[Puppet Users] File integrity monitoring and expected Puppet changes

[banjer]

Hi all,

How can I retrieve a file's most recent checksum as reported by puppet? 
 I'm running Puppet 3.1, PuppetDB 1.4, and Foreman 1.2, and have looked 
through the various APIs as well as /var/lib/puppet/ on each node, but 
can't find a specific field for the checksum.  I think it used to be in 
/var/lib/puppet/state/state.yaml, but was removed in recent puppet versions due 
to inconsistencies .  I see 
ways to return a node report, but they don't seem to contain the checksum. 
 I suppose just checking that the file was changed via puppet is sufficient 
in saying that this was an expected change, but it would be nice to also 
compare the sum in puppet vs. the file integrity monitor.


In general, I want to have my real-time file integrity monitor check 
against expected puppet changes so I don't receive alerts from 100's of 
servers.  I've seen a little discussion on this topic here and there, but 
would love to see some more light shed on this particular subject.  I 
realize that there is a risk involved with NOT sending an alert because 
"this change was expected per puppet", but this to me is better than 
getting thousands of alerts each day and actually missing something 
important due to info overload.

How do you guys monitor file integrity across many hosts?

I'm using OSSEC syscheck, but still evaluating so I'm open to other tools 
and general thoughts on the subject.

Thanks!
Jason


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Problem retreiving catalog

[banjer]

Scratch my note about storeconfigs not being supported in Foreman 1.2.  
More clarification about this stuff in 
https://groups.google.com/forum/#!topic/foreman-users/UxON4FtROUk

On Saturday, September 7, 2013 3:33:05 PM UTC-4, banjer wrote:
>
> If you are upgrading to Foreman 1.2, note that you will need to set up 
> puppetDB as the typical puppet storeconfigs is no longer used/supported as 
> of Foreman 1.2.   
>
> So don't delete or alter your type column in the hosts table, or you'll 
> get this issue I was having:  
> https://groups.google.com/forum/#!topic/foreman-users/UxON4FtROUk
>
> On Wednesday, July 10, 2013 7:32:13 PM UTC-4, Nikolay Georgieff wrote:
>>
>> I solved my issue. Cloned the shared db for Foreman (emptied the type 
>> column @ hosts table)  and updated the external_node.rb with the latest one.
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Problem retreiving catalog

[banjer]

If you are upgrading to Foreman 1.2, note that you will need to set up 
puppetDB as the typical puppet storeconfigs is no longer used/supported as 
of Foreman 1.2.   

So don't delete or alter your type column in the hosts table, or you'll get 
this issue I was having:  
https://groups.google.com/forum/#!topic/foreman-users/UxON4FtROUk

On Wednesday, July 10, 2013 7:32:13 PM UTC-4, Nikolay Georgieff wrote:
>
> I solved my issue. Cloned the shared db for Foreman (emptied the type 
> column @ hosts table)  and updated the external_node.rb with the latest one.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Invalid resource type anchor.

[banjer]

I had to install the puppet stdlib module with:

*puppet module install puppetlabs/stdlib*


and that fixed the issue.  It wasn't available in my /etc/puppet/modules.  
I'm not sure if its *supposed* to be installed by default. I'm running 
puppet 3.x and had upgraded from 2.7.

On Monday, January 28, 2013 5:27:04 PM UTC-5, Ryan Trinder wrote:
>
> I noticed that puppet modules installs modules in */etc/puppet/modules*, 
> which is different than where I keep my modules. I added* /etc/puppet/modules 
> *to the* modulepath *in puppet.conf, fixed the problem
>
> On Tuesday, October 9, 2012 11:01:55 AM UTC-4, Fran Rodríguez wrote:
>>
>> Thanks Hugh, you are right!! Now it works.
>>
>> On Tuesday, October 9, 2012 12:20:33 PM UTC+2, Hugh Cole-Baker wrote:
>>>
>>> On Tuesday, October 9, 2012 10:24:53 AM UTC+1, Fran Rodríguez wrote:
>>>
 Yes, it does. This occurs when change apt module for the 
 puppetlabs-apt. Maybe is a issue with environments, im trying to figure 
 out 
 what is happening, and like the log said the module stdlib which provide 
 the anchor type, is not being recognize. 


>>> I had the same problem, caused by the puppetlabs-stdlib Ruby libraries 
>>> not being available to the puppet master when it was parsing and compiling 
>>> the manifests. It's related to bug 
>>> http://projects.puppetlabs.com/issues/13858 as far as I can tell. The 
>>> solution was to run puppet agent on the master itself, with pluginsync 
>>> enabled, such that the required plugins from the puppetlabs-stdlib module 
>>> get "synced" onto the master.
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Module for tuned-adm

[banjer]

Thanks, I was about to roll out a puppet module for tuned-adm and found 
this.  Easy to use and working great in my environment.

Cheers!

On Friday, January 4, 2013 8:25:16 AM UTC-5, Romain PELISSE wrote:
>
> Hi all,
>
> tuned-adm module: https://github.com/rpelisse/puppet-tuned
>
> I'm using 
> tuned-admto
>  tune the kernel of the target system according to a profile. I first 
> used exec{} to trigger the profile setting but lead to the exec{} being ran 
> at every Puppet run which I found, at beast, inelegant. I end up doing this 
> module to more and less properly implement the exists? method. The module 
> implementation is rather rudimentory but still nice to have - if you need 
> it.
>
> (Note: i've googled a bit before doing that and ran into a couple of 
> existing Puppet module or code for tuned-adm but they were either using 
> exec() internally or just installing the packages and nothing more). 
>  
> (Final note: Before XMas, I've already submitted a completely useless 
> module extension to handle DNS Name, as it turned out Puppet supports this 
> out of the box, so I hope this module proposal will be a tidbit more useful 
> ! :) ) 
>
> -- 
> Romain PELISSE,
> *"The trouble with having an open mind, of course, is that people will 
> insist on coming along and trying to put things in it" -- Terry Pratchett*
> Belaran ins Prussia (blog)  (... 
> finally up and running !) 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Show manifest code in rdoc

[banjer]

Is it possible to have puppet doc show all of the manifest code in the 
generated docs?  I'm generating some html docs and would love to be able to 
look at the actual code for each class or define statement.  With syntax 
highlighting would be even sweeter.

I'm using the following to create my docs:

sudo puppet doc --all --mode rdoc --outputdir 
/usr/local/foreman/public/puppet/rdoc/development --modulepath 
/etc/puppet/modules/

FYI:

Puppet master 3.1.1
Foreman 1.1.1
these both run on CentOS 6.4

Thanks for your comments.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Literal @ character in erb template

[banjer]

The puppet error was: 

  err: Failed to apply catalog: Parameter source failed: Could not 
understand source # This file managed by Puppet

Sorry for not seeing that error before...I kept looking at the "Bad URI" 
error message which I posted in my original email.  So anyway, it turns out 
I was using 'source' instead of 'content' within my file declaration in my 
manifest.   My working file resource looks like this now:


file { "rsyslog.conf":
path=> "/etc/rsyslog.conf",
owner   => root,
group   => root,
mode=> 644,
content => template('syslog/rsyslog.conf.erb'),
require => Package["rsyslog"],
}


All good now.  Thanks for the assistance, it gave me a few pointers on 
troubleshooting templates and puppet manifests.


On Tuesday, September 4, 2012 9:03:01 AM UTC-4, jcbollinger wrote:
>
>  
> On Friday, August 31, 2012 3:37:48 PM UTC-5, Krzysztof Wilczynski wrote:
>>
>> Hi,
>>
>> Works fine for me:
>>
>

> More generally, the underlying ERB engine will treat anything in your 
> template but outside ERB blocks (delimited by <% %> or <%= %> or <%# %>) as 
> literal text, except for <%% (which is translated to <% in the output) and 
> %%> (which is translated to %>).
>
> Without the actual error message (or, apparently, the template that causes 
> it) I can only speculate about what the problem may be, but one thing to 
> look for would be proper closure of all ERB code blocks before the template 
> text where the error is reported.
>
>
> John
>
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/FFFd505T5A0J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Literal @ character in erb template

[banjer]

Thanks for the reply KW, but thats not quite what I was asking.  Heres the 
relevant section of the template:


*.notice;news.none;cron.none @loghost:514

<% if @hostname == "foo" %>
  # Provides UDP syslog reception
  $ModLoad imudp.so
  $UDPServerRun 514
<% end %>

So you can see it lives outside of a <%  %> block.

This part: "*.notice;news.none;cron.none @loghost:514*" *should be a 
literal string.  Its a standard rsyslog configuration.  "Loghost" is the 
actual hostname of a host in our network that we send all of our servers' 
syslogs to.  In other words, I don't want it to be evaluated as ERB code.  
So how can I have puppet/the template engine ignore the '@' symbol and 
treat it as a literal string?




On Friday, August 31, 2012 11:21:08 AM UTC-4, Krzysztof Wilczynski wrote:
>
> Hi,
>
> I am not sure how your template looks like, or how do you render it, but 
> try to avoid putting anything with @ into a <%= %> block. It should just 
> work:
>
> matti@acrux ~ $ irb
> >> require 'erb'
> => true
> >> host = 'localhost'
> => "localhost"
> >> p ERB.new('*.notice;news.none;cron.none @<%= host 
> %>:514').result(binding)
> "*.notice;news.none;cron.none @localhost:514"
> => nil
> >> @host = host.clone
> => "localhost"
> >> p ERB.new('*.notice;news.none;cron.none @<%= @host 
> %>:514').result(binding)
> "*.notice;news.none;cron.none @localhost:514"
> => nil
> >> 
>
> matti@acrux ~ $ cat | puppet apply --noop
> notice inline_template('*.notice;news.none;cron.none @<%= @hostname 
> %>:514')   notice: Scope(Class[main]): 
> *.notice;news.none;cron.none @acrux:514
> notice: Finished catalog run in 0.03 seconds
> matti@acrux ~ $ 
>
> KW
>
> On Friday, 31 August 2012 15:09:17 UTC+1, banjer wrote:
>>
>> Hi,
>> I have a template named rsyslog.conf.erb, and the puppet agents seem to 
>> be choking on this:
>>
>> **.notice;news.none;cron.none @loghost:514*
>>
>>
>> The agents report an error of ": bad URI(is not URI?): " followed by a 
>> bunch of jargon.  I'm pretty sure its the literal '@' symbol that its 
>> trying to evaluate as erb code.  How can I escape this @ symbol so its a 
>> literal?  Thanks.
>>
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/8e0XGAVVVeIJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Literal @ character in erb template

[banjer]

Hi,
I have a template named rsyslog.conf.erb, and the puppet agents seem to be 
choking on this:

**.notice;news.none;cron.none @loghost:514*


The agents report an error of ": bad URI(is not URI?): " followed by a 
bunch of jargon.  I'm pretty sure its the literal '@' symbol that its 
trying to evaluate as erb code.  How can I escape this @ symbol so its a 
literal?  Thanks.


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/sCbRpNM8LikJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: SSL issues - certificate verify failed

[banjer]

It usually involves doing this one the server:

  puppet cert clean myhost

and on the client:

  rm -rf /var/lib/puppet/ssl


Then try it again on your client:  `puppet agent --test`  Then back to your 
master:  `puppet cert sign myhost`.

On Friday, August 10, 2012 8:30:50 AM UTC-4, Axel Bock wrote:
>
> hm, nevermind, I solved it somehow, although I don't know how (yet). it 
> involved a lot of deleting and restarting :) ... 
>
> thanks anyways!
> /Axel.
>
> Am Freitag, 10. August 2012 14:10:57 UTC+2 schrieb Axel Bock:
>>
>> Hello readers, 
>>
>> I have this little issue that my puppet client refuses to do anything 
>> because of SSL validation errors. Maybe I'll just post dump of what 
>> happens, that makes it clear I hope. Does anyone have a suggestion why that 
>> might happen? what I already checked: 
>>
>> On the master: 
>>
>>- Puppet and puppetmaster is running
>>- Something is listening on Port 8140 (although I cannot 
>>telnet-connect to it, it closes immediately for whatever reason)
>>- in /var/lib/puppet/ssl: find . -type f -delete
>>
>> On the client:
>>
>>- in /var/lib/puppet/ssl: find . -type f -delete
>>
>> I would appreciate any help that's available ... 
>>
>> thanks & greetings! Axel.
>>
>>
>> ... and now the little dump:
>>
>> (CLIENT)
>> *root@l1311022:/var/lib/puppet/ssl$* *puppet agent --test*
>> info: Creating a new SSL key for l1311022.our.domain.de
>> warning: peer certificate won't be verified in this SSL session (2x)
>> info: Creating a new SSL certificate request for l1311022.our.domain.de
>> info: Certificate Request fingerprint (md5): 
>> 19:60:00:FE:95:D8:1B:D1:7A:0A:08:C1:1F:E1:94:4E
>> warning: peer certificate won't be verified in this SSL session (3x)
>> Exiting; no certificate found and waitforcert is disabled
>>
>> (SERVER)
>> *l1215022:/var/lib/puppet/ssl # pca -l*
>> notice: Signed certificate request for ca
>> notice: Rebuilding inventory file
>>   l1311022.our.domain.de(19:60:00:FE:95:D8:1B:D1:7A:0A:08:C1:1F:E1:94:4E)
>> *l1215022:/var/lib/puppet/ssl # pca -s --all*
>> notice: Signed certificate request for l1311022.our.domain.de
>> notice: Removing file Puppet::SSL::CertificateRequest 
>> l1311022.our.domain.de at 
>> '/var/lib/puppet/ssl/ca/requests/l1311022.our.domain.de.pem'
>> l1215022:/var/lib/puppet/ssl #
>>
>> (CLIENT)
>> *root@l1311022:/var/lib/puppet/ssl$ puppet agent --test*
>> warning: peer certificate won't be verified in this SSL session
>> info: Caching certificate for ca
>> warning: peer certificate won't be verified in this SSL session
>> info: Caching certificate for l1311022.our.domain.de
>> info: Retrieving plugin
>> err: /File[/var/lib/puppet/lib]: Failed to generate additional resources 
>> using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read 
>> server certificate B: certificate verify failed
>> err: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect 
>> returned=1 errno=0 state=SSLv3 read server certificate B: certificate 
>> verify failed Could not retrieve file metadata for puppet://
>> l1215022.our.domain.de/plugins: SSL_connect returned=1 errno=0 
>> state=SSLv3 read server certificate B: certificate verify failed
>> err: Could not retrieve catalog from remote server: SSL_connect 
>> returned=1 errno=0 state=SSLv3 read server certificate B: certificate 
>> verify failed
>> warning: Not using cache on failed catalog
>> err: Could not retrieve catalog; skipping run
>> err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 
>> read server certificate B: certificate verify failed
>>
>> The config files look like this: 
>>
>> (CLIENT)
>> [main]
>> logdir = /var/log/puppet
>> rundir = /var/run/puppet
>> ssldir = /var/lib/puppet/ssl
>> modulepath = /etc/puppet/modules:/opt/puppet/share/puppet/modules
>> [agent]
>> certname = l1311022.our.domain.de
>> server = l1215022.our.domain.de
>> report = true
>> graph = true
>> pluginsync = true
>> classfile = $vardir/classes.txt
>> localconfig = $vardir/localconfig
>>
>> (SERVER)
>> [main]
>> logdir = /var/log/puppet
>> rundir = /var/run/puppet
>> ssldir = /var/lib/puppet/ssl
>> certname = l1215022.our.domain.de
>> [agent]
>> classfile = $vardir/classes.txt
>> localconfig = $vardir/localconfig
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/Jx0FJz3FksUJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Error 400 on Server: Another local or imported resource exists with the type and title Sshkey

[banjer]

>  If there is a new "foohost" client then you may not need to do anything.  
> If not, then yes, you should clear its configuration out of your 
> storeconfigs DB.
>
>
Its a new hostname as well as a new key.   I wasn't clear on that earlier.  
Also, I had run `puppet node clean foohost` before fyi.  Lets call the old 
host *foohost* and the new one *newhost.*

My goal is to have 50 hosts with the same ssh_known_hosts file, which will 
contain the keys for the 50 hosts, so from what I understand I need to use 
sshkey as an "exported" resource.  Perhaps I'm not understanding local vs 
exported resources though.

It seems to me that if if the hostnames are different, then there shouldn't 
be a problem with the two resource declarations coexisting in my manifest, 
as the type-title combo should be unique, right?  A solution I've come up 
with is to have ONLY this declared:

# remove key 
@@sshkey { "foohost":
ensure => absent,
type => "rsa",
}

Sshkey <<| |>>

and then let my puppet agents pull down their configs and thus handle the 
removal of foohost from ssh_known_hosts.  Later today, I'll remove this 
declaration and put back in:

# add keys
@@sshkey { $hostname:
   ensure => present,
type => "rsa",
key  => $sshrsakey,
}

Sshkey <<| |>>

Not the prettiest solution, but this situation where we rebuild a host with 
a new hostname isn't that common.

Now, with all that said, I can see in my storedconfigs DB which is also 
shared by Foreman, that there are some records for sshkey and foohost that 
still exist.  Not sure how to clean this out (is puppet node clean foohost 
the correct way?), other than a postgres query.  



-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/hyewxsFQxA4J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Error 400 on Server: Another local or imported resource exists with the type and title Sshkey

[banjer]

I am attempting to remove an old ssh host key from 
/etc/ssh/ssh_known_hosts.  In my manifest, I have the following:

# add keys
@@sshkey { $hostname:
   ensure => present,
type => "rsa",
key  => $sshrsakey,
}

# remove key
@@sshkey { "foohost":
ensure => absent,
type => "rsa",
}

Sshkey <<| |>>


But I get this error on puppet agents:


root@harper~> puppet agent -t
info: Retrieving plugin
info: Loading facts in datacenter
info: Loading facts in datacenter
err: Could not retrieve catalog from remote server: Error 400 on SERVER: 
Another local or imported resource exists with the type and title 
Sshkey[foohost] on node harper
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run


The "add keys" piece above has always worked great for dynamically adding 
to/managing the ssh_known_hosts file, but this is the first time I've tried 
to do 'ensure => absent' for a specific host's old key.  I should note that 
the old host "foohost" had its OS rebuilt (was SLES, now CentOS) and I used 
the old IP on the new host.  Not sure if that would affect it. 

The best I could find via Google was 
http://projects.puppetlabs.com/issues/11629, but it doesn't provide any 
clues as to what needs to be cleaned out or if my manifest syntax is off.  
I also tried adding "Sshkey <<| |>>" after "add keys" AND after "remove 
key".

I think I need to clean out stale something-or-other for foohost on all my 
nodes.  Any ideas?   Thank you thank you.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/FHYnbjSqRIcJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] can dashboard and foreman be used at the same time?

[banjer]

Yeah I figured PuppetDB wasn't supported by Foreman yet, but thought I'd 
give it a try since I hadn't heard a firm yes or no on the subject.   I'm 
happy with the new setup so far with Foreman being the ENC.

On Thursday, August 2, 2012 9:59:23 AM UTC-4, llo...@oreillyauto.com wrote:
>
>
>
> On Thursday, August 2, 2012 8:54:58 AM UTC-5, banjer wrote:
>>
>> I just switched from using Puppet Dashboard with PuppetDB 0.9 to using 
>> Foreman 1.0.0.   This is on CentOS 6.3.  I've been unable to get Foreman to 
>> work PuppetDB, so I had to revert to using the "old" way of storeconfigs 
>> without puppetdb.  
>>
>>
> From what I can tell, Foreman doesn't yet support PuppetDB, but it is 
> something they are working on.  I would recommend that you setup Foreman as 
> an ENC to gether your facts, which is what I do even though I don't 
> actually use the ENV functionality.
>  
>
>> Perhaps I had something set up incorrectly, but I couldn't seem to get 
>> facts stored in puppetdb to be visible by Foreman with these settings in 
>> /etc/puppet/puppet.conf:
>>
>> [master]
>>   storeconfigs = true
>>   storeconfigs_backend = puppetdb
>>
>> No helpful log messages.  Oh well, I'll see how the performance is with 
>> this new set up which is Foreman sharing a postgres DB with storedconfigs.  
>> So far, Foreman is awesome and really responsive when run via Passenger on 
>> Apache.
>>
>>
>> On Friday, July 27, 2012 9:19:32 AM UTC-4, llo...@oreillyauto.com wrote:
>>>
>>>
>>>
>>> On Thursday, July 26, 2012 10:28:49 PM UTC-5, Pete wrote:
>>>>
>>>> I have been wondering the same thing but I have started using puppetdb. 
>>>> Has anyone got foreman working with puppetdb? 
>>>>
>>>>
>>> AFAIK that is something they are working on. It won't be able to connect 
>>> directly to the database (since puppetdb can use different backends) but it 
>>> either can or soon will be able to talk to puppetdb using the API.
>>>
>>> But I can't speak authoritatively on this though, as I do not yet have 
>>> puppetdb up and running just yet.
>>>  
>>>
>>>>
>>>>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/QwvKaF2mUz4J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] can dashboard and foreman be used at the same time?

[banjer]

I just switched from using Puppet Dashboard with PuppetDB 0.9 to using 
Foreman 1.0.0.   This is on CentOS 6.3.  I've been unable to get Foreman to 
work PuppetDB, so I had to revert to using the "old" way of storeconfigs 
without puppetdb.  

Perhaps I had something set up incorrectly, but I couldn't seem to get 
facts stored in puppetdb to be visible by Foreman with these settings in 
/etc/puppet/puppet.conf:

[master]
  storeconfigs = true
  storeconfigs_backend = puppetdb

No helpful log messages.  Oh well, I'll see how the performance is with 
this new set up which is Foreman sharing a postgres DB with storedconfigs.  
So far, Foreman is awesome and really responsive when run via Passenger on 
Apache.


On Friday, July 27, 2012 9:19:32 AM UTC-4, llo...@oreillyauto.com wrote:
>
>
>
> On Thursday, July 26, 2012 10:28:49 PM UTC-5, Pete wrote:
>>
>> I have been wondering the same thing but I have started using puppetdb. 
>> Has anyone got foreman working with puppetdb? 
>>
>>
> AFAIK that is something they are working on. It won't be able to connect 
> directly to the database (since puppetdb can use different backends) but it 
> either can or soon will be able to talk to puppetdb using the API.
>
> But I can't speak authoritatively on this though, as I do not yet have 
> puppetdb up and running just yet.
>  
>
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/Dfe4_eov3qsJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Managing /etc/ssh/shosts.equiv

[banjer]

Hi, does anyone have any elegant solutions for managing shosts.equiv?  In 
my puppet ssh module, host keys for /etc/ssh/ssh_known_hosts are 
automatically managed with:

@@sshkey { $hostname:
ensure => present,
type => "rsa",
key  => $sshrsakey,
}

Sshkey <<| |>>


Is there a similar construct for shosts.equiv?  Its just a list of 
hostnames, so I'm hoping there is an easy way to dump all the puppet agent 
hostnames to a file so I don't have to manually add new hosts as they come 
up.  Thanks for any ideas.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/FaB92_bBLjMJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Puppet master on Apache Passenger No such file or directory - config/environment.rb

[banjer]

I solved it.  My puppetmaster and puppet-dashboard apache configs were 
conflicting.  Looks like it was related to RackBaseURI and RailsBaseURI.  


Under VirtualHost definition in /etc/httpd/conf.d/puppetmaster.conf I added:

RackBaseURI /

Under VirtualHost definition in /etc/httpd/conf.d/dashboard-vhost.conf I 
added:

RailsBaseURI /

On Wednesday, July 25, 2012 8:10:55 AM UTC-4, banjer wrote:
>
> Hi,
> I am trying to configure my puppet master to be served by 
> Apache/Passenger.  I was successful in getting puppet-dashboard to run 
> under Apache/Passenger, but have been running into issues with puppet 
> master.  
>
> When I visit https://foo:8140 in my browser to test things out, I get:
>
> Ruby on Rails application could not be started
>   Error message:
>   No such file or directory - config/environment.rb  Exception class:  
> Errno::ENOENT  Application root:   /etc/puppet/rack --
>
> I'm running Apache 2.2.15 on CentOS 6.3, passenger is version 3.0.14, and 
> rails is version 2.13.12.
>
> root@foo~> gem list
>
> *** LOCAL GEMS ***
>
> actionmailer (2.3.12)
> actionpack (2.3.12)
> activerecord (2.3.12)
> activeresource (2.3.12)
> activesupport (2.3.12)
> daemon_controller (1.0.0)
> fastthread (1.0.7)
> passenger (3.0.14)
> rack (1.4.1, 1.1.0)
> rails (2.3.12)
> rake (0.9.2.2, 0.8.7)
>
>
> Here are my Apache configs:
>
> In* /etc/httpd/conf/httpd.conf*:
>
>
> LoadModule passenger_module 
> /usr/lib/ruby/gems/1.8/gems/passenger-3.0.14/ext/apache2/mod_passenger.so
> PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-3.0.14
> PassengerRuby /usr/bin/ruby
>
>
> In* /etc/httpd/conf.d/puppetmaster.conf*:
>
>
> # you probably want to tune these settings
> PassengerHighPerformance on
> PassengerMaxPoolSize 12
> PassengerPoolIdleTime 1500
> # PassengerMaxRequests 1000
> PassengerStatThrottleRate 120
> RackAutoDetect Off
> RailsAutoDetect Off
>
> Listen 8140
> 
> SSLEngine on
> SSLProtocol -ALL +SSLv3 +TLSv1
> SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
>
> SSLCertificateFile  
> /var/lib/puppet/ssl/certs/foo.mydomain.com.pem
> SSLCertificateKeyFile   
> /var/lib/puppet/ssl/private_keys/foo.mydomain.com.pem
> SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
> SSLCACertificateFile/var/lib/puppet/ssl/ca/ca_crt.pem
> # If Apache complains about invalid signatures on the CRL, you can 
> try disabling
> # CRL checking by commenting the next line, but this is not 
> recommended.
> SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
> SSLVerifyClient optional
> SSLVerifyDepth  1
> SSLOptions +StdEnvVars
>
> # This header needs to be set if using a loadbalancer or proxy
> RequestHeader unset X-Forwarded-For
>
> RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
> RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
> RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
>
> DocumentRoot /etc/puppet/rack/public/
> RackBaseURI /
> 
> Options None
> AllowOverride None
> Order allow,deny
> allow from all
> 
> 
>
>
> *root@foo:/etc/puppet/rack> ls -la*
> total 24
> drwxr-xr-x  5 root   root   4096 Jul 25 07:51 ./
> drwxr-xr-x. 7 root   root   4096 Jul 24 15:58 ../
> -rw-r--r--  1 puppet puppet  550 Jul 25 07:51 config.ru
> drwxr-xr-x  3 root   root   4096 Jul 24 11:18 public/
> drwxr-xr-x  6 root   root   4096 Jul 24 15:34 .svn/
> drwxr-xr-x  3 root   root   4096 Jul 24 11:18 tmp/
>
>
> *root@foo:/etc/puppet/rack> more config.ru*
> # a config.ru, for use with every rack-compatible webserver.
> # SSL needs to be handled outside this, though.
>
> # if puppet is not in your RUBYLIB:
> # $:.unshift('/opt/puppet/lib')
> $:.unshift('/usr/share/puppet/lib')
> $:.unshift('/var/lib/puppet/lib')
> $:.unshift('/usr/lib/ruby/site_ruby/1.8/puppet')
>
> $0 = "master"
>
> # if you want debugging:
> # ARGV << "--debug"
>
> ARGV << "--rack"
> require 'puppet/application/master'
> # we're usually running inside a Rack::Builder.new {} block,
> # therefore we need to call run *here*.
> run Puppet::Application[:master].run
>
> 
> The Apache error_log says the same thing: no such file or directory 
> config/environment.rb.   I see this config/environment.rb for 
> puppet-dashboard, but the puppet 
> docs<http://projects.puppetlabs.com/projects/1/wiki/U

[Puppet Users] Puppet master on Apache Passenger No such file or directory - config/environment.rb

[banjer]

Hi,
I am trying to configure my puppet master to be served by 
Apache/Passenger.  I was successful in getting puppet-dashboard to run 
under Apache/Passenger, but have been running into issues with puppet 
master.  

When I visit https://foo:8140 in my browser to test things out, I get:

Ruby on Rails application could not be started
  Error message:
  No such file or directory - config/environment.rb  Exception class:  
Errno::ENOENT  Application root:   /etc/puppet/rack --

I'm running Apache 2.2.15 on CentOS 6.3, passenger is version 3.0.14, and 
rails is version 2.13.12.

root@foo~> gem list

*** LOCAL GEMS ***

actionmailer (2.3.12)
actionpack (2.3.12)
activerecord (2.3.12)
activeresource (2.3.12)
activesupport (2.3.12)
daemon_controller (1.0.0)
fastthread (1.0.7)
passenger (3.0.14)
rack (1.4.1, 1.1.0)
rails (2.3.12)
rake (0.9.2.2, 0.8.7)


Here are my Apache configs:

In* /etc/httpd/conf/httpd.conf*:


LoadModule passenger_module 
/usr/lib/ruby/gems/1.8/gems/passenger-3.0.14/ext/apache2/mod_passenger.so
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-3.0.14
PassengerRuby /usr/bin/ruby


In* /etc/httpd/conf.d/puppetmaster.conf*:


# you probably want to tune these settings
PassengerHighPerformance on
PassengerMaxPoolSize 12
PassengerPoolIdleTime 1500
# PassengerMaxRequests 1000
PassengerStatThrottleRate 120
RackAutoDetect Off
RailsAutoDetect Off

Listen 8140

SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

SSLCertificateFile  
/var/lib/puppet/ssl/certs/foo.mydomain.com.pem
SSLCertificateKeyFile   
/var/lib/puppet/ssl/private_keys/foo.mydomain.com.pem
SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile/var/lib/puppet/ssl/ca/ca_crt.pem
# If Apache complains about invalid signatures on the CRL, you can 
try disabling
# CRL checking by commenting the next line, but this is not 
recommended.
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth  1
SSLOptions +StdEnvVars

# This header needs to be set if using a loadbalancer or proxy
RequestHeader unset X-Forwarded-For

RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

DocumentRoot /etc/puppet/rack/public/
RackBaseURI /

Options None
AllowOverride None
Order allow,deny
allow from all




*root@foo:/etc/puppet/rack> ls -la*
total 24
drwxr-xr-x  5 root   root   4096 Jul 25 07:51 ./
drwxr-xr-x. 7 root   root   4096 Jul 24 15:58 ../
-rw-r--r--  1 puppet puppet  550 Jul 25 07:51 config.ru
drwxr-xr-x  3 root   root   4096 Jul 24 11:18 public/
drwxr-xr-x  6 root   root   4096 Jul 24 15:34 .svn/
drwxr-xr-x  3 root   root   4096 Jul 24 11:18 tmp/


*root@foo:/etc/puppet/rack> more config.ru*
# a config.ru, for use with every rack-compatible webserver.
# SSL needs to be handled outside this, though.

# if puppet is not in your RUBYLIB:
# $:.unshift('/opt/puppet/lib')
$:.unshift('/usr/share/puppet/lib')
$:.unshift('/var/lib/puppet/lib')
$:.unshift('/usr/lib/ruby/site_ruby/1.8/puppet')

$0 = "master"

# if you want debugging:
# ARGV << "--debug"

ARGV << "--rack"
require 'puppet/application/master'
# we're usually running inside a Rack::Builder.new {} block,
# therefore we need to call run *here*.
run Puppet::Application[:master].run


The Apache error_log says the same thing: no such file or directory 
config/environment.rb.   I see this config/environment.rb for 
puppet-dashboard, but the puppet 
docsmake no 
mention of it.  I'm not familiar with Ruby/Rails/Passenger, so any 
help would be appreciated.  Also, I should note that when running with the 
puppetmaster service, my puppet agent is able to connect just fine with 
puppet agent --test.

Thanks!



-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/iseFG3CqdWcJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: problem using apache & passenger to run dashboard

[banjer]

And 2 minutes after I posted this, I got it working :).  It was indeed the 
RailsAutoDetect.  I commented it out and set RailsBaseURI to /.   Like this:

 
  #RailsAutoDetect On
  RailsBaseURI /

  Listen 3000
  
  ...snip...


Hai, hope this works for you!

On Tuesday, July 24, 2012 2:30:46 PM UTC-4, banjer wrote:
>
> I'm having the same exact problem trying to get Apache to serve puppet 
> dashboard on CentOS 6.3.  Apache is set up to serve my puppet master, and 
> the puppetmaster is configured and working just fine.  I get this in the 
> apache error log:
>
>   Directory index forbidden by Options directive: 
> /usr/share/puppet-dashboard/public/
>
> Here are my configs.  Added these lines to */etc/httpd/conf/httpd.conf*:
>
> ServerName merkin.mydomain.com
>
> # Passenger for rails apps (puppet)
> LoadModule passenger_module 
> /usr/lib/ruby/gems/1.8/gems/passenger-3.0.14/ext/apache2/mod_passenger.so
> PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-3.0.14
> PassengerRuby /usr/bin/ruby
>
>
> This is my */etc/httpd/conf.d/dashboard-vhost.conf*
>
> # you may want to tune these settings
> PassengerHighPerformance on
> PassengerMaxPoolSize 12
> PassengerPoolIdleTime 1500
> # PassengerMaxRequests 1000
> PassengerStatThrottleRate 120
> RailsAutoDetect On
>
> Listen 3000
> 
> ServerName merkin.mydomain.com
> DocumentRoot /usr/share/puppet-dashboard/public/
> 
> Options None
> Order allow,deny
> allow from all
> 
>   ErrorLog /var/log/httpd/dashboard.com_error.log
>   LogLevel warn
>   CustomLog /var/log/httpd/dashboard.com_access.log combined
>   ServerSignature On
> 
>
>
> When I visit merkin.mydomain.com:3000, all I'm seeing is an Apache test 
> page.  Seems like Hai and myself are using (close to) the same version of 
> gems and passenger, so perhaps something related to 3.x passenger.  
>
> Perhaps RailsAutoDetect is not auto-detecting correctly?  Can I try 
> explicitly setting *RailsBaseURI*?  If so, what should it point to?
>
> Thanks for the help.
>
> On Thursday, July 19, 2012 7:22:53 PM UTC-4, Hai wrote:
>>
>> Can someone help me in this forum? 
>>
>> On Thu, Jul 12, 2012 at 4:42 PM, Hai Tao  wrote: 
>> > that is almost exactly what I have , except I put the mod_passenger.so 
>> > to /var/lib instead of /var/lib64. 
>> > 
>> >LoadModule passenger_module 
>> > 
>> /usr/lib/ruby/gems/1.8/gems/passenger-3.0.13/ext/apache2/mod_passenger.so 
>> >PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-3.0.13 
>> >PassengerRuby /usr/bin/ruby 
>> > 
>> > But I do not think that would affect anything. 
>> > 
>> > The thing is I have no experience with passenger, and I do not know 
>> > how to trouble shoot this problem. 
>> > 
>> > Is there suggestions? 
>> > 
>> > Thanks. 
>> > 
>> > On Thu, Jul 12, 2012 at 4:30 PM, Clay  wrote: 
>> >> I'm running puppet dashboard 1.2.9 ,   just followed document at 
>> >> 
>> http://docs.puppetlabs.com/dashboard/manual/1.2/bootstrapping.html#running-dashboard-in-a-production-quality-server
>>  
>> >> , 
>> >> 
>> >> [root@puppet conf.d]# grep -v ^# dashboard-vhost.conf 
>> >> 
>> >> Listen 3000 
>> >>  
>> >> ServerName puppet.domain.com 
>> >> 
>> >> DocumentRoot /usr/share/puppet-dashboard/public/ 
>> >>  
>> >> Options None 
>> >> Order allow,deny 
>> >> allow from all 
>> >>  
>> >>   ErrorLog /var/log/httpd/dashboard_error.log 
>> >>   LogLevel warn 
>> >>   CustomLog /var/log/httpd/dashboard_access.log combined 
>> >>   ServerSignature On 
>> >>  
>> >> 
>> >> I have  the passenger module config in /etc/httpd/conf/httpd.conf 
>> because 
>> >> puppet master is also using passenger. 
>> >> 
>> >> LoadModule passenger_module 
>> >> 
>> /usr/lib64/ruby/gems/1.8/gems/passenger-3.0.13/ext/apache2/mod_passenger.so 
>> >> PassengerRoot /usr/lib64/ruby/gems/1.8/gems/passenger-3.0.13 
>> >> PassengerRuby /usr/bin/ruby 
>> >> 
>> >> 
>> >> 
>> >> -- 
>> >> You received this message because you are subscribed to the Google 
>> Groups 
>> >> "Puppet Users" group. 
>> >> To v

Re: [Puppet Users] Re: problem using apache & passenger to run dashboard

[banjer]

I'm having the same exact problem trying to get Apache to serve puppet 
dashboard on CentOS 6.3.  Apache is set up to serve my puppet master, and 
the puppetmaster is configured and working just fine.  I get this in the 
apache error log:

  Directory index forbidden by Options directive: 
/usr/share/puppet-dashboard/public/

Here are my configs.  Added these lines to */etc/httpd/conf/httpd.conf*:

ServerName merkin.mydomain.com

# Passenger for rails apps (puppet)
LoadModule passenger_module 
/usr/lib/ruby/gems/1.8/gems/passenger-3.0.14/ext/apache2/mod_passenger.so
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-3.0.14
PassengerRuby /usr/bin/ruby


This is my */etc/httpd/conf.d/dashboard-vhost.conf*

# you may want to tune these settings
PassengerHighPerformance on
PassengerMaxPoolSize 12
PassengerPoolIdleTime 1500
# PassengerMaxRequests 1000
PassengerStatThrottleRate 120
RailsAutoDetect On

Listen 3000

ServerName merkin.mydomain.com
DocumentRoot /usr/share/puppet-dashboard/public/

Options None
Order allow,deny
allow from all

  ErrorLog /var/log/httpd/dashboard.com_error.log
  LogLevel warn
  CustomLog /var/log/httpd/dashboard.com_access.log combined
  ServerSignature On



When I visit merkin.mydomain.com:3000, all I'm seeing is an Apache test 
page.  Seems like Hai and myself are using (close to) the same version of 
gems and passenger, so perhaps something related to 3.x passenger.  

Perhaps RailsAutoDetect is not auto-detecting correctly?  Can I try 
explicitly setting *RailsBaseURI*?  If so, what should it point to?

Thanks for the help.

On Thursday, July 19, 2012 7:22:53 PM UTC-4, Hai wrote:
>
> Can someone help me in this forum? 
>
> On Thu, Jul 12, 2012 at 4:42 PM, Hai Tao  wrote: 
> > that is almost exactly what I have , except I put the mod_passenger.so 
> > to /var/lib instead of /var/lib64. 
> > 
> >LoadModule passenger_module 
> > 
> /usr/lib/ruby/gems/1.8/gems/passenger-3.0.13/ext/apache2/mod_passenger.so 
> >PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-3.0.13 
> >PassengerRuby /usr/bin/ruby 
> > 
> > But I do not think that would affect anything. 
> > 
> > The thing is I have no experience with passenger, and I do not know 
> > how to trouble shoot this problem. 
> > 
> > Is there suggestions? 
> > 
> > Thanks. 
> > 
> > On Thu, Jul 12, 2012 at 4:30 PM, Clay  wrote: 
> >> I'm running puppet dashboard 1.2.9 ,   just followed document at 
> >> 
> http://docs.puppetlabs.com/dashboard/manual/1.2/bootstrapping.html#running-dashboard-in-a-production-quality-server
>  
> >> , 
> >> 
> >> [root@puppet conf.d]# grep -v ^# dashboard-vhost.conf 
> >> 
> >> Listen 3000 
> >>  
> >> ServerName puppet.domain.com 
> >> 
> >> DocumentRoot /usr/share/puppet-dashboard/public/ 
> >>  
> >> Options None 
> >> Order allow,deny 
> >> allow from all 
> >>  
> >>   ErrorLog /var/log/httpd/dashboard_error.log 
> >>   LogLevel warn 
> >>   CustomLog /var/log/httpd/dashboard_access.log combined 
> >>   ServerSignature On 
> >>  
> >> 
> >> I have  the passenger module config in /etc/httpd/conf/httpd.conf 
> because 
> >> puppet master is also using passenger. 
> >> 
> >> LoadModule passenger_module 
> >> 
> /usr/lib64/ruby/gems/1.8/gems/passenger-3.0.13/ext/apache2/mod_passenger.so 
> >> PassengerRoot /usr/lib64/ruby/gems/1.8/gems/passenger-3.0.13 
> >> PassengerRuby /usr/bin/ruby 
> >> 
> >> 
> >> 
> >> -- 
> >> You received this message because you are subscribed to the Google 
> Groups 
> >> "Puppet Users" group. 
> >> To view this discussion on the web visit 
> >> https://groups.google.com/d/msg/puppet-users/-/rl1IMNDZR3MJ. 
> >> 
> >> To post to this group, send email to puppet-users@googlegroups.com. 
> >> To unsubscribe from this group, send email to 
> >> puppet-users+unsubscr...@googlegroups.com. 
> >> For more options, visit this group at 
> >> http://groups.google.com/group/puppet-users?hl=en. 
> > 
> > 
> > 
> > -- 
> > Hai Tao 
>
>
>
> -- 
> Hai Tao 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/WHnHWvRpEPEJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: REST API: facts_search on custom fact does not include puppet master in its list

[banjer]

My original post should read "abc" and not "btp" in the "facter -p | grep 
datacenter" examples.  Edited inline below..

On Wednesday, June 27, 2012 2:20:35 PM UTC-4, banjer wrote:
>
> I'm running the following query to get a list of hosts in datacenter "abc":
>
> root@puppet:~> curl -k -H "Accept: pson" 
> https://puppet:8140/production/facts_search/search?facts.datacenter=abc
> ["host04","host05","web01","db01"]
>
> *datacenter *is a custom fact distributed with pluginsync. The problem 
> is, is that the puppet master host (hostname is puppet) is not returned in 
> this list, even though its datacenter=abc.
>
> The custom fact is available via the command line:
>
> root@puppet:~> facter -p | grep datacenter
> datacenter => *abc*
>
> And on the agents, for example:
>
> root@host04:~> facter -p | grep datacenter
> datacenter => *abc*
>
> I can also see datacenter is set correctly per Puppet Dashboard.  Also, 
> running a facts_search on a non-cusom fact properly returns the puppet 
> master along with other agents:
>
> root@puppet:~> curl -k -H "Accept: pson" 
> https://puppet:8140/production/facts_search/search?facts.operatingsystem=CentOS
> ["host04","host05","web01","db01","puppet","puppet.mydomain.com"]
>
>
> FYI the puppet master is running on CentOS 6.2. 
>
> root@puppet:~> puppet --version
> 2.7.13
> root@puppet:~> facter -v
> 1.6.7
>
> Thought I'd ask here before filing a bug report.  Thanks for the 
> assistance.  
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/PH1Gsrh470UJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] REST API: facts_search on custom fact does not include puppet master in its list

[banjer]

I'm running the following query to get a list of hosts in datacenter "abc":

root@puppet:~> curl -k -H "Accept: pson" 
https://puppet:8140/production/facts_search/search?facts.datacenter=abc
["host04","host05","web01","db01"]

*datacenter *is a custom fact distributed with pluginsync. The problem is, 
is that the puppet master host (hostname is puppet) is not returned in this 
list, even though its datacenter=abc.

The custom fact is available via the command line:

root@puppet:~> facter -p | grep datacenter
datacenter => btp

And on the agents, for example:

root@host04:~> facter -p | grep datacenter
datacenter => btp

I can also see datacenter is set correctly per Puppet Dashboard.  Also, 
running a facts_search on a non-cusom fact properly returns the puppet 
master along with other agents:

root@puppet:~> curl -k -H "Accept: pson" 
https://puppet:8140/production/facts_search/search?facts.operatingsystem=CentOS
["host04","host05","web01","db01","puppet","puppet.mydomain.com"]


FYI the puppet master is running on CentOS 6.2. 

root@puppet:~> puppet --version
2.7.13
root@puppet:~> facter -v
1.6.7

Thought I'd ask here before filing a bug report.  Thanks for the 
assistance.  

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/LJJ4T_fHrzYJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Send Reports to Puppet Dashboard

[banjer]

If your hosts do not appear to be reporting, and you're seeing some 
background tasks pending (top left in the puppet dashboard web gui), then 
you probably need to start the "delayed_job" tasks on your puppet dashboard 
server in order to process the reports.  Run this:

*env RAILS_ENV=production /usr/share/puppet-dashboard/script/delayed_job -p 
dashboard -n 4 -m start*

where -n 4 refers to the number of cores.  

I added this line to /etc/init.d/puppet-dashboard so it gets fired after 
dashboard starts, and so I don't forget to run it.  Not sure if this is the 
best method, but it works for me.

See 
http://docs.puppetlabs.com/dashboard/manual/1.2/bootstrapping.html#starting-and-managing-delayed-job-workers.

On Thursday, January 13, 2011 9:10:11 AM UTC-5, (unknown) wrote:
>
> Patrick,
>
>  
>
> This is what I have setup in the puppet.conf files on the master and 
> client. Both servers are running puppet 2.6.4
>
>  
>
> On the Master in /etc/puppet/puppet.conf
>
>  
>
> [master]
>
> reports = http, store
>
> reporturl = http://fedorahost.ocfl.net:3000/reports
>
> node_terminus = exec
>
> external_nodes = /etc/puppet/bin/external_node
>
>  
>
> in external_node I have changed the localhost default to:
>
>  
>
> BASE = “http://fedorahost.ocfl.net:3000” 
>
>  
>
> On the client in /etc/puppet/puppet.conf
>
>  
>
> [agent]
>
> report = true
>
>  
>
> Thanks for your help. I hope you see something I might have done wrong.
>
>  
>
> Mike 
>
>  
>
>  
>
>  
>
> *From:* puppet-users@googlegroups.com [mailto:
> puppet-users@googlegroups.com] *On Behalf Of *Patrick
> *Sent:* Wednesday, January 12, 2011 5:02 PM
> *To:* puppet-users@googlegroups.com
> *Subject:* Re: [Puppet Users] Send Reports to Puppet Dashboard
>
>  
>
>  
>
> On Jan 12, 2011, at 11:37 AM,  wrote:
>
>
>
> Hi Daniel,
>
>  
>
> I have already done the setup which  you mention below. I followed the 
> puppet-dashboard configuration guide to the tee,
>
> which is why I’m surprised that this feature is not working. I have 
> verified that the puppet.conf entries on the client and
>
> master are correct. I’m wondering if this problem is a bug? Thanks for 
> your help.
>
>  
>
> At this point, I don't think you're going to get much help unless you post 
> a lot more from your puppet.conf files.  For instance, we should be seeing 
> section names.  At this point, you're saying you did everything right, but 
> evidently something isn't right so that doesn't help us much.
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
>
> _
> PLEASE NOTE: Florida has a very broad public records law (F. S. 119).
> All e-mails to and from County Officials are kept as a public record.
> Your e-mail communications, including your e-mail address may be
> disclosed to the public and media at any time.
>
>
On Thursday, January 13, 2011 9:10:11 AM UTC-5, (unknown) wrote:
>
> Patrick,
>
>  
>
> This is what I have setup in the puppet.conf files on the master and 
> client. Both servers are running puppet 2.6.4
>
>  
>
> On the Master in /etc/puppet/puppet.conf
>
>  
>
> [master]
>
> reports = http, store
>
> reporturl = http://fedorahost.ocfl.net:3000/reports
>
> node_terminus = exec
>
> external_nodes = /etc/puppet/bin/external_node
>
>  
>
> in external_node I have changed the localhost default to:
>
>  
>
> BASE = “http://fedorahost.ocfl.net:3000” 
>
>  
>
> On the client in /etc/puppet/puppet.conf
>
>  
>
> [agent]
>
> report = true
>
>  
>
> Thanks for your help. I hope you see something I might have done wrong.
>
>  
>
> Mike 
>
>  
>
>  
>
>  
>
> *From:* puppet-users@googlegroups.com [mailto:
> puppet-users@googlegroups.com] *On Behalf Of *Patrick
> *Sent:* Wednesday, January 12, 2011 5:02 PM
> *To:* puppet-users@googlegroups.com
> *Subject:* Re: [Puppet Users] Send Reports to Puppet Dashboard
>
>  
>
>  
>
> On Jan 12, 2011, at 11:37 AM,  wrote:
>
>
>
> Hi Daniel,
>
>  
>
> I have already done the setup which  you mention below. I followed the 
> puppet-dashboard configuration guide to the tee,
>
> which is why I’m surprised that this feature is not working. I have 
> verified that the puppet.conf entries on the client and
>
> master are correct. I’m wondering if this problem is a bug? Thanks for 
> your help.
>
>  
>
> At this point, I don't think you're going to get much help unless you post 
> a lot more from your puppet.conf files.  For instance, we should be seeing 
> section names.  At this point, you're saying you did everything right, but 
> evidently something isn't right so that doesn't help us much.
>
> -- 
> You received this message because you are subscribed to the Google Grou