RE: [Puppet Users] Re: Is it possible to install actual OS using puppet?
Take a look at razor https://puppetlabs.com/solutions/next-generation-provisioning https://github.com/puppetlabs/razor http://www.slideshare.net/PuppetLabs/puppetandrazor http://www.slideshare.net/PuppetLabs/razor-puppet Steven Subject: Re: [Puppet Users] Re: Is it possible to install actual OS using puppet? From: smcracr...@me.com Date: Wed, 11 Sep 2013 22:36:50 -0700 To: puppet-users@googlegroups.com One popular standard method is: + LDAP initial boot a box from Kickstart or equivalent deploying an appropriate basic OS image + Ensure the post-image-install script includes a puppet agent package and changes to let the box talk with a known puppet master and autostart the puppet agent at system boot + Write more and more and more Puppet patterns to customize the system for given uses NFS server, Database server, Mail server, Compute Server, etc. + Ensure no touch-the-cloud ideas ever appear in non-Puppet form. Nobody as superuser on boxes... The point is to move more of the OS config and continuous drift-prevention into puppet patterns which run 7x24 duringproduction or permit manual-only operation with post-mortem data capture (lsof, ps, top, sar, etc.) for security analysis, logging all changes either way to an audit trail to find out why change is happening, when, and to trace it down to root cause (busy/corrupted fingers, security compromises, phase-of-moon, gamma-rays, etc.) Further, your glove boxes become puppet-applied patterns which must go through a repository-sourced-and-dr'eddev/test/limited-prod/extended-prod. Additionals? On Sep 11, 2013, at 10:20 PM, Rahul Khengare rahulk1...@gmail.com wrote:Hi Rastio, I dont think that puppet do operating system installation. Puppet is configuration management tool, you can use puppet to configure any software and operating system settings after puppet get install on your machine.For automatic installation of operating system there is tools called kickstart, cobler, etc. Refer following blog link about puppet and operating system installation relation,http://puppetlabs.com/blog/your-os-installer-and-you Thanks and regards,Rahul Khengare,NTT DATA OSS Center, Pune, India. On Thursday, September 12, 2013 1:08:02 AM UTC+5:30, Rastio Hodul wrote:Hi,ideally I would like to crate bootable USB stick with, say, Ubuntu + Puppet on it. I would then use this USB stick on a blank computer to boot to it and install new OS (Ubuntu+WhateverIWant) on that blank computer. I know I can do WhateverIWant part, but can I install actual OS? Thanks. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. --Stuart RHCE/RHCSA/Oracle DBA/Sun SA/Mensahttp://www.linkedin.com/in/stuartcracrafthttp://gnutech.us -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
RE: [Puppet Users] arnoudj/sudo and different versions of CentOS
I don't know about the module you are using but things to verify: /etc/sudoers contains an include for /etc/sudoers.d Check that the version of sudo is new enough to support this. You may need to upgrade it. I had to on a number of my Redhat 5 servers Steven Date: Thu, 12 Sep 2013 15:01:30 -0700 From: gregc...@gmail.com To: puppet-users@googlegroups.com Subject: [Puppet Users] arnoudj/sudo and different versions of CentOS Hello, Does anyone have an example of using the arnoudj/sudo module in a mixed environment with both CentOS 5 and 6? So far, my CentOS 6 servers are happy but my CentOS 5 servers are ignoring everything in /etc/sudoers.d/ Thank in advance! Greg -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
RE: [Puppet Users] clone system configuration with puppet
Puppet only knows about what it is managing or auditing. So, it will always be limited by what it is told to look at. While you might be able to do something using the audit feature, I would not recommend it. As it will never be complete for your purpose. I'd recommend looking at blueprint. There is also a newer tool, but I can't remembered its name at the moment. Steven Date: Fri, 6 Sep 2013 01:54:28 -0700 From: marcus.schae...@gmail.com To: puppet-users@googlegroups.com Subject: [Puppet Users] clone system configuration with puppet Hi, I'm new to puppet, read a bit about it and tried a few things out. It's really a great piece of work.Thanks for doing all this. As part of my work I'm leading the opensource kiwi project which is aplain appliance builder and one aspect of the project is also to help people in migrating a currentlyrunning system into an appliance description which then allows to maintain and build into differentappliance types, e.g the way from bare metal into the virtual world, or from one architecture intoanother. The migration code as it is right now handles the configuration part just by creating copies ofconfiguration files. It relies on config metadata of the rpm database, it takes concepts of autoyastinto place. But all this is a pretty humble approach has some room to fail and also limits to specificdistribution concepts. I was thinking it could be done better/more generic. So my question is, ispuppet able to provide information about the configuration of a system which it did _not_ setupitself in the first place ? information like sshd configuration, apache, etc, etc... my first guess would be it knows bestabout its own resources but not about services running on a system not managed by puppet sofar. Is that correct ? Thanks much Regards,Marcus -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
RE: [Puppet Users] clone system configuration with puppet
Found the other one. It is pysa Links for both: Blueprinthttps://github.com/devstructure/blueprinthttp://devstructure.com/blueprint/ Pysahttp://pypi.python.org/pypi/Pysahttp://github.com/MadeiraCloud/pysa Steven From: snem...@hotmail.com To: puppet-users@googlegroups.com Subject: RE: [Puppet Users] clone system configuration with puppet Date: Fri, 6 Sep 2013 08:24:37 -0700 Puppet only knows about what it is managing or auditing. So, it will always be limited by what it is told to look at. While you might be able to do something using the audit feature, I would not recommend it. As it will never be complete for your purpose. I'd recommend looking at blueprint. There is also a newer tool, but I can't remembered its name at the moment. Steven Date: Fri, 6 Sep 2013 01:54:28 -0700 From: marcus.schae...@gmail.com To: puppet-users@googlegroups.com Subject: [Puppet Users] clone system configuration with puppet Hi, I'm new to puppet, read a bit about it and tried a few things out. It's really a great piece of work.Thanks for doing all this. As part of my work I'm leading the opensource kiwi project which is aplain appliance builder and one aspect of the project is also to help people in migrating a currentlyrunning system into an appliance description which then allows to maintain and build into differentappliance types, e.g the way from bare metal into the virtual world, or from one architecture intoanother. The migration code as it is right now handles the configuration part just by creating copies ofconfiguration files. It relies on config metadata of the rpm database, it takes concepts of autoyastinto place. But all this is a pretty humble approach has some room to fail and also limits to specificdistribution concepts. I was thinking it could be done better/more generic. So my question is, ispuppet able to provide information about the configuration of a system which it did _not_ setupitself in the first place ? information like sshd configuration, apache, etc, etc... my first guess would be it knows bestabout its own resources but not about services running on a system not managed by puppet sofar. Is that correct ? Thanks much Regards,Marcus -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
RE: [Puppet Users] puppet client
Just use the RedHat packages We use the same packages for RedHat, CentOS, and Oracle EL Some modules need to get slightly modified to recognize Oracle EL Steven Subject: [Puppet Users] puppet client From: smcracr...@me.com Date: Wed, 28 Aug 2013 10:02:48 -0700 To: puppet-users@googlegroups.com Hi, Looked but couldn't find information on Puppet client for Oracle Unbreakable Enterprise Kernel Linux. Could you point me to the methodology for the above on Open Source Puppet which we have running (well) on and for regular Red Hat Linux which we used Puppet Labs Yum repositories to install server and client effortlessly. We use Oracle Unbreakable Enterprise Kernel on our vms which we want all controlled by Puppet. I was told by someone at Puppet Labs that it existed in some fashion... --Stuart RHCE/RHCSA/Oracle DBA/Sun/Mensa -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
RE: [Puppet Users] puppet-ls with Puppet 3.2
You could try the newer module designed to do the same thing. It was written as a puppet face about 6 months ago https://github.com/dalen/puppetls Steven Date: Fri, 23 Aug 2013 01:42:11 -0700 From: andreas.dvo...@googlemail.com To: puppet-users@googlegroups.com Subject: [Puppet Users] puppet-ls with Puppet 3.2 Dear all, I would like to find out if a files is managed by puppet. To do that I tried the puppet-ls script. But I get the error: ./puppet-ls grep: /var/lib/puppet/client_data/catalog/*.yaml: No such file or directory In the head of the script I can read # tested on 0.25. It is the latest version I could download. Does somebody use this script with puppet 3.x? Is there an other method? Best regards Andreas -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
RE: [Puppet Users] execution expired
Catalog generation took too long. Could be the puppet master is overloaded are
just the puppet module code used. You can increase the timeout on the agents.
On the agent in puppet.conf under the agent section add
configtimeout = 900
The number is in seconds. Set it to whatever you're comfortable with
Steven
Date: Tue, 23 Jul 2013 16:15:30 -0400
Subject: [Puppet Users] execution expired
From: salty.cowd...@gmail.com
To: puppet-users@googlegroups.com
Just added a bunch of forge modules to my mix. If I run from my puppet master
things go OK. Running from another server this is what things look like:
# time puppet agent --test --debug
Debug: Failed to load library 'selinux' for feature 'selinux'Debug: Using
settings: adding file resource 'rundir':
'File[/var/run/puppet]{:loglevel=:debug, :links=:follow, :ensure=:directory,
:backup=false, :mode=1777, :path=/var/run/puppet}'
Debug: Puppet::Type::User::ProviderPw: file pw does not existDebug:
Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/uuidgen does not
existDebug: Puppet::Type::User::ProviderUser_role_add: file roleadd does not
exist
Debug: Puppet::Type::User::ProviderLdap: true value when expecting falseDebug:
/User[puppet]: Provider useradd does not support features libuser; not managing
attribute forcelocalDebug: Using settings: adding file resource
'privatekeydir': 'File[/var/lib/puppet/ssl/private_keys]{:loglevel=:debug,
:links=:follow, :ensure=:directory, :backup=false, :owner=puppet,
:mode=750, :path=/var/lib/puppet/ssl/private_keys}'
Debug: Using settings: adding file resource 'client_datadir':
'File[/var/lib/puppet/client_data]{:loglevel=:debug, :links=:follow,
:ensure=:directory, :backup=false, :mode=750,
:path=/var/lib/puppet/client_data}'
Debug: Using settings: adding file resource 'hostpubkey':
'File[/var/lib/puppet/ssl/public_keys/stldmonitor.stl.sharkrivertech.com.pem]{:loglevel=:debug,
:links=:follow, :ensure=:file, :backup=false, :owner=puppet,
:mode=644,
:path=/var/lib/puppet/ssl/public_keys/stldmonitor.stl.sharkrivertech.com.pem}'
Debug: Puppet::Type::Group::ProviderPw: file pw does not existDebug:
Puppet::Type::Group::ProviderDirectoryservice: file /usr/bin/dscl does not
existDebug: Puppet::Type::Group::ProviderLdap: true value when expecting false
Debug: /Group[puppet]: Provider groupadd does not support features libuser; not
managing attribute forcelocalDebug: Using settings: adding file resource
'logdir': 'File[/var/log/puppet]{:loglevel=:debug, :links=:follow,
:group=puppet, :ensure=:directory, :backup=false, :owner=puppet,
:mode=750, :path=/var/log/puppet}'
Debug: Using settings: adding file resource 'lastrunreport':
'File[/var/lib/puppet/state/last_run_report.yaml]{:loglevel=:debug,
:links=:follow, :ensure=:file, :backup=false, :mode=640,
:path=/var/lib/puppet/state/last_run_report.yaml}'
Debug: Using settings: adding file resource 'publickeydir':
'File[/var/lib/puppet/ssl/public_keys]{:loglevel=:debug, :links=:follow,
:ensure=:directory, :backup=false, :owner=puppet,
:path=/var/lib/puppet/ssl/public_keys}'
ssl/private]{:loglevel=:debug, :links=:follow, :ensure=:directory,
:backup=false, :owner=puppet, :mode=750,
:path=/var/lib/puppet/ssl/private}'
Debug: Using settings: adding file resource 'hostcert':
'File[/var/lib/puppet/ssl/certs/stldmonitor.stl.sharkrivertech.com.pem]{:loglevel=:debug,
:links=:follow, :ensure=:file, :backup=false, :owner=puppet,
:mode=644,
:path=/var/lib/puppet/ssl/certs/stldmonitor.stl.sharkrivertech.com.pem}'
Debug: Using settings: adding file resource 'localcacert':
'File[/var/lib/puppet/ssl/certs/ca.pem]{:loglevel=:debug, :links=:follow,
:ensure=:file, :backup=false, :owner=puppet, :mode=644,
:path=/var/lib/puppet/ssl/certs/ca.pem}'
Debug: Using settings: adding file resource 'hostcrl':
'File[/var/lib/puppet/ssl/crl.pem]{:loglevel=:debug, :links=:follow,
:ensure=:file, :backup=false, :owner=puppet, :mode=644,
:path=/var/lib/puppet/ssl/crl.pem}'
Debug: Using settings: adding file resource 'confdir':
'File[/etc/puppet]{:loglevel=:debug, :links=:follow, :ensure=:directory,
:backup=false, :path=/etc/puppet}'
Debug: Using settings: adding file resource 'certdir':
'File[/var/lib/puppet/ssl/certs]{:loglevel=:debug, :links=:follow,
:ensure=:directory, :backup=false, :owner=puppet,
:path=/var/lib/puppet/ssl/certs}'
Debug: Using settings: adding file resource 'requestdir':
'File[/var/lib/puppet/ssl/certificate_requests]{:loglevel=:debug,
:links=:follow, :ensure=:directory, :backup=false, :owner=puppet,
:path=/var/lib/puppet/ssl/certificate_requests}'
Debug: Using settings: adding file resource 'plugindest':
'File[/var/lib/puppet/lib]{:loglevel=:debug, :links=:follow,
:ensure=:directory, :backup=false, :path=/var/lib/puppet/lib}'
Debug: Using settings: adding file resource 'clientyamldir':
'File[/var/lib/puppet/client_yaml]{:loglevel=:debug, :links=:follow,
:ensure=:directory, :backup=false, :mode=750,
RE: [Puppet Users] Re: Validation failed: Host already has a report for time and kind
Every time that I've received this error, it was because 2 different hosts had the same cert name. In my case a problem caused by system cloning or a system template that contained a cert name. Hope that helps, Steven Date: Tue, 11 Jun 2013 08:17:42 +0100 Subject: Re: [Puppet Users] Re: Validation failed: Host already has a report for time and kind From: ke...@burdis.org To: puppet-users@googlegroups.com This could be an issue with time on the host being inconsistent. Is it configured to use NTP to sync against a time server? - Keith On 11 Jun 2013 05:06, Luke Vidler luke.vid...@gmail.com wrote: Me Three, same versions and errors - Did you guys work out how to fix it yet? On Thursday, December 1, 2011 7:55:42 PM UTC+11, Chris Phillips wrote: Howdy,I've been getting this issue for about a month in dashboard. All our nodes poll on a cronjob between 00:00 and 01:00 daily, but one node has been getting this as a failed task for a while, with the yaml files building up on the server. Outside of this one cronjob, other puppet runs on the same node are running just fine. The backtrace on dashboard is: Importing report report-1009-84.yaml at 2011-11-22 00:33 GMTValidation failed: Host already has a report for time and kind Backtrace /usr/share/puppet-dashboard/vendor/rails/activerecord/lib/active_record/validations.rb:1102:in `save_without_dirty!' /usr/share/puppet-dashboard/vendor/rails/activerecord/lib/active_record/dirty.rb:87:in `save_without_transactions!' /usr/share/puppet-dashboard/vendor/rails/activerecord/lib/active_record/transactions.rb:200:in `save!' /usr/share/puppet-dashboard/vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb:136:in `transaction' /usr/share/puppet-dashboard/vendor/rails/activerecord/lib/active_record/transactions.rb:182:in `transaction' /usr/share/puppet-dashboard/vendor/rails/activerecord/lib/active_record/transactions.rb:200:in `save!' /usr/share/puppet-dashboard/vendor/rails/activerecord/lib/active_record/transactions.rb:208:in `rollback_active_record_state!' /usr/share/puppet-dashboard/vendor/rails/activerecord/lib/active_record/transactions.rb:200:in `save!' /usr/share/puppet-dashboard/app/models/report.rb:113:in `create_from_yaml' /usr/share/puppet-dashboard/app/models/report.rb:86:in `create_from_yaml_file' Any pointers appreciated. Thanks Chris -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
RE: [Puppet Users] Trouble writing authorized_keys2
I see this all the time. It happens due to lacks in the ssh_authorized_key type
and the error message isn't very helpful.
If the type sees something that it doesn't understand in the file this will
happen, also when it runs into things that it does not support. I had a user
change from dsa to rsa key and that caused this error on every system that had
the old key. This also blocks other things in the manifest from running.
Usually I just delete the bad files and let puppet recreate them. But you could
also just remove the bad entries.
Steven
Date: Tue, 7 May 2013 10:11:44 -0400
Subject: [Puppet Users] Trouble writing authorized_keys2
From: bret.wort...@damascusgrp.com
To: puppet-users@googlegroups.com
I've got a situation where a manifest fails when writing one particular key for
a user. What I have is a manifest that looks like this:
class my::accounts () {
Ssh_authorized_key {ensure = present,type = ssh-dss,}
Then, after making sure the user, group, and authorized_keys2 file exist:
ssh_authorized_key { key-name-1:key = omitted,user =
user,target = /home/user/.ssh/authorized_keys2,
require = File[/home/user/.ssh/authorized_keys2],}
There's a lengthy series of these -- most of them work, but one will fail with
this error:
Error: Puppet::Util::FileType::FileTypeFlat could not write
/home/user/.ssh/authorized_keys2: Permission denied -
/home/user/.ssh/authorized_keys2Error:
/Stage[main]/My::Accounts/Ssh_authorized_key[key-name-8]: Could not evaluate:
Puppet::Util::FileType::FileTypeFlat could nto write
/home/xmmgr/.ssh/authorized_keys2: Permission denied -
/home/user/.ssh/authorized_keys2
This is not the first nor the last key, and I get around 19 entries in the
file, so I'm not seeing why this one in particular is failing. Structurally, it
looks exactly like all the others. Any ideas?
Thanks!
Bret Wortman
http://damascusgrp.com/
http://twitter.com/BretWortman
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
RE: [Puppet Users] Puppet mount fails due to kernel module
This is an OS privilege issue. So puppet has to working within what can be done
on the OS.
By default mount requires root privileges to make changes. This is why it will
work as root but not as puppet.
So you either run as root or set it up so a non-root user can mount
Some OS's have options to allow mount to work for non-root users. Check your
mount man page and test.
Load a different app to handle user mounts. There are other apps available for
this type of thing. Fuse and apps based on fuse are the most common, but not
the only ones available.
Hope that helps a little,
Steven
Date: Mon, 8 Apr 2013 21:02:26 -0700
From: i.am.st...@gmail.com
To: puppet-users@googlegroups.com
Subject: [Puppet Users] Puppet mount fails due to kernel module
Greetings!
I am having a problem with puppet mounting a device and am hoping someone can
help. Here is the short version, if you have questions or need more detail,
please feel free to ask.
I have a Panasas storage device on my network on which my home directory
resides. The Panasas device mounts the filesystem via a kernel module (which
they call DirectFlow). Thus, when I run as root ` mount /home` a kernel module
is loaded and then the filesystem is loaded. I have certain restrictions in
place on my servers which I have to keep in line (Puppet is AMAZING for this!)
and the mounting of /home is one of those restrictions.
I have in my puppet manifest this:mount { /home :
ensure = mounted,
atboot = true,
device = panfs://192.168.1.20/home,
fstype = panfs,
options = defaults,nodev,
remounts = true,
pass = 2,
dump = 1,
}
If I run, as root, `puppet agent --test` then the /home filesystem is mounted
and everything is wonderful. However, if I let the puppet agent daemon try to
mount /home I get errors in the log files without the mount ever happening.
Apr 2 13:01:08 testnode puppet-agent[29955]:
(/Stage[main]/mount::Homefilesystem/Mount[/home]/ensure) ensure changed
'unmounted' to 'mounted'Apr 2 13:01:08 testnode puppet-agent[29955]:
(/Stage[main]/mount::Homefilesystem/Mount[/home]) Could not evaluate: Execution
of '/bin/mount -o defaults,nodev /home' returned 1: mount.panfs error: cannot
init pan_sock_ping 0x239d (pan_sock: protected socket, permission denied)
Neither Panasas representatives I talked to seemed to have any idea what Puppet
was before I spoke to them. My coworkers, the Panasas reps, and I brainstormed
a few ideas but only three seemed to work:
* Have the puppet daemon run as root instead of the puppet user (which is an
obvious issue)* Use auto-mount (which works but is causing some oddities in a
few of my jobs which I am fairly sure is due to the latency of the mount)* Have
Puppet call a script with the setuid bit configured which can mount /home
(which doesn't 100% address my needs of puppet being able to remount if one of
those parameters is wrong/missing/changed/whatever without that script getting
complicated).
Before I commit towards one option, I thought I would ask the other Puppet
masters out there for ideas. Given the popularity of Puppet in datacenters as
well as the popularity of SAN devices in datacenters I figure someone out there
has probably solved this problem. I am hoping that their solution is better
then the ones we have come up with. :-D
Can anyone help me out with this?
Thank you in advance!!
Stack
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
RE: [Puppet Users] inplace line manipulation
exec has been used to do this since puppet's early days. You can use your
choice of systems tools (sed, perl, ...)
Then put it into a define, so it can be called on many different file and
multiple times
Some examples:
http://projects.puppetlabs.com/projects/1/wiki/simple_text_patterns
https://github.com/puppet-modules/puppet-common/blob/master/manifests/defines/replace.pp
Also found a module for editing files. I just found it and have not used it,
so no idea how well it works
https://github.com/mstrauss/puppet-editfile
Steven
Date: Sat, 9 Mar 2013 23:55:50 +0200
Subject: [Puppet Users] inplace line manipulation
From: emamd...@cloud9ers.com
To: puppet-users@googlegroups.com
Hi Everybody, I'm searching for a way to manipulate file lines using patterns
i.e. existing patterns is git+ssh://g...@github.com/User/Repo.git and i want to
change its occurrence to git+http://user_name:passw...@github.com/User/Repo.git
I've checked file_line{} resource in puppetlabs stdlib, but actually it didn't
fit my case
so can any one recommend any other way rather than templating this file
Thanks in advance
--
Best Regards,
Eslam Mamdouh El Husseiny
Systems Administrator
Cloud Niners Ltd.
Cellular: (+2) 011 198 40 40
Mansoura: (+2) 050 234 70 81
Cairo:(+2) 022 268 34 60
Fax: (+2) 022 268 34 63
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
RE: [Puppet Users] serving large files formally code artifacts best practices
Ideally, use packages instead.
But if that is not possible. Put the tarballs on a web server and have the
agents pull the files from there. It will be much faster than puppet
distributing the files and they will not be in the codebase.
On my repo server, I have a directory for tarballs for when this issue comes up.
Steven
Date: Sat, 9 Mar 2013 23:21:06 +0200
Subject: [Puppet Users] serving large files formally code artifacts best
practices
From: emamd...@cloud9ers.com
To: puppet-users@googlegroups.com
Hi All, I'd like to know best practices in serving code artifacts tarballs
though puppet , I used to serve them using file{} resource but this method
doesn't seem a good way as i have to either include code artifacts tarballs
in puppet codebase repository or configuring puppet codebase repository to
ignore such tarballs and providing a way to inject code artifacts in
$pathtopuppet/modules/module_1/files
--
Best Regards,
Eslam Mamdouh El Husseiny
Systems Administrator
Cloud Niners Ltd.
Cellular: (+2) 011 198 40 40
Mansoura: (+2) 050 234 70 81
Cairo:(+2) 022 268 34 60
Fax: (+2) 022 268 34 63
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
RE: [Puppet Users] Using Facter to find the Java version running on the machine
This is the fact that I use Facter.add(java_version) do
setcode do
`/usr/bin/java -version 21`.split(\n)[0].split('')[1]
end
end
Steven Date: Thu, 21 Feb 2013 22:50:24 +
From: y...@comcast.net
To: puppet-users@googlegroups.com
Subject: Re: [Puppet Users] Using Facter to find the Java version running on
the machine
java -version 21 | head -n 1 | cut -f2 -d''
Apparently, the output goes to stderr !
“Sometimes I think the surest sign that intelligent life exists elsewhere in
the universe is that none of it has tried to contact us.”
Bill Waterson (Calvin Hobbes)
From: Craig White craig.wh...@ttiltd.com
To: puppet-users@googlegroups.com
Sent: Thursday, February 21, 2013 5:14:14 PM
Subject: Re: [Puppet Users] Using Facter to find the Java version running on
the machine
On Feb 21, 2013, at 1:27 PM, Camerodity wrote:
Hello all,
I am currently trying to setup a Custom Fact that will can be used to
determine the version of the Java JRE running on a machine, in order to use
it in my manifests to ensure the proper JARS are distribured based on
environment. I'm trying to use the java -version command and then capture the
JRE release (eg 1.6.0_37). No matter what I have tried, the output is
always the full display from the Java -version command. Has anyone done this
or something similar before? Any suggestions?
don't know about the java command but I suspect some variation of this will do
it. (%x[ ] captures the output of command(s) executed within the square
brackets)
Facter.add(ruby_version) do
setcode do
ruby_version = unknown
rubypath = %x[facter rubysitedir]
ruby_version = %x[ruby -v | cut -f2 -d ' ']
ruby_version
end
end
Craig
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
RE: [Puppet Users] Managing puppeteer modules with git
We have seperate repos in git for every puppet module. Each module has a Jenkins job to auto test it and if it passes updates the super repo (Main repo with all the module repos in use as submodules). This allows all management of each module (rights, testing, etc) to be independent of all others. So far, it has worked well. Steven From: opsma...@gmail.com Subject: [Puppet Users] Managing puppeteer modules with git Date: Mon, 11 Feb 2013 15:53:34 -0500 To: puppet-users@googlegroups.com How do other people organize their puppet configs in Git? Right now we are using SVN, with about 100 modules and 4 environments. Each module and environment has their own trunk/tag trees, which makes it easy for each product team to manage their individual manifests. (We deploy by tag.) However, we are looking to move to Git, and I am wondering how other people have tackled this? I'd like to maintain the independent versioning of the modules, so individual git repos for each module seems the right way to go? It feels a little overweight, but am I over thinking it? We are running gitlab, so it's easy for us to spin up new repos. I've also been looking for some examples of how people have implemented continuous integration and deployment of their puppet manifests from git. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
RE: [Puppet Users] hiera query yaml parameters
I'm not noticing the problem, but maybe it would help to see some other code.
I just uploaded my mounts module to github. It has one place that uses a
function from Example42, but that can be replaced with a normal hiera call.
https://github.com/snemetz/Puppet_mounts
I have a few modules that use this method, but I need time to document and
clean them up a bit, before releasing them.
Mounts is one of the simpler ones.
Steven
Date: Sat, 9 Feb 2013 20:15:55 -0800
From: rai...@gmail.com
To: puppet-users@googlegroups.com
Subject: Re: [Puppet Users] hiera query yaml parameters
When trying to separate user information in a yaml file, I encounter two
issues.
1. when I use the yaml file in init.pp under my user account module, it gives
following errors. ssh_user_hash is the assigned in class as $ssh_user_hash =
hiera(ssh_users)===root@vm1:/etc/puppet/manifests# puppet apply --verbose
nodes.ppInfo: Loading facts in
/etc/puppet/modules/stdlib/lib/facter/puppet_vardir.rbInfo: Loading facts in
/etc/puppet/modules/stdlib/lib/facter/facter_dot_d.rbInfo: Loading facts in
/etc/puppet/modules/stdlib/lib/facter/pe_version.rbInfo: Loading facts in
/etc/puppet/modules/stdlib/lib/facter/root_home.rbWarning: Could not retrieve
fact fqdnWarning: Unrecognised escape sequence '\!' in file
/etc/puppet/manifests/nodes.pp at line 12Warning: Host is missing hostname
and/or domain: vm1Error: ssh_user_hash is not an hash or array when accessing
it with user1 at /etc/puppet/modules/plm-accounts/manifests/init.pp:41 on node
vm1
Error: ssh_user_hash is not an hash or array when accessing it with user1 at
/etc/puppet/modules/plm-accounts/manifests/init.pp:41 on node vm1===
2.if I move the hiera output to node.pp, it can run on host vm1, which is my
puppet master with yaml file on it. But it can't run on other puppet client
server as it says can't find yaml file.===Error: Could not find data item
ssh_users in any Hiera data file and no default supplied at
/etc/puppet/manifests/nodes.pp:1 on node vm2
===
Here is my yaml file and init.pp in my user module file.#more
/var/lib/hiera/OpsUser.yaml---ssh_users:user1 :FullName : User1
additional_groups : admshell : /bin/bashgid : 1003
uid : 1003pwhash : $1$E7OvghG0$OmZMtTbQ2uYf5GA5u7RSH1ssh_key
: type : ssh-rsakey :
B3NzaC1yc2EBJQAAAIBqOaxEVoWs69JM1H5jpzW7JvIwuanN4VW7F+uDVI1sii6BjROmYgYCvVoH+9/c3K5MNxqk35DHlFffgFk0b3o24Qa4RZZgxnUPTxsRIScaHQlr4/flYw643zVSwBpiEdBUfpRincUiaYfy6SCPu3aiKRyFgxZ6VByExrbHLwsz5w==
comment : us...@yahoo.com
root@vm1:/var/lib/hiera# more /etc/puppet/modules/plm-accounts/manifests/init.pp
class plm-accounts {#exec {#/bin/echo user1:abc123 |
/usr/sbin/chpasswd:#onlyif = /bin/egrep -q '^user1:\!:' /etc/shadow,
#}
$ssh_user_hash = hiera(ssh_users) $user_keys = keys($ssh_user_hash) notice (
keys are $ssh_user_hash ) if is_array ($user_keys) {add_users {
$user_keys: } }
define add_users {$user_uid = $ssh_user_hash[$name][uid] $real_name =
$ssh_user_hash[$name][FullName]notice ( $user_uid is $real_name )
plm-accounts::virtual { $name : uid = $user_uid, realname =
$real_name,}plm-accounts::add_ssh_key { $name : key =
${ssh_user_hash[$name][ssh_key][key]}, type =
${ssh_user_hash[$name][ssh_key][type]} } }}
On Tuesday, February 5, 2013 12:00:25 PM UTC-5, roadtest wrote:you are right
again:-)
For people who are new to puppet, here is the installation instruction -
http://forge.puppetlabs.com/puppetlabs/stdlib. stdlib is built in Puppet
Enterprise and needs to be installed for community version.
cheers,
carl
On Tuesday, February 5, 2013 11:28:46 AM UTC-5, Steven wrote:
keys comes form the PuppetLab's stdlib module
So does is_array and a bunch of other nice functions
Steven
Date: Tue, 5 Feb 2013 07:12:45 -0800
From: rai...@gmail.com
To: puppet...@googlegroups.com
Subject: Re: [Puppet Users] hiera query yaml parameters
Steven, thanks for your reply! You are right. It is unnecessary using
create_resource to query yaml parameters. It can be done directly as following:
$sshd_hash = hiera(os_users)$server_ssh_keys =
$sshd_hash[$username][ssh_keys][key]
format of my os_users yaml file was not correct, that is why it failed me.
Btw, there is no keys function in puppet.
Cheers,
carl
On Sunday, February 3, 2013 10:21:25 PM UTC-5, Steven wrote:
You can read the hash directly, create_resource is not needed (may or may not
be desired)
$user_defs = hiera('os_users') will give you the full hash
What I tend to do for this type of data structure is:
$user_defs = hiera('os_users')
$user_keys = keys($user_defs)
if is_array($user_keys) {
process_users { $user_keys:; }
}
define process_users {
# Do whatever you want for each element of the hash
# $name will be the hash key
# $user_defs[$name] is the hash of the current
RE: [Puppet Users] hiera query yaml parameters
keys comes form the PuppetLab's stdlib moduleSo does is_array and a bunch of
other nice functions
Steven
Date: Tue, 5 Feb 2013 07:12:45 -0800
From: rai...@gmail.com
To: puppet-users@googlegroups.com
Subject: Re: [Puppet Users] hiera query yaml parameters
Steven, thanks for your reply! You are right. It is unnecessary using
create_resource to query yaml parameters. It can be done directly as following:
$sshd_hash = hiera(os_users)$server_ssh_keys =
$sshd_hash[$username][ssh_keys][key]
format of my os_users yaml file was not correct, that is why it failed me.
Btw, there is no keys function in puppet.
Cheers,
carl
On Sunday, February 3, 2013 10:21:25 PM UTC-5, Steven wrote:
You can read the hash directly, create_resource is not needed (may or may not
be desired)
$user_defs = hiera('os_users') will give you the full hash
What I tend to do for this type of data structure is:
$user_defs = hiera('os_users')
$user_keys = keys($user_defs)
if is_array($user_keys) {
process_users { $user_keys:; }
}
define process_users {
# Do whatever you want for each element of the hash
# $name will be the hash key
# $user_defs[$name] is the hash of the current item
# $user_defs[$name]['comment'] to access the user's comment field
}
Steven
From: yg...@comcast.net
Subject: Re: [Puppet Users] hiera query yaml parameters
Date: Sun, 3 Feb 2013 19:19:25 -0500
To: puppet...@googlegroups.com
Could you show your solution, please ?
I would like to see how you did it.
On Feb 3, 2013, at 6:46 PM, roadtest wrote:
I figure out the solution.
Using the create_resource to convert YAML to a hash array, then I can query
retrieve every individual value. If there is better way, feel free to share
with group.
carl
On Saturday, February 2, 2013 3:25:33 PM UTC-5, roadtest wrote:Hello,
I have a yaml data file containing user account with following
information.#more users.yaml---os_users: user1: locked: false comment: System
Operator uid: '700' gid: '700' groups: - admin - sudonopw sshkeys: -
ssh-rsa
B3NzaC1yc2EBIwAAAQEAwLBhQefRiXHSbVNZYKu2o8VWJjZJ/B4LqICXuxhiiNSCmL8j+5zE/VLPIMeDqNQt8L
user2: locked: true comment: Test Locked Account uid: '701' gid: '701'
groups: - admin - sudonopw sshkeys: - ssh-rsa
B3NzaC1yc2EBIwAAAQEAwLBhQefRiXHSbVNZYKu2o8VWJjZJ/B4LqICXuxhiiNSCm
I can search os_users information like following:#hiera -c /etc/hiera.yaml
os_users{user1={groups=[admin, sudonopw], locked=false,
comment=System Operator, uid=700, sshkeys=[ssh-rsa
B3NzaC1yc2EBIwAAAQEAwLBhQefRiXHSbVNZYKu2o8VWJjZJ/B4LqICXuxhiiNSCmL8j+5zE/VLPIMeDqNQt8L],
gid=700}, user2={groups=[admin, sudonopw], locked=true,
comment=Test Locked Account, uid=701, sshkeys=[ssh-rsa
B3NzaC1yc2EBIwAAAQEAwLBhQefRiXHSbVNZYKu2o8VWJjZJ/B4LqICXuxhiiNSCm],
gid=701}}
My question is how I can get value of os_users - user1 - sshkeys. I
tried:#hiera -c /etc/hiera.yaml os_users[user1[sshkeys]]nil
Could you please advise whether this is doable or direct me to some document?
Thanks in advance,
carl
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users...@googlegroups.com.
To post to this group, send email to puppet...@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users...@googlegroups.com.
To post to this group, send email to puppet...@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
RE: [Puppet Users] hiera query yaml parameters
You can read the hash directly, create_resource is not needed (may or may not
be desired)
$user_defs = hiera('os_users') will give you the full hash
What I tend to do for this type of data structure is:
$user_defs = hiera('os_users')
$user_keys = keys($user_defs)
if is_array($user_keys) {
process_users { $user_keys:; }
}
define process_users {
# Do whatever you want for each element of the hash
# $name will be the hash key
# $user_defs[$name] is the hash of the current item
# $user_defs[$name]['comment'] to access the user's comment field
}
Steven
From: y...@comcast.net
Subject: Re: [Puppet Users] hiera query yaml parameters
Date: Sun, 3 Feb 2013 19:19:25 -0500
To: puppet-users@googlegroups.com
Could you show your solution, please ?
I would like to see how you did it.
On Feb 3, 2013, at 6:46 PM, roadtest wrote:I figure out the solution.
Using the create_resource to convert YAML to a hash array, then I can query
retrieve every individual value. If there is better way, feel free to share
with group.
carl
On Saturday, February 2, 2013 3:25:33 PM UTC-5, roadtest wrote:Hello,
I have a yaml data file containing user account with following
information.#more users.yaml---os_users: user1: locked: false comment: System
Operator uid: '700' gid: '700' groups: - admin - sudonopw sshkeys: -
ssh-rsa
B3NzaC1yc2EBIwAAAQEAwLBhQefRiXHSbVNZYKu2o8VWJjZJ/B4LqICXuxhiiNSCmL8j+5zE/VLPIMeDqNQt8L
user2: locked: true comment: Test Locked Account uid: '701' gid: '701'
groups: - admin - sudonopw sshkeys: - ssh-rsa
B3NzaC1yc2EBIwAAAQEAwLBhQefRiXHSbVNZYKu2o8VWJjZJ/B4LqICXuxhiiNSCm
I can search os_users information like following:#hiera -c /etc/hiera.yaml
os_users{user1={groups=[admin, sudonopw], locked=false,
comment=System Operator, uid=700, sshkeys=[ssh-rsa
B3NzaC1yc2EBIwAAAQEAwLBhQefRiXHSbVNZYKu2o8VWJjZJ/B4LqICXuxhiiNSCmL8j+5zE/VLPIMeDqNQt8L],
gid=700}, user2={groups=[admin, sudonopw], locked=true,
comment=Test Locked Account, uid=701, sshkeys=[ssh-rsa
B3NzaC1yc2EBIwAAAQEAwLBhQefRiXHSbVNZYKu2o8VWJjZJ/B4LqICXuxhiiNSCm],
gid=701}}
My question is how I can get value of os_users - user1 - sshkeys. I
tried:#hiera -c /etc/hiera.yaml os_users[user1[sshkeys]]nil
Could you please advise whether this is doable or direct me to some document?
Thanks in advance,
carl
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
RE: [Puppet Users] Re: Hiera hashes and arrays in ERB templates
I'm using stdlib to help with this $listeners = hiera('haproxy_listeners',
undef)$listener_keys = keys($listeners) then pass $listener_keys to a define to
create all the instances
The entre hash is in memory ($listeners) and the define will have the key it is
working on ($name)So you can access anything in the data structure to build
your resources.
Steven
Date: Fri, 4 Jan 2013 09:05:15 -0800
From: andytaylo...@gmail.com
To: puppet-users@googlegroups.com
Subject: [Puppet Users] Re: Hiera hashes and arrays in ERB templates
Thanks for your suggestions guys. I did consider using create_resource, but
don't see how I can when I'm trying to apply this Hiera data to a single file.
To expand on my initial post, what I need to do is create multiple config
blocks within one file resource. So this Hiera data:
haproxy_listeners : cluster1 : ip : '192.168.0.2' port : '80' servers :
server1 :ip : '192.168.0.3'port : '8080' server2 :ip :
'192.168.0.4'port : '8080' cluster2 : ip : '192.168.0.5' port : '80'
servers : server3 ip : '192.168.0.6' port : '8080' server4
ip : '192.168.0.7' port : '8080'
will result in this being generated in the haproxy config file:
listen cluster1 192.168.0.2:80 server server1 192.168.0.3:8080
server server2 192.168.0.4:8080
listen cluster2 192.168.0.5:80 server server3 192.168.0.6:8080
server server4 192.168.0.7:8080
So I don't see how create_resources can handle this, as that's for creating
multiple Puppet resources, as opposed to multiple blocks within a single file.
The only alternative I can think of at the moment is using create_resources
with a define which utilizes Augeas, but I don't know how well that will work.
Thanks,
Andy
On Friday, 4 January 2013 16:47:13 UTC, Gavin Williams wrote:I'm with Andy on
this one... I'm doing something very similar with my NetApp volume provider
(https://github.com/fatmcgav/fatmcgav-netapp/).
I've created a define with the following contents:
define util::netapp::volume (
$ensure = present,
$size,
$aggr = 'aggr1',
$snapresv = 0,
$autoincrement = true,
$snapschedule = {minutes = 0, hours = 0, days = 0, weeks =
0}
) {
netapp_notify {volume_define_${name}:
message = Processing Volume ${name},
}
-
netapp_volume { v_${name}:
ensure = $ensure,
initsize = $size,
aggregate = $aggr,
spaceres = none,
snapreserve = $snapresv,
autoincrement = $autoincrement,
options = {'convert_ucode' = 'on', 'no_atime_update' = 'on',
'try_first' = 'volume_grow'},
snapschedule = $snapschedule
}
-
netapp_qtree { q_${name}:
ensure = $ensure,
volume = v_${name}
}
-
netapp_export { /vol/v_${name}/q_${name}:
ensure = $ensure,
persistent = true
}
}
I've added a default hash to 'snapschedule' in the options list, but that can
be over-ridden from the Hiera data.
Then use the following to pull the data from hiera and call the define:
create_resources( util::netapp::volume, hiera('volumes') )
'Volumes' in hiera yaml looks like:
volumes:
vol1:
ensure: present
size: '500m'
vol2:
ensure: present
size: '20g'
snapschedule:
minutes: 0
hours: 36
days: 0
weeks: 0
You can also use the 'hiera' command to test your yaml structure:
$ hiera -c hiera.yaml volumes clientcert=act-star-nactl01
{vol1={ensure=present, size=500m}, vol2={ensure=present,
size=20g, snapschedule={days=0, weeks=0, hours=36,
minutes=0}}}
As you can see from the above output, snapschedule for vol2 is a nested hash.
This assumes that your resource provider can support hashes on the relevant
param/property ;)
HTH
Gav
On Friday, 4 January 2013 15:37:25 UTC, llowder wrote:
On Friday, January 4, 2013 9:11:28 AM UTC-6, Andy Taylor wrote:Hi,
I'm trying to build a module for haproxy which fetches all the configuration
data from Hiera to populate the haproxy config file. I've run into a number of
issues though when I try to use hashes. Ideally, I want to use something like
this:
haproxy_listeners : cluster1 : ip : '192.168.0.2' port : '80' servers :
server1 :ip : '192.168.0.3'port : '8080'
So a hash of clusters with each cluster containing a nested hash of servers. Is
this possible with Hiera/ERB? It's easy enough to iterate over the first hash,
but I can't work out how to extract the contents of the nested hash. Or I might
just be approaching this in entirely the wrong way... Any help would be much
appreciated.
I haven't used the function myself, but this looks like it would be a good case
for a define + create_resources(), which I think is part of stdlib. You might
need to restructure the hashes slightly, but I think that will be the
RE: [Puppet Users] Re: How do you install a yum repo?
The error say that on line 8 of file /etc/yum.repos.d/puppet.repo there is something that it cannot interpret. Usually some type of syntax error, but it could be something else. Your first step is to look at that file on the host that is getting the error and see what is there. If it is not obvious, post that section of the file and with a note of which line it is complaining about. Steven Date: Sun, 25 Nov 2012 07:39:11 -0800 From: amitywebsoluti...@gmail.com To: puppet-users@googlegroups.com Subject: [Puppet Users] Re: How do you install a yum repo? Does anyone know what this error means, I get this nearly all the time when trying above and other classes out, this is where I am stuck adding a repo... Error: /Stage[main]/Yum/Yumrepo[virtualmin]: Could not evaluate: /etc/yum.repos.d/puppet.repo:8: Can't parse 'Read more: http://www.how2centos.com/centos-6-puppet-install/#ixzz2Cgm74wkh' I get the feeling it may mean its not a repo? This is the URL I am using, but I have used various others which I thought were repos. http://software.virtualmin.com/gpl/rhel/6.3/i386/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/dpdGPcm2nF0J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
RE: [Puppet Users] Issue with service = disabled and stopped
If it is happening every time, it is usually an issue with init script. Puppet
is not understanding the output of the init script, so it is not saving the
correct state.Run the init script manually and see what it is returning. If it
is not obvious, run puppet with --debug and see the exact command puppet is
running
Steven
Date: Fri, 16 Nov 2012 16:15:42 -0800
Subject: [Puppet Users] Issue with service = disabled and stopped
From: for...@gmail.com
To: puppet-users@googlegroups.com
I have a simple manifest that I'm using to keep unwanted services from
running on an array of Linux systems. On my test host, I see these
two services repeatedly come up in the puppet.log, even tho they are
not running and are chkconfig set to off:
service { cups:
enable = false,
ensure = stopped,
}
service { cups-config-daemon:
enable = false,
ensure = stopped,
}
The log:
Nov 16 19:11:39 test-fms puppet-agent[6530]: (/Stage[main]/Disabled-
services/Service[cups-config-daemon]/ensure) ensure changed 'running'
to 'stopped'
Nov 16 19:11:40 test-fms puppet-agent[6530]: (/Stage[main]/Disabled-
services/Service[hidd]/ensure) ensure changed 'running' to 'stopped'
verify in chkconfig:
cups-config-daemon0:off 1:off 2:off 3:off 4:off 5:off 6:off
hidd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
This shows up every time puppet agent runs for this host. Why would
this be happening?
This is using puppet 2.7.19 and the latest ruby 1.8.7.
Thanks.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
RE: [Puppet Users] Creating files from array?
Change your yaml file to: files: - a - b - c Then puppet will read it in as an array. Pass the array to a define and the define will run once for each element of the array Steven Date: Sat, 17 Nov 2012 03:27:20 +0100 From: jso...@srce.hr To: puppet-users@googlegroups.com Subject: [Puppet Users] Creating files from array? Hi. I have the following array in the hiera: files: - a - b - c and I want to create files: file_a file_b file_c from template file. Is there a clean way to do it because as far as i know puppet DL doesn't support loops... -- Jakov Sosic www.srce.unizg.hr -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
RE: [Puppet Users] puppet facter variable substring
Not sure if puppet will let you access regex without being in some type of test.
Also, just habit. I'm usually doing some validation in the regex.
In this case, I've moved validation to after this and have it validate against
data in hiera. Hiera has a list of the valid data center codes.
Steven
Date: Thu, 25 Oct 2012 01:13:04 -0700
From: paolo.sup...@gmail.com
To: puppet-users@googlegroups.com
Subject: Re: [Puppet Users] puppet facter variable substring
Hi Steven
Why the if statement?
TIA Paolo
On Wednesday, October 24, 2012 5:58:16 PM UTC+2, Steven wrote:
You can use regex for that
Here is an piece of my code for doing that. In my case [environment, 1
letter][collo, 2 letters]
if $hostname =~ /^(.)(..)/ {
$global_env = $1
$location = $2
}
Steven
Date: Wed, 24 Oct 2012 07:14:50 -0700
From: paolo@gmail.com
To: puppet...@googlegroups.com
Subject: [Puppet Users] puppet facter variable substring
Hi
I have a serires of servers that their hostname (not FQDN) is built in the same
manner [header, 3 letters][collo, 4 letters][environment, 3 letters][number, 4
digits]. There's no specific separator between each part of hostname. Is there
way I can extract the collo part of the hostname in puppet?
TIA Paolo
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/M8d-zyzlHw8J.
To post to this group, send email to puppet...@googlegroups.com.
To unsubscribe from this group, send email to puppet-users...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/Z5GXvX1kvW4J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
RE: [Puppet Users] puppet facter variable substring
You can use regex for that Here is an piece of my code for doing that. In my
case [environment, 1 letter][collo, 2 letters] if $hostname =~ /^(.)(..)/ {
$global_env = $1
$location = $2
}
Steven
Date: Wed, 24 Oct 2012 07:14:50 -0700
From: paolo.sup...@gmail.com
To: puppet-users@googlegroups.com
Subject: [Puppet Users] puppet facter variable substring
Hi
I have a serires of servers that their hostname (not FQDN) is built in the same
manner [header, 3 letters][collo, 4 letters][environment, 3 letters][number, 4
digits]. There's no specific separator between each part of hostname. Is there
way I can extract the collo part of the hostname in puppet?
TIA Paolo
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/M8d-zyzlHw8J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
RE: [Puppet Users] Re: Can Puppet interact with perl script user input fields?
The centrify script may be thousands of lines, but it doesn't do that much. A lot of it is for user interaction and multiple OS stuff. At my last company we used centrify for authentication. It was less then a dozen commands to setup. A bit longer than that once put into puppet. If you really want to interact with the script instead, Linux has programs for doing this. There is no reason to duplicate this in the puppet core, when this is not the recommended way of doing things. If the script is installing things and puppet doesn't know about everything that is installed and modified, it can't manage them. Goes against the primary design. Steven Date: Thu, 4 Oct 2012 23:55:55 -0700 Subject: [Puppet Users] Re: Can Puppet interact with perl script user input fields? From: jon.skarpet...@gmail.com To: puppet-users@googlegroups.com The script is several thousand lines of code. Definitely not easier than Guzman Braso's suggestion :-) Although I'm surprised that Puppet doesn't have any supported way of shell interaction with scripts? On Oct 5, 4:01 am, Peter Brown rendhal...@gmail.com wrote: It's probably easier in the long run to work out what that script does and replicate those settings in your samba puppet class. On 4 October 2012 19:34, Jon Skarpeteig jon.skarpet...@gmail.com wrote: I'm trying to automate deployment of centrify-samba, which has a adbindproxy.pl setup script attached. This script expects user input (where 9 out of 10 options can be defaulted). Is there any way for Puppet to preconfigure the inputs for this scripts, and mimic user behavior by supplying this information? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
RE: [Puppet Users] hiera and fallback to params?
Take a look at Example42's Next Gen modules on github. They all do what you're
asking about and a bit more
There is a routine defined within the puppi module, that the rest of the
modules use to lookup variable values. Defaults are assigned in params.pp which
the main class inherits and they are defined as parameters. So, the variable
can be set via a default, parameter, or hiera. This makes it very flexible.
Steven
Date: Wed, 3 Oct 2012 17:02:45 +0200
From: jso...@srce.hr
To: puppet-users@googlegroups.com
Subject: [Puppet Users] hiera and fallback to params?
Hi.
I would like to setup my manifests, so that variable data is gathered
from hiera, if it's available there, and if not, then to fallback on
some predefined value...
Something like this:
$my_var = hiera('myvar') || 'base_value'
So if there is no myvar in hiera data, that manifest falls back to
base_value. Is that possible somehow?
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
RE: [Puppet Users] Puppet Autosign
This is normal. New system will always generate a new cert. You only need to delete /var/lib/puppet/ssl on the client and remove the cert on the master puppet cert clean cert There has been some discussions on ways to automate this. Should be able to find them in the archives. Steven Date: Wed, 3 Oct 2012 09:18:49 -0700 From: redjin...@gmail.com To: puppet-users@googlegroups.com Subject: [Puppet Users] Puppet Autosign Hi, I have upgraded my puppet master to 2.7 with autosign enabled, it works great, the only issue I have it that when I re-image any client machine (blow away /var/lib/puppet ) folder and try to run puppet again, it fails to authenticate. The solution will be to (revoke + clean) the certificate of the client from the puppetmaster then remove /var/lib/puppet from client and re-run puppetd on client. Is this a normal behaviour from puppet 2.7 ? or should the client look up if the master has an old certificate and just use it, rather than asking for new one. an insight will be helpful. /etc/puppet$ cat autosign.conf *.localdomain.local -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/81blhmqfeSsJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
RE: [Puppet Users] Autoscaling with Puppet
Generally puppet doesn't detect new systems as such. The new systems tell the puppet server about themselves. The way this is handled is your base instance install would include puppet. So, as the system boots up puppet would be running. The puppet agent will contact the master. The master would have autosigning setup, so it will automatically exchange certs with the new system. Then the behavior would continue as defined in the puppet configuration. Steven Date: Mon, 14 May 2012 11:30:04 -0700 From: dustye...@gmail.com To: puppet-users@googlegroups.com Subject: Re: [Puppet Users] Autoscaling with Puppet Scalr looks okay. I'll look into this. What I really meant was how does Puppet(master) detect a new instance is available in your autoscale group and deploy your modules. I guess that has more to do with notifications than autoscale, but thought I'd clarify. Thanks. On Monday, May 14, 2012 6:00:59 AM UTC-4, LoreLLo wrote: http://scalr.net/ I think they did away with the free version of it recently. But if you ask me what they're asking is well worth it! Autoscales up and down based on server load. Works with both AWS and rackspace cloud. -tim On Sun, May 13, 2012 at 9:28 PM, de dustye...@gmail.com wrote: I have a specific need to use Puppet to Autoscale a few applications I have deployed on EC2. I'm using Puppet now to manage and create instances and saw a neat video on this subject. I'm missing the a piece of the puzzle. I'm assuming I should use CloudWatch to send my puppetmaster a notification to then create a new instance with the cloudformation module. To create autoscaling webfarms I use Scalr too. As Tim reported is a powerful cloud orchestration tool, available as an online service or as an opensource software (PHP/Python/JS) that you can install on your servers. I must confirm that there is no more free trial for the service and the pricing is based on the number of hosts you manage. Does that sound about right? I looked into cloudformation, but that doesn't seem right. I haven't tried it but I suppose that Cloudformation has some orchestration feature too: I think you can define an AutoScalingGroup and have CloudFormation starts a new host based on a predefined AMI when loadaverage of the hosts in the group reach some predefined level; you can choose a different metric if you prefer, like a webpage response time. Then I suppose you have to update your ELB configuration and probably something else ... All these tasks can be configured with a tool like Scalr through a web interface and this simplifies your life, but it's something to pay for, while cloudformation is a free feature on AWS, for what I remember. Hope this helps,L. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/U41DUaMkB3sJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: What happens if puppet fails half way into processing a catalog?
If you have dependencies set for a chain of events and it fails part way, that is how the system is left. Everything that succeeded before the failure with stay there and nothing in the dependence chain after the failure will have been done. Every run of puppet after this, it will keep trying to finish. But of course, will not succeed unless something changes to correct the problem. This does not mean the system is unusable. But at least one thing on the system is not how you want it. Steven -Original Message- From: puppet-users@googlegroups.com [mailto:puppet-us...@googlegroups.com] On Behalf Of Tim Uckun Sent: Thursday, September 10, 2009 8:22 PM To: puppet-users@googlegroups.com Subject: [Puppet Users] What happens if puppet fails half way into processing a catalog? If puppet fails half way into processing a catalog the system might be in an unusable state right? For example if it installs a package but not the one that follows it or can't set up the config file for whatever reason it doesn't know how to undo the catalog does it? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Useful Puppet/Facter CDP/cdpr hack
Thanks. This is a great idea and starting point for me to get this information added into our inventory for auto provisioning. Steven -Original Message- From: puppet-users@googlegroups.com [mailto:puppet-us...@googlegroups.com] On Behalf Of Joel Krauska Sent: Wednesday, April 22, 2009 12:45 AM To: puppet-users Subject: [Puppet Users] Useful Puppet/Facter CDP/cdpr hack (since I sent two complaints to the list just now, I feel the need to be constructive) If you use Cisco networking gear, you might be familiar with CDP. CDP is a Cisco proprietary protocol that issues packets from a Cisco switch to all attached devices. When you're on a Cisco device, you can detect neighboring switches and routers and what port they're plugged in to using CDP. There's also a Linux tool called cdpr which will briefly listen on a port for CDP packets from the switch. (http://www.monkeymental.com/) I just use the stock Ubuntu package and it works like a champ. example output: # cdpr -d eth0 cdpr - Cisco Discovery Protocol Reporter Version 2.2.1 Copyright (c) 2002-2006 - MonkeyMental.com Using Device: eth0 Waiting for CDP advertisement: (default config is to transmit CDP packets every 60 seconds) Device ID value: switchZZ.foo.com Addresses value: 10.20.22.6 Port ID value: GigabitEthernet0/6 What's great here, is that cdpr is telling me what switch the host is plugged in to, and what port on that switch. The cdpr package also has options for reporting to a central server, but that's what I use puppet for, right? So I just cron a nightly cdpr run. (not that I move ports that often, but it's a simple thing to grab from time to time), and then I wrote a facter fact to roll these stats back up in to the puppet yaml. I'm not a ruby master, but the following did the trick: -- # Facter fact to read output from cdpr and report back values require 'facter' cdprfile = '/tmp/cdpr.out' f = File.new(cdprfile) parseme = f.read.gsub(/\n/,' ') f.close switch = parseme.gsub(/.*Device ID\s+value:\s+(\S+)\s.*/,'\1') port = parseme.gsub(/.*Port ID\s+value:\s+(\S+)\s.*/,'\1') if switch.length 40 switch = '' end if port.length 40 port = '' end # Debug #print Switch:\t, switch, \n #print Port:\t, port, \n Facter.add(cdp_device) do setcode do switch end end Facter.add(cdp_port) do setcode do port end end -- So after I add this fact to fact sync with puppet I can just walk my yaml and get a mapping of server to switch ports.. Over-simplified walk example: # grep cdp /var/lib/puppet/yaml/node/* /var/lib/puppet/yaml/node/widgetXX.foo.com.yaml: cdp_port: GigabitEthernet0/9 /var/lib/puppet/yaml/node/widgetXX.foo.com.yaml: cdp_device: switch25- 1.foo.com /var/lib/puppet/yaml/node/widgetYY.foo.com.yaml: cdp_port: GigabitEthernet0/33 /var/lib/puppet/yaml/node/widgetYY.foo.com.yaml: cdp_device: switch22- 1.foo.com I hope some other network/sysadmin types find this useful. Cheers, Joel --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Package rpm parameters
The packages are ok (straight CentOS 4), but the OS is our own dialect (modified from CentOS 4). So, I end up with some packages that depend on others only to create a directory or a config file that puppet will be doing anyways. I don't want to install the dependence because it installs other stuff that I don't want or need and might interfere with our custom OS. I was hoping not to have to create a either a modified rpm or a dummy one. So far, it sound like creating a dummy package or modifying the puppet rpm provider are my best choices. Thanks, Steven -Original Message- From: puppet-users@googlegroups.com [mailto:puppet-us...@googlegroups.com] On Behalf Of Todd Zullinger Sent: Thursday, February 26, 2009 5:18 PM To: puppet-users@googlegroups.com Subject: [Puppet Users] Re: Package rpm parameters Steven Nemetz wrote: Is there a way to pass parameters to rpm with the package type? I have some rpms that need to be installed with --nodeps What sort of packages do you need to do this with? It sounds like broken packages (which often come from proprietary vendors that don't know how to package properly :). There are probably better ways to handle this sort of breakage. For example, create dummy packages that provide the dependencies. Of course, I'm just guessing at what you really need to do, so I could be way off. -- ToddOpenPGP - KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~ Erotic is when you use a feather, kinky is when you use the whole chicken. -- C. Haynes. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Package rpm parameters
Is there a way to pass parameters to rpm with the package type? I have some rpms that need to be installed with --nodeps Thanks, Steven --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Problem with some of my puppet clients running
-Original Message- What about if you run Facter with --puppet, making sure it loads your custom facts? -- Due to circumstances beyond your control, you are master of your fate and captain of your soul. - Luke Kanies | http://reductivelabs.com | http://madstop.com Some of these systems have no custom facts. But it runs fines on all of them, with the correct data. Steven --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Problem with some of my puppet clients running
All my puppet clients were running ok. Then 2 things happened yesterday: 1) I had puppet upgrade facter to 1.5.3 everywhere. Most were running 1.3.8 prior. 2) We had network problem, causing one of our datacenters to go offline The network problems have been fixed and was not related to the systems I'm having trouble with. Was a different data center. I found about a dozen systems where puppet was still running but not talking to the master and puppetrun gave no error triggering them, but they did nothing. Restarting puppet on most of these systems fixed the problem. But I still have 4 CentOS 4 systems that will load, but not process the config or request one from the master. Startup messages in debug mode are: debug: Creating default schedules debug: /Settings[/etc/puppet/puppet.conf]/Settings[ssl]/File[/var/lib/puppet/ss l/certs/admin4006.sfo.proofpoint.com.pem]: Autorequiring File[/var/lib/puppet/ssl/certs] debug: /Settings[/etc/puppet/puppet.conf]/Settings[main]/File[/var/lib/puppet/s tate]: Autorequiring File[/var/lib/puppet] debug: /Settings[/etc/puppet/puppet.conf]/Settings[main]/File[/var/lib/puppet/s sl]: Autorequiring File[/var/lib/puppet] debug: /Settings[/etc/puppet/puppet.conf]/Settings[main]/File[/etc/puppet/names paceauth.conf]: Autorequiring File[/etc/puppet] debug: /Settings[/etc/puppet/puppet.conf]/Settings[main]/File[/var/lib/puppet/l ib]: Autorequiring File[/var/lib/puppet] debug: /Settings[/etc/puppet/puppet.conf]/Settings[ssl]/File[/var/lib/puppet/ss l/private]: Autorequiring File[/var/lib/puppet/ssl] debug: /Settings[/etc/puppet/puppet.conf]/Settings[ssl]/File[/var/lib/puppet/ss l/certs/ca.pem]: Autorequiring File[/var/lib/puppet/ssl/certs] debug: /Settings[/etc/puppet/puppet.conf]/Settings[ssl]/File[/var/lib/puppet/ss l/private_keys]: Autorequiring File[/var/lib/puppet/ssl] debug: /Settings[/etc/puppet/puppet.conf]/Settings[ssl]/File[/var/lib/puppet/ss l/csr_admin4006.sfo.proofpoint.com.pem]: Autorequiring File[/var/lib/puppet/ssl] debug: /Settings[/etc/puppet/puppet.conf]/Settings[ssl]/File[/var/lib/puppet/ss l/public_keys]: Autorequiring File[/var/lib/puppet/ssl] debug: /Settings[/etc/puppet/puppet.conf]/Settings[ssl]/File[/var/lib/puppet/ss l/private_keys/admin4006.sfo.proofpoint.com.pem]: Autorequiring File[/var/lib/puppet/ssl/private_keys] debug: /Settings[/etc/puppet/puppet.conf]/Settings[puppetd]/File[/var/lib/puppe t/state/state.yaml]: Autorequiring File[/var/lib/puppet/state] debug: /Settings[/etc/puppet/puppet.conf]/Settings[ssl]/File[/var/lib/puppet/ss l/public_keys/admin4006.sfo.proofpoint.com.pem]: Autorequiring File[/var/lib/puppet/ssl/public_keys] debug: /Settings[/etc/puppet/puppet.conf]/Settings[ssl]/File[/var/lib/puppet/ss l/certs]: Autorequiring File[/var/lib/puppet/ssl] debug: /Settings[/etc/puppet/puppet.conf]/Settings[puppetd]/File[/etc/puppet/pu ppet.conf]: Autorequiring File[/etc/puppet] debug: /Settings[/etc/puppet/puppet.conf]/Settings[puppetd]/File[/var/log/puppe t/http.log]: Autorequiring File[/var/log/puppet] debug: /Settings[/etc/puppet/puppet.conf]/Settings[puppetd]/File[/var/lib/puppe t/state/state.yaml]: Changing mode debug: /Settings[/etc/puppet/puppet.conf]/Settings[puppetd]/File[/var/lib/puppe t/state/state.yaml]: 1 change(s) debug: /Settings[/etc/puppet/puppet.conf]/Settings[puppetd]/File[/var/lib/puppe t/state/state.yaml]/mode: mode changed '640' to '660' debug: Finishing transaction -605596728 with 1 changes info: Starting handler for Runner info: Starting server for Puppet version 0.24.4 info: Listening on port 8139 notice: Starting Puppet client version 0.24.4 debug: Loaded state in 0.00 seconds It then just sits there. All 4 systems behave the same. They are spread across 2 data centers, but all talk to the same puppet master. I've also noticed that these are very slow at exiting puppet. Anyone have any ideas what could have happened to these 4 systems? Thanks, Steven --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: changing puppet run interval
I set the interval using both the config file and the command line.
Works fine. I believe I did this originally because the config file
alone did not work. But that was in 0.23. I haven't retested in later
versions, since everything is working.
Steven
-Original Message-
From: puppet-users@googlegroups.com
[mailto:[EMAIL PROTECTED]
On Behalf Of Matt
Sent: Monday, November 03, 2008 4:52 AM
To: puppet-users@googlegroups.com
Subject: [Puppet Users] changing puppet run interval
I'd like to change the puppet run interval in the puppet.conf file
after the first catalog run.
I've tried by using service and notify, also tried with a exec
[/etc/init.d/puppet restart] and a reload but to no avail. Puppet
will terminate if done via service, subscribe/notify, and exec
restart. However if I do a exec reload I get.
puppetd[17970]: Starting catalog run
puppetd[17970]: (//Node/puppet/File[puppet.conf]/content) changed file
contents from {md5}06a601ced9b8a5f89ce7225c9584a628 to
{md5}838c81d80e55fc3bf3709df040770321
puppetd[17970]: (//Node/puppet/Exec[/etc/init.d/puppet reload])
Triggering 'refresh' from 1 dependencies
puppetd[17970]: Finished catalog run in 0.59 seconds
puppetd[17970]: Reparsing /etc/puppet/puppet.conf
But puppet still continues to poll at the original interval and not
the new value in the puppet.conf file.
Running CentOS 5 clients.
Has anyone done this successfully?
Thanks,
Matt
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---
