Re: [Puppet Users] Override a file{} directive - is it possible?

2012-08-23 Thread Sean Carolan 
 This has been extremely useful in my environment when importing the odd
 'unique snowflake' type server quickly without having to make any code/logic
 changes or introduce large numbers of ENC values to disable certain
 functionality or alter the flow of your puppet code.

Yes. Puppet doesn't seem to deal with snowflakes well, thanks for sharing this.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Override a file{} directive - is it possible?

2012-08-21 Thread Sean Carolan 
 It's not really the cleanest-looking thing, but the easiest option for
 your particular case is to wrap the file resource in an if statement
 like this:
  if (! $::security_limits_disabled) {
file { '/etc/security/limits.conf':
  ...
}
  }

Super, thanks Martin!

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Override a file{} directive - is it possible?

2012-08-20 Thread Sean Carolan 
 It's not really the cleanest-looking thing, but the easiest option for
 your particular case is to wrap the file resource in an if statement
 like this:
   if (! $::security_limits_disabled) {
 file { '/etc/security/limits.conf':
   ...
 }
   }

Thanks, this is just what I was looking for.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Override a file{} directive - is it possible?

2012-08-17 Thread Sean Carolan 
Maybe one of you can help with this.  I have a class that's got a
file{} type directive in it.  It populates /etc/security/limits.conf
with specific settings.  I have a small handful of hosts where we want
to manage /etc/security/limits.conf manually.  Is there a simple way
to tell puppet to exclude this file type just on those hosts, without
copying the entire class?

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Override a file{} directive - is it possible?

2012-08-17 Thread Sean Carolan 
 You don't say what version of puppet you're using, whether you're using
 an ENC, or whether you're already using either extlookup() or hiera(),
 so it's really difficult to suggest something that integrates well with
 your current environment.

Sorry I didn't provide more detail.  We're using puppet 2.6.13.  We
have a single *.pp config file for each and every host, so specifying
additional classes is not hard to do on a host-per-host basis.  Here's
the limits.conf config from the class that has been applied to these
hosts:

file { /etc/security/limits.conf:
   owner   = root,
   group   = root,
   mode= 644,
   content = 
#domain\t\ttype\t\titem\t\tvalue\n*\t\t-\t\tnofile\t\t65000\n*\t\t-\t\tnproc\t\t14\n*\t\thard\t\tcore\t\tunlimited\ncdc-dev\t\t-\t\tpriority\t\t15\nhtc\t\t-\t\tnofile\t\t25\n;
}

Basically I just want this file type to not be active on three
hosts.  I don't need to be able to detect the hosts, as I can specify
the config manually in each of their config files.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Corrupted inventory.txt - how to rebuild?

2011-08-16 Thread Sean Carolan 
 0x is typically the CA cert, was the inventory.txt file blank when
 this occurred? If you have all the certificates, you can use puppet
 cert -pa and extract the serial number, date, and CN info. I'm not
 sure if there's an automated way using openssl commands. This might be
 reasonably close (output should be sorted by serial number):

Here's the problem as I understand it.  We have several puppetmaster
servers, due to the large number of clients and networks that need to
be supported.  We synchronize SSL certs between load balanced hosts
using rsync.  Somehow or other we occasionally end up getting a host
in the inventory.txt file with 0x serial number.  Unfortunately
this seems to reset the counter and new hosts will end up with
duplicate serials to other hosts previously listed in the file.

How do you all handle load balancing and certificate management?  Is
there a way to have a master authority cert server, that all the other
nodes turn to for all things SSL?

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Corrupted inventory.txt - how to rebuild?

2011-08-15 Thread Sean Carolan 
We have an issue where sometimes servers get assigned serial number
0x in the inventory.txt file.  This causes major problems
including SSL cert errors in the log file.  Anyone know how to
properly rebuild inventory.txt without tearing everything out and
starting from scratch?

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] undefined method `initvars'

2011-07-27 Thread Sean Carolan 
On Tue, Jul 26, 2011 at 11:44 AM, Tony G. tony...@gmail.com wrote:
 Try enabling debug and trace on your agent, that will provide more details.

Ok, we gave this a shot.  Here's the output with --debug and --trace turned on:

/var/lib/puppet/lib/puppet/type/package.rb:316:in `initialize'
/usr/lib/ruby/site_ruby/1.8/puppet/resource.rb:172:in `new'
/usr/lib/ruby/site_ruby/1.8/puppet/resource.rb:172:in `to_ral'
/usr/lib/ruby/site_ruby/1.8/puppet/resource/catalog.rb:569:in `send'
/usr/lib/ruby/site_ruby/1.8/puppet/resource/catalog.rb:569:in `to_catalog'
/usr/lib/ruby/site_ruby/1.8/puppet/resource/catalog.rb:547:in `each'
/usr/lib/ruby/site_ruby/1.8/puppet/resource/catalog.rb:547:in `to_catalog'
/usr/lib/ruby/site_ruby/1.8/puppet/resource/catalog.rb:473:in `to_ral'
/usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:119:in `convert_catalog'
/usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:114:in `retrieve_catalog'
/usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:142:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:53:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/agent/locker.rb:21:in `lock'
/usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:53:in `run'
/usr/lib/ruby/1.8/sync.rb:229:in `synchronize'
/usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:53:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:134:in `with_client'
/usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:51:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/application/puppetd.rb:103:in `onetime'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in `send'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in `run_command'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:306:in `exit_on_fail'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in `run'
/usr/sbin/puppetd:160
err: Could not run Puppet configuration client: undefined method
`initvars' for #Puppet::Type::Package:0x2ba48168

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] undefined method `initvars'

2011-07-26 Thread Sean Carolan 
We are seeing this error in our log files on some clients:

puppetd[15068]: Could not run Puppet configuration client: undefined
method `initvars' for #Puppet::Type::Package:0x2bbb4858

Where do I begin troubleshooting this?  The client software versions are:

ruby-1.8.5-5.el5_4.8.x86_64
ruby-libs-1.8.5-5.el5_4.8.x86_64
ruby-shadow-1.4.1-7.el5.x86_64
facter-1.5.8-1.el5.noarch
ruby-augeas-0.4.1-1.el5.x86_64
puppet-0.25.5-1.el5.noarch

And the server is running puppet 2.6.7.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Over-riding changes in modules and classes

2011-05-06 Thread Sean Carolan 
 You can just create a new class that inherits your previous class
 and then overwrites the File[] you declared before and use that
 only on the new machines.

Will this also work with an augeas entry with a changes [] section?

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Question about refreshonly

2010-11-08 Thread Sean Carolan 
I have inherited some puppet configurations; there is an exec resource
that looks like this:

exec { force-reload-httpd:
  command = /etc/rc.d/init.d/httpd force-reload,
  refreshonly = true,
}

Should this be paired with a subscribe or notify somewhere?

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.