[Puppet Users] Re: Problem with order and ensure_resource.
On Saturday, March 28, 2015 at 7:37:35 AM UTC-7, Nan Liu wrote: > > Arioch's puppet-redis needs an anchor resource to wrap the classes > declared in the init.pp. You can establish a relationship if you specify an > existing class with resources (rather the the redis class which only > contain classes): > I will submit a merge request to arioch with some anchors added. I think that will be the easiest solution. I will avoid any module that uses ensure_resources from this point on. >> > > Isn't that rather drastic, considering it's an issue with one module, and > a problem with class containment implementation of that module? > Yeah, maybe a bit drastic, but you have to admit write up jcbollinger gave does make ensure_reasources sound fairly bad though. :) Thank you for the reply. -Shawn -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/210d1437-151c-4d9b-ae94-13284c1243ca%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: Problem with order and ensure_resource.
On Friday, March 27, 2015 at 6:45:05 AM UTC-7, jcbollinger wrote: > > ensure_resource() is not a resource declaration; it is a function call > that under some circumstances causes a resource to be declared. It does > not return a value, and therefore cannot be valid operand for the chain > operators. > Okay, makes sense. > Those are all perfectly reasonable approaches. If they don't work then > I'm inclined to conclude that class 'redis' does not properly contain the > resources it declares. This may be a result of declaring them via > ensure_resource() > -- especially if the affected resources are first declarded elsewhere -- > or it may be a classic case of failing to contain other classes. > Glad I'm not loosing my mind. :) > You could tell me to not use ensure_resources, but I'm not. I'm using >> someone else's module and trying to enforce order at the profile level. >> > > And I *do* tell you not to use ensure_resources(), whether in your own > code or indirectly via someone else's modules. The only way > ensure_resources() works correctly and reliably is if every resource it > governs is declared *only* via one or more ensure_resources() calls, with > the same parameters and relevant in-scope resource defaults at the site of > every such call. Even then, "correctly" does not extend to containment, > and cannot do so without creating a grave risk of dependency cycles. The > ensure_resources() function is not a correct -- nor even a reasonable -- > solution to *any* problem. That a third party module uses it is enough > reason for me to avoid that module. > I will avoid any module that uses ensure_resources from this point on. The redis module likely uses ensure_resources() to try to avoid module > incompatibility problems arising from duplicate resource declarations. > That is, after all, the function's intended purpose. The module can be > forgiven (but not excused) because general module compatibility is a hard > problem. There was at least one proposal for Puppet 4 that would have made > things a lot easier, but I don't think it made it in. If you can find a > way to replace ensure_resources() with something better, then I would > hope the maintainer would accept it; if he didn't, that's enough of an > improvement to consider forking over. > I'm going to work with the module owner to see if we can't find another solution or I'll use a different module. Thank you very much for the reply. I do appreciate it. Have a great weekend. -Shawn -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/745eaa48-9764-40de-b40b-44d21846fedb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Problem with order and ensure_resource.
Using:
puppetserver-1.0.2-1.el7.noarch
puppet-3.7.4-1.el7.noarch
Doing roles and profiles. Have a define setup to add 'includepkgs' items to
different yum repos (for security reasons).
In my redis profile if I do this:
$epel_packages = ['redis', 'jemalloc']
repo::epel::add { $epel_packages: } ->
package { $epel_packages:
ensure => installed,
}
The resource chaining works as expected.
If I try to chain an ensure_resource:
repo::epel::add { $epel_packages: } ->
ensure_resource('package', $epel_packages, {
'ensure' => 'present',
})
This gives Error 400 on SERVER: Syntax error at '}' at line x
If I get rid of the "->" the 400 goes away, but we need 2 puppet runs
because the package install attempt happens before the package is added to
the includepkgs
What I'm really trying to do is, use the define and then call an external
module after. Ideally:
repo::epel::add { $epel_packages: } ->
class { '::redis':
manage_repo => false,
}
But this requires 2 puppet runs because arioch's puppet-redis module uses
ensure_resource which seams to ignores chaining and other attempts to
ensure order in the profile such as:
repo::epel::add { $epel_packages: }
class { '::redis':
manage_repo => false,
require => Repo::Epel::Add[$epel_packages],
}
# or
repo::epel::add { $epel_packages: }
class { '::redis':
manage_repo => false,
}
Repo::Epel::Add[$epel_packages] -> Class['::redis']
# or
repo::epel::add { $epel_packages:
before => Class['::redis'],
}
class { '::redis':
manage_repo => false,
}
Which none of the 3 work. Each requires 2 puppet runs, the first full of
errors.
You could tell me to not use ensure_resources, but I'm not. I'm using
someone else's module and trying to enforce order at the profile level.
I could modify the redis module, or maybe send him a pull request to get
rid of the ensure_resource (which word on the street says ensure_resources
are as bad as using evals); but I'm guessing there is a puppety way to
handle this that I'm not finding; or maybe it's a bug that ensure_resource
ignores all (of my) attempts to assign order?
Any Ideas?
Have a good day.
-Shawn
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/701e7c6e-07e6-4139-90c3-256507e9bc05%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: Could not evaluate: Could not retrieve information from environment production source(s) for one module, for other is ok
I have the same issue, but having it in and pointed to
'puppet://$puppetserve/modules/ntp/etc/ntp.conf' did not fix it- still get
same error, not even 'puppet://$::server/modules/ntp/etc/ntp.conf,'
On Monday, August 6, 2012 5:25:34 PM UTC-5, jenrzzz wrote:
>
> Your source path should be "puppet://$puppetserver/modules/ntp/etc/ntp.conf".
> Leave out the 'files' part.
>
> -- Jenner
>
> On Monday, August 6, 2012 12:01:20 PM UTC-7, Juan Sierra Pons wrote:
>>
>> Hi,
>>
>> I have been fighting this issue without success for several days. I am
>> sure some of you have dealt with something similar:
>>
>> I have 2 manifest one for vim which works like a charm :
>>
>> class vim {
>> if $operatingsystem == "Debian" {
>> package {"vim":
>> ensure => present,
>> }
>> package {'vim-puppet':
>> ensure => present,
>> require => Package["vim"],
>> }
>> }
>> file { "/etc/vim/vimrc":
>> owner => "root",
>> group => "root",
>> mode=> 0644,
>> source
>> =>"puppet://$puppetserver/modules/vim/etc/vim/vimrc",
>> require => Package["vim"],
>> }
>> }
>>
>> The source file is downloaded ok
>> Aug 6 20:49:55 virtualito puppet-agent[26967]:
>> (/Stage[main]/Vim/File[/etc/vim/vimrc]/ensure) defined content as
>> '{md5}b98e8ce84974ad114ec0e12b8b97fa1f'
>>
>> BUT I have a similar manifest for ntp:
>>
>> class ntp {
>> if $is_virtual == 'false' {
>> package { 'ntp':
>> ensure => present,
>> }
>> service { 'ntp':
>> ensure => 'running',
>> enable => 'true',
>> hasrestart => 'true',
>> require=> Package['ntp']
>> }
>> file { "/etc/ntpd.conf":
>> owner => "root",
>> group => "root",
>> mode=> 0644,
>> require => Package["ntp"],
>> source =>
>> "puppet://$puppetserver/modules/ntp/files/etc/ntp.conf",
>> }
>> }
>> if $is_virtual == 'true' {
>> package { 'ntp':
>> ensure => purged,
>> }
>> }
>> }
>>
>> In this case the source file is not downloaded and the logs show the
>> following output:
>>
>> (/Stage[main]/Ntp/File[/etc/ntpd.conf]) Could not evaluate: Could not
>> retrieve information from environment production source(s)
>> puppet:///modules/ntp/files/etc/ntp.conf at
>> /etc/puppet/modules/ntp/manifests/init.pp:19
>>
>> I have already checked that puppet user can get to the proper file so
>> is not a issue of FS permission.
>>
>> Any idea?
>>
>> Best regards
>>
>> --
>>
>>
>> Juan Sierra Pons ju...@elsotanillo.net
>>
>> Linux User Registered: #257202 http://www.elsotanillo.net
>> GPG key = 0xA110F4FE
>> Key Fingerprint = DF53 7415 0936 244E 9B00 6E66 E934 3406 A110 F4FE
>> --
>>
>>
>>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/a64379ec-4e47-4c2d-aa83-7ffc7c748aab%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Could not retrieve information from environment production source
Mine is that way-
/etc/puppet/modules/sudo/files/sudoers
# cat modules/sudo/manifests/init.pp
class sudo {
package { sudo:
ensure => present,
}
if $operatingsystem == "Ubuntu" {
package { "sudo-ldap":
ensure => present,
require => Package["sudo"],
}
}
file { "/etc/sudoers":
owner => "root",
group => "root",
mode => 0440,
source => "puppet://$puppetserver/modules/sudo/files/sudoers",
require => Package["sudo"],
}
}
and I still get :::
Error: /Stage[main]/Sudo/File[/etc/sudoers]: Could not evaluate: Could not
retrieve information from environment production source(s)
puppet://vb001o13.woodbeeco.com/modules/sudo/files/sudoers
puppet.conf--
[main]
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl
moduledir = /etc/puppet/modules:/var/lib/puppet/modules:/opt/modules
autosign = true
manifests/site.pp --
import 'nodes/*'
#import 'classes/*'
$puppetserver = 'vb001o13.woodbeeco.com'
manifests/nodes/nodes.pp --
node 'vb001o13.woodbeeco.com' {
include sudo
# include ntp
}
node 'vb002o13.woodbeeco.com' {
include sudo
# include ntp
}
On Wednesday, November 28, 2012 2:50:55 AM UTC-6, 凯夏 wrote:
>
> On 2012年11月28日 15:43, Jakov Sosic wrote:
> > You need to move /etc/puppet/modules/sudo/sudoers to
> > /etc/puppet/modules/sudo/files/sudoers
> thanks, i'll try this later.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/62da086b-4cef-4799-a5ed-790c9dbe328d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Warning: Unable to fetch my node definition, but the agent run will continue:
I am getting the following error when executing puppet agent --test from the node to force it to get its node definition [root@localhost puppet]# puppet agent --test Warning: Unable to fetch my node definition, but the agent run will continue: Warning: Error 400 on SERVER: Failed to find puppetnode.localdomain via exec: Execution of '/etc/puppet/snc_enc.py puppetnode.localdomain' returned 1: Info: Retrieving plugin Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed when searching for node puppetnode.localdomain: Failed to find puppetnode.localdomain via exec: Execution of '/etc/puppet/snc_enc.py puppetnode.localdomain' returned 1: Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run I am using an external node classifier, not sure what I am doing wrong -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/0e4d0d45-fc4d-4d38-b513-d271a71eae16%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] puppetlabs-firewall scope
I created a firewall module. In firewall/manifests/init.pp i have the
following.
class firewall {
## Always persist firewall rules
exec { 'persist-firewall':
command => '/sbin/iptables-save > /etc/sysconfig/iptables',
refreshonly => true,
}
## These defaults ensure that the persistence command is executed after
## every change to the firewall, and that pre & post classes are run in
the
## right order to avoid potentially locking you out of your box during the
## first puppet run.
Firewall {
notify => Exec['persist-firewall'],
before => Class['firewall::post'],
require => Class['firewall::pre'],
}
Firewallchain {
notify => Exec['persist-firewall'],
}
## Purge unmanaged firewall resources
##
## This will clear any existing rules, and make sure that only rules
## defined in puppet exist on the machine
resources { 'firewall': purge => true }
## include the pre and post modules
include firewall::pre
include firewall::post
}
Then you just "include firewall"
Shawn Foley
425.281.0182
On Tue, Dec 4, 2012 at 12:36 PM, Louis Coilliot wrote:
> Hello,
>
> I can't figure out how I can use the module puppetlabs-firewall only
> for some targeted nodes.
>
> If I put :
>
> resources { "firewall": purge => true }
>
> in top scope (i.e. site.pp),
>
> then all the firewall rules on all my nodes are purged. Even for nodes
> for which I don't apply any module containing specific firewall { ...
> } resources.
>
> If I put it in a module (i.e. myfw ), then for all nodes where I
> apply a module containing firewall resources, I got a mix of the
> previous rules (defined locally with the OS) and the new ones provided
> with puppet.
>
> Did I miss something or is it the expected behaviour ?
>
> If this is expected, is there a workaround to apply the purge of the
> rules only for some nodes where I want to apply specific firewall
> rules through modules and puppet-firewall ?
>
> Thanks in advance.
>
> Louis Coilliot
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Weird mode issues with /var/lib/puppet/lib
Correction; the mode the production server wants for that directory is 2775, not 2755. I'm still baffled why the two masters are different and managing that directory on the agent. --Shawn -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/QKyBO0f2P8oJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Weird mode issues with /var/lib/puppet/lib
I have two puppet master servers in my fledgling puppet infrastructure, a production one and a dev one. I have configured the production one as the authoritative CA, and I have one test agent machine which I'm switching back and forth with the "server" option in /etc/puppet/puppet.conf. When I point the agent at the production server and do puppet agent -t, it sets /var/lib/puppet/lib to be mode 2755. When I have the production server (which is its own master) do puppet agent -t, it sets /var/lib/puppet/lib to be mode 2755. When I point the agent at the development server and do puppet agent -t, it sets /var/lib/puppet/lib to be mode 0755. When I have the development server (which is its own master) do puppet agent -t, it sets /var/lib/puppet/lib to be mode 0755. I'm running "service puppetmaster start", and "puppet agent -t", as root on both servers. The ownership and modes of the directories above /var/lib/puppet/lib in their trees are identical. /var/lib/puppet/lib isn't _in_ the modules and manifests paths on either master. The only differences in the puppet.confs of the two masters are: - each master points at itself - the development one has ca = false and ca_server = production.server.fqdn How can I determine where /var/lib/puppet/lib's mode should be determined (and since it's not even in the modules, why are the two masters trying to control it on the agent)? --Shawn -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/QfWzlwgEkLEJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Help: sysctl implementation with defined types
Appreciated, certainly. But again, for the sake of learning Puppet better, I'd like to know why my code doesn't work. :) On Tuesday, November 27, 2012 2:06:17 PM UTC-5, Fiddyspence wrote: > > Try http://forge.puppetlabs.com/fiddyspence/sysctl -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/O5OLIjytr3IJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Help: sysctl implementation with defined types
Hi folks,
Still a beginner with Puppet. I'm trying to set up a simple class for
building a sysctl.conf, and I've hit a stumbling block. I could go with the
sysctl solutions other people have written with custom ruby functions or
augeas, but solving the problem I'm having might be instructive for other
Puppet problems down the road, if you follow, so I'm asking what I'm doing
wrong.
(I'm just creating a dummy file and not even putting it in sysctl.conf
while I'm learning the infrastructure, so don't be alarmed by the goofy
parameter names and values. :)
First I have a modules/sysctl/manifests/init.pp which includes (some stuff
omitted):
class sysctl {
$params = { 'mem_max' => '5G' }
$params['mem_min'] = '1G'
## template file resource here points at an ERB template
## which loops over the keys/values of the $params hash.
## sparing you the details of the file resource for now since it works
fine. :)
file { ... }
}
So far so good! I get a file which looks like
mem_max = 5G
mem_min = 1G
Okay. Now I try to get fancy and create a defined type that would let me
add more sysctl entries.
In modules/sysctl/manifests/add_param.pp:
define sysctl::add_param ( $value ) {
notify { "Setting $title to $value": } ## for debugging purposes
$sysctl::params[$title] = $value
}
And then I add to the sysctl class:
## add the extra param
##
add_param { 'mem_avg': value => '3G' }
notify { "The params are ${params}": }
What happens is, I see:
"Setting mem_avg to 3G
The params are mem_max5Gmem_min1G"
and the produced file does not contain the new parameter.
So it looks like the defined type resource does indeed get instantiated,
and its internal notify {} shows the right thing, but it doesn't actually
add to the $sysctl::params hash. What makes this extra-frustrating is, it
doesn't give any error message about not being able to, either -- it just
silently fails.
Can a defined type not modify the variables in its parent namespace? If
not, why am I not getting an error message? If it can, what am I doing
wrong?
The use case for the whole defined type mess is, supposing later I want to
do something like this, to set sysctl parameters specific to a given
software class.
class oracle {
sysctl::add_param{ 'oracle_wants_lots_of_ram': value => '1' }
}
I'm perfectly fine with being told "your overall use case needs hiera" or
something (which will probably have me coming back with more questions),
but I'll particularly appreciate knowing why the thing I'm actually trying
isn't working, as I'm still learning the basics. :) Thanks!
BTW, this is with Puppet open source 3.0.0.
Cheers,
--Shawn
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/CsGGfCkcUVIJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Open Source to Enterprise migration?
Hi, Can any users of Puppet tell me about experiences in upgrading a Puppet Open Source environment to Enterprise? We're evaluating what our options are in getting started with our new infrastructure deployment and we'd love a sense of "how painful will it be if we start with OS and later decide to spring for commercial." Obviously experiences with more recent versions are good, but I'm all ears. Things like "You know, the PE upgrade tool basically just works" or "Turned out to be 2 days of downtime with a lot of tears and editing config files" are things I want to hear, either way. :D Cheers, --Shawn -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/rjGuyNHLSNEJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Stop aptitude package provider from using '-y'
I think a better solution would be using preseed files to answer the questions. Is this not an option? Sent via BlackBerry -Original Message- From: David Banks Sender: puppet-users@googlegroups.com Date: Sun, 22 Jul 2012 23:58:01 To: Reply-To: puppet-users@googlegroups.com Subject: [Puppet Users] Stop aptitude package provider from using '-y' Hi all, I like to use the aptitude provider to install packages -- all my systems are Debian and it's consistent with what I use manually. However, the aptitude provider seems to pass the '-y' option to aptitude, which causes aptitude to simply assume yes for all prompts. I understand that this might be necessary to avoid puppet hanging due to the subprocess prompting, but in some cases aptitude can prompt because of conflicts. In the case of conflicts, I would want puppet to just return an error and let me handle the situation manually. Because sometimes aptitude's first solution to a conflict is very suboptimal. Does anyone know how I can configure this? Cheers, David -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] can we avoid notify/subscribe firing on a mode change?
Brutal you are. -yoda Sent via BlackBerry -Original Message- From: Jo Rhett Sender: puppet-users@googlegroups.com Date: Mon, 18 Jun 2012 17:07:21 To: Reply-To: puppet-users@googlegroups.com Subject: Re: [Puppet Users] can we avoid notify/subscribe firing on a mode change? Right, sure. Instead of 18 lines of puppet policy that do exactly what I need, I should instead go create an infrastructure based around a barely documentation and SLOW part of puppet. Because who wants finer granularity for your controls, when you could implement a huge infrastructure instead? I take it you are a bit too young to have watched companies go out and implement Active Directory to solve a minor technical problem, aren't you? There is no value in implementing an infrastructure with its own requirements for redundancy and its own dependancies to solve something you can code in an hour. On Jun 18, 2012, at 4:27 PM, Eric Shamow wrote: > No - if it's that small and simple, the data bout which host is in which > should be in your source of truth, CMDB, etc - and Puppet should read that > data and determine which attribute or set of attributes (or resources) is > applied based on that. > > You can do this today with hiera and conditionals. > > -- > > Eric Shamow > Professional Services > http://puppetlabs.com/ > (c)631.871.6441 > > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. -- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] can we avoid notify/subscribe firing on a mode change?
--Original Message-- From: Felix Frank Sender: puppet-users@googlegroups.com To: puppet-users@googlegroups.com ReplyTo: puppet-users@googlegroups.com Subject: Re: [Puppet Users] can we avoid notify/subscribe firing on a mode change? Sent: Jun 14, 2012 7:18 AM On 06/14/2012 12:39 PM, Jo Rhett wrote: >> What you're suggesting is a differentiation that has never existed in >> this context (afaik). I'm not sure I feel good about opening this door - >> I can easily see it become a gateway for lots of unintended effects to >> trip users up. > > How so? The variable would allow the user to be explicit. As it stands > now, I suspect most people would be surprised. Maybe so, but if nothing else, current behaviour is very consistent, which I consider a very redeeming quality. One problem scenario I can see is users defining defaults for this parameter, with the usual scoping behaviors that can easily confuse (especially new) users. > I am also very disconcerted about the issues involved in setting up new > files. You can never, ever, EVER change the mode of a newly installed > file without restarting services on all existing machines. That doesn't > make any sense. I don't really understand your scenario. There is a new config file for service X. It gets installed from a package, presumably the X package itself. How are service restarts immediately after package installation problematic? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. Sent via BlackBerry -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Thoughts on job listings?
+1 for linked in Sent via BlackBerry -Original Message- From: devzero2000 Sender: puppet-users@googlegroups.com Date: Thu, 7 Jun 2012 13:31:18 To: Reply-To: puppet-users@googlegroups.com Subject: Re: [Puppet Users] Thoughts on job listings? Linkedin is a good place 2012/5/30, Steve Traylen : > On Wednesday, 30 May 2012 22:49:44 UTC+2, Michael Stanhke wrote: >> >> How do folks feel about getting Puppet job listings on this list? >> I've rejected a few that we quite spammy, but when the subject matter >> really is a system admin with puppet experience, the decision becomes >> a bit different. >> >> I'm looking for general feelings. A simple +1 or -1 would be great. >> >> I would like somewhere to post jobs (we have one :-)) > If it can be somewhere close to the people reading this list so much the > better. > > Steve > >> >> Mike >> > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/kULJFmwfqgMJ. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- Inviato dal mio dispositivo mobile -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet / scalability
Wanted to point out I manage over 3000 x86 tablets with puppet. This doesn't include production servers. Sent via BlackBerry -Original Message- From: Alex Harvey Sender: puppet-users@googlegroups.com Date: Sun, 13 May 2012 23:53:52 To: Puppet Users Reply-To: puppet-users@googlegroups.com Subject: [Puppet Users] Puppet / scalability Hi list, I am looking at configuration management tool options. I have a large fleet (> 3,000 hosts) and highly heterogeneous (RHEL3-5, CentOS, 5RH7, Solaris 10 LDOMs/zones, Solaris 8-9, AIX 5.3 & 6.1 LPARs, HP-UX & Tru64 + Windows). We care mainly about RHEL and new versions of Solaris & AIX but ability to compile on older versions is an advantage. Probably, the Windows will be managed by SCCM. I have read that Puppet could have scalability problems to a site as large as ours. To keep this simple, I'd like feedback on whether that is likely to be true for us. A rep from CFengine has told me that ours would be the largest Puppet site in the world (I think that's not true). Could someone confirm? General feedback also welcome. Kind regards, Alex Harvey -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] White list of packages
you could always write shell to compare a "whitelist" against a dpkg -l listing, or whatever pkg manager you are using. Then have it generate your puppet manifest.. First I would try to figure out how to prevent unwanted packages from being installed in the first place, not removing them after they were installed. On Tue, May 1, 2012 at 8:04 PM, Christopher Wood wrote: > You can install and remove specific packages, but not specify a whitelist. > > (Unless you wanted to do creative things with facts, templates, and > puppetized scripts. I'm assuming you think it's better to hose your server > due to a typo than run with a single unpermitted package. And then how are > you going to deal with the /var/tmp/... style of file-upload packages used > by various script kiddies?) > > On Tue, May 01, 2012 at 01:38:34PM -0700, bainar wrote: > > Can anyone tell me if it is possible to explicitly specify the only > > allowed packages on a host (modules on a node?) - i.e. a white list? > > This is for hardening a VPS in the cloud. > > > > Thanks in advance > > Andrew > > > > -- > > You received this message because you are subscribed to the Google > Groups "Puppet Users" group. > > To post to this group, send email to puppet-users@googlegroups.com. > > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > > > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- *- Shawn Taaj* -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] err: Could not send report: Error 400 on SERVER: execution expired
is your time the same on both client and master? it would be helpful if you provided the --verbose --debug --test --no-daemonize output of the client.. Also run your master in verbose mode and paste it's errors here as well. On Fri, Apr 27, 2012 at 10:12 AM, Demon wrote: > Hey there! > > All my clients have gone "out of sync" are have the following line in > the puppet.out log file... > > err: Could not send report: Error 400 on SERVER: execution expired > > The clients appear to not be updating either... > > I have restarted the Puppet Master to no avail... > > Any help appreciated! > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- *- Shawn Taaj* -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet on Windows - client installer?
Is this .MSI available (at least for testing)? When I click on the link it takes me to a login screen. I am trying to pilot it in my test lab environment and would love to give it a whirl. Especially since this testlab environment has limited Internet connectivity (read that as none) so trying to install the individual pieces for the Windows agents is a pain. Trying to do a POC for the Windows servers. Thanks. On Jan 26, 9:59 am, Josh Cooper wrote: > On Wed, Jan 18, 2012 at 5:54 AM, jmp242 wrote: > > Is this the case, or am I missing where the installer is? Is there any > > thought to creating a msi / exe installer in the future that would > > > have puppet be self contained > > Funny you should ask:https://projects.puppetlabs.com/issues/11205. We are > working on an MSI installed containing everything you need to install > puppet, facter, ruby, gems. > > > and run a service? > > This is something we are not planning on doing, partly because of the issue > with long running ruby processes, memory usage, etc. Instead we were > looking to use scheduled tasks to run puppet on a specified interval. It > does mean you couldn't `puppet kick` these agents. Would that work in your > environment? > > Josh > > -- > Josh Cooper > Developer, Puppet Labs -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Error 400 on SERVER: No support for http method POST
I noticed this problem today with a 2.6.3 client which was upgraded today to 2.7.10. Master is 2.6.3 Sent via BlackBerry -Original Message- From: rjl Sender: puppet-users@googlegroups.com Date: Tue, 7 Feb 2012 15:01:14 To: Puppet Users Reply-To: puppet-users@googlegroups.com Subject: [Puppet Users] Re: Error 400 on SERVER: No support for http method POST The puppet master is at the same version. [root@stsdev-pri conf.d]# rpm -qa | grep puppet puppet-server-2.7.10-1.el5 level3-osp-puppetmaster-2.2.07-el5 puppet-2.7.10-1.el5 On Feb 7, 3:21 pm, Craig White wrote: > On Feb 7, 2012, at 2:37 PM, rjl wrote: > > > Hi All, > > I found a post from last year similar to this but it did not provide > > me with a solution. > > > I just upgraded from 2.6.7 to 2.7.10. My clients that are still > > running the older 2.6.7 version are working fine. However, my clients > > that I have upgraded to 2.7.10 are throwing the following error: > > > Could not retrieve catalog from remote server: Error 400 on SERVER: No > > support for http method POST > > > I am running passenger 3.0.5 on the puppet master. > > > Any help would be greatly appreciated. > > > that seems to be the common error when the clients are running a puppet > version that is newer than the puppet master. > > Upgrade the puppet master, problem will be solved. > > Craig -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet & symlink
So I would use puppet to create the symlink or in your cause looks like you are doing this via RPM?? Then I would use puppet to create a cron to check if the symlink is still valid and if not create it, set this to run after your scheduled maintenance time. On Fri, Dec 30, 2011 at 11:32 AM, Len Rugen wrote: > We have a case where we've been requested to create an extra symlink. The > system provides libsomething.so.0.vv.rr and a symlink of > libsomething.so.0. We need create a symlink libsomething.so (without the > .0). I'm afraid maintenance may change the base file and break the > puppeted symlink. > > Can we do something like subscribe to the RPM provided libsomething.so.0 > link, then fire an script to find it's new target and recreate our > symlink? > > Thanks > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- *- Shawn Taaj* -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Issues with puppet first launch
In one screen I am running the puppet daemon. r...@puppetmaster:~# puppetmasterd --verbose --no-daemonize info: Caching certificate for ca info: Creating a new SSL certificate request for puppetmaster notice: puppetmaster has a waiting certificate request notice: Signed certificate request for puppetmaster notice: Removing file Puppet::SSL::CertificateRequest puppetmaster at '/var/lib/puppet/ssl/ca/requests/puppetmaster.pem' notice: Removing file Puppet::SSL::CertificateRequest puppetmaster at '/var/lib/puppet/ssl/certificate_requests/puppetmaster.pem' notice: Starting Puppet server version 0.25.4 err: Removing mount files: /etc/puppet/files does not exist Next screen. r...@puppetmaster:~# puppetd --server puppetmaster.patient-pad.org--waitforcert 60 --test info: Retrieving plugin err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': undefined method `closed?' for nil:NilClass err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of resource: undefined method `closed?' for nil:NilClass Could not retrieve file metadata for puppet://puppetmaster.domainname.com/plugins: undefined method `closed?' for nil:NilClass err: Could not retrieve catalog from remote server: undefined method `closed?' for nil:NilClass warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run Any ideas on this? Thanks -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet on ubuntu 10.04
Looks like I have strange entries for puppet everywhere. This is from the source compile/package install. Can anyone provide a way to get this all off of the system so I can do a fresh start? Thanks On Thu, Dec 23, 2010 at 12:43 PM, Simon Deziel wrote: > On 12/23/2010 12:40 PM, Paul Willis wrote: > > > > On 23 Dec 2010, at 17:23, Shawn wrote: > > > >> I am trying to get puppet installed on ubuntu 10.04, I was able to > compile from the git source with no problem but users have mentioned that > using a ubuntu package would likely be the best way to go. Why is this? > >> > >> Does anyone have a link to a ubuntu 2.6.4 package? > > > > You need to add backports.. > > > > > http://projects.puppetlabs.com/projects/1/wiki/Puppet_Ubuntu#Lucid-Lynx-10041 > > You can also use Mathias Gug's PPA : > > https://launchpad.net/~mathiaz/+archive/puppet-backports<https://launchpad.net/%7Emathiaz/+archive/puppet-backports> > > It currently includes puppet 2.6.3. > > Simon > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet on ubuntu 10.04
Hi, I am trying to get puppet installed on ubuntu 10.04, I was able to compile from the git source with no problem but users have mentioned that using a ubuntu package would likely be the best way to go. Why is this? Does anyone have a link to a ubuntu 2.6.4 package? Thanks -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
