Re: [Puppet Users] Augeas editing of fstab
On Fri, Mar 20, 2015 at 7:20 AM Anthony Clark dizzysau...@gmail.com wrote: Hi there, I'm trying to add the nobarrier option to our XFS mount options in /etc/fstab using Augeas. I've tried this: Could you perhaps post working and failing examples of fstab entries? Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r7BnYySLJhjG%2BwZu3Qr46BfY-Dmz%3DDBNPvxwAP74Yqycg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Use value from a hash defined in hiera datasource elsewhere in the same hiera datasource
On Sat, Mar 21, 2015 at 10:43 AM Craig Wickesser codecr...@gmail.com wrote: But I was hoping to just extract the value from the hash. Thoughts? Unless I am misunderstanding, I don't think that's possible. The 2nd bullet in Notes box in Interpolation Tokens in the Hiera Guide ( http://docs.puppetlabs.com/hiera/1/variables.html#interpolation-tokens) says: Additionally, Hiera cannot interpolate an individual element of any array or hash, even if that element’s value is a string. Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r48acnr0GHqSoSnDGw%2BBmmnxRFLe3P1daafizUuCkcaTw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Help! Could not autoload puppet/provider/package/rpm
On Mon, Mar 23, 2015 at 6:35 AM staceytian4...@gmail.com wrote: Hi all, I am using Puppet agent 3.7.3 on Red Hat Linux. On one of my machines, when I run puppet agent --test, I received error: Puppet (err): Could not autoload puppet/provider/package/rpm: No such file or directory - /tmp/puppet20150323-27791-6xy78b.lock Puppet (err): Could not autoload puppet/type/package: Could not autoload puppet/provider/package/rpm: No such file or directory - /tmp/puppet20150323-27791-6xy78b.lock Puppet (err): Could not retrieve catalog from remote server: Could not intern from text/pson: Could not autoload puppet/type/package: Could not autoload puppet/provider/package/rpm: No such file or directory - /tmp/puppet20150323-27791-6xy78b.lock Puppet (err): Could not retrieve catalog; skipping run Any clue why this happens? SELinux enabled post-install, so various bits don't have the right labels? It might take a while, but restorecon(8) might help? Maybe start with `restorecon -n -v -r /`? Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r5PdMDjRN2aaYeQ_NH-0hNCRSQOYKTE9dARhHGe28X4wA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Am I seeing PUP-3863?
On Mon, Mar 23, 2015 at 11:37 AM Wil Cooley wcoo...@nakedape.cc wrote: I see now too that I was not just being lazy; neither the Functions section of the Language Guide nor the Custom Functions Guide -- searching for undef, null, empty and return does not yield this datum: I spoke too soon: There's a table at the bottom of the Functions section of the Language Guide that has both empty and undef; I dunno how I missed it. (Somehow I also thought that I could return :undef from Ruby to get an undef in Puppet; I'm not sure where that came from.) Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r7DDtp1XSxK0%3DfVxN4qewL%3DPwYu0-cq6%2BE%2BVtF%3D%2BQ4qmg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Am I seeing PUP-3863?
On Sun, Mar 22, 2015 at 9:05 AM Henrik Lindberg henrik.lindb...@cloudsmith.com wrote: That is because an undef is passed as an empty string when given to functions (functions in general are still 3.x. API when using future parser, and also in 4.0). This explains some of the errors I've had in the past but been unable to understand. I recall now trying to find out what to expect to be returned when writing functions rspec examples and being stymied by the absense of this critical detail from the documentation. I see now too that I was not just being lazy; neither the Functions section of the Language Guide nor the Custom Functions Guide -- searching for undef, null, empty and return does not yield this datum: http://docs.puppetlabs.com/puppet/3.7/reference/lang_functions.html http://docs.puppetlabs.com/guides/custom_functions.html It also reveals one of the limitations of testing functions w/rspec-puppet: Since the result of the function call does not go through the Puppet compiler itself but stays all within Ruby, results can be misleading. (The alternative, testing the results of the function call within a hosts example using either `:pre_condition` or `fixtures/manifests/site.pp` is non-obvious and not terribly well-documented.) I'll file bugs on the docs now. Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r5_S-COV7HMQKyKTpt4wfmZB-XfHi6FXXQhJaq-QB4hwg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Re: Firewall rules by subnet
On Fri, Mar 20, 2015 at 8:45 AM Gary Jackson bar...@gmail.com wrote: Sadly, they are not. What I probably want is one of two things for my case statement: 1. The bitwise AND of the ipaddress and netmask facts. 2. Pull apart the interfaces fact and use the network_*iface* fact for the first interface in that list. Can I do either of these things without resorting to a custom fact? The latter is easy enough to do: /tmp/test.pp: $interface_array = split($::interfaces, ',') notice(interfaces is ${::interfaces}) notice(first interface is ${interface_array[0]}) $ puppet apply /tmp/test.pp Notice: Scope(Class[main]): interfaces is em1,lo Notice: Scope(Class[main]): first interface is em1 Notice: Compiled catalog for mydesktop in environment production in 0.01 seconds Notice: Finished catalog run in 0.08 seconds You could do the bit-fiddling with a custom function easily enough or if you want to be quick and dirty you use `inline_template` and to it in Ruby. Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r7%3D88_9cQbJ4-e4ihm1V%2B5obysVor69YBnq2EXbVdCL7Q%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Re: Firewall rules by subnet
One other option would be to use `has_ip_network` from puppetlabs/stdlib. On Fri, Mar 20, 2015 at 1:59 PM Wil Cooley wcoo...@nakedape.cc wrote: On Fri, Mar 20, 2015 at 8:45 AM Gary Jackson bar...@gmail.com wrote: Sadly, they are not. What I probably want is one of two things for my case statement: 1. The bitwise AND of the ipaddress and netmask facts. 2. Pull apart the interfaces fact and use the network_*iface* fact for the first interface in that list. Can I do either of these things without resorting to a custom fact? The latter is easy enough to do: /tmp/test.pp: $interface_array = split($::interfaces, ',') notice(interfaces is ${::interfaces}) notice(first interface is ${interface_array[0]}) $ puppet apply /tmp/test.pp Notice: Scope(Class[main]): interfaces is em1,lo Notice: Scope(Class[main]): first interface is em1 Notice: Compiled catalog for mydesktop in environment production in 0.01 seconds Notice: Finished catalog run in 0.08 seconds You could do the bit-fiddling with a custom function easily enough or if you want to be quick and dirty you use `inline_template` and to it in Ruby. Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r6VNS%3DH5DapmUeoLFRS%3DrpzgLmfWcDJ8G3Z1hocL%3DrA9Q%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Am I seeing PUP-3863?
PUP-3863 claims to be for future-parser with versions 3.7.3 .4, but I'm seeing it with both 2.7.25 and 3.7.4, both with hiera 1.3.4 (and, for 2.7, hiera-puppet 1.0.0). Should I not be surprised? Is there another ticket that I'm missing maybe? The crux of the issue for me, aside from the verity of the result changing with Puppet 4, is that undef != '' as resource parameters. For example, I expect the following to work, regardless of the status of the `hiera` lookup: file { '/tmp/foo': source = hiera('xyzzy', undef), } But what I'm seeing is that when 'xyzzy' is not found, `hiera` returns , which is not a valid source URL. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r5rBXmKDYOMWbDse7Q69yYj%3Dq177XHpHmXCyuq_-j1KyQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Defined type parameter defaults not set (undef)
On Dec 3, 2014 6:53 AM, Martijn Grendelman martijngrendel...@gmail.com wrote: Hi, Please consider the following simplified code: class apache::params { $priority = 25 } define apache::vhost ( $priority = $::apache::params::priority ) { include apache::params notify { $name prio 1: $apache::params::priority: } notify { $name prio 2: $priority: } } apache::vhost { 'test': } Is there ANY way that the notifys in the apache::vhost type would display a different value? Shouldn't $apache::params::priority and $priority not be the same? AIUI, with a class, you'd need to inherit from params for the default to work. With a define, I suspect it's parse-order dependent and you've just gotten lucky. Rather than doing what you're doing, consider making the default undef and using 'pick' from puppetlabs/stdlib to choose: $real_priority = pick($priority, $apache::params::priority) I have a case where on some nodes, $priority (and other parameters that have defaults from $::apache::params that I omitted here) are empty (undef). If I access $::apache::params::priority directly, the correct value is presented. This code is in use on many nodes, and most don't exhibit the problem. Any idea what might be the problem here? I've been trying different things for over an hour, and I'm afraid I'm losing my sanity... Best regards, Martijn. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/4b344b14-de9b-446c-93e7-110d335f91cd%40googlegroups.com . For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r7wyzZjs%3Dt21_JJ_VMBgD5X5548i-D-eADcveuah8gdCQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Re: Determining which master an agent is connected to
The $servername variable isn't actually a fact -- it's set by the server itself while compiling the catalog, so from the perspective of writing manifests it smells a lot like a fact. Wil On Wed, Dec 3, 2014 at 2:13 PM, Ramin K ramin-l...@badapple.net wrote: I'm not a PE user, but the config for the OSS version has a blacklist to remove facts like uptime, path, ps, etc from the facts.yaml. I'd expect PE to follow the same process. Might be worth opening a support request. Ramin On 12/3/14 1:25 PM, Daren Arnold wrote: Hi Ramin, Is this feature/variable turned on by default in PE 3.3? I am unable to see a fact for 'servername'. I am probably trying to access it incorrectly. To test, I issue an mco command: mco inventory hostname I don't see servername available. Thanks for any additional help you can provide. Daren On Wednesday, December 3, 2014 2:40:14 PM UTC-5, Ramin K wrote: There is already a set of server facts available during a Puppet run. https://docs.puppetlabs.com/puppet/latest/reference/lang_ facts_and_builtin_vars.html#puppet-master-variables https://docs.puppetlabs.com/puppet/latest/reference/lang_ facts_and_builtin_vars.html#puppet-master-variables Because you're running PE you should be able to query which servers are using which server through mcollective. Ramin On 12/3/14 11:20 AM, Daren Arnold wrote: Tony, Thanks for your reply. I was hoping to avoid inspecting all of the agents (either puppet.conf files or running puppet agent -t --debug) manually. I am looking into an approach that involves creating an external fact to query the value of 'server' in the puppet.conf. That may be what you were suggesting? Either way, I'll post how that option goes. -Daren On Wednesday, December 3, 2014 1:38:12 PM UTC-5, Tony Thayer wrote: The agents should have the master defined in their puppet.conf file. Failing that, you can manually run the agent on a system with puppet agent -t --debug and look for entries that look like Caching connection for https://puppet.local:8140; - Tony On Wednesday, December 3, 2014 7:25:36 AM UTC-8, Daren Arnold wrote: Hello, Newb question here. I have inherited a PE 3.3 setup that uses a Puppet master hub, spoke and about 100 agents. The agents were installed at various times - some were connected directly to the hub and others connected to the spoke. Is there a way to determine which agents are connected to the hub versus the spoke? I couldn’t find a fact that reflected the Puppet master. Also, the console doesn’t seem to provide this information. Thanks for any help you can provide. Daren -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com javascript: mailto:puppet-users+unsubscr...@googlegroups.com javascript:. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/770bda3a- 3797-4469-8f07-ce68955b1d84%40googlegroups.com https://groups.google.com/d/msgid/puppet-users/770bda3a- 3797-4469-8f07-ce68955b1d84%40googlegroups.com https://groups.google.com/d/msgid/puppet-users/770bda3a- 3797-4469-8f07-ce68955b1d84%40googlegroups.com?utm_medium= emailutm_source=footer https://groups.google.com/d/msgid/puppet-users/770bda3a- 3797-4469-8f07-ce68955b1d84%40googlegroups.com?utm_medium= emailutm_source=footer. For more options, visit https://groups.google.com/d/optout https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com mailto:puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/c2ab756e- 8404-4cfd-8099-a28c82c6cd71%40googlegroups.com https://groups.google.com/d/msgid/puppet-users/c2ab756e- 8404-4cfd-8099-a28c82c6cd71%40googlegroups.com?utm_medium= emailutm_source=footer. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web
Re: [Puppet Users] Puppet rendered system unusable because of following a dependency tree removing an RPM
On Dec 2, 2014 4:50 AM, Clay Stuckey claystuc...@gmail.com wrote: I wrote two manifests for RHEL systems. One removed syslog. The other installed rsyslog. The syslog removal followed a tragic dependency tree removing RPMs such as coreutils, rpm, yum and pam. Once the servers rebooted, they were left in an unusable state. I had to boot in rescue mode, manually install files to get RPM going and reinstall about 300 RPMs that were removed. Ouch :-0 Is there some way to blacklist the removal of certain critical RPMs that might be found in a dependency tree? There is at least one yum plugin for this. Including that level of system-specific detail in the yum provider does not seem maintainable. Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r4Jy1BbXfPeStom2ie7v7TA%2Bthy2w-%3D0m26Sm_DVAuhVw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Puppet Master does not re-connect to the storedconfigs PostgreSQL database
On Nov 27, 2014 12:54 AM, Peter Bauer peter.m.ba...@gmail.com wrote: i know that PuppetDB is the way to go for the future but currently i am forced to use Puppet 2.7 with the Stored Configuration feature. Are you aware that you can use PuppetDB 1.6 with Puppet 2.7? (I'm assuming you're using it for exported resources, since I know if no other reason for stored configs.) Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r6bMLcUpQdBzC9uCVFj%2BHwEajMQvorFd7Y5y0pQXzcgXA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Exporting custom fact to PuppetDB ok with command but KO with daemon
On Nov 27, 2014 5:28 AM, Vincent Miszczak vincent.miszc...@gmail.com wrote: Hello, Nearly everything is in the title. When I manually run a puppet agent --test on a host (let's say host1) that export @@something, I can get something on another host (let's say host2) and I'm happy. Later, when the daemon on host1 runs, it still exports @@something but custom facts are empty instead of having their value. What am I missing ? Have you tried turning it off and on again? Seriously, have you tried restarting the agent daemon? This happens sometimes when Facter itself is updated and if you've gone through several iterations of your custom fact, it may well apply here. When the agent runs as a daemon, it does not completely reinitialize, so it is possible that updated code could not get reloaded. Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r6qsv9Mo5ttXj6Mb-0qOkz-JA2Q8p401D%3D-X1aNEM7tGA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Diagram of Puppet Agent/Master/DB communication (Was: Puppet variable with a custom fact)
On Thursday, November 20, 2014 9:22:29 AM UTC-8, Wil Cooley wrote: (Aside: Does anyone have a link to a diagram of the dance the master and agent do? I've been meaning to try to make one on websequencediagrams.com but not gotten around to it.) jcbollinger wrote: There is a diagram and accompanying descriptive text that looks pretty comprehensive here: https://docs.puppetlabs.com/puppet/3/reference/subsystem_agent_master_comm.html . On Fri, Nov 21, 2014 at 12:57 PM, Eric Sorenson eric.soren...@puppetlabs.com wrote: I made one for the SSL bootstrapping sequence here: http://ask.puppetlabs.com/question/25/how-can-i-troubleshoot-problems-with-puppets-ssl-layer/ And one for the agent/master communication which I haven't found a good place for on ask: https://dl.dropboxusercontent.com/u/18472980/puppet-agent-timeseq.png Those all look good for what they are intended, but I was thinking more about something that was simplified for newish users and included where the various Ruby extensions are used. Something like this: http://preview.tinyurl.com/nezauat I considered including the agent-master communication about File resources using source but couldn't quite find a satisfactory way to represent it. I realize now that I am unclear about whether the master submits the compiled catalog and facts to PuppetDB at the time that the report is submitted or earlier; its probably not a detail worth worrying about though. Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r4%2BNYzV-vrubv8h1-fuH0rHpA2XWuLGWm8im3Bh6FudJA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Puppet variable with a custom fact
On Nov 17, 2014 3:38 AM, Antoine Cotten tonio.cot...@gmail.com wrote: Hi Puppet users, Is there any convenient way to access a variable defined in a Puppet class from within a custom fact? Not directly; the ordering is wrong in your mental model. You could write out the variable as an external fact on the managed node and then refer to it as a fact in the next agent run. (Aside: Does anyone have a link to a diagram of the dance the master and agent do? I've been meaning to try to make one on websequencediagrams.com but not gotten around to it.) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r7GxWpnjxkp9C5Tc9F2GQmhFnfq0EhqrCBa0g02FJOLHA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] how to send notices or if the nodes go in changed in the console using snmp traps to any monitoring tool
On Nov 7, 2014 5:43 AM, Spriya supriya.uppalap...@gmail.com wrote: I have a requirement to send to snmp traps to any monitoring tool if i get any notice messages. or if the nodes to changed mode in the console. Is anyone did this? Please share your ideas. You didn't mention what platform you're on, but if you're on EL5+ you could use rsyslog to send traps if what you want is in the logs. Other log parsing/aggregating tools could also do it. Another option would be to write or find a report processor that could do it. I'm not sure what you mean by mode in if the nodes to change mode means. Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r4bCe%2BLjdsu1PoQta87ZzTaBWeOdabPg30QuTTf1rX7PQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Re: Puppetmaster can't keep up with our 1400 nodes.
On Nov 4, 2014 7:32 AM, Georgi Todorov ter...@gmail.com wrote: I agree, there is something odd about File retrieval. We are creating a total of 10 autofs maps, however when I run trace, it looks like every separate entry creates a concat::fragment (puppetlabs-concat) which is later combined into a single file. I'm not too familliar with what concat::fragment does, but a quick scan of the code shows a lot of source references. We might have to just go to template files, instead of using the autofs module. That might take care of all our issues. If you're generating the same map for a large subset of hosts, why not do that on the master and put the resulting file in a place the master's file service can serve it from? Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r7PbQUboO2a6vf25GbG8A7NZdof1o1mVrerPTMGZ5z4ig%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Managing folder trees - best practice?
On Nov 1, 2014 5:46 AM, JonY ethrbu...@gmail.com wrote: Along comes an eager dev who says I want to split this tree into two types - the difference between these being ~5% of the files. My choices for managing this tree seem to boil down to: 1. Berate the dev. Not v satisfying - like yelling at a puppy. 2. Maintain two (nearly identical - but not quite) file trees. It's all in git so maybe this isn't so bad. Looks messy though. Means having to sync nested trees and keep them straight. 3. Change the tree structure of what's being copied in and don't recurse. Name every sub folder in the 'file' resource according to which node get what. Neater than #2 but lots of extra work. 4. Create a 'merge' solution so I keep the current folder structure and only merge in the changes for the impacted nodes. #1 - lots of unhappiness #2 - seems prone to error #3 - extra work. probably what will happen though. #4 - seems like the most obvious but (AFAIK) it's not supported by puppet. Is there something better? Another choice I've neglected? Are these trees releases (however you define it) from your devs? Are the files (especially the ones that don't differ) large or very numerous? If they're releases, then you should use what they give you and not try to maintain changes on top of their releases that are outside of their process. If there are changes they could make to help your deployment, such as making more granular releases, work with them to integrate that into their processes. But if that isn't feasible, I wouldn't necessarily bother to try any more deduplication unless the files were very large or numerous and disk space at a premium -- that's likely to lead to more trouble work down the line and your time may easily cost more than you save. In any case, you might consider other approaches to file resources -- it's really not intended for large numbers of files and probably not the best way for your Puppet master to spend it's CPU time if you have now than a few dozen nodes. Depending on how the release is delivered to you, you might consider packaging and installing it with a package resource, using the 'staging' module, using a 'vcsrepo', rsync in a cron job or exec resource, etc. Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r7L2C%2B6hk7TRvZFaU%3D_ZFiQhSue-6uvvfwbVNqyHpXy3g%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Newer to puppet, looking for ways to organize and group configs
On Fri, Oct 31, 2014 at 7:47 AM, JakeJ jacobjul...@gmail.com wrote: Hi all, I've just inherited a puppet environment that is currently managing various linux and OS X nodes. This appears to me to be a non-traditional Puppet environment, as it seems the previous group of employees have built in-house, a web app that allows us to manage the puppet nodes by placing them into groups and assign groups a certain configuration of modules, I believe the puppet master looks to the web app at each check-in to get a list of modules to maintain on the node. Sadly, none of those employees are currently here anymore, and the documentation is lacking, to say the least. The web app built is getting a bit long in the tooth and is falling apart slowly. I'm looking for an alternative that would work with our already in-place puppet master and PuppetDB. The web app you describe sounds like an ENC - external node classifier: https://docs.puppetlabs.com/guides/external_nodes.html Is this where tools such as Foreman and Puppet Dashboard come in? I feel like this can't be an uncommon request..I have distinct modules that I want to group together for various nodes, for example, we have a base servers module, which installs common applications and sets a user account, and we have nginx apache postgres modules that would also be applied, depending on the group the server is placed in. Similar for the OS X nodes, where they will have a different puppet config if the are office compared to lab groups. Surely there is a supported open-source tool that does this? Yes, both Foreman and Puppet Dashboard can be used as an ENC. Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r6%3D7oYBYPkgH36QiQ%2BwRqbKbVG2LAqgn%2BgPZt3ebwv6ZQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Puppet agent message: Could not retrieve local facts: Could not find fact 'define_fact'
On Thu, Oct 23, 2014 at 9:52 AM, Andreas Dvorak andreas.dvo...@gmail.com wrote: Dear all, since today the puppet agent does not work anymore if it is executed by service. I prints out: Could not retrieve local facts: Could not find fact 'define_fact' If I run puppet agent -t I do not get the message. I have updated facter from 1.7.1 to 2.1 and hiera from 1.2.1 to 1.3.4 Did you restart the Puppet Agent after the upgrade? Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r4PXNiwLAOfbW9iM-XC%2BX-OyOkmKHRt%3D83-Tyrbc9qoWg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] example hiera.yaml that uses example42-network?
On Fri, Oct 24, 2014 at 7:49 AM, Anthony Clark dizzysau...@gmail.com wrote: Hi All, Does anyone use example42-network with Hiera? I'm trying to find an example in Hiera that configures that module. https://forge.puppetlabs.com/example42/network/readme So far I've tried, in hostname.yaml (Hiera works OK with hostname, environment, etc etc) --- network::interfaces_hash: eth1: ipaddress: 1.2.3.4 netmask: 255.255.0.0 gateway: 1.2.3.1 Which I think should work, based on the Puppet example from the Forge module readme: class { 'network': interfaces_hash = { 'eth0' = { enable_dhcp = true, }, 'eth1' = { ipaddress = '10.42.42.50', netmask = '255.255.255.0', }, }, } What's actually happening when you do this? I assume you also have include network in your manifests? Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r7zbQDn9Rkmh%3Dd3ozGkS%2BT1WqU8vgrGw5%3DXJ3oihsvMaQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] pull defined type into puppet template?
On Thu, Oct 23, 2014 at 8:50 AM, Trey Ormsbee treyorms...@gmail.com wrote: I working with a dynamic config file template, I have a section for global options, then a dynamic section that i want to populate with multiple defined entries. example config file #global options config_option1=setting1 config_option2=setting2 config_option3=setting3 ... #dynamic section entry=dynamic entry number 1 option1=setting1 option2=setting2 option3=setting3 entry=dynamic entry number 2 option1=setting1 option2=setting2 option3=setting3 Is there a way i can dynamically create these entries in a single template? for instance a defined type: define application::configs ( $entry, $option1 $option2 $option3 ) { #not sure what I would put here } Then pull those entries into the .erb with some kind of function? Is this even possible to do? And you then want to declare multiple application::config resources and have them all show up in the resulting file, generated from a template? It's not possible to have many-to-1 like that with the contents of a File resource, although I myself have wished for something like that. Instead, you can model your configs at a more finely-grained level than just a File resource using other resources/modules, as Trey suggested, the `concat::fragment` type in the puppetlabs/concat module, `ini_setting` type in the puppetlabs/inifile module, or by using Augeas. Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r6CyOVftRLo94W8VOGuUiPxaYbfgB8aGB5zOiF9w7qD-g%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] pull defined type into puppet template?
On Fri, Oct 24, 2014 at 10:07 AM, Wil Cooley wcoo...@nakedape.cc wrote: as Trey suggested, the `concat::fragment` type in the puppetlabs/concat module, Er, as James suggested; sorry. Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r6QB%3D75g9EWkWUodUCLm19Y_wr-e_UPHzwjV2FwFrbuCw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Facter via cron hanging on RHEL5
On Oct 21, 2014 8:41 AM, Paul Seymour paul.seym...@ig.com wrote: Thanks. It's a little tricky to do as it always comes back with a wait4 call if attaching to the hung process. Will try and capture it. `wait4` would indicate it's waiting for a child process; I would try to figure out what the child is doing by having strace run with -f to follow forks. You could run facter from cron with strace prepended so it can strace from the beginning. Use the -o to have strace send output to a file. Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r7DA9a-BW25B%2BsaTRaJe5K4izyrsUtdqgG%3DsJkhKy4fbg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Re: One puppet run divided to two puppet runs
On Oct 20, 2014 6:46 AM, artur.daschev...@ammeon.com wrote: The issue that i don't fully understand is why the puppet run seems to finish: Oct 8 19:58:07 node2 puppet-agent[18912]: (/Stage[main]/Task_node2__package___45_58_54_52_2dlsbwrapper4/Package[EXTR-lsbwrapper4]/ensure) ensure changed '1.0.0-1' to '2.0.0-1' Oct 8 19:58:12 node2 puppet-agent[18912]: (/Stage[main]/Task_node2__package___45_58_54_52_2dlsbwrapper8/Package[EXTR-lsbwrapper8]/ensure) ensure changed '1.0.0-1' to '0:3.0.0-1' Oct 8 19:58:15 node2 puppet-agent[18912]: (/File[/etc/mcollective/facts.yaml]/content) content changed '{md5}cf91bdba62cbaa5149af42b81febbbf4' to '{md5}994da216388be7020bade56907c701ed' Oct 8 19:58:19 node2 puppet-agent[18912]: (/File[maincf]/seltype) seltype changed 'etc_runtime_t' to 'etc_t' Oct 8 19:58:22 node2 puppet-agent[18912]: Finished catalog run in 47.16 seconds Yet after that the puppet seems to continue where it left off: Oct 8 19:58:57 node2 puppet-agent[20580]: (/Stage[main]/Task_node2__package___45_58_54_52_2dlsbwrapper28/Package[EXTR-lsbwrapper28]/ensure) ensure changed '1.0.0-1' to '0:2.0.0-1' Oct 8 19:58:58 node2 puppet-agent[20580]: (/File[/etc/mcollective/facts.yaml]/content) content changed '{md5}994da216388be7020bade56907c701ed' to '{md5}d8c1cb23e367c830bc34a564d49e8353' Oct 8 19:59:03 node2 puppet-agent[20580]: (/File[maincf]/seltype) seltype changed 'etc_runtime_t' to 'etc_t' Oct 8 19:59:05 node2 puppet-agent[20580]: Finished catalog run in 16.30 seconds Not sure about this but my understanding is that a catalog run should be sequential if there is a global lock in place? Yes, the catalog application is sequential but I see nothing to suggest otherwise in these logs (I could be missing it, reading on my phone). What I see is: The File facts.yaml is changed from cf9* to 994* in the first run, then 994* to d8c* in the second. The Packages lsbwrapper4 lsbwrapper8 are installed in the first run, lsbwrapper28 in the second. Without seeing the manifests, we cannot know why these happen in two runs instead of one, but the facts.yaml changing is probably a clue. This looks like a bug IMO. Is there any tracking done of this? What is the antecedent of your final this? Bugs (there's Jira for that) or catalog runs (logs and reports for that) or something else? Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r4RyhZVpSmP2pRR%2BM-PofF2xv2%2Bc39b1hHR%3D9w_GiQ70Q%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Facter via cron hanging on RHEL5
On Oct 20, 2014 1:41 AM, Paul Seymour paul.seym...@ig.com wrote: This didn’t happen with 1.6.x which was our previous version.And I cannot find a RHEL6 host with this issue. So I suspect Ruby here. Any ideas anyone ? Run `strace` on the hung process to try to see what it's doing? Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r5A4bfF9X%2B79ZUbKB214W4MbDKJd%3DgAx-NGNCvuri75yg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Re: pkgutil package provider (solaris)
On Oct 15, 2014 3:55 AM, Frederic Conrotte frederic.conro...@gmail.com wrote: Hello Like many enterprises, we have an heterogeneous infrastructure with some CentOS and Solaris machines. I was wondering if lookthere are existing plans about creating for Solaris the equivalent of the yumrepo type ? Unless this has changed in versions later than what I'm using, pkgutil only supports a single repository, so it's really just a matter of configuring pkgutil.conf. 'yumrepo' is useful because there can be any number of repos defined. Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r40AbpwGC7WckzM_AMw6KWd%2BY-tY0m_XSNOimyLzL0EJA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] site.pp location for 3.7.1 under environment configs.
Hi Jim, You can put the info function call anywhere really - you just want to ensure everything sees it or you will miss nodes; your minimal class is fine. This is one of those features that should probably be changed to use a PuppetDB query (which I didn't have until recently) or dropped if it's already present in the PDB boards. It was a quick hack that worked well enough and has proven to be really handy when doing upgrades. Wil On Oct 2, 2014 12:13 PM, Monkeys Typing monkeys.typ...@gmail.com wrote: I am attempting to get the final pieces of the Puppet Pulse splunk app to work, and the issue I am having is that the splunk application expects the puppet nodes to have an extra notify that calls out the version of puppet on the box. The readme for the app indicates: Version Reporting To gather version information, add the following to your manifests (I have it towards the top of my site.pp, outside of any node definitions): info(node=${::hostname} puppetversion=${::puppetversion}) AFAICT, the proper directory for this file is still /etc/puppet/manifests/site.pp. At least that is what puppet agent--environment production --configprint manifest tells me. However, I have not been able to get this info to trigger on any of my nodes or puppet masters. Full disclosure, i have a puppetmaster manifest that creates a symlink of this file to the real location of /puppet code/environments/site.pp (had also tried putting site.pp at environments/production/site.pp Just wondering what I am doing wrong, and if there is a better place to put the info line. I have a class minimal that EVERY node gets, and I could move my info declaration there. It isn't clear to me exactly what site.pp is used for (or if it IS used) under environment configs. Thanks, Jim Goddard -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/64260c57-74c2-4a32-b452-99a9c36bed6d%40googlegroups.com https://groups.google.com/d/msgid/puppet-users/64260c57-74c2-4a32-b452-99a9c36bed6d%40googlegroups.com?utm_medium=emailutm_source=footer . For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r5M9TFLiv3hYccKLZjZ-KFqhcnXiSRYe0XofNaHOnUTrw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] custom function error undefined local variable
On Oct 2, 2014 10:23 AM, Mark Rosedale mrosed...@vivox.com wrote: I have the following custom function that I'm trying to write. Sorry this isn't an answer to your question, but I recently published a module of functions wrapping the standard system get*by* functions (well, wrapping Ruby's interfaces to the standard system functions): https://forge.puppetlabs.com/wcooley/name_service_lookups This includes `gethostbyname` and `gethostbyaddr`; the main benefit over querying DNS directly is that it understands nsswitch, so /etc/hosts works and any other host database you might want to use. But assuming you want to implement this anyway an exercise in learning Ruby Puppet extensions, you might start by removing all the Puppet stuff and just get the lookups working as a simple standalone Ruby script. Wil require 'resolv' module Puppet::Parser::Functions newfunction(:getIpAddr, :type = :rvalue) do |arguments| Resolv::DNS.open do |dns| ress = dns.getresources(arguments[0], Resolv::DNS::Resource::IN::A) if ress.any? dns.getaddress(arguments[0]) #break else raise(Puppet::ParseError, No valid A Record found for host #{aguments[0]}) end end #return value end end I'm getting the following error when I run this function. Error: Could not retrieve catalog from remote server: Error 400 on SERVER: undefined local variable or method `dns' for #Puppet::Parser::Scope:0x7f5054f07110 at -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/02de838d-6cb2-495a-883d-98fb15782df9%40googlegroups.com . For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r7-oGZ0G%3DN4GXYztLLyEtygt5H0MtE52SNwV%2B08fy%2B56Q%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Re: facter error message - what does this mean?
On Wed, Oct 1, 2014 at 9:48 AM, jmp242 jp10...@gmail.com wrote: I also see this on 3.7.1... Same symptoms. On Wednesday, September 24, 2014 8:16:54 AM UTC-4, JonY wrote: I'm seeing this error appear on a client machine (/var/log/syslog): puppet-agent[17158]: Failed to apply catalog: Could not retrieve local facts: Invalid facter option(s) type If I run 'puppet agent --test' it runs fine. If I run 'puppet agent --test --debug' there is no mention of this error. Yet if I wait until the next scheduled run the error will reappear. What's going on? You've restarted the agent I presume? In the past I've seen errors that would show up only in the scheduled agent runs but not when running it from the command line after upgrading Facter. Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r4cBDmxn4efHsPbBrgLxKR25vLPQSPzYm_jq24usyEF-w%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] rspec test for augeas resource that also verifies the resulting content of the file?
On Sep 25, 2014 6:02 AM, Johan De Wit jo...@open-future.be wrote: For rspec unit testing, one must keep in mind that you are testing the content of the catalog. For *rspec-puppet* unit testing, that is. There is also *rspec-puppet-augeas*, but unfortunately it requires a downrev of rspec-puppet until there is a new release of rspec-puppet, which re-enables the interface that -augeas needs. (Which is less painful w/RVM and gemsets.) r-p-a also suffers from using augeas conditions to test expectations, which makes for a chicken-and-egg situation: if you are not confident with your augeas skills to make the change, you cannot be confident in your verification of the result. (I have not investigated the feasibility of getting the contents of the temp file and using regex or string matches, but it might be possible.) Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r7f9oD1q5aW6zH%2Be5Of%3DHUdYSakEAezNri%3DvZBeyL5ujA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Puppet 3.6.2 package gem provider unable to update r10k gem
On Sep 22, 2014 7:19 PM, treydock treyd...@gmail.com wrote: Error: /Stage[main]/R10k::Install/Package[r10k]/ensure: change from [1.2.1] to 1.3.4 failed: Could not update: Execution of '/usr/bin/gem install -v 1.3.4 --no-rdoc --no-ri r10k ' returned 1: ERROR: Can't use --version w/ multiple gems. Use name:ver instead. I have a hunch that the extra space at the end of the quoted command appears to gem as another parameter, albeit just a null string. I'm trapped under a sleeping baby but I would test with an exec(2)-like function/method in Ruby or Python (where the arguments are passed as an array of strings instead of a single string) and see if gem barfs if there are extra 0-length items. If so, then I'd check gem versions, compare changelogs from both RPM (rpm --changelog packagename) and upstream gem sources. HTH Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r6Nc9qd1p4jtLxzPVcZHfOEKvQE2j-X3zYEi5tKwCY6tA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] .fixtures.yml functionality in spec helper
On Wed, Sep 10, 2014 at 8:39 AM, Brett Swift brettsw...@gmail.com wrote: I see your points on wanting to know what your dependencies are, and maybe I'm missing something on how puppet's module path works. As I understand Puppet will resolve the first module on the path if it sees multiple. Modules should use semantic versioning, so lets assume that in a hypothetical. Also lets assume that I'm developing a module with two direct dependencies, that each depend on stdlib. However one relies on 3.x.x and one 4.x.x.I assume that Puppet can only use one of those.. so which one? That's a good question and is part of the reason I disabled the automatic dependency resolution. I have no idea what you'd do in that case nor what the PMT would do, so it's up to the person writing the tests to decide. It does beg one simple question though. Why wouldn't rspec_puppet_helper forgo .fixtures.yml, instead of using metadata.json? It's a tight coupling.. but maybe a coupling that would be a good idea? Something I've wondered myself too; I think it's partly an historical accident -- For a long time, neither the PMT nor puppetlabs_spec_helper were part of Puppet itself; now the PMT is but spec_helper already has an entrenched user base. Another good reason for them to be separate is to enable a more minimal testing environment. For example, recently I was writing tests for a new module that needed a function from another module I'd written, so either I'd have to add the other module to my fixtures and stub the Ruby library calls the function made or I could exclude the other module and just stub the Puppet function -- that latter was simplest and it would have been messier to have the module installed as a fixture and try to stub the function. (For reference, the MockFunction class from rspec-puppet-utils seems to be the easiest way to stub Puppet functions.) And yet another good reason to keep them separate is to enable testing with various combinations of dependency versions. At least, one could if someone were to write the code to make the name of the fixtures file selectable... Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r6d9DNsF3f4i0bysR3awYVc5rcbVXgY%3DmXyg_6hKn4pkg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] .fixtures.yml functionality in spec helper
On Sep 8, 2014 2:21 PM, Brett Swift brettsw...@gmail.com wrote: why isn't puppetlabs_spec_helper installing dependencies of my dependencies? ... but puppetlabs_spec_helper doesn't.grumble grumble I didn't see a ticket for this ontickets.puppetlabs.com. Is this a feature request, a defect, or pebcak ? Assuming you're talking about modules installed with forge_modules (which I wrote the first cut of) instead of repositories, I consciously added the flag to ignore dependencies with the PMT with the expectation that you should know what your dependencies are and be explicit about them. That said, I have found myself annoyed with having to remember to add all of the (1)th-order dependencies, especially for our mass of internal modules. It also brings up the broader question of whether you really should need to track the transitive closure of your dependencies. Other packaging systems don't make you, so should you really have to here? It could be added as a configuration parameter, but then the next question is where should that be? A configuration section in .fixtures.yml? An environment variable? Then I get side-tracked thinking that maybe the name of .fixtures.yml itself should be selectable by environment variable so you could test with different combinations of versions of dependencies, etc. Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r77GwHzKxah8m0a0cr%3D%3DLnctCbK07Lmxct2-a%2BPTpUivw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] erb tempate issue
On Sep 1, 2014 3:35 AM, Juan Sierra Pons j...@elsotanillo.net wrote: Hi Finally I have changed to another kind on loop that works for my case uri% @ldap_servers.each do |server| -% ldap://%= server -% % end % As you've found, an explicit loop, er, iterable is better than trying to use implicit conversion of an array to a string. An alternative is to use the 'join' method; that will put the separator only between the elements, rather than having to have it before or after each. This would be clearly better with a comma or other non-whitespace separator. Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r69VGauQJ_kNaHvL_eVR3K_QwJb0LNrnBT2f9asSBnX9A%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Query with use of recurse
On Sep 2, 2014 5:43 AM, Balasubramaniam Natarajan bala150...@gmail.com wrote: Hi I have a query regarding how recurse behaves when we call it with ensure = file[1] compared with ensure = directory[2] ? Would it make any sense to call recurse with ensure = file ? No, recurse is only useful for copying directory to directory. What are you going to accomplish? Copying a source directory of symlinks as their targets? If so, there's a separate parameter for that. Wil [1] file {'/home/bala': ensure= file, source = puppet:///files/home/bala/, sourceselect = all, recurse = true, } [2] file {'/home/bala': ensure= directory, source = puppet:///files/home/bala/, sourceselect = all, recurse = true, } -- Regards, Balasubramaniam Natarajan http://blog.etutorshop.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAFHFDA%3D%3DHjSUdCttzWBizMnaJrNgyR_wM4Ga8NEUZoVgTPE5DA%40mail.gmail.com . For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r489aNH6Vt2eXBuSi613QpzQ2E_%2B5ooj%2BNGgpUeWWk5nA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Using puppet with Apache mod_disk_cache and passenger over SSL
On Fri, Aug 29, 2014 at 9:50 AM, Brian Wilkins bwilk...@gmail.com wrote: # RHEL/CentOS: # And the passenger performance tuning settings: PassengerHighPerformance On The Passenger doc says that this bypasses several layers of Apache processing, so it is incompatible with mod_rewrite and others -- I would not be surprised if it also was the source of your trouble. Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r6U03nwf9JEFHftB%2BxAaUuBHfMPoDjy3o_YLRp%3DC6%2BBYw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Puppet, HA Duplicate definitions
On Fri, Aug 29, 2014 at 12:47 PM, Julien Pivotto roidelapl...@inuits.eu wrote: On Fri, Aug 29, 2014 at 06:37:19PM +0200, José Luis Ledesma wrote: If both nodes has to export the same resource ( same type/same title) they cannot be collected together. So, if you need to collect both, change the title to make it unique. Regards, yes, but if they represent the same stuff (remember, we speak about HA), would you EXPORT the data on one node or COLLECT the data of one node? DO they represent the same stuff? Don't the backend nodes that are exporting the data have bits that are specific to themselves, such as hostname or IP address, as part of the exported resource? And doesn't the front-ends that are collecting the resources need to know those unique bits about each backend? Or am I not understanding the model that you're working on? Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r4JRnoh09Fo3GYBD1Znj6HXN9xQvpmbWCcDKZsbc3MzjA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Puppet question
On Aug 28, 2014 11:36 AM, Yan mryan...@gmail.com wrote: Not much help on google for this error: Error: Could not request certificate: Could not intern from text/html: No format match the given format name or mime-type (text/html) This has been setup as closely as possible to the instructions on puppetlabs website. Any ideas? What do you get if you try to connect to the Puppet master with curl or wget? I suspect you're getting a web server's error page. Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r7mZRVCE5F7QeGJsRUkSuxkybFwFfaBz-ZD%2BYeic_p0Hw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Unrecognised escape sequence '\[' in file
On Wed, Aug 27, 2014 at 8:24 AM, Brian Wilkins bwilk...@gmail.com wrote: Have you tried with two backslashes '\\' ? Ah, that was it :) An alternative is to quote the bracket by making it a character class: [[] I used to like this for some reason, but I cannot quite remember why now; it certainly isn't more readable. I guess maybe because it avoids having to figure out backslashing (which is especially nasty if you're running awk with shell environment variable interpolation, within sh -c that's being run by sudo over a remote shell). Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r6dAx7y3xfdv60Qo9PovGYXeOrBzXH2%3Dfj%3Dwr5Zy%2BQ8TQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Puppet logging agent/master
kOn Tue, Aug 26, 2014 at 10:34 AM, Mike Reed mjohn.r...@gmail.com wrote: I suppose I have two questions: 1. Is there a simple way to push messages to a file other than /var/log/syslog on an Ubuntu machine? I think the rsyslog Ramin mentioned is a good way to filter. 2. Is there a preferred way in the community by which people aggregate logs to make troubleshooting nodes issues easier to manage? I use syslog forwarding to a central log collector and then use rsyslog collector to separate the Puppet events to their own file. I feed the files into Splunk. I also have a Puppet report-processor that logs via syslog with the data in a key=value format, which is automatically extracted by Splunk but might be useful for other log event management systems: https://forge.puppetlabs.com/wcooley/cimlog_report This only handles data from the agent (but it logged by the master); the master can still have errors and data outside of the agents' reports that's useful. For example, the catalog compile time is logged by the master and some failures only show up on the master; analysing the Apache (or whatever HTTP/Rack server you use) is also useful analysing what is being most frequently requested. I have a Splunk app I've written (but never quite finished enough to push to Splunk-base): https://github.com/wcooley/splunk-puppet Much of this can be done with PuppetDB and Erik Dalen's demo Puppet Explorer looks like it handles much of the visualization too. Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r6bk7bqYb5GfFArLjMdHpOpAQ_JnQrcr0jmMX%2Bg82E31A%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Re: Puppet 'node data' when using common node_names?
On Aug 22, 2014 7:37 AM, Matt W m...@nextdoor.com wrote: Anyone have any thoughts on this? I have to say, using an identical node name as a way of assigning the node's role is an interesting approach. I would not be surprised if you run into other difficulties with this approach; some even harder to find. Even something like an appended unique identifier, such as from the host ID, MAC address, serial number, hashed SHA1, etc would have been better. Be that as it may, life would be dull if we didn't have to live with the sins of the past. You might check the config guide https://docs.puppetlabs.com/references/3.6.latest/configuration.html but in thinking about it, if you found a setting and tried to use a fact in it, you'd probably just get the master's fact. The reports, at least, should be easy - since they're pluggable, you could copy the existing lib/puppet/reports/store.rb to a new name module and tweak the storage location. Wil On Thursday, August 14, 2014 10:39:16 AM UTC-7, Matt W wrote: We noticed that our puppet reports and our puppet node data stored on our puppet servers is always written out in the form of the 'node name'. So when we use a node name like 'prod_webserver' across many webserver machines, we get a tree of reports and node data like this: /var/lib/puppet/yaml/node/prod_web.yaml /var/lib/puppet/yaml/facts/prod_web.yaml /var/lib/puppet/reports/prod_web /var/lib/puppet/reports/prod_web/201408130200.yaml /var/lib/puppet/reports/prod_web/201408140811.yaml /var/lib/puppet/reports/prod_web/201408121328.yaml /var/lib/puppet/reports/prod_web/201408130743.yaml /var/lib/puppet/reports/prod_web/201408140454.yaml Where each of those reports likely reflects a compilation run for a different host... and the facts/node files at the top are getting constantly re-written as new clients come in. Is there a way to change the behavior of the data there to be written out based on the ${::fqdn} of the host (or certname) rather than its node name? (our client puppet configs ...) [main] ... node_name = facter node_name_fact = puppet_node (a client puppet fact file...) puppet_node=prod_web puppet_environment=production package=frontend=some-version-here app_group=us1 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/40c0048d-fc90-4006-99da-98bfa9ba94a7%40googlegroups.com . For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r5MwNDV%3DCEnxVrr4pL1w_Xi3byR5xphPxPZH3%3D2XgJdXQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] puppet resource ordering/execution kungfu
On Aug 21, 2014 5:53 AM, jcbollinger john.bollin...@stjude.org wrote: No new parameter, but you could also repackage your RPM so that it handles the permissions of /tmp itself. I suspect that would conflict with the package that already owns /tmp (basefiles or whatever it's called). It might be possible to remount with and then without exec in the pre and post install scripts. To avoid modifying the original package, it might be possible to use a wrapper package that is nothing but the scripts dependency, exploiting the transactional ordering that the scripts would run in. (If my memory of how that works is accurate.) By the way, what's the point of mounting /tmp non-executable? I mean, I know in general what the effect is, but why is that desirable for /tmp? It's not uncommon for non-root exploit scripts to upload and run their payload from /tmp, as it is generally available. Another alternative depending on your platform might be some of the namespace stuff that later Linux kernels support and use that to provide a private /tmp to that package installer. I'm not sure how feasible or even possible that is. Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r4oUzxaEAGeLHohb20f%2B%3DfCJFYWa%3DZxFTrVQicJhZS-MQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Re: Augeas hates me!!!
On Wed, Aug 13, 2014 at 8:22 AM, randal cobb rco...@gmail.com wrote: from this manifest entry: augeas { 'apache2': context = /files/etc/sysconfig/apache2, lens= sysconfig.lns, incl= '/usr/share/augeas/lenses/dist/', changes = 'set APACHE_MODULES \'actions alias auth_basic authn_file authz_host authz_groupfile authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl userdir reqtimeout authn_core authz_core status asis auth_digest headers proxy proxy_http rewrite vhost_alias authz_default proxy_balancer\'', } Try instead: augeas { 'apache2': incl= '/etc/sysconfig/apache2', lens= 'Sysconfig.lns', changes = ... } You probably don't *need* either the incl or lens parameters but my experience is that agent performance is absymal without them; otherwise Augeas will scan and load all of the files it knows about when it starts up, which is slow -- and coupled with the fact the Puppet provider creates a new Augeas instance for every resource (unless this bug has been fixed), it's really slow. You might find more help with the Augeas guide: https://docs.puppetlabs.com/guides/augeas.html As others have said, Augeas can be tough to get your head around, in part because there are at least 4 or 5 different languages involved, some of which are confusingly similar or bleed into each other: - Lens schema language - Path expressions (and the link to the path expression doc is buried in the Tree page and 404 anyway; should be https://github.com/hercules-team/augeas/wiki/Path-expressions) - Tree structure magic control files under /augeas - Tree manipulation and query commands which are similar but not wholly isomorphic: - augtool commands - Puppet parameters for Augeas type - Language bindings aka public API: C, Ruby To effectively test and develop Puppet resources, you need everything EXCEPT the lens schema language. Unfortunately, if you click the Documentation link on augeas.net, only the first sub-items are NOT related to lens schema development. And docs extracted under Stock Lenses is a muddle of both. Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r5511CS4cadWxMZ-A6wcxd6x5HZZLaMm3K6AJaOeFD9Pg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] How can we find out the directory presence?
On Mon, Aug 18, 2014 at 10:01 AM, Christopher Wood christopher_w...@pobox.com wrote: This is generally the reason that you need something like puppet, that you want to enforce a configuration. If you need to detect things about a server, there are a number of things you can do: a) monitoring (snmp?) check invoking a custom script, script detects the dir b) use something like mcollective to check in real time whether the dir exists c) ssh in and use ls d) Write a custom fact; external facts https://docs.puppetlabs.com/facter/latest/custom_facts.html#external-facts make it as easy as writing a small shell script: /etc/facter/facts.d/mydir.sh: #!/bin/sh test -d /foo/bar echo dir_foo_bar_exists=true The usual point also, that you should stop asking your servers how they are and tell them how they should be. Declare, don't inquire. That's great advice and a worthwhile long-term goal. But when you're just starting out or are increasing management coverage incrementally, you need to do these kinds of things. Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r7XFyhLHy2ocT1JSydYuY1GvJW9H_4XgJVQCKwptWeWEw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] How to make puppetlabs_spec_helper ignore modules inside fixtures
On Aug 12, 2014 11:57 AM, Sebastian Otaegui fen...@gmail.com wrote: Hello all, I have created this module: https://github.com/Spantree/puppet-thrift and everything worked fine all specs ran fine. Now I using the puppetlabs/apt module and when I run the 'rake spec' it is trying to run the 'apt' tests, and it is failing (I think) because I am not providing the appropriate facts. Is there a way to ignore the rspecs inside the fixtures/modules/ directory? I tried to do this: require 'rake' require 'rspec/core/rake_task' RSpec::Core::RakeTask.new(:spec) do |t| t.pattern = 'spec/*/*_spec.rb' end But it didn't work. How about just: require 'puppetlabs_spec_helper/rake_tasks' -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r457FBh_OK_%2BEZiDFnRjQVY8cUv%3D1RE2-GFbA8y9DA3Xg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] PuppetMaster LB on top of OCFS2
On Jul 18, 2013 10:00 AM, Jakov Sosic jso...@srce.hr wrote: I'm trying to design a solution that will encompass load balancing puppet master. I have two nodes, and idea is to connect them with DRBD, put some cluster aware filesystem (OCFS2 or GFS2), and just link /etc/puppet and /var/lib/puppet on both nodes to cluster FS. Accessing to the masters would be load balanced by round-robin DNS. Would this work? Is there any problem that both masters are using the same directories? Any possibility of data corruption or potential race-conditions? This would be risky if not disastrous. I am wary of anything that might depend on file locking on shared file systems, unless it is well-supported by the vendor. You should be able to share /etc/puppet as this should be read-only for the master process (you might have a function that generates or writes files here, but that would be unusual). But you could more simply maintain this with SCM checkouts, unless you have the agent generating files here and precise consistency required. For /var, however, you might divide into data subsets, some that you could safely share and some definitely not: - Reports processed with store are named with timestamps and node names, so that might be ok. And a single report, stored in a single file, is unlikely to be a big deal if lost. - Reports processed with rrdgraph seem like a big risk. - The CA store seems highly vulnerable to race conditions, unless you have such a low rate of node provisioning you can guarantee serial access -- but you probably would not need an HA setup in that case. - The filebucket I would expect to be risky -- seems like a high probability of attempted concurrent writes of the same file. - Other stuff is specific to the node agent and node master that you would not want to share in any case. You might consider an active/passive setup with a front-end load balancer, where one of the above data subsets is effectively read-only for the passive server. You could distribute the load by taking advantage of the ability to configure the various master roles (fileserver, catalog, inventory, filebucket, CA, etc.) with different hostnames and ports. It would still be a risk of corruption in a split-brain situation, but that's often (always?) a danger with shared-storage filesystems. Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] PuppetMaster LB on top of OCFS2
On Jul 19, 2013 11:34 AM, Jakov Sosic jso...@srce.hr wrote: On 07/19/2013 09:16 AM, Wil Cooley wrote: - The CA store seems highly vulnerable to race conditions, unless you have such a low rate of node provisioning you can guarantee serial access -- but you probably would not need an HA setup in that case. I thought that only problem in this case could be two nodes simoultanously sending certificate request, which could cause the certs to get same serial, but couldn't that be solved just by issuing revocation for that serial? Assuming that file is updated safely, that is, copy to temp, modify, rename, then that might be OK. The agent no doubt takes care to update file resources that way, but its extra work and I wouldn't assume other parts that were not intended for concurrent access do that. You'd want to test carefully or read the code, at least. - The filebucket I would expect to be risky -- seems like a high probability of attempted concurrent writes of the same file. While? If one client connects only to one master per run? Often one file is distributed to many clients and when that file is changed there is a fairly narrow window of time that most of those clients will update; and most of those have the same old file, with the same checksum, so there is a high probability of concurrent writes. We don't have such a high volume environment but we do have two machines at our disposal. So why not set up LB instead of simple HA... *shrug* Complexity like that tends to fail in the most surprising of ways. More than once I've seen active/active redundant systems fail worse and more frequently than non-redundant or active/passive systems. (OTOH, secomdary systems that are not used have a way of being overlooked and not there when you need them.) I'm still considering solutions, although one of the most easier to set up is simple HA through RHEL Cluster, with failover/failback in case of the primary node failure. That would probably be safest and easiest. I have often lamented that HA cluster systems don't seem to support two nodes that are differently active (2 VIPs for 2 DNS servers, for example). Or at least, I've not found clear and obvious docs supporting that. Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] What do YOU do to catch undefined variables
On May 2, 2013 1:45 PM, Larry Fast lfast1...@gmail.com wrote: IMO, the core issue is that Puppet has no mechanism for reporting read attempts on undefined variables. So my question to the community is, what do YOU do to catch undefined variables? If anyone has a first class solution I'd love to hear it. But I'm also happy to consider ANY means to detect undefined variables. I may resort to explicitly listing all my variables and checking them with a custom ruby function. If you are comfortable with Ruby (or willing able to learn it), rspec-puppet should catch most or all of these. Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Externally accessing variables defined in defined type instance
I have a case where I need to somehow access a variable in a defined type, which is built from the parameters of the defined type (and possibly other sources). As far as I can tell, doing this directly is not possible, nor have I found a good way to do so indirectly. Here's an example: # hypothetical 3rd-party or internal module define openssl_keypair { include openssl_keypair::param $keyfile = ${openssl_keypair::param::keydir}/${title}.key $certfile = ${openssl_keypair::param::certdir}/${title}.crt file { $keyfile: ... } file { $certfile: ... } ... } # 3rd party: torian/ldap class ldap::server::master(..., $ssl_cert, $ssl_key, ...) { # $ssl_* used in a template, augeas, etc # pretend this class does not include file resources for these ... } # 3rd party: puppetlabs/apache class apache::vhost(..., $ssl_cert, $ssl_key, ...) { # likewise ... } Now I want to use these: modules/profile/manifests/ssl_webserver.pp: openssl_keypair { 'foo.example.com': } apache::vhost { ... ssl_cert = '/etc/pki/tls/...', # Damn, gotta hard-code this ssl_cert = '/etc/pki/tls/...', } I think you can see where I'm going with this -- the only way to know what the former's $keyfile and $certfile are is to somehow refer to these variables but from what I can tell, that is not possible. Does anyone see a good way around it, given the current and planned future? I considered that there could be a hash-of-hashes somewhere, with the openssl_keypair's $title as key and sub-keys for keyfile, certfile, but while looking at the 2.7 language spec: Significant Bugs: Mutability Due to a bug in Puppet, hashes are mutable — their contents can be changed within a given scope. New elements can be added by assigning a value to a previously unused key ($myhash[new_key] = New value), although existing keys cannot be reassigned. This behavior is considered a bug; do not use it. It will not be removed during the Puppet 2.7 series, but may be removed thereafter without a deprecation period. http://docs.puppetlabs.com/puppet/2.7/reference/lang_datatypes.html#significant-bugs-mutability-1 This section is absent from the reference for v3, so I presume this bug was fixed. Any ideas? I can imagine doing something really yucky with a function or template. Does anyone else see this as useful? Should I open an FR for it? I did not find anything already in existence. Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] passing an environment variable to a command in a provider
On Jun 28, 2013 2:06 PM, Tim Mooney tim.moo...@ndsu.edu wrote: works fine, but on hosts where we use our mysql module with the custom types and provider, we can't do that. We instead have to sudo su - puppet agent --test An alternative and trivia in addition to what Nan said: You can use sudo -H to set $HOME, or sudo -i to get a full login environment like 'su -' gives. There are also sudoers config params that can make at least the former default, and probably the latter too. And just for kicks, you can get a shell with: sudo -s Additionally, you can explicitly pass the path of the `my.cnf`, rather than relying on $HOME, which is what I'd do. Then you could make it a resource parameter and gain some flexibility. Sorry I'm a little short on details; I'm on my phone and don't have the man pages handy. Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] puppet allow regex issue in file server
On Jan 21, 2013 1:32 AM, Anadi Misra anadi@gmail.com wrote: hi! all, the following regex fails for a mount point definition [palms] path /apps/puppet/projects/palms/%h allow /^bangvmplmpalm([0-1][0-4,9]).example.com$/ The allow directive uses wildcards, not regular expressions: http://docs.puppetlabs.com/guides/file_serving.html Unless this was added but not documented. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Parameterizing params?
On Jun 1, 7:42 am, Jeff McCune j...@puppetlabs.com wrote: Honestly, these feel like different modules to me primarily because they're very different things on Solaris. Some of those apaches may have SMF manifests, some may not, the paths are going to vary wildly, etc.. That's an interesting twist--we've generally been organizing modules based on a vague notion of distinct services or system facilities (with concomitant ambiguities for very general or very minor ones, like Should logadm/ logrotate be part of the syslog module or in (a) separate module(s)? and Where should a refresh-only exec to reload init go?) and leaving it up to ::params to get these parts right for each $::osfamily, since we routinely deal with these same variations but based exclusively on facts rather than admin's whim. I think doing all of this in one module will make the module overly complex. The majority of the code will be dealing with What Apache instance am I really managing here? Unless you use defined resources, it will also be difficult to manage multiple copies of Apache on the same node with this module. Apache might have also been a poor example, since the legion of Apache modules on PF (and the complexity of our own internal module) attests to the inevitable incompleteness for a sufficiently complex service. Or maybe it was a really good example. In fact I was starting a Samba module and vaguely assuming that there were possibly other packages than those from OpenCSW that were in use somewhere in the world. (And I wonder why things take so long...) By comparison, Samba is relatively simple--one config File, one or two Services, three different package combinations, etc. The conclusion that I am drawing based on your and jcbollinger's responses is that there is not an obvious and correct way to do this and, on my part, I am just solve my immediately needs and not solve the general case right now. Thanks! Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Manage but don't create resource
On Jun 1, 8:49 am, GriffaA10 alan.griffi...@interoute.com wrote: The overhead of explicity realising the resources would be too great. Specifically what I am trying to achive is disabling accounts on existing hosts, while preventing them from being created when new hosts are turned up. So when a user leaves the company the account would be disabled by locking the password and disabling the shell, and if new host was turned up tomorrow I would not want the account created there. The only straightforward (but hackish) way I see to achieve this is with an Exec and onlyif (probably wrapped in a define): define dead_user($username) { exec { remove-user-${username}: onlyif = /usr/bin/getent passwd ${username} /dev/null, command = /usr/sbin/usermod ... ${username}, } } Another possibility would be to make a fact that returns all of users on a system and do something with that--maybe returns a colon-delimited list and uses the 'split' function and the 'member' function from stdlib. Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Parameterizing params?
I'm probably trying to solve a problem that I don't really need to solve, but I'm hard-headed enough that I'm going ahead anyway... I am using foo::params to centralize things like file paths, package names, etc. that vary by $::osfamily, but I am running into difficulties where the actual parameters might vary partly on $::osfamily but within an OS family there might be other variations not represented by facts. Let's say I have a platform like Solaris where a particular software package may be provided by several different parties and where I might have perverse reasons for wanting to vary the package source-provider on a system-by-system basis. Take Apache, for example: on one host that's doing simple static file serving, I might use the 2.0 build that is included with Solaris--minimizes dependencies, patches come from OS vendor, etc.; on another Solaris box, a developer wants something more complicated, so the 2.2 build from OpenCSW is needed. And another developer wants Apache from Sunfreeware. If stupid internal politics do not seem like an adequate justification, let's say I'm building a module that I intend to distribute via Puppet Forge, where I shouldn't just assume that everyone will want his package from one vendor or the other. How do you solve this? Parameterized classes seem like the obvious answer, but what I've come up with introduces an ordering dependency: # init.pp class testmod { include testmod::params info(\$testmod::params::whosit is '${testmod::params::whosit}') } # params.pp class testmod::params ($whosit = foo) { info(\$whosit got a '$whosit') } This works: class { 'testmod::params': whosit = 'barbarbar' } class { 'testmod': } # or include testmod But this results in Duplicate declaration: Class[Testmod::Params] is already declared: class { 'testmod': } class { 'testmod::params': whosit = 'barbarbar' } as does node inheritance: node basenode { include testmod } node /./ inherits basenode { class { 'testmod::params': whosit = 'burburbur' } } The best thing that I've come up with so far is to parameterize the top-level class: class testmod ($whosit = foo) { class { 'testmod::params': whosit = $whosit } ... } Which seems fine if the top-level class is the only thing to use the testmod::params class, but that's unlikely in real life--I will probably have a testmod::install class that uses the package name, a testmod::service the uses the service name, etc. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Facter not initialized in rspec in puppetlabs-stdlib?
On Apr 16, 2:01 pm, Jeff McCune j...@puppetlabs.com wrote: On Sat, Apr 14, 2012 at 8:34 PM, Wil Cooley wilcoo...@gmail.com wrote: On Thursday, April 12, 2012 10:06:25 AM UTC-7, Jeff McCune wrote: The problem is that modules like stdlib need Puppet to be initialized in a manner suitable for testing. Setting things like confdir and what not. This means different actions for different versions of Puppet, and stdlib works all the way back through 2.6. I took the expedient way out and commented out the requires from spec_helper. :-\ My tests pass now, at least. I have now added tests for the has_ip_address and has_ip_network, which are more porcelain than has_interface_with. https://github.com/wcooley/puppetlabs-stdlib/compare/puppetlabs:maste... If you like it, I will open a ticket and submit a pull request. Yes, please file a ticket at: http://projects.puppetlabs.com/projects/stdlib You'll need to register an account if you don't already have one. If it's a somewhat substantial patch could you also please sign the CLA at:https://projects.puppetlabs.com/contributor_licenses/sign I thought I responded that I had opened a ticket and submitted a pull request, but I guess I didn't. Anyway, here's the ticket: https://projects.puppetlabs.com/issues/13974 And here's the pull request: https://github.com/puppetlabs/puppetlabs-stdlib/pull/64 Would someone with access fix the typo in the subject of the ticket? Change not to use to not easy to use. Thanks! Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Requiring defines from other classes in a fact
On Apr 16, 2:39 pm, Boudewijn Ector boudew...@boudewijnector.nl wrote: Very very simple, except for the fact that I want to add the dependency for the mysql::database too. I'm using this excellent module for managing mysql:https://github.com/camptocamp/puppet-mysql Is there a neat way to do something like this service{openca: ... requires = [Package[openca],mysql::database[openca]], } I already tried doing this, and also tried dependency chaining, but just can't get it to work at all. You've almost got it here; you need to use reference syntax for the mysql::database resource just like you do for the package: requires = [Package[openca],Mysql::Database[openca]], Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Question regarding multi-OS NTP manifest
On Apr 15, 4:44 pm, Jesse anonym...@gmail.com wrote: case $operatingsystem { centos, redhat: { $ntp = ntp } debain, ubuntu: { $ntp = ntpd } This is backwards; centos/redhat should be 'ntpd' and debian/ubuntu should be 'ntp'. if $ntp == 'ntp' { service { 'ntp': name = $ntp, ensure = running, enable = true, hasrestart = true, hasstatus = true, }} else { service { 'ntpd': name = $ntp, ensure = running, enable = true, hasstatus = true, hasrestart = true, } } This conditional is redundant. I think it's better to use one resource name and change the name attribute with the variable as you have done (although I would a more explicit variable name like '$ntp_service'): service { 'ntp': name = $ntp_service, ... } err: /Stage[main]//Service[ntp]/ensure: change from stopped to running failed: Could not start Service[ntp]: Execution of '/sbin/service ntp start' returned 1: at /root/learning-manifests/ntp.pp:24 This is because of the reversal I mentioned above; it should be 'ntpd' on CentOS, not 'ntp'. When I run the vanilla script, everything configures correctly and ntp(d) is started. Why is my second script using /sbin when it seems that it should be using /etc/init.d/? Have you tried 'man service'? '/sbin/service' is a way of running init scripts with a sanitized environment and is the preferred way of running init scripts rather than doing so directly. http://linux.die.net/man/8/service -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: collecting resources for iteration in a template
On Apr 16, 1:45 am, Jonathon Anderson anderbub...@gmail.com wrote: I have a `sysctl::variable` defined type that creates files in `/etc/sysctl.d`. Some operating systems (*cough*SLES10*cough*) don't read sysctl settings from `/etc/sysctl.d`, though, and expect all settings to be in a single file, `/etc/sysctl.conf`. For such operating systems, I'd like to define the content of that file with a template that references the values of the `sysctl::variable`s. In the Puppet DSL I can collect all fragments with language like `Sysctl::Variable| |`. How can I do something similar in a template such that I can access the variable names and values? For example: Have you considered instead using something like the file fragment pattern? Basically, you add 'notifiy' to sysctl::variable resources to notify an exec that rebuilds sysctl.conf from sysctl.d (basically cat /etc/sysctl.d/*.conf /etc/sysctl.conf). http://projects.puppetlabs.com/projects/puppet/wiki/Generating_a_config_file_from_fragments (I'm not sure the special concatenation script is really necessary; you can have the exec notify the service to reload if necessary and the 'for' loop is unnecessary with shell wildcards. At least, that's how we do it at work.) Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Need puppet module for condition copy
On Apr 13, 10:49 am, Munna S 19.mu...@gmail.com wrote: I followed your steps. now i am getting below error Apr 13 17:42:44 pil-vm-pup-01 puppet-master[7899]: Could not find class dev_jboss_jeeva for vm-jeeva2.aircell.prod at ... i have jeeva_base.pp file under /etc/puppet/manifests/nodes and below is its content node jeeva_base { include dev_jboss_jeeva} -- also i have a another .pp file by name vm-jeeva2 under /etc/puppet/manifests/nodes and below is its content. we have seperate .pp file for each server name. one server is vm-jeeva2. -- node vm-jeeva2 inherits jeeva_base {} what could be the problem ? Where is the class dev_jboss_jeeva defined? You mentioned above an 'init.pp', which would be usual if you were using modules, but it does not seem like you are using modules. It sounds like the problem you are having is wholly outside of the complicated machinations of what you're trying to do. It looks more like you have a much simpler class-loading problem. Here are a few things to try: * Comment out all of the stuff from dev_jboss_jeeva and replace it with a warning function call, to log that everything is working right: class dev_jboss_jeeva { warning(dev_jboss_jeeva has successfully loaded) } * Copy your class dev_jboss_jeeva { ... } right before the node jeeva_base and see if you see your warning message (I suggest warning instead of info because info sometimes requires using --verbose on the command line; warning will always show): class dev_jboss_jeeva { warning(dev_jboss_jeeva was here) } node jeeva_base { include dev_jboss_jeeva } If you see the message with the class defined right before the node, but not wherever else you have it, then you know the problem is that it is unable to actually find the class and you should give specifics about that instead. Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Facter not initialized in rspec in puppetlabs-stdlib?
On Thursday, April 12, 2012 10:06:25 AM UTC-7, Jeff McCune wrote: The problem is that modules like stdlib need Puppet to be initialized in a manner suitable for testing. Setting things like confdir and what not. This means different actions for different versions of Puppet, and stdlib works all the way back through 2.6. I took the expedient way out and commented out the requires from spec_helper. :-\ My tests pass now, at least. I have now added tests for the has_ip_address and has_ip_network, which are more porcelain than has_interface_with. https://github.com/wcooley/puppetlabs-stdlib/compare/puppetlabs:master...wcooley:has_interface_with_function If you like it, I will open a ticket and submit a pull request. Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/q8neT0W4zUcJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Facter not initialized in rspec in puppetlabs-stdlib?
I have been working on adding some predicate functions to puppetlabs-stdlib that test things based on 'interfaces' and related facts. The functions themselves seem to work fine in my manifest-based smoketests, but I am running into trouble that may or may not be due to my ignorance about rspec or Facter. Something needs to be done to initialize Facter because lookupvar('interfaces') just returns :undefined. I have not found any examples in the existing rspec tests; getvar_spec.rb seems like it should have something but the tests it does are pretty basic. You can see some of what I've been trying at https://github.com/wcooley/puppetlabs-stdlib/blob/master/spec/unit/puppet/parser/functions/has_interface_with_spec.rb Is there something obvious I'm missing? Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/XBJE-12hhCoJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Facter not initialized in rspec in puppetlabs-stdlib?
On Wednesday, April 11, 2012 9:03:22 AM UTC-7, Jeff McCune wrote: On Tue, Apr 10, 2012 at 11:00 PM, Wil Cooley wilcoo...@gmail.com wrote: In general, you should assume the spec_helper for stdlib will initialize facter for you. In fact, you don't need to do require 'facter' in your example specification. You can see some of what I've been trying at https://github.com/wcooley/puppetlabs-stdlib/blob/master/spec/unit/puppet/parser/functions/has_interface_with_spec.rb Cool, I went ahead and pulled down your branch. If I might make a suggestion, I notice you're developing on the master branch and you have a number of commits that have not actually been merged into the master branch of the puppetlabs repository. Yeah, usually I do make branches; I think I mistakenly committed to master and then did not want to take the time to figure out how to move it on to a branch; your instructions below were very helpful. It would've taken me some hours between re-reading Pro Git and searching stackoverflow to figure it out on my own. The setup looks to be quite strange. You shouldn't ever need to define a get_scope method. I recommend looking at the validate_re_spec.rb for a good example. It is strange; it's the result of an hour or two of thrashing about, throwing bits at the wall and trying to see if anything stuck. Toss in some frustrations with gem and getting a working rspec environment and it's a really bad dish. I'm also re-working your topic branch in my own if you'd like to take a look at the changes. Thanks; I think I was expecting to be able to get facts from the live system, which is obviously inferior to mocking the facts that should be expected. I've merged in your branch and looked at your reworked version; I think it makes sense and I see how to proceed with adding the rest of my tests. Unfortunately, I am unable to run any of the rspec tests--not just in has_interface_with_spec.rb, but on any of the specs. They fail with: Failure/Error: Unable to find matching line from backtrace NoMethodError: undefined method `initialize_everything_for_tests' for #Puppet::Util::Settings:0x2b7d43d59940 I've got 2.7.13, RPMs built yesterday, both puppet and puppet-master installed: $ rpm -qi puppet Name: puppet Relocations: (not relocatable) Version : 2.7.13Vendor: (none) Release : 1.el5 Build Date: Tue 10 Apr 2012 01:52:57 PM PDT Install Date: Wed 11 Apr 2012 09:46:53 PM PDT Build Host: rpm-builder.puppetlabs.lan ... ISTR seeing something about this method in the commit logs recently... Also, go ahead and reply to puppet-dev if you wish; I'm trying to use the Google Groups interface and it does not appear to let me direct my response to a different group. Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/Y1_YL3HbfVgJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: from= in ssh key
On Wednesday, March 28, 2012 6:44:09 PM UTC-7, Brandon wrote: Fairly new to puppet here and trying to figure out a couple of issues with distributing ssh keys. First one is how can I distribute a public key with the from= field at the beginning. What I currently have working is ssh_authorized_key { brandon: user = brandon, ensure = present, type = ssh-rsa, key = B3NzaC1yc2E.. } which adds ssh-rsa B3NzaC1yc2E.. to my authorized_keys just fine. But how do I prepend that with from=1.1.1.1 ? Everything I've tried doesn't work. Thanks. Have you tried: options = ['from=...'], or even just: options = 'from=...' Wil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/KPQan9SFtrIJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.