Re: [Puppet Users] Override a file{} directive - is it possible?
This has been extremely useful in my environment when importing the odd 'unique snowflake' type server quickly without having to make any code/logic changes or introduce large numbers of ENC values to disable certain functionality or alter the flow of your puppet code. Yes. Puppet doesn't seem to deal with snowflakes well, thanks for sharing this. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Override a file{} directive - is it possible?
It's not really the cleanest-looking thing, but the easiest option for your particular case is to wrap the file resource in an if statement like this: if (! $::security_limits_disabled) { file { '/etc/security/limits.conf': ... } } Super, thanks Martin! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Override a file{} directive - is it possible?
It's not really the cleanest-looking thing, but the easiest option for your particular case is to wrap the file resource in an if statement like this: if (! $::security_limits_disabled) { file { '/etc/security/limits.conf': ... } } Thanks, this is just what I was looking for. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Override a file{} directive - is it possible?
Maybe one of you can help with this. I have a class that's got a file{} type directive in it. It populates /etc/security/limits.conf with specific settings. I have a small handful of hosts where we want to manage /etc/security/limits.conf manually. Is there a simple way to tell puppet to exclude this file type just on those hosts, without copying the entire class? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Override a file{} directive - is it possible?
You don't say what version of puppet you're using, whether you're using an ENC, or whether you're already using either extlookup() or hiera(), so it's really difficult to suggest something that integrates well with your current environment. Sorry I didn't provide more detail. We're using puppet 2.6.13. We have a single *.pp config file for each and every host, so specifying additional classes is not hard to do on a host-per-host basis. Here's the limits.conf config from the class that has been applied to these hosts: file { /etc/security/limits.conf: owner = root, group = root, mode= 644, content = #domain\t\ttype\t\titem\t\tvalue\n*\t\t-\t\tnofile\t\t65000\n*\t\t-\t\tnproc\t\t14\n*\t\thard\t\tcore\t\tunlimited\ncdc-dev\t\t-\t\tpriority\t\t15\nhtc\t\t-\t\tnofile\t\t25\n; } Basically I just want this file type to not be active on three hosts. I don't need to be able to detect the hosts, as I can specify the config manually in each of their config files. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Corrupted inventory.txt - how to rebuild?
0x is typically the CA cert, was the inventory.txt file blank when this occurred? If you have all the certificates, you can use puppet cert -pa and extract the serial number, date, and CN info. I'm not sure if there's an automated way using openssl commands. This might be reasonably close (output should be sorted by serial number): Here's the problem as I understand it. We have several puppetmaster servers, due to the large number of clients and networks that need to be supported. We synchronize SSL certs between load balanced hosts using rsync. Somehow or other we occasionally end up getting a host in the inventory.txt file with 0x serial number. Unfortunately this seems to reset the counter and new hosts will end up with duplicate serials to other hosts previously listed in the file. How do you all handle load balancing and certificate management? Is there a way to have a master authority cert server, that all the other nodes turn to for all things SSL? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Corrupted inventory.txt - how to rebuild?
We have an issue where sometimes servers get assigned serial number 0x in the inventory.txt file. This causes major problems including SSL cert errors in the log file. Anyone know how to properly rebuild inventory.txt without tearing everything out and starting from scratch? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] undefined method `initvars'
On Tue, Jul 26, 2011 at 11:44 AM, Tony G. tony...@gmail.com wrote: Try enabling debug and trace on your agent, that will provide more details. Ok, we gave this a shot. Here's the output with --debug and --trace turned on: /var/lib/puppet/lib/puppet/type/package.rb:316:in `initialize' /usr/lib/ruby/site_ruby/1.8/puppet/resource.rb:172:in `new' /usr/lib/ruby/site_ruby/1.8/puppet/resource.rb:172:in `to_ral' /usr/lib/ruby/site_ruby/1.8/puppet/resource/catalog.rb:569:in `send' /usr/lib/ruby/site_ruby/1.8/puppet/resource/catalog.rb:569:in `to_catalog' /usr/lib/ruby/site_ruby/1.8/puppet/resource/catalog.rb:547:in `each' /usr/lib/ruby/site_ruby/1.8/puppet/resource/catalog.rb:547:in `to_catalog' /usr/lib/ruby/site_ruby/1.8/puppet/resource/catalog.rb:473:in `to_ral' /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:119:in `convert_catalog' /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:114:in `retrieve_catalog' /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:142:in `run' /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:53:in `run' /usr/lib/ruby/site_ruby/1.8/puppet/agent/locker.rb:21:in `lock' /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:53:in `run' /usr/lib/ruby/1.8/sync.rb:229:in `synchronize' /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:53:in `run' /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:134:in `with_client' /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:51:in `run' /usr/lib/ruby/site_ruby/1.8/puppet/application/puppetd.rb:103:in `onetime' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in `send' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in `run_command' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in `run' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:306:in `exit_on_fail' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in `run' /usr/sbin/puppetd:160 err: Could not run Puppet configuration client: undefined method `initvars' for #Puppet::Type::Package:0x2ba48168 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] undefined method `initvars'
We are seeing this error in our log files on some clients: puppetd[15068]: Could not run Puppet configuration client: undefined method `initvars' for #Puppet::Type::Package:0x2bbb4858 Where do I begin troubleshooting this? The client software versions are: ruby-1.8.5-5.el5_4.8.x86_64 ruby-libs-1.8.5-5.el5_4.8.x86_64 ruby-shadow-1.4.1-7.el5.x86_64 facter-1.5.8-1.el5.noarch ruby-augeas-0.4.1-1.el5.x86_64 puppet-0.25.5-1.el5.noarch And the server is running puppet 2.6.7. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Over-riding changes in modules and classes
You can just create a new class that inherits your previous class and then overwrites the File[] you declared before and use that only on the new machines. Will this also work with an augeas entry with a changes [] section? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Question about refreshonly
I have inherited some puppet configurations; there is an exec resource that looks like this: exec { force-reload-httpd: command = /etc/rc.d/init.d/httpd force-reload, refreshonly = true, } Should this be paired with a subscribe or notify somewhere? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.