Re: [Puppet Users] Re: Clarification on mount type behaviour

2017-03-30 Thread Stefan Schulte 

Hi

On 30.03.2017 14:57, jcbollinger wrote:


mounted.  But perhaps it doesn't have to be limited that way.  Expanding
its scope to cover the options with which the filesystem is actually
mounted seems like a reasonable feature request.  And if you don't want
to wait, then very likely you can roll your own by writing and using an
extension of the existing "parsed" provider that adds the behavior you want.


John


actually there is an ancient one

https://projects.puppetlabs.com/issues/6309

that finally ended in a forge module

https://forge.puppet.com/puppetlabs/mount_providers

The problem is that if you describe the desired value (e.g. options => 
"ro"), what is the current value? The value in /etc/fstab or in 
/proc/self/mounts?


The forge module solves this dilemma by introducing two separate types 
(that can be abstracted again to one define) but since the original 
intention was to merge this back into core and this never happened I am 
not sure of the general quality of this module. When it was first 
released (which is a while back now) it introduced issues that had been 
solved in the original mount provider and have been reintroduced in the 
module (e.g. https://projects.puppetlabs.com/issues/4914) so make sure 
the module is usable first.


- Stefan

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/a9c1f057-b005-4a03-e48e-8cf82bc8f7d3%40posteo.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: writing custom fact -> return value not as expected

2017-01-10 Thread Stefan Schulte 
Hey Rob,

variable interpolation in strings in ruby is actually done with
#{some_var}, so the following snippet

#!/usr/bin/ruby

"Hello World".match(/Hello (.*)/)

puts $1
puts "$1"
puts "#{$1}

actually returns

World
$1
World

As you can see "$1" does not interpolate to an earlier match.

On 10.01.2017 21:14, Rob Nelson wrote:
> At a guess, dollar signs inside double quotes interpolate, so it's
> extremely possible that somewhere earlier in the ruby run, $3 matched
> "Jan" somewhere and that was reused in your awk command. In the latter
> usage there's probably no $6 (that's a lot of matches!) or it amazingly
> has the value '$6'. I would definitely be more careful about escaping
> any dollars inside of double quoted strings that are passed to exec(),
> system(), or similar functions, as escaping that can be a nightmare when
> the stars align during your design but not weeks later during your usage.
> 
> On Tuesday, January 10, 2017 at 12:24:45 PM UTC-5, Denny wrote:
> 
> Tried out another customfact "lastyumupdate" which looks like:
> 
> |
> Facter.add(:lastyumupdate) do
>   setcode do
> Facter::Util::Resolution.exec("yum history |grep -E '^.*(Update|
> U).*$' |head -n 1 |awk '{print $6}'")
>   end
> end
> |
> 
> This one returns on command line "2017-01-10" AND sets the fact correct
> 
> |
> $ puppet facts |grep last
> "lastrebootdate": "Jan",
> "lastyumupdate": "2017-01-10",
> |
> 
> 
> Any help is appreciated :)
> 
> 
> Denny
> 
> Am Dienstag, 10. Januar 2017 17:47:36 UTC+1 schrieb Denny:
> 
> PS: I'm running facter 3.5.0 with puppet 4.8.1 on CentOS 7
> 
> 
> Am Dienstag, 10. Januar 2017 17:44:23 UTC+1 schrieb Denny:
> 
> Hi there,
> 
> probably a pretty easy to answer question.
> 
> I want to try out adding custom facts. My first custom fact
> should be "lastrebootdate"
> 
> My code looks like this:
> 
> |
> Facter.add(:lastrebootdate) do
>   setcode do
> Facter::Util::Resolution.exec("/usr/bin/who -b |awk
> '{print $3}'")
>   end
> end
> |
> 
> Running the command on the system returns "2017-01-30"
> 
> Deploying my fact on a puppet node and running the puppet
> agent returns "Jan".
> 
> |
> $ puppet facts |grep lastrebootdate
> "lastrebootdate": "Jan",
> |
> 
> What did I miss?
> 
> Thank you,
> 
> Denny
> 
> -- 
> You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to puppet-users+unsubscr...@googlegroups.com
> .
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/1fe52550-e656-415a-9197-a692d397c8bc%40googlegroups.com
> .
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/ccb700cd-6bf1-14dc-84cf-9b75d7181eca%40posteo.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] writing custom fact -> return value not as expected

2017-01-10 Thread Stefan Schulte 
Hi Denny,

IIRC facter will internally run commands with a C locale to get reliable
command output on different locale settings [1]

% LC_ALL=de_DE.utf8 /usr/bin/who -b |awk '{print $3}'
19:34
% LC_ALL=en_US.utf8 /usr/bin/who -b |awk '{print $3}'
2017-01-10
% LC_ALL=C /usr/bin/who -b |awk '{print $3}'
Jan

[1] https://github.com/puppetlabs/facter/pull/696

On 10.01.2017 17:44, Denny wrote:
> Hi there,
> 
> probably a pretty easy to answer question.
> 
> I want to try out adding custom facts. My first custom fact should be
> "lastrebootdate"
> 
> My code looks like this:
> 
> |
> Facter.add(:lastrebootdate) do
>   setcode do
> Facter::Util::Resolution.exec("/usr/bin/who -b |awk '{print $3}'")
>   end
> end
> |
> 
> Running the command on the system returns "2017-01-30"
> 
> Deploying my fact on a puppet node and running the puppet agent returns
> "Jan".
> 
> |
> $ puppet facts |grep lastrebootdate
> "lastrebootdate": "Jan",
> |
> 
> What did I miss?
> 
> Thank you,
> 
> Denny
> 
> -- 
> You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to puppet-users+unsubscr...@googlegroups.com
> .
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/f91eae2b-b980-4dd5-a544-2fc0a2f8e9ef%40googlegroups.com
> .
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/df4e22da-5af0-3c78-b978-2d5c473ae0b7%40posteo.de.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [Puppet Users] Array of properties matching_all not working

2016-12-05 Thread Stefan Schulte 


On 04.12.2016 09:27, Lupin Deterd wrote:
> Hi,
>
>  I'm working on a custom type & provider. One of the property is an
> Array and I want to match every elements in it but somehow I can't
> make it work. Relevant snippet are as follow:
>
> type/zfsacl.rb
>
>   newproperty(:permission, :array => :matching_all) do

I think this should read

:array_matching => :all

instead of

:array => :matching_all

- Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/67a5b890-9fbc-9d94-dfa8-92b3ad1c05a2%40posteo.de.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Access to hiera repository

2016-02-02 Thread 'Stefan Schulte' via Puppet Users 
Hello everyone,

I am currently working in a Linux team that decided to use Puppet as a
configuration management tool and we developed a couple of own modules,
use a lot from the forge and we keep hiera data in a separate git
repository (tools: r10k+controlrepo, one separate hiera repo not managed
by r10k, gitlabs server to manage all git repos)

The IT department is quite big and has different silos (e.g VMWare team,
Linux team, Backup team, Storage team, etc) but we (meaning the linux
team) want to use puppet to replace workflows that beforehand went
through different departments, e.g. to configure backup for a new
machine, the backup team had to create a node in their backup tool and
than give us the necessary input to generate the correct configuration
file on the new server.

Ideally I would like them to manage the data in hiera the same way as we
do, so they can leverage the hierarchy to define defaults on a subnet
level, host level, etc. but on the otherhand access to the single hiera
repo would allow them to basically reconfigure everything on a server
(like adding data for the sudo module to add custom sudo rules).

Even though this would be tracked through git logs, a lot of my
collegues are not comfortable with that (and might even be against
internal regulations) so I am wondering how you manage the fact when a
lot of different teams with different knowledge about puppet, yaml, and
git should contribute to hiera but should only manage stuff they care
about/are responsible for.

- Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56B12FDC.8090801%40taunusstein.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: exec without a shell

2016-01-27 Thread 'Stefan Schulte' via Puppet Users 


On 28.01.2016 01:46, 'Stefan Schulte' via Puppet Users wrote:
> [...]
> I guess the sane approach would be to add a feature request to allow
> passing an array as a command parameter which in turn would run ruby's
> exec with an array as well, bypassing the shell.
> [...]
> -- Stefan

just for reference. There already is such a feature request:
https://tickets.puppetlabs.com/browse/PUP-3142

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56A96695.5030508%40taunusstein.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: exec without a shell

2016-01-27 Thread 'Stefan Schulte' via Puppet Users 


On 27.01.2016 15:28, jcbollinger wrote:
> [...]
> Puppet implements the "posix" provider by passing the command to
> Ruby's Kernel.exec()
> .
> [...]

Thanks for the inside view John. This would explain the current
behaviour. IIRC this behaves quite similar to perl's "system" command
(single argument vs. array). I also just remembered about some old
discussions on redmine but I could only dig up

http://projects.puppetlabs.com/issues/4288#note-16

which all talk about feeding the exec with the "array form" but that
does not work as expected either.

# test.pp
exec { 'Test03':
  command  => [ "/bin/echo", "arg1", "arg2", "arg3" ],
  provider => posix,
}
$ puppet apply test.pp
Error: Parameter command failed on Exec[Test03]: Command must be a
String,
got value of class Array at /home/stefan/test.pp:1

So without the help of the shellescape function (which I strangely never
saw in the wild before) I basically give everyone with access to hiera
data root-rights as a bonus (If I happen to use hiera data to generate
command line arguments).

I guess the sane approach would be to add a feature request to allow
passing an array as a command parameter which in turn would run ruby's
exec with an array as well, bypassing the shell.

-- Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56A964E2.7010203%40taunusstein.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Prefetch in custom types in Puppet v4?

2016-01-26 Thread 'Stefan Schulte' via Puppet Users 


On 19.01.2016 02:53, Jakov Sosic wrote:
> On 01/19/2016 02:52 AM, Jakov Sosic wrote:
>> Hi guys,
>>
>>
>> I've noticed the following problem with one of my providers in v4.
>>
>> This is the original prefetch method I used:
>>
>> def self.prefetch(resources)
>>   instances.each do |prov|
>> if resource = resources[prov[:name]]
>>   resource.provider = prov
>> +resource.provider = new(prov)
>> end
>>   end
>> end
>
> Sorry, ignore the line with `+` prefix :)
>

Are you sure the error is in the prefetch method? Looks to me like the
instances method does not return an array of provider instances but
something else (array of hashes?)

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56A82155.2080503%40taunusstein.net.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] exec without a shell

2016-01-26 Thread 'Stefan Schulte' via Puppet Users 
Hello,

I've got a quick question about the exec type. The exec type does have a
shell provider and a posix provider and the posix provider says

#
https://github.com/puppetlabs/puppet/blob/master/lib/puppet/provider/exec/posix.rb
Executes external binaries **directly, without passing through a
shell** or
performing any interpolation. This is a safer and more predictable way
to execute most commands, but prevents the use of globbing and shell
built-ins (including control logic like "for" and "if" statements).

but when I test the following manifest:

$unsafe_input = "I will fail; /bin/false"
   
exec { 'Test01':
  command  => "/bin/echo ${unsafe_input}",
  provider => posix,
}
   
exec { 'Test02':
  command  => shellquote("/bin/echo", $unsafe_input),
  provider => posix,
}


then the first test will fail (because /bin/false is executed instead of
printed), while the second test does work (I am not sure how reliable
shellquote acutally works though).

# on puppet version 4.3.1:
Notice: /Stage[main]/Main/Exec[Test01]/returns: I will fail
Error: /bin/echo I will fail; /bin/false returned 1 instead of one
of [0]
Error: /Stage[main]/Main/Exec[Test01]/returns: change from notrun to
0 failed: /bin/echo I will fail; /bin/false returned 1 instead of one of [0]
Notice: /Stage[main]/Main/Exec[Test02]/returns: executed successfully

Am I misreading the documentation here?

- Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56A81F7C.2000702%40taunusstein.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: mount point directory permissions

2014-03-23 Thread Stefan Schulte 
On 21.03.2014 19:53, José Luis Ledesma wrote:
> I prefer the exec resource to create the mount point ( with onlyif !
> Test-d mountpoint) and the file resource to set the proper permissions.
> 
> Regards,

That's what I'd do, too. But you can use `creates` paramter to do the
check, there is no need to invoke an external command.

exec { 'create_mntpoint_/mnt/foo':
  command => '/bin/mkdir -m 0755 /mnt/foo',
  creates => '/mnt/foo',
}

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/532EA212.3060008%40taunusstein.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] How do I prevent logging of secure data?

2014-02-24 Thread Stefan Schulte 
On 24.02.2014 21:13, Larry Fast wrote:
> By default puppet will report the changes to any files it updates.  If
> the file includes any secure data like passwords or private encryption
> keys, that also shows up in the logs.  Is there any way to block this
> level of logging for individual files?  Disabling it for all files is
> also acceptable.

You should be able to generally block it with the `show_diff`
configuration option [1]. It can also be deactivated on a per-file basis
[2] as long as you run a recent version of puppet (according to the
original feature request [3] this has been added in puppet 3.2)


[1] http://docs.puppetlabs.com/references/latest/configuration.html#showdiff
[2]
http://docs.puppetlabs.com/references/latest/type.html#file-attribute-show_diff
[3] http://projects.puppetlabs.com/issues/16412

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/530BBCD2.6080504%40taunusstein.net.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Let puppet configure your monitoring (here: nimsoft)

2014-02-23 Thread Stefan Schulte 
Hi puppet users,

just wanted to know if there are any puppet users who are using nimsoft
as a monitoring tool? We are currently switching to nimsoft at $work and
I noticed that for a proper monitoring configuration I need information
that is already written down in our puppet manifests.

E.g. to correctly set up logfile monitoring I need to know if the server
is running an oralce database and if so I need to know the configured
oracle instances and the location of the alertlog files. Since we
install the oracle software and instances through puppet, puppet already
has all the info.

I created a few custom types to modify the nimsoft agent's configuration
[1] and would love to get some feedback from other nimsoft users or just
share your experience with nimsoft and puppet and how you automate things.

If you use a different monitoring tool: How much is your monitoring
puppetized? Do you configure your monitoring by hand? Is your monitoring
system so smart that it does not need a lot of manual configuration, or
do you use tools like puppet to automatically create configurations?

-Stefan

[1] https://github.com/stschulte/puppet-nimsoft

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/530A6FA6.6070904%40taunusstein.net.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] matching all current "ipaddress_ethX" facts

2013-12-04 Thread Stefan Schulte 
On 21.11.2013 13:32, cko wrote:
> Hi,
> 
> I'm currently trying to solve the following problem:
> 
> I wrote a module that matches the "$ipaddress" fact for certain IP
> subnets (like 20.20.2... or 30.30.2..). Depending on the subnet, the
> variable $proxy-server changes.
> 
> The problem is, that some of our physical machines have a random number
> of interfaces connected to many different subnets. In some cases the
> $ipadddress fact returns the correct subnet, lets call it "production
> server lan" and some don't.
> 
> Is there any way to make puppet check every available NIC for a specific
> subnet/ regex? Something like this:
> 
> if $ipaddress_eth*** =~ /^20\.20\.\..*$/ {
>$proxy-server = foo
> }
> .
> 
> -- 

I'd recommend to write a custom fact that returns your "production
server lan" ipaddress first and then check only that fact against your
regular expression. The custom fact may look like this:


 require 'ipaddr'
 require 'facter/util/ip'

 Facter.add(:ipaddress_production) do
   setcode do
 production_networks = [
   IPAddr.new('20.20.2.0/24'),
   IPAddr.new('30.30.2.0/24')
 ]
 production_ip = nil

 Facter::Util::IP.get_interfaces.each do |interface|
   ip = Facter::Util::IP.get_interface_value(interface, 'ipaddress')
   if production_networks.any? { |network| network.include? ip }
 production_ip = ip
   end
 end
 production_ip
   end
 end

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/529EEEB6.8090601%40taunusstein.net.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Accessing methods of parent provider

2013-07-14 Thread Stefan Schulte 
On 14.07.2013 02:27, Schofield wrote:
> I'm taking some time to refactor a custom provider.  I'm trying to move
> common code into a parent provider so that it can be shared among all
> custom resource providers in the puppet module.  While verifying I can
> call methods in the parent provider I get the following error:
> 
> Error: Could not prefetch jboss7_deployment provider 'jboss7':
> undefined method `echo' for
> Puppet::Type::Jboss7_deployment::ProviderJboss7:Class
> 
> Here are the relevant snippets of code
> 
> class Puppet::Provider::Jboss7 < Puppet::Provider
>   def echo(arg)
> info arg
>   end
> end

so your provider has an instance method "echo" ...

> 
> require 'puppet/provider/jboss7'
> Puppet::Type.type(:jboss7_deployment).provide(:jboss7, :parent =>
> Puppet::Provider::Jboss7) do
>   echo "hello world"
>   ...
> end

.. and here you are calling echo in  a class context that will execute
as soon as the corresponding file is loaded. So depending on your actual
goal you should either only call echo in an instance method

Puppet::Type.type(:jboss7_deployment).provide(:jboss7, :parent =>
Puppet::Provider::Jboss7) do
  def create
echo "I was created"
  end
end

or, if you want to call the `echo` method at class level (e.g.
self.prefetch), define your method as a class method in your parent provider

class Puppet::Provider::Jboss7 < Puppet::Provider
  def self.echo(arg)
info arg
  end
end

Does this make sense?

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] ssh_authorized_key - does not show up in "puppet resource"

2013-07-12 Thread Stefan Schulte 
On 12.07.2013 21:45, Dan White wrote:
> Great answer..
> 
> On the second point -- how to generate an answer -- in
> /etc/ssh/sshd_config is a paramer named AuthorizedKeysFile which
> defaults to
> 
> ~/.ssh/authorized_keys
> 
> That is a starting point !
> 

Yeah you're probably right that you could
- look at the operating system to guess the location of the sshd_config
file (IIRC HP-UX has this file someplace under `/opt`)
- lookup the AuthorizedKeysFile parameter and handle the fact when it is
not explicitly defined
- don't take the path literally, e.g. search for `%h` or `%u`. If a
placeholder was found, query all users/all homedirectories to generate
an array of files

Yep it is possible but I'm not sure there is a usecase worth the effort.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] ssh_authorized_key - does not show up in "puppet resource"

2013-07-12 Thread Stefan Schulte 
On 12.07.2013 20:06, Dan White wrote:
> I am getting into managing user accounts with Puppet - and having a blast ! 
> 
> I stumbled on this and wanted to ask: 
> 
> If I type :   I get:
> puppet resource user  The expected puppet list of all the logins. 
> puppet resource file  Error: Could not run: Listing all file 
> instances is not supported.
>   Please specify a file or directory, e.g. 
> puppet resource file /etc
> puppet resource file /etc/passwd  A puppet resource as I would expect
> 
> HOWEVER !
> If I type "puppet resource ssh_authorized_key"  I get nothing.  No error, no 
> output.  Bupkis !
> 
> I even tried the model of the file resource and tried:
> puppet resource ssh_authorized_key 
> ...and still got nothing.
> 
> Is this expected behavior or what ?

`puppet resource` does only work for a limited set of resource types:
a) there is such a thing as a list of resources (e.g. it does not work
for the exec resource type because you can execute endless combinations
of commands)
b) the list can be generate without any additional information

The first one is obvious I guess. The second one is more important here:
If I ask puppet about users, puppet can get a list pretty easily (in the
end it is like running `getent passwd` on the commandline). If you ask
for a list of ssh keys: How should puppet know where to look for ssh keys?

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Purged packages cause servers to always list as "changed" in Dashboard

2013-07-12 Thread Stefan Schulte 
On 12.07.2013 06:57, Kim Scarborough wrote:
> So I have a module that set several packages to "purged". This generates
> messages like this in the log on every run:
> 
> puppet-agent[27671]: (/Stage[main]/Foo/Package[ghostscript]/ensure) created
> 
> That doesn't bother me in and of itself, but the problem is that those
> messages mark the server as "Changed" in Puppet Dashboard.
> 
> What can I do about this?
> 

Are you running on RedHat (or some other OS that uses yum)? You may hit
https://projects.puppetlabs.com/issues/11450 in this case. Specifying an
ensure state of `absent` should work as a workaround on these platforms.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Force osfamily value

2013-06-10 Thread Stefan Schulte 
On Fri, 7 Jun 2013 07:03:21 -0700 (PDT)
Charly Mathieu  wrote:

> Actually, it doesn't get better. Nice try ^^
> 

What version of facter are you using now? Can you please post the output
of

% facter facterversion operatingsystem osfamily
facterversion => 1.7.0
operatingsystem => Gentoo
osfamily => Gentoo

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] ssh_authorized_key filling /var/log/messages

2013-06-07 Thread Stefan Schulte 
On Mon, 3 Jun 2013 09:15:56 -0700 (PDT)
Marek Dohojda  wrote:

> 
> 
> On Saturday, June 1, 2013 1:59:36 PM UTC-6, Stefan Schulte wrote:
> >
> > On Fri, 31 May 2013 15:56:30 -0700 (PDT) 
> > Marek Dohojda > wrote: 
> >
> > > Having weird issue that I can't seem to find any solution to: 
> > > 
> > > puppet 2.7.21 and 2.6.9 
> > > 
> > > here is my stanza: ssh_authorized_key{ �$name�: 
> > > 
> > >   ensure => present, 
> > >   name => "$name", 
> > >   key => "$key", 
> > >   type => $type, 
> > >   user => "$name", 
> > >   require => File["$myhome/.ssh"] 
> > > 
> > > } 
> >
> > a common pitfall is that name contains spaces (at least trailing
> > spaces should cause issues) or that people specify the key
> > parameter as something like "ssh-rsa  B3NzaC1kc3MAAA" while
> > instead you have to specify "B3NzaC1kc3MAAA" as the key and
> > "ssh-rsa" as the type. 
> >
> > So does `$key` contain any spaces? Does `$name` contain any
> > trailing spaces? 
> >
> > Can you please post one of the entries that is filling up 
> > your /var/log/messages? 
> >
> > -Stefan 
> >
> 
> I wish it was so simple :) I ensured the keys are fine, and there are
> no spaces.
> 
> here is a sample (sanitized)
> (/Stage[main]//::Mkuser[]/Ssh_authorized_key[]/ensure)
>  
> created
> 
> 
> 
> 
>  
> 

So puppet thinks the key is absent otherwise it would not print this
message. But you also do not see duplicate key entries, right?

Without your actual manifest and the file content I can only take
guesses here:

- do you manage the authorized key file in any way besides
  ssh_authorized_key resources? Are you sure you do not have some file
  { 'authorized_key' :ensure => absent} around that would cause puppet
  to delete and recreate the file in every run?
- for security reasons the authorized_key file is modifed as the user
  specified with the `user` parameter. Is this one able to read and
  write to the file? Is `~username/.ssh/authorized_keys` owned by
  the user specified with the `user` parameter?
- do you have the same key in another `authorized_key` file regardless
  if you manage this second key with puppet or not? By the same key, I
  mean an ssh key with the same comment (which puppet mapps to the
  `name` parameter)

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] ssh_authorized_key filling /var/log/messages

2013-06-01 Thread Stefan Schulte 
On Fri, 31 May 2013 15:56:30 -0700 (PDT)
Marek Dohojda  wrote:

> Having weird issue that I can't seem to find any solution to:
> 
> puppet 2.7.21 and 2.6.9
> 
> here is my stanza: ssh_authorized_key{ “$name”:
> 
>   ensure => present,
>   name => "$name",
>   key => "$key",
>   type => $type,
>   user => "$name",
>   require => File["$myhome/.ssh"]
> 
> }

a common pitfall is that name contains spaces (at least trailing spaces
should cause issues) or that people specify the key parameter as
something like "ssh-rsa  B3NzaC1kc3MAAA" while instead you have to
specify "B3NzaC1kc3MAAA" as the key and "ssh-rsa" as the type.

So does `$key` contain any spaces? Does `$name` contain any trailing
spaces?

Can you please post one of the entries that is filling up
your /var/log/messages?

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] ignoring a service that doesn't exist

2013-05-09 Thread Stefan Schulte 
On Thu, 9 May 2013 13:58:45 -0700 (PDT)
John Simpson  wrote:

> I've done the following, it ended up being a bit simpler for me when
> I'm not sure what random services a new CentOS install has installed
> and/or enabled...
> 
>   define no_service ( ) {
> service { "${name}" :
>   ensure => stopped ,
>   enable => false ,
>   status => "stat -t /etc/rc?.d/S??${name} > /dev/null 2>&1" ,
> }
>   }
> 
> You can then declare individual service names, or lists of service
> names, each of which will be disabled and shut down if the service is
> enabled. If a particular service doesn't exist, the puppet agent does
> nothing.
> 
>   no_service { 'ip6tables' : }
>   no_service { [ 'nfslock' , 'portmap' , 'xyzzy' ] : }
> 
> The only caveat is, if a service is disabled (i.e. "chkconfig service
> off") but the service is still running, the puppet agent won't stop
> it. Of course, if you have a service which is normally off and you've
> only enabled it to test something, this could be a good thing...
> 

you should be able to just specify `hasstatus => false`. This way
puppet will check the process list in order to get the current status
and will not run the (absent) initscript to get the status.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: Puppermaster certificate expired

2013-05-09 Thread Stefan Schulte 
On Thu, 9 May 2013 17:10:51 +0200
Lorenzo Salvadorini  wrote:

> 2013/5/9 Nicolai Mollerup 
> 
> > Anyway I think the easy way is to setup some autosigning of clients
> > after creating a new CA.
> > Think you will have to clean the ssl-dir on clients for this to
> > work, though.
> >
> > Since we are going to make a brand new puppetmaster here sometime
> > before our CA expires that will be my approach to make the
> > transition smoother.
> >
> 
> we are exactly at the same point: currently moving our puppetmaster on
> another host, struggling against CA hostname in SSL Certificates and
> thinking how to approach the refresh of all certificates on agents.
> 
> Autosigning for some day could be a good approach for us too, since
> we have our racks with predefined networks IPs and master on amazon,
> so amazon agents can contact master via internal network.
> 
> We already manage agents configuration with a puppet module, do you
> think we can do the SSL substitution with a recipe in puppet itself?
> 

I'd not try to remove ssl certificates during a puppetrun because I
expect that every file resource with a `source` parameter will fail
after that point and the agent would not be able to send the last report
to the old master.

We had a slightly different approach when migrating our agents to a new
master. We run puppet out of cron and the cronentry is also managed by
puppet. Now we have the following simplified puppet::agent class:

# need_migration is mostly calculated by checking the agent's
# version and the current puppetmaster
if $need_migration {
  $cron_command = '/var/lib/puppet/migrate.sh'
}
else {
  $cron_command = '/usr/bin/puppet agent'
}

cron { 'puppet_clientrun':
  command => $cron_command
}

If an agent contacts the old puppetmaster and need_migration evaluates
to false, the agent will replace its cronjob with the migration script,
so in the next interval we run the migration script instead of the
puppet agent.

The migration script updates the puppet software, updates the server
setting in puppet.conf and erases the ssl directory (this is only done
once in case the migrate.sh is executed more than once). The migrate.sh
script will also trigger a normal puppetrun as the last step, so
the puppet agent will create new certificates. The `migrate.sh` keeps
running every hour until someones signes the new certificate request
on the new master. Once the request is signed and the agent is able to
contact the new mater, the $need_migration will evaluate to false and
the migrate.sh in cron is replaced with the normal puppet agent
invocation.

This way we keet the removal of the ssl directory completly outside of
puppet. We can also be sure that hosts that had puppet temporarily
disabled will be instructed to migrate after they contact the (old)
master again.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Having trouble with facter - "invalid argument"

2013-05-09 Thread Stefan Schulte 
On Wed, 8 May 2013 06:49:32 -0700 (PDT)
jcbollinger  wrote:
> Examining the code doesn't reveal any obvious error.  Facter uses
> this:
> 
>   def
> self.read_sysfs_dmi_entries(path="/sys/firmware/dmi/entries/1-0/raw")
> if File.exists?(path) File.read(path)
> end
>   end
> 
> That /sys/firmware/... path does not appear anywhere else in Facter
> that I (and Google) can find. That suggest that either the exists?
> test or the read must be causing the error to be emitted in your
> environment, but it's not clear which, or why.

So I guess the best would be to collect the following output

% ruby --version
% ls -l /sys/firmware/dmi/entries/1-0/raw
% stat /sys/firmware/dmi/entries/1-0/raw
% ruby -e 'puts :ok if File.exists?("/sys/firmware/dmi/entries/1-0/raw")'
% ruby -e 'puts :ok if File.read("/sys/firmware/dmi/entries/1-0/raw")'

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] PuppetDB: SSL problems

2013-05-08 Thread Stefan Schulte 
On Wed, 8 May 2013 07:01:56 -0700 (PDT)
kl.puppetu...@gmail.com wrote:

> 
> Error: Could not retrieve catalog from remote server: Error 400 on
> SERVER: Failed to submit 'replace facts' command for gaia.local
> to PuppetDB at puppetdb.local:8081: SSL_connect SYSCALL returned=5
> errno=0 state=SSLv3 read finished A
> Warning: Not using cache on failed catalog
> Error: Could not retrieve catalog; skipping run
> 

seems to be an issue with OpenJDK7. Reverting to Java6 solved the
problem for a lot of users.

issue is described here: http://projects.puppetlabs.com/issues/19884

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Having trouble with facter - "invalid argument"

2013-05-07 Thread Stefan Schulte 
On Tue, 7 May 2013 13:00:53 -0700 (PDT)
Charlie Brune  wrote:

> [root@hogwarts ~]# facter --debug --timing virtual
> kernel: 2.97ms
> Could not retrieve virtual: Invalid argument - 
> /sys/firmware/dmi/entries/1-0/raw
> virtual: 50.26ms
> lsbdistid: 0.53ms
> value for lsbdistid is still nil
> operatingsystem: 2.00ms
> hardwaremodel: 3.36ms
> architecture: 10.61ms
> virtual: 34.97ms
> physical
> 
> 
> Charlie
> 

Still not sure what is going on here. I guess the "Invalid argument"
is the output of an external command that is failing. So if you
could make the following modification in `util/resolution.rb` (the
exact path may be different on your machine, on mine it
is
`/usr/lib/ruby/gems/1.9.1/gems/facter-1.7.0/lib/facter/util/resolution.rb`)

goto line 171 and change

  
begin
  out = %x{#{code}}.chomp
  [...]

to

begin
  Facter.debug "about to execute #{code}"
  out = %x{#{code}}.chomp
  [...]

if you now run `facter --debug virtual` you should see the exact
external commands facter is executing. This migh be helpful when
finding the root cause of your problem here.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Having trouble with facter - "invalid argument"

2013-05-07 Thread Stefan Schulte 
On Tue, 7 May 2013 10:01:03 -0700 (PDT)
Charlie Brune  wrote:

> I did discover that Puppet appears to be running just fine.  I think
> the problem may be isolated to facter and puppet appears to forgive
> the problem.  8-)
> 
> Here's the output you requested.  (I don't see a trace.)
> 
> [root@hogwarts log]# facter -v
> > 1.7.0
> > [root@hogwarts log]# facter --debug --trace virtual
> > Could not retrieve virtual: Invalid argument - 
> > /sys/firmware/dmi/entries/1-0/raw
> > value for lsbdistid is still nil
> > physical
> > [root@hogwarts log]# 
> >
> >
> 

Ok can you then please run `facter --debug --timing virtual`. This
should give you something like
 
% facter --debug --timing virtual
kernel: 2.94ms
virtual: 0.06ms
virtual: 0.44ms
lsbdistid: 20.66ms
operatingsystem: 22.72ms
hardwaremodel: 2.37ms
architecture: 30.14ms
virtual: 57.26ms
physical

So the `--timing` option has the neat benefit that we see what other
facts facter has to resolve to get to the `virtual` fact. If you
could provide the values for these facts as well I should be able to
follow the actual code path and see where facter may have problems.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Trouble writing authorized_keys2

2013-05-07 Thread Stefan Schulte 
On Tue, 7 May 2013 10:11:44 -0400
Bret Wortman  wrote:

> I've got a situation where a manifest fails when writing one
> particular key for a user. What I have is a manifest that looks like
> this:
> 
> class my::accounts () {
> 
> Ssh_authorized_key {
> ensure => present,
> type => ssh-dss,
> }
> 
> Then, after making sure the user, group, and authorized_keys2 file
> exist:
> 
> ssh_authorized_key { "key-name-1":
> key => "omitted",
> user => "user",
> target => "/home/user/.ssh/authorized_keys2",
> require => File["/home/user/.ssh/authorized_keys2"],
> }
> 
> There's a lengthy series of these -- most of them work, but one will
> fail with this error:
> 
> Error: Puppet::Util::FileType::FileTypeFlat could not write
> /home/user/.ssh/authorized_keys2: Permission denied -
> /home/user/.ssh/authorized_keys2
> Error: /Stage[main]/My::Accounts/Ssh_authorized_key[key-name-8]:
> Could not evaluate: Puppet::Util::FileType::FileTypeFlat could nto
> write /home/xmmgr/.ssh/authorized_keys2: Permission denied -
> /home/user/.ssh/authorized_keys2
> 
> This is not the first nor the last key, and I get around 19 entries
> in the file, so I'm not seeing why this one in particular is failing.
> Structurally, it looks exactly like all the others. Any ideas?
> 
> Thanks!
> 

Do you also see notice messages about changing targets? If a ssh key is
already present in targetA and you specifiy targetB in your manifest,
puppet will try to migrate the key from targetA to targetB. As a result
puppet has to rewrite both targetA (remove the key) and targetB (add
the key) and there is a know bug where puppet tries to write the files
with the wrong user context (hence the Permission denied messages).

So if you see "target change" events, you'll probably hit
http://projects.puppetlabs.com/issues/10850#note-12

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Having trouble with facter - "invalid argument"

2013-05-06 Thread Stefan Schulte 
On Mon, 6 May 2013 10:26:38 -0700 (PDT)
Charlie Brune  wrote:

> I'm trying to install Puppet on a Fedora 17 box.
> 
> The "puppet agent --test" command fails with this error message:
> 
> Could not retrieve virtual: Invalid argument - 
> > /sys/firmware/dmi/entries/1-0/raw
> >
> 
> I get the same error message if I type the command "facter virtual".

can you please provide the output of

facter -v

(this should return the version you are using) and

facter --debug --trace virtual

When running the last command, you'll hopefully see a strack trace
so we can see where the error actually happens.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Retrieve scoped resource defaults from class method in custom type

2013-05-01 Thread Stefan Schulte 
On Tue, 30 Apr 2013 15:37:11 -0700
Ryan Uber  wrote:

> [accidently sent this to puppet-dev, re-posting to puppet-users]
> 
> Hello puppet-users,
> 
> I am working on a module that provides a custom type. The type when
> called will create new resources in the catalog using syntax like:
> 
> Puppet::Type.type(:file).new(:title => 'blah')
> 
> This works fine and the resources are added as expected. However, I am
> unable to apply any scoped defaults to the generated resources. So
> something like:
> 
> File {
>   mode => 0750
> }
> 

were do you generate the resources? Puppet already has a method
"eval_generate" that every type can implement and which has to return
an array of generated resources (that's how puppet generates implicit
file resource when you use `recurse`). These resources are
automatically added to the catalog.

So e.g.

Puppet::Type.newtype(:foo) do
  newparam(:name)
  [...]
  def eval_generate
resources = []
resources << Puppet::Type.type(:file).new(:title => 'blah')
resources
  end
end

I played with it a little bit (wanted to make a proof of concept for
a `dirtree` type that simulates the behaviour of `mkdir -p`) but I hit
problems because autorequirements of generated resources do not seem to
work (e.g. You have File['/foo'] in your puppet manifest and your
custom type generates a resource File['/foo/bar'] there a no automatic
dependencies so File['/foo/bar'] may be applied before File['/foo'] but
maybe I am wrong about that one.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Passenger failing sporadically

2013-04-22 Thread Stefan Schulte 
On Mon, 22 Apr 2013 07:06:50 -0700 (PDT)
Drew Blessing  wrote:

> We're having a very strange issue with Puppet running on Passenger.
> Every day or 2, our clients start receiving Passenger back traces.
> It's the generic "Ruby (Rack) application could not be started."  My
> initial thought was that this is a resource/configuration problem.
> Maybe we're overrunning our resources or need to tune Passenger.
> However, the way we have to temporarily fix it leads me to believe
> it's not related to Passenger configuration or resources issues.
> 
> A simple Apache restart will not fix the issue.  In *every* case the
> fix is to stop Apache, start the puppetmaster service, stop the
> puppetmaster service, and start Apache again.  Any other combination
> will not work.  So there is something significant about what's
> happening when puppetmaster process starts.  Any ideas what could be
> causing our grief?
> 
> Thanks for your help.
> 

If you run puppet through passenger, passenger will start the puppet
master process as the puppet user. This means that if some
files cannot be accessed by the puppet user you'll have a problem.

If you run puppet via `service puppetmaster start`, the
puppetmaster will start as root, makes sure that
`/var/lib/puppet/ssl` and stuff are owned by puppet, and will then drop
priviledges and continue to run as the puppet user.

Do you run the agent on the puppetmaster, too? Then check the logs
(typically syslog) wether the puppet agent performed any changes, or run
your agent from the commandline with `--verbose` and check the console
output.

E.g. I had a problem in the past where the agent pluginsynced some
plugins into `/var/lib/puppet/lib` and set ownership in a way that the
puppetmaster was not able to access the plugins anymore.

Second: When you have the problem the next time, stop apache and then
start the master as `puppet master --no-daemonize --verbose --debug`.
This way you'll hopefully see if the master process "fixes" something
during the startup-as-root-phase (and therefore cannot be fixed if you
start your puppet master under passenger).

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Windows Puppet waits for , then warns "Facter::Util::Resolution.exec with a shell built-in is deprecated"

2013-04-22 Thread Stefan Schulte 
On Mon, 22 Apr 2013 10:08:45 +0200
Dirk Heinrichs  wrote:

> On Mon, Apr 22, 2013 at 12:45:35AM -0700, Paul Tötterman wrote:
> 
> > Shouldn't environment variables be case-insensitive? What code is 
> > responsible for expanding those environment variables?
> 
> This is Windows, so I'd say: "It depends". I can do this:
> 
> C:\Program Files (x86)\Puppet Labs\Puppet\bin>echo %SYSTEMROOT%
> C:\Windows
> 
> C:\Program Files (x86)\Puppet Labs\Puppet\bin>echo %SYSTEMRoot%
> C:\Windows
> 
> But, as seen, expanding %SYSTEMROOT% in %PATH% only seems to work when
> it's all uppercase...
> 

Maybe this does not apply to your case but I once saw a crappy
application that changed the type of the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session
Manager\Environment to REG_SZ (instead of REG_EXPAND_SZ). This way
other environment variables inside PATH (like %SYSTEMROOT%) were not
expanded anymore and it took me ages to discover that one ;-)


-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Windows Puppet waits for , then warns "Facter::Util::Resolution.exec with a shell built-in is deprecated"

2013-04-20 Thread Stefan Schulte 
On Tue, 16 Apr 2013 22:46:53 -0700 (PDT)
Larry Fast  wrote:
> 
> Side issue: diagnostics could have been better.  The error did not
> indicate a source file. And Pluginsync does not indicate the source
> module for any of the files it loads.  Not even in debug mode.
> 

FYI: I created a feature request for a better deprecation message:
http://projects.puppetlabs.com/issues/20321

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Windows Puppet waits for , then warns "Facter::Util::Resolution.exec with a shell built-in is deprecated"

2013-04-20 Thread Stefan Schulte 
On Fri, 19 Apr 2013 13:50:59 +0200
Dirk Heinrichs  wrote:
> I'm facing a similar problem, on one single Windows machine out of
> more than 100. If I run any puppet command, I get above warning.

We'll first try to get a clearer error message. Please go to your facter
installation directory on your agent and modify the file
`util/resolution.rb`. Change

Facter.warnonce 'Using Facter::Util::Resolution.exec with a shell built-in is 
deprecated. Most built-ins can be replaced with native ruby commands. If you 
really have to run a built-in, pass "cmd /c your_builtin" as a command' unless 
expanded_code

to

Facter.warnonce "Using Facter::Util::Resolution.exec with a shell built-in 
(here: #{code}) is deprecated. Most built-ins can be replaced with native ruby 
commands. If you really have to run a built-in, pass \"cmd /c your_builtin\" as 
a command" unless expanded_code

Then run your agent again. This way you should see the command that
puppet complains about.

> Additionally, it can't execute the following simple class to update
> the puppet.conf file:
> 
> class puppetconf {
>   service { 'PuppetAgent':
> name => 'puppet',
> ensure => 'running',
> enable => 'true',
> subscribe => File['puppet.conf'],
>   }
> 
>   file { 'puppet.conf':
> path => 'C:/ProgramData/PuppetLabs/puppet/etc/puppet.conf',
> ensure => file,
> source => 'puppet:///modules/puppetconf/puppet.conf',
>   }
> }
> 
> It fails with the following error:
> 
> Error: /Service[PuppetAgent]: Could not evaluate: Could not find init
> script for 'puppet'

Can you provide the output of your agent when you run with `--debug`?
This way we should be able to see the actual provider the agent picks
for the service resource.

Also the output of the following command would be helpful

facter operatingsystem

the above command should return "windows"

net.exe

the above command should be found. If not please check your path
(try running `facter path`)

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: Puppet and OVO/ITO/OML

2013-04-08 Thread Stefan Schulte 
On Sun, 7 Apr 2013 02:16:07 -0700 (PDT)
ro...@liveperson.com wrote:

> Thanks for all the information Stefan!
> I'd be happy to see the module you're using if it's possible.
> 
> Roee.
> 

Ok so I have a hpoml::client class to include at node level. It
basically consists of a hpoml::user class where I define the `opc_op`
User and the `opcgrp` group (to have consistent uid and gid across
machines) and the class hpoml::client::package. I guess I can share
that one:

class hpoml::client::package ($server = 'your_master_server', $minversion = 
'11.11.025') {

  if ! ($::operatingsystem in [ 'Solaris', 'RedHat' ]) {
fail "operatingsystem ${::operatingsystem} is currently not supported. Must 
be one of Solaris, RedHat"
  }

  $installer = '/some/nas/share/Agt_11.11.x/oainstall.sh'
  $install_arguments = '-install -agent -includeupdates -defer_configure'
  $update_arguments = '-install -agent -includeupdates'

  exec { 'Install_OML':
command  => "${installer} ${install_arguments}",
creates  => [
  '/opt/OV/bin/ovc',
  '/opt/OV/bin/ovconfget',
],
timeout  => '1800',  # 30 minutes
  }

  exec { 'Configure_OML':
command => '/opt/OV/bin/OpC/install/oainstall.sh -configure -agent',
creates => [
  '/var/opt/OV/installation/inventory/HPOvAgtLc.xml',
  '/var/opt/OV/installation/inventory/HPOvBbc.xml',
  '/var/opt/OV/installation/inventory/HPOvConf.xml',
  '/var/opt/OV/installation/inventory/HPOvCtrl.xml',
  '/var/opt/OV/installation/inventory/HPOvDepl.xml',
  '/var/opt/OV/installation/inventory/HPOvEaAgt.xml',
  '/var/opt/OV/installation/inventory/HPOvGlanc.xml',
  '/var/opt/OV/installation/inventory/HPOvPacc.xml',
  '/var/opt/OV/installation/inventory/HPOvPerfAgt.xml',
  '/var/opt/OV/installation/inventory/HPOvPerfMI.xml',
  '/var/opt/OV/installation/inventory/HPOvPerlA.xml',
  '/var/opt/OV/installation/inventory/HPOvSecCC.xml',
  '/var/opt/OV/installation/inventory/HPOvSecCo.xml',
  '/var/opt/OV/installation/inventory/HPOvXpl.xml',
  '/var/opt/OV/installation/inventory/Operations-agent.xml',
],
require => Exec['Install_OML'],
  }

  exec { 'Activate_OML':
command => "/opt/OV/bin/OpC/install/opcactivate -srv ${server} -cert_srv 
${server}",
unless  => "/opt/OV/bin/ovconfget sec.core.auth MANAGER | /bin/grep 
${server}",
require => Exec['Configure_OML'],
  }

  # only patch if ovo is already installed and if the current version
  # is below the minversion. We do not downgrade.
  if $::opcagtversion and versioncmp($::opcagtversion, $minversion) < 0 {
exec { 'Patch_OML':
  command => "${installer} ${update_arguments}",
  timeout => '1800',  # 30 minutes
  require => Exec['Install_OML'],
}
  }
}

works pretty well. If we get a new version I try the installer by hand
a couple of times (the class does not downgrade, only upgrade). If it
does not fail I bump the $minversion default parameter and puppet will
patch all my systems.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Flush provider - Differentiating between new resource and modification?

2013-04-06 Thread Stefan Schulte 
On Fri, 5 Apr 2013 00:57:32 -0700 (PDT)
Gavin Williams  wrote:

> Morning all
> 
> I'm working on converting some of my NetApp providers to
> prefetch/flush style to try and optimize performance. 
> 
> I've hit an issue on my Netapp_user provider, around handling
> resource creation versus resource modification? 
> What's the easiest way to differentiate? 
> 
> Current code is here: 
> https://github.com/fatmcgav/fatmcgav-netapp/commit/66092978f4182c5474a60011db99ee2e3e12e689
> 
> Any tips appreciated. 
> 
> Regards
> Gavin 
> 

There is no way to check *why* the flush method was called, you just now
that at least one property has been updated. You do not see if `ensure`
updated or let's say `passmaxage`. Does this actually cause problems?

One thing I've spotted is that your create method does update the
@property_hash[:ensure] value but no other value. This seems to be
wrong because if the resource was absent before, @property_hash is
initally an empty hash. Because when `ensure` changes no other
properties are synced you don't have the desired values of all the other
properties available in the `flush` method. So your `create` method
should propably look like

def create
  resource.class.validproperties.each do |property|
if value = resource.should(property)
  @property_hash[property] = value
end
  end
end

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: Puppet and OVO/ITO/OML

2013-04-06 Thread Stefan Schulte 
On Thu, 4 Apr 2013 02:29:51 -0700 (PDT)
ro...@liveperson.com wrote:

> Hi Stefan,
> I know it's an old post, but I'll be happy to hear more about how
> you're doing the agent installations with puppet, and maybe even get
> some code from you if it's possible. :)
> Is there an option to contact you?
> 

You can contact me by mail or just replying on this list. The
repository https://github.com/stschulte/puppet-hpom is still up if you
are interested in custom types. I'm happy to merge in pull request, too.

About the installation itself:

I do not have the code around right now but I install the agent with an
exec resource from a NAS share (something along oainstall.sh -i -a
-includeupdates -defer_configure). The same is true for configuration
(oainstall.sh -c -a -s $server) and activation (If you have a lot of
updates and hotfixes, doing the installation and configuration in
seperate steps will be a *a lot* faster)

I also have an if clause to check the custom fact opcagtversion against
the desired version (with the versioncmp function) and trigger another
exec to update the agent if necessary.

If you want a more concrete example I'll check the module at
work and will see what I can actually make public.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] facter fact within a custom provider

2013-03-22 Thread Stefan Schulte 
On Fri, 22 Mar 2013 10:29:22 -0700 (PDT)
Jist Anidiot  wrote:

> I have a custom package provider.  However within the ruby code, I
> need access a custom facter fact (which has the path to the
> executable which handles the package installation). 
> 
> I tried doing lookupvar('bin_path' ) but it complained "undefined
> method `lookupvar'"
> 
> So how do I reference a facter fact from within a custom provider?
> 
> Thanks in advance.  
> 

to get the value of a fact (no matter if it is a custom fact or a
buildin fact) use `my_path = Facter.value(:bin_path)`

-Stefan


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: Custom ensure instead of ensurable in type provider

2013-03-15 Thread Stefan Schulte 
On Wed, 13 Mar 2013 09:00:18 -0700 (PDT)
jcbollinger  wrote:
> Your problem is that you are conflating distinct (for your purposes) 
> aspects of your resource's state.  If you care at times whether the 
> variable is declared at all or not, and at other times what its value
> is, then those should be separate properties.  Your resource
> declarations will then look like this:
> 
> env_var { 'AWESOMENESS':
>   value => 'meh',
>   # optional:
>   ensure => present
> }
> 
> or
> 
> env_var { 'AWESOMENESS':
>   ensure => absent
> }
> 
> 
> John
> 

I tend to disagree here. If the presence of an environment variable
inherently means that it has a value and the absence of a value
inherently means that the resource is absent I don't see the point in
having two properties.

I'd suggest to not use ensurable and define the ensure property
yourself:

in your type:

newproperty(:ensure) do
  newvalues :absent
  newvalues /.*/ # or whatever is valid for a value
end

in your provider, drop exists?, create and destroy and use

def ensure
  if value = get_environment_variable(resource[:name])
value
  else
:absent
  end
end

def ensure=(new_value)
  if new_value == :absent
destroy_environment_variable(resource[:name])
  else
set_environment_variable(resource[:name], new_value)
  end
end

you can then either specify

env_var { 'TMP':
  ensure => 'C:\TEMP'
}

or
env_var { 'TMP':
  ensure => absent,
}

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Sometimes getting 'undef' in template

2013-01-06 Thread Stefan Schulte 
On Sun, Jan 06, 2013 at 08:54:23AM -0500, Brian Lalor wrote:
> Morning, all.  I've got a problem with a custom class and template that has 
> me stumped.  I've created the following class:
> 
> class graphite::carbon(
> $cache_port = 2003,
> $cache_enable_udp = false,
> $cache_udp_port = $cache_port,
> ) {
> package {'carbon': }
> 
> file {'/etc/carbon/carbon.conf':
> content => template("graphite/carbon.conf.erb"),
> 
> require => Package['carbon'],
> notify  => Service['carbon-cache'],
> }
> 
> service {'carbon-cache':
> enable  => true,
> ensure  => running,
> 
> require => Package['carbon'],
> }
> }
> 
> carbon.conf.erb contains this:
> 
> UDP_RECEIVER_PORT = <%= cache_udp_port %>
> 
> And I use the class like this:
> 
> class {'graphite::carbon': }
> 
> The problem I'm having is that, without making any changes *AT ALL* 
> UDP_RECEIVER_PORT will sometimes have the default port of "2003" and other 
> times "undef".  This is with Puppet 2.7.17 in standalone mode.
> 
> Am I doing something wrong with the definition of cache_udp_port?  I want it 
> to default to the value provided for cache_port, which defaults to 2003.
> 
> Thanks,
> Brian
> 

No you are doing nothing wrong except that variable interpolation is
random so you get random results if the default value of parameterA
depends on the value of parameterB.

This has been accepted as a bug so you may want to watch
http://projects.puppetlabs.com/issues/9848

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] expiry attribut of users applied every time

2012-12-12 Thread Stefan Schulte 
On Wed, Dec 12, 2012 at 04:19:17AM -0800, digrouz wrote:
> Hello,
> 
> Any updates when the fix will be implemented?
> 
> 

Hi digrouz,

I am currently assigned to the ticket
http://projects.puppetlabs.com/issues/11675 and have done some work
already. The problem is that I first have to improve the test coverage
to do any real changes so it is more work than I had expected.

I hope I'll have a pull request ready around christmas.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] /etc/ssh/ssh_known_hosts not world readable when using sshkey resource

2012-12-02 Thread Stefan Schulte 
On Sat, Dec 01, 2012 at 09:58:43AM -0800, Yanis Guenane wrote:
> When I apply a sshkey resource I do obtain the /etc/ssh/ssh_known_hosts 
> file, but it is not world reable.
> 
> According to the ssh man page,
> 
>  /etc/ssh/ssh_known_hosts
> >  Systemwide list of known host keys.  This file should be 
> > prepared by the system administrator to contain the public host keys of all 
> > machines in the organization.  It should be world-readable.  See sshd(8) 
> > for further details of the format of this file.
> >
> 
> Is there any specific reason why when Puppet generates it it is only user 
> (root) Readable and Writable ? Security maybe ?
> 

No it is a bug http://projects.puppetlabs.com/issues/2014 that happens
when the file was not present before and the sshkey provider needs to
create it first.

You can use a file resource to actually set the correct permissions,
like

file { '/etc/ssh/ssh_known_hosts':
  ensure => file,
  owner  => 'root',
  group  => 'root',
  mode   => '0644',
}

Now the owner/group/mode are controlled with your file resource while
the actual content is controlled by your sshkey resources.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Puppet & Oracle Database config management

2012-11-23 Thread Stefan Schulte 
On Thu, Nov 22, 2012 at 04:18:02AM -0800, Gavin Williams wrote:
> Ok, I've come back to this functionality, and need to move it along... 
> 
> My challenge now is how I can use the oratab resource to trigger other 
> actions... 
> 
> So if oratab creates a new entry in /etc/oratab, then I want to ideally 
> call a define which will go away and create the require directory 
> structure, mount NFS volumes and add details to fstab... 
> 
> Any ideas???
> 
> Cheers
> Gavin 

Why do you need the resource to "trigger" anything? I guess you are
already using puppet to define your instances so you can do something
like

define oracle::instance($home, ...) {

  # some instance specific subdirectory
  file { "/u01/app/oracle/admin/${name}":
ensure => directory}
  }

  # some instance specific mount
  mount { ...${name}:
ensure => mounted,
  }

  file { "responsefile_for_${name}":
ensure  => file,
content => template("responsefile.cfg.erb",
  }

  exec { "install_db_${name}"
command => 
'some_wrapperscript_around_dbca_to_install_instance_with_responsefile',
creates => 'some_flagfile_the_wrapperscript_creates_on_success',
require => File["responsefile_for_${name}"],
  }

  oratab { $name:
ensure => present,
home   => $home,
atboot => yes,
  }
}

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Puppet & Oracle Database config management

2012-11-02 Thread Stefan Schulte 
On Fri, Nov 02, 2012 at 07:23:54AM -0700, Gavin Williams wrote:
> Afternoon all... 
> 
> I've started looking at coding this into our framework now, and have hit a 
> possible stumbling block... 
> 
> Currently, I've got a fact that reads out the configured Oracle SIDs in 
> /etc/oratab and sticks that into an 'oracle_sids' fact. 
> I've also got a Property (oracle_required_sids) against the host in Foreman 
> which contains a comma separated lists of SIDs that *should* be configured 
> on the host. 
> 
> What I want to do is compare those 2 lists, and action any changes... So if 
> there's a SID in the oracle_required_sids var that isn't in oracle_sids, 
> then it should be created. If there's a SID in the oracle_sids var that 
> isnt in oracle_required_sids, then it should be removed... 
> I've established that Looping isn't something that Puppet currently 
> handles, so I'm looking for an alternative method... 
> 
> Any ideas??? 
> 
> Cheers
> Gavin 

You can use the oratab type from https://github.com/stschulte/puppet-oracle
to describe the entries you do want (this assumes every instance has the same
ORACLE_HOME):

$instances = split($oracle_required_sids, ',')
oratab { $instances:
  ensure => present,
  home   => '/u01/app/oracle/product/10.1.0/db_1',
  atboot => yes,
}

This will make sure the instances are present in the oratab file. This
will not remove unmanaged entries. But you can use the resources type do
that:

resources { 'oratab':
  purge => true
}

You don't even need your oracle_sids fact that way.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Have Class Only Perform Actions When There Is Work To Do (i.e. Making Them Idempotent)

2012-10-26 Thread Stefan Schulte 
On Fri, Oct 26, 2012 at 06:55:32AM -0700, Dave Mankoff wrote:
> Howdy. I feel like I am missing something really simply with regards to the 
> way that Puppet works and I am wondering if someone can point me in the 
> write direction.
> 
> I have written a class that downloads, uncompresses, compiles, and installs 
> Python from source. So far so good. The problem is that it only needs to do 
> this once, when Python is not already in place (or some other custom 
> indicator of the Python version). I have my 3 calls to exec doing their 
> checks just fine, but my calls to wget::fetch and archive::untar both fire 
> during every apply. Specifically, archive::untar takes about 30 seconds to 
> run and I'd prefer it if it only ran conditionally. 
> 
> What is the best way to make sure that this code:
> 
>   wget::fetch { "python-${version}":
> source => 
> "http://python.org/ftp/python/${version}/Python-${version}.tgz";,
> destination => "/tmp/Python-${version}.tgz",
>   }
> 
>   archive::untar {"/tmp/python-${version}":
> source => "/tmp/Python-${version}.tgz",
> compression => 'gz',
> rootdir => "Python-${version}",
> require => Wget::Fetch["python-${version}"],
>   }
> 
> only runs when some condition is met? I can easily put a custom file in 
> place to look for, but how do I make these commands dependent on its 
> absence? I tried making such a file and subscribing to it, but these 
> commands still ran each time.
> 

You don't tell us how wget::fetch is implemented so I can only guess
that there is an exec resource in there? The wget::fetch resource is
*always* evaluated so you have to make sure that the exec resource inside
does not do anything (the exec resource has a `creates` parameter you
can point to a file. If this file is present the command specified by
the `command´ parameter will not run).

Is there a reason why you do not install python as a package or build a
package your own?

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] OperatingSystem fact for Oracle Linux?

2012-10-26 Thread Stefan Schulte 
On Fri, Oct 26, 2012 at 02:19:25AM -0700, Gavin Williams wrote:
> Morning all
> 
> Not sure on the best place to raise this, so thought I'd start here... 
> 
> I'm starting to work with Puppet and Oracle Linux 6.1. 
> Unfortunately I'm finding a lot of existing modules aren't working with OL 
> 6.1, because they're coded to expect an operatingsystem fact of oel. 
> However at OL 6, the operatingsystem fact is now OracleLinux. 
> 
> Any ideas on where this issue should go?
> 
> Cheers
> Gavin  

Do you mean core functionalities of puppet or modules from the forge or
elsewhere from the net?

If you think that there should not be a difference between
"OracleLinux", "OVS" and "OEL" (I don't even know what they stand for)
you might comment on http://projects.puppetlabs.com/issues/9178 that
introduced the OracleLinux fact or raise an issue.

If there is a coretype that does not work for you also create a ticket
on redmine. Most providers for example that will run on all RedHatish
versions should not confine on operartingsystem but on osfamily.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Trouble adding a user to a group

2012-10-26 Thread Stefan Schulte 
On Thu, Oct 25, 2012 at 05:11:34PM -0700, Ben McCann wrote:
> Definitely seems like a bug.  I added the Puppet Ubuntu repo and upgraded 
> to puppet 3.0.1 and it works now.  I'm not going to bother filing it since 
> it seems like it's since been fixed.
> 
> 

One question though: Do any of the groups you want to assign have the
same gid?

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Trouble adding a user to a group

2012-10-25 Thread Stefan Schulte 
On Thu, Oct 25, 2012 at 04:34:26PM -0700, Ben McCann wrote:
> Yes, I am realizing it:
>   Users::Virtual::Localuser <| gid == users |>
> 
> If I go onto the host and delete the user (sudo userdel myuser) then puppet
> will create a new user and that user will be a member of all the groups I
> desire:
> notice:
> /Stage[main]/Users/Users::Virtual::Localuser[myuser]/User[myuser]/ensure:
> created
> notice: Finished catalog run in 0.43 second
> 
> However, if I delete the user from the group (sudo gpasswd -d myuser
> mygroup) and rerun then puppet does not re-add the group membership:
> notice: Finished catalog run in 0.34 seconds
> 
> This seems like a bug in puppet perhaps?
> 
> Thanks,
> Ben

Are you sure you have not defined the user resource a second time in
another location? Because

  Users::Virtual::Localuser <| gid == users |>

will realize nothing because your localuser define does not have a gid
parameter (the user resource inside the define does, but that does not
matter here).

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet & Oracle Database config management

2012-10-24 Thread Stefan Schulte 
On Wed, Oct 24, 2012 at 03:03:28PM +0100, fatmcgav wrote:
> Afternoon all.
> 
> I've been reading around on Puppet and Oracle, and have come up with a few
> links that suggest how to get Oracle installed and base configured, which
> has got me started in the right direction on that.
> 
> My next challenge is maintaining Oracle database specific configuration on
> the relevant hosts. This contains various elements, such as /etc/oratab,
> /etc/oranfstab (as we're using dNFS), various NFS mounts required for a
> given database, and a few other bits and pieces...
> Ideally, it would be a 1-to-1 relationship between a given host and a given
> DB. However that's unlikely in our env - We're more likely to have 1 or
> multiple databases on a given host, which all need to be maintained.
> 
> My initial thoughts are to use something like hiera to maintain this
> configuration data.
> Is this my best approach? Any other suggestions? Anyone doing this for
> real?
> 
> Basically, any info/pointers you give me is greatly appreciated.
> 
> Regards
> Gavin
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
> 

A collegue of mine wrote an oracle::server class that makes sure
directories, users, groups and NFS mounts are in place. The class will
also install oracle itself with an exec resource (silent install). The
exec resource will not run the installer directly but will launch a
wrapperscript. It basically looks like

exec { 'Install_Oracle':
  command => "/path/to/nas/share/install_oracle${version}.sh",
  creates => "/u01/some/path/log/install_oracle${version}.done.log",
}

The wrapper script will launch a slient install and will create the
.done.log file afterwards. This was in our opinion the best way to keep
puppet from installing the software in each puppet run. The
oracle::server class does nothing that is related to a specific
instance.

We then have an oracle::instance define that installs instance related
files. The define has a similar exec resource that can install a single
instance (I guess the command is dbca or similar).

To manage oratab entries we use a custom type I've written:
https://github.com/stschulte/puppet-oracle

We do not use hiera to store instance related data (instance name,
charset, homedirectory) we use parameterized classes (oracle::server) and
defines (oracle::instance) with parameters at node level in site.pp

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Glassfish custom provider and 'file does not exist'

2012-10-24 Thread Stefan Schulte 
On Wed, Oct 24, 2012 at 03:38:20AM -0700, Gavin Williams wrote:
> Ok, I've gone about it a slightly different way now, and have stripped the 
> 'commands' argument from the domain function provider, and am trying to 
> validate the presence of asadmin at the main asadmin.rb level. 
> 
> I've created an 'exists?' definition, but it doesn't appear to be getting 
> called. Any ideas how I can force it to be called prior to attempting to 
> execute asadmin? 
> 
> Latest code commit has been pushed to github, available here: 
> https://github.com/fatmcgav/puppet-glassfish/commit/429f9e8e1d08e99c69d8ffdcb3043648af5fa18a
> 
> Any comments welcome. 
> 
> Regards
> Gavin 

Your exists? method in puppet/provider/domain/el.rb overwrites the
exists? method in puppet/provider/asadmin.rb. I don't know if you get
problems when you have an el.rb file but you define an asadmin provider
here. This may create classname clashes with the asadmin provider defined in
provider/asadmin.rb

The exists? method in asadmin.rb is not going to work because `commands`
is a class method while `exists` is an instance method. It does make no
sense to call `commands` inside an instance method.

What exactly are you trying to archive anyhow? If the excutable is not in
PATH how should your provider work? The best approach in my opinion
is to always specify the full path to the executable. If you want your
provider considered suitable even if commands are missing, you can use

  optional_commands :asadmin => 'binary_that_may_be_absent'

If you want the user to supply the path to the binary via a resource
parameter then you cannot realize this at a class level but at an
instance level. That beeing said, you cannot define your executables
with use the `commands` method.

To execute something you can use the execute method. You then have to
do something like.

  output = execute([resource[:asadmin_binary], "arg1", "arg2"])

-Stefan

> 
> On Wednesday, 26 September 2012 17:01:47 UTC+1, Gavin Williams wrote:
> >
> > Hi there, 
> >
> > I'm trying to setup Glassfish config management using puppet. 
> > I've found larstobi's module here 
> > which I've cloned and am 
> > starting to tweak, as it would appear that the mentioned module is based on 
> > Solaris, therefore I'm starting to add support for EL. My code tree is 
> > here .
> >
> > The challenge I'm hitting currently is that upon executing, it's failing 
> > with 
> >
> >> *err: Could not find a suitable provider for domain*
> >>
> >
> > When running at debug level, I can see the following:
> >
> >> *debug: Puppet::Type::Domain::ProviderAsadmin: file asadmin does not 
> >> exist
> >> debug: Class[Glassfish::Domain]: The container Stage[main] will propagate 
> >> my refresh event
> >> err: Could not find a suitable provider for domain
> >> *
> >
> >
> > I've verified that the asadmin file exists, as follows:
> >
> >> *notice: /Stage[main]/Glassfish::Domain/Notify[gfdomain]/message: 
> >> defined 'message' as 'Creating Glassfish domain cms using portbase 9000.
> >>  Asadmin file is: /usr/local/glassfish-3.1.2/bin/asadmin.'*
> >>
> >
> > *# file /usr/local/glassfish-3.1.2/bin/asadmin
> >> /usr/local/glassfish-3.1.2/bin/asadmin: POSIX shell script text executable
> >> *
> >>
> >
> > So the file definitely exists, and is a valid 'asadmin' file. 
> >
> > Any ideas? 
> >
> > Cheers
> > Gavin 
> >
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To view this discussion on the web visit 
> https://groups.google.com/d/msg/puppet-users/-/_pJvxmzaEmUJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
> 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Failed to set group to '0': Operation not permitted

2012-10-23 Thread Stefan Schulte 
On Mon, Oct 22, 2012 at 03:05:40PM -0700, jcbollinger wrote:
> I'm not sure why that inherently means you don't have root, but whatever.
> 
> So, supposing the issue is with 
> File["/home/user/rabbitmq-server-generic-unix-2.8.7.tar.gz"], it's not 
> immediately clear to me whether Puppet's behavior is correct here.  It 
> seems to be defaulting the target group to 0 (since you don't specify a 
> group, that has to be coming in as a default).  That's not documented 
> behavior, but it may still be intentional.  On the other hand, it is usual 
> for the agent to run as root, which would mask this behavior.  I would 
> suggest that you file a ticket.
> 

If you do not specify owner/group/mode and you don't have a global
default and the file needs to be created, it will be created with
owner/group/mode of the source file. This can of course fail if the
agent is not run as root.

FWIW there was a discussion about the current behaviour quite a while
ago, but the last comment is over a year old now:
http://projects.puppetlabs.com/issues/5240

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] custom type with array property?

2012-10-22 Thread Stefan Schulte 
On Mon, Oct 22, 2012 at 10:53:44PM +0200, Jakov Sosic wrote:
> On 10/21/2012 10:43 PM, Nan Liu wrote:
> 
> > Puppet::Type.newtype(:customtype) do
> >   newproperty(:myarray, array_matching => :all) do
> >   end
> > end
> 
> Thank you!
> 
> Although you have syntax error, it should be:
> 
>  newproperty(:myarray, :array_matching => :all) do
> 
> Note the collon in front of array_matching.
> 
> 
> Also, what I did notice is that this code:
> 
>   newproperty(:nameservers, :array_matching => :all) do
> desc "list of nameservers"
> defaultto []
>   end
> 
> Doesn't revert to default if I remove the 'nameservers' property from my
> manifest.
> 
> I had to overload insync? for it to work, and now type looks like this:
> 
>   newproperty(:nameservers, :array_matching => :all) do
> desc "list of nameservers added to profile"
> defaultto []
> def insync?(is)
>   # if members of arrays are not the same, something
>   # was added or removed from manifest, so return false
>   return false unless is == should
>   true
> end
>   end
> 
> 
> Although I don't get it because I didn't do anything special in the
> overloaded insync? :) And without it won't work. It won't work even if I
> set:
> 
>  nameservers => []
> 
> in my manifest.
> 
> But never mind, I got it working so I'm satisfied so far.

Yeah I also consider this a bug. There is a ticket for the issue though
http://projects.puppetlabs.com/issues/10237

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Systems Provisioning

2012-10-15 Thread Stefan Schulte 
On Mon, Oct 15, 2012 at 08:18:36PM +0200, Jakov Sosic wrote:
> On 10/15/2012 07:23 PM, Stefan Schulte wrote:
> 
> > The fact that your exists? method does not really answer the question if
> > a resource is present or absent is a bit strange. And inside the create
> > method you are basically reimplementing properties with parameters. If
> > something has to be checked for correctness it should be a property.
> > Otherwise it is a parameter. Like the service resource: enable is a
> > property because it can be out of sync. hasstatus is a parameter because
> > it cannot be out of sync but only changes the behaviour of the provider
> 
> OK, I've figured that out through this conversation...
> 
> Now this is somewhat fixed code:
> 
> http://pastebin.com/q0TBX4KB
> 
> I've moved some params to properties.
> 
> 
> > Your main concern against properties if I got you correctly was about
> > speed because puppet would run one query for each property. One way around
> > that is to implement a query method that will query all properties at once
> > and store them in a hash (@property_hash). Every get-method now check
> > if @property_hash[:some_property] does already exist and return that
> > value if it does or run the query method that would populate the
> > @property_hash hash.
> 
> That sounds interesting, and more important it seems to me that complete
> rewrite is not necessary in this case. Do you have some examples of this
> idea?
> 
> 
> > Another speed improvement is to implement an `instances` and `prefetch`
> > method. That has the benefit that puppet does "react" on such methods
> > if they are implemented:
> > 
> > * you are able to run "puppet resource cobblersystem" on the command
> >   line to get the current configuration of all systems (that depends on
> >   an instances classmethod)
> > * you can use the resources type to purge unmanaged systems
> > 
> > resources { 'cobblersystem':
> >   purge => true
> > }
> > * the prefetch method is automatically called by puppet if implemented
> >   to create provider instances
> > * your get methods become trivial
> 
> Wow, sounds very interesting.
> 
> I would plea for possible examples :)

The instances method is a class method and has to return an array of
providers. So this often looks like this

def self.instances
  systems = []
  my_fancy_command.each_line do |line|
somehow_split_line_into_different_fields_like_name_and_interfaces
systems << new(
  :name   => name,
  :interfaces => interfaces,
  :ensure => :present
)
  end
  systems
end

One important thing: If you create a new provider instance you can pass
a hash (like I did in new(:name => name, :interfaces => interface)) and
this hash is stored in the member variable @property_hash of that new
provider.

An example of a simple instances method:
https://github.com/stschulte/puppet-rpmkey/blob/master/lib/puppet/provider/rpmkey/rpm.rb

The rpmkey type can make sure that a certain gpg key is imported into
rpm. To get the currently installed keys the provider runs

rpm -q gpg-key

This command can either return with a non zero exit code (no packages
found) in case we have zero keys or it will print one line per key.
For each line a provider instance is added to the array that is finally
returned.

prefetch:
The prefetch method is called by puppet for each providerclass that
implements such a method (see lib/puppet/transaction.rb#prefetch). The
prefetch method is called with a hash of every resource that is defined
in the user's manifest (=every resource puppet should manage). The
hash will have the form resource[:name] as a key and resource as the
value. What the prefetch method can do now is create provider instances
and bind the provider instances to resources. A common prefetch method
that is also shown in the rpm provider for rpmkey:

def self.prefetch(resources)
  instances.each do |prov|
if resource = resources[prov.name]
  resource.provider = prov
end
  end
end

The prefetch method first calls instances that will return a list of
every key that is currently present. Then I check if that key is also
managed by puppet. If the lookup succeeds (the key is indeed managed by
puppet), I'll bind the provider to the resource. At this point the provider
instance already has @property_hash[:ensure] set, so when puppet later
handles the different rpmkey resources and asks exists? I can simply
return the cached value.

def exists?
  get(:ensure) != :absent
end

Note: get(:ensure) is implemented in lib/provider.rb as

def get(param)
  @property

Re: [Puppet Users] Systems Provisioning

2012-10-15 Thread Stefan Schulte 
On Mon, Oct 15, 2012 at 01:09:09PM +0200, Jakov Sosic wrote:
> On 10/15/2012 09:13 AM, Stefan Schulte wrote:
> 
> > Is it possible to run a command to get all the desired information about
> > every systems at once? This way you can implement a prefetch pattern.
> > Basically you create provider instances for each system at once and
> > write the current values in the @property_hash hash. Then your get methods
> > just return the cached value which scales pretty well.
> 
> 
> Yes it is possible to get all systems at once. It's what the XMLRPC call
> does:
> 
>xmlrpcresult = cobblerserver.call("get_systems")
> 
> I already do that, but I select only one system, examine the hash, and
> if I notice differences from current puppet settings, approach to
> running CLI commands editing that system.
> 
> Your idea would require top to bottom rewrite of provider, and I don't
> have currently time for it... also, what are the benefits?
> 
> Currently I am planning to change params to properties (every param that
> is not needed for creation of system can be managed as property - it's
> more native way as I figured it out now).
> 

The fact that your exists? method does not really answer the question if
a resource is present or absent is a bit strange. And inside the create
method you are basically reimplementing properties with parameters. If
something has to be checked for correctness it should be a property.
Otherwise it is a parameter. Like the service resource: enable is a
property because it can be out of sync. hasstatus is a parameter because
it cannot be out of sync but only changes the behaviour of the provider

Your main concern against properties if I got you correctly was about
speed because puppet would run one query for each property. One way around
that is to implement a query method that will query all properties at once
and store them in a hash (@property_hash). Every get-method now check
if @property_hash[:some_property] does already exist and return that
value if it does or run the query method that would populate the
@property_hash hash.

Another speed improvement is to implement an `instances` and `prefetch`
method. That has the benefit that puppet does "react" on such methods
if they are implemented:

* you are able to run "puppet resource cobblersystem" on the command
  line to get the current configuration of all systems (that depends on
  an instances classmethod)
* you can use the resources type to purge unmanaged systems

resources { 'cobblersystem':
  purge => true
}
* the prefetch method is automatically called by puppet if implemented
  to create provider instances
* your get methods become trivial

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Systems Provisioning

2012-10-15 Thread Stefan Schulte 
On Sun, Oct 14, 2012 at 04:20:09PM +0200, Jakov Sosic wrote:
> On 10/14/2012 03:01 PM, Stefan Schulte wrote:
> > If you use "ensurable", puppet will expect the provider to have an
> > exists? method and if that returns true your create method will not be
> > called so you do not have to check the existance in the create method
> > again.
> 
> But then I would have to change all params to properties and add 
> appropriate methods to provider, but that would both slow it down and 
> complicate it more... I don't know if it's worth it just for the sake of 
> log message stating "property changed from A to B" instead of 
> "cobblersystem created" on every param change.
> 

Is it possible to run a command to get all the desired information about
every systems at once? This way you can implement a prefetch pattern.
Basically you create provider instances for each system at once and
write the current values in the @property_hash hash. Then your get methods
just return the cached value which scales pretty well.
> 
> > If adding interfaces to a new host is exactly the same as changing
> > interfaces of an already existing host you can call
> >
> >  interface = resource[:interface] if resoure[:interface]
> 
> I'll try that.
> 
> 
> > Is your provider dealing with files or does it execute commands? When
> > dealing with files I find it is often easier to do all the work in the
> > flush method (which is only called if it is implemented by the provider)
> > and the other set methods are only updating the @property_hash hash.
> >
> > So if you want to share your provider code I am always interested ;-)
> 
> Offcourse, I have nothing to hide. Here's the current code:
> 
> http://pastebin.com/f7GFU2qp
> 
> 
> 
> -- 
> Jakov Sosic
> www.srce.unizg.hr
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
> 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Systems Provisioning

2012-10-14 Thread Stefan Schulte 
On Sat, Oct 13, 2012 at 11:52:49PM +0200, Jakov Sosic wrote:
> On 10/13/2012 11:17 PM, Stefan Schulte wrote:
> > If puppet has to sync ensure it will not sync any other property. That
> > means if your type defines "ensurable" or you have defined an ensure
> > property manually and your system is not yet present, your create method
> > is called and puppet expects the create method to create your system with
> > interfaces. 
> 
> My understanding of the problem was along those lines too. Now I have
> confirmation...
> 
> 
> > Otherwise you will see the described behaviour:
> > 
> > 1) First run: Puppet finds out ensure is out of sync (is absent, should
> > be present) and calls create
> > 2) Second run: Puppet finds out interfaces is out of sync and and calls
> > interfaces= (or whatever method you have defined for that)
> 
> 
> I am already detecting in my create method if 'system' is added to
> 'cobbler' (if it's present on the machine agent is running on), and if
> it is, I choose to edit it rather then to try to create it again.

If you use "ensurable", puppet will expect the provider to have an
exists? method and if that returns true your create method will not be
called so you do not have to check the existance in the create method
again.

> 
> So, can I just call method "interface=", if I detect I have to create
> the 'system', or is there any way to solve this issue?

If adding interfaces to a new host is exactly the same as changing
interfaces of an already existing host you can call 

interface = resource[:interface] if resoure[:interface]

Is your provider dealing with files or does it execute commands? When
dealing with files I find it is often easier to do all the work in the
flush method (which is only called if it is implemented by the provider)
and the other set methods are only updating the @property_hash hash.

So if you want to share your provider code I am always interested ;-)

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Systems Provisioning

2012-10-13 Thread Stefan Schulte 
On Sat, Oct 13, 2012 at 10:50:05PM +0200, Jakov Sosic wrote:
> On 10/13/2012 05:55 PM, Dan White wrote:
> > Is this module posted somewhere public ?
> > Looks interesting enough to try out.
> 
> It's not posted yet but it will be soon. I'm currently rewriting some
> providers from CLI cobbler to XMLRPC calls, and I'm not yet fully
> satisfied with integration with puppetlabs/apache module. I had to
> modify apache module to make it work...
> 
> 
> Also I have some minor issues, like first run adds system without
> interfaces to cobbler, and subsequent run add interfaces. So you have to
> run it twice to properly add the system.
> 
> Maybe someone can point out is there a way to fix this, because I've
> implemented interfaces as property and not param, so provider has
> separate methods for checking/modifying current state, and I don't quite
> get it why it doesn't run seamlessly in the first run
> 

If puppet has to sync ensure it will not sync any other property. That
means if your type defines "ensurable" or you have defined an ensure
property manually and your system is not yet present, your create method
is called and puppet expects the create method to create your system with
interfaces. 

Otherwise you will see the described behaviour:

1) First run: Puppet finds out ensure is out of sync (is absent, should
be present) and calls create
2) Second run: Puppet finds out interfaces is out of sync and and calls
interfaces= (or whatever method you have defined for that)

(see lib/puppet/transaction/resource_harness.rb#perform_changes)

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Wrapper classes, ordering & anchors

2012-10-11 Thread Stefan Schulte 
On Fri, Oct 12, 2012 at 03:49:48AM +0530, Mohit Chawla wrote:
> Hi, it works with code like in your paste. But check this out :
> http://pastie.org/5037832, the original situation I found myself in,
> and you can see the "floating off" behaviour again.
> 

Because you are saying that Class[abc] should be done *before*
Class[wrapper] and Class[three,two,one] should also be done *before*
Class[wrapper]. That does not imply any relationship between Class[abc]
and Class[three,two,one].

The example that was mentioned earlier does only work when you specify
that Class[abc] depends on Class[wrapper] because then you define that
Class[one,two,three] should run *before* Class[wrapper] and Class[abc]
should run *after* Class[wrapper]. That does indeed imply a relationship
between Class[one,two,three] and Class[abc].

So to let your example work

class 'wrapper' {
  include one,two,three
  
  Class['wrapper']->Class['one']
  Class['wrapper']->Class['two']
  Class['wrapper']->Class['three']
}

class 'abc' {
}

class 'xyz' {
  include abc
  include wrapper
  Class['abc']->Class['wrapper']
}

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] expiry attribut of users applied every time

2012-10-11 Thread Stefan Schulte 
On Thu, Oct 11, 2012 at 10:47:41AM -0700, Jeff McCune wrote:
> Nicholas,
> 
> [...]
>  We can't make this idempotent as a result.  This is definitely a bug,
> would you mind filing it?  If so, I'd be happy to do so on your behalf, but
> bugs from users are always better than bugs I report.
> 
> Please feel free to add me as a watcher, I'll update it with the
> information I found.
> 
> Hope this helps,
> -Jeff
> 

As Nicolas stated there already is a bug report:
http://projects.puppetlabs.com/issues/11675#change-73099

Puppet simply does not check the current state at (it is not even
implemented anywhere in the code, at least I have not found it)

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] always changing sshkeys

2012-10-11 Thread Stefan Schulte 
On Tue, Oct 09, 2012 at 03:46:36PM +0100, Klaus Ethgen wrote:
> I have a setup where I construct the host_aliases of sshkey. This work
> fine. But now I encounter that several (not all) keys are changed every
> run of puppet:
>notice: /Stage[main]/Ssh/Sshkey[XX.XXX.XXrsa]/host_aliases: 
> host_aliases changed 'XX257.257.257.257' to  'XX 257.257.257.257'
> 
> I changed the name part to Xes and the IP to 257.257.257.257, but they
> are the correct IP and name of one host.
> 
> So why is this happening? Except from the fact that the first output is
> not separated by space and the second is. (In the file
> /etc/ssh/sshd_known_hosts all entries are separated correctly by coma.)
> 
> It seems not have to do with versions of puppet. I use versions 2.7.6,
> 2.6.16, 0.25.4 and 2.7.11.
> 
> I tried to debug this to find where the decision is made to replace an
> entry but failed to find.
> 
> Any Idea?
> 

It's a bit hard to debug your problem without seeing the actual line in
your /etc/ssh/ssh_known_hosts file. If you dont want to paste it please
do this:

extract the complete line from the target file. Now run

  # irb
  irb> line = 'your actual line'
  irb> fields = line.split(/\s+/)
  # you should now see an array. The first item should be hostname and
  # all aliases
  irb> name = fields[0]
  irb> name.split(',')

What do you see after executing the last line? You should see something
like [ "name", "host_alias1", "host_alias2" ]

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: is_virtual selector

2012-10-06 Thread Stefan Schulte 
On Fri, Oct 05, 2012 at 06:42:25PM -0700, Matt wrote:
> Thanks Krzysztof.  It successfully runs now, but output is misleading on 
> subsequent runs:
> 
> build ~]# puppet agent -tv
> Info: Retrieving plugin
> Info: Caching catalog for build
> Info: Applying configuration version '1349482471'
> /Stage[main]/Baseline-testing::Ntpd/Package[ntp]/ensure: ensure changed 
> '4.2.4p8-2.el6' to 'purged'
> Finished catalog run in 6.10 seconds
> build ~]# 
> build ~]# puppet agent -tv
> Info: Retrieving plugin
> Info: Caching catalog for build
> Info: Applying configuration version '1349482471'
> /Stage[main]/Baseline-testing::Ntpd/Package[ntp]/ensure: created
> Finished catalog run in 1.10 seconds
> build ~]#
> build ~]# rpm -q ntp
> package ntp is not installed
> 
> 
> The only class being called for the 'build' node is 
> 'baseline-testing::ntpd', which only ensures that the NTP package is 
> removed (the 8 lines of code you recommended).  It does remove the package, 
> but I don't know why it mentions creating it upon the second run, even 
> though it does not actually get re-installed.  Maybe traditional 'if' 
> statements are advised.
> 
> ~Matt

Can you run puppet agent with the --debug flag? This way you should see
the command puppet is executing.

I guess puppet uses the yum provider (as your package name indicates a
redhat system) and the yum provider does not support "purged" (only
absent). There is an open feature request for it
http://projects.puppetlabs.com/issues/11450

And the issue about running yum erase multiple times is also on redmine
https://projects.puppetlabs.com/issues/2833

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet cron job class stamps file with date-time. How?

2012-10-04 Thread Stefan Schulte 
In case of the cron type it is easy for puppet to savely add a header
because puppet knows the purpose of a cronfile and knows that # is
treated as a comment.

If you use the filetype puppet does not know what your file is for. If
you ship a *.tar.gz file you certainly don't want puppet to put a header
in front of it.

So to add a static header puppet has to know what kind of file you are
shipping and if adding a header is safe. In my opinion this is rather
complicated, e.g. a shellscript is a textfile but #!/bin/sh has to
remain the first line, so puppet now has to add the header after line 1.

Adding a date is a bit complicated because puppet has to strip the
header from the source and target file before calculating any checksums,
otherwise puppet would always treat the target out of sync.

While you may be able to implement that I never thought that the date in
the file was of any help. I'd just look at the mtime. This can change
because of two reasons:

a) puppet changed the file because the source file on the server
   changed. Now mtime is the time you want to have in the header
b) some user changed the targetfile. This should not last long
   because puppet will reset the file soon and I have case a) again

-Stefan

On Thu, Oct 04, 2012 at 03:56:06PM -0400, Christopher Wood wrote:
> You may as well port the code from the cron provider into your environment.
> 
> For the generic string I was thinking of something as simple as "Don't touch 
> this file."
> 
> On Thu, Oct 04, 2012 at 12:46:09PM -0700, Jo Rhett wrote:
> >I'm not sure it's that easy. The original question about how to include
> >the date would cause some issues.. If the hiera lookup generated the date
> >each time, the file would be different each time and be overwritten each
> >time, which is probably not desirableable especially if a notify or
> >subscribe caused a service to restart.
> >On Oct 4, 2012, at 12:19 PM, Christopher Wood wrote:
> > 
> >  In this case the text appears to be a hardcode in a couple of 
> > providers:
> > 
> >  $ grep -r managed\ manually `pwd`
> >  /usr/lib/ruby/1.8/puppet/provider/parsedfile.rb:# HEADER: by puppet.
> >   While it can still be managed manually, it
> >  /usr/lib/ruby/1.8/puppet/provider/cron/crontab.rb:# HEADER: While it 
> > can
> >  still be managed manually, it is definitely not recommended.
> > 
> >  But this sounds like a great string for an environment-wide variable
> >  (hiera lookup) that all your templates can use.
> > 
> >  On Thu, Oct 04, 2012 at 12:08:39PM -0700, Jo Rhett wrote:
> > 
> >  I would also like to know this. I keep hacking the same text into
> >our
> > 
> >  templates. If there is a tag we could put in a template to get this
> >output
> > 
> >  I'd like to know it.
> > 
> >  On Oct 1, 2012, at 12:05 PM, Brian Dunbar wrote:
> > 
> >New puppet user.  I see that the cron class creates a cronjob 
> > with
> >a
> > 
> >date-time in the header, which is cool.
> > 
> ># HEADER: This file was autogenerated at Mon Oct 01 11:43:25 
> > -0500
> >2012
> > 
> >by puppet.
> > 
> ># HEADER: While it can still be managed manually, it is 
> > definitely
> >not
> > 
> >recommended.
> > 
> >1. How does it do that? 
> > 
> >2. I'd like to be able to edit the text, customize it.
> > 
> >3. More particularly, how can I put a date/time stamp in other
> >managed
> > 
> >files?  
> > 
> >I tried to do so with a template but that was not working out so
> >well.
> > 
> >Regards,
> > 
> >~brian
> > 
> >--
> > 
> >You received this message because you are subscribed to the 
> > Google
> > 
> >Groups "Puppet Users" group.
> > 
> >To view this discussion on the web visit
> > 
> >
> > [1][1]https://groups.google.com/d/msg/puppet-users/-/Wsckx5euwRgJ.
> > 
> >To post to this group, send email to
> >[2][2]puppet-users@googlegroups.com.
> > 
> >To unsubscribe from this group, send email to
> > 
> >[3][3]puppet-users+unsubscr...@googlegroups.com.
> > 
> >For more options, visit this group at
> > 
> >[4][4]http://groups.google.com/group/puppet-users?hl=en.
> > 
> >  -- 
> > 
> >  Jo Rhett
> > 
> >  Net Consonance : net philanthropy to improve open source and
> >internet
> > 
> >  projects.
> > 
> >  --
> > 
> >  You received this message because you are subscribed to the Google
> >Groups
> > 
> >  "Puppet Users" group.
> > 
> >  To post to this group, send email to
> >[5]puppet-users@googlegroups.com.
> > 
> >  To unsubscribe from this group, send email to
> > 
> >  [6]puppet-users

Re: [Puppet Users] Glassfish custom provider and 'file does not exist'

2012-09-28 Thread Stefan Schulte 
On Fri, Sep 28, 2012 at 10:39:11AM +0100, fatmcgav wrote:
> Ok, so I thought I'd take another look, and try and get some debug logging
> out of the provider to make sure it's constructing things correctly...
> 
> I've applied the following patch to asadmin.rb, however I'm not seeing
> anything on the client trace...
> 
> diff --git a/lib/puppet/provider/asadmin.rb b/lib/puppet/provider/asadmin.rb
> > index f95d6ab..c8bd4a7 100644
> > --- a/lib/puppet/provider/asadmin.rb
> > +++ b/lib/puppet/provider/asadmin.rb
> > @@ -8,6 +8,7 @@
> >  passed_args.each { |arg| args << arg }
> >  exec_args = args.join " "
> >  command = "#{@resource[:asadminpath]} #{exec_args}"
> > +Puppet.debug("Command = #{command}")
> >  command = "su - #{@resource[:user]} -c \"#{command}\"" if
> > @resource[:user] and
> >not command.match /create-service/
> >  self.debug command
> >
> 
> Any ideas how I can get the provider logging???
> 
> Cheers
> Gavin
> 

do you have the code somewhere? If you dropped the debug call in the
create method or something it will never be executed if puppet thinks
the provider is not valid at all.

So having the actual provider code may make is more obvious why it is
failing for you.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Glassfish custom provider and 'file does not exist'

2012-09-27 Thread Stefan Schulte 
On Thu, Sep 27, 2012 at 12:57:01PM +0100, fatmcgav wrote:
> Hi there
> 
> I thought that initially as well, so I modified the provider to use a full
> path rather than assume it was on the path.
> 
> The log files below are prints of the variables which are being passed
> around...
> 
> Cheers
> Gav
> On Sep 27, 2012 12:53 PM, "Dick Davies"  wrote:
> 
[...]
> > >> notice: /Stage[main]/Glassfish::Domain/Notify[gfdomain]/message: defined
> > >> 'message' as 'Creating Glassfish domain cms using portbase 9000.
> > >>  Asadmin file is: /usr/local/glassfish-3.1.2/bin/asadmin.'
> > >> # file /usr/local/glassfish-3.1.2/bin/asadmin
> > >> /usr/local/glassfish-3.1.2/bin/asadmin: POSIX shell script text
> > executable
[...]

Has the file the executable bit set for the user that is running the
script (probably root)?

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] require file/package not managed by puppet

2012-09-27 Thread Stefan Schulte 
On Thu, Sep 27, 2012 at 05:58:34AM -0700, jcbollinger wrote:
> That's actually kinda cool, but I think either you've missed the OP's 
> point, or I'm missing yours.  Declaring the package for only auditing 
> should indeed support any Puppet relationships with that resource without 
> forcing the package to be installed, but how does it achieve the main 
> objective of conditionally managing a file depending on whether the package 
> is installed?  As far as I can tell, relationships in general cannot 
> address this problem.  Am I missing something?
> 
> 
> John
> 

Nope, I did not read the question carefully enough. So as you already
mentioned a custom fact should do the trick.

But it general determining the desired state (that's what puppet tries
to enforce) by looking at the current state (is the package installed?)
may not be the best design here. So why not finding out when the package
needs to be installed (e.g. because application X needs mysql) and then
enforce that rule by puppet?

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] require file/package not managed by puppet

2012-09-26 Thread Stefan Schulte 
On Fri, Sep 21, 2012 at 05:40:52PM -0700, Justin Ryan wrote:
> I would like to place a file with puppet only if a certain package is 
> installed on the system -- but assuming this package is not puppet-managed. 
> Checking for the presence of a non-puppet-managed file is also ok. Is this 
> possible? using require => Package['mypkg'] doesn't work if it's not 
> puppet-managed. thanks. 
> 

I haven't tried it but

package { 'mypkg':
  audit => all,
}

should work. This way you are declaring the resource so you should be
able to refer to it later as Package['mypkg'] while on the other hand
only auditing the state and not actually changing it through puppet.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: ssh keys - registering multiple keys onto a same remote account

2012-09-26 Thread Stefan Schulte 
On Thu, Sep 20, 2012 at 07:34:44PM -0700, Hiu wrote:
> hi Paul,
> 
> 
> I am pretty to code the puppet codes. I try the options that you suggested 
> about creating the define type. But, I am still stuck in the middle.
> 
> Here is my code.
> $pub_keys=['XX', 'Y', 'ZZ' ]
> 
> define add_authkeys (user="hiu", key) {
> ssh_authorized_key { "$hiu":
> name => "hiu@$fqdn",
> ensure => present,
> type => ssh-rsa,
> key => $key,
> user => $user,
> }
> }
> 
> 
> class base::config_authorized_keys {
> add_authkeys { "hiu@$fqdn":
>  key => $pub_keys,
> }
> }
> 
> 
> the result is something that unexpected. my authorized keys are something 
> like this:
> 
> ssh-rsa Z
> 
> instead of 
> 
> ssh-rsa 
> ssh-rsa YY
> ssh-rsa ZZZ
> 
> 
> can you please advise? thank you.
> 
The idea is to pass an array as a resource title. e.g.

file { ['/foo', '/bar' ]: ensure => directory}

is the same as decalaring

file { '/foo': ensure => directory}
file { '/bar': ensure => directory}

You can now define a resource that takes a *key* as a title. This way
passing an array of keys multiple resources are created. The title is
available as $name. $user has to be passed as a parameter.

define pubkey{$user) {
  ssh_authorized_key { "${user}@fqdn-${name}":
ensure => present,
key=> $name,
user   => $user,
type   => rsa,
  }
}

Now in your base class:

class base::config_authorized_keys {
  $keys = [ "aaa", "bbb" ]
  pubkey { $keys:
user => 'hiu',
  }
}

Again, this is the same as declaring

pubkey { "aaa": user => hiu }
pubkey { "bbb": user => hiu }

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: [Puppet-dev] Do you rely on 'param=>undef' being equal to '(nothing)'?

2012-09-18 Thread Stefan Schulte 
On Tue, Sep 18, 2012 at 05:27:07PM -0700, Eric Sorenson wrote:
> On Friday, September 14, 2012 3:36:20 PM UTC-7, Stefan Schulte wrote:
> >
> >
> > I use this a lot to be able to have an optional parameter in a parent 
> > class that is passed to an included class and the included class 
> > determines the default value. Like: 
> >
> > class basic($puppet_cron = undef) { 
> >   class { 'puppet::client': 
> > cron => $puppet_cron, 
> >   } 
> > } 
> >
> >
> Stefan - This is exactly the case I'm concerned about.
> 
> The simplest way to preserve this pattern would be putting the default 
> value for cron in the `basic` typedef, where you now have `undef`.
> 
> class basic($puppet_cron = "some_default") {
>class { 'puppet::client': 
>   cron => $puppet_cron,
>   }
> }
> 
> The advantage is that if you want to really revert to the default for the 
> `cron` parameter, you can actually invoke it with undef, just like a 
> regular resource.
> 
> The bad side is that you now have to move your defaults to the calling 
> class, or worse, duplicate them.
> 
> What do you think?
> 
> -=Eric
> 

Eric -

In my case a class that is included in a wrapper class is not supposed
to be included directly at node level. So I could move the default
values in the wrapper class.

This would also make documenting the wrapper class cleaner (I dont have
to write "param foo determines bar. For the default value check the
documentation of class X"). On the other hand I am not able to include
the class directly anymore without specifying all paramters explicitly
(as I said I currently don't do that, but others might). Duplicating the
default value seems like a bad thing to do, especially when they get out
of sync. And I am not sure if I like the fact that the knowledge "what
is a sane default value for this particular parameter" is shifting out
of the actual class.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Complex custom type?

2012-09-16 Thread Stefan Schulte 
On Fri, Sep 14, 2012 at 06:37:28PM +0200, Jakov Sosic wrote:
> Hi.
> 
> I've successfully written and tested three puppet custom types for
> managing cobbler so far (distro, repo and profile). So far it has been
> interesting week, learning ruby from zero, learning custom types etc.
> But I'm really satisfied with the results so far.
> 
> Now I'm trying to figure out how to write rather complex provider, so
> maybe someone can help with some thoughts or input.
> 
> What am I trying to do is write a provider for a command that looks
> something like this:
> 
> cobbler add system --name=blah \
>   --profile=someprofile  \
>   --interface=eth0 \
> --mac=SOMEMAC \
> --interface-type=bond_slave \
> --interface-master=bond0 \
>   --interface=eth1 \
> --mac=SOMEMAC \
> --interface-type=bond_slave \
> --interface-master=bond0 \
>   --interface-name=bond0 \
> --interface-type=bond
> --bonding-opts="miimon=300 mode=1 primary=eth0"
> --ip-address=MYIP \

As you pointed out you can write different types and the system types
will create the system with no interfaces at all (if that is possible)
and the interface type will add them later on.

The second way I can think of is a delimiter if the interface options
are more or less always the same like

interfaces => [
  'eth0:mac=SOME_MAC:type=bond_slave:master=band0',
  'eth1:...'
],

or the interface property could accept a hash. I have not tried it
myself but it should work because the puppetlabs f5 type seems to use
it:

https://github.com/puppetlabs/puppetlabs-f5#appendix

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Automatic require in custom type?

2012-09-16 Thread Stefan Schulte 
On Fri, Sep 14, 2012 at 03:49:56PM +0200, Jakov Sosic wrote:
> Hi.
> 
> I have 3 custom types, for example A, B, and C.
> 
> A and B are build blocks for C. So if there is no A or B, C will fail to
> be added. For example:
> 
> 
> typeA { 'A':
>  ...
>  ...
> }
> 
> 
> typeB { 'B':
>  ...
>  ...
> }
> 
> typeC { 'C':
>   optionA => 'A',
>   optionB => 'B',
> }
> 
> So, I would have to write the require in this case:
> 
> typeC { 'C':
>   optionA => 'A',
>   optionB => 'B',
>   require => [ typeA['A'], typeB['B'] ],
> }
> 

Do you mean a custom type you have defined with

define typeC($optionA,$optionB) {
  ...
}

or a custom type you are shipping as a plugin and is written in ruby? If
it is the latter you can use

Puppet::Type.newtype(:typeC) do
  ...
  autorequire(:typeA) do
self[:optionA]
  end

  autorequire(:typeB) do
self[:optionB]
  end
end

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: [Puppet-dev] Do you rely on 'param=>undef' being equal to '(nothing)'?

2012-09-14 Thread Stefan Schulte 
On Fri, Sep 14, 2012 at 11:31:08AM -0700, Eric Sorenson wrote:
> Hi, there's an issue that came up recently in the 3.0RCs -- Big thanks to 
> Erik Dalén for reporting it in #16221 -- that involves a behaviour change to 
> part of the DSL. In a nutshell, this code:
> 
[..]> 
> class toplevel (
>$maybe = false,
>$optional = undef ) {
>if ($maybe) {
>   class { toplevel::secondlevel: optional => undef }
>}
> }
> 
> In order to make use of the default for the `optional` parameter in 
> toplevel::secondlevel, you'd now need to either test in `toplevel` whether 
> `$optional` was passed into it, or have toplevel::secondlevel use an 
> `$optional_real` value inside it, similar to what's commonly done to append 
> to defaults that are array values. 
> 
[...]
> 
> So, I'm trying to determine whether this is a widespread pattern or an 
> edge-case. Do you expect 'param=>undef' to be the same as not specifying 
> param at all, or for the receiver to "see" the undef?
> 
> Eric Sorenson - eric.soren...@puppetlabs.com
> PuppetConf'12 - 27-28 Sep in SF - http://bit.ly/pcsig12
> 

I use this a lot to be able to have an optional parameter in a parent
class that is passed to an included class and the included class
determines the default value. Like:

class basic($puppet_cron = undef) {
  class { 'puppet::client':
cron => $puppet_cron,
  }
}

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet smoking crack?

2012-09-06 Thread Stefan Schulte 
On Wed, Sep 05, 2012 at 03:01:42PM -0700, Douglas Garstang wrote:
> On Wed, Sep 5, 2012 at 2:23 PM, Christopher Wood
>  wrote:
> > (inline)
> >
> > On Wed, Sep 05, 2012 at 02:04:59PM -0700, Douglas Garstang wrote:
> >> Couple of questions. Firstly, what's the plugin error about?
> >>
> >> puppet agent --onetime --test --verbose
> >
> > Could you also try with --debug?
> 
> I could. What are we looking for?
> 
> >
> >> info: Retrieving plugin
> >> err: /File[/var/lib/puppet/lib]: Could not evaluate: Could not
> >> retrieve information from source(s) puppet://puppet/plugins
> >
> > Worth looking into your pluginsync config here.
> 
> I have on the client 'pluginsync = true' in the [main] section.
> 

Do you have any plugins on your server side? If not you are hitting a bug
that will be fixed in 3.0.0 http://projects.puppetlabs.com/issues/2244

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Package install from a URL

2012-09-03 Thread Stefan Schulte 
On Mon, Sep 03, 2012 at 05:26:30AM -0700, matonb wrote:
> puppet-server 2.7.19 on CentOS 6.3 x64
>  
> I have the follow very bsaic class, which I would expect to install the 
> package if it's not already  present on the system:
>  
> class yum::repos::puppetlabs {
>   package { 'puppetlabs-release':
> ensure => installed,
> source => 
> 'http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-5.noarch.rpm',
>   }
> }
> It doesn't appear to use the source value, simply the package name in the 
> yum command:
>  
> err: /Stage[main]/Yum::Repos::Puppetlabs/Package[puppetlabs-release]/
> ensure: change from absent to present failed:
> Execution of '/usr/bin/yum -d 0 -e 0 -y install puppetlabs-release' 
> returned 1: Error: Nothing to do
>  
> If I manually install with
>  yum install 
> http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-5.noarch.rpm
>  
> It works just fine.
>  
> Any help appreciated.
> 

The package type actually has a lot of parameters that are only used by
a subset of all providers. Like "category" is only used on gentoo (i
guess) and "adminfile" is a solaris pkgadd specific.

If you think that source should not only be respected by the rpm
provider but also in the yum provider you should file a feature request:

http://projects.puppetlabs.com/issues

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Pass array to a define

2012-08-14 Thread Stefan Schulte 
On Tue, Aug 14, 2012 at 02:23:37PM -0700, Douglas Garstang wrote:
> Yeah, well I tried the puppet labs lvm module. After I fixed the
> syntax errors, which included a missing '}' in the code (wtf!??!), it
> seems that custom types don't work with environments...
> 
> http://projects.puppetlabs.com/issues/4409
> 
> Doug.
> 

You can use custom types even if you use environments. The problem is that
type and parameter validation happens on the master side so the puppetmaster
process needs to be aware of the custom type.

So on your master you need to have at least these files:

/var/lib/puppet/lib/puppet/type/filesystem.rb
/var/lib/puppet/lib/puppet/type/logical_volume.rb
/var/lib/puppet/lib/puppet/type/physical_volume.rb
/var/lib/puppet/lib/puppet/type/volume_group.rb

On your agent you need to have the type/* and provider/*/* files but
this is already handled if you use `pluginsync = true` in your
`/etc/puppet/puppet.conf`.

On your puppet master you can either copy the files by hand or run a puppet
agent process on the master with pluginsync enabled. If the files are in
place make sure to restart your puppetmaster (maybe the master will pick
them up automatically but I am not sure about that).

The thing about environments is: You may want to add a parameter to the
`volume_group´ type so you modify the volume_group.rb file in your "dev"
environment. While a puppet node with environment "dev" will get the new
version of the plugin now, the puppetmaster will still see its version
in /var/lib/puppet/type/volume_group.rb which does not have the new
parameter. If you run puppet agent on your masternode in the environment
"prod" you are forced to push your changes to volume_group.rb into prod.

I hope this helps and you get the lvm type to work.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] getting output from command in custom provider

2012-08-13 Thread Stefan Schulte 
On Mon, Aug 13, 2012 at 11:55:23AM -0700, ZJE wrote:
> Is the output of a command called by puppet stored somewhere on the master 
> or agent?
> 
> For example, if have the statement
> ---
> commands :ls => "ls"
> ---
> 
> and then I try something like " ls, '/' "

this does not seem right. The above command method marks the provider as
unsuitable if the ls command is not present and creates a method with
the name ls. So if you want to execute ls you do:

output = ls('-l', '/tmp')

> 
> where does the output of "ls /" go?

it is the return value of the method "ls"

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Pass array to a define

2012-08-11 Thread Stefan Schulte 
On Sat, Aug 11, 2012 at 01:46:57PM -0700, James A. Peltier wrote:
> - Original Message -
> | On Fri, Aug 10, 2012 at 05:10:20PM -0700, Douglas Garstang wrote:
> | > How can I pass an array to a define? It's not documented in the
> | > puppet
> | > language guide.
> | > 
> | > I've got:
> | > 
> | > define lvm::create_vg ( $pvdisks ) {
> | > exec {
> | > 'pvcreate':
> | > command => "/sbin/pvcreate -yf $pvdisks",
> | > unless  => "/sbin/pvdisplay $pvdisks",
> | >...
> | > }
> | > }
> | > 
> | > class someclass {
> | > lvm::create_vg {
> | > 'bcvg01':
> | > pvdisks => ['/dev/xvdb1', '/dev/xvdc1'];
> | > }
> | > }
> | > 
> | > Inside the define, $pvdisks gets expanded to '/dev/xvdb1/dev/xvdc1'
> | > 
> | > Doug.
> | 
> | Inside your define $pvdisks is whatever you passed as the pvdisks
> | parameter, so in your case $pvdisks *is* an array. But in the unless
> | parameter you use the array in a string context so all your items are
> | concatenated. Unfortunately puppet does not have a join function to
> | convert an array to a string.
> | 
> | On the other hand it may not be desired to destroy every disk you
> | pass
> | as in the pvdisks array if only one of the disks is not a LVM disk
> | (as
> | pvdisplay returns with a non-zero exitcode as soon as one disk is not
> | recognized to be a LVM disk)
> | 
> | So the best approach is probably to get the LVM puppet plugin and
> | replace your exec with
> | 
> | physical_volume { $pvdisks:
> |   ensure => present,
> | }
> | 
> | The physical_volume is a new type that comes with the LVM plugin.
> | 
> | [1] http://forge.puppetlabs.com/puppetlabs/lvm
> | 
> | -Stefan
> 
> Great!  But what happens if you want to specify multiple physical volumes be 
> a member of a single data volume during creation.  Is the expectation that 
> you'd always specify a lvm:vg with the initial disk and then lvm:vg extend 
> that volume?

Do you mean something like sda1 and sda2 beeing two physical volumes in
the volume group vg? This should work:


physical_volume { [ '/dev/sda1', '/dev/sda2']:
  ensure => present.
}

volume_group { 'vg':
  ensure   => present,
  physical_volumes => [ '/dev/sda1', '/dev/sda2' ],
  require  => [
Physical_volume['/dev/sda1'],
Physical_volume['/dev/sda2'],
  ],
}

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Extending Puppet Woes

2012-08-11 Thread Stefan Schulte 
On Fri, Aug 10, 2012 at 08:51:33PM -0700, Mike Carr wrote:
> I am looking to extend one of the puppet modules -"mysql". I found that they 
> are extending Puppet with types and providers. First off I am having a 
> difficult time find any documentationo on this and I do not know Ruby that 
> well. The problem that I am having is this, I have the following code:
> 
> Puppet::Type.type(:database).provide(:mysql) do
> desc "Manages MySQL database."
> 
>   defaultfor :kernel => 'Linux'
> 
>   optional_commands :mysql  => 'mysql'

This will automatically define a method called mysql you can use later.

> 
> def create
> def create
> mysql("-u #{resource[:rootuser]} -p\'#{resource[:rootpassword]}\' -h 
> #{resource[:host]} -NBev", "create database #{@resource[:name]} character set 
> #{resource[:charset]}")
>   end
> 

The mysql method does not use a shell to execute your command, instead every
argument you pass to the mysql method is passed as an argument to the mysql
executable. So in your case mysql is only executed with one huge argument.
What you want is:

mysql(
  '-u', resource[:rootuser],
  '-p', resource[:rootpassword],
  '-h', resource[:host],
  '-NBev', "create database #{resource[:name]} character set 
#{resource[:charset]}"
)

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Pass array to a define

2012-08-11 Thread Stefan Schulte 
On Fri, Aug 10, 2012 at 05:10:20PM -0700, Douglas Garstang wrote:
> How can I pass an array to a define? It's not documented in the puppet
> language guide.
> 
> I've got:
> 
> define lvm::create_vg ( $pvdisks ) {
> exec {
> 'pvcreate':
> command => "/sbin/pvcreate -yf $pvdisks",
> unless  => "/sbin/pvdisplay $pvdisks",
>...
> }
> }
> 
> class someclass {
> lvm::create_vg {
> 'bcvg01':
> pvdisks => ['/dev/xvdb1', '/dev/xvdc1'];
> }
> }
> 
> Inside the define, $pvdisks gets expanded to '/dev/xvdb1/dev/xvdc1'
> 
> Doug.

Inside your define $pvdisks is whatever you passed as the pvdisks
parameter, so in your case $pvdisks *is* an array. But in the unless
parameter you use the array in a string context so all your items are
concatenated. Unfortunately puppet does not have a join function to
convert an array to a string.

On the other hand it may not be desired to destroy every disk you pass
as in the pvdisks array if only one of the disks is not a LVM disk (as
pvdisplay returns with a non-zero exitcode as soon as one disk is not
recognized to be a LVM disk)

So the best approach is probably to get the LVM puppet plugin and
replace your exec with

physical_volume { $pvdisks:
  ensure => present,
}

The physical_volume is a new type that comes with the LVM plugin.

[1] http://forge.puppetlabs.com/puppetlabs/lvm

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] string matching in erb template

2012-08-04 Thread Stefan Schulte 
On Sat, Aug 04, 2012 at 03:10:11AM -0700, danielt wrote:
> Hi!
> 
> I am trying to match a string in an ERB template but for what ever reason 
> it does not work.
> 
>  <% if has_variable?("apache2_phpmyadmin_url") && apache2_phpmyadmin_url != 
> "" then %>
> ProxyPass /<%= apache2_phpmyadmin_url %>/ !
>  <% end %>
> 
> The conditional works on has_variable? but the != "" is not getting 
> evaluated. When the variable is set to "" than the Proxypass is set to  / 
> instead of being left out.
> 
> Any ideas what I am doing wrong?
> 
> Best Regards,
> 
> Dan

Are you sure the variable is an empty string? I just did a short test
myself and your example does work for me.

try to modify your ProxyPass line to

ProxyPass /<%= apache2_phpmyadmin_url.inspect %>/ !

This way an empty string should appear as "" and you may find out that
apache2_phpmyadmin_url does contain some spaces or is not a string at
all.

Sitenote: The documentation recommends to reference your variables as
instance variables [1] to avoid nameclashes with ruby functions [2].
This way your template could look like this

<% if @apache2_phpmyadmin_url and !@apache2_phpmyadmin_url.empty? -%>
ProxyPass /<%= @apache2_phpmyadmin_url %>/ !
<% end -%>

[1] http://docs.puppetlabs.com/guides/templating.html#referencing-variables
[2] http://projects.puppetlabs.com/issues/14527


-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Get extra error output when debugging custom types?

2012-07-31 Thread Stefan Schulte 
On Tue, Jul 31, 2012 at 03:24:15PM -0700, ZJE wrote:
> Is it possible to get extra output when running custom types? Right now, 
> I'm getting an error message and I'm not sure where in the code it's being 
> thrown from.
> For example, I can see that I'm trying to iterate over a null object, but 
> I'm not sure where in the code this happening when the message is this:
> ---
> Error: /Stage[main]//Node[testnode0101]/TestType[testname]: Could not 
> evaluate: undefined method `each' for nil:NilClass
> ---
> 

Try to run puppet with the --trace option which will hopefully show a
stacktrace when the error is happening. Otherwise you can place a few
method call like

debug "inside validation block"

etc and run puppet with -d/--debug

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] a complete solution for puppet

2012-07-25 Thread Stefan Schulte 
On Wed, Jul 25, 2012 at 02:00:37PM -0700, Hai Tao wrote:
> Hi,
> 
[...]
> 
> My question is why the designer of puppet did not consider this and
> integrate everything into a complete solution at the beginning, rather
> than having us have to reconfigure everything by hand. Who will use
> puppet if he has only 50 nodes?
> 

You probably want Puppet Enterprise as it comes with one installer for
all these dependencies

http://puppetlabs.com/puppet/faq/

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] erb question - can you "if val" in an "each do" statement?

2012-07-24 Thread Stefan Schulte 
On Tue, Jul 24, 2012 at 10:47:40AM -0700, earthgecko wrote:
[...]
> Would still be interested to know if you can use if val in the each do 
> context.
> 
[...]
> On Tuesday, July 24, 2012 6:12:27 PM UTC+1, Stefan Schulte wrote:
> > On Tue, Jul 24, 2012 at 08:08:30AM -0700, earthgecko wrote: 
> > > Trying to figure what will work and the following do NOT work. 
> > > 
> > > <% hosts.each do |val| %><% if val != "<%= hostname %>" %>  host (<%= 
> > val 
> > > %>);<% end %><% end %> 

if you write

<% if val != "<%= hostname %>" %>

The thing between <% and %> will be interpreted as ruby code but you mix
in erb syntax inside this ruby fragment. Maybe erb thinks the ruby code
ends after the inner %> not after the outer %>. However what you really
wanted to write was probably

<% if val != @hostname %>

Notice that I am addressing hostname as an instance variable. Addressing
it as plain hostname (as a function) does also work but should be avoided
because you may accidentally call a real ruby function instead
(http://projects.puppetlabs.com/issues/14527 is a great example for
that)

So the endresult could be

<% hosts.each do |val| -%>
<%   if val != @hostname -%>
host (<%= val %>)
<%   end -%>
<% end -%>

-Stefan

> > > 
> > > <% hosts.each do |val| %><% if "<%= val %>" != "<%= hostname %>" %> 
> >  host 
> > > (<%= val %>);<% end %><% end %> 
> > > 
> > > <% hosts.each do |val| %><% if <%= val %> != "<%= hostname %>" %>  host 
> > > (<%= val %>);<% end %><% end %> 
> > > 
> > > All error with something similar to: 
> > > 
> > > syntax error, unexpected $undefined, expecting kTHEN or ':' or '\n' or 
> > ';' 
> > > ...= hostname ; _erbout.concat "\" %>  host ("; _erbout.concat... 
> > >   ^ 
> > > .cfg.erb:15: syntax error, unexpected kEND, expecting $end 
> > > ...rbout.concat ");";  end ;  end ; _erbout.concat "\n  key /et... 
> > > 
> > > Thanks in advance.. 
> >
> > Haven't tested it but does 
> >
> > <% @hosts.reject { |h| h == @hostname }.each do |host| -%> 
> > <%= host %> 
> > <% end -%> 
> >
> > work for you? 
> >
> > -Stefan 
> >
> >
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To view this discussion on the web visit 
> https://groups.google.com/d/msg/puppet-users/-/WizWNp4VO-QJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
> 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] erb question - can you "if val" in an "each do" statement?

2012-07-24 Thread Stefan Schulte 
On Tue, Jul 24, 2012 at 08:08:30AM -0700, earthgecko wrote:
> Quick erb question:
> 
> Can you use a if val in an each do iteration?  And if so... how :/  If 
> someone knows and is kind enough to shed some light.
> 
> Trying to figure what will work and the following do NOT work.
> 
> <% hosts.each do |val| %><% if val != "<%= hostname %>" %>  host (<%= val 
> %>);<% end %><% end %>
> 
> <% hosts.each do |val| %><% if "<%= val %>" != "<%= hostname %>" %>  host 
> (<%= val %>);<% end %><% end %>
> 
> <% hosts.each do |val| %><% if <%= val %> != "<%= hostname %>" %>  host 
> (<%= val %>);<% end %><% end %>
> 
> All error with something similar to:
> 
> syntax error, unexpected $undefined, expecting kTHEN or ':' or '\n' or ';'
> ...= hostname ; _erbout.concat "\" %>  host ("; _erbout.concat...
>   ^
> .cfg.erb:15: syntax error, unexpected kEND, expecting $end
> ...rbout.concat ");";  end ;  end ; _erbout.concat "\n  key /et...
> 
> Thanks in advance..

Haven't tested it but does

<% @hosts.reject { |h| h == @hostname }.each do |host| -%>
<%= host %>
<% end -%>

work for you?

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] access facts in ENC

2012-07-24 Thread Stefan Schulte 
On Mon, Jul 23, 2012 at 08:25:49PM -0400, Brian Gupta wrote:
> Your ENC script can pretty much do whatever you want it to do. I'm not
> exactly following what you want to do with the facts, but you could
> upload them to your ENC like so:
> https://github.com/theforeman/puppet-foreman/blob/master/templates/external_node.rb.erb
> 
> -Brian
> 

This may also be helpful:
http://docs.puppetlabs.com/guides/external_nodes.html#tricks-notes-and-further-reading

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet 2.7.18 puppetstoredconfigclean.rb

2012-07-13 Thread Stefan Schulte 
On Fri, Jul 13, 2012 at 12:41:46PM -0400, Worker Bee wrote:
> I downloaded the tar.gz for 2.7.18.
> I noticed that ext/ puppetstoredconfigclean.rb is missing.
> 
> Can anyone tell me where to get this script?  Is it okay to use the script
> from 2.7.10?
> 
> Thanks!
> 

The script was removed because »puppet node clean« does the same thing,
see http://projects.puppetlabs.com/issues/12405

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: puppet freezes on FUTEX_WAKE_PRIVATE

2012-07-13 Thread Stefan Schulte 
On Fri, Jul 13, 2012 at 06:30:41AM -0700, Thomas Sturm wrote:
> We have the same problem on Ubuntu 12.04 with kernel 3.2.0-24 and puppet 
> 2.7.11. This occurs just after "info: Retrieving plugin" and before loading 
> the facter facts. It occurs every 100th or 200th puppet run. Any hint much 
> appreciated!
> 
> cheers,
> Thomas
> 

Is this a relativly new issue for you? FUTEX_WAIT reminds me of the leap
second kernelbug. If that's the case setting the time will fix the issue.

http://serverfault.com/questions/407224/java-process-opends-consumes-all-cpu-futex-flood-how-to-debug-futex

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Crontab overwritten by Puppet

2012-07-12 Thread Stefan Schulte 
On Mon, Jul 09, 2012 at 06:48:41AM -0700, Kmbu wrote:
> Hello folks..
> 
> I suddenly found the crontab on one of my puppet clients overwritten. It 
> had many entries, including one created by Puppet. Suddenly during one run 
> it was overwritten, keeping only the Puppet entry and removing everything 
> else. Nothing changed between the previous runs and the one that re-created 
> the crontab in terms of configuration. I'm running Puppet 2.7.6.
> 
> Fri Jul 06 22:00:16 +0200 2012 Puppet (notice): Reopening log files
> Fri Jul 06 22:03:58 +0200 2012 Puppet (notice): Finished catalog run in 
> 5.34 seconds
> Fri Jul 06 22:10:15 +0200 2012 Puppet (notice): Reopening log files
> Fri Jul 06 22:11:18 +0200 2012 Puppet (notice): Finished catalog run in 
> 5.30 seconds
> Fri Jul 06 22:20:15 +0200 2012 Puppet (notice): Reopening log files
> Fri Jul 06 22:23:05 +0200 2012 Puppet (notice): Finished catalog run in 
> 5.81 seconds
> Fri Jul 06 22:30:15 +0200 2012 Puppet (notice): Reopening log files
> Fri Jul 06 22:35:04 +0200 2012 Puppet (notice): Finished catalog run in 
> 5.92 seconds
> Fri Jul 06 22:40:15 +0200 2012 Puppet (notice): Reopening log files
> Fri Jul 06 22:44:35 +0200 2012 
> /Stage[main]/Cre-base/Cron[puppet-run]/ensure (notice): created
> Fri Jul 06 22:44:39 +0200 2012 Puppet (notice): Finished catalog run in 
> 5.54 seconds
> 
> Why would one run suddenly do this?
> 
> Regards,
> 

It looks like prefetching (executing »crontab -l root« to get current
cronentries) failed in some way. As a result puppet's in-memory
representation of the crontab is empty. When puppet now evaluates your
Cron['puppet-run'] resource, it detects it to be out of sync (is absent,
should be present), so the in-memory representation now contains only
your 'puppet-run' cronjob. If the new crontab is written back to disk,
you will loose every other cronentry.

Normally I would expect an error message if prefetching failed:

Could not prefetch cron provider

but that doesn't seem to be the case here. On the other hand there is an
outstanding bug about failures beeing silently ignored on solaris [1]

So a failure when running »crontab -l root« (do you manage crontabs of
other users as well? You may hit [2] in that case) would at least
explain the log output but the interesting question now is:
Can you think of a situation *why* the command failed?

[1] http://projects.puppetlabs.com/issues/14283
[2] http://projects.puppetlabs.com/issues/5752

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] groups dependencies at user creation

2012-07-07 Thread Stefan Schulte 
On Mon, Jul 02, 2012 at 12:20:40PM -0500, Tim Mooney wrote:
> >  How to ensure groups dependencies at user creation ?.
> 
> If you were just talking about the user's default group, then it would
> be one of the few cases where puppet establishes an ordering relation
> for you automatically.  In other words:
> 
>user { 'foo':
>  gid => 'bar',
>}
> 
> automatically ensures that group 'bar' is present before user 'foo'.
> 
> I don't know if that same thing is true for supplemental groups

It is also true for supplemental groups. You can see puppet creates the
relationship when you run puppet agent / puppet apply in debug mode.

So when I run

# puppet apply -vd --noop << EOF
group { ['foo', 'bar']:ensure => present }
user { 'bob': groups => [ 'foo', 'bar' ], ensure => present }
EOF

I get

debug: /Stage[main]//User[bob]: Autorequiring Group[bar]
debug: /Stage[main]//User[bob]: Autorequiring Group[foo]

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: How do I "cd" (change directory) with Puppet's exec?

2012-07-07 Thread Stefan Schulte 
On Fri, Jul 06, 2012 at 08:44:51AM -0700, jcbollinger wrote:
> 
> 
> On Friday, July 6, 2012 2:10:13 AM UTC-5, Hendrik Jäger wrote:
> >
> > [...] let a shell 
> > execute your command [...]
> >
> 
> Which you can do fairly easily by adding "provider => 'sh'" to your Exec's 
> parameters.
> 
> Or if you need a non-default shell or you just like doing things the hard 
> way, then you can use a variation on
> 
> bash -c 'my command here'
> 
> as your command.

Instead of doing these kinds of work-arounds I'd just use the cwd
parameter of the exec resource as described in the type reference [1]

so e.g.

exec { 'make_sendmail':
  command => '/usr/bin/make',
  cwd => '/etc/mail'
}

If you have GNU make you can also ask the make command itself to change
the directory (-C dir, --directory=dir)

[1] http://docs.puppetlabs.com/references/latest/type.html#exec

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] hash to_yaml in erb template not giving valid yaml

2012-07-05 Thread Stefan Schulte 
On Thu, Jul 05, 2012 at 05:43:10PM +0200, Martin Willemsma wrote:
> Hi,
> 
> I want to use a file resource to write a facts.yaml file for
> Mcollective. For some reason it won't provide a valid yaml format if I
> dump my scope to hash and convert to_yaml.
> 
>   file {
>   "/etc/mcollective/facts.yaml" :
>   owner => root,
>   group => root,
>   mode => 400,
>   loglevel => debug,
>   #content => inline_template("<%= scope.to_hash.reject { 
> |k,v| !(
> k.is_a?(String) && v.is_a?(String) ) }.to_yaml %>"),
> 
>   #content => inline_template("<%= { \"a\" => 1, \"b\"=> 
> 2}.to_yaml %>"),
>   content =>
>   inline_template("<%= facts = {}; 
> scope.to_hash.each_pair {|k,v|
> facts[k.to_s] = v.to_s unless k.to_s =~
> /pkg_|_hours|_seconds|memoryfree|plugin_|config|_timestamp/ };
> facts.to_yaml.sort %>"),
>   }
> 


The to_yaml output should start with a "---\n" line, but if you sort
your list  (BTW: I get an error on ruby 1.9 when I call sort on a
string) you may produce an invalid yaml file if the "---" is not on top
anymore.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Base directory with File

2012-06-26 Thread Stefan Schulte 
On Mon, Jun 25, 2012 at 10:27:40AM -0700, Mark Roggenkamp wrote:
> Hi all,
> 
> I'd like to specify a base_directory and a list of directories (as 
> variables that may be pulled via hiera later) that will be created under 
> that base directory.
> 
> base_dir = "/home/base"
> bars = ["a", "b", "c"]
> 
> bars will be used to create the folders under base and also part of the 
> information going into building a template so I don't want to store them as 
> ["$base_dir/a", "$base_dir/b", "$base_dir/c"]. 
> 
> What's the best way to create the bar directories under the base_dir? I'd 
> love to just give File the bars array and specify the base_dir as a 
> property. Should I make a prepend function that would prepend base_dir to 
> each bar and then pass that to File? 
> 
> I tried a definition but then to loop I have to generate a single loop-able 
> structure to call the definition with that contains both bars and base_dir. 
> I looked at create_resources but that seems like it'd force me to make more 
> things variables than I wanted and duplicate more than I would like.
> 
> Thanks,
> Mark
> 

If you don't want to use a define here you can use the way how the regsubst
function works on arrays: It will apply the substition on all elements and
will then return an array with the same length. So this does also work:

$base_dir = '/home/base'
$bars = ['a', 'b', 'c']

# prefix all bars with base_dir
$dirs = regsubst($bars, '(.*)', "${base_dir}/\\1")

file { $dirs:
  ensure => directory,
}

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet commands require root access

2012-06-26 Thread Stefan Schulte 
On Mon, Jun 25, 2012 at 05:46:39PM -0400, Worker Bee wrote:
> Hi Everyone;
> 
> Why does running "puppet resource" require root/sudo access?  Is it
> supposed to be this way or do I have a permissions issue?
> I installed using the gzip files...
> 
> Thanks!
> 

puppet resource doesnt necessarily require root access. E.g. running
»puppet resource group« should show you present groups and it should
work as a normal user. Like:

  % puppet resource group wheel
  group { 'wheel':
ensure => 'present',
gid=> '10',
  }

Just note that »puppet resource some_resource_type« needs a suitable
provider for the type. Most of the providers specify a few files that
have to be executable by the user that is running puppet. The »groupadd«
provider e.g. requires the commands "groupadd", "groupdel" and "groupmod".
If your unprivileged user doesnt have these commands in $PATH or doesn't
have access rights (I guess ubuntoo ships these commands with mode 0700)
puppet will not work.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Help with bind option for mount

2012-06-22 Thread Stefan Schulte 
On Fri, Jun 22, 2012 at 05:57:21AM -0700, cnjohnson wrote:
> This is my first foray into using puppet for creating and maintaining bind 
> mounts (see man 8 mount). I am unsure of how to describe the state I want 
> puppet to achieve. This is for creating files systems in a chroot jail. I 
> am primarily unsure of how to set the "options". Is it a string, and array, 
> a hash? Any help would be appreciated. Thanks!
> 
> mount { "/gpfs20/home":
>   ensure  => mounted,
>   name=> "/chroot/centos5/home",
>   fstype  => "none",
>   options => "rw,bind",
> }
> 

You pass the options as a string but I see another problem here: You are
setting the title of the resource to "/gpfs20/home". The title can be
completly random (as long as it is unique) but it will also implicitly set
the name parameter as long as you don't overwrite it explicitly. The name
parameter determines the mountpoint. So I guess what you really want is

mount { '/chroot/centos5/home':
  ensure  => mounted,
  device  => '/gpfs20/home',
  fstype  => 'none',
  options => 'rw,bind',
}

As you can see I omitted the name parameter (the mountpoint) because it is
implicitly set to the resource's title ("/chroot/centos5/home")

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Gentoo package provider

2012-06-21 Thread Stefan Schulte 

Hi,

I recently looked at the gentoo package provider and I think it has a
few problems and I'm interested in how gentoo people tackle these
problems:

1) The package provider puts a dependency on eix. While chances are good
   that eix is installed it is not part of the base system (AFAIK).
   Puppet will not immediatly fail though. If you have e.g. ruby
   installed you might ask yourself why puppet tries to install
   app-editors/vim with the gem provider.
2) The package provider makes a few assumption where the eix cache is
   stored and about PORTDIR beeing /usr/portage. A while ago I saw a
   discussion on gentoo-users were multiple people said they place
   there portagetree in /var/portage
3) Packagenames are not unique in gentoo. While you can e.g. specify

 package { 'rubygems':
   ensure   => latest,
   category => 'dev-ruby',
 }

   this still seems to confuse puppet (in my case puppet wants to update
   the package saying the installed version is 1.8.24 [which is true] and
   the latest version beeing 4 (which is the latest version of
   virtual/rubygems, not dev-ruby/rubygems).
   To be on the safe side you really have to specify

 package { 'dev-ruby/rubygems':
   ensure => latest,
 }

   and ignore the category parameter.
4) running "puppet resource package" does create resources with only
   the packagename, without the category. So you don't see the true result
   if you have two packages installed that come from different
   categories.

   # portageq match / '*/rubygems'
   dev-ruby/rubygems-1.8.24
   virtual/rubygems-4

   # puppet resource package |grep -A 2 rubygems
   package { 'rubygems':
 ensure => '1.8.24',
   }
   #

5) The provider sometimes lies which seems to be caused by the --stable
   flag which is passed to eix. In my case puppet thinks that tar is not
   installed.

   # portageq match / tar
   app-arch/tar-1.26

   # puppet resource package tar
   package { 'tar':
 ensure => 'absent',
   }

So I'd like to change the following:
- query with portageq not with eix, e.g.:
  packagelist:
  # portageq match / ''
  version of a specific package
  # portageq match / dev-ruby/rubygems
  latest version of a specific package
  # portageq best_visible / dev-ruby/rubygems
- drop/deprecate the category parameter
- encourage people to include the category in the resource title
- when using puppet resource package also include the category in the
  packagename

In my opinion these changes should fix all the issues above. One issue will
still exists though: You can install multiple versions of the same package
(slots):

# portageq match / autoconf
sys-devel/autoconf-2.13
sys-devel/autoconf-2.69

I don't really now what puppet should return as the current version
here.

I'd love to know what you think about the current portage provider and the
proposed changes.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet and Ruby 1.9

2012-06-18 Thread Stefan Schulte 
On Mon, Jun 18, 2012 at 10:02:10PM +0300, Ohad Levy wrote:
> On Mon, Jun 18, 2012 at 9:32 PM, Forrie  wrote:
> 
> > What is the status of compatibility with Puppet 2.7.16+ and Ruby
> > 1.9?   I searched through this group and found some older posts.  I am
> > not certain what the core issues are (and there's probably a
> > PuppetLabs page for it, I bet).
> >
> 
> afair, there is an issue with ssl requests on fedora 17 which is ruby 1.93.
> 
> Ohad
> 

According to redmine there are also a few other issues that might matter
for you:
http://projects.puppetlabs.com/projects/puppet/issues?query_id=107

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Puppet not applying my config

2012-05-26 Thread Stefan Schulte 
On Fri, May 25, 2012 at 05:59:01AM -0700, jcbollinger wrote:
> 
> 
> On May 24, 7:42 pm, Peter Bukowinski  wrote:
> > On May 24, 2012, at 8:05 PM, macmichael01  wrote:
> 
> > > Here is the configuration that I am trying to apply:
> >
> > > /etc/puppet/manifests/site.pp
> > > node default {
> > >    file { "/srv/test_file.txt":
> > >        owner => 'root',
> > >        group => 'root',
> > >        mode  => '0777',
> > >    }
> > > }
> >
> > > Thanks in advance!
> >
> > Try adding an 'ensure => file,' attribute to the beginning of the file 
> > resource block.
> 
> 
> Yes, do, but that's not the problem.
> 
> 
> >I believe puppet's default behavior is to *not* create a resource unless 
> >ensure is used to specify it.
> 
> 
> That is mistaken.  Generally speaking, the default value for 'ensure'
> parameters is "present" or some equivalent value.  There has to be
> some default value because otherwise the resource declaration is
> meaningless.  Puppet's default might actually be "file" for this
> resource type, but it makes no actual difference in this case.

Just for the record:

That is not true for the filetype. The filetype has no default value for
ensure. If you do not specify ensure here it means: Manage the specified
attributes if file/directory is present, otherwise do nothing.

So if I e.g. just manage owner but not ensure and the resource is not
present...

# ls -l /tmp/test
ls: cannot access /tmp/test: No such file or directory
# puppet apply -ve 'file { "/tmp/test": owner => nobody }'
info: Applying configuration version '1338042729'
notice: Finished catalog run in 0.12 second

... puppet will not create the file. But if the file is present...

# touch /tmp/test
# puppet apply -ve 'file { "/tmp/test": owner => nobody }
info: Applying configuration version '1338042740'
notice: /Stage[main]//File[/tmp/test]/owner:
owner changed 'root' to 'nobody'
notice: Finished catalog run in 0.08 seconds

...Puppet will manage owner

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Custom type, autoinclude

2012-05-21 Thread Stefan Schulte 
On Sun, May 20, 2012 at 01:17:57PM +0200, Markus Falb wrote:
> Hi,
> I was thinking about a conceptual thing and I will try to explain with a
> concrete example.
> 
> In the puppetlabs-lvm module
> there is code like this in the logical_volume provider
> 
> if mount( '-f', '--guess-fstype', path) =~ /ext[34]/
>   resize2fs( path) || ...
> end
> 
> The resize2fs command is in the e2fsprogs package (well it is more
> complicated, but this is another topic), so this package has to be
> installed or an error will thrown.
> 
> I was thinking about how to ensure that the package is installed.
> I realize that I could do just
> 
> package { 'e2fsprogs': }
> logical_volume { 'bla':
>   fs_type => 'ext3',
>   require => Package['e2fsprogs']
> }
> 
> Is it possible to hide this dependency in the custom type?

The custom type "logical_volume" could specify an autorequire:

in logical_volume.rb:

autorequire(:package) do
  'e2fsprogs'
end

This way every logical_volume will depend on Package['e2fsprogs'] but
only if such a package is present in the catalog.

But what version of puppet are you using? Not sure if

http://projects.puppetlabs.com/issues/6907

already covers your case.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] odd behaviour on file ensure => absent

2012-05-19 Thread Stefan Schulte 
On Tue, May 15, 2012 at 01:05:03PM -0400, Christopher Wood wrote:
> Here's my test (done on Debian Stable with puppet 2.7.13 from the puppetlabs 
> apt repository):
> 
> 
> $ cat /tmp/t1.pp 
> file { '/tmp/xx/yy/zz/1':
>   ensure => absent,
> }
> $ ls /tmp/xx
> ls: cannot access /tmp/xx: No such file or directory
> $ puppet apply /tmp/t1.pp 
> notice: Finished catalog run in 0.02 seconds
> $ touch /tmp/xx
> $ puppet apply /tmp/t1.pp 
> err: /Stage[main]//File[/tmp/xx/yy/zz/1]: Could not evaluate: Not a directory 
> - /tmp/xx/yy/zz/1
> notice: Finished catalog run in 0.02 seconds
> 
> 
> It seems counter-intuitive that if /tmp/xx is a regular file then this causes 
> the manifest run to fail. If /tmp/xx is a regular file then /tmp/xx/yy/zz/1 
> can't exist. Does anybody use this behaviour for anything?
> 
> I found this while testing if it would work with only one subdirectory of a 
> deep path, without realizing that /tmp/xx was a regular file not a directory.
> 

Hi Christopher,

can you raise a ticket for that on redmine as it is clearly a bug?
(http://projects.puppetlabs.com/issues)

The reason is that puppet does a stat call on the path /tmp/xx/yy/zz/1 to get
ownership, mode etc and this will of course fail if the file is not present.
Now the stat system call can raise different errors
(http://linux.die.net/man/2/stat):

EACCES - Search permission is denied for one of the directories in the path
prefix of path (this one is handled by puppet)

ENOENT - A component of path does not exist, or path is an empty string.
(this one is also handled by puppet and the reason why your first run
does not raise an error)

ENOTDIR - A component of the path prefix of path is not a directory.

The last error is *not* handled in the puppet code and is considered a
bug.

So raising a ticket "file resource should handle ENOTDIR" would be
great. If you don't want to open it yourself just say so and I'll be happy
to do it instead.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Migrate installation to different directory

2012-04-19 Thread Stefan Schulte 
On Thu, Apr 19, 2012 at 03:56:37PM -0400, JA wrote:
> Hi Everyone;
> 
> I want puppet to be installed in /app/puppet instead of the default /etc.
> I cannot figure out how to get the puppetmasterd to look for the
> config file (puppet.conf) in /app/puppet instead of /etc/puppet.
> 
> If anyone can help, I would really appreciate it!
> 

It should work if you start your master with --confdir /app/puppet

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] ssh_authorized_keys fails if a line is empty

2012-04-19 Thread Stefan Schulte 
On Thu, Apr 19, 2012 at 07:20:10AM -0700, Maurice Meeden wrote:
> Hi group,
> 
> we want to manage our authorized_keys with puppet and are trying
> ssh_authorized_keys. Everything works as expected, but if ~/.ssh/
> authorized_keys contains en empty line, puppet raises an error and
> generate a complete new file:
> 
> debug: Prefetching parsed resources for ssh_authorized_key
> err: Could not prefetch ssh_authorized_key provider 'parsed': Could
> not parse line "" at /root/.ssh/authorized_keys:3
> 
> If the line contains a blank, it works. How can we change this
> behaviour? We've looked into /usr/lib64/ruby/vendor_ruby/1.8/puppet/
> provider/ssh_authorized_key/parsed.rb but I believe the match
> statement is correct:
> 
> text_line :blank, :match => /^\s+/
> 

The match means »one or more whitespace characters at the beginning of
a line«. So it would match »   aaa« or » « but not »«. It should read

text_line :blank, :match => /^\s*$/

which means »beginning of a line, followed by zero, one or more
whitespace characters, followed by the end of line.

Would you mind opening a ticket on redmine? This is clearly a bug
http://projects.puppetlabs.com/issues

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Ordering issues: Stages?

2012-03-07 Thread Stefan Schulte 
On Wed, Mar 07, 2012 at 08:15:54AM -0800, Nan Liu wrote:
> On Wed, Mar 7, 2012 at 4:20 AM, Stefan Schulte
>  wrote:
> > Hi,
> >
> > I have the following basic node definition
> >
> >    node 'mynode' {
> >      class { 'oracle::server': }
> >      class { 'oracle::patch::patchA':
> >        require => Class['oracle::server'],
> >      }
> >      class { 'oracle::patch::patchB':
> >        require => Class['oracle::server'],
> >      }
> >      oracle::instance { 'foo':
> >        require => [ 'oracle::server', ??? ],
> >      }
> >    }
> 
> If you have no parameters for the patches:
> 
> define oracle::load_patch {
>   $subclass = "oracle::instance::$name"
>   class { $subclass:
>  require  => Class['oracle::server'],
>   }
> }
> 
> oracle::load_patch { ['patchA','patchB']:
>before => Notify['end'],
> }
> 
> notify { 'end':
> }
> 

Haven't thought of that one but the problem is now that I have multiple
oracle::instance resources and don't want to update the before
constraint in oracle::load_patch all the time. But the following might
work:

# Wrapperclass around your load_patch resource as an anchor
class oracle::patch ( $patches = [] ){
  Class['oracle::server'] -> Class['oracle::patch']
  oracle::load_patch { $patches:
require => Class['oracle::server'],
  }
}

and in my node definition I would write

class { 'oracle::server': }
class { 'oracle::patch':
  patches => [ 'patchA', 'patchB' ],
}
oracle::instance { 'foo':
  require => Class['oracle::patch'],
}
oracle::instance { 'bar':
  require => Class['oracle::patch'],
}

What do you think of this option?

-Stefan


pgpIE1abHksEV.pgp
Description: PGP signature

  1   2   3   >