Re: [Puppet Users] Re: A working firewall module
Just did,
Thank you!
Ronen
On Mon, Jul 11, 2011 at 1:50 AM, Ken Barber k...@puppetlabs.com wrote:
Hi Ronen,
Making the rules persistent is a matter of running iptables-save
afterwards. If you drop this in your top scope it should work:
exec { persist-firewall:
command = $operatingsystem ? {
debian = /sbin/iptables /etc/iptables/rules.v4,
/(RedHat|CentOS)/ = /sbin/iptables /etc/sysconfig/iptables,
}
refreshonly = true,
}
Firewall {
notify = Exec[persist-firewall]
}
Can you raise a bug on the other issue about not detecting existing
rules? I'd appreciate being able to see any problematic rules (after
your own scrubbing of course). We'll then be able to try and fix it
for you.
https://github.com/puppetlabs/puppetlabs-firewall/issues
Alessandro's suggestions still hold true about applying firewall rules
with related classes. I'm a big fan of this methodology instead of
having a long list of rules. This is why a firewall type that handles
individual rules is a good approach.
ken.
On Sun, Jul 10, 2011 at 9:54 PM, Ronen Narkis nark...@gmail.com wrote:
Hey Ken, the main issue was that the provider wasn't detecting existing
rules but instead kept adding them in, another issue is that the rules
aren't persistent (restarting the service clears them out),
Alessandro ill check it out thanks!
Ronen
On Sun, Jul 10, 2011 at 10:38 PM, Christopher Webber
kgbbelm...@gmail.com
wrote:
I have been working on doing something similar to this. We want to
abstract for multiple OS's and deal with the joy that is Solaris zones.
Essentially, it will be a resource that defines the fw rules in XML and
then a script takes all of those definitions and creates a complete set
of
firewall rules.
I am waiting to hear back on our code release policy to see what it
takes
to release it once I am done.
-- cwebber
On Jul 10, 2011, at 12:32 PM, Alessandro Franceschi wrote:
FYI
I don't know it it may be useful , but I've done this:
https://github.com/example42/puppet-modules/tree/master/iptables
which can be used in 2 ways:
- a standard iptable-save approach (set $iptables_config = file
before
to enable it) with rules file defined in
https://github.com/example42/puppet-modules/blob/master/iptables/manifests/file.pp
(here you have to add source or content arguments to mange it with
static
files or templates according to your need)
- an automatic way (default option when you include the module) that
dymanically builds iptables rules according to the modules you include
and
the iptables related variables you set (see the README)
This actually works if you use the Example42 modules (or at least the
firewall defines included in each one).
It's quite nice to see it working adding or removing dynamically but, I
must admin, is a bit resource intensive (a puppet resoutce for each
dymanic
rule).
Regards
Al @ Lab42
--
You received this message because you are subscribed to the Google
Groups
Puppet Users group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/KSn4hF687gQJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google
Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
Join us for PuppetConf, September 22nd and 23rd in Portland, OR:
http://bit.ly/puppetconfsig;
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: A working firewall module
Hey Alessandro the module works well, one issue that I had is that once
rules were applied the iptables service wasn't restarted, iv dug through the
code and indeed saw the notify under rule.pp:
concat::fragment{ iptables_rule_$name:
target = ${iptables::params::configfile},
content = $command $chain $true_rule -j $target\n,
order = $true_order,
ensure = $ensure,
notify = Service[iptables],
}
My guess is that the notify should be defined deeper in the defined
resource?
The only way I was able to make it restart was to use:
File[/etc/sysconfig/iptables] ~ Service[iptables]
Ronen
On Mon, Jul 11, 2011 at 12:59 PM, Ronen Narkis nark...@gmail.com wrote:
Just did,
Thank you!
Ronen
On Mon, Jul 11, 2011 at 1:50 AM, Ken Barber k...@puppetlabs.com wrote:
Hi Ronen,
Making the rules persistent is a matter of running iptables-save
afterwards. If you drop this in your top scope it should work:
exec { persist-firewall:
command = $operatingsystem ? {
debian = /sbin/iptables /etc/iptables/rules.v4,
/(RedHat|CentOS)/ = /sbin/iptables /etc/sysconfig/iptables,
}
refreshonly = true,
}
Firewall {
notify = Exec[persist-firewall]
}
Can you raise a bug on the other issue about not detecting existing
rules? I'd appreciate being able to see any problematic rules (after
your own scrubbing of course). We'll then be able to try and fix it
for you.
https://github.com/puppetlabs/puppetlabs-firewall/issues
Alessandro's suggestions still hold true about applying firewall rules
with related classes. I'm a big fan of this methodology instead of
having a long list of rules. This is why a firewall type that handles
individual rules is a good approach.
ken.
On Sun, Jul 10, 2011 at 9:54 PM, Ronen Narkis nark...@gmail.com wrote:
Hey Ken, the main issue was that the provider wasn't detecting existing
rules but instead kept adding them in, another issue is that the rules
aren't persistent (restarting the service clears them out),
Alessandro ill check it out thanks!
Ronen
On Sun, Jul 10, 2011 at 10:38 PM, Christopher Webber
kgbbelm...@gmail.com
wrote:
I have been working on doing something similar to this. We want to
abstract for multiple OS's and deal with the joy that is Solaris zones.
Essentially, it will be a resource that defines the fw rules in XML and
then a script takes all of those definitions and creates a complete set
of
firewall rules.
I am waiting to hear back on our code release policy to see what it
takes
to release it once I am done.
-- cwebber
On Jul 10, 2011, at 12:32 PM, Alessandro Franceschi wrote:
FYI
I don't know it it may be useful , but I've done this:
https://github.com/example42/puppet-modules/tree/master/iptables
which can be used in 2 ways:
- a standard iptable-save approach (set $iptables_config = file
before
to enable it) with rules file defined in
https://github.com/example42/puppet-modules/blob/master/iptables/manifests/file.pp
(here you have to add source or content arguments to mange it with
static
files or templates according to your need)
- an automatic way (default option when you include the module) that
dymanically builds iptables rules according to the modules you include
and
the iptables related variables you set (see the README)
This actually works if you use the Example42 modules (or at least the
firewall defines included in each one).
It's quite nice to see it working adding or removing dynamically but, I
must admin, is a bit resource intensive (a puppet resoutce for each
dymanic
rule).
Regards
Al @ Lab42
--
You received this message because you are subscribed to the Google
Groups
Puppet Users group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/KSn4hF687gQJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google
Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google
Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
Join us for PuppetConf, September 22nd and 23rd in Portland, OR:
http://bit.ly/puppetconfsig;
--
You received this message
[Puppet Users] A working firewall module
Iv been going through a multitude of firewall modules not being able to find a simple module that open and closes ports on Redhat/Centos 5.6 All the modules that iv tried keep open ports multiple times (each time puppet agent runs): ACCEPT -A INPUT -p tcp -m multiport --dports 80 -m comment --comment Allow clarity -m state --state NEW -j ACCEPT -A INPUT -p tcp -m multiport --dports 5672 -m comment --comment JMS port -m state --state NEW -j ACCEPT -A INPUT -p tcp -m multiport --dports 1099 -m comment --comment Allow rmi -m state --state NEW -j ACCEPT -A INPUT -p tcp -m multiport --dports -m comment --comment Allow jmx -m state --state NEW -j ACCEPT -A INPUT -p tcp -m multiport --dports -m comment --comment Allow jmx -m state --state NEW -j ACCEPT -A INPUT -p tcp -m multiport --dports 5672 -m comment --comment JMS port -m state --state NEW -j ACCEPT -A INPUT -p tcp -m multiport --dports 55672 -m comment --comment Allowing rabbit managment port -m state --state NEW -j ACCEPT -A INPUT -p tcp -m multiport --dports 1099 -m comment --comment Allow rmi -m state --state NEW -j ACCEPT -A INPUT -p tcp -m multiport --dports 80 -m comment --comment Allow clarity -m state --state NEW -j ACCEPT Among the modules iv tried: https://github.com/pdeaudney/puppet-firewall https://github.com/puppetlabs/puppetlabs-firewall Iv also tried: https://github.com/duritong/puppet-shorewall And didn't manager to get it going, Id be grateful to Any reference to a simple working Redhat/Centos module Ronen -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: A working firewall module
Hey Ken, the main issue was that the provider wasn't detecting existing rules but instead kept adding them in, another issue is that the rules aren't persistent (restarting the service clears them out), Alessandro ill check it out thanks! Ronen On Sun, Jul 10, 2011 at 10:38 PM, Christopher Webber kgbbelm...@gmail.comwrote: I have been working on doing something similar to this. We want to abstract for multiple OS's and deal with the joy that is Solaris zones. Essentially, it will be a resource that defines the fw rules in XML and then a script takes all of those definitions and creates a complete set of firewall rules. I am waiting to hear back on our code release policy to see what it takes to release it once I am done. -- cwebber On Jul 10, 2011, at 12:32 PM, Alessandro Franceschi wrote: FYI I don't know it it may be useful , but I've done this: https://github.com/example42/puppet-modules/tree/master/iptables which can be used in 2 ways: - a standard iptable-save approach (set $iptables_config = file before to enable it) with rules file defined in https://github.com/example42/puppet-modules/blob/master/iptables/manifests/file.pp (here you have to add source or content arguments to mange it with static files or templates according to your need) - an automatic way (default option when you include the module) that dymanically builds iptables rules according to the modules you include and the iptables related variables you set (see the README) This actually works if you use the Example42 modules (or at least the firewall defines included in each one). It's quite nice to see it working adding or removing dynamically but, I must admin, is a bit resource intensive (a puppet resoutce for each dymanic rule). Regards Al @ Lab42 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/KSn4hF687gQJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppetmaster gets no certificate request
You need to sign the client certificate first, Did you do all the steps as described under http://projects.puppetlabs.com/projects/1/wiki/Certificates_And_Security(example section) ? Ronen On Sat, Jul 2, 2011 at 1:39 AM, newguy aimanparv...@gmail.com wrote: Hi guys, I am very new to puppet and am trying to install puppet master-client on my ubuntu system. Client is a ubuntu on virtual box. problem is that my puppet mastere gets no certificate request and puppet client keeps on saying : warning: peer certificate wont be verified in this SSL session. notice: Did not receive certificate. On puppetmaster puppetmasterd --no-daemonize -v command gives the following output: notice: Starting Puppet server version 0.25.4 err: Removing mount files: /etc/puppet/files does not exist info: mount[files]: allowing 192.168.0.0/24 access info: mount[plugins]: allowing 192.168.0.0/24 access info: access[^/catalog/([^/]+)$]: allowing 'method' find info: access[^/catalog/([^/]+)$]: allowing $1 access info: access[/certificate_revocation_list/ca]: allowing 'method' find info: access[/certificate_revocation_list/ca]: allowing * access info: access[/report]: allowing 'method' save info: access[/report]: allowing * access info: access[/file]: allowing * access info: access[/certificate/ca]: adding authentication no info: access[/certificate/ca]: allowing 'method' find info: access[/certificate/ca]: allowing * access info: access[/certificate/]: adding authentication no info: access[/certificate/]: allowing 'method' find info: access[/certificate/]: allowing * access info: access[/certificate_request]: adding authentication no info: access[/certificate_request]: allowing 'method' find info: access[/certificate_request]: allowing 'method' save info: access[/certificate_request]: allowing * access info: access[/]: adding authentication any info: Could not find certificate for 'puppetclient.sbcglobal.net' info: Could not find certificate for 'puppetclient.sbcglobal.net' info: Could not find certificate for 'puppetclient.sbcglobal.net' info: Could not find certificate for 'puppetclient.sbcglobal.net' and this never ends. Please help me with this guys, am stuck here, I have read the related posts in this group but couldnt solve it. Thanks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet agent problem on Ubuntu
Hey Im running puppet on Ubuntu
On Tue, Jun 21, 2011 at 3:25 PM, John Nicholson vilvic.j...@gmail.comwrote:
I'm in the process of setting up puppet and experiencing some issues.
I'm running Ubuntu 11.04 desktop and server in two seperate VM's. I've
installed puppet master (2.6.4) and puppet (2.6.4). The puppet master
and agent are happily working together.
I'm running the example in the book Pro Puppet. This is the first
example;
Code:
class sudo {
package { sudo:
ensure = present,
}
if $operatingsystem == Ubuntu {
package { sudo-ldap:
ensure = present,
require = Package[sudo],
}
}
file { /etc/sudoers:
owner = root,
group = root,
mode = 0440,
source = puppet://$puppetserver/modules/sudo/etc/sudoers,
require = Package[sudo],
}
}
On the agent I run the following command;
puppet agent --server=myserver --no-daemonize --verbose --onetime
The agent see's the change but I get an error;
info: Caching catalog for agentServer
info: Applying configuration version '123456789'
err: /Stage[main]/Sudo/Package[sudo-ldap]/ensure: change from purged
to present
failed: Execution of '/usr/bin/apt-get -q -y -o DPkg::Options::=--
force-confold
install sudo-ldap' returned 100: E: Could not open lock file /var/lib/
dpkg/lock
- open (13: Permission denied)
E: Unable to lick the administration directory (/var/lib/dpkg/), are
you root?
I don't have another package manager open.
I understand what the problem is. The agent is being run as the
current logged in user and that user doesn't have permission to run
apt-get. Generally to run apt-get i have to do sudo apt-get.
I've thought about modifying the sudoers file and adding nopasswd for
my user (as suggested in other posts) for apt-get but that doesn't
solve the problem since the command in the puppet agent is not run
with sudo.
I understand if I run the puppet agent as a daemon then it runs as
user root which I guess would solve the problem. I'm not sure it's
best to run the agent as a daemon. I might want to control when the
agent pulls the updates from the puppet master (or through cron).
In any case if you remote control the agent (via ssh) this might help
http://napkins.wordpress.com/2009/02/18/using-nopasswd-in-sudoers-on-ubuntu/
If I run;
sudo puppet agent --server=myserver --no-daemonize --verbose --
onetime
I get a different error;
err: Could not request certificate: Retrieved certificate does not
match private
key; please remove certificate from server and regenerate it with the
current key
I've tried removing the ssl certs from both the puppet master and
agent and run the command again. I get the same problem. When I remove
the sudo from the start of the command the puppet agent is happy with
the cert.
I though about adding my user to the root group as a test. Even when I
do that if I run apt-get update manually a permission denied. I
wondered if this has something to do with the root user being disabled
by default on Ubuntu.
I'm a novice when it comes to these sorts of things. Has anyone got
this working or have any suggestions of how I might solve this issue?
On the node machine run:
/usr/bin/find /var/lib/puppet/ssl/ -name '*.pem' -exec rm {} \;
Sign the cert on the master side and you should be good to go,
Another issue iv found is that the clocks of the node and the master need to
be in sync
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Weird paramterized issue
Amazing!
Iv somehow missed that :)
There was another include that missed my eyes (never include within an
init.pp above a class)
Thank you!
Ronen
On Sat, Jun 4, 2011 at 11:16 PM, Ken Barber k...@puppetlabs.com wrote:
Ronen,
Have you tried grepping through all your content to make sure your not
using 'include nodejs' elsewhere - or some other usage of it where
you are not specifying user. You might be seeing non-deterministic
class loading order which may be why your symptoms are intermittent.
ken.
On Sat, Jun 4, 2011 at 6:56 PM, Ronen Narkis nark...@gmail.com wrote:
Im using a parameterized class in my site.pp:
class development($user) {
class{basenode: user = $user}
class{nodejs: user = $user}
include coffeescript
include ruby
}
This class defines nodejs class that epects a user as input:
class nodejs($user) {
class {nodejs::npm: user = $user}
$node_ver = v0.4.7
$node_tar = node-$node_ver.tar.gz
# ...
}
The first time I run this all works fine, still on the second run Im
getting:
err: Could not retrieve catalog from remote server: Error 400 on SERVER:
Must pass user to Class[Nodejs] at
/etc/puppet/modules/nodejs/manifests/init.pp:1 on node
When I touch the site.pp file or restart puppet master all things work
again, any idea what Im doing wrong?
Thanks
Ronen
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Pushing changes to nodes
There is such an option (not ssh based): http://www.puppetlabs.com/mcollective/introduction/ It has a plugin for puppet as well: http://projects.puppetlabs.com/projects/mcollective-plugins/wiki/ToolPuppetcommander Ronen On Sun, Jun 5, 2011 at 2:48 PM, Pavel Shevaev pacha.shev...@gmail.comwrote: Hi! I've finally managed to migrate our servers deployment process to the puppet and so far it works just fine. Puppet is great, but its default pull model doesn't fit our requirements. I'm thinking about usage of clusterssh(or something similar) in order to trigger the following command on the nodes: sudo puppet agent --no-daemonize --verbose --onetime In our setup puppet agent is not running as a service on the nodes. I think it would be really nice to have this feature available in the future versions of puppet, e.g: #puppet push What do you think? -- Best regards, Pavel -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Weird paramterized issue
Im using a parameterized class in my site.pp:
class development($user) {
class{basenode: user = $user}
class{nodejs: user = $user}
include coffeescript
include ruby
}
This class defines nodejs class that epects a user as input:
class nodejs($user) {
class {nodejs::npm: user = $user}
$node_ver = v0.4.7
$node_tar = node-$node_ver.tar.gz
# ...
}
The first time I run this all works fine, still on the second run Im
getting:
err: Could not retrieve catalog from remote server: Error 400 on SERVER:
Must pass user to Class[Nodejs] at
/etc/puppet/modules/nodejs/manifests/init.pp:1 on node
When I touch the site.pp file or restart puppet master all things work
again, any idea what Im doing wrong?
Thanks
Ronen
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] node class include vs module include
I would also expect
Class[git] - Vcsrepo | |
to work, but it doesn't
Ronen
On Fri, May 27, 2011 at 12:49 AM, Ronen nark...@gmail.com wrote:
Hey,
Im trying to use the puppet vcsrepo module, one of the issues I had
with it is that its required to have a vcs installed before the plugin
is used within a class or else it fails with:
err: Could not run Puppet configuration client: Could not find a
default provider for vcsrepo
Iv solved this by requiring git installation before the first vcsprepo
usage.
This solution is not optimal since it requires me to keep track where
vcsrepo is used for the first time so iv decided to create a seperate
class for git installation, this class has parameter (user email)
for the git global configuration,
In my site.pp im using:
class basenode {
class { git: user= $www_user, email = $email}
include build_essential
include vim-src
class { vim-configuration: user = $user}
class { zsh: user = $user}
include zsh_configuration
class { z: user = $user}
include local_security
include apt
include apt::unattended-upgrade::automatic
}
Yet iv found out that git gets isn't installed before the first time
vcsrepo is used (vim_configuration in this case),
Is there a reason why class gets compiled after included modules?
Is there a better way to solve this?
Thanks
Ronen
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
