Autorequiring File[/var/lib/puppet/ssl/public_keys]
Debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring
File[/var/lib/puppet/ssl/certs]
Debug: /File[/var/lib/puppet/facts.d]: Autorequiring File[/var/lib/puppet]
Debug: Finishing transaction 10544780
Debug: Using cached certificate for ca
Debug: Using cached certificate for ca
Debug: Creating new connection for https://puppet-3-7:8140
Debug: Using cached certificate_request for puppet-client.example.net
Debug: Using cached certificate for ca
Debug: Creating new connection for https://puppet-3-7:8140
Debug: Creating new connection for https://puppet-3-7:8140
Debug: Using cached certificate_request for puppet-client.example.net
Debug: Using cached certificate for ca
Debug: Creating new connection for https://puppet-3-7:8140
Debug: Using cached certificate for ca
Debug: Creating new connection for https://puppet-3-7:8140
Exiting; no certificate found and waitforcert is disabled

Then on the master:
# puppet cert list
#

I have a 2.7 puppet environment that works very well and I am well
accustomed to dealing with the certs.

The auth.conf file looks okay, too:

# allow nodes to request a new certificate
path /certificate_request
auth any
method find, save
allow *

Can anyone help interpret the debug messages above? Or point me in the
correct direction?

Thanks!

-m



--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/568EF4A3.4020607%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] puppet cert list yields no certs

[Peter Kristolaitis]

Apparently I was a little too quick on the send button.  :(

To continue my previous email:

Does 'puppet cert list --all' show any certs at all?

From looking at your debug output, I suspect it won't show the client 
cert you're looking for, but I just want to make sure.



On 1/7/2016 6:28 PM, Peter Kristolaitis wrote:

'puppet cert list' only shows unsigned certs.

'puppet cert list --all' will show all certs.


On 1/7/2016 6:17 PM, Matt Zagrabelny wrote:

Greetings,

I am attempting to get a puppet 3.7 install off the ground. Please
don't ask me to upgrade to 4.X series. :)

On the puppet master (puppet-3-7.example.net):
# puppet master --no-daemonize --debug
[...]
Info: Not Found: Could not find certificate puppet-client.example.net
Debug: Routes Registered:
Debug: Route /^\/v2\.0/
Debug: Route /.*/
Debug: Evaluating match for Route /^\/v2\.0/
Debug: Did not match path 
("/production/certificate/puppet-client.example.net")

Debug: Evaluating match for Route /.*/
Info: Not Found: Could not find certificate puppet-client.example.net

On the puppet client:
# puppet agent -t --server puppet-3-7 --debug
[...]
Debug: 
/File[/var/lib/puppet/ssl/private_keys/puppet-client.example.net.pem]:

Autorequiring File[/var/lib/puppet/ssl/private_keys]
Debug: 
/File[/var/lib/puppet/ssl/public_keys/puppet-client.example.net.pem]:

Autorequiring File[/var/lib/puppet/ssl/public_keys]
Debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring
File[/var/lib/puppet/ssl/certs]
Debug: /File[/var/lib/puppet/facts.d]: Autorequiring 
File[/var/lib/puppet]

Debug: Finishing transaction 10544780
Debug: Using cached certificate for ca
Debug: Using cached certificate for ca
Debug: Creating new connection for https://puppet-3-7:8140
Debug: Using cached certificate_request for puppet-client.example.net
Debug: Using cached certificate for ca
Debug: Creating new connection for https://puppet-3-7:8140
Debug: Creating new connection for https://puppet-3-7:8140
Debug: Using cached certificate_request for puppet-client.example.net
Debug: Using cached certificate for ca
Debug: Creating new connection for https://puppet-3-7:8140
Debug: Using cached certificate for ca
Debug: Creating new connection for https://puppet-3-7:8140
Exiting; no certificate found and waitforcert is disabled

Then on the master:
# puppet cert list
#

I have a 2.7 puppet environment that works very well and I am well
accustomed to dealing with the certs.

The auth.conf file looks okay, too:

# allow nodes to request a new certificate
path /certificate_request
auth any
method find, save
allow *

Can anyone help interpret the debug messages above? Or point me in the
correct direction?

Thanks!

-m





--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/568EF62B.5020006%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] random hex string in erb template

[Peter Kristolaitis]

<% range = [*'0'..'9',*'A'..'Z',*'a'..'z'] -%>
<%= Array.new(7){range.sample}.join + "-" + 
Array.new(3){range.sample}.join %>


The "<% range ... -%>" can be anywhere in your template as long as it's 
before where you generate the random value.  I usually put stuff like 
that near the top of the template.  If you're generating multiple random 
values you only need to specify it once.



On 11/25/2015 09:48 AM, tobias.ko...@gmail.com wrote:

I want to create a random hex string in the format

|
041f798-a5f
|
/
/inclusive the dash in a XML file.

I have tried using a self written shell script which generates the 
string with


|
<%=exec('/var/somedir/somescript')%>
|

in the template. That unfortunately didn't work.

I suspect I have to write a small embedded ruby template / code 
snipplet to generate this structure but after some web search I still 
have no idea how to do that in Embedded Ruby. Does somebody have a 
short erb suggestion?





--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/17c87311-bf8c-4aba-98ed-af30f62e3aca%40googlegroups.com 
.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5655D56A.3040803%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] random hex string in erb template

[Peter Kristolaitis]

Just realized my code is slightly wrong for you since you wanted hex 
values rather than alphanumeric string.


The first line should be:

<% range = [*'0'..'9',*'a'..'f'] -%>



On 11/25/2015 10:36 AM, Peter Kristolaitis wrote:

<% range = [*'0'..'9',*'A'..'Z',*'a'..'z'] -%>
<%= Array.new(7){range.sample}.join + "-" + 
Array.new(3){range.sample}.join %>


The "<% range ... -%>" can be anywhere in your template as long as 
it's before where you generate the random value.  I usually put stuff 
like that near the top of the template.  If you're generating multiple 
random values you only need to specify it once.



On 11/25/2015 09:48 AM, tobias.ko...@gmail.com wrote:

I want to create a random hex string in the format

|
041f798-a5f
|
/
/inclusive the dash in a XML file.

I have tried using a self written shell script which generates the 
string with


|
<%=exec('/var/somedir/somescript')%>
|

in the template. That unfortunately didn't work.

I suspect I have to write a small embedded ruby template / code 
snipplet to generate this structure but after some web search I still 
have no idea how to do that in Embedded Ruby. Does somebody have a 
short erb suggestion?





--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, 
send an email to puppet-users+unsubscr...@googlegroups.com 
<mailto:puppet-users+unsubscr...@googlegroups.com>.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/17c87311-bf8c-4aba-98ed-af30f62e3aca%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
<mailto:puppet-users+unsubscr...@googlegroups.com>.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5655D56A.3040803%40alter3d.ca 
<https://groups.google.com/d/msgid/puppet-users/5655D56A.3040803%40alter3d.ca?utm_medium=email_source=footer>.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5655D60C.9090403%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] using ip range in default.pp

[Peter Kristolaitis]

You have an extra octet in the regex.

That regex would match  "10.0.167.xx.yyy".  Take out the "0\." after the 
"10\.".



On 11/23/2015 05:08 PM, sahara...@gmail.com wrote:



 if $::ipaddress =~ /^10\.0\.167\.\d{1,2}\.\d{1,3}$/ {
include user::groups
include user::sysadmin


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56548E40.6050004%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet 3.8.1 on Windows 7 x64 SP1 error with file resource

[Peter Kristolaitis]

I don't use user/group/mode in any of my File resources on Windows 
boxes.  Definitely not a required parameter.


If you need to tweak permissions, you should be using the puppetlabs-acl 
module instead.


- Peter


On 09/23/2015 02:43 PM, jmp242 wrote:
I cannot test this easily as it seems to only happen when the puppet 
service runs. It does not happen when run interactively as an 
administrator. Once an administrator does a 'puppet agent -t' the 
issue does not recur for some time, perhaps until the computer reboots 
for Windows Updates. Here is the simple example file


|
file {'chocolatey.config':
path =>"C:/ProgramData/chocolatey/config/chocolatey.config",
content =>template('yum/chocolatey.config.erb'),
owner =>'SYSTEM',
group=>'Administrators',
mode =>'0775',
ensure=>present,
}
|

I do not get this issue with other files, but most Windows computers 
end up logging:
Failed to set group to 'S-1-5-32-544': Failed to initialize ACL: The 
parameter is incorrect.


Would using a different group help? Changing mode to 775 instead of 
'0775'?


I have been suggested before I ought to use a different method, but 
then how do I actually deploy the file? From my understanding, I HAVE 
to provide owner, group and mode on Windows for the file to be 
deployed. Is this no longer the case?

--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/7dccbdd1-013e-4921-86c1-6350dcb35321%40googlegroups.com 
.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5602F41A.2050201%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet Windows Automation

[Peter Kristolaitis]

We solve this issue by doing (kind of ugly) stuff like this in our modules:

unless  =  'if ( ! ( Get-Service mcollectived ) ) { exit 1 }',

If you don't like that syntax, you may be able to use the $? or 
$LastExitCode variables that get set by PowerShell (I haven't tested 
this, however).  Both of those have non-obvious gotchas.  A good writeup 
on error handling in PS (not Puppet-specific) is here: 
http://blogs.technet.com/b/heyscriptingguy/archive/2011/05/12/powershell-error-handling-and-why-you-should-care.aspx


- Peter


On 08/27/2015 08:38 AM, Thomas Bartlett wrote:

Hi Guys,

So I've been working with puppet on windows and I think my approach is 
all wrong. I've been using the puppetlabs/powershell module to run 
commands, however I'm having difficulty with exit codes. Primarily 
puppet expects exit codes to denote success/failure, whereas 
powershell is returning objects (and giving a 0 exit code regardless 
of result).


I'm automating the install of old bits of software, so getting 
meaningful answers out of the installers is pretty difficult, this 
means that the scripts are a bit ugly and not very idempotent. 
Typically I have to check a log file to find out if the install 
actually worked.


Are there any examples out there of windows puppet automation that 
makes heavy use of the powershell module?


Cheers,

Tom
--
You received this message because you are subscribed to the Google 
Groups Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
mailto:puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/7b4f140b-05fd-4477-b8bc-62e14f54da70%40googlegroups.com 
https://groups.google.com/d/msgid/puppet-users/7b4f140b-05fd-4477-b8bc-62e14f54da70%40googlegroups.com?utm_medium=emailutm_source=footer.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/55DF1E29.40409%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet Windows Automation

[Peter Kristolaitis]

PowerShell is largely based on the syntax of the ksh shell, so most 
constructs that work in ksh will work in PS as well.


In this case:

$FOO=(hostname)

That will interpolate anywhere, not just during variable assignment, so 
you can do stuff like:


Some-CmdLet -Host (hostname)

If you're familiar with the use of backticks in bash the mechanism is 
exactly the same, just different syntax.



On 08/27/2015 12:06 PM, Thomas Bartlett wrote:
Nice one, I'll give that a go. You don't happen to know how I can set 
a variable to equal the result of a powershell command do you? I need 
to use the hostname of the machine as a parameter for another command. 
At the minute I'm using hard-coding which is obviously a cardinal sin.


On Thursday, 27 August 2015 15:27:04 UTC+1, Peter Kristolaitis wrote:

We solve this issue by doing (kind of ugly) stuff like this in our
modules:

unless  =  'if ( ! ( Get-Service mcollectived ) ) { exit 1 }',

If you don't like that syntax, you may be able to use the $? or
$LastExitCode variables that get set by PowerShell (I haven't
tested this, however).  Both of those have non-obvious gotchas.  A
good writeup on error handling in PS (not Puppet-specific) is
here:

http://blogs.technet.com/b/heyscriptingguy/archive/2011/05/12/powershell-error-handling-and-why-you-should-care.aspx

http://blogs.technet.com/b/heyscriptingguy/archive/2011/05/12/powershell-error-handling-and-why-you-should-care.aspx

- Peter


On 08/27/2015 08:38 AM, Thomas Bartlett wrote:

Hi Guys,

So I've been working with puppet on windows and I think my
approach is all wrong. I've been using the puppetlabs/powershell
module to run commands, however I'm having difficulty with exit
codes. Primarily puppet expects exit codes to denote
success/failure, whereas powershell is returning objects (and
giving a 0 exit code regardless of result).

I'm automating the install of old bits of software, so getting
meaningful answers out of the installers is pretty difficult,
this means that the scripts are a bit ugly and not very
idempotent. Typically I have to check a log file to find out if
the install actually worked.

Are there any examples out there of windows puppet automation
that makes heavy use of the powershell module?

Cheers,

Tom
-- 
You received this message because you are subscribed to the

Google Groups Puppet Users group.
To unsubscribe from this group and stop receiving emails from it,
send an email to puppet-users...@googlegroups.com javascript:.
To view this discussion on the web visit

https://groups.google.com/d/msgid/puppet-users/7b4f140b-05fd-4477-b8bc-62e14f54da70%40googlegroups.com

https://groups.google.com/d/msgid/puppet-users/7b4f140b-05fd-4477-b8bc-62e14f54da70%40googlegroups.com?utm_medium=emailutm_source=footer.
For more options, visit https://groups.google.com/d/optout
https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google 
Groups Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
mailto:puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/4b7bba85-c64c-4ff1-abe0-ef8b9ec56590%40googlegroups.com 
https://groups.google.com/d/msgid/puppet-users/4b7bba85-c64c-4ff1-abe0-ef8b9ec56590%40googlegroups.com?utm_medium=emailutm_source=footer.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/55DF38C0.20208%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Passing data between hosts

[Peter Kristolaitis]

One possible solution is to have your ENC do a discovery for the 
slaves/masters and build the list dynamically.   There are a few 
possible ways that you could do that;  the 2 approaches I would look at 
first would be:


- Use 'mco find' to list all the currently-online nodes, or
- Examine the list of certs issued by Puppet and parse the certificate names

If you're running mcollective, the 'mco find' option might be preferable 
because it represents current state -- that is, here is a list of 
nodes that are online right now that you can talk to.   If a node goes 
offline, it gets removed from the list for all the other nodes on their 
next agent run, and it would get re-added when it comes back online.   
That may or may not be desired behaviour in your environment, however.


The main downside to examining the cert list is that unless you're 
conscientious about removing certs for decommissioned hosts, it may not 
be accurate.


- Peter


On 8/6/2015 8:23 PM, Matthew Ceroni wrote:

Scenario:

Managing DNS via Puppet. On the master I need to be aware of slave NS 
servers so that the NS record can be put into the zone file.


Creating a zone you supply an array with the name of all the name 
servers. Hard coding this into a hiera file (as an example) doesn't 
scale well as new servers come online.


Also, on the slaves I need to be aware of the masters to allow for 
zone transfer (again this is passed in via an array to the class that 
create the zone).


Is there a way I can pass, lets say a variable (ie: dns_slave = 
SLAVE-IP and dns_master = MASTER-IP) between slaves and masters? That 
way on the slaves I can compose my array of masters and pass that to 
the class and vice verse on the masters.


I know I can use exported resources but I am not really exporting a 
resource just some data? Or would I encapsulate this in some sort of 
resource and then export that?


Thanks
--
You received this message because you are subscribed to the Google 
Groups Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
mailto:puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CA%2BNsY5iB2oP1ub_H7moRRBnLr_mW9bxFCEiumTMiYBJ_aH%3DwSQ%40mail.gmail.com 
https://groups.google.com/d/msgid/puppet-users/CA%2BNsY5iB2oP1ub_H7moRRBnLr_mW9bxFCEiumTMiYBJ_aH%3DwSQ%40mail.gmail.com?utm_medium=emailutm_source=footer.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/55C443C4.3060108%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Windows batch file execution

[Peter Kristolaitis]

If all your batch script does is tweak some registry settings, I would 
suggest ditching batch files entirely and use the puppetlabs-registry 
module instead.


That said, it is likely that your script is not being executed at all 
because you need to escape backslashes in paths, e.g.


  command = cmd.exe /c c:\\temp\\sageset.bat,

Because backslashes are escape characters, the path is being flattened 
to c:tempsageset.bat which clearly doesn't exist; escaping the 
backslashes will resolve that.


But using the registry module is much better, and you should do that to 
avoid much sadness.


- Peter


On 7/29/2015 3:48 PM, Dimitri Yioulos wrote:

Hello, all.

I'm trying to execute the following batch file (sageset.bat) on Win2k8 
servers:


@ECHO OFF
REM Enable components to cleanup
REG ADD 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Active 
Setup Temp Folders /v StateFlags0100 /d 2 /t REG_DWORD /f
REG ADD 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\BranchCache 
/v StateFlags0100 /d 2 /t REG_DWORD /f
REG ADD 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Downloaded 
Program Files /v StateFlags0100 /d 2 /t REG_DWORD /f
REG ADD 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\GameNewsFiles 
/v StateFlags0100 /d 2 /t REG_DWORD /f

~

It makes changes to registry settings so that the disk cleanup utility 
will do a more thorough job of cleanup.  It's the equivalent of 
running cleanmgr /d c: /sageset:100, which opens a dialog box that 
presents a list of files to clean that one can check.


The following is in my manifest:

exec { 'sageset.bat':
 path = $::path,
 command = cmd.exe /c c:\temp\sageset.bat,
 provider = windows,
 logoutput = true,
}

The results of the manifest run are that everything executed 
successfully.  However, if I run cleanmgr /d c: /sageset:100 after 
that, none of the boxes is checked.  Running the batch file in a 
Windows CLI does work, and if I run cleanmgr /d c: /sageset:100 
after that, all of the boxes are checked.


Why am I not getting this to work?

Dimitri
--
You received this message because you are subscribed to the Google 
Groups Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
mailto:puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/30c76fb5-d8b6-4107-9300-6773fc15e36a%40googlegroups.com 
https://groups.google.com/d/msgid/puppet-users/30c76fb5-d8b6-4107-9300-6773fc15e36a%40googlegroups.com?utm_medium=emailutm_source=footer.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/55B935C9.1020301%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] MCollective - Unable to see/interact with client nodes

[Peter Kristolaitis]

You're misunderstanding the nature of server and client in the 
mcollective architecture.  ;)


Every node you want to manage in the cluster is a server (i.e. has a 
valid server.cfg and is running the daemon), and the node(s) that you 
are issuing commands from is a client (i.e. has a valid client.cfg and 
only runs the daemon if it's also a server).


- Peter

On 6/2/2015 8:28 PM, Tom Tucker wrote:


Puppet Peeps,


I am tinkering with the community edition of Puppet (version info 
below) with MCollective.  In my environment I want to test basic 
MCollective functionality without the SSL overhead.


Everything looks fine in the logs, but when I run ‘mco ping’ from 
either the client or server I only see that single node in the 
output.  Assuming I run this from the master node running ActiveMQ and 
MCollective, how do I interact/see with my other clients?




MCO ping example from the server

##

server# mco ping

server.mydomain.pem time=19.03 ms

 ping statistics 

1 replies max: 19.03 min: 19.03 avg: 19.03

server#

Client/Server Data

##

server# rpm -qa | egrep -i 'pup|mcol'

puppetserver-1.0.8-1.el6.noarch

mcollective-service-common-3.1.3-1.el6.noarch

mcollective-2.8.2-1.el6.noarch

mcollective-puppet-common-1.10.0-1.el6.noarch

mcollective-nettest-agent-3.0.4-1.el6.noarch

mcollective-client-2.8.2-1.el6.noarch

mcollective-service-agent-3.1.3-1.el6.noarch

mcollective-puppet-client-1.10.0-1.el6.noarch

mcollective-nettest-common-3.0.4-1.el6.noarch

mcollective-nettest-client-3.0.4-1.el6.noarch

puppetlabs-release-6-11.noarch

puppet-3.8.1-1.el6.noarch

mcollective-common-2.8.2-1.el6.noarch

mcollective-service-client-3.1.3-1.el6.noarch

mcollective-puppet-agent-1.10.0-1.el6.noarch

mcollective-facter-facts-1.0.0-1.noarch

puppet-server-3.8.1-1.el6.noarch

server#

server# cat /etc/mcollective/server.cfg | grep -v '^$' | grep -v '^#'

daemonize = 1

securityprovider = psk

plugin.psk = unset

connector = activemq

direct_addressing = 1

plugin.activemq.pool.size = 1

plugin.activemq.pool.1.host = server.mydomain.com 
http://server.mydomain.com


plugin.activemq.pool.1.port = 61613

plugin.activemq.pool.1.user = mcollective

plugin.activemq.pool.1.password = mysexypassword

identity = server.mydomain.com.pem

factsource = yaml

plugin.yaml = /etc/mcollective/facts.yaml

classesfile = /var/lib/puppet/state/classes.txt

collectives = mcollective

main_collective = mcollective

registerinterval = 600

rpcaudit = 1

rpcauditprovider = logfile

plugin.rpcaudit.logfile = /var/log/mcollective-audit.log

logger_type = file

loglevel = info

logfile = /var/log/mcollective.log

keeplogs = 5

max_log_size = 2097152

logfacility = user

libdir = /usr/libexec/mcollective

server#

client# rpm -qa | egrep -i '^pup|^mco'

mcollective-common-2.8.2-1.el5

mcollective-puppet-client-1.10.0-1.el5

puppet-3.8.1-1.el5

mcollective-service-client-3.1.3-1.el5

mcollective-client-2.8.2-1.el5

puppetlabs-release-5-11

mcollective-puppet-common-1.10.0-1.el5

mcollective-service-common-3.1.3-1.el5

client#

client#cat /etc/mcollective/client.cfg | grep -v '^$' | grep -v '^#'

securityprovider = psk

plugin.psk = unset

connector = activemq

plugin.activemq.pool.size = 1

plugin.activemq.pool.1.host = server.mydomain.com 
http://server.mydomain.com


plugin.activemq.pool.1.port = 61613

plugin.activemq.pool.1.user = mcollective

plugin.activemq.pool.1.password = sexypassword

factsource = yaml

plugin.yaml = /etc/mcollective/facts.yaml

default_discovery_method = mc

direct_addressing_threshold = 10

ttl = 60

color = 1

rpclimitmethod = first

collectives = mcollective

main_collective = mcollective

libdir = /usr/libexec/mcollective

logger_type = console

loglevel = warn

client#

--
You received this message because you are subscribed to the Google 
Groups Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
mailto:puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAGymF1C%3DDvsj01h7X3t2dk76Ciu8-kEFd0%2B_ud5orkLu5OL4Dg%40mail.gmail.com 
https://groups.google.com/d/msgid/puppet-users/CAGymF1C%3DDvsj01h7X3t2dk76Ciu8-kEFd0%2B_ud5orkLu5OL4Dg%40mail.gmail.com?utm_medium=emailutm_source=footer.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/556E88BA.9000800%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Running a daemon only during certain hours of the day

[Peter Kristolaitis]

On 04/09/2015 03:12 PM, Gabriel Filion wrote:

Puppet is really good at managing steady states. Why not have puppet manage 
cron entries responsible for starting and stopping the daemon? A custom fact 
could be used to return the current on/off state (accurate as of the last 
puppet run, or course) of the daemon for auditing purposes.

ah yes, I actually had thought about this but forgot to mention it. this
would be actually more reliable time-wise.

my only concern would then be if the service crashes during the on
period or gets started by someone for any reason in the off period and
forgotten there. puppet would add a safety net by ensuring the service's
state.. I'll have to verify if this can be possible and/or a concern
before I try to fix this part.

thanks for the input.



Set your cron jobs to run every minute during the period, so that the 
service will be running (or not) for at most 1 minute after a 
human-error / crash / reboot / deploy-new-node-due-to-auto-scaling 
event.   Yes, it's kind of brute-force-ish, but the overhead to check a 
service's state and start/stop it isn't that high.


If the goal is to make sure that the service is or is not running during 
certain time periods, would you rather wait an hour for a Puppet agent 
run or a minute for a cron job?


- Peter

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5526D0D3.3000702%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Should package {...} check if identical package is declared before?

[Peter Kristolaitis]

From this example:

package { 'foo':
ensure = '1.0.0',
}

package { 'foo':
ensure = '1.0.1',
}

package { 'foo':
ensure = 'latest',
}

Which one wins?  Since resources can be evaluated and applied in any 
order (barring dependencies), you could end up in a situation where a 
package gets flipped between different versions on subsequent runs of 
the agent.  It breaks the idea of being idempotent.




On 03/19/2015 02:55 AM, tani...@gmail.com wrote:
I've encountered the problem where 2 modules declare the identical 
package.


I wonder why package { .. } doesn't check if the package is already 
declared, and the redundant declaration can be ignored.


Will it be a nice improvement? If not, why not?

Thank you,
Tanin
--
You received this message because you are subscribed to the Google 
Groups Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
mailto:puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/aeaf617d-aeb0-47f9-9997-69544489b8e7%40googlegroups.com 
https://groups.google.com/d/msgid/puppet-users/aeaf617d-aeb0-47f9-9997-69544489b8e7%40googlegroups.com?utm_medium=emailutm_source=footer.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/550AD7E1.4030803%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] fingerprint changes after puppet cert --sign

[Peter Kristolaitis]

This is expected behaviour.  SSL certificate fingerprints are just the 
cryptographic hash of the entire cert, including the signing info if 
present.The hash of an unsigned cert is necessarily different than 
the hash of a signed cert, because they contain different information.



On 2/20/2015 12:54 AM, Tejas Gadaria wrote:

Hi,

I have an issue where my cert finger prints changes after I sign it on 
the master. I removed all certs from master and deleted 
/var/lib/puppet/ssl stopped and started puppet master service. Later 
on client Stopped agent service and removed ssl directory, started 
puppet agent service and run puppet agent -t on client. but facing 
same issue.

I have time synchronized on master and agent. Need your help on this.

Regards,
Tejas
--
You received this message because you are subscribed to the Google 
Groups Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
mailto:puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/6ea26ca7-e70e-4b5a-b54c-1f76c6001a4a%40googlegroups.com 
https://groups.google.com/d/msgid/puppet-users/6ea26ca7-e70e-4b5a-b54c-1f76c6001a4a%40googlegroups.com?utm_medium=emailutm_source=footer.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/54E6CF01.203%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Possible to include subdirectories in modules

[Peter Kristolaitis]

You can't do exactly what you have below, but there is similar 
functionality built into the module architecture.  See:


https://docs.puppetlabs.com/puppet/latest/reference/modules_fundamentals.html#example

So your .pp file would be named

modules/configuration/manifests/git.pp

And the module name would be 'configuration::git'



On 02/19/2015 08:55 AM, tuner wrote:

Hello,


i want to include subdirectories of modules/-path, e.g.
|
cat modules/*configuration/git*/manifests/init.pp
classgit {

if$::osfamily =='redhat'{
package{
'git':ensure=present,
}
}
}
|

And then include with something like:
|
cat manifests/site/git.pp
node git.testdomain.tst {
include base
include *configuration/git*
}
|

This would be very helpful for my configuration. Is there a way to 
manage this?



Thanks,
Antonios.

--
You received this message because you are subscribed to the Google 
Groups Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
mailto:puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/2fc44738-5df1-4eda-addd-dfd79996604a%40googlegroups.com 
https://groups.google.com/d/msgid/puppet-users/2fc44738-5df1-4eda-addd-dfd79996604a%40googlegroups.com?utm_medium=emailutm_source=footer.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/54E60752.2050303%40alter3d.ca.
For more options, visit https://groups.google.com/d/optout.