RE: [Puppet Users] RE: each clients classes.txt on the server
Thank you Brian. Would you mind sharing the code for your custom fact that
reads in /var/lib/puppet/classes.txt and presents it as a csv fact value. This
would really save me some time as I am not a ruby developer.
From: puppet-users@googlegroups.com [mailto:puppet-users@googlegroups.com] On
Behalf Of Brian Gallew
Sent: Thursday, January 27, 2011 9:08 PM
To: puppet-users@googlegroups.com
Subject: Re: [Puppet Users] RE: each clients classes.txt on the server
Interestingly enough, I wrote a custom fact to do that. In my case, I have and
sshd_config.erb where I want to set the AllowGroups stanza based on all the
classes applied to a node. With 2.6.1 I could achieve that effect simply by
moving adding a class to the "post" stage (which is run after main) and have
that class contain the relevant file{}. When I updated to 2.6.3 it started
parsing the template the moment it encountered the resource, rather than
waiting for the relevant stage to be reached. Now I just pass back a
comma-separated list of all classes for each host and my erb knows how to
handle that. A word or warning: as shipped, the fact_value field is
VARCHAR($SMALL_VALUE) characters long. I had to change it to be a TEXT field
because otherwise it truncated my data.
On Thu, Jan 27, 2011 at 6:38 PM, Sukh Khehra
mailto:skhe...@proofpoint.com>> wrote:
Forgot to mention that we're running 2.6.4 on the server and in the process of
migrating all clients from 0.25.5 to 2.6.4.
From: puppet-users@googlegroups.com<mailto:puppet-users@googlegroups.com>
[mailto:puppet-users@googlegroups.com<mailto:puppet-users@googlegroups.com>] On
Behalf Of Sukh Khehra
Sent: Thursday, January 27, 2011 6:33 PM
To: puppet-users@googlegroups.com<mailto:puppet-users@googlegroups.com>
Subject: [Puppet Users] each clients classes.txt on the server
We have a lot of includes in our code so it takes some digging around to find
the resultant set of classes that apply to a puppet clients. I was thinking of
somehow copying classes.txt file from the client to the server for easier
analysis. Anyone have any art on how to go about doing that? I'd appreciate any
ideas.
Regards,
Sukh Khehra
Sys Admin
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to
puppet-users@googlegroups.com<mailto:puppet-users@googlegroups.com>.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com<mailto:puppet-users%2bunsubscr...@googlegroups.com>.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to
puppet-users@googlegroups.com<mailto:puppet-users@googlegroups.com>.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com<mailto:puppet-users%2bunsubscr...@googlegroups.com>.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] RE: each clients classes.txt on the server
Forgot to mention that we're running 2.6.4 on the server and in the process of migrating all clients from 0.25.5 to 2.6.4. From: puppet-users@googlegroups.com [mailto:puppet-users@googlegroups.com] On Behalf Of Sukh Khehra Sent: Thursday, January 27, 2011 6:33 PM To: puppet-users@googlegroups.com Subject: [Puppet Users] each clients classes.txt on the server We have a lot of includes in our code so it takes some digging around to find the resultant set of classes that apply to a puppet clients. I was thinking of somehow copying classes.txt file from the client to the server for easier analysis. Anyone have any art on how to go about doing that? I'd appreciate any ideas. Regards, Sukh Khehra Sys Admin -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] each clients classes.txt on the server
We have a lot of includes in our code so it takes some digging around to find the resultant set of classes that apply to a puppet clients. I was thinking of somehow copying classes.txt file from the client to the server for easier analysis. Anyone have any art on how to go about doing that? I'd appreciate any ideas. Regards, Sukh Khehra Sys Admin -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] classes being assigned twice
I am running puppet 0.25.5 on puppet client and server (still testing rollout of the newest upgrade). For all my nodes, I see all classes listed twice in the /var/lib/puppet/classes.txt on the node. Anyone know why that might be? When I run my external node classifier, I only see the classes assigned once. On a "puppetd -t" run on the client, I also see my custom facts being evaluated twice which makes me think the work is being done twice over. Anyway, the classes being assigned twice is a problem because I am trying to iterate over them using this example from the puppet docs: <% classes.each do |klass| -%> The class <%= klass %> is defined <% end -%> I am not a ruby developer. Perhaps, as a short term fix, someone can tell me how to uniq the classes array in this example? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppetmaster HA
I recently lost the only puppetmaster for a datacenter. I ended up having to build a new one and then hit all clients to remove /var/lib/puppet/ssl and point them to the new one I built. That was not fun. I can start backing up the CA infrastructure on the puppetmaster I suppose but I am wondering how folks out there are protecting against puppetmaster node failure. Can I have 2 physical nodes and use an F5 or another loadbalancer to send requests to both? If yes, anyone know of a HowTo doc to do that? Thanks for your time. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
RE: [Puppet Users] viewing b64_zlib_yaml data
Apache is not logging any error when this happens. I experimented with upping the LimitRequestLine, and LimitRequestFieldsize apache config directives but hasn't made any difference. I tried your suggestion to decode the string (even one that works ok) but am getting this errorNot sure what this means... I even tried irb(main):017:0> Zlib::Inflate.inflate(Base64.decode64(CGI.unescape(text))) Zlib::BufError: buffer error from (irb):17:in `inflate' from (irb):17 from :0 -Original Message- From: puppet-users@googlegroups.com [mailto:puppet-us...@googlegroups.com] On Behalf Of Brice Figureau Sent: Thursday, August 26, 2010 11:37 AM To: puppet-users@googlegroups.com Subject: Re: [Puppet Users] viewing b64_zlib_yaml data On 26/08/10 20:20, Sukh Khehra wrote: > Thanks for the helpful suggestions. > > I checked for this and my problem does not appear to be request size > related. I say this because I turned on the logging for the request size > and see that it is serving requests larger than the problem hosts just > fine. I meant incoming request. Those are usually the issue with apache, especially if the given node has a large number of facts or long facts. > I even tried turning on debugging for puppetmaster but it is not > logging anything helpful (log pasted below). The behavior I see is that > the puppetmaster is not seeing any facts from the client (I suspect due > to the issue I posted about originally). Any other ideas? You can try to decode the facts (as you asked in your first message) with this: 1) launch irb 2) enter: require 'zlib' require 'cgi' text="" Zlib::Inflate.inflate(Base64.decode64(CGI.unescape(text))) This should print on the console the YAML serialization of the facts. If in those you have the missing facts, then the problem is that this request is not transmitted verbatim to puppet. Hope that helps, -- Brice Figureau My Blog: http://www.masterzen.fr/ -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
RE: [Puppet Users] viewing b64_zlib_yaml data
[puppet::sysconfig])) Retrieving template puppet/sysconfig-puppet.erb 2010-08-26T18:03:49+00:00 PUPPETMASTER puppetmasterd[18675]: (template[/etc/puppet/modules/production/puppet/templates/sysconfig-pupp et.erb]) Bound template variables for /etc/puppet/modules/production/puppet/templates/sysconfig-puppet.erb in 0.00 seconds 2010-08-26T18:03:49+00:00 PUPPETMASTER puppetmasterd[18675]: Failed to parse template puppet/sysconfig-puppet.erb: Could not find value for 'ipaddress' at /etc/puppet/modules/production/puppet/manifests/init.pp:132 on node hostname.sk.local 2010-08-26T18:03:49+00:00 PUPPETMASTER puppetmasterd[18675]: Failed to parse template puppet/sysconfig-puppet.erb: Could not find value for 'ipaddress' at /etc/puppet/modules/production/puppet/manifests/init.pp:132 on node hostname.sk.local -Original Message- From: puppet-users@googlegroups.com [mailto:puppet-us...@googlegroups.com] On Behalf Of Brice Figureau Sent: Thursday, August 26, 2010 9:12 AM To: puppet-users@googlegroups.com Subject: Re: [Puppet Users] viewing b64_zlib_yaml data On Thu, 2010-08-26 at 09:05 -0700, Sukh Khehra wrote: > I am using puppet 0.25.1on Centos 5.4 on both client and server along > with apache 2.2.3/mongrel 1.1.5 on the server side. I am getting http > status code 400 (The request could not be understood by the server due > to malformed syntax) in balancer_access_log for a handful of hosts > like so. How do I can decode that data to look at it to see what's > wrong with it? > > > > > > 172.16.19.30 - - [26/Aug/2010:00:31:10 +] > "GET /production/catalog/hostname.sk.local?facts= string? Encrypted?>&facts_format=b64_zlib_yaml HTTP/1.1" 400 190 "-" > "-" There's nothing wrong in the data itself. There are great chances the problem is that the request is too large for Apache to handle. I don't know its exact limit, but I believe it's around 4k. I think apache error.log should log the error, if not then it might be either a mongrel error or the master itself. You should also check your master log to see if it logs anything about this. -- Brice Figureau Follow the latest Puppet Community evolutions on www.planetpuppet.org! -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] viewing b64_zlib_yaml data
I am using puppet 0.25.1on Centos 5.4 on both client and server along with apache 2.2.3/mongrel 1.1.5 on the server side. I am getting http status code 400 (The request could not be understood by the server due to malformed syntax) in balancer_access_log for a handful of hosts like so. How do I can decode that data to look at it to see what's wrong with it? 172.16.19.30 - - [26/Aug/2010:00:31:10 +] "GET /production/catalog/hostname.sk.local?facts=&facts_format=b64_zlib_yaml HTTP/1.1" 400 190 "-" "-" -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
RE: [Puppet Users] augeas and sendmail aliases
Yes, I read that thread and thought I was ensuring path uniqueness by
inserting the string "01" in there but its not working for me. I
examined the tree using augtool and as expected did not see a subtree
numbered at "01" so thought I should be be able to do this. Any other
suggestions?
-Original Message-
From: Silviu Paragina [mailto:sil...@paragina.ro]
Sent: Wednesday, June 16, 2010 11:31 AM
To: puppet-users@googlegroups.com
Cc: Sukh Khehra
Subject: Re: [Puppet Users] augeas and sendmail aliases
Search in the list history for a thread named "augeas type and
/etc/services"
Silviu
On 16.06.2010 20:38, Sukh Khehra wrote:
> I am trying to add an entry to /etc/aliases using this but am unable
to
> keep the entry from being added on every puppet run. I couldn't figure
> out the proper "onlyif" attribute to use to add it only once.
>
> augeas{ "add sendmail alias" :
> context => "/files/etc/aliases",
> changes => [
> "set /files/etc/aliases/01/name mycron",
> "set /files/etc/aliases/01/value[1] us...@mydomain.com",
> "set /files/etc/aliases/01/value[2] us...@pmydomain.com",
> ],
> }
> exec { "/usr/bin/newaliases": subscribe => Augeas["add sendmail
> alias"], refreshonly => true }
>
>
> Thanks for the help.
>
> Regards,
> Sukh
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] augeas and sendmail aliases
I am trying to add an entry to /etc/aliases using this but am unable to
keep the entry from being added on every puppet run. I couldn't figure
out the proper "onlyif" attribute to use to add it only once.
augeas{ "add sendmail alias" :
context => "/files/etc/aliases",
changes => [
"set /files/etc/aliases/01/name mycron",
"set /files/etc/aliases/01/value[1] us...@mydomain.com",
"set /files/etc/aliases/01/value[2] us...@pmydomain.com",
],
}
exec { "/usr/bin/newaliases": subscribe => Augeas["add sendmail
alias"], refreshonly => true }
Thanks for the help.
Regards,
Sukh
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] RE: variable interpolation weirdness
Forgot to mention that I am running version puppet-0.25.4-1 on both
sides on centos 5.4.
-Original Message-
From: Sukh Khehra
Sent: Wednesday, April 21, 2010 8:39 PM
To: 'puppet-users@googlegroups.com'
Subject: variable interpolation weirdness
Can someone please explain what's happening here? Let me know if you
need more info. Thanks in advance for your time.
I have a module called abc. This is the init.pp for that module.
###
$ cat modules/production/abc/manifests/init.pp
# Puppet Module: abc
#
class abc {
package { "maatkit": ensure => present }
}
class abc::base inherits abc {
exec { "testvars": command => "/bin/echo
'java_version=${java_version}'", logoutput => true; }
}
class abc::test {
$java_version = "jdk1.6.0_14"
include abc::base
}
###
I accidently assigned both the "abc" and "abc::test" class to a host and
noticed that the variable "java_version" no longer gets interpolated.
E.g. here's the puppet run log.
# puppetd -t
notice: Ignoring --listen on onetime run
info: Retrieving plugin
info: Caching catalog for abc1.staging.pp.com
info: Applying configuration version '1271906581'
notice: //abc::base/Exec[testvars]/returns: java_version=
notice: //abc::base/Exec[testvars]/returns: executed successfully
warning: Value of 'preferred_serialization_format' (pson) is invalid for
report, using default (marshal)
notice: Finished catalog run in 3.21 seconds
But If I only assign the host the "abc::test" class, everything works ok
like so:
# puppetd -t
notice: Ignoring --listen on onetime run
info: Retrieving plugin
info: Caching catalog for abc1.staging.pp.com
info: Applying configuration version '1271906581'
notice: //abc::base/Exec[testvars]/returns: java_version=jdk1.6.0_14
notice: //abc::base/Exec[testvars]/returns: executed successfully
warning: Value of 'preferred_serialization_format' (pson) is invalid for
report, using default (marshal)
notice: Finished catalog run in 3.21 seconds
So I obviously know what to do to fix the problem but would love to
understand what's happening here.
Regards,
Sukh
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] variable interpolation weirdness
Can someone please explain what's happening here? Let me know if you
need more info. Thanks in advance for your time.
I have a module called abc. This is the init.pp for that module.
###
$ cat modules/production/abc/manifests/init.pp
# Puppet Module: abc
#
class abc {
package { "maatkit": ensure => present }
}
class abc::base inherits abc {
exec { "testvars": command => "/bin/echo
'java_version=${java_version}'", logoutput => true; }
}
class abc::test {
$java_version = "jdk1.6.0_14"
include abc::base
}
###
I accidently assigned both the "abc" and "abc::test" class to a host and
noticed that the variable "java_version" no longer gets interpolated.
E.g. here's the puppet run log.
# puppetd -t
notice: Ignoring --listen on onetime run
info: Retrieving plugin
info: Caching catalog for abc1.staging.pp.com
info: Applying configuration version '1271906581'
notice: //abc::base/Exec[testvars]/returns: java_version=
notice: //abc::base/Exec[testvars]/returns: executed successfully
warning: Value of 'preferred_serialization_format' (pson) is invalid for
report, using default (marshal)
notice: Finished catalog run in 3.21 seconds
But If I only assign the host the "abc::test" class, everything works ok
like so:
# puppetd -t
notice: Ignoring --listen on onetime run
info: Retrieving plugin
info: Caching catalog for abc1.staging.pp.com
info: Applying configuration version '1271906581'
notice: //abc::base/Exec[testvars]/returns: java_version=jdk1.6.0_14
notice: //abc::base/Exec[testvars]/returns: executed successfully
warning: Value of 'preferred_serialization_format' (pson) is invalid for
report, using default (marshal)
notice: Finished catalog run in 3.21 seconds
So I obviously know what to do to fix the problem but would love to
understand what's happening here.
Regards,
Sukh
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
RE: [Puppet Users] ad hoc tasks with puppet
Thanks for your reply. On my tags question I used the class as an
example because I read that puppet auto creates a tag using the class
name. My question really is whether the resource referenced by the tag
should already be assigned to the host via node classification for this
to work.
E.g. lets say I have a class like this.
class preupgrade {
exec { "/etc/init.d/httpd stop": tag => "stopapache" }
}
I don't want to assign this class to all nodes but want to be able to
trigger it on an ad hoc basis. So my question is can I do this on the
master without first assigning the "preupgrade" class to hostA?
puppetrun --host --tags stopapache
In other words, does puppet look for the tagged resources in the entire
config codebase or just the stuff that is applicable to the node by
virtue of node classification.
Hope this makes sense.
-Original Message-
From: puppet-users@googlegroups.com
[mailto:puppet-us...@googlegroups.com] On Behalf Of Michael DeHaan
Sent: Monday, April 19, 2010 11:07 AM
To: puppet-users@googlegroups.com
Subject: Re: [Puppet Users] ad hoc tasks with puppet
On Mon, Apr 19, 2010 at 12:42 PM, Sukh Khehra
wrote:
> I have a need to audit user accounts on all of my puppet clients.
> Essentially, I need to collect the password and shadow file from all
of my
> clients to one central location and analyze them. How would someone do
this
> using puppet. Is there any mechanism to ship files to the master from
the
> client? From the recent Fabric vs ControlTier thread, it sounds like
people
> end up using other tools to do stuff like this but I was wondering if
I can
> use puppet for this...
There is a backup facility, though it's probably not want you want in
this case. Currently it's not highly instrumented for combing
through backups and finding what you want to look at, and stores
things
named after md5sums.
http://docs.reductivelabs.com/guides/types/file.html
You could use Puppet to execute something like rdiff-backup ?
>
>
>
> Another, unrelated, question I have is regarding tags. Can I do
"puppetrun
> --host --tags " if classA is not otherwise assigned to
> hostA?
Tags are really not about classes, tags are a seperate concept.
--tags means "run resources tagged with this value".
Puppetrun is due for some upgrades -- though these are going to wait a
bit in priority behind some other things, as we're doing a lot of
improvements
to the way the internals of the catalog/etc behave and want to make a
puppetrun that works well with multiple sources of node information,
rather than just
LDAP, which it does now.
>
>
>
> --
> You received this message because you are subscribed to the Google
Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] ad hoc tasks with puppet
I have a need to audit user accounts on all of my puppet clients. Essentially, I need to collect the password and shadow file from all of my clients to one central location and analyze them. How would someone do this using puppet. Is there any mechanism to ship files to the master from the client? From the recent Fabric vs ControlTier thread, it sounds like people end up using other tools to do stuff like this but I was wondering if I can use puppet for this... Another, unrelated, question I have is regarding tags. Can I do "puppetrun --host --tags " if classA is not otherwise assigned to hostA? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] custom facts
Hi, I am running puppet 0.25.1 and was wondering if the following 2 make for better default values [main] pluginsync = true # current default is false factpath = $vardir/lib/facter # current default is $vardir/facts Current default for plugindest appears to be "/var/lib/puppet/lib". Seems like custom facts get synched to /var/lib/puppet/lib by default but then puppetd looks for them under /var/lib/puppet/facts by default...Doesnt seem right. Am I missing something? Thanks, Sukh -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppet on windows.
Is anyone running puppet on windows? I attempted to use the instructions at http://reductivelabs.com/trac/puppet/wiki/PuppetWindows on my windows xp machine but ran into the following error: H:\>puppetd -tv C:/Ruby/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31:in `gem_original_require': no such file to load -- syslog ( LoadError) from C:/Ruby/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31:in `require' from C:/Ruby/lib/ruby/gems/1.8/gems/puppet-0.25.3/lib/puppet/util/log.rb:1 from C:/Ruby/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31:in `gem_original_require' from C:/Ruby/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31:in `require' from C:/Ruby/lib/ruby/gems/1.8/gems/puppet-0.25.3/lib/puppet/util/logging.rb: 2 from C:/Ruby/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31:in `gem_original_require' from C:/Ruby/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31:in `require' from C:/Ruby/lib/ruby/gems/1.8/gems/puppet-0.25.3/lib/puppet/util.rb:456 ... 7 levels... from C:/Ruby/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31:in `require' from C:/Ruby/lib/ruby/gems/1.8/gems/puppet-0.25.3/bin/puppetd:158 from C:/Ruby/bin/puppetd:19:in `load' from C:/Ruby/bin/puppetd:19 I created an empty syslog.rb file in the lib directory and got past the above error but now get this: C:\>puppetd -tv --server admin1016.us.proofpoint.com The system cannot find the path specified. C:/Ruby/lib/ruby/gems/1.8/gems/puppet-0.25.3/lib/puppet/external/event-l oop/event-loop.rb:78:in `initialize': uninitiali zed constant Fcntl::F_SETFD (NameError) from C:/Ruby/lib/ruby/gems/1.8/gems/puppet-0.25.3/lib/puppet/external/event-l oop/event-loop.rb:31:in `new' from C:/Ruby/lib/ruby/gems/1.8/gems/puppet-0.25.3/lib/puppet/external/event-l oop/event-loop.rb:31:in `default' from C:/Ruby/lib/ruby/gems/1.8/gems/puppet-0.25.3/lib/puppet/external/event-l oop/event-loop.rb:35:in `current' from C:/Ruby/lib/ruby/gems/1.8/gems/puppet-0.25.3/lib/puppet/external/event-l oop/event-loop.rb:285:in `initializ e' from C:/Ruby/lib/ruby/gems/1.8/gems/puppet-0.25.3/lib/puppet/util/settings.rb :559:in `new' from C:/Ruby/lib/ruby/gems/1.8/gems/puppet-0.25.3/lib/puppet/util/settings.rb :559:in `set_filetimeout_timer' from C:/Ruby/lib/ruby/gems/1.8/gems/puppet-0.25.3/lib/puppet/util/settings.rb :323:in `parse' from C:/Ruby/lib/ruby/gems/1.8/gems/puppet-0.25.3/lib/puppet/application.rb:2 15:in `run' from C:/Ruby/lib/ruby/gems/1.8/gems/puppet-0.25.3/lib/puppet/application.rb:3 06:in `exit_on_fail' from C:/Ruby/lib/ruby/gems/1.8/gems/puppet-0.25.3/lib/puppet/application.rb:2 15:in `run' from C:/Ruby/lib/ruby/gems/1.8/gems/puppet-0.25.3/bin/puppetd:159 from C:/Ruby/bin/puppetd:19:in `load' from C:/Ruby/bin/puppetd:19 Anyone gotten this to work? I am not a developer but if anyone is doing development work on getting puppet to work on windows, I wouldn't mind helping with the testing. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] user management
We're using local passwd/shadow files on all our linux hosts for
authentication and manage them by defining virtual resources like the
following and realizing them in the appropriate classes based on
authorization requirements.
@user {
"username":
comment => "User Name",
uid => "6",
password=> '$9$5/PrhlML$AttWraRXLd0ASwCq.uIss1',
home=> "/home/username",
ensure => "present",
gid => "6",
groups => ["groupname"],
shell => "/bin/sh",
managehome => true,
require => [Group["groupname"]],
membership => minimum;
}
Currently there is no way for me to directly tie puppet to ldap in our
environment (for various non technical reasons) but I would like to keep
the passwords synched with ldap. So I was thinking of writing a script
to query ldap and create perhaps a csv file containing username,password
hash, & shell values.
My questions is can I have my puppet manifests, like the snippet above,
grab the values for password and shell from an external file? ... a file
that I create from ldap every night? I found
"http://nephilim.ml.org/~rip/puppet/extlookup.rb"; but also wanted to ask
the community here if that's the best way to go. Any ideas will be
appreciated.
Regards,
Sukh
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
RE: [Puppet Users] yet another class dependency question.
Thanks Dan. Unfortunately, this did not work for me.
err: Could not apply complete catalog: Could not retrieve dependency
'Class[::http]' of Class[puppet::http]
Does anyone know of another way to fully qualify the class name when
requiring it? I was hoping to not have to change the names of these
pre-existing classes.
From: puppet-users@googlegroups.com
[mailto:puppet-us...@googlegroups.com] On Behalf Of Dan Bode
Sent: Wednesday, December 30, 2009 1:31 PM
To: puppet-users@googlegroups.com
Subject: Re: [Puppet Users] yet another class dependency question.
Hi,
On Wed, Dec 30, 2009 at 9:52 PM, Sukh Khehra
wrote:
Hi,
I am running puppet version 0.25.1 on both the server and client and am
getting the following error on a puppet run:
err: Could not apply complete catalog: Could not retrieve dependency
'Class[http]' of Class[puppet::http]
Class http is defined in the "http" module like so:
class http {
package { httpd: ensure => installed }
file {
"httpd.conf":
ensure => present,
...
Class puppet::http is defined in the puppet module like so:
class puppet::http {
require http
file {
"http-puppet.conf":
ensure => present,
path=> "/etc/httpd/conf.d/puppet.conf",
...
I have a feeling that it maybe a scoping issue with a namespace
collision between puppet::http and http. you are calling require http
from the namespace of puppet::http, which is checking puppet before it
checks root (::)so it actually thinks that you are requiring
puppet::http and not http. I have seen this issue before with includes.
To resolve it with include, you can add the prefix ::http (which means
from the root namespace)
Feel free to try this
# this works for includes
require ::http
but it unfortunately didnt work for me, so this might actually be a bug.
the easiest fix is not to use puppet::http for the name of the class,
try puppet::apache or something.
In this test setup both my client and server are the same node
in the
same production environment and here's what my module
organization looks
like.
# egrep -i '^\[|module|environment' /etc/puppet/puppet.conf
[main]
environments = production,staging,development,testing
environment = production
[puppetd]
environment = production
[puppetmasterd]
# environments
[production]
modulepath = $confdir/modules/production
[staging]
modulepath =
$confdir/modules/staging:$confdir/modules/production
[development]
modulepath = $confdir/modules/development
[testing]
modulepath =
$confdir/modules/testing:$confdir/modules/production
# ls -1d /etc/puppet/modules/production/puppet
/etc/puppet/modules/production/http
/etc/puppet/modules/production/http
/etc/puppet/modules/production/puppet
Why wouldn't it be able to retrieve dependency class http?
--
You received this message because you are subscribed to the
Google Groups "Puppet Users" group.
To post to this group, send email to
puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
<mailto:puppet-users%2bunsubscr...@googlegroups.com> .
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] yet another class dependency question.
Hi,
I am running puppet version 0.25.1 on both the server and client and am
getting the following error on a puppet run:
err: Could not apply complete catalog: Could not retrieve dependency
'Class[http]' of Class[puppet::http]
Class http is defined in the "http" module like so:
class http {
package { httpd: ensure => installed }
file {
"httpd.conf":
ensure => present,
...
Class puppet::http is defined in the puppet module like so:
class puppet::http {
require http
file {
"http-puppet.conf":
ensure => present,
path=> "/etc/httpd/conf.d/puppet.conf",
...
In this test setup both my client and server are the same node in the
same production environment and here's what my module organization looks
like.
# egrep -i '^\[|module|environment' /etc/puppet/puppet.conf
[main]
environments = production,staging,development,testing
environment = production
[puppetd]
environment = production
[puppetmasterd]
# environments
[production]
modulepath = $confdir/modules/production
[staging]
modulepath = $confdir/modules/staging:$confdir/modules/production
[development]
modulepath = $confdir/modules/development
[testing]
modulepath = $confdir/modules/testing:$confdir/modules/production
# ls -1d /etc/puppet/modules/production/puppet
/etc/puppet/modules/production/http
/etc/puppet/modules/production/http
/etc/puppet/modules/production/puppet
Why wouldn't it be able to retrieve dependency class http?
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] monitoring puppet
Hi, I was wondering what people out there are doing to monitor puppetd in large environments. I'd love to hear what the best practices are around this. We have a few hundred hosts and are currently looking at the timestamps on the yaml files in /var/lib/puppet/yaml/facts/ on puppetmasters to make sure all clients are alive. Is it true that for a given client the fact file on the puppetmaster will always get updated on every one of its puppet runs? Or does it update only when facts change. Thanks, Sukh -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: intermittent fileserver module not found issues.
Basically, what's broken is that on some runs, puppet client fails to process our file type resource declarations correctly. When this happens, puppetmaster logs the errors I provided earlier. Puppet clients log this:(Using my sendmail module as an example on this one.) 2009-10-25T12:02:53+00:00 puppetd[27478]: (//sendmail::relay/File[sysconfig-sendmail]/source) Could not describe /sendmail//sysconfig-sendmail: Fileserver module 'sendmail' not mounted 2009-10-25T12:02:53+00:00 puppetd[27478]: (//sendmail::relay/File[sysconfig-sendmail]/source) Could not describe /sendmail/sysconfig-sendmail: Fileserver module 'sendmail' not mounted 2009-10-25T12:02:53+00:00 puppetd[27478]: (//sendmail::relay/File[sysconfig-sendmail]/ensure) No specified sources exist 2009-10-25T12:02:53+00:00 puppetd[27478]: (//sendmail::relay/File[sysconfig-sendmail]/ensure) No specified sources exist 2009-10-25T12:02:53+00:00 puppetd[27478]: (//sendmail::relay/File[sysconfig-sendmail]/source) No specified sources exist Again, this only happens intermittently. On other puppet runs this error is not logged. I failed to mention earlier that all our puppet clients are still on 0.24.4. I just updated a couple of clients to 0.25.1rc2 as well to see if it helps. I haven't seen the issue on those since but need to watch the logs some more to be sure. If it does, guess we can rush through our client upgrades sooner than we had planned unless someone has any ideas on what to look at on the master/passenger side. Also, I'm not sure if its relevant but we're not using an auth.conf file in our setup yet. -Original Message- From: puppet-users@googlegroups.com [mailto:puppet-us...@googlegroups.com] On Behalf Of Luke Kanies Sent: Sunday, October 25, 2009 10:11 PM To: puppet-users@googlegroups.com Subject: [Puppet Users] Re: intermittent fileserver module not found issues. On Oct 24, 2009, at 9:59 AM, Sukh Khehra wrote: [...] > Things seem to work ok for the most part. Intermittently, however, I > am > seeing these errors log on the master. The same clients don't cause > this > at other times. Anyone ever seen this? I'd appreciate the help. > > My apache puppetmaster.conf, config.ru, and a puppet manifest snippet > that I think is triggering this is pasted below. While I appreciate the thoroughness, can you be a bit more succinct in what exactly is broken? Am I right in reading that the hyperic fileserver module is sometimes not found? Is it only for some clients, only at certain times, etc? -- Take the utmost trouble to find the right thing to say, and then say it with the utmost levity. -- George Bernard Shaw - Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] intermittent fileserver module not found issues.
I just upgraded our puppetmaster servers from 0.24.4 to 0.25.1rc2 and
configured them to use Passenger. Here's what I am running now:
ruby-irb-1.8.5-5.el5_1.1
httpd-2.2.3-11.el5_1.centos.3
ruby-devel-1.8.5-5.el5_1.1
ruby-augeas-0.3.0-1.el5
httpd-devel-2.2.3-11.el5_1.centos.3
ruby-1.8.5-5.el5_1.1
ruby-libs-1.8.5-5.el5_1.1
puppet-0.25.1rc2-1
ruby-shadow-1.4.1-6
rubygems-0.9.4-1.el5
httpd-devel-2.2.3-11.el5_1.centos.3
augeas-libs-0.5.3-1
puppet-server-0.25.1rc2-1
I am using ruby-enterprise-1.8.7-20090928 with passenger apache module
version 2.2.2 (2.2.5 did not work for me).
Things seem to work ok for the most part. Intermittently, however, I am
seeing these errors log on the master. The same clients don't cause this
at other times. Anyone ever seen this? I'd appreciate the help.
My apache puppetmaster.conf, config.ru, and a puppet manifest snippet
that I think is triggering this is pasted below.
start log entries
2009-10-24T16:41:19+00:00 puppetmasterd[2874]: Using
cached node for
2009-10-24T16:41:19+00:00 puppetmasterd[2874]:
Fileserver module 'hyperic' not mounted
2009-10-24T16:41:19+00:00 puppetmasterd[30546]:
Allowing authenticated client (192.168.16.46) access to
fileserver.describe
2009-10-24T16:41:19+00:00 puppetmasterd[30546]: Using
cached node for
2009-10-24T16:41:19+00:00 puppetmasterd[30546]:
(mount[hyperic]) Describing /hyperic/plugins/mysql_stats-plugin.jar for
--
2009-10-24T16:41:19+00:00 puppetmasterd[2874]: Using
cached node for
2009-10-24T16:41:19+00:00 puppetmasterd[2874]:
Fileserver module 'hyperic' not mounted
2009-10-24T16:41:19+00:00 puppetmasterd[2874]: Handling
request: POST /RPC2
2009-10-24T16:41:19+00:00 puppetmasterd[2259]:
(//puppet/Service[puppet]/ensure) ensure changed 'stopped' to 'running'
2009-10-24T16:41:19+00:00 puppetmasterd[2259]: Handling
request: POST /RPC2
--
2009-10-24T16:41:19+00:00 puppetmasterd[2874]: Using
cached node for
2009-10-24T16:41:19+00:00 puppetmasterd[2874]:
Fileserver module 'hyperic' not mounted
2009-10-24T16:41:19+00:00 puppetmasterd[2259]: Allowing
authenticated client (192.168.16.46) access to
fileserver.describe
2009-10-24T16:41:19+00:00 puppetmasterd[2259]: Using
cached node for
2009-10-24T16:41:19+00:00 puppetmasterd[2259]:
(mount[hyperic]) Describing /hyperic/plugins/pps-filterstatus-plugin.xml
for
--
2009-10-24T16:41:19+00:00 puppetmasterd[2874]: Using
cached node for
2009-10-24T16:41:19+00:00 puppetmasterd[2874]:
Fileserver module 'ssh' not mounted
2009-10-24T16:41:19+00:00 puppetmasterd[2874]: Handling
request: POST /RPC2
2009-10-24T16:41:19+00:00 puppetmasterd[2874]: Allowing
authenticated client (192.168.16.46) access to
puppetreports.report
2009-10-24T16:41:19+00:00 puppetmasterd[2874]:
Processing reports store, rrdgraph, log for
end log entries
puppetmaster.conf
LoadModule passenger_module
/opt/ruby-enterprise-1.8.7-20090928/lib/ruby/gems/1.8/gems/passenger-2.2
.2/ext/apache2/mod_passenger.so
PassengerRoot
/opt/ruby-enterprise-1.8.7-20090928/lib/ruby/gems/1.8/gems/passenger-2.2
.2
PassengerRuby /opt/ruby-enterprise-1.8.7-20090928/bin/ruby
## you probably want to tune these settings
PassengerHighPerformance on
PassengerMaxPoolSize 15
PassengerPoolIdleTime 600
## PassengerMaxRequests 1000
PassengerStatThrottleRate 120
RackAutoDetect Off
RailsAutoDetect Off
Listen 8140
SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
SSLCertificateFile
/var/lib/puppet/ssl/certs/.pem
SSLCertificateKeyFile
/var/lib/puppet/ssl/private_keys/.pem
SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile/var/lib/puppet/ssl/ca/ca_crt.pem
# If Apache complains about invalid signatures on the CRL, you
can try disabling
# CRL checking by commenting the next line, but this is not
recommended.
#SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars
DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/
RackBaseURI /
Options None
AllowOverride None
Order allow,deny
allow from all
end puppetmaster.conf
start config.ru
# a config.ru, for use with every rack-compatible webserver.
# SSL needs to be handled outside this, though.
# if puppet is not in your RUBYLIB:
$:.unshift('/usr/lib/ruby/site_ruby/1.8')
$0 = "puppetmasterd"
require 'puppet'
# if you want debugging:
ARGV << "--debug"
ARGV << "--rack"
require 'puppet/application/puppetmasterd'
# we're usually running inside a Rack::Builder.new {} block,
# therefore we need to call run *here*.
run Puppet::Application[:puppetmasterd].run
## end config.ru ##
#
