Re: [Puppet Users] Re: A working firewall module
Just did, Thank you! Ronen On Mon, Jul 11, 2011 at 1:50 AM, Ken Barber k...@puppetlabs.com wrote: Hi Ronen, Making the rules persistent is a matter of running iptables-save afterwards. If you drop this in your top scope it should work: exec { persist-firewall: command = $operatingsystem ? { debian = /sbin/iptables /etc/iptables/rules.v4, /(RedHat|CentOS)/ = /sbin/iptables /etc/sysconfig/iptables, } refreshonly = true, } Firewall { notify = Exec[persist-firewall] } Can you raise a bug on the other issue about not detecting existing rules? I'd appreciate being able to see any problematic rules (after your own scrubbing of course). We'll then be able to try and fix it for you. https://github.com/puppetlabs/puppetlabs-firewall/issues Alessandro's suggestions still hold true about applying firewall rules with related classes. I'm a big fan of this methodology instead of having a long list of rules. This is why a firewall type that handles individual rules is a good approach. ken. On Sun, Jul 10, 2011 at 9:54 PM, Ronen Narkis nark...@gmail.com wrote: Hey Ken, the main issue was that the provider wasn't detecting existing rules but instead kept adding them in, another issue is that the rules aren't persistent (restarting the service clears them out), Alessandro ill check it out thanks! Ronen On Sun, Jul 10, 2011 at 10:38 PM, Christopher Webber kgbbelm...@gmail.com wrote: I have been working on doing something similar to this. We want to abstract for multiple OS's and deal with the joy that is Solaris zones. Essentially, it will be a resource that defines the fw rules in XML and then a script takes all of those definitions and creates a complete set of firewall rules. I am waiting to hear back on our code release policy to see what it takes to release it once I am done. -- cwebber On Jul 10, 2011, at 12:32 PM, Alessandro Franceschi wrote: FYI I don't know it it may be useful , but I've done this: https://github.com/example42/puppet-modules/tree/master/iptables which can be used in 2 ways: - a standard iptable-save approach (set $iptables_config = file before to enable it) with rules file defined in https://github.com/example42/puppet-modules/blob/master/iptables/manifests/file.pp (here you have to add source or content arguments to mange it with static files or templates according to your need) - an automatic way (default option when you include the module) that dymanically builds iptables rules according to the modules you include and the iptables related variables you set (see the README) This actually works if you use the Example42 modules (or at least the firewall defines included in each one). It's quite nice to see it working adding or removing dynamically but, I must admin, is a bit resource intensive (a puppet resoutce for each dymanic rule). Regards Al @ Lab42 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/KSn4hF687gQJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Join us for PuppetConf, September 22nd and 23rd in Portland, OR: http://bit.ly/puppetconfsig; -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: A working firewall module
Hey Alessandro the module works well, one issue that I had is that once rules were applied the iptables service wasn't restarted, iv dug through the code and indeed saw the notify under rule.pp: concat::fragment{ iptables_rule_$name: target = ${iptables::params::configfile}, content = $command $chain $true_rule -j $target\n, order = $true_order, ensure = $ensure, notify = Service[iptables], } My guess is that the notify should be defined deeper in the defined resource? The only way I was able to make it restart was to use: File[/etc/sysconfig/iptables] ~ Service[iptables] Ronen On Mon, Jul 11, 2011 at 12:59 PM, Ronen Narkis nark...@gmail.com wrote: Just did, Thank you! Ronen On Mon, Jul 11, 2011 at 1:50 AM, Ken Barber k...@puppetlabs.com wrote: Hi Ronen, Making the rules persistent is a matter of running iptables-save afterwards. If you drop this in your top scope it should work: exec { persist-firewall: command = $operatingsystem ? { debian = /sbin/iptables /etc/iptables/rules.v4, /(RedHat|CentOS)/ = /sbin/iptables /etc/sysconfig/iptables, } refreshonly = true, } Firewall { notify = Exec[persist-firewall] } Can you raise a bug on the other issue about not detecting existing rules? I'd appreciate being able to see any problematic rules (after your own scrubbing of course). We'll then be able to try and fix it for you. https://github.com/puppetlabs/puppetlabs-firewall/issues Alessandro's suggestions still hold true about applying firewall rules with related classes. I'm a big fan of this methodology instead of having a long list of rules. This is why a firewall type that handles individual rules is a good approach. ken. On Sun, Jul 10, 2011 at 9:54 PM, Ronen Narkis nark...@gmail.com wrote: Hey Ken, the main issue was that the provider wasn't detecting existing rules but instead kept adding them in, another issue is that the rules aren't persistent (restarting the service clears them out), Alessandro ill check it out thanks! Ronen On Sun, Jul 10, 2011 at 10:38 PM, Christopher Webber kgbbelm...@gmail.com wrote: I have been working on doing something similar to this. We want to abstract for multiple OS's and deal with the joy that is Solaris zones. Essentially, it will be a resource that defines the fw rules in XML and then a script takes all of those definitions and creates a complete set of firewall rules. I am waiting to hear back on our code release policy to see what it takes to release it once I am done. -- cwebber On Jul 10, 2011, at 12:32 PM, Alessandro Franceschi wrote: FYI I don't know it it may be useful , but I've done this: https://github.com/example42/puppet-modules/tree/master/iptables which can be used in 2 ways: - a standard iptable-save approach (set $iptables_config = file before to enable it) with rules file defined in https://github.com/example42/puppet-modules/blob/master/iptables/manifests/file.pp (here you have to add source or content arguments to mange it with static files or templates according to your need) - an automatic way (default option when you include the module) that dymanically builds iptables rules according to the modules you include and the iptables related variables you set (see the README) This actually works if you use the Example42 modules (or at least the firewall defines included in each one). It's quite nice to see it working adding or removing dynamically but, I must admin, is a bit resource intensive (a puppet resoutce for each dymanic rule). Regards Al @ Lab42 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/KSn4hF687gQJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Join us for PuppetConf, September 22nd and 23rd in Portland, OR: http://bit.ly/puppetconfsig; -- You received this message
[Puppet Users] A working firewall module
Iv been going through a multitude of firewall modules not being able to find a simple module that open and closes ports on Redhat/Centos 5.6 All the modules that iv tried keep open ports multiple times (each time puppet agent runs): ACCEPT -A INPUT -p tcp -m multiport --dports 80 -m comment --comment Allow clarity -m state --state NEW -j ACCEPT -A INPUT -p tcp -m multiport --dports 5672 -m comment --comment JMS port -m state --state NEW -j ACCEPT -A INPUT -p tcp -m multiport --dports 1099 -m comment --comment Allow rmi -m state --state NEW -j ACCEPT -A INPUT -p tcp -m multiport --dports -m comment --comment Allow jmx -m state --state NEW -j ACCEPT -A INPUT -p tcp -m multiport --dports -m comment --comment Allow jmx -m state --state NEW -j ACCEPT -A INPUT -p tcp -m multiport --dports 5672 -m comment --comment JMS port -m state --state NEW -j ACCEPT -A INPUT -p tcp -m multiport --dports 55672 -m comment --comment Allowing rabbit managment port -m state --state NEW -j ACCEPT -A INPUT -p tcp -m multiport --dports 1099 -m comment --comment Allow rmi -m state --state NEW -j ACCEPT -A INPUT -p tcp -m multiport --dports 80 -m comment --comment Allow clarity -m state --state NEW -j ACCEPT Among the modules iv tried: https://github.com/pdeaudney/puppet-firewall https://github.com/puppetlabs/puppetlabs-firewall Iv also tried: https://github.com/duritong/puppet-shorewall And didn't manager to get it going, Id be grateful to Any reference to a simple working Redhat/Centos module Ronen -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: A working firewall module
Hey Ken, the main issue was that the provider wasn't detecting existing rules but instead kept adding them in, another issue is that the rules aren't persistent (restarting the service clears them out), Alessandro ill check it out thanks! Ronen On Sun, Jul 10, 2011 at 10:38 PM, Christopher Webber kgbbelm...@gmail.comwrote: I have been working on doing something similar to this. We want to abstract for multiple OS's and deal with the joy that is Solaris zones. Essentially, it will be a resource that defines the fw rules in XML and then a script takes all of those definitions and creates a complete set of firewall rules. I am waiting to hear back on our code release policy to see what it takes to release it once I am done. -- cwebber On Jul 10, 2011, at 12:32 PM, Alessandro Franceschi wrote: FYI I don't know it it may be useful , but I've done this: https://github.com/example42/puppet-modules/tree/master/iptables which can be used in 2 ways: - a standard iptable-save approach (set $iptables_config = file before to enable it) with rules file defined in https://github.com/example42/puppet-modules/blob/master/iptables/manifests/file.pp (here you have to add source or content arguments to mange it with static files or templates according to your need) - an automatic way (default option when you include the module) that dymanically builds iptables rules according to the modules you include and the iptables related variables you set (see the README) This actually works if you use the Example42 modules (or at least the firewall defines included in each one). It's quite nice to see it working adding or removing dynamically but, I must admin, is a bit resource intensive (a puppet resoutce for each dymanic rule). Regards Al @ Lab42 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/KSn4hF687gQJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppetmaster gets no certificate request
You need to sign the client certificate first, Did you do all the steps as described under http://projects.puppetlabs.com/projects/1/wiki/Certificates_And_Security(example section) ? Ronen On Sat, Jul 2, 2011 at 1:39 AM, newguy aimanparv...@gmail.com wrote: Hi guys, I am very new to puppet and am trying to install puppet master-client on my ubuntu system. Client is a ubuntu on virtual box. problem is that my puppet mastere gets no certificate request and puppet client keeps on saying : warning: peer certificate wont be verified in this SSL session. notice: Did not receive certificate. On puppetmaster puppetmasterd --no-daemonize -v command gives the following output: notice: Starting Puppet server version 0.25.4 err: Removing mount files: /etc/puppet/files does not exist info: mount[files]: allowing 192.168.0.0/24 access info: mount[plugins]: allowing 192.168.0.0/24 access info: access[^/catalog/([^/]+)$]: allowing 'method' find info: access[^/catalog/([^/]+)$]: allowing $1 access info: access[/certificate_revocation_list/ca]: allowing 'method' find info: access[/certificate_revocation_list/ca]: allowing * access info: access[/report]: allowing 'method' save info: access[/report]: allowing * access info: access[/file]: allowing * access info: access[/certificate/ca]: adding authentication no info: access[/certificate/ca]: allowing 'method' find info: access[/certificate/ca]: allowing * access info: access[/certificate/]: adding authentication no info: access[/certificate/]: allowing 'method' find info: access[/certificate/]: allowing * access info: access[/certificate_request]: adding authentication no info: access[/certificate_request]: allowing 'method' find info: access[/certificate_request]: allowing 'method' save info: access[/certificate_request]: allowing * access info: access[/]: adding authentication any info: Could not find certificate for 'puppetclient.sbcglobal.net' info: Could not find certificate for 'puppetclient.sbcglobal.net' info: Could not find certificate for 'puppetclient.sbcglobal.net' info: Could not find certificate for 'puppetclient.sbcglobal.net' and this never ends. Please help me with this guys, am stuck here, I have read the related posts in this group but couldnt solve it. Thanks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet agent problem on Ubuntu
Hey Im running puppet on Ubuntu On Tue, Jun 21, 2011 at 3:25 PM, John Nicholson vilvic.j...@gmail.comwrote: I'm in the process of setting up puppet and experiencing some issues. I'm running Ubuntu 11.04 desktop and server in two seperate VM's. I've installed puppet master (2.6.4) and puppet (2.6.4). The puppet master and agent are happily working together. I'm running the example in the book Pro Puppet. This is the first example; Code: class sudo { package { sudo: ensure = present, } if $operatingsystem == Ubuntu { package { sudo-ldap: ensure = present, require = Package[sudo], } } file { /etc/sudoers: owner = root, group = root, mode = 0440, source = puppet://$puppetserver/modules/sudo/etc/sudoers, require = Package[sudo], } } On the agent I run the following command; puppet agent --server=myserver --no-daemonize --verbose --onetime The agent see's the change but I get an error; info: Caching catalog for agentServer info: Applying configuration version '123456789' err: /Stage[main]/Sudo/Package[sudo-ldap]/ensure: change from purged to present failed: Execution of '/usr/bin/apt-get -q -y -o DPkg::Options::=-- force-confold install sudo-ldap' returned 100: E: Could not open lock file /var/lib/ dpkg/lock - open (13: Permission denied) E: Unable to lick the administration directory (/var/lib/dpkg/), are you root? I don't have another package manager open. I understand what the problem is. The agent is being run as the current logged in user and that user doesn't have permission to run apt-get. Generally to run apt-get i have to do sudo apt-get. I've thought about modifying the sudoers file and adding nopasswd for my user (as suggested in other posts) for apt-get but that doesn't solve the problem since the command in the puppet agent is not run with sudo. I understand if I run the puppet agent as a daemon then it runs as user root which I guess would solve the problem. I'm not sure it's best to run the agent as a daemon. I might want to control when the agent pulls the updates from the puppet master (or through cron). In any case if you remote control the agent (via ssh) this might help http://napkins.wordpress.com/2009/02/18/using-nopasswd-in-sudoers-on-ubuntu/ If I run; sudo puppet agent --server=myserver --no-daemonize --verbose -- onetime I get a different error; err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key I've tried removing the ssl certs from both the puppet master and agent and run the command again. I get the same problem. When I remove the sudo from the start of the command the puppet agent is happy with the cert. I though about adding my user to the root group as a test. Even when I do that if I run apt-get update manually a permission denied. I wondered if this has something to do with the root user being disabled by default on Ubuntu. I'm a novice when it comes to these sorts of things. Has anyone got this working or have any suggestions of how I might solve this issue? On the node machine run: /usr/bin/find /var/lib/puppet/ssl/ -name '*.pem' -exec rm {} \; Sign the cert on the master side and you should be good to go, Another issue iv found is that the clocks of the node and the master need to be in sync -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Weird paramterized issue
Amazing! Iv somehow missed that :) There was another include that missed my eyes (never include within an init.pp above a class) Thank you! Ronen On Sat, Jun 4, 2011 at 11:16 PM, Ken Barber k...@puppetlabs.com wrote: Ronen, Have you tried grepping through all your content to make sure your not using 'include nodejs' elsewhere - or some other usage of it where you are not specifying user. You might be seeing non-deterministic class loading order which may be why your symptoms are intermittent. ken. On Sat, Jun 4, 2011 at 6:56 PM, Ronen Narkis nark...@gmail.com wrote: Im using a parameterized class in my site.pp: class development($user) { class{basenode: user = $user} class{nodejs: user = $user} include coffeescript include ruby } This class defines nodejs class that epects a user as input: class nodejs($user) { class {nodejs::npm: user = $user} $node_ver = v0.4.7 $node_tar = node-$node_ver.tar.gz # ... } The first time I run this all works fine, still on the second run Im getting: err: Could not retrieve catalog from remote server: Error 400 on SERVER: Must pass user to Class[Nodejs] at /etc/puppet/modules/nodejs/manifests/init.pp:1 on node When I touch the site.pp file or restart puppet master all things work again, any idea what Im doing wrong? Thanks Ronen -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Pushing changes to nodes
There is such an option (not ssh based): http://www.puppetlabs.com/mcollective/introduction/ It has a plugin for puppet as well: http://projects.puppetlabs.com/projects/mcollective-plugins/wiki/ToolPuppetcommander Ronen On Sun, Jun 5, 2011 at 2:48 PM, Pavel Shevaev pacha.shev...@gmail.comwrote: Hi! I've finally managed to migrate our servers deployment process to the puppet and so far it works just fine. Puppet is great, but its default pull model doesn't fit our requirements. I'm thinking about usage of clusterssh(or something similar) in order to trigger the following command on the nodes: sudo puppet agent --no-daemonize --verbose --onetime In our setup puppet agent is not running as a service on the nodes. I think it would be really nice to have this feature available in the future versions of puppet, e.g: #puppet push What do you think? -- Best regards, Pavel -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Weird paramterized issue
Im using a parameterized class in my site.pp: class development($user) { class{basenode: user = $user} class{nodejs: user = $user} include coffeescript include ruby } This class defines nodejs class that epects a user as input: class nodejs($user) { class {nodejs::npm: user = $user} $node_ver = v0.4.7 $node_tar = node-$node_ver.tar.gz # ... } The first time I run this all works fine, still on the second run Im getting: err: Could not retrieve catalog from remote server: Error 400 on SERVER: Must pass user to Class[Nodejs] at /etc/puppet/modules/nodejs/manifests/init.pp:1 on node When I touch the site.pp file or restart puppet master all things work again, any idea what Im doing wrong? Thanks Ronen -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] node class include vs module include
I would also expect Class[git] - Vcsrepo | | to work, but it doesn't Ronen On Fri, May 27, 2011 at 12:49 AM, Ronen nark...@gmail.com wrote: Hey, Im trying to use the puppet vcsrepo module, one of the issues I had with it is that its required to have a vcs installed before the plugin is used within a class or else it fails with: err: Could not run Puppet configuration client: Could not find a default provider for vcsrepo Iv solved this by requiring git installation before the first vcsprepo usage. This solution is not optimal since it requires me to keep track where vcsrepo is used for the first time so iv decided to create a seperate class for git installation, this class has parameter (user email) for the git global configuration, In my site.pp im using: class basenode { class { git: user= $www_user, email = $email} include build_essential include vim-src class { vim-configuration: user = $user} class { zsh: user = $user} include zsh_configuration class { z: user = $user} include local_security include apt include apt::unattended-upgrade::automatic } Yet iv found out that git gets isn't installed before the first time vcsrepo is used (vim_configuration in this case), Is there a reason why class gets compiled after included modules? Is there a better way to solve this? Thanks Ronen -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.