from:"Ramin K"

Re: [Puppet Users] [Roles/Profiles] when a technology module doesn't already exist - seeking opinions

2020-06-09 Thread Ramin K

Role/Profiles not binary choice within the system, it's "does this 
specific module in my environment need business logic.


Example from my environment. Most of the time you don't need to care 
about chrony. It runs, no logic required. In our case we want to sync 
with the ptp clock in certain cases.


class profile::chrony {
  # ptp refclocks only provided by Azure (so far)
  # and only supported on rhel 7 or better.
  # cloud_vendor is specified in manifests/site.pp
  if $facts['os']['family'] == 'Redhat' and 
versioncmp($facts['os']['release']['major'], '7') >= 0 and 
$::cloud_vendor == 'azure' {

$refclocks = ['PHC /dev/ptp0 poll 3 dpoll -2 offset 0']
  } else {
$refclocks = []
  }

  class { 'chrony':
refclocks => $refclocks,
  }
}

Same system we have a number of modules that don't need any logic. We 
apply it all in profile::std because that a convenient place to group it.


# standard linux profile for all linux servers
class profile::std::linux {

  include bash
  include cron
  include firewalld
  include git
  include sendmail
  include ssh

  etc etc

The point is you get to pick when you bring profiles in.

Ramin

On 6/9/2020 12:54 PM, Alan Evans wrote:

Either you need to manage that
complexity or you don't.


You are right and we have already decided that RP is warranted.  So 
yeah, module + profile.


Thank you for your input,
-Alan

--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/84aec7a5-3b03-49f2-8dba-99a946cfedf1o%40googlegroups.com 
.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/96c931e7-04df-d5b8-d382-d81308463ff2%40badapple.net.

Re: [Puppet Users] [Roles/Profiles] when a technology module doesn't already exist - seeking opinions

2020-06-09 Thread Ramin K

Make a module. When the complexity of managing the modules resources 
within your environment become complex enough to warrant it, make a 
profile containing your business logic to wrap that module.


The cons in your first example, extra work and duplication, do not 
exist. Profiles are entirely optional. Either you need to manage that 
complexity or you don't.


Ramin

On 6/8/2020 2:26 PM, Alan Evans wrote:
While _most_ things I want to manage via Puppet have modules on the 
forge that are well maintained, tested and highly flexible.  Sometimes 
though, I find that there is something that my organizations uses that 
is just not common enough to have a module on the forge.


In roles/profiles we consider things to be layered, with Roles at the 
top and technology specific modules at the bottom.  Profiles are our 
place to control the behavior of technology specific modules and add any 
missing functionality or business logic.


How do you deal with technologies that do not have corresponding modules 
on the forge?


*A) Write technology module and profile?*
Pros:
  - follows established practice
  - most flexible
Cons:
  - extra work
  - possible duplication of effort

|
classfoo ($param1,$param2,...$paramN){
   contain foo::install
   contain foo::config
   contain foo::service
Class['foo::install']->Class['foo::config']->Class['foo::service']
}


classprofile::foo ($param1 ='my_default',$param2 
='other_default',...$paramN){

   foo {
     param1 =>$param1,
     param2 =>$param2,
...
     paramN =$paramN,
}
}
|


*B) Put it all in a profile?*
Pros:
  - less work
  - probably still flexible since you control the whole thing
Cons:
  - does not match established practices

|
|
classprofile::foo ($param1 ='my_default',$param2 
='other_default',...$paramN){

   contain profile::foo::install
   contain profile::foo::config
   contain profile::foo::service
Class['profile::foo::install']->Class['profile::foo::config']->Class['profile::foo::service']
}
|
|



How have you handled this scenario in the past?

Thank you,
-Alan

--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/4e5e1a58-4d1e-4700-b3db-fd242567488bo%40googlegroups.com 
.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/89d92e29-cadf-9256-73ff-69bfbc0aee43%40badapple.net.

Re: [Puppet Users] legitimate puppet code?

2020-02-10 Thread Ramin K

Looks like single quoting params is causing the problem. This passes 
validation


  class { 'cis::iptables::configure':
level => $level,
type  => $type,
roles => $roles,
  }

Ramin

On 2/10/2020 12:38 PM, 'Prentice Bisbal' via Puppet Users wrote:
Is this legitimate puppet code? I'm trying to pass arguments instead of 
using global variables (ie, don't keep looking them up in hiera).  This 
syntax works elsewhere, but I've yet to use it within a class. When I 
run 'puppet parser validate', I get an error.


class cis::iptables (
   Integer $level,
   String $type,
   Array $roles ) {

   include cis::iptables::install
   class {'cis::iptables::configure': 'level' => $level, 'type' => 
$type, 'roles' => $roles}   #This line
   class {'cis::iptables::service': 'level' => $level, 'type' => $type, 
'roles' => $roles}   # and this line

}



--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/ec44e4db-b231-6143-fbc0-fe19902c3405%40badapple.net.

Re: [Puppet Users] Resource ordering not working for module classes (top-level)

2019-11-26 Thread Ramin K

You're running afoul of class containment or more precisely the lack 
thereof. Covered here https://puppet.com/blog/class-containment-puppet/


You can swap 'include ipvsadm::config' for 'contain ipvsadm::config' 
though you may need more contain statements. If they are third party 
modules you'd prefer not to modify, you can create more specific order 
between the modules in your profile. something like this might work.


Class['ipvsadm::config'] -> Class['ipvs_keepalived::service']

I'm not a huge fan of creating relationships between components of 
modules, but sometimes that's the best way forward.


Watch the use of contain. It can be easy to create dependency cycles 
particularly if you're using resources from systemd and yum in your modules.


Ramin

On 11/26/2019 11:33 AM, Abhijeet Rastogi wrote:

Hi Puppet users,

I have the following code and all resources inside class ipvsadm are not 
executed before all resources in class ipvs_keepalived.


class profile::ipvs {
   # Removed other classes for readability
   include '::ipvs_keepalived'
   include '::ipvsadm'

   # Need ipvsadm kernel module changes before keepalived loads the 
ip_vs module

   Class['::ipvsadm'] -> Class['::ipvs_keepalived']
}


But, below is my puppet run log in debug mode, column 1 being the line 
number.


556445 Debug: Adding relationship fromClass[Ipvsadm] toClass[Ipvs_keepalived] 
with'before'
...
556633 Notice: 
/Stage[main]/Ipvs_keepalived::Service/Service[keepalived]/ensure: ensure 
changed'stopped'  to'running'

...
556776 Notice: 
/Stage[main]/Ipvsadm::Config/File[/etc/modprobe.d/ipvs.conf]/ensure: defined 
content as'{md5}eccf22fd99f92d076e2c7b74cff506d1'


We can see that even though the resource order was processed in puppet 
run, Ipvs_keepalived::Service decides to execute before Ipvsadm::Config.


I think there's something fundamentally wrong in my approach, will 
appreciate the help.


Thanks,
Abhijeet

--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/53fbade6-10f5-4973-931a-17bc40be7d50%40googlegroups.com 
.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/b0f1ce0c-b85d-7bd1-0d5c-80e9a7d0ccd6%40badapple.net.

Re: [Puppet Users] puppet server connection limit / throttling ?

2019-10-09 Thread Ramin K

I'd look at general tuning as a first step. From puppetserver.conf

450 servers every 30 minutes is 4s. If catalog compile is taking longer
than 4s a single core instance is likely falling behind. I believe
Puppet recommends 4 core minimum to handle OS, JVM, garbage collection,
etc. Distributing file resources through Puppet will take CPU time away
from catalog compiles. I'd only be concerned about 200-300 or so.

From puppetserver.conf
https://puppet.com/docs/puppetserver/latest/config_file_puppetserver.html
max-active-instances: Optional. The maximum number of JRuby instances
allowed. The default is 'num-cpus - 1', with a minimum value of 1 and a
maximum value of 4.

Assuming a 4 core instance that's probably fine. Larger and you'll need
to tune it.

General guidelines have been 250-500MB per instance. Default tuning in
6.7 is 2g. Again on a 4 core / 3GB+ instance that should be fine.

Lastly you said reboot, but are you just restarting the Puppetserver
process? If it truly requires a reboot, let us know.

Ramin

On 10/9/2019 2:05 AM, Andy Hall wrote:
Hi there we have a puppetserver 6.4.0 which is currently handling about
450 clients. In terms of performance over our legacy 3.8 instance it is
great - clearly clojure is faster than a rails app behind a web proxy
:-) But we notice that when we hit approx. 90 established connection to
TCP port 8140 any new client puppet-agent connections "hang" at this
stage as seen from debug output:

Debug: Creating new connection for https://server.company.com:8140
Debug: Starting connection for https://server.company.com:8140

This isn't just waiting for a catalog to compile - it often sits there
for minutes with no response. In fact if we reboot the puppet server
thus clearing the connections the client then runs normally as expected
- with just a small delay waiting for its catalog.

I'm pretty sure this is not some OS / TCP stack limitation so wonder if
there is some config which might be throttling this at the application
level ? I hope approx. 450 clients is not the stage we need to start
scaling to multiple catalog servers ??

Thanks for your help, Andy.

--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com
.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/52b4d184-6ecd-409a-ad26-d623762539d2%40googlegroups.com
.

--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/6aac34b2-9010-ff06-abd0-451f7adce43d%40badapple.net.

Re: [Puppet Users] Re: How to set puppetserver to listen on two IPs?

2018-06-21 Thread Ramin K


On 6/21/18 5:53 AM, jcbollinger wrote:

On Wednesday, June 20, 2018 at 7:54:20 AM UTC-5, Jakov Sosic wrote:

Hi guys,

[root@host ~]# cat /etc/puppetlabs/puppetserver/conf.d/webserver.conf
webserver: {
     access-log-config: /etc/puppetlabs/puppetserver/request-logging.xml
     client-auth: want
     ssl-host: 0.0.0.0
     ssl-port: 8140
}

I wonder if it's possible, and if yes, how, to set ssl-host to two
IP addreses / interfaces?

I don't want puppet to listen on 0.0.0.0, cause I have 3 interfaces.


To the best of my knowledge, your options are

  * bind to /all/ of the machine's addresses
  * bind to one specific address
  * run multiple puppetserver instances

If you want to exclude one interface out of several then perhaps it 
would be easier to handle that at a different level.  For example, let 
puppetserver bind to all addresses, but use your firewall to block 
service at those addresses where you don't want to receive catalog requests.


John


I had a slightly different use case, but ended up putting Apache in 
front of Puppetserver to get the same behavior.


https://puppet.com/docs/puppetserver/5.3/external_ssl_termination.html

Ramin


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/411d73ad-da98-1283-da40-856bbb469d90%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Style (syntax?) question

2018-06-05 Thread Ramin K

On 6/5/2018 6:01 AM, jcbollinger wrote:

On Monday, June 4, 2018 at 1:06:52 PM UTC-5, Ramin K wrote:

On 6/4/18 8:25 AM, Peter Berghold wrote:
 > I was looking at someone else's code one day last week and saw a
pattern
 > I've not seen before. Maybe that's what I get for developing
Puppet code
 > in a vacuum. :-)
 >
 > class someclass (
 >      $parm1 = $::someclass::params::parm1,
 >      $parm2 = $::someclass::params::parm2       # so far I get it.
 > ) inherits someclass::params {             # ok, I get it
 >
 >       class{'someclass::package': }        # OK
 >       -> class('someclass::configure':}    # right...
 >       -> Class{'someclass':}                    #  HUH?  What
does that do?
 > }
 >
 > Is that last step necessary and why?

The last step was fairly common in Puppet 2.7 code before Anchors.

Are you sure about that, Ramin?  I've been around Puppet since well 
before v2.7, and to the best of my knowledge, Class{'someclass':} (with 
capital 'C') is and always has been syntactically invalid.  I'm prepared 
to learn something new today, but you'll need to point me to some docs 
to support your assertion.

Myself, I'm inclined to guess that it's a simple typo, that an ordinary 
resource-style class declaration (with lowercase 'c') is what was intended.

"I was looking at someone else's code one day last week and saw a 
pattern I've not seen before." seems clear enough to me. Was pseudo code 
and I didn't think to look at the syntax. Jumped straight to the 
confusing part, a resource chain that ends on the class. I've answered 
the same question several times in support of our Puppet system at work. 
And then moved the module to contain... which generated more questions 
about include vs require vs contain. No winning some days.

Ramin

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/850a1e8d-58ab-7186-878d-9ef32f8d4e6c%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Style (syntax?) question

2018-06-04 Thread Ramin K


On 6/4/18 8:25 AM, Peter Berghold wrote:
I was looking at someone else's code one day last week and saw a pattern 
I've not seen before. Maybe that's what I get for developing Puppet code 
in a vacuum. :-)


class someclass (
     $parm1 = $::someclass::params::parm1,
     $parm2 = $::someclass::params::parm2       # so far I get it.
) inherits someclass::params {             # ok, I get it

      class{'someclass::package': }        # OK
      -> class('someclass::configure':}    # right...
      -> Class{'someclass':}                    #  HUH?  What does that do?
}

Is that last step necessary and why?



The last step was fairly common in Puppet 2.7 code before Anchors. It is 
necessary if you want to do something like this.


class profile::mystack {

  include ::otherclass
  include ::someclass

  Class['someclass'] -> Class['otherclass']
}

By adding that -> Class{'someclass':} to the end you create a chain that 
requires all classes to completed before 'someclass' is completed. 
Allows you to do the ordering I've shown.


In Puppet 3.4 the keyword 'contain' was introduced. The modern 
implementation might look like


class someclass (
$parm1 = $::someclass::params::parm1,
$parm2 = $::someclass::params::parm2,
) inherits someclass::params {

  contain someclass::package
  contain someclass::configure

  Class['someclass::package']
  -> Class['someclass::configure']
}

fwiw a lot of my modules internally will mix and match include with 
contain. In the case below I do not want containment around the yum repo 
because in our system that's guaranteed to cause dependency cycles. Also 
service usually encapsulate some systemd reloading which can cause the 
same problem. Containing install and config is usually enough to allow 
other modules to depend on my somedaemon module though not always.


class somedaemon {

  include ::somedaemon::repo
  contain ::somedaemon::install
  contain ::somedaemon::config
  include ::somedaemon::service

  Class['::yum']
  -> class['::somedaemon::install']
  -> Class['::somedaemon::config']
  ~> Class['::somedaemon::service']
}

Ramin

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/e5e15946-72ca-2cc8-e7e3-e40489d98019%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] General performance questions in Puppetserver 2.8

2018-02-11 Thread Ramin K


Thanks for the response. Nice to get some new data points.

We're unfortunately unable to lengthen the environment cache past 30s 
till we get r10k wired up and able to clear the cache automatically.


We're running 32 instances for 32 cores which seems fine, but I'm not 
clear on if I should run lower. I set JAVA_ARGS="-Xms18g -Xmx18g 
-XX:+UseG1GC" which seems fine the number of cores so far. Have not had 
crashing problems. CPU was running 90-100% till I set the heaviest 
hitting role to once an hour while we make changes.


One interesting data point is that I was using an ancient function as a 
replacement from fqdn_rand(60,$seed) to keep crons from moving around 
during the transition. Removing the function from the majority of cases 
dropping compile times by 1-3 seconds and smoothed out the CPU curve. I 
suspect this function was running poorly and might be the cause of my 
1.9.3 Ruby deprecation notices I see in the logs. I suspect the more 
Ruby/stdlib I remove from the manifests the better performance will be.


In regards to agents I ran a few tests on our Centos6 hosts. Definitely 
see an improvement in apply times particularly in roles that have a lot 
of file resources. Dropped from 45s to 30s on one of these roles which 
should be http connection reuse though still need to verify it's because 
we're using something other than 1.8.7 as the runtime.


Ramin

On 2/11/18 5:31 AM, Poil wrote:
Here at Claranet France, when we've switched to Puppet4, we've made 
several mistake
First, the environment cache wasn't enable, and the performance with 
Puppet4 is very bad when it's not.
Second, when we've reached 3000 nodes (we have 4 master nodes, 48 core, 
64GB, behind 2 HaProxy) the catalog application (not compute) became 
slow and slower. we tried to increase the number of JRuby instances from 
4 (max in auto mode) to 12 but we had very high load and crashes. The 
problem is that the JVM memory is shared between all JRuby Instance, so 
just increase th xmx/xms to 1GB per JRuby instance seems to have 
resolved all our performance problem.


Now our catalog application time is about 50% faster than on our old 
Puppet3 infrastructures (we've also switch all our agent to Puppet4).


Best regards,

Le 11/02/2018 à 02:39, Ramin K a écrit :
tos 6 running Puppet 3.8.x. Ruby 1.8.7 so no http multiplexing. 50% of 
agents on Centos 7 w/





--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/241ab472-fdf4-2d77-dcc6-806b476e37ee%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] General performance questions in Puppetserver 2.8

2018-02-10 Thread Ramin K

We recently switched a large codebase with a lot of history over to
Puppet 4.10. Performance of the new servers is significantly slower than
the old Apache/Passenger system, roughly half. I have a list of possible
causes and general cleanup to do, but was hoping the community could
help me order than list in a way that got me to better performance
soonest. Or point out something I've missed.

We serve a lot of file. Whatever you've seen, this is likely worst. Some
cases are 10k files per server. We've farmed out some tickets to teams
to cleanup, templatize, etc etc their code. I could do the heavy lifting
a drop it significantly with a week of work.

50% of agents on Centos 6 running Puppet 3.8.x. Ruby 1.8.7 so no http
multiplexing. 50% of agents on Centos 7 w/ Puppet 3.8.x. Ruby 2.0 with
http multiplexing at least with Puppet 3 servers also on Centos 7. Have
not checked Puppetserver 2.8, but assume this is still working. Moving
all Centos6 agents to puppetagent 1.10.10 should reduce the ssl/http
connection overhead.

Puppetserver tuning. Not much documentation online. Running instance per
core (24) with 18GB. Runs around 23GB consistently on a 32GB machine.
env time of 30s. Java 8. On disk files in ramdisk. Could move ./cache/
to ramdisk as well. Other than memory is anyone tuning much?

Stdlib validation deprecation messages. Have not moved over to the new
type system and validation. Generally the logs are pretty clean other
than these messages.

content => vs source =>. We've been slowly moving to content for files
that are on a significant percentage of the fleet. Still the way to go
assuming we're on 4.x or better agent?

That the list so far. I'm guessing less files and agent upgrades are the
mostly likely to get us back to parity. I was surprised that catalog
generation wasn't significantly faster when comparing unloaded 3 and 4
servers to each other. Suspect cleaning up deprecation might help some,
but suspect there is something odd about our code here.

Ramin

--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/8573eb26-bca9-e4a6-9345-211e2b41ae35%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Is hiera broken in FOSS Puppet 3.7.2?

2017-09-26 Thread Ramin K

Puppet 4 ships as an all in one package so you can even run it on
Centos5 since it's ships with it's own Ruby, etc.

http://yum.puppetlabs.com/el/6/PC1/x86_64/

Ramin

On 9/26/17 12:32 PM, Peter Berghold wrote:

I was afraid that would be an answer I got... :-)

There are plans to move to Puppet 4 where I know all this works but
given I have to support all this on RHEL 6.x there may be some obstacles
there. I would LOVE to wave a magic wand and make Puppet 3.x go away

So.. 3.8 eh? There's something to investigate

On Tue, Sep 26, 2017 at 1:46 PM Rob Nelson > wrote:

If I had to guess, it would be that the merge settings either don't
exist or are buggy in 3.7.2. 3.8 was EOL in December last year, if
you have to stick with 3 I'd suggest at least trying it with 3.8.

On Tue, Sep 26, 2017 at 12:35 PM Peter Berghold
> wrote:

Seeing things like doing a hiera lookup inside a manifest such as

$somevar = hiera('randomvalue','notfound')

returning nils and other odd behavior.

I have a hiera.yaml file that looks like:

---
:backends:
- yaml
:merge_behavior: deeper
:deep_merge_options: {}
:yaml:
:datadir: "/etc/puppet/environments/%{environment}/hieradata"
:hierarchy:
- "function/${::facts.host_function}"
- "datacenter/%{::facts.sitename}"
- "nodes/%{fqdn}"
- "common_classes"
- "common"

and yet I see both the nodes and common_classes being ignored.

Of more concern to me is I'm trying to set values such as

somemod::parms::value1: somevalue

and that's being ignored.

Puppet.conf is configured correctly because it *is* finding a
class list in common.yaml but nowhere else.

Thoughts?

--
You received this message because you are subscribed to the

Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from
it, send an email to puppet-users+unsubscr...@googlegroups.com
.
To view this discussion on the web visit

https://groups.google.com/d/msgid/puppet-users/CAArvnv2ssHekfEX9Asi4eEriQqJ0ohgbyg%3DGSvM%2B0L_eGU2RUw%40mail.gmail.com

.
For more options, visit https://groups.google.com/d/optout.

--
Rob Nelson

--
You received this message because you are subscribed to the Google

Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to puppet-users+unsubscr...@googlegroups.com
.
To view this discussion on the web visit

https://groups.google.com/d/msgid/puppet-users/CAC76iT8LVV3HzOC-9eKDyHJKhJTdGjEY9j5jWYqafW8BY6GYnQ%40mail.gmail.com

.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com
.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAArvnv1Mnqs1B_ZAUUFSb1xSifUu6X%2Birj41C9j1UJa%2Bprg2QQ%40mail.gmail.com
.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/c08d2935-2f5f-f852-1e87-273485e22c56%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] How to randomize the order of server names

2017-07-24 Thread Ramin K

Forgot to reply on list, but we solved it with fqdn_rotate() doing most
of the work.

$_ldap_servers = ['ldap1','ldap2','ldap3']
$ldap_uri =
join(suffix(prefix(fqdn_rotate(sort($_ldap_servers))),'ldaps://'),'/'),' ')

Ramin

On 7/24/2017 7:24 AM, Rob Nelson wrote:

I did just notice this line, which should remove the .shuffle so it's
consistent on every run:

server_list = @_ldap_servers.shuffle

Rob Nelson
rnels...@gmail.com

On Mon, Jul 24, 2017 at 7:45 AM, Martijn > wrote:

I think that's perfect for the OP's use case. And if you need
multiple random numbers there's a useful second parameter to
fqdn_rand(), the "seed", which can be any string or integer and
allows you to get multiple different random numbers on the same host.

So, you could use the server_list.size as the seed to get a
different but number after you pop off an item from your server_list
array.
--
Martijn

Op zondag 23 juli 2017 16:51:17 UTC+2 schreef Rob Nelson:

You could try fqdn_rand(). Fqdn_rand will generate a random
number, but the same random number for a given fqdn, so you
would get the same value every time rather than it
changing. https://docs.puppet.com/puppet/latest/function.html#fqdnrand

On Sun, Jul 23, 2017 at 1:20 AM MK wrote:

Does anyone have experiences randomizing the order of
redundant server names in the client configuration and
won't change the order during next puppet agent runs?

For example, I have a bunch of ldap slave servers put in an
array:

$_ldap_servers = ['ldap1' , 'ldap2', 'ldap3']

I want to randomize the order in the client config (ex,
nslcd.conf or sssd.conf ) so they don't always hit the same
ldap server.

ex:
ldap_search_base = dc=example, dc=com
ldap_uri = ldaps://ldap2 ldaps://ldap0 ldaps://ldap3

What I did so far is that in the ERB template, I put the
following code:

ldap_uri = <%
server_list = @_ldap_servers.shuffle
server_list.size.times do
server = server_list[rand(server_list.size)]
-%>ldaps://<%= server -%>/ <%
server_list.delete(server)
end %>
```
It was working well with Rack based puppetmaster 3.x, but
after upgrading to puppetserver 2.7.x, it changes the order
every time when agent runs.

Does anyone have any suggestions?
Thanks so much!

https://groups.google.com/d/msgid/puppet-users/cfe4921b-d777-4b9e-8b6a-473f7c1904a5%40googlegroups.com

.
For more options, visit https://groups.google.com/d/optout
.

--
Rob Nelson

https://groups.google.com/d/msgid/puppet-users/63df98a6-ec85-4976-b300-0e3482857c99%40googlegroups.com

.
For more options, visit https://groups.google.com/d/optout
.

--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com
.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAC76iT9gQUG1m%3DK6-V%3DnOCNoVtd_cyGG%3DMjbgeMjKF31J5P6rA%40mail.gmail.com
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message

Re: [Puppet Users] Puppet Packet Rate?

2017-07-08 Thread Ramin K

Nothing fancy here. Parse the Apache log for /catalog/ to get catalog
sizes though you may need to tweak what you're logging, I'm using the
following, but only %b is needed to get bytes of the request.
http://httpd.apache.org/docs/current/mod/mod_log_config.html

LogFormat "%v %V %{X-Forwarded-For}i %l %u %t \"%r\" %>s %b
\"%{Referer}i\" \"%{User-Agent}i\" %D" combined

CustomLog /var/log/httpd/<%= @vhostname %>-access_log combined

File service metadata requests is parsing for "GET
/$some_env/file_metadata/". BTW in my stats that was 23k req/s if that
wasn't clear.

tx/rx is just from the interface. Nothing else on the box so it's all
Puppet plus general system stats collection, etc.

Ramin

On 7/8/17 8:25 AM, Soham Chakraborty wrote:

Ramin,

I am interested to know how did you do the tests? I want to run a
simulation myself.

On Saturday, July 8, 2017 at 3:44:26 AM UTC+5:30, Ramin K wrote:

On 7/7/17 9:52 AM, Peter Berghold wrote:
> Has anybody out there done any sort of study on what Puppet
produces in
> terms of I/O packet rate? I'm being asked to fill in a
spreadsheet with
> that information

I can share some rough numbers. We do a lot of files so the numbers are
weird and inefficient. Puppet 3.8.7/Passenger 5.1.5/Ruby 2.0/Apache 2.4
on the server side.

avg file metadata per puppetserver: 25k/s
avg hosts per puppetserver: 1200

avg catalog size: 15MB (lots and lots of files)

Peak TX rate: 4MB/s
Peak RX rate: 1.5MB/s

I'd suspect the average Puppetserver to be a fraction of that bandwidth
for the same number of hosts.

Ramin

--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com
<mailto:puppet-users+unsubscr...@googlegroups.com>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/61e5dc0f-a791-4eb9-89e8-714014404cb1%40googlegroups.com
<https://groups.google.com/d/msgid/puppet-users/61e5dc0f-a791-4eb9-89e8-714014404cb1%40googlegroups.com?utm_medium=email_source=footer>.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/8c78c0a3-0e74-533b-92db-f2a64ae0fdad%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet Packet Rate?

2017-07-07 Thread Ramin K


On 7/7/17 9:52 AM, Peter Berghold wrote:
Has anybody out there done any sort of study on what Puppet produces in 
terms of I/O packet rate?  I'm being asked to fill in a spreadsheet with 
that information


I can share some rough numbers. We do a lot of files so the numbers are 
weird and inefficient. Puppet 3.8.7/Passenger 5.1.5/Ruby 2.0/Apache 2.4 
on the server side.


avg file metadata per puppetserver: 25k/s
avg hosts per puppetserver: 1200

avg catalog size: 15MB (lots and lots of files)

Peak TX rate: 4MB/s
Peak RX rate: 1.5MB/s

I'd suspect the average Puppetserver to be a fraction of that bandwidth 
for the same number of hosts.


Ramin

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5ca353eb-2548-c4c8-89fc-d4011b2847cd%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Dependency conundrum

2017-06-15 Thread Ramin K

Maybe I've missed something, but I don't see why your second example 
doesn't work.


# Our order and notify relationships
File['patcher-client.service'] ~> Exec['systemctl  daemon-reload']
File['patcher-client.service'] ~> Service['patcher-client']

# Our order only relationships
Exec['systemctl  daemon-reload'] -> Service['patcher-client']

Ramin

On 6/15/17 7:59 AM, Tom Limoncelli wrote:

I'm having a problem getting some dependencies exactly right.

This is the code I originally wrote:

 
File['/usr/lib/systemd/system/patcher-client.service']~>Exec['systemctl 
daemon-reload']~>Service['patcher-client']


It works great except... oops... if any *other* module does 
Exec['systemctl daemon-reload'], then Service['patcher-client'] 
restarts.  That additional restart is unneeded.


I thought about rewriting it as:

 
File['/usr/lib/systemd/system/patcher-client.service']~>Exec['systemctl 
daemon-reload']
 
File['/usr/lib/systemd/system/patcher-client.service']~>Service['patcher-client']


But then how would Puppet know to do the Exec[] before the Service[]?  I 
could add:


 Exec['systemctl daemon-reload']->Service['patcher-client']

But then we're basically in the same situation as the original code. Right?

I guess I kind of want something like this: (not real syntax)

 File['/usr/lib/systemd/system/patcher-client.service']~> ( 
Exec['systemctl daemon-reload']~>Service['patcher-client'] )


How do I achieve that?

Thanks in advance,
Tom

--
Email: t...@whatexit.org Work: 
tlimonce...@stackoverflow.com

Blog: http://EverythingSysadmin.com

--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAHVFxgnkPQTgeNHv6L0Ao%2BuvdVtL-7ftaPfJG3gzXF0OCs6%3DsQ%40mail.gmail.com 
.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/74f6dd1c-722f-104a-fbfc-5e3d860c0e71%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] stop service after install

2017-05-14 Thread Ramin K

I'd guess that installing new modules are restarting the service. You 
probably need something with better ordering.


class apache {
  contain ::apache::install
  contain ::apache::config
  contain ::apache::service
  Class['::apache::install'] ->
  Class['::apache::config'] ~>
  Class['::apache::config']
}
class apache::install {
  package { 'libapache2-mpm-itk':
ensure => latest,
  }
  package { 'apache2':
ensure => latest,
  }
  # etc etc
}
class apache::config {
  file { '/etc/apache2/ports.conf':
ensure  => file,
content => "Listen 8080\n",
  }
}
class apache::service {
  service { 'apache':
ensure => running
enable => true,
  }
}
class nginx {
  package { 'nginx-light':
ensure => latest,
  }
}
class profile::webstack {
  include ::apache
  include ::nginx
  Class['::apache'] -> Class['nginx']
}

On 5/13/17 2:45 AM, Anton Gorlov wrote:

Hi.

I need stop service (apache) after it install from puppet.
platform is debian 9 and puppet version is 4.8.2

I my class i wrote:


class webpackages {

exec { 'apachechk':
command => "/bin/systemctl stop apache2;",
onlyif => "/bin/grep -c 'Listen 80' /etc/apache2/ports.conf",
}

package { 'libapache2-mpm-itk':
ensure => latest,
   }

package { 'apache2':
require => Exec['apachechk'],
ensure => latest,
   }

package { 'apache2-dev':
ensure => latest,
   }
package { 'apache2-suexec-pristine':
ensure => latest,
   }
package { 'apache2-utils':
ensure => latest,
   }
package { 'apache2-bin':
ensure => latest,
   }
package { 'apachetop':
ensure => latest,
   }
package { 'libapache2-mod-rpaf':
ensure => latest,
   }
package { 'nginx-light':
require => Exec['apachechk'],
ensure => latest,
}

}
===

but apache not stopping and install nginx is fail because port is busy
by apache

May 13 12:21:29 debian9-lab3 nginx[19538]: nginx: [emerg] listen() to
[::]:8…se)
May 13 12:21:29 debian9-lab3 nginx[19538]: nginx: [emerg] listen() to
0.0.0.…se)
May 13 12:21:29 debian9-lab3 nginx[19538]: nginx: [emerg] listen() to
[::]:8…se)
May 13 12:21:30 debian9-lab3 nginx[19538]: nginx: [emerg] listen() to
0.0.0.…se)
May 13 12:21:30 debian9-lab3 nginx[19538]: nginx: [emerg] listen() to
[::]:8…se)
May 13 12:21:30 debian9-lab3 nginx[19538]: nginx: [emerg] still could
not bind()

What is wrong and what is right way to do it?



--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/1da0051d-a3d1-6472-2ad6-3af335f7503a%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Regex for case statements

2017-05-06 Thread Ramin K


On 5/6/2017 6:10 PM, tejat...@gmail.com wrote:

Hello,

I'm stuck at this point while adding a case statement regex for
hostname's macthing...
Here is my sample code I'm working on...

class clearlogs::components::idm {

 case $::hostname {
   'idm-wc-(\d+)p': {


https://docs.puppet.com/puppet/3.8/lang_conditional.html#syntax-2

needs to be between slashes, /idm-wc-(\d+)p/: {}

If you have regex problems, I find http://rubular.com/ fairly useful for 
testing.


Ramin

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/81c500c3-26e2-adde-e7e5-45cbb63bd6f3%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Catalog compilation performance issues in Puppet 3

2017-04-20 Thread Ramin K


On 4/20/17 3:32 AM, Cesar wrote:


I was wondering whether there is any way to reduce catalog compilation?
Could the catalog compilation be split across different Puppet master
processes or something like that?


- upgrade to 3.8.x, definitely performances gains to be had.

- Passenger 5/5.1 and tune for the CPU/workload, 
https://ask.puppet.com/question/13433/how-should-i-tune-passenger-to-run-puppet/


- Run Ruby 2.1 on the master. Performance in Ruby 1.8.7 was terrible. 
Expect a 30-50% bump for each version you jump from 1.8.7, 1.9.3, 2.0, 
and 2.1.


Ruby version is the performance limiter in Puppet 3.x rather than Puppet 
3 vs 4 or the app server at least in puppet-server 1.x. It's unfortunate 
that *every* benchmark I've seen comparing Puppet 3/Passenger vs Puppet 
4/JVM was done with Ruby 1.8.7 including the benchmarks Cern did. IME 
running modern Ruby gets you very very close to Puppet server 
performance. It also helps you migrate to Puppet 4 if you have custom 
functions, types/providers, etc which aren't Ruby 1.9+ ready.


Ramin

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/06d7a669-606b-bd55-b01a-56ce954d6f06%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet server is slow and needs tuning

2017-02-20 Thread Ramin K

With Puppet 3.8.7 you're hopefully running Puppet with Apache/Passenger.
If not, you have a puppetmaster (puppet master?) process that is single
threaded. You'll have to migrate to Passenger based setup. My guess is
that that you're running the standalone process since Passenger defaults
to 6 processes which should be able to serve 500 agents.

Tuning Apache/Passenger
https://ask.puppet.com/question/13433/how-should-i-tune-passenger-to-run-puppet/

Ramin

On 2/20/17 6:42 PM, Harish Kothuri wrote:

Thanks for your reply. I understand that i need to upgrade to puppet 4.

I'm just looking for similar options to optimize in 3 open source since
i have these in production and not easy to upgrade

Thanks & Regards,
Harish Kothuri

On Monday, February 20, 2017 at 10:51:27 PM UTC+5:30, Rob Nelson wrote:

Harish,

You are running puppet 3 open source and looking at directions for
puppet 4 enterprise edition. While some of the PE information will
surely apply to the open source edition, you should update to puppet
4 as puppet 3 is End of Support/Life. That upgrade alone should
improve performance significantly, at which time you can re-evaluate
performance issues.

On Mon, Feb 20, 2017 at 8:26 AM Harish Kothuri wrote:

Hi All,

Following is my puppet configuration details. Problem is that
puppet server and agent runs are going very slow at times and
restarting the server helps in production.

Puppet 3.8.7 (open source)
Facter 2.4.6
CentOS 7
Number of nodes: 500
Number of cores: 16
RAM: 32GB

I'm going through this puppet website

https://docs.puppet.com/pe/latest/config_monolithic.html#tuning-monolithic-installations-(reference)

to fine tune my puppet.

Can someone help me in understand location of the files exactly
as i could not figure out *few (marked in Red)*. Please verify
my changes and let me know if there's anything wrong.

Section from Link: 16 cores, 32 GB of RAM (Monolithic)

_*Puppet Server:*_
*1. Increased JRuby instances in /etc/hiera.yaml file as below.*

---
:backends:
- yaml
:hierarchy:
- defaults
- "%{clientcert}"
- "%{environment}"
- global

:yaml:
# datadir is empty here, so hiera uses its defaults:
# - /var/lib/hiera on *nix
# - %CommonAppData%\PuppetLabs\hiera\var on Windows
# When specifying a datadir, make sure the directory exists.
:datadir:
jruby-puppet: {
max-active-instances: 10
max-requests-per-instance: 0
}

*1.1 Heap size on puppet server - Not sure where and how to
change this.*
*
*
*_PuppetDB:_*
*2. PuppetDB command processing threads - **Where and how to
change this?*
*changed this in /etc/puppetdb/conf.d/config.ini*
*
*
*
*
*2. 1 Changed heap size of puppetdb in /etc/sysconfig/puppetdb
file as below*
*
*
*JAVA_ARGS="-Xmx1g -XX:+HeapDumpOnOutOfMemoryError
-XX:HeapDumpPath=/var/log/puppetdb/puppetdb-oom.hprof
-Djava.security.egd=file:/dev/urandom"
*
*
*
*2.2 Broker Memory - Not sure where and how to change this.*
*
*
*3. Node classifier-** Not sure where and how to change this.*
*4. ActiveMQ - **Not sure where and how to change this.*
*5. Orchestration services - **Not sure where and how to change
this.*
*6. PostgreSQL - **Not sure where and how to change this.*
*
*
Thanks & Regards,
Harish Kothuri

https://groups.google.com/d/msgid/puppet-users/b0fb70eb-3224-4099-b53d-e1c370e2a0f9%40googlegroups.com

.
For more options, visit https://groups.google.com/d/optout
.

--
Rob Nelson

Re: [Puppet Users] Puppet Language Style Guide update

2017-02-14 Thread Ramin K

Also a fan of David Walhstrom's git hooks and we use them server side too.

Ramin

On 2/13/17 10:36 AM, Christopher Wood wrote:

Same budget for tools here. I get along just fine with a combination of 
puppet-mode for emacs and the pre-commit hook from David Walhstrom's 
puppet-git-hooks project.

https://github.com/voxpupuli/puppet-mode

https://github.com/drwahl/puppet-git-hooks

(Although I obviously recommend you install the pre-receive hook on the server 
side of wherever you're pushing to.)

On Mon, Feb 13, 2017 at 09:24:51AM -0800, James Perry wrote:

   Are the any open source or free replacements for Geppetto?   RubyMine is
   like $200/year, which is outside of an IT budget of $0/year for tools.

   On Friday, January 13, 2017 at 5:03:48 AM UTC-5, Henrik Lindberg wrote:

 On 13/01/17 08:38, Peter Faller wrote:
 > Has the Gepetto auto-formatter been updated (or will it be updated) to
 > match the style guide? Or is there another way of automatically
 > formatting manifests to match the style guide?
 >

 Geppetto is pretty much up to date on the style guide as there are no
 fundamental changes to the formatting in terms of indentation and
 spacing. It is however somewhat behind on the language support as it has
 no understanding of the type system and some other recent additions.
 Geppetto is no longer maintained by Puppet as announced quite a long
 time ago.

 An IDE that has recently updated their support for Puppet is RubyMine.
 It is well worth taking a look at. Don't know what kind of formatting
 they offer though.

 Best,
 - henrik

 >
 > --
 > You received this message because you are subscribed to the Google
 > Groups "Puppet Users" group.
 > To unsubscribe from this group and stop receiving emails from it, send
 > an email to [1]puppet-users...@googlegroups.com
 > .
 > To view this discussion on the web visit
 >

[3]https://groups.google.com/d/msgid/puppet-users/d36a42d7-d46e-4cc5-b198-8b7b396031e3%40googlegroups.com
 >

<[4]https://groups.google.com/d/msgid/puppet-users/d36a42d7-d46e-4cc5-b198-8b7b396031e3%40googlegroups.com?utm_medium=email_source=footer>.
 > For more options, visit [5]https://groups.google.com/d/optout.

   --
   You received this message because you are subscribed to the Google Groups
   "Puppet Users" group.
   To unsubscribe from this group and stop receiving emails from it, send an
   email to [6]puppet-users+unsubscr...@googlegroups.com.
   To view this discussion on the web visit

[7]https://groups.google.com/d/msgid/puppet-users/f0649350-e4df-4bf1-aa13-3f69978e6848%40googlegroups.com.
   For more options, visit [8]https://groups.google.com/d/optout.

References

   Visible links
   1. javascript:
   2. javascript:
   3. 
https://groups.google.com/d/msgid/puppet-users/d36a42d7-d46e-4cc5-b198-8b7b396031e3%40googlegroups.com
   4. 
https://groups.google.com/d/msgid/puppet-users/d36a42d7-d46e-4cc5-b198-8b7b396031e3%40googlegroups.com?utm_medium=email_source=footer
   5. https://groups.google.com/d/optout
   6. mailto:puppet-users+unsubscr...@googlegroups.com
   7. 
https://groups.google.com/d/msgid/puppet-users/f0649350-e4df-4bf1-aa13-3f69978e6848%40googlegroups.com?utm_medium=email_source=footer
   8. https://groups.google.com/d/optout

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/996a47d8-59a5-8baf-cafc-97fccff9dfd7%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet managing thousands of resources

2017-01-11 Thread Ramin K

On 1/11/17 9:58 AM, Zachary Vida wrote:

Hello, I was wonder if there are any significant impovements in later
version of puppet >= 2.6 to catolog compilation and/or application
runtimes.

In an environment I manage we populate many local files
(/etc/passwd,/etc/group,/etc/hosts) via ENC. This results in a steady
state catalog compilation/apply run times of several minutes and during
an inital puppet apply clocking in at 90 minutes.

Depends on a number of factors. Without knowing more about the system
this is general advice and numbers.

- Upgrade to Puppet 3.8.x. Should be a fairly simple update in most
environments. Expect file serving and catalog compile to take 50% of the
time with 3.8 masters as compared to 2.7 masters. I don't have numbers
on 2.6 masters. You must have 2.7 agents to talk to 3.x masters.

- Upgrade the Puppet master to a distro running Ruby 1.9.3 or better.
Expect catalog compiles to drop to 50% of the 1.8.7 run time with Ruby
1.9.3 or 25% with 2.1. This can be a complex upgrade if you have
templates that use str.each or wrote your own functions.

- Replace source => 'puppet:///modules/sudo/sudoers', with content =>
file('sudo/sudoers'), in as many places as possible. Note do not do this
for binary files, there can be problems with utf8 data. The catalog will
be larger over the wire, but a faster apply since you can eliminate
additional https connections. However I expect you're doing a fair
amount of source => 'puppet:///modules/thing/some_dir_full_of_files/'
and file() can't help you there.

- Use Passenger, tune it appropriately.
https://ask.puppet.com/question/13433/how-should-i-tune-passenger-to-run-puppet/

For the record, I can admit to having "tens of thousands of hosts" and
over half of them have 4k+ file resources.

Ramin

--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/3b9e17a3-7bea-8752-4811-9d2d25f5c7ce%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Over-engineering rant

2017-01-08 Thread Ramin K

On 1/8/2017 5:54 AM, Jakov Sosic wrote:

On 01/08/2017 11:04 AM, Fabrice Bacchella wrote:

And that's for something that for a given environment
never change, have no options. So dropping a standard
file that is hand made once in a lifetime is enough for
the vast majority of people.

Exactly my point...

I never really understood all the blog posts about people migrating to
other tools, and didn't quite understand bunch of the remarks and
reasons given in those posts...let alone agree with them.

But, becoming such a time sink even for a veteran is kinda depressing. I
can even see my self writing such a blog post in the future :D

Sure, organizations having 10+ devops engineers can afford to allocate
one of them 0.5/1.0 FTE on puppet alone, but smaller shops with 2-5
devops engineers just can't afford it.

Learning curve for a newcomer is steep high, but even once you're
seasoned puppet engineer, amount of changes happening is overwhelming.
It just becomes a time sink, and wastes a lot of your time just to keep
your code base up to date.

And sincerely I don't see any obvious benefit of some of these additions
(epp, moving from lose to strict parameter/variable types, ...).

It's something to think about: is puppet becoming it's own goal and
purpose (losing sight of what it should be - a tool that solves actual
problems)?

To be honest I never understood some of the blogs either, but this
thread has clarified it for me. To phrase it somewhat unkindly, Some
sysadmins when faced with software engineering want to go back to shell
scripts.

Are we seriously going to complain that we can enforce input validation
of types and structures? Are you mad? I work on a 10 year old 100k+ LOC
of damned MANIFEST code and I daily curse every committer who didn't
think about their data type and structure. We have a joke on on our
team, "true, false, and string. My least favorite data type." And it's
everywhere in the code and hard to blindly rip out.

Just last month it took us three days to sort out a define with
svc_check and svc_checks. Now we force array validation on svc_checks,
removed svc_check, and dropped a ton of confusing code along the way. Is
someone going to get bit when they pass a string? Yes. Will they figure
it out in a minute or two because the validation fail will tell them
exactly what to provide? Yes.

I would argue that our experience is working against us when it comes
to the new code. Everything is a string and we massage the data later is
how most of us worked. Also we may know exactly what we want to manage.
Now Puppet has the tools to validate input and with in module data
easily support just about any config. Sure it looks more complex and
hard to tell where data is coming from if you haven't seen the style
before, but simplifies templates, compares, regex, booleans, and
everything else we were doing. This code can be USED by anyone, but
takes slightly longer to understand.

Whether the module is overwrought is certainly a conversation worth
having, but let's separate that from the upgrade in technology.

Ramin

--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/0c4dbd9d-92a3-d7aa-1710-9767a39bcd7e%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Urgent Help Required | Puppet run is dead slow

2016-12-13 Thread Ramin K


On 12/12/2016 8:34 AM, Harish Kothuri wrote:


Also, attaching the puppet agent log with --debug enabled.

Kindly help.


What we really need is the Puppet master log since your problems are on 
that end.


Error 1 is Passenger complaining that there are no processed free to 
hand off to and you've filled Passenger's queue as well.


Based on error 2 would guess Puppetdb is blocking Puppet from serving 
requests.


In regards to general tuning of 3.x Puppet masters see the following 
link though really shouldn't be a problem with a few hundred nodes 
unless they all check in at the same time.


https://ask.puppet.com/question/13433/how-should-i-tune-passenger-to-run-puppet/

Ramin

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/0659b73e-dc76-da7d-41c7-45eceec198d7%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] puppet-lint 2.0.1 is released

2016-08-19 Thread Ramin K

Oh excellent. Thanks for reverting. I may see if I can spend some time
or it if only to write more complete tests so it doesn't flip flop in
the future.

Ramin

On 8/18/16 8:37 PM, Rob Nelson wrote:

Ramin,

No worries, it's a legitimate complaint. Puppet-lint 2.0.2 was just
released which reverted that issue. We're back to the original problem
in #504 but it's not worse than it was in 2.0.0 at least.

Rob Nelson
rnels...@gmail.com <mailto:rnels...@gmail.com>

On Thu, Aug 18, 2016 at 9:56 PM, Ramin K <ramin-l...@badapple.net
<mailto:ramin-l...@badapple.net>> wrote:

On 8/18/16 9:35 AM, Rob Nelson wrote:

All,

I'm happy to announce that puppet-lint 2.0.1 has been released
today.
Please checkout the changelog below for details. Please open a
ticket on
the project if you discover any issues with it.

This is the second release of puppet-lint this year and we hope
to keep
the pace up in the coming months. Thank you for all your
contributions
to it over the years!

https://rubygems.org/gems/puppet-lint
<https://rubygems.org/gems/puppet-lint>
https://github.com/rodjek/puppet-lint/blob/master/CHANGELOG.md
<https://github.com/rodjek/puppet-lint/blob/master/CHANGELOG.md>

I hate to be that person, but if you use puppet-lint for pre/post
commit hooks I'd recommend staying on 2.0.0 till
https://github.com/rodjek/puppet-lint/issues/504
<https://github.com/rodjek/puppet-lint/issues/504> is resolved.

Ramin

https://groups.google.com/d/msgid/puppet-users/7639d826-628f-7743-4141-f8b6dd15cdc1%40badapple.net

<https://groups.google.com/d/msgid/puppet-users/7639d826-628f-7743-4141-f8b6dd15cdc1%40badapple.net>.
For more options, visit https://groups.google.com/d/optout
<https://groups.google.com/d/optout>.

--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com
<mailto:puppet-users+unsubscr...@googlegroups.com>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAC76iT9xYDnaC7e957KMusvWZKJNn09XVf3vjd6YLnhSgM98Sg%40mail.gmail.com
<https://groups.google.com/d/msgid/puppet-users/CAC76iT9xYDnaC7e957KMusvWZKJNn09XVf3vjd6YLnhSgM98Sg%40mail.gmail.com?utm_medium=email_source=footer>.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/db784e9f-1fa5-cc7d-f444-7a56b5526b2e%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] puppet-lint 2.0.1 is released

2016-08-18 Thread Ramin K


On 8/18/16 9:35 AM, Rob Nelson wrote:

All,

I'm happy to announce that puppet-lint 2.0.1 has been released today.
Please checkout the changelog below for details. Please open a ticket on
the project if you discover any issues with it.

This is the second release of puppet-lint this year and we hope to keep
the pace up in the coming months. Thank you for all your contributions
to it over the years!

https://rubygems.org/gems/puppet-lint
https://github.com/rodjek/puppet-lint/blob/master/CHANGELOG.md


I hate to be that person, but if you use puppet-lint for pre/post commit 
hooks I'd recommend staying on 2.0.0 till 
https://github.com/rodjek/puppet-lint/issues/504 is resolved.


Ramin

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/7639d826-628f-7743-4141-f8b6dd15cdc1%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet module and Hiera variable access

2016-07-18 Thread Ramin K


You can use parameters as Rob suggests or specify the lookup yourself.

$new_var = hiera('icinga2_ido_password')

Also the var will be $::qmonitoring::db::new_var not the key you used.

I recommend matching var to lookup key to make it easier to trace 
through the code.


$icinga2_ido_password = hiera('icinga2_ido_password')

Ramin
On 7/18/16 11:54 AM, Tobias Köck wrote:

Hi,

for testing Hiera a have written a common.yaml with

qmonitoring::db::icinga2_ido_password: "mypwd34"
qmonitoring::db::icinga2_webdb_password: "mypwd544"

and I have a module named qmonitoring with a class named

class qmonitoring::db {

$new_var = $icinga2_ido_password,

}

where I try to automatically access the

qmonitoring::db::icinga2_ido_password

Hiera variable.

With $icinga2_ido_password it doesn't work with hiera( ...) it works.

How can I automatically access the Hiera variable in my class with the
priority lookup without having to use hiera(...)?

Greetings and thanks,
Tobias





--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/e1ebea99-13cd-d7d1-ee6b-38c9e5327f02%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Hiera Hash Merge Issues

2016-06-03 Thread Ramin K

That looks correct and you are also correct that the deep merge gem is
not required for simple top level key merges. Only for sub keys. I
believe the hiera_hash merge example here is still valid,

https://ask.puppet.com/question/13592/when-to-use-hiera-hiera_array-and-hiera_hash/

## rabbitmq_profile.pp
class rabbitmq_profile (
$vhosts = hiera_hash('rabbitmq_profile::vhosts',{})
) {

I'd make sure that actually the code you're using. If you're using hiera
or databindings it'll default to hiera() as well. That would certainly
explain the behavior you're seeing.

You might try running the master in debug so you can see the hiera
lookups it's attempting.

Ramin

On 6/3/16 11:57 AM, Leonard Smith wrote:

Deep gem is installed. However this should work with native correct if
all I am looking to have it do is create both '/' and 'test' vhost,
without ovverriding each other.

On Friday, June 3, 2016 at 2:47:45 PM UTC-4, Peter Kristolaitis wrote:

Did you install the deep_merge gem when using the deeper merge
option? The gem is required when using deep or deeper merging.

On 2016-06-03 02:38 PM, Leonard Smith wrote:

I've been trying to track down a problem with hiera_hash not merging.

puppet-3.8.6-1.el7
hiera-1.3.4-1.el7

## hiera.yaml
:hierarchy:
- test
- common

## test.yaml
---
rabbitmq_profile::vhosts:
'test' :
ensure: present

## common.yaml
---
rabbitmq_profile::vhosts:
'/' :
ensure: present

## rabbitmq_profile.pp

class rabbitmq_profile (

$vhosts = hiera_hash('rabbitmq_profile::vhosts',{})

) {

notify { "<>$vhosts": }
create_resources(rabbitmq_vhost, $vhosts )
}

## END

When I apply the manifest it creates the vhost specified in
test.yaml but not the one in comon.yaml. I expected it to merge
the has from both yamls and create the '/' and 'test' vhosts.

If I remove test from hiera.yaml it creates the '/' vhost fine.
I've tried setting the merge_behavior explicitly to native, deep
and deeper, but I still see the behavior where it picks up the
hash form the first yaml file it encounters and ignores the rest.

https://groups.google.com/d/msgid/puppet-users/9073d972-61d4-4454-bf0a-8dad4f889062%40googlegroups.com

.
For more options, visit https://groups.google.com/d/optout
.

--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com
.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/dda7b1bd-3380-48dc-89d8-5a5c64d5fce0%40googlegroups.com
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/299bd1e5-719f-8d0b-44af-e5da6dda0a78%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet and SVN

2016-05-23 Thread Ramin K

On 5/22/16 3:41 AM, Alex Samad wrote:

just starting out with puppet.
I found
this http://projects.puppetlabs.com/projects/1/wiki/Puppet_Version_Control
old page

talks about checking /etc/puppet into svn.

But on my centos install I have /etc/puppetlabs/puppet

do I add /etc/puppetlabs or /etc/puppetlabs/puppet to svn and if the
later what about my codedir ?

I have one of the largest SVN backed Puppet systems. It's painful,
slows us down, and we're getting off it this quarter. Finally.

If you don't have much dev experience, the idea that each branch exists
as a set of files in SVN initially sounds great. However the inability
to split work off into branches both short and long lived starts to take
its toll. Also tooling it hard, can't push a branch for someone else to
check out. You end up having "scratch space" for tests that eventually
have to be merged. It makes it hard to do sweeping changes as scratch
space has to encompass it all at least in most schemes I've observed.

I'm sure there are ways around some of the problems, but git based
branch development is ridiculously good with minimal investment. That
said git will seem like more work than you'd like when you have one or
two people working on the codebase. I never appreciated till I was on a
larger team.

Answering the other question, I recommend starting with
/etc/*puppetwhatever*/environments/{production|stage|etc}/ as releasses
of your src control rather than deploying directly to /etc/puppetlabs/
from src control.

Ramin

--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/93ef1e05-7b25-0ceb-0737-657ce36fe218%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Upgrading Puppet from 2.7 to 4

2016-05-06 Thread Ramin K


On 5/6/16 7:22 AM, Rob Nelson wrote:

I have not done this, but I suspect a stairstep upgrade of 2.7 -> 3.0 ->
3.8 w/future parser -> 4.latest would be the easiest. You *might* be
able to skip to 3.8, technically, but I suspect your code would blow up
in strange ways that would be less obvious than the additional step.


Depending on your OS I'd lean towards this upgrade progression.

2.7.25 -> 3.2.4 (new master, migrate clients) -> 3.4.3 (optional) -> 
3.8.7 -> 3.8.7 (future parser) -> 4.x (new master, migrate clients)


People tend to forget, but moving off 2.7 will likely change from Ruby 
1.8.7 to 1.9.3+ which can cause templates to be evaluated differently.


Ramin

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/87efcc18-d0ca-5a1a-4291-16e43aaa56d0%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] python on puppet

2016-04-22 Thread Ramin K


On 4/22/16 11:04 AM, bapi.l...@cloudwick.com wrote:

Hi all,

I am trying to manage python packages from puppet.I wanted to run the
following commands *without using EXEC..*
*
*
*After installing python-setuptools i tried to install pika using pip as
provider .. but it did not work.*



If the pip provider didn't work, it might be an ordering  or dependency 
problem. Does a second run succeed? We do something like this for ruby 
gems. In your case I think you would need to install the os pip package 
as well.


class ruby::devel {

  package { 'rubygems': ensure => installed, }
  # etc etc

  Class['ruby::devel'] -> Package <| provider == gem |>

Ramin

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/571A7707.7000303%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Patterns for multi-arch libraries...

2016-04-19 Thread Ramin K


On 4/19/16 9:06 AM, J.T. Conklin wrote:

Rob Nelson  writes:

Silly question, but what package manager doesn't let you upgrade those
two packages independently but also doesn't update the dependent
packages at the same time?


We have this problem on CentOS machines using the yum provider. The logs
reported something to the effect of openssl.x86_64 couldn't be updated
to version N+1 as that conflicted with openssl.i686 version N.  I wish
I had saved the logs at the time so I could share the exact text with
you all.

For a while - when it seemed like there was a new OpenSSL vulnerabilty
every other day - we had the openssl module's "version" parameter set to
"latest" in our hiera config.  When a new openssl version was available,
puppet would attempt and fail to install it each run. We'd manually have
to install the new version - so much for saving time. I'm hoping to find
a better option before the next time we need to update.

--jtc



Try adding install_options => 'update', to the package resource. Only 
works in Puppet 3+.


Ramin

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/57167AA4.6080104%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Strategies for "boring" packages

2016-04-19 Thread Ramin K


On 4/18/16 5:47 PM, J.T. Conklin wrote:

At work, we've written about 120 modules in our puppet code repository.
About two dozen are "interesting", in that they have lots of parameters
and configuration that is specific to our environment.  The balance are
"boring", rather they are mostly boilerplate with minimal configuration.
For example, our modules abstract the differences in package and service
names between RedHat and Debian based systems.

However, there is some disagreement amongst our puppeteers about how to
handle these "boring" modules. One side objects to the amount of boiler-
plate and duplication, and would prefer that we simply define packages
in our role/profile modules. The other side claims that abstracting
package and service names is value enough to justify the overhead, and
that "boring" packages often become "interesting" over time as new
requirements for flexibility and customization develop over time. Each
group is firmly convinced that their opinion is the right one.

So I throw the question to the puppet community... What strategies do
you use for "boring" modules so you're not overwhelmed by hundreds of
small boilerplate modules?

Thanks for sharing,

 --jtc



	At the previous job I preferred to promote packages to full modules 
from a holding module.


class vpackages {
  include vpackages::params

  @package { 'curl':tag => 'utils',}
  @package { 'htop':tag => 'utils',}
  @package { 'iftop':   tag => 'utils',}
  @package { 'whois':   tag => 'utils', name => 
$vpackages::params::whois, }


  # Mysql packages
  @package { 'percona-toolkit': tag => 'mysql', }
  @package { 'mysql-client':tag => 'mysql', name => 
$vpackages::params::mysqlclient, }

}

mysql-client is good example.

class mysql::install {
  package { 'mysql-server':
ensure => present,
name   => $mysql::params::packagename,
  }

  # realize packages like the client
  Package<| tag == 'mysql' |>
}

Later our Mysql installations were more complicated in several different 
roles with more versions. At that point it made sense to move 
mysqlclient into it's own parameterized module.


What I liked about the vpackages modules is that it's a visual 
representation of the shared namespace.


Ramin

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5716775B.7020007%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Does the puppet agent start puppetmaster?

2016-04-18 Thread Ramin K

On 4/18/16 3:05 AM, César wrote:

Hi all,

I have been looking for some docs to get more information on the
subject, but I have not been able to find them. Apologies if this has
been asked before!

I'm curious about what happens when a puppet agent run is performed but
there are no puppetmaster processes yet (I'm talking about puppetmaster
configured by Passenger, not the daemonized configuration).
When that happens usually I see something like this on the logs

Apr 18 09:59:19 ms1 puppet-master[5849]: Starting Puppet master version
3.3.2

My question would be: Should I always expect the puppet agent to somehow
spawn a puppetmaster process if there are none? Who's in charge of that?

In all versions of Passenger the default config will not start any
application processes. Once a request is received Passenger will start
the matching application process. This is the behavior you're seeing.

On a production server I recommend setting PassengerPreStart
https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerPreStart
which will automatically start an application process. Available in
Passenger 3+. However you can still end up with no Puppet master process
available depending on other settings.

I wrote some about how I tune Passenger for production Puppet master
loads here.
https://ask.puppet.com/question/13433/how-should-i-tune-passenger-to-run-puppet/

Ramin

--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/571515D5.5060206%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] how to check existences of a file in a ERB template?

2016-03-29 Thread Ramin K


On 3/28/16 12:44 PM, Sans wrote:

Hi there,

I'm setting up a multi-tenancy WordPress environment, where multiple
sites are structured as: /var/www/. Long story short: I want
to put a line in the wp-config.php based on existences of a file in
wp-content (under each site_location, provided by my users) directory,
which I don't actively managed. So, I have this in the template that
generates the wp-config.php file:

|
<%-ifFile.exist?('/var/www/'+@title+'/wp-content/wp-extra-config.php')-%>
require_once(ABSPATH . 'wp-content/wp-extra-config.php');
<%-end-%>
|

where @title is the site_name that comes from a hiera hash. But it's not
working and I think the reason being Puppet checking the existences of
|wp-extra-config.php| file on the master during the compilation, hence
setting it as false, for obvious reason. I cannot have it as a fact,
because of the multi-tenancy and existences of that file varies from
project to project. How do I go around this issue?

-San


I think it's simpler to make PHP do the work because templates are 
evaluated on the master.


if(file_exists('/var/www/<%= @title %>/wp-content/wp-extra-config.php')'))
  require_once(ABSPATH . 'wp-content/wp-extra-config.php');

Or whatever the if PHP syntax would be

Ramin

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56FAD1E0.1050309%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] odd puppet-lint config problems

2016-01-20 Thread Ramin K


On 1/20/16 1:33 PM, Garrett Honeycutt wrote:

Hi Ramin,

It sounds like you have a repo with a bunch of modules as opposed to one
repo per module. Recommend using a script that calls puppet-lint with
the arguments that you would like and integrating that into a pre-commit
check or a build pipeline.

I never use .puppt-lint.rc, instead you would normally have a
Rakefile[1] that would configure puppet-lint and run the tests with
`rake lint`.

See my last post under the subject 'Slightly Off-Topic: CI Test of
Puppet module fail' for how to configure it that way.

[1] - https://github.com/ghoneycutt/puppet-module-ssh/blob/master/Rakefile

Best regards,
-g



	Thanks for the hint. A Rakefile will work and would be a nice place to 
do environment sanity checks too.


Ramin

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56A04E2B.2080600%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] odd puppet-lint config problems

2016-01-20 Thread Ramin K

I'm doing some work around distributing a puppet-lint wrapper 
internally. Ideally I want a wrapper that reads a custom .puppet-lint.rc 
within the repo and the rc file is --only-checks so we can enable new 
checks as the codebase is ready to be stricter.


The problems I'm running into are

1. .puppet-lint.rc seems to be additive loading ~/.puppet-lint.rc, 
./.puppet-lint.rc AND --conf path/to/.puppet-lint.rc


2. .puppet-lint.rc doesn't support --only-checks syntax

Has anyone done something similar and did you have to modify optparse.rb 
and other Ruby code with puppet-lint to get it to work?


Ramin

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/569FF95F.1010704%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Could not evaluate: Could not retrieve information from environment production source(s) file

2016-01-17 Thread Ramin K


Covered in the docs, https://docs.puppetlabs.com/guides/file_serving.html

remove the string "files/" from the source statement within your file 
resource.


Ramin

On 1/17/2016 5:44 AM, Juanma Lainez wrote:

Hi there,

I am new on puppet, got a test lab of two ubuntu 14.04 servers, same
network installed puppetmaster and agent successfully, installed
certificates and could get the initial catalog  and sync invoking puppet
agent --test without issues.

I tried to push a test file from the master for testing, without success

PuupetMaster: srv1
node: srv2

*site.pp file*
#/etc/puppet/manifests/site.pp
node default {}
node 'srv2'{include test}

*Test Module directories and files
*#/etc/puppet/modules/test*
*#/etc/puppet/modules/test/files/test.txt
#/etc/puppet/modules/test/manifests/init.pp
class test {

file {'test.txt':
 source => 'puppet:///modules/test/files/test.txt',
 path => '/usr/local/bin/test.txt',
 ensure => 'present',
 owner => 'root',
 group => 'root',
 mode => 0700,
}

}

when I run puppet agent --test on srv2 node this is the output
*
root@srv2:/# puppet agent --test
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for srv2.home
Info: Applying configuration version '1453038058'
Error: /Stage[main]/Test/File[test.txt]: Could not evaluate: Could not
retrieve information from environment production source(s)
puppet:///modules/test/files/test.txt
Notice: Finished catalog run in 0.07 seconds

*the file definitely is on the master*
root@srv1:/# ls -hal /etc/puppet/modules/test/files/test.txt
-rw-r--r-- 1 root root 0 Jan 17 13:38
/etc/puppet/modules/test/files/test.txt


*As I said I am new on Puppet, creating modules and classes, did not
have a problem when run this as single manifest, any given help will be
very much appreciated

Juan

--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com
.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/66e73c75-e79d-4d2a-accc-598e1d90b88c%40googlegroups.com
.
For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/569C2DC1.1040800%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Rubygem not visible to puppet

2016-01-08 Thread Ramin K


On 1/8/16 3:14 AM, Fraser Goffin wrote:

Puppet Version: 4.3.1
OS: Centos 7

Note: I am running MASTERLESS

I used this to install a gem :-

package { 'rubyzip':
 ensure   => present,
 provider => 'gem',
}

It installed fine, in this location :
/usr/local/share/gems/gems/rubyzip-1.1.7

gem env shows that the parent folder is on the gem path :-

   - GEM PATHS:
  - /home/vagrant/.gem/ruby
  - /usr/share/gems
  - /usr/local/share/gems

However, when a Puppet manifest attempts to make use of that gem, it
can't find it.

Puppet has its own location for gems, in this particular install its :
/opt/puppetlabs/puppet/lib/ruby/gems/2.1.0/gems

If I change the package to include that directory as an install option,
the gem is indeed installed there and Puppet can use it :-

   package { 'rubyzip':
 ensure   => present,
 provider => 'gem',
 install_options => {
 '--install-dir' => "/opt/puppetlabs/puppet/lib/ruby/gems/2.1.0"
   }
   }

However, this approach seems a bit of a hack and one that will
ultimately create a maintenance overhead as/when Puppet's version of
Ruby is updated, not to mention that we also run Puppet on other
platforms (including Windows) which have different paths. I could handle
that but it seems like there must be a better way of making this work
cross platform without resorting to hard-coded paths even if that is
parametrized.

Has anyone got a suggestion how to solve this one more elegantly?


You might create Gemfile/Gemfile.lock files that manage the versions you 
expect Puppet to use.


# example code, I'm sure none of the paths and
# checks are actually correct.
# install bundler
exec { 'puppetserver install bundler':
  command => 'puppetserver gem install bundler --no-ri --no-rdoc',
  unless  => 'puppetserver gem list | grep bundler',
}

# managed your Gemfile/Gemfile.lock as part of the repo
exec { 'puppet gems bundle install':
  command => '/opt/puppetlabs/puppet/bin/bundle 
/etc/puppetlabs/gems/Gemfile',

  unless => 'bundle check',
}

Ramin

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/568FF805.6050701%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] POC Update for PuppetForce Apache Module

2016-01-05 Thread Ramin K

Run as different users. Run with different modules. Even different mpms.
Fairly common scenario in shared web hosting.

Ramin

On 1/5/16 9:26 AM, Evan Hisey wrote:

AJ-
Out of curiosity why would you want more than one instance of apache
per host? I can't think of a situation that can't be handled by a single
apache server other than maybe running to different versions of apache
at once, and I am not sure when I would need to do that.

Evan

On Tue, Jan 5, 2016 at 10:50 AM, Hunter Haugen > wrote:

Hi AJ!

Ooo, this sounds like a desirable feature for the apache module.

On Tue, Jan 5, 2016 at 5:14 AM, A J > wrote:

Hello,

I am new to distributed development and Puppet. The one thing
that was bothering since I started learning this product is the
lack of ability to run more than one instance of Apache per host.

I actually like the PuppetForge Apache module for the most part,
so I have made some changes to it as a Proof-of-Concept for
RedHat that allows you to run multiple instances.

My question is that I get confused by the documentation, etc. on
how best to submit this for review to the community, without
actually causing any problems.

Could someone help direct me as to the correct way to make this
submission?

Our docs on this are basically what is described in
https://github.com/puppetlabs/puppetlabs-apache/blob/master/CONTRIBUTING.md
though it is not very verbose. Github documentation on creating a
pull request is at
https://help.github.com/articles/creating-a-pull-request/

If you have contributions to CONTRIBUTING.md (hah) then the master
copy is held at

https://github.com/puppetlabs/modulesync_configs/blob/master/moduleroot/CONTRIBUTING.md

It also helps speed up the process if you ping us on the #puppet-dev
freenode channel and get real-time feedback.

https://groups.google.com/d/msgid/puppet-users/CAJaQvGDmeyH_D-D_MDjDO-0GGO7kvAWgNG4%2BUUD%2B6nxOaQ9DNQ%40mail.gmail.com

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com
.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAEcFzYxb%2BVdiGfonJ5qapqwJg4s5dNoiaDm3Q0pyRUPs-OHcEA%40mail.gmail.com
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/568C04FE.3050605%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: The right way to create Hiera resources?

2015-10-14 Thread Ramin K


On 10/14/15 12:33 PM, Marc Teale wrote:


So I'm asking if there's a best practices method of creating foobar
instances from Hiera definitions, be it in another module that does
nothing but run create_resources(foobar::instance), modifying the module
and then submitting a pull request, or...?

Thanks,
Marc


	The community answer so far has been to wrap it in a profile class. A 
wrapper classes solves the problem of the lookup for creating the 
instances and anything else that might need to be done per instance that 
is unique to your environment.


	I did a talk earlier this year talking about what goes into profile 
classes and what problems they solve. Full txt of the talk is also in 
the repo.


https://github.com/rkhatibi/sipmug-feb2015/blob/master/Role-Profile-%20What%20goes%20in%20the%20profile%20part.pdf

Ramin

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/561EB5CC.4050108%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] automating mysql my.cnf with puppet

2015-09-15 Thread Ramin K


On 9/15/15 12:59 PM, Tim Dunphy wrote:

Hey guys,

  Is there any other way to automate this setting in my.cnf:

server-id=1

So that if the host is db1 it'll get a value of 1, for db2 a value of 2,
for db3 a value of 3 and db4 a value of 4?


Don't bother. Assigning the number manually and incrementally while 
satisfying to our collective sense of order providers no value whatsoever.


What I would recommend is making it a unique 32 bit number which is all 
the is necessary via one of these methods.


server_id = <% require 'ipaddr'%><%= IPAddr.new(@ipaddress).to_i %>
server_id = fqdn_rand(2147483647).

Ramin

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/55F87C54.4070404%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] automating mysql my.cnf with puppet

2015-09-15 Thread Ramin K


On 9/15/15 1:15 PM, Ramin K wrote:


server_id = <% require 'ipaddr'%><%= IPAddr.new(@ipaddress).to_i %>
server_id = fqdn_rand(2147483647).


that last should have been <%= scope.function_fqdn_rand(2147483647) %> 
assuming it was also in a template.


Ramin

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/55F87CFB.5020103%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] (Amazon linux AMI) passenger starts but something is off?

2015-09-08 Thread Ramin K

You seem to have Ruby 2.0 and Ruby 1.8.7 in some of the logs below. I'd 
suspect that you've installed Passenger into one Ruby while Puppet is 
trying to run in the other.


Ramin

On 9/7/15 8:05 AM, Snd Lt wrote:

I'm trying to move over to AWS. Been installing puppet open source on
Amazon Linux AMI.
After hours of struggle, finally got passenger(ruby rack) to start.
("/var/log/httpd/error_log" been saying it can't find passenger rack to
start but I provided correct ruby path now).

But https://master:8140 is displaying "We're sorry, but something went
wrong"
I usually get this when something around in "/etc/puppet" is off. (Last
time it did this, I got rid of hiera yaml statements and it returned to
normal).

 [root@master httpd]# ruby -v
 ruby 2.0.0p647 (2015-08-18) [x86_64-linux]
 [root@master httpd]# gem install bundler
 Fetching: bundler-1.10.6.gem (100%)
 Successfully installed bundler-1.10.6
 Parsing documentation for bundler-1.10.6
 Installing ri documentation for bundler-1.10.6
 Done installing documentation for bundler after 6 seconds
 1 gem installed
 [root@master httpd]# bundle -v
 bash: bundle: command not found

(/var/log/puppet/masterhttp.log)

 [2015-09-07 03:29:36] INFO  WEBrick 1.3.1
 [2015-09-07 03:29:36] INFO  ruby 1.8.7 (2013-06-27) [x86_64-linux]
 [2015-09-07 03:29:46] INFO  WEBrick::HTTPServer#start done.

(/var/log/httpd/error_log)

 [ 2015-09-07 13:56:34.8445 4134/7fdf9b482700
App/Implementation.cpp:303 ]: Could not spawn process for application
/usr/share/puppet/rack/puppetmasterd: An error occured while starting up
the preloader.
   Error ID: f8296d07
   Error details saved to: /tmp/passenger-error-uiiXv3.html
   Message from application: cannot load such file --
puppet/application/master (LoadError)

/usr/share/ruby/vendor_ruby/2.0/rubygems/core_ext/kernel_require.rb:55:in 
`require'

/usr/share/ruby/vendor_ruby/2.0/rubygems/core_ext/kernel_require.rb:55:in 
`require'
   /usr/share/puppet/rack/puppetmasterd/config.ru:13:in `block in
'

/usr/local/share/ruby/gems/2.0/gems/rack-1.6.4/lib/rack/builder.rb:55:in
`instance_eval'

/usr/local/share/ruby/gems/2.0/gems/rack-1.6.4/lib/rack/builder.rb:55:in
`initialize'
   /usr/share/puppet/rack/puppetmasterd/config.ru:1:in `new'
   /usr/share/puppet/rack/puppetmasterd/config.ru:1:in `'

/usr/local/share/ruby/gems/2.0/gems/passenger-5.0.16/helper-scripts/rack-preloader.rb:107:in
`eval'

/usr/local/share/ruby/gems/2.0/gems/passenger-5.0.16/helper-scripts/rack-preloader.rb:107:in
`preload_app'

/usr/local/share/ruby/gems/2.0/gems/passenger-5.0.16/helper-scripts/rack-preloader.rb:153:in
`'

/usr/local/share/ruby/gems/2.0/gems/passenger-5.0.16/helper-scripts/rack-preloader.rb:29:in
`'

/usr/local/share/ruby/gems/2.0/gems/passenger-5.0.16/helper-scripts/rack-preloader.rb:28:in
`'
 [ 2015-09-07 13:56:34.8482 4134/7fdf95c66700
age/Cor/Req/CheckoutSession.cpp:252 ]: [Client 1-1] Cannot checkout
session because a spawning error occurred. The identifier of the error
is f8296d07. Please see earlier logs for details about the error.

(/tmp/passenger-error-uiiXv3.html)

  
 Error ID
 f8296d07
 Application root

/usr/share/puppet/rack/puppetmasterd
 Environment (value of
RAILS_ENV, RACK_ENV, WSGI_ENV, NODE_ENV and PASSENGER_APP_ENV)
 production
 Ruby interpreter
command

/usr/bin/ruby2.0
 User and groups
 uid=99(nobody)
gid=99(nobody) groups=99(nobody)
 
 Environment variables
 TERM = vt100
 PATH = /sbin:/usr/sbin:/bin:/usr/bin
 PWD = /usr/share/puppet/rack/puppetmasterd
 LANG = C
 SHLVL = 2
 _ = /usr/sbin/httpd
 PASSENGER_USE_FEEDBACK_FD = true
 SERVER_SOFTWARE = Apache/2.2.31 (Unix) DAV/2
Phusion_Passenger/5.0.16
 PASSENGER_DEBUG_DIR = /tmp/passenger.spawn-debug.My9EAX

(etc/puppet/puppet.conf)

 [main]
 # The Puppet log directory.
 # The default value is '$vardir/log'.
 logdir = /var/log/puppet
 # Where Puppet PID files are kept.
 # The default value is '$vardir/run'.
 rundir = /var/run/puppet
 # Where SSL certificates are kept.
 # The default value is '$confdir/ssl'.
 ssldir = $vardir/ssl
 certname = master
 dns_alt_names = puppet,puppetmaster
 [master]
 environmentpath = $confdir/environments
 basemodulepath = $confdir/modules:/opt/puppet/share/modules
 [agent]
 # The file in which puppetd stores a list of the classes
 # associated with the retrieved configuratiion.  Can be loaded in
 # the separate ``puppet``

Re: [Puppet Users] Memory leak in Passenger ?

2015-07-24 Thread Ramin K


On 7/24/15 12:56 AM, Michael Wörz wrote:

Hello,

in the past months we are observing raising memory usage on our puppet
server and we have to restart it once a week when it starts swapping.

Mainly there are 5 Passenger processes that are running for days and
using about 15-20% of memory each.

System has 4 GB of memory and is serving about 1600 Clients.

- rpm -qa | grep  passenger
ruby193-rubygem-passenger-native-libs-4.0.18-9.8.el6.x86_64
rubygem-passenger-native-libs-4.0.18-9.8.el6.x86_64
mod_passenger-4.0.18-9.8.el6.x86_64
rubygem-passenger-4.0.18-9.8.el6.x86_64
rubygem-passenger-native-4.0.18-9.8.el6.x86_64
ruby193-rubygem-passenger-native-4.0.18-9.8.el6.x86_64
ruby193-rubygem-passenger-4.0.18-9.8.el6.x86_64

- cat /etc/redhat-release
CentOS release 6.6 (Final)

- rpm -qa | grep  puppet
puppet-server-3.8.1-1.el6.noarch


There were some reports of memory growth in Puppet masters starting with 
late 3.6 and definitely in 3.7. I don't recall if a ticket was ever 
generated.


One workaround is a to set PassengerMaxRequests = 1 so that your 
Puppet master processes are recycled sooner. This should keep RAM usage 
below 200-250MB per process.


Ramin

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/55B26FCC.4000106%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Running the Puppet 4 master from the AIO package (especially passenger/rack)

2015-07-17 Thread Ramin K

On 7/17/15 2:25 PM, Felix Frank wrote:

On 07/17/2015 10:08 PM, Felix Frank wrote:

Hi list,

I'm currently trying to get Puppet 4 to work with nginx/passenger. I had
that working with Puppet 3.x pretty well, but the new packaging stumps me.

For one, the config.ru file is no longer being packaged, apparently.
It's missing from my systems regardless of whether puppet-agent or even
puppetserver are installed (having it in the latter would be kind of
weird, too, I guess).

Now I can retrieve the config.ru right from github, so that's not a
blocker. Next issue: The puppet user and group is now owned by package
puppetserver, apparently. Just getting the puppet-agent AIO will not
create it on my Debian 8 system. (The fact that there is not yet a
puppetserver package for jessie is an additional hinderance at this time.)

Currently, both WEBrick and Passenger error out on this testing VM
running Debian 8 with PC1.

There should probably be tickets for these issues, but I'd like to
gather some feedback first. Has anyone gotten their feet wet with
non-puppetserver masters that run 4.x?

Cheers,
Felix

Following up on that story: Creating puppet user and group helped,
apparently. But no dice with passenger.

Using the OS Ruby will not work, obviously, since /opt/puppetlabs/... is
not in its lookup path. Works as designed. But then the vendored Ruby
from that tree has no rack support.

I failed to install the passenger gem there as well, because apparently,
Phusion only supports Ruby up to 2.1.3, whereas Puppet bundles 2.1.6.

I did try to get system Ruby to load Puppet by adding this at the top of
config.ru:

$LOAD_PATH.unshift('/opt/puppetlabs/puppet/lib/ruby/vendor_ruby')

But no dice. Puppet still cannot be loaded because (apparently) system
Ruby's openssl support is not up to par. Now perhaps it's possible to
load even more stuff from the vendored Ruby, but this whole approach
feels horribly wrong anyway, so I'm stopping right here.

As it stands, I guess if I really want to run Puppet 4 through
Passenger, I will need to install from source. Thoughts?

Thanks,
Felix

I wrote a how-to on using different Rubies for your Puppet master and am
using it to run a Ruby 2.1.6/Puppet 3.7.x master. I would attempt
something similar in your case.

http://ask.puppetlabs.com/question/16983/performance-improvements-without-updating-to-puppet-server/

Install Passenger 4.x via packages. Doesn't need to be built on the Ruby
you plan to use.

Point to /opt/puppetlabs ruby via PassengerRuby vhost directive.

Other than those two steps, it sounds like you're pretty close.

Ramin

--
You received this message because you are subscribed to the Google Groups Puppet
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/55A97952.9030403%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] A case for git (SVN vs Git)

2015-06-12 Thread Ramin K


On 6/12/15 10:57 AM, Corey Osman wrote:

I have been tasked with an assignment to come up with a document for non 
technical decision makers to “chose Git over SVN”, since non technical people 
view VCS is all the same. With regards to Puppet I think its a horrible idea to 
use SVN but how do we prove it for decision makers that have no reference?.   
If you have given this argument before or want to add your advice, opinion, 
reasons, stories, feel free to clone this repo and merge your input. Spencer 
Krum has agreed to put this document into an official puppet community repo 
https://github.com/puppet-community once the document reaches a good state.   
The idea here is if you encounter this situation in the future there will be a 
document to hand to somebody to say “Here read this”.  So if you like BeerOps, 
check this out (literally).

https://github.com/logicminds/A-Case-For-Git.git


Corey



	Being somewhat in the middle of a similar conversation at $dayjob I 
believe it's a mistake to focus on the technology rather than the 
outcome. I would focus on workflow, integration, and tooling instead. 
Particularly the local branch per feature or ticket to review board to 
merge to release branch is flexible, powerful, and relatively easy to 
understand.


You'll find yourself about 900x more agile with git or the like - 
Binford2k


Remove. If you want to make this point run a benchmark and link it.

Ramin

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/557B218F.8040809%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] How extend a module

2015-06-10 Thread Ramin K


On 6/10/15 1:03 PM, Albert Shih wrote:

Hi,

I would like to known if it's possible to extend a module without touching
the module.

I mean let's take sample :

   If I want use

 apache (from puppetlabs)

   but each time I create a vhost with

 apache::vhost { 'thing' : }

   i want also add a nagios check on my nagios server.

For that I can :

   Change a small amount of code inside the module apache.

 -- not very complicated but each time they are a update I need to redo
 the modification.

   Create my own module who just call the official apache module. But that's
   suck too because they are ton of parameter. Of course I don't need all of
   them, but with time this module going to grow. And I get same problem
   with update.

So are they some technics to do that ? In other way how you do that ?

Regards
--
Albert Shih
Heure local/Local time:
mer 10 jui 2015 21:55:53 CEST



IMO it's best to deal with local methodology in a profile class that 
wraps your model. I've written a few pages about how I approach the 
problem as well a short presentation. Should give you a few ideas about 
how to approach it.


https://ask.puppetlabs.com/question/5235/what-goes-in-the-profile-part-of-roleprofile/
https://github.com/rkhatibi/sipmug-feb2015

Ramin

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5578C018.8010609%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet Dashboard on Centos 7

2015-05-13 Thread Ramin K


On 5/13/15 10:22 AM, Ramin K wrote:

Centos shops 2.0


argh. Centos 7 ships 2.0

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5553888D.30408%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet Dashboard on Centos 7

2015-05-13 Thread Ramin K


On 5/13/15 9:16 AM, Gabriele Angeli wrote:

Hi guys,

I tried to install puppet dashboard on Centos 7.

I installed  the right repository for Centos 7 (puppetlabs.repo) but
when I launch the command yum install puppet-dashboard the result is
the following:


*No package puppet-dashboard available.*
*Error: Nothing to do*



puppet-dashboard only works on systems that have Ruby 1.8.7. Centos 
shops 2.0. You can use the src files, RVM, Passenger4, gem install into 
RVM ruby 1.8, etc etc which will work, but requires you to know how all 
those technologies fit together. If you're dead set on using the 
dashboard that has been EOL'ed since 2012, you can use the community 
updated edition which should work with 2.0.


https://github.com/sodabrew/puppet-dashboard/

Other dashboard you might consider are http://theforeman.org/ and 
https://github.com/puppet-community/puppetboard


Ramin

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/55538842.6010406%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] second run of puppetd creates a new SSL key

2015-05-12 Thread Ramin K


On 5/12/15 10:48 AM, Ed Deloye wrote:

We recently upgraded puppet to 2.7.26 with the puppetmaster running
CentOS 6.6.

Building a new RHEL5 system using kickstart, after the first reboot
puppetd runs and creates a new SSL key which is autosigned by the
puppetmaster. At the completion of the puppetd run the system reboots.
When puppetd starts again it creates another new SSL key and then it
cannot communicate with the puppetmaster:

messages from /var/log/messages:

May 12 13:24:29 lwsgb008 puppetd[3488]: Creating a new SSL key for
lwsgb008.internal.rfmd.com
May 12 13:24:29 lwsgb008 puppetd[3488]: Caching certificate for ca
May 12 13:24:29 lwsgb008 puppetd[3488]: Caching certificate for
lwsgb008.internal.rfmd.com
May 12 13:24:29 lwsgb008 puppetd[3488]: Expiring the certificate cache
of lwsgb008.internal.rfmd.com
May 12 13:24:29 lwsgb008 puppetd[3488]: Removing file
Puppet::SSL::Certificate lwsgb008.internal.rfmd.com at
'/var/puppet/ssl/certs/lwsgb008.internal.rfmd.com.pem'
May 12 13:24:29 lwsgb008 puppetd[3488]: Retrieved certificate does not
match private key
May 12 13:24:30 lwsgb008 puppetd[3488]: Creating a new SSL certificate
request for lwsgb008.internal.rfmd.com
May 12 13:24:30 lwsgb008 puppetd[3488]: Could not request certificate:
Error 400 on SERVER: lwsgb008.internal.rfmd.com already has a signed
certificate; ignoring certificate request

Has anyone seen this behavior?


	I've run into roughly the same scenario. I would run a find for the 
cert suspecting that you'll find it two places. My guess is that the 
defaults in your Puppet package are changing due to an upgrade of the 
agent. Or a change in the puppet.conf between runs. In my case the 
initial run was using /home/someuser/.puppet/ and then moving to 
/var/lib/puppet/ssl/ on the second run. Or it might have been the reverse.


Ramin

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/55524AE8.9000109%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] hiera - multiple yaml backends

2015-02-09 Thread Ramin K

In the past I've used yaml for Ops and json for Dev. That worked well
and it was mostly automated scripts that we dropping files into a
different path.

While it's much more work you might consider Redis as a Hiera backend
coupled with an http user interface and api. I did some work around
allowing Jenkins to post to an API to update new version for Puppet to
push. I stole the idea directly from this talk at the 2013 Puppet COnf.

Ramin

On 2/9/15 12:12 PM, Brett Swift wrote:

I'm wondering if anyone has this unique use case.

We're going to experiment by giving our ops team their own hieradata
repository, and keep our internal repository separate.

(If you're curious, we'll be giving them control over the %{::hostname}
tier, and we'll keep common / roles / project layers in the
hierarchy tied at the 'dev' hieradata).

The reason we're trying this is to experiment with different controls
over different repositories. Ops owns one, so they don't have to have
the rigor of feature branches and pull requests and the rest of the SDLC
that comes with our dynamic environment testing approach.

*Ultimately: *I want this:

|
:backends:
-opsyaml
-yaml
:yaml:
:datadir:/etc/puppetlabs/puppet/hieradata/%{::environment}
:opsyaml:
:datadir:/etc/puppetlabs/puppet/hostdata
:extension:yaml
|

but am limited because of this
code:
https://github.com/puppetlabs/hiera/blob/60f9d2d4b8b36e6dd47c3713dd64dc793b9745c0/lib/hiera/config.rb#L74-L82

*Possible solutions:*
*
*
1) create our own simple backend
2) symlink hostyaml_backend.rb to yaml_backend.rb
3) use eyaml, and yaml backends, just because it's easy .. :)

Does anyone have the same requirements? What worked for you?

--
You received this message because you are subscribed to the Google
Groups Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com
mailto:puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/73086f39-fbe9-4a51-bdde-e562de88efe8%40googlegroups.com
https://groups.google.com/d/msgid/puppet-users/73086f39-fbe9-4a51-bdde-e562de88efe8%40googlegroups.com?utm_medium=emailutm_source=footer.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups Puppet
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/54D91A86.20707%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] hiera - multiple yaml backends

2015-02-09 Thread Ramin K

gah, link is https://www.youtube.com/watch?v=7NBJAC10ato

On 2/9/15 12:37 PM, Ramin K wrote:

In the past I've used yaml for Ops and json for Dev. That worked
well and it was mostly automated scripts that we dropping files into a
different path.

While it's much more work you might consider Redis as a Hiera
backend coupled with an http user interface and api. I did some work
around allowing Jenkins to post to an API to update new version for
Puppet to push. I stole the idea directly from this talk at the 2013
Puppet COnf.

Ramin

On 2/9/15 12:12 PM, Brett Swift wrote:

I'm wondering if anyone has this unique use case.

We're going to experiment by giving our ops team their own hieradata
repository, and keep our internal repository separate.

(If you're curious, we'll be giving them control over the %{::hostname}
tier, and we'll keep common / roles / project layers in the
hierarchy tied at the 'dev' hieradata).

*Ultimately: *I want this:

|
:backends:
-opsyaml
-yaml
:yaml:
:datadir:/etc/puppetlabs/puppet/hieradata/%{::environment}
:opsyaml:
:datadir:/etc/puppetlabs/puppet/hostdata
:extension:yaml
|

but am limited because of this
code:
https://github.com/puppetlabs/hiera/blob/60f9d2d4b8b36e6dd47c3713dd64dc793b9745c0/lib/hiera/config.rb#L74-L82

*Possible solutions:*
*
*
1) create our own simple backend
2) symlink hostyaml_backend.rb to yaml_backend.rb
3) use eyaml, and yaml backends, just because it's easy .. :)

Does anyone have the same requirements? What worked for you?

https://groups.google.com/d/msgid/puppet-users/73086f39-fbe9-4a51-bdde-e562de88efe8%40googlegroups.com?utm_medium=emailutm_source=footer.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups Puppet
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/54D91BFE.1070309%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: puppet-dashboard 2.0.0 (open source) and postgresq 8.4l tuning

2014-12-19 Thread Ramin K

	I would trim down the number of dashboard processes you need to a max 
of 2-4, a min of 1, and recycle every 10k requests. You can set all of 
that in the vhost IIRC. The Passenger docs are pretty good in the that 
regard.


Ramin

On 12/19/2014 12:48 PM, Gav wrote:

Pete, what version of Passenger are you running? I have deployed
puppet-dashboard 2.0.0 this week with Passenger 4.0.56 and Ruby 1.9.3,
but Passenger is just eating the memory.

-- Passenger processes ---
PIDVMSize PrivateName
--
5173   6525.1 MB  3553.0 MB  Passenger RackApp:
/local/puppet/dashboard/dashboard
5662   5352.7 MB  4900.8 MB  Passenger RackApp:
/local/puppet/dashboard/dashboard
5682   5736.8 MB  5307.1 MB  Passenger RackApp:
/local/puppet/dashboard/dashboard
8486   6525.2 MB  4469.5 MB  Passenger RackApp:
/local/puppet/dashboard/dashboard
10935  6525.0 MB  3282.3 MB  Passenger RackApp:
/local/puppet/dashboard/dashboard
11885  6380.3 MB  3905.9 MB  Passenger RackApp:
/local/puppet/dashboard/dashboard
20886  209.8 MB   0.1 MB PassengerWatchdog
20889  2554.9 MB  7.2 MB PassengerHelperAgent
20896  208.9 MB   0.0 MB PassengerLoggingAgent
21245  2602.8 MB  2268.6 MB  Passenger RackApp:
/local/puppet/dashboard/dashboard
22912  500.7 MB   115.4 MB   Passenger RackApp: /local/puppet/etc/rack
24873  6505.1 MB  3592.6 MB  Passenger RackApp:
/local/puppet/dashboard/dashboard
26226  1944.3 MB  1616.6 MB  Passenger RackApp:
/local/puppet/dashboard/dashboard
29012  6525.0 MB  3460.4 MB  Passenger RackApp:
/local/puppet/dashboard/dashboard
30564  4072.7 MB  3675.4 MB  Passenger RackApp:
/local/puppet/dashboard/dashboard
31060  3526.8 MB  3181.6 MB  Passenger RackApp:
/local/puppet/dashboard/dashboard
31733  6505.5 MB  5761.4 MB  Passenger RackApp:
/local/puppet/dashboard/dashboard
31740  6525.4 MB  5812.2 MB  Passenger RackApp:
/local/puppet/dashboard/dashboard
### Processes: 18
### Total private dirty RSS: 54910.21 MB

Any help would be appreciated.

Cheers,
Gavin

On Monday, 17 March 2014 20:29:26 UTC, Pete Hartman wrote:

I deployed the open source puppet-dashboard 2.0.0 this past weekend
for our production environment.  I did a fair amount of testing in
the lab to ensure I had the deployment down, and I deployed as a
passenger service knowing that we have a large environment and that
webrick wasn't likely to cut it.  Overall, it appears to be working
and behaving reasonably--I get the summary run status graph, etc,
the rest of the UI.  Load average on the box is high-ish but nothing
unreasonable, and I certainly appear to have headroom in memory and CPU.

However, when I click the export nodes as CSV link, it runs
forever (Hasn't stopped yet).

I looked into what the database was doing and it appears to be
looping over some unknown number of report_ids, doing

 7172 | dashboard | SELECT COUNT(*) FROM resource_statuses
WHERE resource_statuses.report_id = 39467 AND
resource_statuses.failed = 'f' AND (
IN ( | 00:00:15.575955
  :   SELECT resource_statuses.id
http://resource_statuses.id FROM resource_statuses

  : INNER JOIN resource_events ON
resource_statuses.id http://resource_statuses.id =
resource_events.resource_status_id

  : WHERE resource_events.status =
'noop'

  : )

  : )



I ran the inner join by hand and it takes roughly 2 - 3 minutes each
time.  The overall query appears to be running 8 minutes per report ID.

I've done a few things to tweak postgresql before this--it could
have been running longer earlier when I first noticed the problem.

I increased checkpoint segments to 32 from the default of 3, the
checkpoint_completion_target to 0.9 from the default of 0.5, and to
be able to observe what's going on I set stats_command_string to on.

Some other details: we have 3400 nodes (dashboard is only seeing
3290 or so, which is part of why I want this CSV report to determine
why it's a smaller number).  This postgresql instance is also the
instance supporting puppetdb, though obviously a separate database.
The resource statuses table has 47 million rows right now, and the
inner join returns 4.3 million.

I'm curious if anyone else is running this version on postgresql
with a large environment and if there are places I ought to be
looking to tune this so it will run faster, or if I need to be doing
something to shrink those tables without losing information, etc.

Thanks

Pete

--
You received this message because you are subscribed to the Google
Groups Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com
mailto:puppet-users+unsubscr...@googlegroups.com.
To view this

Re: [Puppet Users] variable server in puppet.conf does not work

2014-12-12 Thread Ramin K


On 12/12/14 9:18 AM, Josse B wrote:

Hello guys,

I'm installing puppet for the first time and i'm already struggleling to
follow the proper first steps.

On my agent node if i launch it with the command below everything goes
well :

ec2-user@ip-172-31-39-127:/etc/puppet puppet agent --test
--server=ec2-54-175-***-***.compute-1.amazonaws.com
Info: Caching certificate for ca
Info: csr_attributes file loading from
/home/ec2-user/.puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for
ip-172-31***-***.ec2.internal
Info: Certificate Request fingerprint (SHA256):
B1:0D:C5:44:D9:6*:20:37:ED:77:2B:46:03
Info: Caching certificate for ca

but if i configure the server variable in the puppet.conf file it does
not work anymore :

ec2-user@ip-172-31-***-***:/etc/puppet vi puppet.conf
 rundir = /var/run/puppet
 ssldir = $vardir/ssl

[agent]
 servername = ec2-54-175-***-***.compute-1.amazonaws.com
 classfile = $vardir/classes.txt
 localconfig = $vardir/localconfig


ec2-user@ip-172-31-***-***:/etc/puppet puppet agent --test
Error: Could not request certificate: getaddrinfo: Name or service not known


Do you know what's wrong?


You're using --server when it works and servername = when it doesn't. It 
should be server in both places.


Ramin

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/548B418D.8080201%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] puppet, hiera, and overrides

2014-12-08 Thread Ramin K


On 12/8/14 12:56 PM, Nathan Earixson wrote:

sudo -u puppet hiera --hash ssh::server_options environment=test
::kernel=Linux
{PermitRootLogin=no, ClientAliveInterval=540, TCPKeepAlive=yes}

|

I have tried this with AND without :merge_behavior: deeper set in the
hiera.yaml file.

Any ideas of what I am missing?


If you're using data bindings to lookup the hiera values, it will return 
a matching hash, but will not merge. You must explicitly use a 
hiera_hash call to get merging.


Ramin

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5486146B.4070308%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] puppet, hiera, and overrides

2014-12-08 Thread Ramin K

np. There is any interesting discussion on what to change in the future
here. https://tickets.puppetlabs.com/browse/HI-118

Ramin

On 12/8/14 1:37 PM, Nathan Earixson wrote:

Thank you. I get it now.

-n

On Monday, December 8, 2014 3:13:26 PM UTC-6, Ramin K wrote:

On 12/8/14 12:56 PM, Nathan Earixson wrote:
sudo -u puppet hiera --hash ssh::server_options environment=test
::kernel=Linux
{PermitRootLogin=no, ClientAliveInterval=540,
TCPKeepAlive=yes}

I have tried this with AND without :merge_behavior: deeper set in
the
hiera.yaml file.

Any ideas of what I am missing?

If you're using data bindings to lookup the hiera values, it will
return
a matching hash, but will not merge. You must explicitly use a
hiera_hash call to get merging.

Ramin

--
You received this message because you are subscribed to the Google
Groups Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com
mailto:puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/b1371998-455e-4fdf-9e5d-c712a66a5fbe%40googlegroups.com
https://groups.google.com/d/msgid/puppet-users/b1371998-455e-4fdf-9e5d-c712a66a5fbe%40googlegroups.com?utm_medium=emailutm_source=footer.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups Puppet
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/548622D4.2010500%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] compare two variables via regex

2014-12-05 Thread Ramin K


On 12/5/14 3:16 PM, Lori Cho wrote:

I have two variables and I want to compare them to each other.  However,
the regex doesn't return true, because it seems to treat the variable in
the // as a literal.

Something like this:

$variable1 = 'foo'
$variable2 = 'foobar'

if($variable2 =~ /$variable1/) {
 notify {it works:}
} else {
 notify {regex did not work:}
}

root@test-slincsplunk1101r(~)# puppet apply /srv/tmp/test.pp
notice: regex did not work
notice: /Stage[main]//Notify[regex did not work]/message: defined
'message' as 'regex did not work'


How can I do this?


The docs say it's not available. 
https://docs.puppetlabs.com/puppet/latest/reference/lang_datatypes.html#regular-expressions


Alternate forms of regex quoting are not allowed and Ruby-style 
variable interpolation is not available.


Ramin


--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/54825119.7020801%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Determining which master an agent is connected to

2014-12-03 Thread Ramin K

There is already a set of server facts available during a Puppet run.

https://docs.puppetlabs.com/puppet/latest/reference/lang_facts_and_builtin_vars.html#puppet-master-variables

Because you're running PE you should be able to query which servers are
using which server through mcollective.

Ramin

On 12/3/14 11:20 AM, Daren Arnold wrote:

Tony,

Thanks for your reply. I was hoping to avoid inspecting all of the
agents (either puppet.conf files or running puppet agent -t --debug)
manually. I am looking into an approach that involves creating an
external fact to query the value of 'server' in the puppet.conf. That
may be what you were suggesting? Either way, I'll post how that option
goes.

-Daren

On Wednesday, December 3, 2014 1:38:12 PM UTC-5, Tony Thayer wrote:

The agents should have the master defined in their puppet.conf file.
Failing that, you can manually run the agent on a system with
puppet agent -t --debug and look for entries that look like
Caching connection for https://puppet.local:8140;

- Tony

On Wednesday, December 3, 2014 7:25:36 AM UTC-8, Daren Arnold wrote:

Hello,

Newb question here. I have inherited a PE 3.3 setup that uses a
Puppet master hub, spoke and about 100 agents. The agents were
installed at various times - some were connected directly to the
hub and others connected to the spoke.

Is there a way to determine which agents are connected to the
hub versus the spoke? I couldn’t find a fact that reflected the
Puppet master. Also, the console doesn’t seem to provide this
information.

Thanks for any help you can provide.

Daren

--
You received this message because you are subscribed to the Google
Groups Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com
mailto:puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/770bda3a-3797-4469-8f07-ce68955b1d84%40googlegroups.com
https://groups.google.com/d/msgid/puppet-users/770bda3a-3797-4469-8f07-ce68955b1d84%40googlegroups.com?utm_medium=emailutm_source=footer.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups Puppet
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/547F6716.2040607%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Determining which master an agent is connected to

2014-12-03 Thread Ramin K

I'm not a PE user, but the config for the OSS version has a blacklist to
remove facts like uptime, path, ps, etc from the facts.yaml. I'd expect
PE to follow the same process. Might be worth opening a support request.

Ramin

On 12/3/14 1:25 PM, Daren Arnold wrote:

Hi Ramin,

Is this feature/variable turned on by default in PE 3.3? I am unable to
see a fact for 'servername'. I am probably trying to access it
incorrectly. To test, I issue an mco command:

mco inventory hostname

I don't see servername available.

Thanks for any additional help you can provide.

Daren

On Wednesday, December 3, 2014 2:40:14 PM UTC-5, Ramin K wrote:

There is already a set of server facts available during a Puppet run.

https://docs.puppetlabs.com/puppet/latest/reference/lang_facts_and_builtin_vars.html#puppet-master-variables

Because you're running PE you should be able to query which servers are
using which server through mcollective.

Ramin

On 12/3/14 11:20 AM, Daren Arnold wrote:
Tony,

Thanks for your reply. I was hoping to avoid inspecting all of the
agents (either puppet.conf files or running puppet agent -t --debug)
manually. I am looking into an approach that involves creating an
external fact to query the value of 'server' in the puppet.conf.
That
may be what you were suggesting? Either way, I'll post how that
option
goes.

-Daren

On Wednesday, December 3, 2014 1:38:12 PM UTC-5, Tony Thayer wrote:

The agents should have the master defined in their
puppet.conf file.
Failing that, you can manually run the agent on a system with
puppet agent -t --debug and look for entries that look like
Caching connection for https://puppet.local:8140;

- Tony

On Wednesday, December 3, 2014 7:25:36 AM UTC-8, Daren Arnold
wrote:

Hello,

Newb question here. I have inherited a PE 3.3 setup that
uses a
Puppet master hub, spoke and about 100 agents. The agents
were
installed at various times - some were connected directly
to the
hub and others connected to the spoke.

Is there a way to determine which agents are connected to
the
hub versus the spoke? I couldn’t find a fact that
reflected the
Puppet master. Also, the console doesn’t seem to provide
this
information.

Thanks for any help you can provide.

Daren

https://groups.google.com/d/msgid/puppet-users/770bda3a-3797-4469-8f07-ce68955b1d84%40googlegroups.com

https://groups.google.com/d/msgid/puppet-users/770bda3a-3797-4469-8f07-ce68955b1d84%40googlegroups.com?utm_medium=emailutm_source=footer

https://groups.google.com/d/msgid/puppet-users/770bda3a-3797-4469-8f07-ce68955b1d84%40googlegroups.com?utm_medium=emailutm_source=footer.

For more options, visit https://groups.google.com/d/optout
https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google
Groups Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com
mailto:puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/c2ab756e-8404-4cfd-8099-a28c82c6cd71%40googlegroups.com
https://groups.google.com/d/msgid/puppet-users/c2ab756e-8404-4cfd-8099-a28c82c6cd71%40googlegroups.com?utm_medium=emailutm_source=footer.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups Puppet
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/547F8B10.6010206%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Need advice about upgrade puppetmaster from ruby 1.8.7 to ruby 1.9.3

2014-12-02 Thread Ramin K


On 12/1/14 4:56 PM, josie.worker...@gmail.com wrote:

HI there,

I'm looking for any tips/pointers on how to upgrade an existing
puppetmaster installation (v3.2.3, using system ruby 1.8.7 on Centos 6u3).

We don't have RVM installed on the puppetmaster itself, as it's been
around since 2.x days and upgraded over time.

I've installed ruby 1.9.3 from the Centos SCL, and I've managed to
change all profiles to make use of this.

Last part I'm stuck at is how to make the puppetmaster itself use ruby
1.9.3, given the original installation has put the puppet gems
into /usr/lib/ruby/site_ruby/1.8/puppet.

Any help would be hugely appreciated.

Josie


The install is complicated and intricate. You will also need to remember 
how it works once it's up and running. If you have limited experience 
with Puppet, Ruby, Passenger, gem installs, strace, etc I do not 
recommend this. Do not attempt this on your current master, start with a 
new instance.


1. create a puppetmaster user, create dirs /etc/puppetmaster, 
/var/lib/puppetmaster Your new Puppet master will run as user puppetmaster.


2. Install Ruby 1.9.3 via SCL, rvm, rbenv, whatever. Leave system Ruby 
alone. The Puppet agent will continue to use system Ruby.


3. gem install puppet, hiera, and any other gems you currently use. I 
suggest making a Gemfile and using bundler to install all the needed 
gems. This will make it easier to clone you Puppet master in the future.


4. Install Passenger 4. Ideally from standard system packages, else gem 
install it in the Ruby you plan to use (scl, rvm, etc) for your Puppet 
master. You can get by with Passenger 3 if you install it into the Ruby 
you plan to use. Passenger 4 allows you to specify any Ruby binary per 
vhost.


5. Make sure Apache can load Passenger, if it can't fix the paths for 
PassengerRuby and the location of the Passenger module.


6. /etc/puppetmaster/puppetmaster.conf should be a master only config. 
Point vardir, ssldir, etc to /var/lib/puppetmaster/


[main]
confdir=/etc/puppetmaster
vardir=/var/lib/puppetmaster
ssldir=$vardir/ssl
# and any other path

7. edit the config.ru that points to your master config

ARGV  --config=/etc/puppetmaster/puppetmaster.conf

8. I forget what 8 was for.

9. edit the vhost to point to your new paths and configs

VirtualHost *:8140

# if you installed Passenger into a different Ruby than
# the one you installed Puppet into you'll need to tell
# it which to use. Only works for Passenger 4.
# PassengerRuby /home/puppetmaster/.rvm/gems/ruby-1.9.3-p545/wrappers/ruby

# no need to change paths here, but might be better
# to make your own /usr/share/puppetmaster/ dir so that
# you confuse the next admin less
  DocumentRoot /usr/share/puppet/rack/public
  Directory /usr/share/puppet/rack/public

10. Get your certs in order. Copy the ca, crl, etc from 
/var/lib/puppet/ssl/ into /var/lib/puppetmaster/ssl/ Make sure to fix 
ownership and permissions.


11. copy modules/manifests from /etc/puppet/ to /etc/puppetmaster/

12. Start the Puppet master. Spend an hour looking at logs and strace 
output to track down the paths and permissions you didn't get right the 
first time.


Final notes. Anytime you want to run commands against the master install 
you'll need to load the config. puppet cert --config 
/etc/puppetmaster/puppetmaster.conf and so on. Also updating the agent 
won't update the master which can only be updated via gems. Lots of 
things to forget in this setup.


Ramin

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/547E0629.3020204%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Need advice about upgrade puppetmaster from ruby 1.8.7 to ruby 1.9.3

2014-12-02 Thread Ramin K


On 12/2/14 10:34 AM, Ramin K wrote:

3. gem install puppet, hiera, and any other gems you currently use.


3. gem install puppet, hiera, and any other gems you currently use into 
the Ruby you want to use for your Puppet master.


I knew I'd miss something.

Ramin

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/547E06C9.2030303%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Need advice about upgrade puppetmaster from ruby 1.8.7 to ruby 1.9.3

2014-12-02 Thread Ramin K


On 12/2/14 11:04 AM, Riley Shott wrote:

The puppet_stack module will bring up a Puppet Master (additionally
the Foreman, and/or smart-proxy) using RVM,  Gems (Puppet, Facter,
Hiera, Passenger). We're using it for our production infrastructure,
and everything is a lot more performant with Ruby 2.0.0.

https://forge.puppetlabs.com/Ginja/puppet_stack
https://github.com/Ginja/puppet_stack

-Riley


I'm not a fan of sharing space with the agent in /var/lib/puppet or 
system wide RVM installs. However using that module does require much 
less sysadmin knowledge from the user.


Ramin

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/547E3679.4020808%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] basic hiera question

2014-11-19 Thread Ramin K


On 11/19/14 10:42 AM, Craig White wrote:

getting very frustrated and have covered the 7 or so pages on puppet's
documentation on hiera several times.

# cat hiera.yaml
---
:backends:
   - yaml
:hierarchy:
   - defaults
   - %{clientcert}
   - %{environment}
   - global
   - common
   - ldap
:yaml:
   :datadir: /etc/puppetlabs/puppet/hieradata

# cat hieradata/ldap.yaml
---
ldap:
   rootdn: cn=admin,dc=wl,dc=com
   rootpw: mySuperSecretPassword
   dn: dc=wl,dc=com
   directory: /var/lib/ldap

# hiera ldap
{rootdn=cn=admin,dc=wl,dc=com,
  rootpw=mySuperSecretPassword,
  dn=dc=wl,dc=com,
  directory=/var/lib/ldap}

# head -n 5 modules/wl/manifests/config.pp
# script to setup OpenLDAP

class wl::config () inherits wl {

   $rootpw = hiera('ldap::rootpw')

but unfortunately...

# puppet agent --test --debug
results in the error...
Error: Could not retrieve catalog from remote server: Error 400 on
SERVER: Could not find data item ldap::rootpw in any Hiera data file and
no default supplied at
/etc/puppetlabs/puppet/modules/wl/manifests/config.pp:5 on node $obscured
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

what am I doing wrong?


1. Your hierarchy isn't. You can call it common, global, default, or 
whatever else but you only get one and it goes at the bottom. If it's 
not at the bottom, it's not common, default or global. Clientcert goes 
at the top because it's the most specific.


:hierarchy:
  - %{clientcert}
  - %{environment}
  - common

https://ask.puppetlabs.com/question/3146/how-to-build-a-proper-hiera-hierarchy/

2. You're using a hash as your data. If you want to query for key 
ldap::rootpw, it'll look like the following.


ldap::rootdn:'cn=admin,dc=wl,dc=com'
ldap::rootpw:'mySuperSecretPassword'
ldap::dn:'dc=wl,dc=com'
ldap::directory: '/var/lib/ldap'

Note this has nothing to do with hiera_hash or hiera_array. 
http://ask.puppetlabs.com/question/13592/when-to-use-hiera-hiera_array-and-hiera_hash/


3. You're not using hiera-eyaml. Don't put clear txt passwords in your 
yaml files, use hiera-eyaml instead. It's really nice.


https://github.com/TomPoulton/hiera-eyaml

Ramin

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/546CE7AF.7030201%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Upgrading ruby to 2.1.x - paranoid question

2014-10-30 Thread Ramin K


On 10/30/14 4:43 AM, JonY wrote:

Would like to upgrade Ruby to the latest. To make everything on my
puppet server happy I need to remove the Ruby 1.8.7 that YUM installed.

When I run 'yum erase ruby' it looks like it will also remove puppet,
puppetdb, and so on. If I follow through with this:

- will a reinstall of puppet and puppetdb use the upgraded ruby?


No, the packages expect the version of Ruby they were built against. I 
don't believe Puppetdb cares about Ruby, it's a Clojure application.



- will they behave like they do now? (reasonably well)


No. 
https://docs.puppetlabs.com/puppet/latest/reference/system_requirements.html#ruby


It's never a good idea to replace system Ruby. If you need a different 
version install it into opt and point your local applications at it or 
use rvm/rbenv in a role account.


It is possible to run your Passenger 4.x based Puppet master under a 
Ruby installed via one of the methods above, but it's complicated. I 
don't recommend it unless you're very comfortable with the Passenger, 
Rack, rvm, Ruby, gem ecosystem.


Ramin

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/54527442.1070408%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppetmaster can't keep up with our 1400 nodes.

2014-10-30 Thread Ramin K


On 10/30/14 7:45 AM, Georgi Todorov wrote:

Hi group,

We have a VM with 24 E7-8857 v2 @ 3.00GHz cores and 32G of ram (on big
ESX hosts and fast backend) that is our foreman/puppetmaster with the
following tuning params:

Passanger:
   PassengerMaxRequests 1
   PassengerStatThrottleRate 180
   PassengerMaxRequestQueueSize 300
   PassengerMaxPoolSize 18
   PassengerMinInstances 1
   PassengerHighPerformance on


Puppet masters are CPU limited. I would increase MaxPoolSize until 
you're consistently using 80% of the CPU available. Do keep an eye on 
RAM usage as well. You may want to split your master into multiple parts 
if you're already consuming all the resources on your current hardware.


I wrote about tuning Passenger for Puppet masters here. 
http://ask.puppetlabs.com/question/13433/how-should-i-tune-passenger-to-run-puppet/


Ramin

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/545277CA.9080507%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: schedule metaparameter

2014-10-27 Thread Ramin K


On 10/27/14 7:43 AM, jcbollinger wrote:


On Friday, October 24, 2014 12:51:27 PM UTC-5, Mark Rosedale wrote:

Hello,

I'm looking to start to implement scheduling for certain resources
within puppet. My one question is this.

If I have a schedule set on resource 'foo' does that prohibit that
resource from being updated if I run puppet agent by hand? What I'm
wondering is if I end up needing to do puppet work manually, but am
outside of a my maintenance window do I have to edit my puppet code
to apply foo or can I override it somehow?

If you run the puppet agent with the --ignoreschedules option then it
will (attempt to) apply /all/ resources in the catalog, regardless of
any schedules.

I am not aware of any built-in mechanism to selectively ignore a subset
of schedules, but if that's something you anticipate wanting to do
regularly then you could build something into your manifest set to
support it, probably built around a custom fact.

John


Coupling the above with --tags $resource_name might give you the 
granularity you need.


https://docs.puppetlabs.com/puppet/latest/reference/lang_tags.html

Ramin


--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/544EBA46.7000306%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] hiera-eyaml - performance implications?

2014-10-24 Thread Ramin K


On 10/24/14 12:01 PM, Tim Skirvin wrote:

 I've started investigating hiera-eyaml as a tool for managing
secrets within our puppet repository.  It looks pretty promising,
especially in connection with 'show_diff = false'.  For those that
haven't seen it:

 http://puppetlabs.com/blog/encrypt-your-data-using-hiera-eyaml

 That said, I'm not sure what its performance implications are, and
how many decryption calls we can afford.  Has anybody played with this
enough to be able to know how how these decryption calls will affect
performance problems?

 More concretely: I'm currently supporting ~1250 nodes with two
fairly-hefty puppet servers, but we're not managing much in the way of
secrets.  If I were to, say, start managing the root password on all of
our nodes using this tool, should I expect our entirely environment to
melt down?

 - Tim Skirvin (tskir...@fnal.gov)



My experience is the same as Christopher's though our frontend servers 
pull 50+ encrypted keys for everything from db credentials to third 
party shared secrets per environment. I didn't notice a change when we 
switched to eyaml, but I also coupled it with a upgrade to Ruby 1.9.3 
from 1.8.7. Also we have only 150 nodes.


I'd say start slowly or on your stage master, but don't be surprised if 
adding a few keys fails to impact performance.


Ramin

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/544AA729.4070804%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet Master Disk usage management

2014-10-15 Thread Ramin K


On 10/15/14 9:11 AM, Mark Rosedale wrote:

Hello,

I'm running puppet  with puppetdb and puppet-dashboard all on my master.

I want to make sure that I don't get overrun with disk usage by either
the master (storing reports) or the dbs for puppetdb (I'm running
postgres) or puppet-dashboard (mysql).

I'm wondering what some people do to manage disk usage for each of these?


In regards to Puppet Dashboard, the Mysql based one, I wrote this up 
over a year ago

https://ask.puppetlabs.com/question/884/how-do-i-reduce-the-space-mysql-is-using-for-puppet-dashboard/

Remember just doing the prunes will not reclaim space. You must optimize 
the table in order to shrink it. And running the optimize will not 
reclaim space unless the table resides in its own file.


Ramin

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/543ECBBF.8040203%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] fstab dilemma - pounding on file_line and augeas

2014-10-13 Thread Ramin K


On 10/8/14 1:34 AM, Felix Frank wrote:

On 10/07/2014 10:21 PM, Ramin K wrote:


If you're taking feature requests while, it would be awesome if the
mount resource would allow you to mount without adding a line to fstab
at all.


Have you tried ensure = ghost?

This is off the top of my head, this state may be called something else.


Looking through the code it appears that ghost is an internal state, but 
not something that is exposed in the DSL.



Error: Failed to apply catalog: Parameter ensure failed on Mount[/mnt]: 
Invalid value ghost. Valid values are defined, unmounted, absent, 
mounted.  at environments/stage/modules/profile/manifests/disk/single.pp:10

Wrapped exception:
Invalid value ghost. Valid values are defined, unmounted, absent, 
mounted.


Ramin

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/543C39F1.8010504%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] fstab dilemma - pounding on file_line and augeas

2014-10-07 Thread Ramin K


On 10/7/14 1:17 PM, Felix Frank wrote:

On 10/07/2014 09:55 PM, Dan White wrote:

|Local hardening guidelines say that /usr/local and /var/log/audit
have to be separate partitions.
OK, so I make mount resources.

Now the problem:  The order of the mount points in /etc/fstab makes a
difference.
I had /usr/local before /usr, and at boot, the mount of /usr/local
failed because the mount point did not (yet) exist.

So I need to ensure the line for /usr/local comes AFTER the line for /usr.

HOW TO DO IT ? |


We've been pondering this very problem quite some times here - because
it really is a fundamental issue.

I've been thinking of patching the very mount provider to make sure of
this, but I haven't yet got around to it.

Currently, your easiest way out will likely be to make the mount
resources notify the exec of a
perl/shell/ruby/some-snake-that-everyone-likes-for-some-reason script to
repair fstab if need be.


If you're taking feature requests while, it would be awesome if the 
mount resource would allow you to mount without adding a line to fstab 
at all.


Willing to alpha/beta test. :-)

Ramin

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/54344B33.5000607%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Announce: Puppet Server 0.2.0

2014-09-29 Thread Ramin K


On 9/29/14 2:09 AM, Ken Barber wrote:



 The information around tuning Passenger/Puppet explicitly provided
by Puppet Labs was mostly crap.


Indeed, it was a bit of a black art because of this. It wasn't until
later that Passenger even added the ability to reasonably introspect
what was going on in Passenger.


It would be extremely useful for everyone if
there were 4-8 pages of serious and indepth docs specifically about running
puppet_server on the JVM. If that doesn't happen, you'll be fighting the
supposed poor performance of every un-tuned puppet_server installation for
years.


Sounds like something ticket-worthy to mention. We already have some
of this for PuppetDB, a lot of it is similar for this platform as
well. I'm pretty sure this will become a hot topic, so I doubt it will
be left alone. I expect the new puppet-server to incur more traffic
than PuppetDB for example, so they'll probably see issues we have not.


I can take a shot at it. Where's the best place to put it? Or if you 
want to file it, I'll update it. My list at the moment looks like 
following if anyone else wants to chime in.


Tuning
- puppet_server specific tuning for JVM 7/8/whatever.
- Call out the top five terrible go fast options that are commonly 
found in blog posts.

- Discussion of puppet_server bottlenecks. CPU. It's always CPU.

Operating
- The effects of of restarting, hard and graceful
- Discussion/support of log levels, where to log, etc.
- Haproxy in front, ssl termination, and other HA or throughput 
enhancing techniques.


Monitoring
  - status routes (is the puppet_server up and mostly working)
  - dependency routes (can puppet_server hit puppet_db, etc)

Statistics
 - some explanation of jmx
 - interesting keys. I'm not familiar, but I imagine it's like a MIB. 
We have an snmp MIB. Great which keys are the ones we should 
definitely monitor? No idea. Okay if I create a new load balancer 
where does that show up? No idea.


Ramin


--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5429C6B8.2040106%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Announce: Puppet Server 0.2.0

2014-09-28 Thread Ramin K

	More information along these lines, highlighting ease of use and tools 
for users to see their catalogs, will go along way towards soothing us 
touchy sysadmins. The performance gains while nice don't have the appeal 
of better troubleshooting. I'm happy to learn yet another stack, but I'd 
like to be sure I'm getting some thing more than the status quo.


	The information around tuning Passenger/Puppet explicitly provided by 
Puppet Labs was mostly crap. It would be extremely useful for everyone 
if there were 4-8 pages of serious and indepth docs specifically about 
running puppet_server on the JVM. If that doesn't happen, you'll be 
fighting the supposed poor performance of every un-tuned puppet_server 
installation for years.


Ramin

On 9/27/14 2:23 PM, Ken Barber wrote:

(1) at my current shop, there's an immense hatred of everything JVM. That's 
going to be a hard transition. Not to mention Puppet is the only place we
run Ruby, so it's nice and easy to let puppet do whatever it wants with Ruby. 
Not so much for installing JVMs that may break production (improperly
configured and installed, I'll grant) applications.


And rightly so - its had a bad history, but I must argue that largely
my hatred of JVM in the past wasn't the JVM per se, it was the
applications written for it. But I would gladly blame the JVM most
times. Also - most of the hatred I see in the industry is a lack of
understanding around the JVM. For me, I'm an old Perl programmer and
certainly making the transition over the last ~17 years was one I
fought against, more because of my own stubbornness I guess. But once
I started to actually study and learn about the tooling for JVM and
accepts its place in the application stack instead of just hating it,
my attitude began to change.

For example, I could never have understood memory usage in PuppetDB if
it was written in Ruby - never is probably too strong - but its hard
in Ruby to do this ... I have tried and it kind of sucks. But hey,
with clojure/jvm, I can use YourKit which gives me an almost
ludicrously simple way of seeing the memory flow. Point in case, we
used to use the urlencoded way of doing POST submissions for commands,
but when I analyzed command submission in Yourkit (live service mind
you) I quickly realized we had 2 objects, the encoded one and the
unencoded. Just think about that for a second - 2 copies of a very
large catalog in memory ... very wasteful :-). So yeah, we stopped
encoding, it wasn't needed anyway and halved our memory consumption
for command submissions and removed that processing need completely -
again thanks to JVM tooling. This work took at best a day or two,
including the patch I believe.

Same again for queries, we switched to streaming for this same reason
... versus loading up the answer and serving it all in one go ... we
now open a cursor on the db, and as answers come back we stream it via
HTTP. The Java core libraries and Clojure in particular are actually
very very good at doing streaming ... and on our platform streaming
becomes critical to reducing memory usage.

For me, I would only see the Erlang runtime coming close to this as a
serious contender (and perhaps the .Net framework/CLR might have
something here, but this isn't my area of expertise), and while the
tooling there for Erlang is pretty awesome, its not as evolved as the
JVM stuff. Don't get me wrong, I love Erlang too :-).


(2) I've gotta say, I'll really miss dropping log statements directly in the
puppet source when something seems wonky (and not having to compile
something).


Our answer to this for Clojure is usually a combination of NREPL and
(log/spy original item you want to see) from the
clojure.tools.logging library or #spy/d statements from the spy scope
library. Works great, and can wrap just about any variable as a nice
piece of magic to drop debug statements.

The nice thing here that we didn't have in Ruby is that NREPL allows
changes to a running service. So no need to stop/start the service to
see your debug lines.

I do this quite often for PuppetDB while developing, that is I have a
running PuppetDB instance and the PDB source code open in Emacs (with
the cider plugin for nrepl support already bootstrapped of course) ...
I modify the code ... save it ... hit Ctrl-C Ctrl-K ... and I see the
debug lines start to appear in the log. Its a far more rapid workflow
(to be clear: Emacs is only my choice, I believe there is NREPL
support in vim, eclipse, intellij and various other editors as well).

Oh yeah, and this can be done on real running systems also it doesn't
just have to be a dev workflow, you just need to have the NREPL port
exposed in your PDB config.ini:
https://docs.puppetlabs.com/puppetdb/2.2/configure.html#repl-settings.

ken.



--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.

Re: [Puppet Users] puppet + passenger issue

2014-09-15 Thread Ramin K

On 9/15/14 7:28 AM, Ryan Anderson wrote:

My 3.4.3 puppet master on RHEL6.5 is using apache+passenger (4.0.39). As
I've added more agents, I've increasingly hit situations where I get
numerous errors from the web server. The problem shows up as errors on
file resources from agents such as this:

Error 503 on SERVER: h1This website is under heavy load/h1pWe're
sorry, too many people are accessing this website at the same time.
We're working on this problem. Please try again later./p Could not
retrieve file metadata for puppet:///modules/foo/etc/cron.d/foo: Error
503 on SERVER: h1This website is under heavy load/h1pWe're sorry,
too many people are accessing this website at the same time. We're
working on this problem. Please try again later./p

I used the default passenger settings recommended in the Puppet Pro 2nd
Edition book, and have since increased the values thinking it would
help, but it hasn't. Here's the relevant apache settings:
LoadModule passenger_module
/usr/lib/ruby/gems/1.8/gems/passenger-4.0.39/buildout/apache2/mod_passenger.so
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-4.0.39
PassengerDefaultRuby /usr/bin/ruby
PassengerHighPerformance On
PassengerMaxPoolSize 20
PassengerMaxRequests 3000
PassengerPoolIdleTime 600

Any help is appreciated.

The 503 is coming from Passenger and is a sign that there are no free
processes to handle incoming requests. If you run sudo passenger-status
during these times you should see a number of requests in the queue.

Based on your config I would first check the performance of the master
during these periods. If you are using 100% of the CPU, then you may
want to reduce PassengerMaxPoolSize. The recommended
PassengerMaxPoolSize is # cores * 2 on physical hardware and as low as 1
on virtual machines. I'd try 1.5 as a starting point.

I would also check RAM usage. A Puppet master process can clock in as
high as 250 MB depending on catalog, exported resources, etc. You may
limit the PoolSize again based on RAM.

Lastly a properly set PassengerMaxPoolSize is the number of concurrent
requests you Puppet master can handle. If you reduce concurrent
requests, you may not need to increase your hardware allocation. You
might consider having your servers check in once per hour or using splay
to keep Puppet agent runs from clumping together. The usual sign is that
your Puppet master is using 5-10% CPU and then it jumps to 100% for 3-5
minutes.

If you like more information I've recently tried to write the
definitive Passenger/Puppet tuning guide after realizing most of the
information available is very poor and mostly out of date.

http://ask.puppetlabs.com/question/13433/how-should-i-tune-passenger-to-run-puppet/?answer=13434#post-id-13434

Ramin

--
You received this message because you are subscribed to the Google Groups Puppet
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/5417035F.60703%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Announce: Facter 2.2.0

2014-08-28 Thread Ramin K


On 8/28/14 8:13 AM, Matt Wise wrote:

I'll start out by saying that we've worked around the problem ... but,
when you're operating in cloud and constantly booting new machines,
dependencies like Facter are rarely explicitly versioned. That is to
say, often you will see someone pin the version of Puppet that they
install, but they may not pin the version of Facter because its just one
of many Puppet dependencies. That means that its unlikely that people


	We pin Facter and Puppet as well as pull the packages into our own 
repo. Puppet moves way too fast and touches way too many things not to 
lock it down.


Ramin

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/53FF666E.8040903%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Trying to install the Dashboard on Ubuntu 14

2014-08-27 Thread Ramin K


On 8/26/2014 5:41 PM, Jason Oakley wrote:


Do I have to install the Dashboard from tarball now? Which version?


Puppet Dashboard will only work with Ruby 1.8.7 and 14.03 ships with 
1.9.3. Puppetlabs EOL'ed the Dashboard over near two years ago. 
https://groups.google.com/forum/#!topic/puppet-announce/j44EbTJY7HI


However there is a community build that has updated it to work with more 
recent versions of Ruby.


https://github.com/sodabrew/puppet-dashboard

Ramin

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/53FD73F7.1010607%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Good PupptMaster/Passenger Guide w OSX 10 .9

2014-08-27 Thread Ramin K


On 8/26/2014 4:23 PM, keith.sta...@gmail.com wrote:

HI guys;

  after speaking with puppet labs and gettting the pricing for my site,
I thought it maybe cheaper to go open source. so I am asking for a good
guide you guys have used the following:

http://nullr0ute.com/2014/01/puppetmaster-on-apache-with-passenger-in-5-mins/
http://www.6tech.org/2013/01/how-to-install-puppet-open-source-on-centos-6-3/
http://darktraining.com/linux/105/
http://www.unixmen.com/install-puppet-server-centos-6-56-4/

all have given my the dreaded ruby error. I have updated the agent nodes
to the latest version of puppet/factor/hiera, but still get the error, I
have installed via RVM ruby 2.0, 2.1.2, and have seen passenger not
running ( passenger-status) and still get the ruby message from the clients.

so I am asking for  a little help and any links you guys can recommend

site info:
800 OSX machines 300 Windows

would like puppetmaster to be CentOS with passenger and dashboard or forman

Thanks in advance
Keith


Those are some awesomely horrible how-tos. The last one isn't too bad 
other than still recommending PassengerUseGlobalQueue which is not 
available in Passenger4 and on by default in Passenger3 IIRC.


The standard Passenger/Puppet master how-to should work fine for you. 
https://docs.puppetlabs.com/guides/passenger.html#install-apache-and-passenger


However you should completely ignore the step where they tell you to gem 
install rack passenger. Just use the standard packages from EPEL. 
They're probably called rubygems-rack and rubygems-passenger or some 
such. There is also no need to install RVM, scl ruby, or compile anything.


In regards to tuning Passenger I finally got around to writing down the 
configs you actually want to touch as well as listing all the parameters 
which are wrong, deprecated, and plain old broken.


http://ask.puppetlabs.com/question/13433/how-should-i-tune-passenger-to-run-puppet/

Ramin

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/53FD7C54.2000600%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet logging agent/master

2014-08-26 Thread Ramin K


On 8/26/14 10:34 AM, Mike Reed wrote:

Hello all,

I've recently been looking into various methods for configuring
meaningful logging from my puppet 3.6 master/agent nodes.  I've
typically gone the route of grep'ing through syslog on both
master/agents and I'd like something a little more robust and user
friendly for other who may not be hip on going through hundreds of lines
of syslog information in addition to a simpler design.

I've recently been playing with an agent's puppet.conf and simply trying
to set the logdir using this with no success at all (permissions have
been changed to allow puppet to write to that directory):
[agent]
logdir=/var/log/puppet

I've also tested syslog facility configurations but after some time, it
seemed like having to modify multiple configuration files to get puppet
logging consistent, seems a bit bulky to me.

I suppose I have two questions:

1.  Is there a simple way to push messages to a file other than
/var/log/syslog on an Ubuntu machine?
2.  Is there a preferred way in the community by which people aggregate
logs to make troubleshooting nodes issues easier to manage?

Thank you all for your time in advance.

Cheers,
Mike


This is the way I do it, 
http://ask.puppetlabs.com/question/432/puppet-and-rsyslog/?answer=439#post-id-439


I thought that the Puppet packages used to install a syslog config, but 
maybe I imagined that.


Ramin

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/53FCC85A.9050805%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Challenge: who am i and what do i do

2014-08-26 Thread Ramin K


On 8/26/2014 12:41 PM, Alex Demitri wrote:

Hi guys - i am fairly new to puppet and i am trying to figure out ways
to implement it in my organization to make good use of it. One thing we
thought would be useful to better our deployment process, is to add a
mechanism that would have a vanilla server getting installed on a VM,
boot up, check into puppet and figure out these three questions:

1) Where am I?
 - in what Datacenter/Availability zone am I? Based on that, what
syslog servers do i have to use, NTP servers, etc..
2) Who am I?
 - what server am i? What files do i need for basic functions?
3) What am I supposed to do?
 - based on what server I am, what am i supposed to do? do i have to
run Tomcat? Apache? And if yes, where are my configuration files?

In short, find a holistic way for a system to come up to speed by
itself. I already thought of using meaningful hostnames for the roles of
the servers but that does not work well in the cloud...

Thoughts?

Thanks!
Alex


When we provision machines the system passes a few flags that do the 
equivalent of


sudo FACTER_role=frontend puppet agent --environment stage --certname 
fe34.usw1.example.com


role is a custom fact that needs to be set the first time as shown 
above. Puppet does the Hiera lookup based on $role and $env with 
$certname or nodename as the final arbiter. That's as much config as we 
need, but no reason you couldn't add various ec2 facts to the hierarchy.


Ramin

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/53FD6F90.6060601%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: require broken with create_resources() ?

2014-08-21 Thread Ramin K


On 8/21/14 6:00 AM, jcbollinger wrote:

On Wednesday, August 20, 2014 8:11:13 AM UTC-5, R.I. Pienaar wrote:

It also works if you quote the 'Class[myclass]' so it should work if
it comes from JSON or whatever

Really?  That's news to me.  I wonder when that was added.

John


	I'm curious as well. I distinctly remember losing an afternoon to the 
fact that this did not work last year. hiera-1.3 maybe?


Ramin

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/53F638AD.7010409%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Very large resource_statuses. reports:prune:orphaned fails with Mysql error

2014-08-12 Thread Ramin K

On 8/12/2014 1:34 AM, Erling Ringen Elvsrud wrote:

Hi!

I use Puppet enterprise 2.7.2. In the database for Puppet Dashboard
the resource_statuses table has grown rapidly the past month (when I was
on vacation).
I have experienced this earlier also and have implemented the suggested
solution
here: https://projects.puppetlabs.com/issues/6717
(downloaded a new rake task reports:prune:orphaned).
I have successfully executed that task in the past, but now it fails with
an error:
Mysql::Error: Lock wait timeout exceeded; try restarting transaction:
delete from resource_statuses where report_id not in (select id from
reports) limit 1000.

The resource_statuses.ibd file is 103 GB! (containing about 250 million
rows).
When this happened earlier the rake task reports:prune:orphaned ran for
many days, but eventually completed.

Is it possible to quickly drop the whole resource_statuses table and
recreate it?

Note that I also currently work with upgrade / migration to Puppet
Enterprise
3.x but need to maintain this 2.7.2 installation in parallel.

You could try dropping the table and recreating it, but it might orphan
all the resources. If you want the longer safer way, this is how I've
done it in the past. Note that you'll need to dump and import the data
for that table in order to reclaim the space from the table.

https://ask.puppetlabs.com/question/884/how-do-i-reduce-the-space-mysql-is-using-for-puppet-dashboard/?answer=885#post-id-885

Ramin

--
You received this message because you are subscribed to the Google Groups Puppet
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/53EA38AA.401%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Very large resource_statuses. reports:prune:orphaned fails with Mysql error

2014-08-12 Thread Ramin K

On 8/12/2014 8:54 AM, Ramin K wrote:

On 8/12/2014 1:34 AM, Erling Ringen Elvsrud wrote:

Hi!

The resource_statuses.ibd file is 103 GB! (containing about 250 million
rows).
When this happened earlier the rake task reports:prune:orphaned ran for
many days, but eventually completed.

Is it possible to quickly drop the whole resource_statuses table and
recreate it?

Note that I also currently work with upgrade / migration to Puppet
Enterprise
3.x but need to maintain this 2.7.2 installation in parallel.

https://ask.puppetlabs.com/question/884/how-do-i-reduce-the-space-mysql-is-using-for-puppet-dashboard/?answer=885#post-id-885

I made an error. Because you're already using file per table the
optimize step will reclaim the space as long as you've already purged
the data.

Ramin

--
You received this message because you are subscribed to the Google Groups Puppet
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/53EA39A2.6070903%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet agent memory usage on the master

2014-08-09 Thread Ramin K

On 8/7/14 5:41 AM, Chris Ritson wrote:

I've been trying for a while to work out why my puppet agent run on
the puppet master was consuming so much time and memory. With a
single webrick master running puppet puppet-3.6.2-1.el6 and serving
about 100 clients, I was seeing agent runs on the master of the
order of 4000 seconds. I was keeping, but not making use of the agent
reports, so the puppet master was tidying these away after they
reached the an age of 36 hours to avoid wasting disk space. Agent
runs were quite often getting OOM errors and being killed as this was
on a virtual machine with 2G of memory. Increasing this limit and
watching the agent run grow it became clear that stored state was
part of the problem. Memory consumption was sometimes reaching 3G.

In the end, even after abandoning report generation and allowing the
remaining report files to be tidied out of existence, I was still
seeing a large memory footprint and long delays when the puppet run
appeared to be doing nothing or saving its previous state. Looking in
the saved state.yaml file, I saw that there were still many hundreds
of references to report files and directories that used to exist.
Only when I finally removed this file altogether, taking the risk
that a few services would be restarted when they shouldn't be, did my
puppet run get back to a reasonable time and memory footprint.

It seems from this that the puppet agent is reading and preserving a
lot of historic state information, even when this is no longer of any
use. Is this a bug/feature? Is this something I could/should have
been able to avoid with better knowledge of puppet's configuration
options?

Chris Ritson

You're not alone with this problem.
http://ask.puppetlabs.com/question/13092/puppetmaster-process-memory-usage-constantly-increases-until-kernel-complains-and-starts-killing-off-other-processes/

I do think that there is something not quite right about whatever Puppet
is doing in more recent versions. That said moving your master to the
Apache/Passenger setup should solve it and is the correct solution
regardless of the memory problems you're having. webrick masters were
never meant to be the means to run Puppet in production or at more than
10 nodes in my opinion.

Ramin

--
You received this message because you are subscribed to the Google Groups Puppet
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/53E66FCF.8090102%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Puppet-Dashboard All Nodes Unresponsive, Background Tasks

2014-07-09 Thread Ramin K

	It looks like you did this command 'alter table report_logs column 
message mediumtext;' rather than varchar(65536). mediumtext is what it 
should be changed to. Both BLOB and TEXT are 64kb while MEDIUMTEXT is 16MB.


Ramin

On 7/9/2014 4:48 AM, Ximena Cardinali wrote:

Hello,

I had to apply also this other Solution:

mysql describe report_logs;
+---+--+--+-+-++
| Field | Type | Null | Key | Default | Extra  |
+---+--+--+-+-++
| id| int(11)  | NO   | PRI | NULL| auto_increment |
| report_id | int(11)  | NO   | MUL | NULL||
| level | varchar(255) | YES  | | NULL||
| message   | blob | YES  | | NULL||
| source| text | YES  | | NULL||
| tags  | text | YES  | | NULL||
| time  | datetime | YES  | | NULL||
| file  | text | YES  | | NULL||
| line  | int(11)  | YES  | | NULL||
+---+--+--+-+-++
9 rows in set (0.00 sec)

mysql ALTER TABLE report_logs MODIFY message VARCHAR(65536);
Query OK, 46574 rows affected, 2 warnings (0.97 sec)
Records: 46574  Duplicates: 0  Warnings: 2

mysql describe report_logs;
+---+--+--+-+-++
| Field | Type | Null | Key | Default | Extra  |
+---+--+--+-+-++
| id| int(11)  | NO   | PRI | NULL| auto_increment |
| report_id | int(11)  | NO   | MUL | NULL||
| level | varchar(255) | YES  | | NULL||
| message   | mediumtext   | YES  | | NULL||
| source| text | YES  | | NULL||
| tags  | text | YES  | | NULL||
| time  | datetime | YES  | | NULL||
| file  | text | YES  | | NULL||
| line  | int(11)  | YES  | | NULL||
+---+--+--+-+-++
9 rows in set (0.00 sec)

mysql

For now, everything is working as expected. We will see in a few days,
or after puppetdb Upgrade.

X.

On Monday, 16 June 2014 16:55:25 UTC+2, Ximena Cardinali wrote:

Hello There,

I've been struggling the last days with this issue. The situation is
happening since I've upgrade Puppet to 3.6.0.

_- Problem:_
On Puppet-Dashboard all Hosts are shown as *Unresponsive* and
thousand of tasks are queued as *Failed*.

_- Environment:_
OS: Debian Wheezy
Puppet-Dashboard: 1.2.23
Puppet: 3.6.0
Facter: 2.0.1
Hiera: 1.3.2

_- Applied Solutions:_

* Solution 1:
cd /usr/share/puppet-dashboard/
- Stop dashboard workers
rm -v spool/*
rake jobs:clear RAILS_ENV=production
- Start dashboard workers.

Good solution, but temporary, because the problem after a few days
comes back.

* Solution 2:
I've also did the following update to the DB:
mysql ALTER TABLE delayed_job_failures MODIFY details BLOB;
Which also did not work.

Does anyone have any idea of what can be happening there?

--
You received this message because you are subscribed to the Google
Groups Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com
mailto:puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/da0290f9-5120-4040-b1f4-227878317ebc%40googlegroups.com
https://groups.google.com/d/msgid/puppet-users/da0290f9-5120-4040-b1f4-227878317ebc%40googlegroups.com?utm_medium=emailutm_source=footer.
For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/53BD7AF3.3050005%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet newbie, Apache vHosts, and trying to do it the right way

2014-06-23 Thread Ramin K


On 6/23/2014 4:05 AM, Ben Ruset wrote:

Ah, okay this makes more sense for me. So I know that I can stick this
in the same file with the node definitions, but there's got to be a
better place for it to go. Where would the proper place be for it to go?

Many thanks for your responses. They've been very helpful.


Simplest solution might be to organize around role/profiles without 
doing all the fancy create_resources Hiera stuff. However I would take 
this time to learn Hiera. It's much easier to start with Hiera than to 
graph it on later. My 2000+ line commit last summer assures me of this. 
Using Hiera helps you separate data from code which makes you write less 
code and the code you do right tends to suck less.


That said if you still want to get it up and running without going down 
that path it might look a bit like the following.


node site-frontend01 {
  include role::frontend
}

node site-middleware01 {
  include role::middleware
}

class role::frontend {
  include profile::apache
  include profile::base
  include profile::frontend
  include profile::php
}

class role::middleware {
  include profile::apache
  include profile::base
  include profile::java
  include profile::middleware
  include profile::varnish
}

class profile::frontend {
  include ::apache
  include ::sitecode

  apache::vhost { 'www.example.com':
blah = stuff
  }
  apache::vhost { 'www.notexample.com':
blah = stuff
  }
}

class profile::middleware {
  include ::apache
  include ::appcode

  apache::vhost { 'app.example.com':
blah = stuff,
port = 8080,
  }
  apache::vhost { 'app.notexample.com':
blah = stuff,
port = 8081,
  }
}

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/53A86B04.9070202%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet new deployment questions - deployment patterns, sensitivity to network errors, and certificate headaches.

2014-06-17 Thread Ramin K


On 6/16/2014 12:33 PM, Stephen Morton wrote:

I've got some newbie puppet questions.
My team has a tremendous amount of linux/computer knowledge, but we're
new to Puppet.
We recently started using puppet to manage some 100 servers. Their
configs are all pretty similar with some small changes.


History

Prior to Puppet, we already had a management system that involved having
config files under revision control and the config file repo checked out
on every server and the repo config files symlinked into the appropriate
place in the filesystem. Updating the repo would update these files.This
was mostly just great, with the following limitations:

  * If the symlink got broken, it didn't work.
  * Some files require very specific ownership, or were required not to
be symlinks (e.g. /etc/sudoers. /etc/vsftpd/ files I think)
  * Updating a daemon's config file does not mean that the daemon is
restarted. e.g. updating /etc/httpd/conf/httpd.conf does not do a
service httpd reload
  * You can't add a new symlink.
  * All files must be in revision control to link to. Some
security-sensitive files we want to only be available to some
servers and something like puppet that can send files over the
network is a good solution to this.



Puppet to the rescue?

So we've tried a very conservative Puppet implementation. We've left our
existing infrastructure and we just add new rules in Puppet. So far, we
have a single site.pp file and only a dozen or so rules. But already
we're seeing problems.

 1. Puppet is good for configuring dynamic stuff that changes. But it
seems silly to have rules for stuff that will be configured just one
time and then will not change. If we set up some files, we don't
expect them to disappear. In fact if they do disappear we might not
want them silently fixed up we probably want to know what's going
on.  Doing everything in puppet results in ever-growing manifests. I
don't know of a way to specify different manifests, e.g. every 30
minutes I want Puppet to run and request the lean and mean regular
manifest and then once a week I want it to run the make sure
everything is in the right place manifest.
 2. Puppet seems very sensitive to network glitches. We run puppet from
a cron job and errors were so frequent that we just started sending
all output to /dev/null.
 3. Endless certificate issues. It's crazy. So sometimes hosts would get
dropped... for unknown reasons their certificates were no longer
accepted. Because we'd already stopped output (see previous bullet
point) we would not know this and the server would be quietly not
updated. And when you get a certificate problem, often simply
deleting the cert on the agent and master won't fix it. Sometimes a
restart of the master service (or more?) is required.
  * The solution to this to me is not you should run puppet
dashboard, then you'd know. This shouldn't be failing in the
first place. If something is that flaky, I don't want to run it.

(We're running version 3.4.2 on CentOS 6.5, 64-bit.)

---

Questions.

So my questions for the above three issue are I guess as follows

 1. Is there a common Puppet pattern to address this? Or am I thinking
about things all wrong.
 2. Is there a way to get puppet to be more fault-tolerant, or at least
complain less?
 3. Are endless certificate woes the norm? Once an agent has
successfully got its certificates working with the server, is it a
known issue that it should sometimes start to subsequently fail?

Thanks,
Steve


1. I don't think about it as manifests increasing in size, but whether I 
can completely recreate a server at anytime accurately. Or more 
importantly can I provision 12 more of any server asap. It's been my 
experience that active/passive sites usually drift into active/not 
updated sites. I believe the same would apply to a Puppet install that 
had one methodology for install and another for updates.


That said we do have servers that are usually short lived enough that we 
run Puppet on install and then run specifically targeted updates when 
needed using Puppet's --tags feature.


http://docs.puppetlabs.com/puppet/latest/reference/lang_tags.html#the-tag-metaparameter

2. I run Puppet masters in one US site and have agent machines is five 
others including three sites outside of the US. We average roughly one 
network related problem a month on the 50-100 nodes that aren't in the 
main site. Without more information, logs, etc it would appear that your 
the network's stability is the problem.


	The symptoms you describe might be the result of an overloaded master. 
If that sounds possible, I'd look at the number of Puppet master 
processes you've configured in Apache/Passenger (or similar) and the 
concurrent requests to the master during the day. Agents when left to 
their own devices like to clump up over time. Additionally if you're 
still using

Re: [Puppet Users] Puppet new deployment questions - deployment patterns, sensitivity to network errors, and certificate headaches.

2014-06-17 Thread Ramin K

google-groups appeared to have eaten the first version from yesterday. 
Pardons if this is sent twice.


1. I don't think about it as manifests increasing in size, but whether I 
can completely recreate a server at anytime accurately. Or more 
importantly can I provision 12 more of any server asap. It's been my 
experience that active/passive sites usually drift into active/not 
updated sites. I believe the same would apply to a Puppet install that 
had one methodology for install and another for updates.


That said we do have servers that are usually short lived enough that we 
run Puppet on install and then run specifically targeted updates when 
needed using Puppet's --tags feature.


http://docs.puppetlabs.com/puppet/latest/reference/lang_tags.html#the-tag-metaparameter

2. I run Puppet masters in one US site and have agent machines is five 
others including three sites outside of the US. We average roughly one 
network related problem a month on the 50-100 nodes that aren't in the 
main site. Without more information, logs, etc it would appear that your 
the network's stability is the problem.


The symptoms you describe might be the result of an overloaded 
master. If that sounds possible, I'd look at the number of Puppet master 
processes you've configured in Apache/Passenger (or similar) and the 
concurrent requests to the master during the day. Agents when left to 
their own devices like to clump up over time. Additionally if you're 
still using the puppetmasterd startup script your master won't be able 
to handle more then one concurrent request.


3. I've been running Puppet for over four years and have never had the 
sort of cert problems you've described. IIRC the cert expire time is 
five years so that seems unlikely as well.


My best guess is time drift though I would expect transactions to 
remain broken till NTP was updated.


Ramin


On 6/16/2014 12:33 PM, Stephen Morton wrote:

I've got some newbie puppet questions.
My team has a tremendous amount of linux/computer knowledge, but we're
new to Puppet.
We recently started using puppet to manage some 100 servers. Their
configs are all pretty similar with some small changes.


History

Prior to Puppet, we already had a management system that involved having
config files under revision control and the config file repo checked out
on every server and the repo config files symlinked into the appropriate
place in the filesystem. Updating the repo would update these files.This
was mostly just great, with the following limitations:

  * If the symlink got broken, it didn't work.
  * Some files require very specific ownership, or were required not to
be symlinks (e.g. /etc/sudoers. /etc/vsftpd/ files I think)
  * Updating a daemon's config file does not mean that the daemon is
restarted. e.g. updating /etc/httpd/conf/httpd.conf does not do a
service httpd reload
  * You can't add a new symlink.
  * All files must be in revision control to link to. Some
security-sensitive files we want to only be available to some
servers and something like puppet that can send files over the
network is a good solution to this.



Puppet to the rescue?

So we've tried a very conservative Puppet implementation. We've left our
existing infrastructure and we just add new rules in Puppet. So far, we
have a single site.pp file and only a dozen or so rules. But already
we're seeing problems.

 1. Puppet is good for configuring dynamic stuff that changes. But it
seems silly to have rules for stuff that will be configured just one
time and then will not change. If we set up some files, we don't
expect them to disappear. In fact if they do disappear we might not
want them silently fixed up we probably want to know what's going
on.  Doing everything in puppet results in ever-growing manifests. I
don't know of a way to specify different manifests, e.g. every 30
minutes I want Puppet to run and request the lean and mean regular
manifest and then once a week I want it to run the make sure
everything is in the right place manifest.
 2. Puppet seems very sensitive to network glitches. We run puppet from
a cron job and errors were so frequent that we just started sending
all output to /dev/null.
 3. Endless certificate issues. It's crazy. So sometimes hosts would get
dropped... for unknown reasons their certificates were no longer
accepted. Because we'd already stopped output (see previous bullet
point) we would not know this and the server would be quietly not
updated. And when you get a certificate problem, often simply
deleting the cert on the agent and master won't fix it. Sometimes a
restart of the master service (or more?) is required.
  * The solution to this to me is not you should run puppet
dashboard, then you'd know. This shouldn't be failing in the
first place. If something is that flaky, I don't want to run it.

(We're running version 3.4.2

Re: [Puppet Users] params.pp/inheritance/defaults/hiera/hiera functions?

2014-05-30 Thread Ramin K


On 5/29/2014 10:58 AM, Christopher Wood wrote:

(I'm not sure how to phrase my question precisely, so this may not
all be totally clear.)

Has anybody else successfully moved away from using params.pp and
default values, and if so, what did you do and how did it go? If not,
what made you go back?

The only answer I can come up with is to stop using class parameters,
change to hiera functions, and put all my data defaults in
common.yaml.

The background:

I've had a couple of odd (lab) situations where much troubleshooting
was occasioned by how I misspelled a key name in hiera and thus
configuration data was pulled from a default value (either params.pp
or the parameter default value). If there was no default value I
would simply have gotten an error about the lookup failure and fixed
that quickly.

In a related matter, sometimes I need a piece of configuration data
from one module to appear in another module. Faked-up example, my
SuperDaemon configuration data has to be used by monit to supervise
all the worker daemons and by logrotate to rotate their individual
log files. Some things are data bindings, some are
hiera()/hiera_array()/hiera_hash() on a case by case basis, and it's
messy.

In another related matter, explaining the combination of puppet
inheritance from params.pp, default values, hiera, and hiera
functions makes people's eyes glaze over. It would be easier to point
people at hiera and say source of data, learn these three
functions.

Things are mostly fine, I may just be wanting to tweak things, but it
strikes me there's a way to do all this with much less effort.



I'm curious about this as well. This was my pre parametrized classes 
attempt to make it more understandable. I *think* this was a slight 
improvement, but I'm not convinced that it adds much beyond pointing a 
user where to look for the data.


class redis::params {
  $packagename = $::osfamily ? {
/(?i:debian)/ = 'redis-server',
/(?i:redhat)/ = 'redis',
  }
}

class redis::data {
  $version = hiera('redis::version','present')
}

class redis::install {
  package { $redis::params::packagename:
ensure = $redis::data::version;
  }
}

	I haven't switched over to parametrized classes mostly because the 
above already works, the limited Hiera lookup available to data 
bindings, and the great description you provided of the where is this 
data coming from problem.


	My current thinking is somewhat similar to yours. It might make sense 
to pull in RI's module data patch and use explicit Hiera calls 
everywhere. Data is always provided via Hiera, just from two locations. 
The downsides are that PL is likely going to go a different direction 
and it's a fair amount of code to change.
	However moving the cognitive overhead to the writing of code instead of 
the operating of it may be worth it till a better solution presents itself.


Ramin

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5388C38F.9010604%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Craig Dunn's Roles/Profiles/Components Conflicts

2014-05-16 Thread Ramin K


On 5/15/2014 12:14 PM, Christopher Wood wrote:

(inline)

On Thu, May 15, 2014 at 11:45:21AM -0700, Ramin K wrote:


I'd also like to disagree slightly with Christopher who also
posted in this thread. Your profile:: classes are the perfect place
for all sorts of site specific nonsense including resources. In
fact if you're not sufficiently embarrassed of your profile classes
you're probably not taking full advantage of that abstraction
layer. I wrote about how I use/abuse them here,
https://ask.puppetlabs.com/question/5235/what-goes-in-the-profile-part-of-roleprofile/


(I think I had this exact conversation when discussing profiles at
work.)

This is usually where I say: If you have site-specific things you
should modularize those and add the relevant include statements and
chaining to the profile, with the data in hiera.

For us that includes a site level in hiera so that hosts at different
sites get different puppetmasters (server not ca_server), ntp
servers, resolvers, and so on. This helps us use the mnemonic that
anything in node yaml indicates either an oddity or an error. This
will also let us quickly include a module if we need it somewhere
else.

Of course, your mileage may vary, mine sure has at times.


Oh good, disagreement. I think much harder when that happens :-)

	We probably agree more than disagree, but the statement that bothered 
me was that profile was a place of pure includes and chains. Sure 
everything should be modularized, but often the time to do it is 
eventually and sometimes never. Generalization should only happen once 
you need more than one and fully understand the problem. Perhaps we 
could mimic Knuth and say Premature generalization is a distraction 
from automating your production system.


	I think there is a distinction between small systems and large ones 
which affect both our point of views. I run a smallish system that I own 
completely. Without dissenting opinions about what should be on servers 
I'm free to make sweeping changes to how we manage a daemon with hardly 
anyone noticing let alone caring. And because I'm manpower limited, I'm 
unlikely to do generalization unless absolutely needed.
	In a larger system many sites, divisions, etc are going to do things 
differently and generalization is required much earlier and often. Also 
with a larger staff the additional code and complexity is worth it if it 
keeps everyone from reinventing the wheel.


Ramin

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/537654FF.2000502%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Craig Dunn's Roles/Profiles/Components Conflicts

2014-05-15 Thread Ramin K


On 5/14/2014 10:22 PM, mjuszc...@gmail.com wrote:

Hi all,

We use the roles/profiles/components model originally suggested by Craig
Dunn fairly heavily.  In our case:

  * The role is a business name, like Application X App Server
  * The profile is the technical name, like Base Components or Webserver
  * The components are either wrapper classes around modules or modules
themselves, like PHP or Apache.

For the most part, this works well.  We can have, for example:

  * MyFace Application Server
  o Base Components
  + SSSD
  + Sudo
  + NTP
  o PHP Webserver
  + PHP
  + Apache
  + PHP-FPM
  + Memcache

However, we're running into trouble how to handle the situation
where you're running a box with multiple functions... for example,
WordPress and Drupal.  In that case, how do you handle configuration
conflicts?  On the surface, it seems like we would create a more generic
profile like PHP Webserver (like I did in the above example).  If I do
this, however, I lose the ability to define profile specific variables
such as firewall rules, cron jobs, etc.

Any thoughts on this?


	As always John's response earlier in the thread was spot on. 
Determining role rather than roles is the basis of your problem.


	The way I design role/profile today is to think in terms of creating a 
data schema that describes my system. Then I assemble roles, profiles, 
and modules to consume that schema. That schema is realized in the 
hiera.yaml. A simple flexible hiera.yaml might look like:


:hierarchy:
- hosts/%{clientcert}
- env/%{environment}/%{role}
- role/%{role}
- env/%{environment}
- common

	I believe that role (or some unique fact, enc lookup, whatever) is the 
right place to insert function specific data because it is unique to 
that group of servers. Some resources like sourcing firewall rules based 
on multiple profiles are more likely to lead to conflicts particularly 
if there are overlapping functionality. Some resources like vhosts are 
unlikely to collide though load order might be unexpected.
	As a side note attempting to do role/profile without Hiera, ENC, 
Foreman, or some sort of external data source is doomed to fail in my 
opinion.


	I'd also like to disagree slightly with Christopher who also posted in 
this thread. Your profile:: classes are the perfect place for all sorts 
of site specific nonsense including resources. In fact if you're not 
sufficiently embarrassed of your profile classes you're probably not 
taking full advantage of that abstraction layer. I wrote about how I 
use/abuse them here, 
https://ask.puppetlabs.com/question/5235/what-goes-in-the-profile-part-of-roleprofile/


Ramin

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/53750B41.40806%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Looking for a better way to use hiera hashes than create_resources

2014-05-06 Thread Ramin K


On 5/5/2014 7:32 AM, Alex Scoble wrote:

If you are trying to follow Puppet Labs recommended best practices, it's
definitely a moving target.


	I find it best not to change my workflow or methodology until it makes 
sense on my system regardless of what the community or even Puppet Labs 
has said.


A few of the things I have completely ignored,
 - inheriting params.pp class to get local variables
 - ENC
 - parameterized classes
 - 99.8% of Forge modules
 - data bindings

A few of the things I do/have done that Puppet no longer recommends or 
has never recommended,

 - use stages
 - include subclasses to change behavior of modules, class 
postfix::config::relay inherits postfix::config {

 - specific hiera calls
 - used RVM to run my Puppet master

	On the flip side I did have a 2000+ line commit last year when I 
switched over to role/profile. However the massive benefits in 
organization (at least for me) were worth the time investment. At some 
point I'll probably bite the parameterized classes/data binding bullet 
as well.


	I ran across a paper recently with the following quote. I think keeping 
this definition of Engineering in mind would be a good thing for the 
Puppet community instead of searching for the elusive best solution.


http://www.lunduniversity.lu.se/o.o.i.s?id=24965postid=2968043
Engineering has no hint of the absolute, the deterministic, the 
guaranteed, the true. Instead it fairly reeks of the uncertain, the 
provisional and the doubtful. The engineer instinctively recognizes this 
and calls his ad hoc method “doing the best you can with what you’ve 
got,” “finding a seat-of-the-pants solution,” or just “muddling 
through”. (Koen, 1985, p. 23).


Ramin

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/536967B4.7000303%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] emulate puppet cert clean via API...

2014-04-25 Thread Ramin K

I did it by giving the application that revokes and deletes it's own 
cert to use and authorized it. I suspect delete might not be allowed by 
default.


I wrote our method up here, 
https://ask.puppetlabs.com/question/3347/revoke-and-delete-cert-via-the-rest-api/


Ramin

On 4/25/2014 2:09 PM, Matthew Nicholson wrote:

I'm looking to emulate puppet cert clean certname via the REST API...

Up until now our puppet CA has lived on the same host as out cobbler
installation, letting me have triggers in cobbler to clean certs when we
rebuild hosts.  its been VERY handy.

Now we're splitting the two up, and I'm looking to do the same via the
REST API, to avoid some ssh-via-key-hackery.


I can revoke a cert seemingly fine:
matt at Matthews-iMac in ~
$ curl -k -X PUT -H Content-Type: text/pson --data
'{desired_state:revoked}'
https://provisions:8140/production/certificate_status/CERTNAME
null%

(i then check and see that cert as revoked)

But then trying to actually delete the cert (so that the client can
regenerate and be autosigned when it does its first run, which we do IN
kickstart) fails:

matt at Matthews-iMac in ~
$ curl -k -X DELETE -H Accept: pson
https://provisions:8140/production/certificate_status/CERTNAME
{stacktrace:[/usr/lib/ruby/site_ruby/1.8/puppet/network/http/route.rb:72:in
`process',/usr/lib/ruby/site_ruby/1.8/puppet/network/http/handler.rb:63:in
`process',/usr/lib/ruby/site_ruby/1.8/puppet/util/profiler/none.rb:6:in 
`profile',/usr/lib/ruby/site_ruby/1.8/puppet/util/profiler.rb:43:in
`profile',/usr/lib/ruby/site_ruby/1.8/puppet/network/http/handler.rb:61:in
`process',/usr/lib/ruby/site_ruby/1.8/puppet/network/http/rack.rb:21:in 
`call',/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/rack/request_handler.rb:96:in
`process_request',/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/abstract_request_handler.rb:513:in
`accept_and_process_next_request',/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/abstract_request_handler.rb:274:in
`main_loop',/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/rack/application_spawner.rb:205:in
`start_request_handler',/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/rack/application_spawner.rb:170:in
`send',/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/rack/application_spawner.rb:170:in
`handle_spawn_application',/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/utils.rb:479:in
`safe_fork',/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/rack/application_spawner.rb:165:in
`handle_spawn_application',/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/abstract_server.rb:357:in
`__send__',/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/abstract_server.rb:357:in
`server_main_loop',/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/abstract_server.rb:206:in
`start_synchronously',/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/abstract_server.rb:180:in
`start',/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/rack/application_spawner.rb:128:in
`start',/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/spawn_manager.rb:253:in
`spawn_rack_application',/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/abstract_server_collection.rb:132:in
`lookup_or_add',/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/spawn_manager.rb:246:in
`spawn_rack_application',/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/abstract_server_collection.rb:82:in
`synchronize',/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/abstract_server_collection.rb:79:in
`synchronize',/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/spawn_manager.rb:244:in
`spawn_rack_application',/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/spawn_manager.rb:137:in
`spawn_application',/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/spawn_manager.rb:275:in
`handle_spawn_application',/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/abstract_server.rb:357:in
`__send__',/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/abstract_server.rb:357:in
`server_main_loop',/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/abstract_server.rb:206:in
`start_synchronously',/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/helper-scripts/passenger-spawn-server:99],issue_kind:RUNTIME_ERROR,message:Server
Error: undefined method `each' for nil:NilClass}%


our passenger setup isn't anything exotic...

Anyone have any thoughts/ideas? I'll also take implementation idea for
how to do this from a remote system (just one), in other ways...


--
Matthew Nicholson

--
You received this message because you are subscribed to the Google
Groups Puppet Users group.
To unsubscribe from this group and stop receiving emails

Re: [Puppet Users] Memory sizing (or leak) in master. [Tkt: 115440]

2014-04-16 Thread Ramin K


On 3/14/2014 6:18 AM, Chris Ritson wrote:

Am I being too optimistic? Running a centos 6.5 virtual machine as puppet 
master, on version 3.4.3, I am frequently running out of memory. The virtual 
machine only has 0.75Gig of allocated memory. It holds 225 certificates, but 
only about 130 of these agent machines are regularly active. Mostly they run 
the puppet agent from cron once an hour at a random time or with a random splay 
from within puppet if the start time is not already randomised.

How much memory would be normal for a setup of this size, and how is it likely 
to scale as we add more client agents?

Chris Ritson (Computing Officer and School Safety Officer)


From a prod Puppet master running 3.4.3, Ruby 1.8.7, and Passenger 4.

puppet01 ~ $ sudo passenger-memory-stats
snip
- Passenger processes --
PIDVMSizePrivate   Name

9874   236.1 MB  148.1 MB  Passenger RackApp: /home/deploy/puppet/rack
13019  224.2 MB  136.7 MB  Passenger RackApp: /home/deploy/puppet/rack

200MB per application instance is roughly what I've heard from other 
users in the community.


In your case I'd consider increasing RAM to 1G and setting limits on the 
number of Puppet master processes. Something like the following might work.


## passenger.conf
PassengerMaxPoolSize 2 # only two instances
PassengerMinInstances 2 # assumes no other Passenger run applications
PassengerMaxRequests 1
PassengerStatThrottleRate 30

In regards to scaling Puppet it's a matter of controlling concurrent 
requests. If you never have more than two concurrent requests then you 
may never need a larger server. General rule of thumb is 1.5 or 2.0 
instances per core, 250MB per instance, and enough instances to handle 
requests.


Ramin

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/534ED05D.9040305%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Roles/profiles and hiera

2014-03-27 Thread Ramin K

Thanks and I'm glad it helped point you in the right direction. Here
are two more (from me at least) to add to your collection on
role/profile and Hiera. And yes I feel your oversimplified example pain.
It's very unhelpful though Puppet is better than most projects.

https://ask.puppetlabs.com/question/5235/what-goes-in-the-profile-part-of-roleprofile/
https://ask.puppetlabs.com/question/3146/how-to-build-a-proper-hiera-hierarchy/

What goes in profile? is the basis of my proposed Puppet Conf talk.
With any luck that will be accepted and force me to spend the 40+ hours
getting it out of my head and into a coherent presentation. Now I'm
thinking I should have called it If you're not embarrassed of your
profile:: manifests you're doing it wrong!

I agree that documentation is lacking, but there are some mitigating
circumstances. Parameterized classes, Hiera, role/profile, and automatic
lookup of parameters in Hiera only recently arrived on the scene.
Without all parts and some community consensus the way forward was still
unclear in my opinion. And I say that as someone who went down every
blind alley from 0.24 on. As always good ideas usually appear obvious in
hindsight.
On the flip side I was surprised with just how little reference to
role/profile there was on *.puppetlabs.com. You might consider opening a
Documentation bug to create a Role/Profile doc or at least collection of
the 20-30 external links that most people refer to in one place.

Ramin

On 3/27/2014 7:07 PM, Mike Lehner wrote:

I can't begin to describe how helpful it is to read this. I also started
down the same path using a profile::base. A slightly different setup
where all other profiles inherited from ::profile::base. Luckily,
shortly after going down this path I ran into a major roadblock (better
now than 9 months in) when I tried to override a value from
profile::base in another profile. Can't really be done. Puppet Support
also pointed me in a similar direction as Ramin using custom facts.

I really wish there was more guidance on this from Puppetlabs. When
reading through learning sites and documentation, the first thing you
read is that Roles/Profiles are the be all end all. Then you find out
you actually don't want ANY data in code. So you have to go rewrite your
all your profiles you already wrote, to work with hiera. In my opinion,
the lack of guidance in this area is the single biggest barrier to
deploying Puppet. Actually writing the code is fairly easy. The issue is
finding the best place to organize the code. Most of the examples from
Puppetlabs (or the blogs written by puppet employees before they were)
are over-simplified and tend to lead down a path that's a dead-end. I'm
not a professional developer, I'm a sysadmin simply trying to puppetize
my infrastructure. There is a lot of work to be done in clearing this up
for those of us who don't develop for a living. In my honest opinion.

On Friday, August 30, 2013 6:48:37 PM UTC-4, Frederiko Costa wrote:

Hi everyone,

Do you guys know any article/doc talking about the use of
roles/profiles approach with hiera?

I'm particularly interested in how to organize the manifests when
having multiple data centers, parametized classes and wants to use
hiera.

Being even more specific, how to organize the code using the Craig's
article (http://www.craigdunn.org/2012/05/239/
http://www.craigdunn.org/2012/05/239/) and use hiera to provide
node specific data.

thank you,
-fred

--
You received this message because you are subscribed to the Google
Groups Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com
mailto:puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/ca33d5be-5f90-4c90-afd1-1dd154699516%40googlegroups.com
https://groups.google.com/d/msgid/puppet-users/ca33d5be-5f90-4c90-afd1-1dd154699516%40googlegroups.com?utm_medium=emailutm_source=footer.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups Puppet
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/533507EB.3030303%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Hit and miss application of puppet modules

2014-02-24 Thread Ramin K


On 2/24/2014 4:47 PM, Christopher Opena wrote:


class profile::puppet_master {
notify {Applying profile::puppet_master:}
include puppet_master
}


Because you're within class profile::puppet_master Puppet assume you 
mean the local puppet_master class instead of the top scope 
puppet_master. In order to force top scope you need include ::puppet_master


I find myself defaulting to include ::module_name when using 
role/profile as a safety precaution.


Ramin

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/530BF14E.7090001%40badapple.net.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] How to group systems using Puppet and hiera?

2014-02-17 Thread Ramin K


On 2/17/2014 1:05 PM, Alex Scoble wrote:

Hi All,

We are currently transitioning from using the Puppet Enterprise (PE) ENC
to using hiera. Howevver, one piece of functionality that we lack with
hiera is the ability to group systems together based on function. We can
only currently group the systems based on available facts and are
currently using environment, osfamily and domain in our hierarchy,
however it would be extremely useful to also have a group or role
category in our hiera hierarchy.

As I see it we have a few options and hopefully, people here can add
better options that they are using.

The first is to use groups within the PE ENC which can apparently be
used as a variable within the hiera hierarchy. This would be an easy
solution, but not a very scalable one as putting systems into groups
using the PE console is very slow and I haven't seen a documented way to
manipulate the PE console data using a command line tool.

Second is to create a custom fact named group, but this requires that
each system has a yaml file dropped in the correct place and I don't see
a good way to automate creation of these files using PE, which would
make it scalable. One way to do it would be to create a hiera yaml for
each system with group parameter set, but the whole point of this
exercise is to avoid creating hiera yamls for each system in our
environment. I don't see having 1000+ hiera yamls as very scalable or
manageable.

Third, of course, is to just manage this with individual hiera yamls for
each system where classes required for that system's functions, but
can't be defined higher up in the hierarchy, would be called out, but as
I said before, this option isn't very scalable or manageable.

If you are using Puppet and hiera, how are you managing groups of
systems (web servers, Nessus servers, mail servers, etc.)?

Thanks,
Alex


	We add a role fact as part of the provisioning process when Puppet 
kicks off for the first time. The equivalent of doing the following from 
the command line.


FACTER_role=$role puppet agent --server $server --environment $env

::role is written to a file which in future runs populates ::role which 
closes the loop.


Ramin

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/530295F9.9080200%40badapple.net.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Roles / profile pattern , inquire on how you handle some specific situations

2014-02-10 Thread Ramin K


On 2/9/2014 11:37 PM, JuanBrein wrote:

THanks and great post by the way!

I think we are pretty much on the same thinking behind. You don't add
the package  resource directly but using create_resources from hiera
is almost the same thing. THe only difference is that your way is more
flexible as you can add / remove packages just changing data and not
code. But if you know beforehand what are the requires and you think
they'll be static in the long term I prefer that to be on the code side
so my hiera data looks small compact relevant and tidy.


	You'll have better luck if you data is large and your code is small and 
tidy. :-) There are cases where adding a Package or File resource 
without any lookup or generalization is the right choice. In cases like 
your PHP module example where you know you'll need more than one and 
probably 10-15 which will need updating as the webapp increases in 
functionality I'd go with a data driven solution.



My problem is with the file resources and templates. if if you have a
decent amount of different applications you'll end up with a super
profile class. It'll contain all different type of files and templates
and too many sub profile modules. Some companies have more than 200
different applications type with an average of 2 to 4 config files to be
deployed by app. I know some of them could be moved to rpms but is
normal to have at least 1 config file managed by templates. DO you think
it is good to have a profile class with say 300 400 files from different
applications?


	I'm not sure I understand the problem as you describe it. Each 
application should or likely runs on its own server, vm, container, or 
whatever. That's going to limit the actual number of profiles applied to 
that node to a reasonable amount. In my system the most complex role or 
hostgroup has 18 profiles which apply 46 modules and manages 332 File 
resources of actual config (no large dir sync nonsense). That looks 
reasonably complex to me unless you're building some sort of junk drawer 
monstrosity of a multifunction server.



That's where I prefer to use a different pattern and that is one profile
class per application: ie:

profile_webapp
profile_alpha_app
profile_gamma_app
etc...

And sometimes when needed use the repo-config-install-service pattern.

Do you see any cons on that approach?

Thanks!
Juan


	Without seeing a real example of what you're doing it sounds like most 
of your code should be in a module that is then included by a profile. I 
can't think of any reasons to be declaring a Service in a profile class. 
Enabling it, yes. Adding additional config, yes. Declaring, no.


	Taking the example of Apache yet again, your Apache module should 
install Apache, minimally configure it, and start it if so set in your 
code or data. That's it. No modules, no vhosts, or anything beyond a 
minimal config by default. Because it does so little you can include it 
anywhere and add the additional site specific config on top. Because it 
does so little you can share it without someone needing to immediately 
rip your system's idiosyncrasies out of it.


Ramin


On Monday, February 10, 2014 6:48:55 AM UTC, Ramin K wrote:

On 2/9/2014 4:47 AM, JuanBrein wrote:
 
 
  I've been using puppet on different companies and implementing
the roles
  / profile pattern on some of them.
 
  In theory the patter works very well but in practice I usually face
  challenges that I sort out implementing my own designs /
solutions. I
  would like to know how you guys deal with that in case you do.
 
  **Say you have a typical LAMP stack and you have to deploy a web
app so
  my classes would look something like this (super simplified
version):
 
  *Modules:*
 
  class apache { //puppetlabs class }
  class mysql { //puppetlabs class }
  etc./.
 
  *Profile*:
 
  class profile::webapp {
 
 class 'apache'
 class 'mysql'
 
 $name = hiera('webapp::name')
 apache::vhost {$webapp::name:}
 
  }
 
  *Roles:*
 
  class role::prod_web {
 include 'base'
 include 'profile::webapp'
  }
 
  Now some of the questions I face:
 
  1- Say thate for whatever reason the profile::webap requires a
specific
  package... ie php-apc that is not covered by the apache module. The
  roles / profile states that you should always reference modules.
Would
  you guys create a new class just to include a resource? What I
usually
  end up doing is to add that package into the profile for the sake of
  simplicity.
 
  2- Sometimes modules from puppetlabs or other contributors lacks
of some
  functionality. Say for example you need to deploy a file under
  /etc/sysconfig. I wouldn't place that file under the profile
class as
  that is used for multiple profiles definitions. However creating

Re: [Puppet Users] Roles / profile pattern , inquire on how you handle some specific situations

2014-02-09 Thread Ramin K


On 2/9/2014 4:47 AM, JuanBrein wrote:



I've been using puppet on different companies and implementing the roles
/ profile pattern on some of them.

In theory the patter works very well but in practice I usually face
challenges that I sort out implementing my own designs / solutions. I
would like to know how you guys deal with that in case you do.

**Say you have a typical LAMP stack and you have to deploy a web app so
my classes would look something like this (super simplified version):

*Modules:*

class apache { //puppetlabs class }
class mysql { //puppetlabs class }
etc./.

*Profile*:

class profile::webapp {

   class 'apache'
   class 'mysql'

   $name = hiera('webapp::name')
   apache::vhost {$webapp::name:}

}

*Roles:*

class role::prod_web {
   include 'base'
   include 'profile::webapp'
}

Now some of the questions I face:

1- Say thate for whatever reason the profile::webap requires a specific
package... ie php-apc that is not covered by the apache module. The
roles / profile states that you should always reference modules. Would
you guys create a new class just to include a resource? What I usually
end up doing is to add that package into the profile for the sake of
simplicity.

2- Sometimes modules from puppetlabs or other contributors lacks of some
functionality. Say for example you need to deploy a file under
/etc/sysconfig. I wouldn't place that file under the profile class as
that is used for multiple profiles definitions. However creating a new
module for just a single file seams like too much of an overhead. What I
usually do is I split up the profile module into multiple profile
modules and use the repo - install - config - service pattern. That
allows me to create a file / template where to place my specific
resources for that profile and still consume data from hiera to
customize the behaviour.

3- The problem with point 2 is that you might end up with too many
profile classes and some of them might include a simple reference to a
module. That is not much of a problem to me as I prefer to have my files
attached to the right profile module rather than having multiple files
on a single profile module... or multiple modules with just a couple of
files.

Cheers!
Juan Breinlinger



1. profiles::php with create_resources around a Package resource that 
pulls in php-apc, php-mcrypt, php-gd, and all the other usual suspects 
based on Hiera data. When was the last time anyone needed just one PHP 
module? Also not a terrible place to set apc.ini and other config files.


2. profile::myrole and yeah I add the resource directly particularly if 
it'll never ever conflict with another module. Also a good place to pull 
in very simple modules. I'm not a fan of breaking things up into more 
specific subclasses within a profile::class.


3. See #2

	I recently took a crack at writing some examples of profile uses as 
well as philosophizing on good profile classes. Probably needs another 
hour of editing, but might be helpful in its current state. 
https://ask.puppetlabs.com/question/5235/what-goes-in-the-profile-part-of-roleprofile/


Ramin

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/52F87657.1020503%40badapple.net.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: Thoughts on roles/profiles class paradigm

2014-01-23 Thread Ramin K


On 1/22/2014 7:35 PM, Nathan Nobbe wrote:


I read Craig's article numerous times and have recently published an
article http://quickshiftin.com/blog/2014/01/composition-in-puppet/ on
my thoughts. To summarize, I feel the big lesson from the article is
composition is needed to define reusable grouped module declarations
(aka /roles/). Whether or not you like the notion of the 2-layered
approach (roles /and/ profiles) is something else and a bit extra IMO.

That said I'm only managing tens of servers rather than hundreds or
thousands so far, but for me one layer to represent 'roles' has worked
great.

What it amounts to for me is a simple guideline - leverage inheritance
(or the hiera hierarchy) as much as possible and introduce composition
on a need-to basis. Composition is necessary though, unless all your
systems are identical.

Thanks again Craig for the article. Neat to find you on the google group!

-nathan


	If I had the 20-30 hours to write a Puppet Conf presentation it would 
be called The profile is the most important part of role/profile. :-)


	In a simple system with a webserver and database, profiles don't appear 
to add much. However in a complex system where an Apache server could be 
a proxy, app server, ssl terminator, or other function the added layer 
is very necessary. In my system I have 25+ roles half of which use 
profile::apache to get vastly different configs. In each case 
profile::apache provides the entry point for the data Hiera provides 
based on Role.


	Profile classes are where you get to be opinionated about your config. 
In my sample profile::apache class below my Apache module can remain 
generic and shareable while profile::apache pulls in things like 
collectd, logstash, etc that are specific to how *I* think any server 
with Apache should be installed.


You might also check out Craig's later presentation on role profile 
which provides a clearer picture than his earlier blog post. 
http://www.slideshare.net/PuppetLabs/roles-talk


Ramin

class profile::apache {

  include ::apache
  include profile::logstash
  include profile::sslcerts

  collectd::plugin { 'apache': }
  logrotate::simple { 'apache':}

  $mymods = hiera('apache::a2mods', {})
  create_resources('apache::a2mod', $mymods)

  $myvhosts = hiera('apache::vhosts', {})
  create_resources('apache::vhost', $myvhosts)

  Sslcerts::Cert|| - Class['apache::service']
}

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/52E188C8.5020807%40badapple.net.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Divide init.pp into components

2014-01-16 Thread Ramin K


On 1/16/2014 3:16 AM, David Jarosch wrote:

   ### INSTALL NRPE PLUGINS WITHOUT ADDITIONAL RECOMMENDED PACKAGES
   exec { 'nagios-nrpe-plugin':
 unless  = '/usr/bin/dpkg -l |grep nagios-nrpe-plugin',
 require = Class['nrpe::package'],
 command = '/usr/bin/apt-get install nagios-nrpe-plugin -y
--no-install-recommends';
   }


	I highly recommend turning off recommends globally on Debian based 
systems. It's a bit more work in the beginning, but you remove a large 
set of unknown behavior. With Puppet it is best to be explicit in 
describing the final state of your machines and Recommends is a bit too 
magical sometimes. It is a gray area based on conversations I've had 
with other sys admins and it may make sense in your env.


	IIRC is was installing nagios-plugins-all with recommends enabled that 
caused our one and only Puppet related site outage. That package pulled 
in Nagios which in turn needed apache-prefork which of course removed 
apache-mpm-worker and brought the site down. Admittedly we would have 
caught that if I hadn't been developing on a VM with Nagios already 
installed.


Ramin

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/52D816EC.9010305%40badapple.net.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Notify service in one class from other class

2014-01-13 Thread Ramin K


On 1/13/2014 5:51 AM, Denis Kot wrote:

I have the following classes:
class zabbix-agent {
...
 package {'zabbix-agent':
 ensure = installed
 }
...
 service { zabbix-agent:
 ensure = running,
 start= /etc/init.d/zabbix-agent start,
 stop= /etc/init.d/zabbix-agent stop,
 status= /etc/init.d/zabbix-agent status,
 restart= /etc/init.d/zabbix-agent restart,
 require = Package['zabbix-agent']
 }
}

class redis {
...
 file {/etc/zabbix/zabbix_agentd.conf.d/redis.conf:
 source  = puppet:///modules/redis/redis_monitoring.conf,
 require = Package['zabbix-agent'],
 notify = Service['zabbix-agent']
 }
...
}

node /^data\d+\.example\.com$/ inherits 'prerun'
{
 class 'redis'
}


node 'prerun' {
...
class {'zabbix-agent': stage = pre}
...
}

but that code produces error:

err: Could not apply complete catalog: Found dependency cycles in the
following relationships: Service[zabbix-agent] =
File[/etc/redis/redis.conf], Package[redis-server] =
File[/etc/redis/redis.conf], Service[zabbix-agent] = Class[Settings],
Service[zabbix-agent] = File[/etc/puppet/puppet.conf],
File[/etc/zabbix/zabbix_agentd.conf.d/redis_monitoring.conf] =
Service[zabbix-agent], Service[zabbix-agent] =
File[/etc/zabbix/zabbix_agentd.conf.d/redis_monitoring.conf],
Service[zabbix-agent] = File[/etc/puppet/auth.conf],
Service[zabbix-agent] = Class[prerun], File[/etc/redis/redis.conf] =
Service[redis-server], Service[zabbix-agent] = Service[redis-server],
Service[zabbix-agent] = Package[redis-server], Service[zabbix-agent] =
File[/etc/puppet/namespaceauth.conf], Service[zabbix-agent] =
Class[datad.leaderboard.lvis.tv]; try using the '--graph' option and
open the '.dot' files in OmniGraffle or GraphViz

what's wrong? if I comment out 'notify' puppet doesn't complain, but
doesn't restart service too.


Stages should be treated as black boxes where you assume everything that 
was suppose to happen in an earlier stage has already happened. You can 
not notify to any resources from a resource in a later stage. And it's a 
bad idea to refer to any resources between any stage as you're almost 
guaranteed to cause dependency cycles. This is why stages are only used 
for a small subset of problems.


In your case I don't see any reason for zabbix to be in a stage. No 
point in monitoring being up before the services it needs to monitor. 
Remove stage = when you declare it and you should be fine though you 
might need to fix ordering afterwards.


Ramin

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/52D412CC.6070901%40badapple.net.
For more options, visit https://groups.google.com/groups/opt_out.

1 2 3 >

1 - 100 of 203 matches

Mail list logo