[Puppet Users] Issue with package provider dnfmodule

['Christian Masopust' via Puppet Users]

Hi guys,

 

I'm using dnfmodule provider to enable a module on my CentOS 8 systems:

 

ensure_packages( ['redis:6'], { provider => dnfmodule, ensure => present,
enable_only => true } )

 

I would expect that this enables the module at first run and then it leaves
it untouched, but what I see at any run is
that it will be "updated" each time:

 

Notice: /Stage[main]/Gt_redis/Package[redis:6]/ensure: created (corrective)

 

Debug output of the  puppet run:

 

Info: /Package[redis:6]: Starting to evaluate the resource (275 of 506)

Debug: Executing: '/usr/bin/dnf module list -d 0 -e 1'

Debug: Executing: '/usr/bin/dnf module enable -d 0 -e 1 -y redis:6'

Notice: /Stage[main]/Gt_redis/Package[redis:6]/ensure: created (corrective)

Debug: /Package[redis:6]: The container Class[Gt_redis] will propagate my
refresh event

Info: /Package[redis:6]: Evaluated in 7.61 seconds

 

 

So, is this an issue in puppet? Or is my resource configuration wrong?

 

Thanks,

Christian

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/000201d77f83%244eb1afb0%24ec150f10%24%40chello.at.

[Puppet Users] Override default schedule for all resources

['Christian Masopust' via Puppet Users]

Hi puppet users,

 

we have a daily planned maintenance at 5am on our puppet server which means
that during that time

it's not available for our agents.

 

I'd like to avoid that the agents are trying to connect to the puppetserver
during that time.

 

My first idea was to use schedules, but that would mean to define the
schedule for each and every resource,
which definitly would be painful :)

 

So the next idea was to override the default schedule "puppet".   Does
anyone of you know if that's possible?

Or do you have other/better ideas how I could handle this?

 

Thanks,

Christian

 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/002301d77180%242f22c780%248d685680%24%40chello.at.

[Puppet Users] Re: Unknown resource type after Upgrade

[Christian Reiß]

Hey,

thank you-- 
that clears that up. Seems like time will solve the issue; postponing the 
update for now.

Am Donnerstag, 27. September 2018 11:14:19 UTC+1 schrieb Christian Reiß:
>
> Hey folks,
>
> I am currently upgrading to 6.x on a test setup using my live puppet code; 
> trying to get it to work with 6.x.
> One weird issue I am getting is that alle default definitions (upper case 
> classes) are faulting:
>
> Error: Could not retrieve catalog from remote server: Error 500 on SERVER: 
> Server Error: Evaluation Error: Resource type not found: Nagios_service (
> file: /etc/puppetlabs/code/environments/production/modules/pn_icinga/
> manifests/client/checks.pp, line: 83, column: 3) on node outleapt.test
> Warning: Not using cache on failed catalog
> Error: Could not retrieve catalog; skipping run
>
>
>
> The corresponding manifest looks like this:
>
> Nagios_service {
> check_period  => '24x7',
> ensure=> $::pn_icinga::client::installed,
> host_name => $::trusted['certname'],
> initial_state => 'o',
> max_check_attempts=> '3',
> notification_interval => '5',
> notification_options  => 'w,u,c,r',
> notification_period   => $notification_period,
> notifications_enabled => '0',
> [...]
> }
>
> Did I miss a regression somewhere?
> Any help is greatly appreciated!
>
> -Chris.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/8a5b4fed-cf93-4c8a-8652-5fc3222952c0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Puppetserver does not auto-load.

[Christian Reiß]

I have a wierd question:

On a fresh Server (Centos 7, PuppetServer 6) with only one nagios class 
(with nagios_core from forge I am getting this error:

Error: Could not retrieve catalog from remote server: Error 500 on SERVER: 
Server Error: Evaluation Error: Error while evaluating a Resource 
Statement, Could not autoload puppet/type/nagios_service: no such file to 
load -- puppet/util/nagios_maker (file: 
/etc/puppetlabs/code/environments/production/manifests/site.pp, line: 4, 
column: 3) on node hyposulphuric

If I do a puppet apply however, the same site.pp applies correctly without 
issues (well, it complains about exporting ressources not possible). Why 
would a puppet apply correctly load the puppet forge module when then 
puppet server (puppet agent --test) does not and yields above error?

I have been hitting my head against the issue all day.
Any help is greatly appreciated.

-Chris.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/b0c75235-39ab-434d-850a-84912a6a1fb3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Unknown resource type after Upgrade

[Christian Reiß]

Hey Rafael,

thanks for your reply. Ironically I was readind the deprecated logs and 
seem to have missed that, After doing a puppet module install the error 
changed to

Error: Could not retrieve catalog from remote server: Error 500 on SERVER: 
Server Error: Evaluation Error: Error while evaluating a Type-Name, Could 
not autoload puppet/type/nagios_service: no such file to load -- puppet/util
/nagios_maker (file: /etc/puppetlabs/code/environments/production/modules/
pn_icinga/manifests/client/raid.pp, line: 15, column: 3) on node outleapt.
test

Mind pushing me once more in the right direction?

-Chris.


Am Donnerstag, 27. September 2018 11:25:34 UTC+1 schrieb Rafael Tomelin:
>
> Hi dear,
>
> This link the puppet6 release notes.
> https://puppet.com/docs/puppet/6.0/release_notes.html#deprecations
>
>
>- The Nagios types no longer ship with Puppet, and are now available 
>as the puppetlabs/nagios_core module from the Forge.
>
>
> Em qui, 27 de set de 2018 às 07:14, Christian Reiß  > escreveu:
>
>> Hey folks,
>>
>> I am currently upgrading to 6.x on a test setup using my live puppet 
>> code; trying to get it to work with 6.x.
>> One weird issue I am getting is that alle default definitions (upper case 
>> classes) are faulting:
>>
>> Error: Could not retrieve catalog from remote server: Error 500 on SERVER
>> : Server Error: Evaluation Error: Resource type not found: Nagios_service 
>> (file: /etc/puppetlabs/code/environments/production/modules/pn_icinga/
>> manifests/client/checks.pp, line: 83, column: 3) on node outleapt.test
>> Warning: Not using cache on failed catalog
>> Error: Could not retrieve catalog; skipping run
>>
>>
>>
>> The corresponding manifest looks like this:
>>
>> Nagios_service {
>> check_period  => '24x7',
>> ensure=> $::pn_icinga::client::installed,
>> host_name => $::trusted['certname'],
>> initial_state => 'o',
>> max_check_attempts=> '3',
>> notification_interval => '5',
>> notification_options  => 'w,u,c,r',
>> notification_period   => $notification_period,
>> notifications_enabled => '0',
>> [...]
>> }
>>
>> Did I miss a regression somewhere?
>> Any help is greatly appreciated!
>>
>> -Chris.
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to puppet-users...@googlegroups.com .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/puppet-users/bde5ac1d-f1ef-4454-885d-b499f22062c8%40googlegroups.com
>>  
>> <https://groups.google.com/d/msgid/puppet-users/bde5ac1d-f1ef-4454-885d-b499f22062c8%40googlegroups.com?utm_medium=email_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
> -- 
>
> Atenciosamente,
>
> Rafael Tomelin
>
> skype: rafael.tomelin
>
> E-mail: rafael@gmail.com 
>
> RHCE  - Red Hat Certified Engineer
> PPT-205 - Puppet Certified Professional 2017
> Zabbix- ZABBIX Certified Specialist
> LPI3 
> ITIL v3
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/c2b29923-114f-4a82-8a66-cba5e428ca4b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Unknown resource type after Upgrade

[Christian Reiß]

Hey folks,

I am currently upgrading to 6.x on a test setup using my live puppet code; 
trying to get it to work with 6.x.
One weird issue I am getting is that alle default definitions (upper case 
classes) are faulting:

Error: Could not retrieve catalog from remote server: Error 500 on SERVER: 
Server Error: Evaluation Error: Resource type not found: Nagios_service (
file: /etc/puppetlabs/code/environments/production/modules/pn_icinga/
manifests/client/checks.pp, line: 83, column: 3) on node outleapt.test
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run



The corresponding manifest looks like this:

Nagios_service {
check_period  => '24x7',
ensure=> $::pn_icinga::client::installed,
host_name => $::trusted['certname'],
initial_state => 'o',
max_check_attempts=> '3',
notification_interval => '5',
notification_options  => 'w,u,c,r',
notification_period   => $notification_period,
notifications_enabled => '0',
[...]
}

Did I miss a regression somewhere?
Any help is greatly appreciated!

-Chris.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/bde5ac1d-f1ef-4454-885d-b499f22062c8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Question Exec resource

[Christian Charpentier]

Yes the command exit with succes from a root shell. 
I'm gonna try to use exec environment parameter.

Thx

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/b1861de2-c520-4b1a-94a8-c1419d6f7ef4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Question Exec resource

[Christian Charpentier]

Thnaks for your answer Martin.

Here is the beginning of the stack:

 [0;36mDebug: Executing '/bin/sh -c source /etc/profile && 
/opt/openam/bin/openam_install.sh install cm > /opt/openam/install.log' [0m

 [0;36mDebug: /Stage[main]/Openam::Config/Exec[openam_install]/returns: 
Certificate was added to keystore [0m
 [0;36mDebug: /Stage[main]/Openam::Config/Exec[openam_install]/returns: 
Certificate stored in file  [0m
 [0;36mDebug: /Stage[main]/Openam::Config/Exec[openam_install]/returns: 
Certificate was added to keystore [0m
 [0;36mDebug: /Stage[main]/Openam::Config/Exec[openam_install]/returns: 
java.net.ConnectException: Connection refused [0m
 [0;36mDebug: /Stage[main]/Openam::Config/Exec[openam_install]/returns: 
at java.net.PlainSocketImpl.socketConnect(Native Method) [0m



Could it be an SSL connection issue instead of a path issue with the java 
-jar command?

About the idenpotency, by using the creates attribute normally ensure the 
exec command will be executed only if the file/directory doesn't exist. So 
i should not have any problem with that.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/cf796f0d-7ddb-4ff5-bbfb-5ce67aeae565%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Question Exec resource

[Christian Charpentier]

Hi,

I'm trying to install openam with puppet. To do this i'm using an exec 
resource:

exec { 'openam_install':
  command  => "source /etc/profile && /opt/openam/bin/openam_install.sh install 
${::env} > /opt/openam/install.log",
  provider => shell,
  creates  => '/var/lib/tomcat/webapps/sso',
}


The script openam_install.sh exit with an error code:

Debug: /Stage[main]/Openam::Config/Exec[openam_install]/returns:ERROR: 
command execution failed at line 247 !

Error: source /etc/profile && /opt/openam/bin/openam_install.sh install cm 
returned 1 instead of one of [0]

Error: /Stage[main]/Openam::Config/Exec[openam_install]/returns: change 
from notrun to 0 failed: source /etc/profile && 
/opt/openam/bin/openam_install.sh install cm returned 1 instead of one of 
[0]


Line 247 i have this:


java -jar 
/opt/openam/configurator/openam-configurator-tool-${openAMversion}.jar -f 
/opt/openam/configurator/openam.conf

echo "Restarting OpenAM"
service tomcat restart


The java -jar command fail but i can't figure out why because if i try to 
launch this command directly in a shell it works.


Any help would be appreciated.


Thanks.


Chris

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/c0c81a61-b7cc-46e8-b9cf-63020f7598fd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: how to trigger puppet run on agents remotely

[Christian Flamm]

Very simple, yet helpful: https://github.com/alcCapone/doll

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/a4772ecf-d499-4ac4-9f0a-025044ec166e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Anonymous block scope?

[Christian Flamm]

Thanks for clearing this up!

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/b42ee960-9794-4821-b7fa-f5d4a578cab2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Anonymous block scope?

[Christian Flamm]

Hi,
is there a way to have anonymous block scope in puppet? In a couple of 
languages you can simply create limited scope by opening and closing curly 
braces {...}

I'd like to use this to limit the area of effect of e.g. resource default 
statements 
(https://docs.puppetlabs.com/puppet/latest/reference/lang_defaults.html).

Thanks in advance,
Christian

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/452b2ddf-847d-418b-aeef-39f8b84a1e08%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Anonymous block scope?

[Christian Flamm]

Yes
Am 27.08.2015 13:07 schrieb R.I.Pienaar r...@devco.net:



 - Original Message -
  From: Christian Flamm christian.le.fl...@gmail.com
  To: puppet-users puppet-users@googlegroups.com
  Sent: Thursday, August 27, 2015 12:03:11 PM
  Subject: [Puppet Users] Anonymous block scope?

  Hi,
  is there a way to have anonymous block scope in puppet? In a couple of
  languages you can simply create limited scope by opening and closing
 curly
  braces {...}
 
  I'd like to use this to limit the area of effect of e.g. resource default
  statements
  (https://docs.puppetlabs.com/puppet/latest/reference/lang_defaults.html
 ).

 Puppet 4 address most of this, in 3 not so much.

 Are you asking about 3?

 --
 You received this message because you are subscribed to a topic in the
 Google Groups Puppet Users group.
 To unsubscribe from this topic, visit
 https://groups.google.com/d/topic/puppet-users/7M61d84szdQ/unsubscribe.
 To unsubscribe from this group and all its topics, send an email to
 puppet-users+unsubscr...@googlegroups.com.
 To view this discussion on the web visit
 https://groups.google.com/d/msgid/puppet-users/1046405241.85644.1440673655277.JavaMail.zimbra%40devco.net
 .
 For more options, visit https://groups.google.com/d/optout.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CANzp%2BZN1KwN5vy8SZ_XO3tjwHMWWZ6Rs9ibGLCJQDYfD9Zvo1A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Anonymous block scope?

[Christian Flamm]

Not proud of this idea, but...

if true {
...
}

?

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/871d73d6-7002-4b3a-a439-db8fe00c1391%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Puppet agent run runs slowly

[Christian Flamm]

I most sincerely love you! 
Thank you, thank you, thank you!!!

Am Mittwoch, 26. August 2015 19:26:31 UTC+2 schrieb Christopher Wood:

 On Wed, Aug 26, 2015 at 05:13:19PM +0200, Constantin Wolber wrote: 
 Hi, 
 after some more searching and investigating i came to the solution 
 that 
 the state.yaml file is the problem. The affected system contained a 
 state.yaml file which was 147M big. So i deleted the file and after 
 the 
 next run it was down to 347K and no performance issues occurred. 
 Any idea what could have caused the file to get that big? 
 Regards 
 Constantin 

 I recall a thread way back where somebody was purging a growing directory 
 with puppet, I wonder if this is the same issue where the list of resources 
 to be deleted are appended to state.yaml ad infinitum. Maybe save 
 state.yaml backups and diff them? 

 Similar: 

 https://ask.puppetlabs.com/question/6544/state-file-constantly-growing/ 

 https://groups.google.com/forum/#!topic/puppet-users/Laj0WFBmdsU 

 2015-08-26 16:56 GMT+02:00 Constantin Wolber 
 [1]constant...@gmail.com javascript:: 
  
   Hi, 
   i tried the performance profiler, but it did not really help me 
 figuring 
   things out.  
  
   2015-08-26 14:48:21 + Puppet (debug): Storing state 
  
   2015-08-26 14:55:23 + Puppet (debug): Stored state in 422.03 
 seconds 
  
   What I'm interested in is how i can improve performance of that 
 step.  
  
   2015-08-25 18:14 GMT+02:00 kaustubh chaudhari [2]kaus...@gmail.com 
 javascript:: 
  
 Hi, 
  
 You can run profiler to check who and what is taking time in 
 detail. 
  
 [3]https://puppetlabs.com/blog/tune-puppet-performance-profiler 
  
 -Kaustubh 
  
 On Tuesday, August 25, 2015 at 3:49:28 AM UTC-4, Constantin 
 Wolber 
 wrote: 
  
   Hi, 
   i searched quite a bit with google but cannot really find an 
 idea of 
   what to change. 
   If i do a puppet agent run on a few of my managed servers i get 
 the 
   following results: 
  
   Notice: Finished catalog run in 486.54 seconds 
  
   Changes: 
  
   Events: 
  
   Resources: 
  
   Total: 2304 
  
   Time: 
  
  Filebucket: 0.00 
  
 Apt key: 0.00 
  
  Anchor: 0.00 
  
Schedule: 0.00 
  
   Group: 0.00 
  
Exec: 0.00 
  
User: 0.00 
  
  Ssh authorized key: 0.00 
  
 Package: 0.39 
  
Last run: 1440488641 
  
 Service: 2.71 
  
  Config retrieval: 2.91 
  
File: 22.60 
  
   Total: 28.62 
  
   Version: 
  
  Config: 1440488048 
  
  Puppet: 3.8.1 
  
   The summarized view looks good but it seems puppet spends a lot 
 of 
   time in different other places that don't count for the 
 summarize. 
  
   1. Debug: Loaded state in 119.18 seconds 
  
   2. Debug: Loaded state in 156.15 seconds 
  
   3. Debug: Stored state in 252.81 seconds 
  
   What is causing those excessive times for Loading and Storing 
 the 
   state. I did not really find a lot of hints on that topic.  
  
   Due to some ideas i already changed most of my recurse options 
 for 
   file type to recurse = remote 
  
   I also found the hint to use checksum = none but not sure 
 about 
   the effect of that change.  
  
   Any hints are welcome 
  
   Regards 
  
   Constantin 
  
 -- 
 You received this message because you are subscribed to a topic 
 in the 
 Google Groups Puppet Users group. 
 To unsubscribe from this topic, visit 
 [4]
 https://groups.google.com/d/topic/puppet-users/BzfsN9axWss/unsubscribe. 
 To unsubscribe from this group and all its topics, send an email 
 to 
 [5]puppet-users...@googlegroups.com javascript:. 
 To view this discussion on the web visit 
 [6]
 https://groups.google.com/d/msgid/puppet-users/05bacd31-8a6c-4ab5-bdd3-a323f12ff249%40googlegroups.com.
  

 For more options, visit [7]https://groups.google.com/d/optout. 
  
 -- 
 You received this message because you are subscribed to the Google 
 Groups 
 Puppet Users group. 
 To unsubscribe from this group and stop receiving emails from it, 
 send an 
 email to [8]puppet-users...@googlegroups.com javascript:. 
 To view this discussion on the web visit 
 [9]
 https://groups.google.com/d/msgid/puppet-users/CAFYu9xxbT3egioN0crCeBBuXX%2BiFeDhDSiznWXJy1MTX-wmOmg%40mail.gmail.com.
  

 For more options, visit [10]https://groups.google.com/d/optout. 
  
  References 
  

[Puppet Users] Problems with a resource default definition

[Christian Hase]

Hi folks,

i want to declare a resource default globally for all available classes. I 
searched google and found this site:

https://ask.puppetlabs.com/question/396/howto-force-systemd-as-service-provider-globally/

These guys suggest this solution:

Service {
provider = systemd,
  }

*If you write this in a class, the resource default will only be valid 
 within that class, so if you want to have a global default you should 
 probably place that into your site.pp file.*



So i tested it. I wrote in my $environment/manifests/site.pp under 
default:

*node default {*
*  if $::operatingsystem == 'Sles12.0' {*
 *Service {*
*provider = systemd,*
* }*
* notify{SLES 12: Systemd als Service-Provideer:}*
*  }*
*}*


But i didn't see anything in the debug output on my testystem.

https://lh3.googleusercontent.com/-mOSugk7Ff1o/VPRxuSiNCXI/AA0/wD6FxIkp5bg/s1600/2015-03-02%2B15_19_21-mgtwts001%2B-%2Bmgtwts001%2B-%2BRemotedesktopverbindung.png












The i created a class called services::providerdefault which had the same 
content like the site.pp in the above. Just the line node.. was exchanged 
with class services::providerdefault { so to get a class.

I made a requirement in a class for autofs and i got this output.

https://lh6.googleusercontent.com/-tDrB9y1ango/VPRypklDWHI/ABA/oxmiZ_ccZaU/s1600/require%2Bclass%2Bproviderdefault.png


































Now i get the notify in this run But the service wants to check with 
chkconfig and thats wrong. I'm asuming now that my default definition is 
not typed the right way or in a wrong place.

When i declare the provider directly in the resource declaration its 
working.

Can someone tell me how i have to declare a resource default that it is 
working for i.e. 5 services wich i include in the nodedefinition ?


Thanks in Advance

Christian Hase (Yes thats my real name ^-^ its german and means rabbit)

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/086b09d9-ce52-41e7-aa85-1fd9ba533164%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Dallas Fort-Worth Puppet User Group

[Brad Christian]

Hi, I've started the DFWPUG. Please go to 
http://www.meetup.com/Dallas-Fort-Worth-Puppet-User-Group  
http://www.meetup.com/Dallas-Fort-Worth-Puppet-User-Groupfor details, 
I'll be organizing a first meeting soon.

Brad Christian
@vhipster

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/b7c04dc2-df5c-4275-9509-8ac163eae74c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Unreported Windows nodes (Puppet 3.7.3, Exchange 2010)

[Christian Koep]

This is what it looks like: http://i.imgur.com/Woxi68C.png



On Thu, Feb 5, 2015 at 11:27 PM, Rob Reynolds r...@puppetlabs.com wrote:

 On Tue, Feb 3, 2015 at 8:25 AM, cko dert...@gmail.com wrote:

 Icacls: http://i.imgur.com/s1xQy65.png


 Can you run one against the last_run_report.yaml and the lock file (if
 still present)?

 I'm seeing a similar set of permissions for var/state but want to verify
 the permissions on the files (as they can be different).


 I will upgrade to Puppet 3.7.3 this week an see if that fixed the issue.


 On Monday, February 2, 2015 at 9:49:01 PM UTC+1, Rob Reynolds wrote:



 On Mon, Feb 2, 2015 at 5:05 AM, cko der...@gmail.com wrote:

 I just noticed that the affected agents do not update the files located
 in C:\ProgramData\PuppetLabs\puppet\var\state.

 Also interesting: The agent_catalog_run.lock file is not properly
 removed after a puppet run.

 See the timestamps on the files ( http://i.imgur.com/qE87OB5.png )



 Can you give me an icacls on that folder? icacls
 C:\ProgramData\PuppetLabs\puppet\var\state. Also I wonder if you have a
 connection issue in sending the report to the master? From the gist I
 didn't see an issue jump out at me though.

 Also, 3.7.4 just came out. I don't know for sure if it will resolve the
 issues or not.





 On Monday, December 15, 2014 at 5:24:55 PM UTC+1, Rob Reynolds wrote:



 On Sun, Dec 14, 2014 at 9:17 AM, cko der...@gmail.com wrote:

 The Puppet Service is actually running.

 The eventlog shows records about successfully finished catalog runs.
 All files in the C:\ProgramData\PuppetLabs\puppet\var\state
 directory indicate that the puppet run finishes without problems.

 I suspect there is a problem with the submission of the report to the
 puppet master unless the puppet run is triggered manually.


 What user does the puppet agent service run under?




 That might be the reason they are marked out of sync in any
 dashboard application (puppetdb, puppetexplorer, foreman).




 On Sunday, December 14, 2014 4:48:59 AM UTC+1, Rob Reynolds wrote:



 On Tue, Dec 9, 2014 at 7:28 AM, cko der...@gmail.com wrote:

 Hi,

 I'm currently having an issue with the Windows Server 2008R2 nodes
 in our Exchange 2010 environment.

 Since I upgraded the four nodes to Puppet 3.7.3 , they do not check
 in to the Puppetmaster via the Windows Service every 30 minutes like 
 all
 the other nodes do.

 Here is a gist of the output from puppet agent -t --debug that
 might help https://gist.github.com/anonymous/e972393ea742631ccaef

 Is there a problem in my environment or are there any known issues
 regarding this behavior?


 We are not aware of a known issue for this behavior. If you could
 check the eventlog and determine what issues it may be reporting?

  --
 You received this message because you are subscribed to the Google
 Groups Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it,
 send an email to puppet-users...@googlegroups.com.
 To view this discussion on the web visit
 https://groups.google.com/d/msgid/puppet-users/4da95e8f-9c8f
 -4dca-a91d-dfae1ce1dd1d%40googlegroups.com
 https://groups.google.com/d/msgid/puppet-users/4da95e8f-9c8f-4dca-a91d-dfae1ce1dd1d%40googlegroups.com?utm_medium=emailutm_source=footer
 .
 For more options, visit https://groups.google.com/d/optout.



 --
 Rob Reynolds
 Developer, Puppet Labs

 *Join us at **PuppetConf 2015, October 5-9 in Portland, OR - *
 http://2015.puppetconf.com/
 *Register early to save 40%!*

  --
 You received this message because you are subscribed to the Google
 Groups Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it,
 send an email to puppet-users...@googlegroups.com.
 To view this discussion on the web visit https://groups.google.com/d/
 msgid/puppet-users/311eff85-ba40-42bf-a983-a363fe5a61d1%40goog
 legroups.com
 https://groups.google.com/d/msgid/puppet-users/311eff85-ba40-42bf-a983-a363fe5a61d1%40googlegroups.com?utm_medium=emailutm_source=footer
 .

 For more options, visit https://groups.google.com/d/optout.



 --
 Rob Reynolds
 Developer, Puppet Labs

 *Join us at **PuppetConf 2015, October 5-9 in Portland, OR - *
 http://2015.puppetconf.com/
 *Register early to save 40%!*

  --
 You received this message because you are subscribed to the Google
 Groups Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it, send
 an email to puppet-users...@googlegroups.com.
 To view this discussion on the web visit https://groups.google.com/d/
 msgid/puppet-users/74fa3e65-2974-46b5-95c4-a30bf6374a60%
 40googlegroups.com
 https://groups.google.com/d/msgid/puppet-users/74fa3e65-2974-46b5-95c4-a30bf6374a60%40googlegroups.com?utm_medium=emailutm_source=footer
 .

 For more options, visit https://groups.google.com/d/optout.




 --
 Rob Reynolds
 Developer, Puppet Labs

 *Join us at **PuppetConf 2015, October 5-9 in Portland, OR - *
 http://2015.puppetconf.com/
 *Register early to save 40%!*

  --
 

[Puppet Users] hiera variable problem

[Christian Charpentier]

Hi,

I've been using hiera for several weeks now and all was working fine til 
few days ago when i started to get that kind of message:
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: 
Could not find data item nom in any Hiera data file and no default supplied 
on node d0puppetclient.victor-buck.com
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

So i tried to make a very simple test to check if the problem came from my 
last code changes and i'm still getting this message. I can't get hiera 
variable anymore.
Below the test i made:

*hiera.yaml*:
---
:backends:
  - yaml

:yaml:
  :datadir: /etc/puppet/hieradata

:hierarchy:
  - common


*site.pp*:
# /etc/puppet/manifests/site.pp

case $operatingsystem {
  'Solaris': { include role::solaris }
  'RedHat', 'CentOS': { include redhat::roles::common }
  /^(Debian|Ubuntu)$/: { include role::debian }
#  default: { include role::generic }
}

case $hostname {
  /^d0puppetclient/: { include test }
}


*test.pp*:
class test{

  $nom = hiera('nom')

file {/root/test.txt:
ensure   = file,
source   = /etc/puppet/test.txt.erb,
  }

}


*test.txt.erb*:
%= nom %

Any idea about to fix this?I thought this could be an file access right 
issue, so i tried to grante access on some files (755) and it's not 
working...
Thanks to those who 'll take time to read me and give me an answer :)

Christian

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/41e41e5f-7d26-46c4-9fe4-861b146c8f4f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] hiera variable problem

[Christian Charpentier]

No, the command to get the hiera variable value (hiera nom) doesn't work.

The common.yaml file contents:

---
apache_packages_list:
 - apr-1.4.8
 - apr-devel-1.4.8
 - apr-util-1.5.2
 - apr-util-devel-1.5.2
 - distcache-1.4.5
 - distcache-devel-1.4.5
 - httpd-2.4.6
 - httpd-tools-2.4.6 
 - mod_ssl-2.4.6
 

classes: []

hiera_ressources_path: /etc/puppet/hieradata

nom: test

Regards,

Le jeudi 7 août 2014 15:23:01 UTC+2, Jose Luis Ledesma a écrit :

 Hi,

 What's the content of /etc/puppet/hieradata/common.yaml ?

 Does the hiera command line works?
 Something like:
 $ hiera nom

 Regards,


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/24a413db-919e-4da8-a08e-971fe87aa5ef%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Problem using hiera variable in templates

[Christian Charpentier]

It was due to some kind of syntax error (= missing) :
%=  scope.lookupvar('apache::config::servername') % 

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/f2fd38c8-f524-457d-9263-fd1a338c1a52%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Problem using hiera variable in templates

[Christian Charpentier]

Hi,

I'm trying to use variables stored in hiera files in module templates. I 
read it's better to avoid to use hiera function in templates so i tried to 
get the hiera value in the config.pp manifest with a local variable.
Then to use the local variable in the template, but it doesn't work.

*common.yaml*

---
apache_packages_list:
 - apr-1.4.8
 - apr-devel-1.4.8
 - apr-util-1.5.2
 - apr-util-devel-1.5.2
 - distcache-1.4.5
 - distcache-devel-1.4.5
 - httpd-2.4.6
 - httpd-tools-2.4.6 
 - mod_ssl-2.4.6
 
accounts_conf_filename: accounts.victorbuckservices.com.conf
accounts_conf_balancer_filename: 
accounts.victorbuckservices.com.balancer.conf
certificate_filename: all.dev.victorbuckservices.com.crt
key_filename: all.dev.victorbuckservices.com.key


*ServerName: accounts.dev.victorbuckservices.comServerAdmin: 
t...@victorbuckservices.com*
SSLCertificateFile: /etc/pki/tls/certs/all.dev.victorbuckservices.com.crt
SSLCertificateKeyFile: 
/etc/pki/tls/private/all.dev.victorbuckservices.com.key
  

*config.pp*

class apache::config { 
$accounts_conf_filename= hiera('accounts_conf_filename')
$accounts_conf_balancer_filename  = 
hiera('accounts_conf_balancer_filename')
$crt_filename = 
hiera('certificate_filename')
$key_filename= hiera('key_filename')

   
* $servername = hiera('ServerName')$serveradmin = hiera('ServerAdmin')*

file {/etc/httpd/conf.d/$accounts_conf_filename:
ensure   = file,
content  = 
template(/etc/puppet/hieradata/$accounts_conf_filename.erb),
}
  
file {/etc/httpd/conf.d/$accounts_conf_balancer_filename:
ensure   = file,
content  = 
template(/etc/puppet/hieradata/$accounts_conf_balancer_filename),
}

file {'/etc/pki/tls/certs/$crt_filename':
ensure   = file,
content  = template(/etc/puppet/hieradata/$crt_filename),
}

file {'/etc/pki/tls/private/$key_filename':
ensure   = file,
content  = template(/etc/puppet/hieradata/$key_filename),
}

}

*accounts.victorbuckservices.com.conf.erb*

VirtualHost accounts.dev.victorbuckservices.com:80
   ServerName % ServerName =  
scope.lookupvar('apache::config::servername') % 
ServerAdmin % ServerAdmin = 
scope.lookupvar('apache::config::serveradmin') % 

I also tried syntax as follow:
ServerName %= scope.function_hiera('ServerName') %
ServerName %= @servername % 

But i doesn't works neither.


Any idea or suggestion to make this right?

Cheers,
Christian

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/505d7ccb-20f2-4af6-a2f9-66a03535e495%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Puppet + hiera file backend problem

[Christian Charpentier]

I have a file accounts.victorbuckservices.com.conf and not an .erb template.
It seems a little weird to me that we have to use template function either 
for .erb template or file backend.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/cf5550d3-2625-4825-9558-185490078b05%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Puppet + hiera file backend problem

[Christian Charpentier]

Hi,

I'm using hiera with puppet and i want to store my resources out from the 
modules, in hieradata directory.

Here is my hiera.yaml file:

---
:hierarchy:
- common
#- %{operatingsystem}
- %{::hostname}

:backends:
- yaml
- file

:yaml:
:datadir: '/etc/puppet/hieradata'

:file:
:datadir: '/etc/puppet/hieradata'

:logger: console

The common.yaml file:

---
apache_packages_list:
 - apr-1.4.8
 - apr-devel-1.4.8
 - apr-util-1.5.2
 - apr-util-devel-1.5.2
 - distcache-1.4.5
 - distcache-devel-1.4.5
 - httpd-2.4.6
 - httpd-tools-2.4.6 
 - mod_ssl-2.4.6
 
accounts_conf_filename: accounts.victorbuckservices.com.conf
accounts_conf_balancer_filename: 
accounts.victorbuckservices.com.balancer.conf
certificate_filename: all.dev.victorbuckservices.com.crt
key_filename: all.dev.victorbuckservices.com.key


My site.pp call a role which call itself a profile which uses a module to 
install apache.
Here is the config..p of apache module:

class apache::config { 
$accounts_conf_filename   = hiera('accounts_conf_filename')
$accounts_conf_balancer_filename  = 
hiera('accounts_conf_balancer_filename')
$crt_filename = hiera('certificate_filename')
$key_filename = hiera('key_filename')

file {'/etc/httpd/conf.d/accounts.victorbuckservices.com.conf':
ensure   = file,
content  = template($accounts_conf_filename),
}
  
file {'/etc/httpd/conf.d/$accounts_conf_balancer_filename':
ensure   = file,
content  = template($accounts_conf_balancer_filename),
}

file {'/etc/pki/tls/certs/$crt_filename':
ensure   = file,
content  = template($crt_filename),
}

file {'/etc/pki/tls/private/$key_filename':
ensure   = file,
content  = template($key_filename),
}

}

I put data and resource files in /etc/puppet/hieradata/ and when i use the 
command line on the client:
puppet agent --server=d0puppet.victor-buck.com --debug --verbose --noop 
--test 
I got the following error :
Error 400 on Server: could not find template 
'accounts.victorbuckservices.com.conf' at 
/etc/puppet/modules/apache/manifests/config.pp:9 on node puppetclient

Someone to help to figure out what happen?
If there are some information missing to make easier to understand what's 
going on feel free to ask me.

Thanks.

Christian

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/00bf537c-6ac1-4351-b4c3-e4f99bdda189%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Error 400 on SERVER : could not find class xxx for yyy on node yyy

[Christian Charpentier]

Thanks a lot Jose, i appreciate your help :)

Le vendredi 30 mai 2014 15:53:42 UTC+2, Jose Luis Ledesma a écrit :

 Class vstar::apache  should be in

 /etc/puppet/modules/vstar/manifests/apache.pp

 To allow autoloader find it.

 Regards,
 El 30/05/2014 15:48, Christian Charpentier cha...@gmail.com 
 javascript: escribió:

 Hi,
 I'm statrting using puppet with role/profile pattern and i'm facing a 
 problem.
 I use puppet 3.4.3 with a master running on red hat 2.6 and a client on a 
 local VM centOS 6.5.
 When i try to test my code with the command above i got an error : Error 
 400 on SERVER could not find class vstar::apache for puppetclient on node 
 puppet client.

 puppet agent --server=d0puppet.victor-buck.com --debug --verbose --noop 
 --test 


 Here is my puppet code :

 # /etc/puppet/manifests/site.pp
 import classes/*
  
 case $operatingsystem {
 'Solaris':  { include role::solaris }
 'RedHat', 'CentOS': { include role::redhat  }
 /^(Debian|Ubuntu)$/:{ include role::debian  }
 default:{ include role::generic }
 }

 case $hostname {
 /^puppetclient/:   { include vstar::roles::www }
 }

 #/etc/puppet/modules/vstar/manifests/roles/www.pp
 class vstar::roles::www { 
   include vstar::profiles::webserver
   include vstar::profiles::mailserver
 }

 #/etc/puppet/modules/vstar/manifests/profiles/webserver.pp
 class vstar::profiles::webserver { 
   include vstar::apache
   include common::postfix
 }

 #/etc/puppet/modules/vstar/manifests/apache/manifests/init.pp
 class vstar::apache { 
   include apache::install, apache::service
 }

 I can't figure out the issue here. Any idea on the solution to fix this?
 Any comment or idea is welcome.

 Thanks.

 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it, send an 
 email to puppet-users...@googlegroups.com javascript:.
 To view this discussion on the web visit 
 https://groups.google.com/d/msgid/puppet-users/75a4d45f-9259-40c9-887e-c717b0d67c94%40googlegroups.com
  
 https://groups.google.com/d/msgid/puppet-users/75a4d45f-9259-40c9-887e-c717b0d67c94%40googlegroups.com?utm_medium=emailutm_source=footer
 .
 For more options, visit https://groups.google.com/d/optout.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/29dbf5fe-e3a3-4eae-91a6-338b2bc6b820%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Error 400 on SERVER : could not find class xxx for yyy on node yyy

[Christian Charpentier]

Hi,
I'm statrting using puppet with role/profile pattern and i'm facing a 
problem.
I use puppet 3.4.3 with a master running on red hat 2.6 and a client on a 
local VM centOS 6.5.
When i try to test my code with the command above i got an error : Error 
400 on SERVER could not find class vstar::apache for puppetclient on node 
puppet client.

puppet agent --server=d0puppet.victor-buck.com --debug --verbose --noop 
--test 


Here is my puppet code :

# /etc/puppet/manifests/site.pp
import classes/*
 
case $operatingsystem {
'Solaris':  { include role::solaris }
'RedHat', 'CentOS': { include role::redhat  }
/^(Debian|Ubuntu)$/:{ include role::debian  }
default:{ include role::generic }
}

case $hostname {
/^puppetclient/:   { include vstar::roles::www }
}

#/etc/puppet/modules/vstar/manifests/roles/www.pp
class vstar::roles::www { 
  include vstar::profiles::webserver
  include vstar::profiles::mailserver
}

#/etc/puppet/modules/vstar/manifests/profiles/webserver.pp
class vstar::profiles::webserver { 
  include vstar::apache
  include common::postfix
}

#/etc/puppet/modules/vstar/manifests/apache/manifests/init.pp
class vstar::apache { 
  include apache::install, apache::service
}

I can't figure out the issue here. Any idea on the solution to fix this?
Any comment or idea is welcome.

Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/75a4d45f-9259-40c9-887e-c717b0d67c94%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Two (hopefuly minor) Questions (ip-array, line for several hosts)

[christian . reiss . sg]

Hey folks,

that worked, thanks.

-Christian.

Am Donnerstag, 10. Oktober 2013 11:54:31 UTC+2 schrieb 
christian...@googlemail.com:

 Hey Folks,

 I have two question, which I hope are minor. First off I would like an 
 array with all IPs for a system. This would come in handy for sshkeys, 
 hosts and the likes.

 Second, and more important, I need to add a line into a file for every 
 host. To clarify here is an example:

 - I have 3 (theoretical) nameservers, which configs (zones) get 
 distributed over puppet.
 - I want, in each zonefile a line

 mydomain.de. IN NS $fqdn::dns::server.

 Furthermore I want those lines purged if a NS does clean/deactivated.


 Thanks for your help in advance!
 -Christian.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Two (hopefuly minor) Questions (ip-array, line for several hosts)

[christian . reiss . sg]

Hey Folks,

I have two question, which I hope are minor. First off I would like an 
array with all IPs for a system. This would come in handy for sshkeys, 
hosts and the likes.

Second, and more important, I need to add a line into a file for every 
host. To clarify here is an example:

- I have 3 (theoretical) nameservers, which configs (zones) get distributed 
over puppet.
- I want, in each zonefile a line

mydomain.de. IN NS $fqdn::dns::server.

Furthermore I want those lines purged if a NS does clean/deactivated.


Thanks for your help in advance!
-Christian.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: [windows server 2008 r2] puppet errors in 3.3.0 on exchange database servers

[Christian Koep]

Hi Rob,
i just applied the changes to the windows.rb file.

The catalog run finished as usual. Thank you ;-)



On Thu, Oct 3, 2013 at 8:47 PM, Rob Reynolds r...@puppetlabs.com wrote:

 This verifies for us that this is a gating issue.

 Would you feel comfortable helping us verify that we've fixed this issue
 for you?


 https://github.com/ferventcoder/facter/blob/874a5a96ac5fa778c50f1e93424850022b1756cf/lib/facter/util/ip/windows.rb#L46-L47




 On Thu, Oct 3, 2013 at 1:42 PM, Christian Koep dert...@gmail.com wrote:

 Yes, thats all i got from *facter --trace --debug*


 On Thu, Oct 3, 2013 at 8:41 PM, Rob Reynolds r...@puppetlabs.com wrote:

 Was this the entire log (minus anything you feel sensitive)?


 On Thu, Oct 3, 2013 at 1:15 PM, cko dert...@gmail.com wrote:

 https://gist.github.com/anonymous/6814400


 On Thursday, October 3, 2013 5:23:05 PM UTC+2, Rob Reynolds wrote:

 You should be able to run

 facter --trace --debug


 On Wed, Oct 2, 2013 at 5:18 PM, cko der...@gmail.com wrote:

 Hi Ethan,

 what's the exact command that i would have to use?


 On Wednesday, October 2, 2013 11:35:29 PM UTC+2, Ethan Brown wrote:

 Christian -

 I'm doing the final verification of our fix, and was hoping that I
 could get the output from Facter run by itself?



 On Fri, Sep 20, 2013 at 1:36 PM, Rob Reynolds 
 r...@puppetlabs.comwrote:

  I would say with all of this in mind we move forward with a fix
 where we look to see that the network adapter itself is also enabled. 
 This
 is laid out in the ticket that I noted earlier.


 On Fri, Sep 20, 2013 at 7:44 AM, Rich Siegel rism...@gmail.comwrote:

  Exchange DAG is essentially a cluster and the adapter in question
 the dag ip.

 My guess is the logic for adapters should be modded for when
 netconnectionid is not null.

 In general don't try to mess with hidden adapters on dags unless
 you understand ramifications.

 --
 You received this message because you are subscribed to the Google
 Groups Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it,
 send an email to puppet-users...@**googlegroups.**com.
 To post to this group, send email to puppet...@googlegroups.com.

 Visit this group at http://groups.google.com/**group**
 /puppet-users http://groups.google.com/group/puppet-users.
 For more options, visit https://groups.google.com/**grou**
 ps/opt_out https://groups.google.com/groups/opt_out.




 --
 Rob Reynolds
 Developer, Puppet Labs

 Join us at PuppetConf 2014, September 23-24 in San Francisco

 --
 You received this message because you are subscribed to the Google
 Groups Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it,
 send an email to puppet-users...@**googlegroups.**com.
 To post to this group, send email to puppet...@googlegroups.com.

 Visit this group at 
 http://groups.google.com/**group**/puppet-usershttp://groups.google.com/group/puppet-users
 .
 For more options, visit https://groups.google.com/**grou**
 ps/opt_out https://groups.google.com/groups/opt_out.




 --
 --
 Ethan Brown
 et...@puppetlabs.com
 Software Engineer

 *Join us at PuppetConf 2014, September 23-24 in San Francisco*

  --
 You received this message because you are subscribed to the Google
 Groups Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it,
 send an email to puppet-users...@**googlegroups.com.
 To post to this group, send email to puppet...@googlegroups.com.
 Visit this group at 
 http://groups.google.com/**group/puppet-usershttp://groups.google.com/group/puppet-users
 .
 For more options, visit 
 https://groups.google.com/**groups/opt_outhttps://groups.google.com/groups/opt_out
 .




 --
 Rob Reynolds
 Developer, Puppet Labs

 Join us at PuppetConf 2014, September 23-24 in San Francisco

  --
 You received this message because you are subscribed to the Google
 Groups Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it, send
 an email to puppet-users+unsubscr...@googlegroups.com.

 To post to this group, send email to puppet-users@googlegroups.com.
 Visit this group at http://groups.google.com/group/puppet-users.
 For more options, visit https://groups.google.com/groups/opt_out.




 --
 Rob Reynolds
 Developer, Puppet Labs

 Join us at PuppetConf 2014, September 23-24 in San Francisco

 --
 You received this message because you are subscribed to a topic in the
 Google Groups Puppet Users group.
 To unsubscribe from this topic, visit
 https://groups.google.com/d/topic/puppet-users/_JSpNmSvg_I/unsubscribe.
 To unsubscribe from this group and all its topics, send an email to
 puppet-users+unsubscr...@googlegroups.com.

 To post to this group, send email to puppet-users@googlegroups.com.
 Visit this group at http://groups.google.com/group/puppet-users.
 For more options, visit https://groups.google.com/groups/opt_out.


  --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group

Re: [Puppet Users] Re: [windows server 2008 r2] puppet errors in 3.3.0 on exchange database servers

[Christian Koep]

Yes, thats all i got from *facter --trace --debug*


On Thu, Oct 3, 2013 at 8:41 PM, Rob Reynolds r...@puppetlabs.com wrote:

 Was this the entire log (minus anything you feel sensitive)?


 On Thu, Oct 3, 2013 at 1:15 PM, cko dert...@gmail.com wrote:

 https://gist.github.com/anonymous/6814400


 On Thursday, October 3, 2013 5:23:05 PM UTC+2, Rob Reynolds wrote:

 You should be able to run

 facter --trace --debug


 On Wed, Oct 2, 2013 at 5:18 PM, cko der...@gmail.com wrote:

 Hi Ethan,

 what's the exact command that i would have to use?


 On Wednesday, October 2, 2013 11:35:29 PM UTC+2, Ethan Brown wrote:

 Christian -

 I'm doing the final verification of our fix, and was hoping that I
 could get the output from Facter run by itself?



 On Fri, Sep 20, 2013 at 1:36 PM, Rob Reynolds r...@puppetlabs.comwrote:

  I would say with all of this in mind we move forward with a fix
 where we look to see that the network adapter itself is also enabled. 
 This
 is laid out in the ticket that I noted earlier.


 On Fri, Sep 20, 2013 at 7:44 AM, Rich Siegel rism...@gmail.comwrote:

  Exchange DAG is essentially a cluster and the adapter in question
 the dag ip.

 My guess is the logic for adapters should be modded for when
 netconnectionid is not null.

 In general don't try to mess with hidden adapters on dags unless you
 understand ramifications.

 --
 You received this message because you are subscribed to the Google
 Groups Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it,
 send an email to puppet-users...@**googlegroups.**com.
 To post to this group, send email to puppet...@googlegroups.com.

 Visit this group at 
 http://groups.google.com/**group**/puppet-usershttp://groups.google.com/group/puppet-users
 .
 For more options, visit 
 https://groups.google.com/**grou**ps/opt_outhttps://groups.google.com/groups/opt_out
 .




 --
 Rob Reynolds
 Developer, Puppet Labs

 Join us at PuppetConf 2014, September 23-24 in San Francisco

 --
 You received this message because you are subscribed to the Google
 Groups Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it,
 send an email to puppet-users...@**googlegroups.**com.
 To post to this group, send email to puppet...@googlegroups.com.

 Visit this group at 
 http://groups.google.com/**group**/puppet-usershttp://groups.google.com/group/puppet-users
 .
 For more options, visit 
 https://groups.google.com/**grou**ps/opt_outhttps://groups.google.com/groups/opt_out
 .




 --
 --
 Ethan Brown
 et...@puppetlabs.com
 Software Engineer

 *Join us at PuppetConf 2014, September 23-24 in San Francisco*

  --
 You received this message because you are subscribed to the Google
 Groups Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it, send
 an email to puppet-users...@**googlegroups.com.
 To post to this group, send email to puppet...@googlegroups.com.
 Visit this group at 
 http://groups.google.com/**group/puppet-usershttp://groups.google.com/group/puppet-users
 .
 For more options, visit 
 https://groups.google.com/**groups/opt_outhttps://groups.google.com/groups/opt_out
 .




 --
 Rob Reynolds
 Developer, Puppet Labs

 Join us at PuppetConf 2014, September 23-24 in San Francisco

  --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to puppet-users+unsubscr...@googlegroups.com.

 To post to this group, send email to puppet-users@googlegroups.com.
 Visit this group at http://groups.google.com/group/puppet-users.
 For more options, visit https://groups.google.com/groups/opt_out.




 --
 Rob Reynolds
 Developer, Puppet Labs

 Join us at PuppetConf 2014, September 23-24 in San Francisco

 --
 You received this message because you are subscribed to a topic in the
 Google Groups Puppet Users group.
 To unsubscribe from this topic, visit
 https://groups.google.com/d/topic/puppet-users/_JSpNmSvg_I/unsubscribe.
 To unsubscribe from this group and all its topics, send an email to
 puppet-users+unsubscr...@googlegroups.com.
 To post to this group, send email to puppet-users@googlegroups.com.
 Visit this group at http://groups.google.com/group/puppet-users.
 For more options, visit https://groups.google.com/groups/opt_out.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Howto model different stages

[Christian Flamm]

Hi all,
I'm trying to find a nice way to model different stages (like: live, test, 
dev) of puppet modules. Initially I thought of different branches inside 
one (Git) repository...  

   - either being checked out on one puppetmaster into different 
   directories being used as different puppet environments
   - or being checked out on different puppetmasters

but then colleagues of mine recently attended Citconf in Turin were 
somebody strongly recommended *not* to use puppet environments and/or 
branches.

I'd like to understand how you solve(d) this.

Thanks in advance,
Christian

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Vagrant+Puppet using RVM to install Apache2+Passenger fails

[Christian]

Anyone?

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Vagrant+Puppet using RVM to install Apache2+Passenger fails

[Christian]

Hi all,

hope to be on the right place here..

I'm playing with Vagrant and Puppet for a small Apache2+Passenger Server 
above ubuntu-precise-32. I like to get this working for a small group of 
developers.

I confess, I didn't read the whole documentation about puppet, but I've 
browsed the whole Internet twice! ...about this problem. I only want to 
get this small environment working at the moment, so I don't want to spend 
much time in reading and coding examples. Maybe some of you can help me a 
bit.

The manifest is working so far, but the Installation of passenger fails 
with this error:

notice: 
/Stage[main]/Rvm::Passenger::Apache::Ubuntu::Post/File[/etc/apache2/mods-enabled/passenger.load]/ensure:
 
created
err: /Stage[main]/Apache::Service/Service[httpd]: Failed to call refresh: 
Could not start Service[httpd]: Execution of '/etc/init.d/apache2 start' 
returned 1:  at /tmp/vagrant-puppet/modules-0/apache/manifests/service.pp:28
notice: 
/Stage[main]/Install-rvm/Rvm_gem[ruby-1.9.3-p448@mygemset/ruby-hmac]/ensure: 
created
notice: /Stage[main]/Postconfig/Exec[use-rubyver]/returns: executed 
successfully
notice: /Stage[main]/Postconfig/Exec[gemset-use]/returns: executed 
successfully
err: /Stage[main]/Postconfig/Exec[passenger-install-apache]/returns: change 
from notrun to 0 failed: rvm gemset use mygemset  
passenger-install-apache2-module --auto returned 1 instead of one of [0] at 
/tmp/vagrant-puppet/manifests/development.pp:62

The passenger-install-apache2-module command runs smoothly if I fire it in 
a shell on the vagrant box. I think thats the problem for the first error. 
Apache cannot start because of the missing module.

The manifest I use is this:
http://pastie.org/private/xcsmy8b6lwivymegeqcrrw

Thanks in advance!

Chris


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Puppet, Facter, looping through IPs

[Christian Reiß]

Hello all,

I am trying to set up ssh keys (sshkeys) for populate 
/etc/ssh/ssh_known_hosts. So far it works great, but I want to have aliases 
for all ips online on that host. 

Two problems:

- The assumption is that the interface count and names are unknown. There 
can be one eth or many, none but a xapi device etc. There is, however, 
interfaces variable from facter, which holds all the interfaces.

- I need to loop through the array and use the contents of that variable, 
ie:

interfaces = eth0,eth1,lo,tun0
ipaddress = 46.229.47.132
ipaddress_eth0 = 46.229.47.132
ipaddress_eth1 = 10.1.0.2
ipaddress_lo = 127.0.0.1
ipaddress_tun0 = 10.10.0.1

So I would need to loop through interfaces, query the variable with the 
same name to get the ip address. All this by acoiding loopback.

- I dont know a good way to then add all compiled aliases into sshkeys.

Does anyone have a pointer / solution?

Thank you for your help in advance,
Chris.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Debugging Puppetmaster with Apache/Rack/Passenger

[Christian Flamm]

Did what you posted.
Strange thing happened: nothing appears in the specified logdest. Instead: 
the (wanted) debug output it now sent to apache's error log!

I have no idea what's going on - but at least I have the output I was 
looking for :-/

Thanks,
Christian

Am Mittwoch, 24. Juli 2013 09:42:14 UTC+2 schrieb Keith Burdis:

 I believe the --debug in config.ru sends output to syslog so either look 
 in /var/log/messages (or similar) or specify a log destination filename 
 like:

 ARGV  --logdest  /var/log/puppet/puppet-master.log

   - Keith
  On 23 Jul 2013 09:15, Christian Flamm 
 christian...@gmail.comjavascript: 
 wrote:

 Hi,
 I'm currently trying to debug a performance issue I'm having. Therefore I 
 would need DEBUG output. When using one puppetmaster process, this is 
 fairly easy by starting it like this:

  puppet master --no-daemonize --debug

 Now I need to see this debug output when running puppetmaster the way I 
 ususally do - using Apache/Rack/Passenger. After looking around a bit in 
 the vhost config file

  cat /etc/httpd/conf.d/puppetmaster.conf 
 LoadModule passenger_module 
 /usr/lib/ruby/gems/1.8/gems/passenger-4.0.10/buildout/apache2/mod_passenger.so
 PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-4.0.10
 PassengerDefaultRuby /usr/bin/ruby
 
 # TODO evaluate benefit of ThrottleRate
 PassengerStatThrottleRate 120
 PassengerHighPerformance On
 PassengerMaxPoolSize 12
 PassengerMaxRequests 1000
 PassengerPoolIdleTime 600
 
 Listen 8140
 VirtualHost *:8140
 SSLEngine On
 
 # Only allow high security cryptography. Alter if needed for 
 compatibility.
 SSLProtocol All -SSLv2
 SSLCipherSuite  HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP
 SSLCertificateFile  /var/lib/puppet/ssl/certs/puppetmaster
 .pem
 SSLCertificateKeyFile   /var/lib/puppet/ssl/private_keys/
 puppetmaster.pem
 SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
 SSLCACertificateFile/var/lib/puppet/ssl/ca/ca_crt.pem
 SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
 SSLVerifyClient optional
 SSLVerifyDepth  1
 SSLOptions  +StdEnvVars +ExportCertData
 
 # These request headers are used to pass the client certificate
 # authentication information on to the puppet master process
 RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
 RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
 RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
 
 DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/
 Directory /usr/share/puppet/rack/puppetmasterd/
 Options None
 AllowOverride None
 Order Allow,Deny
 Allow from All
 /Directory
 /VirtualHost

 I had a look at /usr/share/puppet/rack/puppetmasterd/config.ru which 
 contains this:

 [snippet]
 # if you want debugging:
 # ARGV  --debug

 ... so I enabled it. But this actually only gives me extra lines I 
 believe belong to INFO log level:

 Jul 22 17:17:47 puppetmaster puppet-master[22132]: 
 (access[^/catalog/([^/]+)$]) allowing 'method' find Jul 22 17:17:47 
 puppetmaster puppet-master[22132]: (access[^/catalog/([^/]+)$]) allowing 
 $1 access Jul 22 17:17:47 puppetmaster puppet-master[22132]: 
 (access[^/node/([^/]+)$]) allowing 'method' find Jul 22 17:17:47 
 puppetmaster puppet-master[22132]: (access[^/node/([^/]+)$]) allowing $1 
 access Jul 22 17:17:47 puppetmaster puppet-master[22132]: 
 (access[/certificate_revocation_list/ca]) allowing 'method' find Jul 
 22 17:17:47 puppetmaster puppet-master[22132]: 
 (access[/certificate_revocation_list/ca]) allowing * access Jul 22 
 17:17:47 puppetmaster puppet-master[22132]: (access[/report]) allowing 
 'method' save Jul 22 17:17:47 puppetmaster puppet-master[22132]: 
 (access[/report]) allowing * access Jul 22 17:17:47 puppetmaster 
 puppet-master[22132]: (access[/file]) allowing * access Jul 22 
 17:17:47 puppetmaster puppet-master[22132]: (access[/certificate/ca]) 
 adding authentication any Jul 22 17:17:47 puppetmaster 
 puppet-master[22132]: (access[/certificate/ca]) allowing 'method' find   
   Jul 22 17:17:47 puppetmaster puppet-master[22132]: 
 (access[/certificate/ca]) allowing * access Jul 22 17:17:47 
 puppetmaster puppet-master[22132]: (access[/certificate/]) adding 
 authentication any Jul 22 17:17:47 puppetmaster 
 puppet-master[22132]: (access[/certificate/]) allowing 'method' find Jul 
 22 17:17:47 puppetmaster puppet-master[22132]: (access[/certificate/]) 
 allowing * access Jul 22 17:17:47 puppetmaster 
 puppet-master[22132]: (access[/certificate_request]) adding authentication 
 any Jul 22 17:17:47 puppetmaster puppet-master[22132]: 
 (access[/certificate_request]) allowing 'method

Re: [Puppet Users] Debugging Puppetmaster with Apache/Rack/Passenger

[Christian Flamm]

Debug output is sent to Apache error log, because of missing permissions to 
write to the defined logdest.

So - bottom line - thanks for your reply, --logdest is necessary. Without 
it debug output is (per default) not sent to /var/log/messages.

Am Mittwoch, 24. Juli 2013 09:59:40 UTC+2 schrieb Christian Flamm:

 Did what you posted.
 Strange thing happened: nothing appears in the specified logdest. Instead: 
 the (wanted) debug output it now sent to apache's error log!

 I have no idea what's going on - but at least I have the output I was 
 looking for :-/

 Thanks,
 Christian

 Am Mittwoch, 24. Juli 2013 09:42:14 UTC+2 schrieb Keith Burdis:

 I believe the --debug in config.ru sends output to syslog so either look 
 in /var/log/messages (or similar) or specify a log destination filename 
 like:

 ARGV  --logdest  /var/log/puppet/puppet-master.log

   - Keith
  On 23 Jul 2013 09:15, Christian Flamm christian...@gmail.com wrote:

 Hi,
 I'm currently trying to debug a performance issue I'm having. Therefore 
 I would need DEBUG output. When using one puppetmaster process, this 
 is fairly easy by starting it like this:

  puppet master --no-daemonize --debug

 Now I need to see this debug output when running puppetmaster the way I 
 ususally do - using Apache/Rack/Passenger. After looking around a bit in 
 the vhost config file

  cat /etc/httpd/conf.d/puppetmaster.conf 
 LoadModule passenger_module 
 /usr/lib/ruby/gems/1.8/gems/passenger-4.0.10/buildout/apache2/mod_passenger.so
 PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-4.0.10
 PassengerDefaultRuby /usr/bin/ruby
 
 # TODO evaluate benefit of ThrottleRate
 PassengerStatThrottleRate 120
 PassengerHighPerformance On
 PassengerMaxPoolSize 12
 PassengerMaxRequests 1000
 PassengerPoolIdleTime 600
 
 Listen 8140
 VirtualHost *:8140
 SSLEngine On
 
 # Only allow high security cryptography. Alter if needed for 
 compatibility.
 SSLProtocol All -SSLv2
 SSLCipherSuite  HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP
 SSLCertificateFile  /var/lib/puppet/ssl/certs/puppetmaster
 .pem
 SSLCertificateKeyFile   /var/lib/puppet/ssl/private_keys/
 puppetmaster.pem
 SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
 SSLCACertificateFile/var/lib/puppet/ssl/ca/ca_crt.pem
 SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
 SSLVerifyClient optional
 SSLVerifyDepth  1
 SSLOptions  +StdEnvVars +ExportCertData
 
 # These request headers are used to pass the client certificate
 # authentication information on to the puppet master process
 RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
 RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
 RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
 
 DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/
 Directory /usr/share/puppet/rack/puppetmasterd/
 Options None
 AllowOverride None
 Order Allow,Deny
 Allow from All
 /Directory
 /VirtualHost

 I had a look at /usr/share/puppet/rack/puppetmasterd/config.ru which 
 contains this:

 [snippet]
 # if you want debugging:
 # ARGV  --debug

 ... so I enabled it. But this actually only gives me extra lines I 
 believe belong to INFO log level:

 Jul 22 17:17:47 puppetmaster puppet-master[22132]: 
 (access[^/catalog/([^/]+)$]) allowing 'method' find Jul 22 17:17:47 
 puppetmaster puppet-master[22132]: (access[^/catalog/([^/]+)$]) allowing 
 $1 access Jul 22 17:17:47 puppetmaster puppet-master[22132]: 
 (access[^/node/([^/]+)$]) allowing 'method' find Jul 22 17:17:47 
 puppetmaster puppet-master[22132]: (access[^/node/([^/]+)$]) allowing $1 
 access Jul 22 17:17:47 puppetmaster puppet-master[22132]: 
 (access[/certificate_revocation_list/ca]) allowing 'method' find Jul 
 22 17:17:47 puppetmaster puppet-master[22132]: 
 (access[/certificate_revocation_list/ca]) allowing * access Jul 22 
 17:17:47 puppetmaster puppet-master[22132]: (access[/report]) allowing 
 'method' save Jul 22 17:17:47 puppetmaster puppet-master[22132]: 
 (access[/report]) allowing * access Jul 22 17:17:47 puppetmaster 
 puppet-master[22132]: (access[/file]) allowing * access Jul 22 
 17:17:47 puppetmaster puppet-master[22132]: (access[/certificate/ca]) 
 adding authentication any Jul 22 17:17:47 puppetmaster 
 puppet-master[22132]: (access[/certificate/ca]) allowing 'method' find   
   Jul 22 17:17:47 puppetmaster puppet-master[22132]: 
 (access[/certificate/ca]) allowing * access Jul 22 17:17:47 
 puppetmaster puppet-master[22132]: (access[/certificate/]) adding 
 authentication any Jul 22 17:17:47 puppetmaster 
 puppet-master[22132]: (access[/certificate/]) allowing 'method' find   
   Jul 22 17

[Puppet Users] Debugging Puppetmaster with Apache/Rack/Passenger

[Christian Flamm]

Hi,
I'm currently trying to debug a performance issue I'm having. Therefore I 
would need DEBUG output. When using one puppetmaster process, this is 
fairly easy by starting it like this:

 puppet master --no-daemonize --debug

Now I need to see this debug output when running puppetmaster the way I 
ususally do - using Apache/Rack/Passenger. After looking around a bit in 
the vhost config file

 cat /etc/httpd/conf.d/puppetmaster.conf 
LoadModule passenger_module 
/usr/lib/ruby/gems/1.8/gems/passenger-4.0.10/buildout/apache2/mod_passenger.so
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-4.0.10
PassengerDefaultRuby /usr/bin/ruby

# TODO evaluate benefit of ThrottleRate
PassengerStatThrottleRate 120
PassengerHighPerformance On
PassengerMaxPoolSize 12
PassengerMaxRequests 1000
PassengerPoolIdleTime 600

Listen 8140
VirtualHost *:8140
SSLEngine On

# Only allow high security cryptography. Alter if needed for 
compatibility.
SSLProtocol All -SSLv2
SSLCipherSuite  HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP
SSLCertificateFile  /var/lib/puppet/ssl/certs/puppetmaster.pem
SSLCertificateKeyFile   /var/lib/puppet/ssl/private_keys/
puppetmaster.pem
SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile/var/lib/puppet/ssl/ca/ca_crt.pem
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth  1
SSLOptions  +StdEnvVars +ExportCertData

# These request headers are used to pass the client certificate
# authentication information on to the puppet master process
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/
Directory /usr/share/puppet/rack/puppetmasterd/
Options None
AllowOverride None
Order Allow,Deny
Allow from All
/Directory
/VirtualHost

I had a look at /usr/share/puppet/rack/puppetmasterd/config.ru which 
contains this:

[snippet]
# if you want debugging:
# ARGV  --debug

... so I enabled it. But this actually only gives me extra lines I believe 
belong to INFO log level:

Jul 22 17:17:47 puppetmaster puppet-master[22132]: 
(access[^/catalog/([^/]+)$]) allowing 'method' find Jul 22 17:17:47 
puppetmaster puppet-master[22132]: (access[^/catalog/([^/]+)$]) allowing 
$1 access Jul 22 17:17:47 puppetmaster puppet-master[22132]: 
(access[^/node/([^/]+)$]) allowing 'method' find Jul 22 17:17:47 
puppetmaster puppet-master[22132]: (access[^/node/([^/]+)$]) allowing $1 
access Jul 22 17:17:47 puppetmaster puppet-master[22132]: 
(access[/certificate_revocation_list/ca]) allowing 'method' find Jul 22 
17:17:47 puppetmaster puppet-master[22132]: 
(access[/certificate_revocation_list/ca]) allowing * access Jul 22 
17:17:47 puppetmaster puppet-master[22132]: (access[/report]) allowing 
'method' save Jul 22 17:17:47 puppetmaster puppet-master[22132]: 
(access[/report]) allowing * access Jul 22 17:17:47 puppetmaster 
puppet-master[22132]: (access[/file]) allowing * access Jul 22 17:17:47 
puppetmaster puppet-master[22132]: (access[/certificate/ca]) adding 
authentication any Jul 22 17:17:47 puppetmaster puppet-master[22132]: 
(access[/certificate/ca]) allowing 'method' find Jul 22 17:17:47 
puppetmaster puppet-master[22132]: (access[/certificate/ca]) allowing * 
access Jul 22 17:17:47 puppetmaster puppet-master[22132]: 
(access[/certificate/]) adding authentication any Jul 22 17:17:47 
puppetmaster puppet-master[22132]: (access[/certificate/]) allowing 
'method' find Jul 22 17:17:47 puppetmaster puppet-master[22132]: 
(access[/certificate/]) allowing * access Jul 22 17:17:47 
puppetmaster puppet-master[22132]: (access[/certificate_request]) adding 
authentication any Jul 22 17:17:47 puppetmaster puppet-master[22132]: 
(access[/certificate_request]) allowing 'method' find Jul 22 17:17:47 
puppetmaster puppet-master[22132]: (access[/certificate_request]) 
allowing 'method' save Jul 22 17:17:47 puppetmaster 
puppet-master[22132]: (access[/certificate_request]) allowing * access Jul 
22 17:17:47 puppetmaster puppet-master[22132]: (access[/]) adding 
authentication any Jul 22 17:17:47 puppetmaster puppet-master[22132]: 
Inserting default '~ ^/report/([^/]+)$' (auth true) ACL Jul 22 17:17:47 
puppetmaster puppet-master[22132]: Inserting default '/status' (auth 
true) ACL

All the DEBUG lines I'm used to (e.g. Debug: PROFILE...) are missing - 
but they are there using puppet master --no-daemonize --debug.
What am I doing wrong? Thanks in advance.

-- 
You received this 

[Puppet Users] What's the benefit of Virtual Resources?

[Christian Flamm]

Hi,
I'm having trouble understanding the added value Virtual Resources provide. 
Let's say I'm having two different modules (that usually are assigned to 
different agents) that both contain a common resource (let's say a user). 
If I want to easily make it possible to assign both modules to the same 
agent - without suffering from the duplicate resource declaration error - 
I could make the resource definition virtual and realize it in different 
modules. See this simplified example.

 cat $modulesdir/virtual/manifests/init.pp
class virtual {
  @user { 'admin': ensure = present }
}

 cat $modulesdir/mailserver/manifests/init.pp
class mailserver {
  realize(User['admin'])
  # some more mailserver stuff...
}

 cat $modulesdir/webserver/manifests/init.pp
class webserver {
  realize(User['admin'])
  # some more webserver stuff...
}

 cat $manifestsdir/nodes.pp
node /somenode/ {
  include virtual
  include mailserver
  include webserver
}


My question: How is that different, more convenient or more flexible than 
extracting that admin user into its own module? Like that:

 cat $modulesdir/adminuser/manifests/init.pp
class adminuser {
  user { 'admin': ensure = present }
}

 cat $modulesdir/mailserver/manifests/init.pp
class mailserver {
  # some more mailserver stuff...
}

 cat $modulesdir/webserver/manifests/init.pp
class webserver {
  # some more webserver stuff...
}

 cat $manifestsdir/nodes.pp
node /somenode/ {
  include adminuser
  include mailserver
  include webserver
}


I guess I'm missing something here, or I'm using it wrong. 
Your help is highly appreciated, 
thanks in advance,
Christian

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] What's the benefit of Virtual Resources?

[Christian Flamm]

Am Freitag, 12. Juli 2013 17:03:11 UTC+2 schrieb Nan Liu:

 On Fri, Jul 12, 2013 at 7:45 AM, Christian Flamm 
 christian...@gmail.comjavascript:
  wrote:

 Hi,
 I'm having trouble understanding the added value Virtual Resources 
 provide. Let's say I'm having two different modules (that usually are 
 assigned to different agents) that both contain a common resource (let's 
 say a user). If I want to easily make it possible to assign both modules to 
 the same agent - without suffering from the duplicate resource 
 declaration error - I could make the resource definition virtual and 
 realize it in different modules. See this simplified example.

  cat $modulesdir/virtual/manifests/init.pp
 class virtual {
   @user { 'admin': ensure = present }
 }

  cat $modulesdir/mailserver/manifests/init.pp
 class mailserver {
   realize(User['admin'])
   # some more mailserver stuff...
 }

  cat $modulesdir/webserver/manifests/init.pp
 class webserver {
   realize(User['admin'])
   # some more webserver stuff...
 }

  cat $manifestsdir/nodes.pp
  node /somenode/ {
   include virtual
   include mailserver
   include webserver
 }


 My question: How is that different, more convenient or more flexible than 
 extracting that admin user into its own module? Like that:

  cat $modulesdir/adminuser/manifests/init.pp
 class adminuser {
   user { 'admin': ensure = present }
 }

  cat $modulesdir/mailserver/manifests/init.pp
 class mailserver {
   # some more mailserver stuff...
 }

  cat $modulesdir/webserver/manifests/init.pp
 class webserver {
   # some more webserver stuff...
 }

  cat $manifestsdir/nodes.pp
  node /somenode/ {
   include adminuser
   include mailserver
   include webserver
 }


 I guess I'm missing something here, or I'm using it wrong. 
 Your help is highly appreciated, 


  In this simple case no, but think of a vinn diagram with overlapping 
 groups (such as user belonging to dbadmin/webadmin and two different teams 
 of dbadmin webadmin). You can easily realize virtual resource by tags, but 
 not so easy by splitting to class dbadmin/webadmin/db_and_webadmin ...

 HTH,

 Nan


Do you mean something like this?

 cat $modulesdir/virtual/manifests/init.pp
class virtual {
  @user { ['a', 'b', 'c', 'd']: ensure = present }
}

 cat $modulesdir/mailserver/manifests/init.pp
class mailserver {
  realize(User['a'], User['b'], User['c'])
  # some more mailserver stuff...
}

 cat $modulesdir/webserver/manifests/init.pp
class webserver {
  realize(User['b'], User['c'], User['d'])
  # some more webserver stuff...
}

 cat $manifestsdir/nodes.pp
node /somenode/ {
  include virtual
  include mailserver
  include webserver
}

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] puppet: 3.1.1 - 3.2.1 load increase

[Christian Flamm]

Forgot to say this explicitly: config_retrieval times (guess this includes 
catlog compilation) on the agents explode.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Nagios Puppet

[Christian Reiß]

Hello folks,

I am currently using Puppet to forge the nagios configuration files. Using 
exported ressources it really works well - to a point.

The one thing I am banging my head against is the service definitions. The 
services use stuff like remote-nrpe-zombie-procs, which of course, is not 
defined anywhere:

define service {
## --PUPPET_NAME-- (called '_naginator_name' in the 
manifest)check_zombie_procs_gaming
useremote-nrpe-zombie-procs
host_name  gaming.alpha-labs.net
}

So far I am letting puppet generate the three configs:

nagios_host.cfg
nagios_hostextinfo.cfg
nagios_service.cfg

Tho for this to work I would need a corresponding commands.cfg and all the 
Howtos out there do not seem to have my problem. The important snipplet 
from my config would be this:


 Nagios_host || {
 require = File[resource-d],
 notify = Service[icinga],
 }

 Nagios_service || {
 require = File[resource-d],
 notify = Service[icinga],
 }

 Nagios_hostextinfo || {
 require = File[resource-d],
 notify = Service[icinga],
 }

 Nagios_command || {
 require = File[resource-d],
 notify = Service[icinga],
 }


After banging my head for 3 evenings on this I really need your help.
Thanks for any pointers.

-Chris.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] puppet: 3.1.1 - 3.2.1 load increase

[christian . le . flamm]

Forgot to enable email notification here. Decided to go back to 3.1.1 a 
week ago. Will upgrade again to provide more specific load information. Thx!

You have to be a little bit more specific. Is load only CPU related, or 
 I/O? Also, what do the log say? 3.2 pushes lots of notices about syntax 
 obsolescence in the logs... 




-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] puppet: 3.1.1 - 3.2.1 load increase

[christian . le . flamm]

Hi,
I recently updated from puppet 3.1.1 to 3.2.1 and noticed quite a bit of 
increased load on the puppetmaster machine. I'm using 
the Apache/passenger/rack way of puppetmastering. 
Main symptom is: higher load on puppetmaster machine (8 cores): 

   - 3.1.1: around 4
   - 3.2.1: around 9-10
   
Any idea why there's more load on the machine with 3.2.1?

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Variable re-use, override, inherit and include

[christian . le . flamm]

Thx, maybe this was a little too straight from the hip... BTW: I've tried 
it - it even worked... but I see that's probably caused by a lot of strange 
luck...
 

 Subclasses can never 'override' ancestor class variables.  They can 
 partially *hide* them within their own scope by declaring a same-named 
 local variable, but that has no effect on what the parent class or any 
 other sees as the value of the parent-class variable.


Interesting objection - that's actually what I meant saying override. 
Let's try something else: There's a module module_x and these 
directories: $moduledir/module_x/manifests/ and there's an init.pp with 
this content:

   class module_x {
include module_x::child
include module_x::another_child
include module_x::another_child2
include module_x::another_child3
...
   }

There's also a file 'constant.pp' containing this

class module_x::constant {
$var = 'value'
}

Class module_x::constant is not included. Classes like module_x::child 
should be able to inherit the default value of $var but also be able to 
hide it within their own scope by declaring a same-named local variable. It 
would look like this:

class module_x::child inherits module_x::constant {
// wants to use a default value for $var but should be able to hide it 
within their own scope.
}


Something wrong with that? 

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Variable re-use, override, inherit and include

[christian . le . flamm]

Sorry, wasn't able to format it properly... formatting it had no effect.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Variable re-use, override, inherit and include

[christian . le . flamm]

Hi,
a question regarding combining *inherit* and *include*: I have variable(s) 
defined in a father class and child classes should access these - but there 
should always be the possibility to override the default value. Let's 
assume this scenario:

There's a module module_x and these directories: 
$moduledir/module_x/manifests/ and there's an init.pp with this content:

class module_x {
$var = 'value'

include module_x::child
include module_x::another_child
include module_x::another_child2
include module_x::another_child3
...
}


 Class module_x::child in file child.pp should be able to use $var 
with its default value - but should also be allowed to override it. It 
would look like this:

class module_x::child inherits module_x {
// wants to use a default value for $var but should be able to override it.
}


Question: Is there somehow a problem that class child inherits class 
module_x *with all its many includes*?

Thanks in advance,
Christian

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Defining custom resource types wrapping exec resources and using optional “unless”

[christian . le . flamm]

The following code example is purely academical but it illustrates my 
question pretty well.

   define touch($file=$title, $unless='/bin/false') {
   exec { /bin/touch ${file}: unless = $unless }
   }

If I define my own resource type that wraps another *exec* resource and I 
want to *add an optional unless condition* that I - if set - pass to the 
optional unless condiftion of *exec* - do I have to preset the field with 
'/bin/false'?

My understanding is that for each catalog run and all uses of this custom 
ressource type this resource's unless check will then spawn a bash process 
running '/bin/false' if the unless field of touch hasn't been set .

What I actually intend is not to do any unless check at all if the field 
hasn't been set - including calling /bin/false.

Any thoughts? Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Defining custom resource types wrapping exec resources and using optional “unless”

[christian . le . flamm]

Never heard of *undef *before - sounds great! Thanks

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Could not find class hiccups *often* once after manifest/module changes

[christian . le . flamm]

Hi, I’ve got no idea if this is a bug or some kind of 
misuse/misconfiguration. Hope somebody can help. Thanks!

If I change a file in a module or manifest directory this *often* results 
in errors, mostly of the following kinds

   - 
   
   Could not find class for on node
   - 
   
   Cannot find definition Class on node
   
These errors occur when puppet modules/manifests are changed – but it 
happens only once. If it happens affected puppet agents will use their 
cached catalog once. *The next time these agents request a catalog it is 
compiled flawlessly and everything will work like a charm* – all errors are 
gone. Problem is we have agents with large catalogs. Their catalog runs can 
take up to over a minute and so the time it takes for a change to be 
applied will then be doubled to take up to 2 or even 3 minutes.

Usually changes of modules/manifests are performed by “git pull”. But it’s 
easy to reproduce these error messages by simple “touch” operations. Here 
are some interesting log observations and their [commonness]. Yes AFAICS 
they always appear in triplets. It rarely happens that there are no 
problems at all after a modification.

 touch /opt/xxx/dev/puppet/manifests/site.pp

  [often] puppet-master[12498]: Could not find class class for node on 
node
  [often] puppet-master[12498]: Could not find class class for node on 
node
  [often] puppet-master[12498]: Could not find class class for node on 
node

 touch /opt/xxx/dev/puppet/puppet.conf

  [often] puppet-master[12498]: Could not find class class for nodeY on 
node
  [often] puppet-master[12498]: Could not find class class for nodeY on 
node
  [often] puppet-master[12498]: Could not find class class for nodeY on 
node

  [sometimes] puppet-master[12498]: Cannot find definition Class on node node
  [sometimes] puppet-master[12498]: Cannot find definition Class on node node
  [sometimes] puppet-master[12498]: Cannot find definition Class on node node

  [rare] puppet-master[12498]: Puppet::Parser::AST::Resource failed with error 
ArgumentError: Invalid resource type own custom type at class file on node 
node
  [rare] puppet-master[12498]: Puppet::Parser::AST::Resource failed with error 
ArgumentError: Invalid resource type own custom type at class file on node 
node
  [rare] puppet-master[12498]: Puppet::Parser::AST::Resource failed with error 
ArgumentError: Invalid resource type own custom type at class file on node 
node

 touch /opt/xxx/dev/puppet/modules/dispatcher/manifests/init.pp

  [often] puppet-master[12498]: Could not find class class not even part of 
module dispatcher for node not even affected by module dispatcher on node 
not even...
  [often] puppet-master[12498]: Could not find class class not even part of 
module dispatcher for node not even affected by module dispatcher on node 
not even...
  [often] puppet-master[12498]: Could not find class class not even part of 
module dispatcher for node not even affected by module dispatcher on node 
not even...

Affected classes and nodes seem to be randomly chosen. 

Environment this runs in:

 ll /etc/puppet
lrwxrwxrwx 1 root root   34 Mar  7 10:01 auth.conf - 
/opt/xxx/dev/puppet/auth.conf
lrwxrwxrwx 1 root root   38 Mar  7 10:01 autosign.conf - 
/opt/xxx/dev/puppet/autosign.conf
lrwxrwxrwx 1 root root   40 Mar  7 10:01 fileserver.conf - 
/opt/xxx/dev/puppet/fileserver.conf
lrwxrwxrwx 1 root root   36 Mar  7 10:01 puppet.conf - 
/opt/xxx/dev/puppet/puppet.conf

 ls -A /opt/xxx/dev/puppet/
auth.conf  autosign.conf  fileserver.conf  .git  .gitignore  manifests  modules 
 .project  puppet.conf  scripts

 cat /etc/puppet/puppet.conf # on puppetmaster
[main]
 logdir = /var/log/puppet
 rundir = /var/run/puppet
 ssldir = $vardir/ssl
 modulepath = /opt/xxx/dev/puppet/modules
 manifestdir = /opt/xxx/dev/puppet/manifests
 manifest = /opt/xxx/dev/puppet/manifests/site.pp

[agent]
 classfile = $vardir/classes.txt
 localconfig = $vardir/localconfig
 server = puppetmaster host
 report = true
 splaylimit = 0
 runinterval = 30

 [master]
  certname=puppetmaster host
  reports = http,log
  reportdir = /var/lib/puppet/reports/upload
  reporturl = http://puppetmaster host:3000/reports

 cat /opt/xxx/dev/puppet/manifests/site.pp 
  import 'nodes.pp'
  $puppetserver = puppetmaster host

 rpm -qa | egrep puppet|ruby
  rubygem-rake-0.8.7-2.1.el6.noarch
  ruby-mysql-2.8.2-1.el6.x86_64
  libselinux-ruby-2.0.94-5.3.el6.x86_64
  puppet-3.1.0-1.el6.noarch
  rubygem-fastthread-1.0.7-2.el6.x86_64
  rubygem-mongrel-1.1.5-3.el6.x86_64
  ruby-1.8.7.352-7.el6_2.x86_64
  ruby-irb-1.8.7.352-7.el6_2.x86_64
  ruby-augeas-0.4.1-1.el6.x86_64
  ruby-shadow-1.4.1-13.el6.x86_64
  puppetlabs-release-6-6.noarch
  rubygems-1.3.7-1.el6.noarch
  puppet-server-3.1.0-1.el6.noarch
  rubygem-gem_plugin-0.2.3-3.el6.noarch
  rubygem-daemons-1.0.10-2.el6.noarch
  puppet-dashboard-1.2.22-1.el6.noarch
  ruby-libs-1.8.7.352-7.el6_2.x86_64
  ruby-rdoc-1.8.7.352-7.el6_2.x86_64
  rubygem-json-1.4.6-1.el6.x86_64

-- 
You 

Re: [Puppet Users] Could not find class hiccups *often* once after manifest/module changes

[christian . le . flamm]

Hi David, thanks for your answer! I only have the 'nodes.pp' import:

 egrep -R import[ \t] /opt/xxx/dev/puppet/
/opt/xxx/dev/puppet/manifests/site.pp:import 'nodes.pp'

Must I get rid of this?
Best Regards, Christian
 


 Hi, 

 I've reported a similar issue recently here: 

https://projects.puppetlabs.com/issues/19638 

 I've tracked my problem to overshooting use of import calls in modules. 

 You might want to check if you're hitting the same bug. 


 Best Regards, David 




-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Could not find class hiccups *often* once after manifest/module changes

[christian . le . flamm]

/server.rb:104:in `start'
/usr/lib/ruby/site_ruby/1.8/puppet/daemon.rb:136:in `start'
/usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:207:in `main'
/usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:157:in 
`run_command'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:364:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:456:in `plugin_hook'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:364:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/util.rb:504:in `exit_on_fail'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:364:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/util/command_line.rb:132:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/util/command_line.rb:86:in `execute'
/usr/bin/puppet:4

In /usr/lib/ruby/site_ruby/1.8/puppet/parser/compiler.rb:168 error 
Puppet::Error, Could not find class #{name} for #{node.name} is raised 
because a couple of lines above a check if klass = 
scope.find_hostclass(name, :assume_fqname = fqname) fails, see:

  def evaluate_classes(classes, scope, lazy_evaluate = true, fqname = false)
#Puppet.info classes
raise Puppet::DevError, No source for scope passed to 
evaluate_classes unless scope.source
class_parameters = nil
# if we are a param class, save the classes hash
# and transform classes to be the keys
if classes.class == Hash
  class_parameters = classes
  classes = classes.keys
end
classes.each do |name|
  # If we can find the class, then make a resource that will evaluate 
it.
  if klass = scope.find_hostclass(name, :assume_fqname = fqname) ### 
-- This check fails

# If parameters are passed, then attempt to create a duplicate 
resource
# so the appropriate error is thrown.
if class_parameters
  resource = klass.ensure_in_catalog(scope, class_parameters[name] 
|| {})
else
  next if scope.class_scope(klass)
  resource = klass.ensure_in_catalog(scope)
end

# If they've disabled lazy evaluation (which the :include function 
does),
# then evaluate our resource immediately.
resource.evaluate unless lazy_evaluate
  else
raise Puppet::Error, Could not find class #{name} for 
#{node.name} ### --- Here error is raised
  end
end
  end

in /usr/lib/ruby/site_ruby/1.8/puppet/parser/scope.rb:134

  def find_hostclass(name, options = {})
known_resource_types.find_hostclass(namespaces, name, options)
  end

in /usr/lib/ruby/site_ruby/1.8/puppet/resource/type_collection.rb:114

  def find_hostclass(namespaces, name, options = {})
find_or_load(namespaces, name, :hostclass, options)
  end

in /usr/lib/ruby/site_ruby/1.8/puppet/resource/type_collection.rb:197

  # Resolve namespaces and find the given object.  Autoload it if
  # necessary.
  def find_or_load(namespaces, name, type, options = {})
searchspace = options[:assume_fqname] ? [name].flatten : 
resolve_namespaces(namespaces, name)
searchspace.each do |fqname|
  result = send(type, fqname)
  unless result
# do not try to autoload if we already tried and it wasn't 
conclusive
# as this is a time consuming operation.
unless @notfound[fqname]
  result = loader.try_load_fqname(type, fqname)
  @notfound[fqname] = result.nil?
end
  end
  return result if result
end

return nil
  end

Am Freitag, 8. März 2013 11:08:57 UTC+1 schrieb David Schmitt:

 On 08.03.2013 10:33, christian...@gmail.com javascript: wrote: 
  Hi David, thanks for your answer! I only have the 'nodes.pp' import: 
  
egrep -R import[ \t] /opt/xxx/dev/puppet/ 
   /opt/xxx/dev/puppet/manifests/site.pp:import 'nodes.pp' 
  
  Must I get rid of this? 

 You might want to run the puppetmaster from the shell with debugging 
 enabled (--no-daemonize --masterport  --verbose --debug) and post 
 the resulting log when you run an agent against that (--masterport  
 --test). In my case the puppet master actually loads the file which 
 contains the class, but fails to correctly register the contained class 
 until the next run. I only observed (and tested) that with parameterized 
 classes. 


 D. 

  Best Regards, Christian 
  
  
  Hi, 
  
  I've reported a similar issue recently here: 
  
  https://projects.puppetlabs.com/issues/19638 
  https://projects.puppetlabs.com/issues/19638 
  
  I've tracked my problem to overshooting use of import calls in 
  modules. 
  
  You might want to check if you're hitting the same bug. 
  
  
  Best Regards, David 
  
  
  -- 
  You received this message because you are subscribed to the Google 
  Groups Puppet Users group. 
  To unsubscribe from this group and stop receiving emails from it, send 
  an email to puppet-users...@googlegroups.com javascript:. 
  To post to this group, send email to 
  puppet...@googlegroups.comjavascript:. 

  Visit this group at http://groups.google.com/group/puppet-users?hl=en. 
  For more options

[Puppet Users] Usage of puppet to deploy and configuration manage software patches

[Christian]

I have some questions in terms of how to use puppet of configuration 
management for software patches. My previous approach was it to create a 
puppet module for each patch ... Like Patch1 includes (FileA, FileB, 
FileC), Patch2 includes (FileD, FileE)... So far so good and that works but 
now i have to create a Patch3 with lets say FileF and FileA included. As 
you can see there will be a puppet conflict as i can't deploy the same 
files within different modules. What is the right architecture and method 
to manage software patches? Is it to use rpms instead of? Or are there 
other ideas how to manage that with puppet.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/YNceAdQNZr4J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Puppet 3.0 on Debian Lenny

[Christian Page]

Felipe,

Perhaps you can answer a question for me, I am in a similar boat as you 
with having to continue to support Lenny after EOL. I am trying to install 
puppet but I have an unmet dependency of libaugeas0. It appears that only 
version 0.2.2-1 is in the backports repository on archive.debian.org, and 
puppet from apt.puppetlabs.com requires version 0.6.0. What did you have to 
do to get this dependency met?

Thanks for your help,

Christian

On Tuesday, October 9, 2012 12:29:22 PM UTC-6, Felipe Salum wrote:

 Hi guys.

 I don't see the latest puppet 3.0 on the puppetlabs debian repository for 
 lenny and also the latest puppet dashboard.

 Aren't you guys adding the new versions to the deprecated Debian Lenny 
 anymore ?

 Can I grab the puppet 3.0 agent from squeeze to use on Lenny ?

 Regards,
 Felipe


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/_EVTTDOUqkYJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Puppet 3.0 on Debian Lenny

[Christian Page]

Felipe,

Thanks for the information, I will give this a shot!

Cheers,
Christian

On Friday, October 12, 2012 3:46:18 PM UTC-6, Felipe Salum wrote:

 Hi Christian,

 My libaugeas0 is 0.7.2 from backports: 
 http://archive.debian.org/debian-backports/pool/main/a/augeas/libaugeas0_0.7.2-1~bpo50+1_amd64.deb

 Install puppet from backports first so it will bring all the dependencies, 
 then upgrade to puppet from puppetlabs. That is how I do on Lenny.

 apt-get -t lenny-backports install -y puppet
 apt-get -t puppetlabs install -y puppet 

 Regards,
 Felipe

 On Friday, October 12, 2012 9:40:45 AM UTC-7, Christian Page wrote:

 Felipe,

 Perhaps you can answer a question for me, I am in a similar boat as you 
 with having to continue to support Lenny after EOL. I am trying to install 
 puppet but I have an unmet dependency of libaugeas0. It appears that only 
 version 0.2.2-1 is in the backports repository on archive.debian.org, 
 and puppet from apt.puppetlabs.com requires version 0.6.0. What did you 
 have to do to get this dependency met?

 Thanks for your help,

 Christian

 On Tuesday, October 9, 2012 12:29:22 PM UTC-6, Felipe Salum wrote:

 Hi guys.

 I don't see the latest puppet 3.0 on the puppetlabs debian repository 
 for lenny and also the latest puppet dashboard.

 Aren't you guys adding the new versions to the deprecated Debian Lenny 
 anymore ?

 Can I grab the puppet 3.0 agent from squeeze to use on Lenny ?

 Regards,
 Felipe



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/QnBBgfqSY2kJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] install vmware tools through puppet

[Christian McHugh]

I've done something similar using the open-vm package on debian hosts. 



On Saturday, September 22, 2012 3:06:10 PM UTC-5, Alan Evans wrote:

 I believe the open-vm-tools at http://packages.vmware.com/tools are ESX 
 host version agnostic.

 We pull the rhel 4-6 repos into RHN satellite and just use puppet ensure 
 the latest is installed.

 If you do t use satellite you could just clone the repo and configure yum 
 on the clients.

 Packages are available for RHEL, SuSE and deb at least.

 -Alan
 On Sep 22, 2012 3:25 PM, Hai Tao eha...@gmail.com javascript: wrote:

 It is a useful tool. However, the difficulty is that our ENV has
 multiple versions of ESX hosts, 3.5, 4.1 and 5.0. The guest OS has no
 clue what version of ESX it is running on, so how can puppet server
 push a correct version of vmware tools to a client?

 On Sat, Sep 22, 2012 at 11:20 AM, Michael Stahnke
 sta...@puppetlabs.com javascript: wrote:
  On Fri, Sep 21, 2012 at 6:48 PM, Jakov Sosic jso...@srce.hrjavascript: 
 wrote:
  On 09/19/2012 11:55 PM, Hai Tao wrote:
 
  There seems to be a few vmware tools installation modules. Has someone
  used these modules to install VMware tools?
 
  Searching http://forge.puppetlabs.com ...
  NAMEDESCRIPTION
 
   AUTHORKEYWORDS
  vchoi-vmwarePuppet module to handle installation, upgrade
  and reconfiguration of vmware tools on vmware virtual nodes.
@vchoivirtualization vmware vmware-tools
  vmware_tools vmtools
  razorsedge-vmwaretools  Puppet VMware Tools OSP Module
 
   @razorsedge   vmware vmware-tools vmware_tools 
 vmtools
  rhel CentOS SuSE OEL
  puppetlabs-vcenter  VMware vCenter installation and management
 
   @puppetlabs   windows vmware vcenter vsphere
  5UbZ3r0-vmwaretools This module handles the installation the
  VMware Tools Operating System Specific
 @5UbZ3r0  debian virtualization rhel CentOS
  vmware vmware-tools vmwaretools
  puppetlabs-appdirector  # VMware vFabric Application Directorâ
 ¢ 
 Puppet
  Service
  @puppetlabs   vmware
 
 
  How well does it work?
 
 
  It seems that nobody tried this already. I'm interested too...
 
 
  --
  Jakov Sosic
  www.srce.unizg.hr
 
 
  --
  You received this message because you are subscribed to the Google 
 Groups
  Puppet Users group.
  To post to this group, send email to 
  puppet...@googlegroups.comjavascript:
 .
  To unsubscribe from this group, send email to
  puppet-users...@googlegroups.com javascript:.
  For more options, visit this group at
  http://groups.google.com/group/puppet-users?hl=en.
 
 
  I don't know that I would endorse one over another, but Puppet Labs
  did a module of the week post about one of them.
 
  http://puppetlabs.com/blog/module-of-the-week-razorsedge-vmwaretools/
 
  That might be a good starting point.
 
  --
  You received this message because you are subscribed to the Google 
 Groups Puppet Users group.
  To post to this group, send email to 
  puppet...@googlegroups.comjavascript:
 .
  To unsubscribe from this group, send email to 
 puppet-users...@googlegroups.com javascript:.
  For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.
 



 --
 Hai Tao

 --
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To post to this group, send email to puppet...@googlegroups.comjavascript:
 .
 To unsubscribe from this group, send email to 
 puppet-users...@googlegroups.com javascript:.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.

 

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/FTYloCumctkJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

RE: [Puppet Users] puppet client could not request certificate: Error 500 on SERVER

[Mark Christian]

Have you confirmed that puppet master is running as user = puppet?

On the master check: puppet --genconfig|grep user

Mark

From: puppet-users@googlegroups.com [mailto:puppet-users@googlegroups.com] On 
Behalf Of Jo Rhett
Sent: Monday, August 20, 2012 1:03 PM
To: puppet-users@googlegroups.com
Subject: Re: [Puppet Users] puppet client could not request certificate: Error 
500 on SERVER

You should spend some time and determine how and why that is happening. I can 
assure you that it's not normal, so this is something specific to some custom 
code on your site.

On Aug 19, 2012, at 10:56 AM, Stuart Cracraft wrote:
I am seriously thinking of putting those recursive chown's in root crontab on 
puppet masters and puppet agents for /etc/puppet* and
/var/lib/puppet*

I shouldn't have to do this but have
seen cases of ownership reversion.

--Stuart

Via Apple iPhone 4S on the ATT Wireless Network


On Aug 13, 2012, at 3:04 AM, Frederik Vos inktvi...@gmail.com wrote:
For the people still looking for an answer:
chown -R puppet:puppet /var/lib/puppet/reports

Op woensdag 30 maart 2011 21:02:43 UTC+2 schreef hyzhang het volgende:
Thank. I am pasting the entire message here:

Mar 30 14:01:04 puppetclient1 puppet-agent[28571]: Could not request
certificate: Error 500 on SERVER: !DOCTYPE HTML PUBLIC -//W3C//DTD
HTML 4.01//EN http://www.w3.org/TR/html4/strict.dtd; html
head meta http-equiv=Content-Type content=text/html;
charset=UTF-8 meta name=generator content=Phusion
Passenger titleRuby (Rack) application could not be started/
title style type=text/css body {  font-
family: Verdana, 'Bitstream Vera Sans', Arial, Sans-Serif;
font-size: 10pt;background: white;  color:
#22; margin: 0;  padding-top: 3em;   padding-
bottom: 3em;padding-left: 4.5em;padding-right: 4.5em; }  h1
{   font-size: 17pt;font-weight: medium;color:
#533e72; border-bottom: 1px solid #533e72; }  h1.title
{ margin-top: 0; }  h1.error_title {  color: red;
border-bottom: 1px solid red; }  a {text-decoration: none; }
a:hover { text-decoration: underline; }  dt { font-weight:
bold;  color: #280050; }  dd { margin-top: 0.5em;
margin-bottom: 1em; }  .commands {  border: 1px

Somehow I am able to get the certificate for the client. Since above
error message says Ruby (Rack) application could not be started, I
did
#rackup /usr/share/puppet/rack/puppetmasterd/config.ru
Then I see the rack process on puppet server
#ps -ef|grep rack
puppet   27140 1  0 14:21 ?00:00:00 Rack: /usr/share/
puppet/rack/puppetmasterd

From then on the server is able to receive the client certificate
request and sign it.

Do I have to start the rack manually in a manner like that? I thought
if I start httpd service, it would start rack automatically.

I am still not sure if I did everything right.

Thanks,
-Haiyan






On Mar 30, 2:38 pm, Hugo Cisneiros (Eitch)
hugo.cisnei...@gmail.com wrote:
 On Wed, Mar 30, 2011 at 3:00 PM, hyzhang hyzh...@jcvi.org wrote:
  Hi, I am new to puppet.

  I have puppet server set up with passenger. But when I start puppetd
  from client, I see following error in the syslog file:
  Mar 30 13:52:03 puppetclient1 puppet-agent[29732]: Could not request
  certificate: Error 500 on SERVER: !DOCTYPE HTML PUBLIC -//W3C//DTD
  HTML 4.01//EN http://www.w3.org/TR/html4/strict.dtd; html
  head meta http-equiv=Content-Type content=text/html;
  charset=UTF-8 meta name=generator content=Phusion
  Passenger titleRuby (Rack) application could not be started/
  title 

 You didn't paste the most important part of the error. Thie page ruby/rack
 generates usually have some pretty useful information in an error field.
 Like a module missing on an import/require, permission problems, and so on.
 Please identify and post the error so we can be helpful :)

 --
 []'s
 Hugowww.devin.com.br

--
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/ltKL6JvCWQEJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

--
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

--
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.




--
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to 

RE: [Puppet Users] newish puppet on RHEL4 and/or SLES9?

[Mark Christian]

I'm not running newish puppet on rhel/cent 4, but the 0.25.6 EPEL packages seem 
to work well enough with my puppet master that runs 2.7.18.


-Original Message-
From: puppet-users@googlegroups.com [mailto:puppet-users@googlegroups.com] On 
Behalf Of Jason Antman
Sent: Wednesday, August 15, 2012 7:42 AM
To: puppet-users@googlegroups.com
Subject: [Puppet Users] newish puppet on RHEL4 and/or SLES9?

I'm in the process of building out a new puppet master and pulling our
existing/legacy infrastructure into Puppet control for the basic
system-level stuff (mail, syslog, sudo, ssh, etc.). Unfortunately, the
directive from on high is that all of our hosts need to be managed by
the same system. That list is about 95% RHEL/Cent 5 or 6, but there's a
few RHEL4 and SLES9 machines on the must have list. As upgrades are
very unlikely, I'd like to be on the newest version possible - ideally,
2.7.12+ on the master so I can leverage puppetDB.

Is anyone out there running new-ish puppet (2.7, or else 2.6) on such
ancient beasts? If so, can anyone point me at sources for the packages,
and dependencies? Or perhaps have spec files to share?

I'd like to say I can spend the time to build and test puppet and all
the dependencies, but alas, that is very far from the case.

Thanks for any assistance,
Jason

PS - If you happen to be a competent generalist Linux admin in the
Boston, MA or Atlanta, GA area, feel free pass along your resume...

--
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



Confidentiality Notice.
This message may contain information that is confidential or otherwise 
protected from disclosure. If you are not the intended recipient, you are 
hereby notified that any use, disclosure, dissemination, distribution,  or 
copying  of this message, or any attachments, is strictly prohibited.  If you 
have received this message in error, please advise the sender by reply e-mail, 
and delete the message and any attachments.  Thank you.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: hiera scope and hiera-foreman

[Christian McHugh]

Okay. I figured out my issue. 

I'm not a developer so this is probably ugly, but came up with:
begin
  fqdn = scope.catalog.tags[4]
rescue
  fqdn = scope['fqdn'] if scope.has_key?('fqdn')
  Hiera.debug(trying mcollective)
end
Hiera.debug(got fqdn #{fqdn})

That fqdn with both:
puppet master --debug --compile FQDN
and
hiera -d -c /etc/puppet/hiera.yaml -m FQDN

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/m6nAWXboqQIJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] hiera scope and hiera-foreman

[Christian McHugh]

Hey all,

I've been messing around with the hiera-foreman backend to see if it would 
let me migrate to hiera and use foreman and an ENC. 
https://github.com/torrancew/hiera-foreman

It works by querying each node's yaml file from foreman. Currently this 
code works when called from the hiera command line with the -m (mcollective 
option). It uses the mcollective facts to pull the fqdn variable to know 
which node to grab the yaml for. So far so good. However, this breaks when 
you attempt to use it as a hiera backend in a puppet module, since it no 
longer has the mcollective facts, and fqdn available to it. 

So my question is, what is the recommended way of querying the current 
hostname(s) in a hiera backend for it to know what host it should lookup 
the needed yaml? 

Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/Yhe1cfLjofAJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] add an rpm to a host

[Christian DeKonink]

Thanks for your immediate response. The first solution you propesed worked
flawlessly. I like that. Thanks.

On Fri, Jun 22, 2012 at 9:23 AM, Christopher Wood 
christopher_w...@pobox.com wrote:


 class myrpm {
  package { 'foo_bar': }
 }

 node myhost.me.com {
  class { 'myrpm': }
 }

 If this is something that you absolutely must do by the end of the day on
 a Friday because some manager is a maniac, you can deploy the rpm via a
 file resource and then install it by specifying alternate package type
 parameters:

 class myrpm {
  $myrpm = '/tmp/foo_bar_1.0.rpm'
  $myrpmsource = puppet:///modules/myrpm/foo_bar_1.0.rpm
  $mypkg = foo_bar
  file { $myrpm:
source = $myrpmsource,
  }
  package { $mypkg:
provider = 'rpm',
source = $myrpm,
require = File[$myrpm],
  }
 }

 node myhost.me.com {
  class { 'myrpm': }
 }

 With the above I am assuming that your classes are in modules (save your
 sanity, use them). More on modules:

 http://docs.puppetlabs.com/puppet/2.7/reference/modules_fundamentals.html
 http://docs.puppetlabs.com/module_cheat_sheet.html

 Also remember dependencies:

 http://docs.puppetlabs.com/references/stable/metaparameter.html#require

 And more generally:

 http://docs.puppetlabs.com/guides/language_guide.html


 How would I deploy this to all hosts that talk to my puppetmaster?
 Thanks
 Chris
 
 --
 You received this message because you are subscribed to the Google
 Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] add an rpm to a host

[Christian DeKonink]

Hi

I am new to puppet. I have an existing puppet 2.6 config and I have about
400 hosts that I would like to install a package on. the specific package is

foo_bar_1.0.rpm

How would I deploy this to all hosts that talk to my puppetmaster?

Thanks
Chris

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: puppetlabs-firewall stages and persistence

[Christian McHugh]

I have this working in our environment as a module, which I will attempt to 
describe. 

module: casfirewall
init.pp
class casfirewall {
  include casfirewall::default, casfirewall::fwpre, casfirewall::fwpost

  file {/etc/iptables:
ensure = directory,
owner = root,
group = root,
mode = 700,
  }

  # Always persist firewall rules
  exec { persist-firewall:
command = $operatingsystem ? {
  debian = /sbin/iptables-save  /etc/iptables/rules.v4,
  /(RedHat|CentOS)/ = /sbin/iptables-save  /etc/sysconfig/iptables,
},
refreshonly = true,
require = File[/etc/iptables],
  }
  Firewall {
notify = Exec[persist-firewall],
before = Class[casfirewall::fwpost],
require = Class[casfirewall::fwpre],
  }

  # Setup firewall resource
  resources { firewall: purge = true }
}


As you can see, this holds the meat and potatoes by including the Firewall 
notify, before, and require bits. 
The fwpre class contains the initial firewall settings (abbreviated here)
class casfirewall::fwpre {
  Firewall {
require = undef,
  }

  firewall { 000 allow outbound:
proto = all,
chain = OUTPUT,
action = accept,
  }...

The fwpost class contains the drop everything else rule. Because of the 
before ordering in init.pp this rule gets applied last (and was the reason 
for starting this thread in the first place)
class casfirewall::fwpost {
  firewall {999 drop all:
proto = all,
action = drop,
before = undef,
  }
}

In our init.pp we also have defined a default class. This contains all the 
rules to open ports to our monitoring servers or backup servers. These get 
applied after the initial pre class, and before the post as you would 
expect. 

I hope that helps. The suggestions given in this thread about firewall 
ordering very much helped us. I look forward to seeing the firewall module 
get another release and more user uptake.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/-B3-kjpoFvYJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Generating dhcp/pxe configuration from puppet

[Christian Requena]

Hi,

I set the whole thing up and got not the expected results. The thing
is, that:

It’s important to mention here that you will only get exported
resources from hosts whose configurations have been compiled. If hostB
exports a resource but hostB has never connected to the server, then
no host will get that exported resource.

That means that the nodes must be already installed in order to use
the information.  I need this information mainly from the nodes that
are not existant yet. I want to boot them using PXE and run the whole
installation procedure afterwards.

I want to describe the nodes in a nodes.pp and from there setup DHCP
and PXE for them.

Any other hints?

Cheers,
Christian

On Apr 18, 10:22 am, Luke Bigum luke.bi...@lmax.com wrote:
 If you wanted to do this all in Puppet, you could take the same approach
 that people do with Nagios an use exported resources. Have each of your
 nodes export some kind of resource that describes what it's DHCP
 configuration would be based on it's IP and MAC address Facts, then
 collect those resources on your DHCP server and write out your config
 file(s).

 http://docs.puppetlabs.com/guides/exported_resources.html

 If you wanted to do this outside of Puppet then you could parse all of
 your node's Facts cache (/var/lib/puppet/yaml/facts on my machine) but
 that assumes all the information you need is in Facter.

 On 18/04/12 08:22, Christian Requena wrote:









  Hello,

  I want to generate my infrastructure's dhcp/pxe config from puppet,
  but to go through the node definitions?   Btw. we only use explicit
  definitions, no regexp. So everything is explicit.

  I thought about using Puppet::Parser...something ... any hints?

  Thanks for you help!
  Christian
  --
  You received this message because you are subscribed to the Google
  Groups Puppet Users group.
  To post to this group, send email to puppet-users@googlegroups.com.
  To unsubscribe from this group, send email to
  puppet-users+unsubscr...@googlegroups.com.
  For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.

 --
 Luke Bigum

 Information Systems
 Ph: +44 (0) 20 3192 2520
 luke.bi...@lmax.com |http://www.lmax.com
 LMAX, Yellow Building, 1A Nicholas Road, London W11 4AN

 FX and CFDs are leveraged products that can result in losses exceeding
 your deposit.  They are not suitable for everyone so please ensure you
 fully understand the risks involved.  The information in this email is not
 directed at residents of the United States of America or any other
 jurisdiction where trading in CFDs and/or FX is restricted or prohibited
 by local laws or regulations.

 The information in this email and any attachment is confidential and is
 intended only for the named recipient(s). The email may not be disclosed
 or used by any person other than the addressee, nor may it be copied in
 any way. If you are not the intended recipient please notify the sender
 immediately and delete any copies of this message. Any unauthorised
 copying, disclosure or distribution of the material in this e-mail is
 strictly forbidden.

 LMAX operates a multilateral trading facility.  Authorised and regulated
 by the Financial Services Authority (firm registration number 509778) and
 is registered in England and Wales (number 06505809).
 Our registered address is Yellow Building, 1A Nicholas Road, London, W11
 4AN.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Generating dhcp/pxe configuration from puppet

[Christian Requena]

Hello,

I want to generate my infrastructure's dhcp/pxe config from puppet, but
to go through the node definitions?   Btw. we only use explicit
definitions, no regexp. So everything is explicit.

I thought about using Puppet::Parser...something ... any hints?


Thanks for you help!
Christian

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: puppetlabs-firewall stages and persistence

[Christian McHugh]

Great! ... almost?

The Firewall notify dependency check almost covers everything. I really 
like its elegance.

The one problem I can still think of is that the firewall module is not the 
only one setting firewall rules. In the puppetlabs/apache module, for 
example, it attempts to open up port 80. Since there is no guarantee when a 
module is applied it is possible the firewall module will kick, followed by 
apache. Since the last rule in the firewall module is to drop all, it will 
match before the apache open port 80.

It is a little bit difficult to test module ordering aside from restarting 
the puppet master and just trying it out on a test node for about an hour. 
So I haven't tested this today. 
You said: 

 the numbers in the namevar are ultimately for how they get 

ordered in the file ruleset as you state - but not what order 

they are _inserted_.


Which makes me still think that the order various modules kick can affect 
the firewall rules. Thus, a stage after main is still needed to guarantee 
that the drop happens last. I hope I'm wrong, is there any alternative? 

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/8LCJU0uojjMJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: puppetlabs-firewall stages and persistence

[Christian McHugh]

Super, it all works great!

Since the whole fwpre class is run before everything else, is it necessary 
to define each resource with dependencies with firewall {002 testing: 
...}-firewall {... as in your gist?

Anyway, works great for us now. Thanks much!

All that remains is waiting for a new release to get firewall rules at boot 
on debian, and then some magic work yet to be done for not stomping on 
custom chains like fail2ban.




On Wednesday, March 14, 2012 11:53:31 AM UTC-5, Ken Barber wrote:

  You said:
 
  the numbers in the namevar are ultimately for how they get
  ordered in the file ruleset as you state - but not what order
  they are _inserted_.
 
  Which makes me still think that the order various modules kick can affect
  the firewall rules. Thus, a stage after main is still needed to guarantee
  that the drop happens last. I hope I'm wrong, is there any alternative?

 If you look at my example in the gist:

 Firewall {
   notify = Exec[persist-firewall],
   before = Class[my_soe::fwpost],
   require = Class[my_soe::fwpre],
 }

 I'm setting it so that by default, every rule firewall resource runs
 'before' Class[my_soe::fwpost], and it requires
 Class[my_soe::fwpre]. So in this example it doesn't need stages -
 just put your pre  post in those classes.

 ken.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/zzV3pegM5bUJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: puppetlabs-firewall stages and persistence

[Christian McHugh]

I appreciate the interest but I don't understand how you can tell me you 
don't have any experience with the module but yet know that I'm doing it 
wrong. The puppetlabs firewall module does not have classes or anything 
else to base a dependency on. I agree, I would rather not use stages, which 
is why I originally posted this to see how folks were making it go. 

If you do find a way to order rules without stages I'd love to hear about 
it.



On Monday, March 12, 2012 7:49:18 AM UTC-5, jcbollinger wrote:

 It is incorrect that you must use run stages to achieve your desired 
 ordering.  In fact, it is *never* the case that run stages are the 
 only solution to ordering issues in Puppet, because there is nothing 
 you can do with them that you cannot also do with ordinary resource 
 relationships. 

 In many cases, solving an ordering problem by use of run stages is 
 like putting in a tack with a sledgehammer: not only is it overkill, 
 it also doesn't afford much precision or finesse. 

 I have no experience with the module in question, so I have no 
 specific suggestions to offer, but if you find run stages too crude a 
 tool for your task then I can advise you about how to achieve your 
 ordering requirements otherwise. 


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/t6rnTOXMrNgJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: puppetlabs-firewall stages and persistence

[Christian McHugh]

In the pre main stage I have defined rules to allow outbound and allow 
related and established. In the post main stage, it does a drop all. Before 
this was organized into stages, occasionally the drop all would get applied 
before keep established and allow outbound, and thus the client could lose 
its connection to the puppet master mid run.

On Tuesday, March 13, 2012 4:16:07 PM UTC-5, Mohamed wrote:

 Just out of curiosity, what do you mean by:

  We ended
  up in situations where the drop rules would kick before the allow
  established rules, and thus kill the puppet run

 In my experience, what breaks is the reporting attempt puppet clients
 makes to the master, not the puppet run itself.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/xBTznk59RKkJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: puppetlabs-firewall stages and persistence

[Christian McHugh]

 Thus far I've only been able to get puppet to run without making the 
 firewall persistent.


In the case of running the exec save-rules in the post: it's no good if 
your hosts are at all dynamic since it only runs after the main stage. So 
if you have an existing host, add another normal firewall rule, that rule 
will get added on the next puppet run. But since the firewall drop rule 
that exists in the post stage has already been pushed out, the post bits 
never get called, and thus the firewall rules are not saved and your update 
will be lost at boot.

I'm hoping something happens in development since there has not been a new 
revision in a little while and the github patches are stacking up.

Cheers

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/GQeDShNZDRAJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] puppetlabs-firewall stages and persistence

[Christian McHugh]

Hi all,

I'm attempting to use the puppetlabs-firewall module. In testing,
rules are enabled in a random order, so it seems necessary to utilize
puppet stages to guarantee proper ordering.

I created a module to organize my firewalling. It consists of
localfw::pre to open the INPUT chain for established and related
connections, localfw::default for most normal rules, and localfw::post
to block everything else.

I run localfw::pre before stage[main] and localfw::post after. This
has fixed my firewall rules ordering issue, yay. However, rules are
now not being saved :(

I tried adding include localfw::config to ::pre, ::post, and ::default
which consisted of the persistence definitions:
exec { persist-firewall:
command = /sbin/iptables-save  /var/lib/iptables/rules.v4,
require = File [/var/lib/iptables],
refreshonly = true,
  }
  Firewall {
notify = Exec[persist-firewall]
  }


and while I don't get any errors, I also don't get any firewall rules
saved. It appears that Firewall never kicks to run the exec. If I add
these bits to localfw::pre, then the pre rules get saved. If I add to
localfw::post then all get saved, as expected. But in that case,
normal firewall changes to a node don't cause localfw::post to run
again, and thus aren't saved.

What is the recommended way to save iptables rules for persistence
when using puppet stages? Has anyone made this work?

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: puppetlabs-firewall stages and persistence

[Christian McHugh]

I've got slightly more info. In trying to figure this out I ran across
http://projects.puppetlabs.com/issues/10665 where it was suggested
that the persist-firewall bits (already shown in the previous message)
get placed into site.pp. This almost worked perfectly.

I've placed the following inside a node definition.
class { localfw::pre: stage = pre }
class { localfw::post: stage = post }
include localfw

If I keep localfw::post empty of firewall definitions, everything
works fine. However, once I place anything in there (such as an empty
test: firewall { 999 testing: ; } I get an error about cyclic
dependencies.

# puppet agent -v --no-daemonize --onetime
info: Retrieving plugin
info: Loading facts in iptables
info: Loading facts in sshkeys
info: Loading facts in etc_facts
info: Loading facts in iptables
info: Loading facts in sshkeys
info: Loading facts in etc_facts
info: Caching catalog for testhost
err: Could not apply complete catalog: Found dependency cycles in the
following relationships: Firewall[999 drop all] = Exec[persist-
firewall], Exec[persist-firewall] = Firewall[999 drop all]; try using
the '--graph' option and open the '.dot' files in OmniGraffle or
GraphViz
notice: Finished catalog run in 0.65 seconds

Is this a bug, or am I doing something wrong? In trying to figure that
out it looks like it may be related to puppet bug #5349? Any thoughts?

The puppetlabs firewall module seems so close to being usable. Saving
the firewall to enable on boot is the last missing bit in my
checklist. Thanks much!

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Dynamically extending the group membership of a custom system user

[Christian Requena]

Hello,

I need to expand the membership of a custom system user depending on the 
availability of some group on the target system i.e.


   user {
logger:
name = logger,
ensure = present,
groups = [adm, wheel, this _group_ if it exists],
shell = /bin/bash;
}

The this _group_ if it exists entry only works, if the group was 
already create.  I need to expand the list of groups depending on the 
availability of some groups like i.e.


  user {
logger:
name = logger,
ensure = present,
[ 'mongodv', 'postgres', 'custom', 'www' ].each do | g |
g.exist? _groups  g.to_s
end
groups = _groups
shell = /bin/bash;
}

I know that is totally wrong, but I just want to describe what I'm 
aiming to.


Thanks!
Christian

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] scope of tags

[Christian G. Warden]

According to the tagging documentation[1], tags are automatically
created for enclosing node, define, and class structures.

  1.  
http://projects.puppetlabs.com/projects/1/wiki/Using_Tags#Automatic-Tagging

If I create three classes like this:
class first {
  tag('doot')
}

class second {
  if tagged(first) {
 warning('first tag found')
  } else {
 warning('first tag not found')
  }
  if tagged(doot) {
 warning('doot tag found')
  } else {
 warning('doot tag not found')
  }
  if tagged(third) {
 warning('third tag found')
  } else {
 warning('third tag not found')
  }
}

class third {
}


and declare them:
class {
  'first':;
  'second':;
  'third':;
}

why does the 'first' tag exist within the 'second' class?  This seems to be
inconsistent with the documentation since 'first' doesn't enclose 'second'.
But given that the 'first' tag is set, why isn't the 'third' tag also set?

Finally, is there a way to extend the scope of a tag through explicit
dependencies?  I'd like to do something like:
Class['first'] - Class['second'] - Class['third']
such that tags 'first', 'doot', and 'third' are all present in 'second'.

Thanks,
Christian

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] explicit class dependencies

[Christian G. Warden]

Do explicit class dependencies work?
This simple example fails with:
Could not find resource 'Class[Config]' for relationship on 'Class[Uses_config]'

class config {
}

class uses_config {
  Class['config'] - Class['uses_config']
}

include uses_config

Am I doing something?

Thanks,
Christian

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] explicit class dependencies

[Christian G. Warden]

On Tue, Dec 06, 2011 at 01:38:38PM -0800, Nan Liu wrote:
 On Tue, Dec 6, 2011 at 12:27 PM, Christian G. Warden cwar...@xerus.org 
 wrote:
  Do explicit class dependencies work?
  This simple example fails with:
  Could not find resource 'Class[Config]' for relationship on 
  'Class[Uses_config]'
 
         class config {
         }
 
         class uses_config {
           Class['config'] - Class['uses_config']
         }
 
         include uses_config
 
  Am I doing something?
 
 You didn't declare include class config. If you intend uses_config to
 automatically include class config, you should declare it there. In
 either case you are missing include config or class { config: }
 somewhere.

Thanks, Nan.  Sorry, I got a little overzealous in trying to come up
with a minimal example.  Here's the problem I was actually trying to
troubleshoot:
class config {
  $x = 'abc'
}

class uses_config {
  Class['config'] - Class['uses_config']
  $x = $config::x
}

include uses_config
include config

This results in:
warning: Scope(Class[Uses_config]): Could not look up qualified variable 
'config::x'; class config has not been evaluated

I think it's similar to the problem I asked about with tags in another thread.
If I include config before uses_config, I don't get an error.

Christian

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

RE: [Puppet Users] Concat module

[Mark Christian]

Can't speak to concat, but you might consider using augeas for managing 
/etc/sysctl.conf.  There is an excellent example of this at: 
http://projects.puppetlabs.com/projects/1/wiki/Puppet_Augeas , see Working 
Examples

 -Original Message-
 From: puppet-users@googlegroups.com [mailto:puppet-users@googlegroups.com]
 On Behalf Of Douglas Garstang
 Sent: Thursday, November 03, 2011 11:59 AM
 To: Puppet Users
 Subject: [Puppet Users] Concat module

 All,

 Trying to use the concat module with:


 class sysctl::common {

 include concat::setup

 concat {
 '/etc/sysctl.conf':
 owner = 'root',
 group = 'root',
 mode  = '0644';
 }

 concat::fragment {
 '/etc/sysctl.conf':
 target  = '/etc/sysctl.conf',
 content = 'kernel.sem=250 32000 32 2048',
 order   = '99';
}

 }

 Getting this error:
 Nov  3 14:54:04 dev-c3-app-90 puppet-agent[8143]: Failed to apply
 catalog: Parameter path failed: File paths must be fully qualified,
 not 'undef' at /etc/puppet/devmp/modules/concat/manifests/setup.pp:37

 What am I doing wrong?

 Doug.

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to puppet-
 users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.



Confidentiality Notice.
This message may contain information that is confidential or otherwise 
protected from disclosure. If you are not the intended recipient, you are 
hereby notified that any use, disclosure, dissemination, distribution,  or 
copying  of this message, or any attachments, is strictly prohibited.  If you 
have received this message in error, please advise the sender by reply e-mail, 
and delete the message and any attachments.  Thank you.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] I managed to break my Cent5 mongrel puppetmaster after upgrading from EPEL .25.5 to 2.6.6

[Mark Christian]

CentOS release 5.7 (Final)
puppet-server-2.6.6-1.el5.noarch
ruby-1.8.5-19.el5_6.1.x86_64
rake, version 0.9.2

The upgrade from 25.5 to 2.6.6 had been working fine.

Not sure if this is relevant: I then attempted to get puppet-dashboard
working using this guide: 
http://docs.puppetlabs.com/guides/installing_dashboard.html
I managed to upgrade rake, but never got this to work: rake
RAILS_ENV=production db:migrate , I then decided to restart the
puppetmaster and now I get this message:

Starting puppetmaster:
Port: 18140/usr/lib/ruby/site_ruby/1.8/puppet/network/http.rb:8:in
`server_class_by_type': Mongrel is not installed on this platform
(ArgumentError)
from /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:157:in
`http_server_class_by_type'
from /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:137:in
`http_server_class'
from /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:58:in
`initialize'
from /usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:104:in
`new'
from /usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:104:in
`main'
from /usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:46:in
`run_command'
from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:304:in `run'
from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:410:in
`exit_on_fail'
from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:304:in `run'
from /usr/sbin/puppetmasterd:4
   [FAILED]

Any help would be most appreciated.  Thanks in advance.

$ cat /etc/puppet/puppet.conf
[main]
# Where Puppet stores dynamic and growing data.
# The default value is '/var/puppet'.
vardir = /var/lib/puppet

# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet

# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet

# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl

[production]
modulepath=/etc/puppet/modules
manifest=/etc/puppet/manifests/site.pp

[development]
modulepath=/etc/puppet/environments/development/modules
manifest=/etc/puppet/environments/development/manifests/site.pp
trace=true
report=false

[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion.  Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt

# Where puppetd caches the local configuration.  An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig

[master]
user = root
storeconfigs = false
dbadapter = mysql
dbuser = puppet
dbpassword =
dbserver = localhost
dbsocket = /var/lib/mysql/mysql.sock

modulepath = $confdir/modules

factsync = true
factpath = $vardir/facts

environments=production,development

# The list of reports to generate.  All reports are looked for
# in puppet/reports/name.rb, and multiple report names should be
# comma-separated (whitespace is okay).
# The default value is 'store'.
reports = store, rrdgraph, tagmail
tagmap = /etc/puppet/tagmail.conf

# Whether RRD information should be graphed.
rrdgraph = true

# How often RRD should expect data.
# This should match how often the hosts report back to the server.
# The default value is '$runinterval'.
rrdinterval = $runinterval

# The directory where RRD database files are stored.
# Directories for each reporting host will be created under
# this directory.
# The default value is '$vardir/rrd'.
rrddir = $vardir/rrd

$ cat /etc/sysconfig/puppetmaster
# Location of the main manifest
#PUPPETMASTER_MANIFEST=/etc/puppet/manifests/site.pp

# Where to log general messages to.
# Specify syslog to send log messages to the system log.
#PUPPETMASTER_LOG=syslog

# You may specify an alternate port or an array of ports on which
# puppetmaster should listen. Default is: 8140
# If you specify more than one port, the puppetmaster ist
automatically
# started with the servertype set to mongrel. This might be
interesting
# if you'd like to run your puppetmaster in a loadbalanced cluster.
# Please note: this won't setup nor start any loadbalancer.
# If you'd like to run puppetmaster with mongrel as servertype but
only
# on one (specified) port, you have to add --servertype=mongrel to
# PUPPETMASTER_EXTRA_OPTS.
# Default: Empty (Puppetmaster isn't started with mongrel, nor on a
# specific port)
#
# Please note: Due to reduced options in the rc-functions lib in RHEL/
Centos
# versions prior to 5, this feature won't work. Fedora versions = 8
are
# known to work.
#PUPPETMASTER_PORTS=
# Puppetmaster on a 

[Puppet Users] Re: I managed to break my Cent5 mongrel puppetmaster after upgrading from EPEL .25.5 to 2.6.6

[Mark Christian]

I removed the rubygem-mongrel rpm and reinstalled it.  That appears to
have fixed my issue.

On Oct 13, 6:22 pm, Mark Christian mchri...@altera.com wrote:
 CentOS release 5.7 (Final)
 puppet-server-2.6.6-1.el5.noarch
 ruby-1.8.5-19.el5_6.1.x86_64
 rake, version 0.9.2

 The upgrade from 25.5 to 2.6.6 had been working fine.

 Not sure if this is relevant: I then attempted to get puppet-dashboard
 working using this 
 guide:http://docs.puppetlabs.com/guides/installing_dashboard.html
 I managed to upgrade rake, but never got this to work: rake
 RAILS_ENV=production db:migrate , I then decided to restart the
 puppetmaster and now I get this message:

 Starting puppetmaster:
 Port: 18140/usr/lib/ruby/site_ruby/1.8/puppet/network/http.rb:8:in
 `server_class_by_type': Mongrel is not installed on this platform
 (ArgumentError)
         from /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:157:in
 `http_server_class_by_type'
         from /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:137:in
 `http_server_class'
         from /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:58:in
 `initialize'
         from /usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:104:in
 `new'
         from /usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:104:in
 `main'
         from /usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:46:in
 `run_command'
         from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:304:in `run'
         from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:410:in
 `exit_on_fail'
         from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:304:in `run'
         from /usr/sbin/puppetmasterd:4
                                                            [FAILED]

 Any help would be most appreciated.  Thanks in advance.

 $ cat /etc/puppet/puppet.conf
 [main]
     # Where Puppet stores dynamic and growing data.
     # The default value is '/var/puppet'.
     vardir = /var/lib/puppet

     # The Puppet log directory.
     # The default value is '$vardir/log'.
     logdir = /var/log/puppet

     # Where Puppet PID files are kept.
     # The default value is '$vardir/run'.
     rundir = /var/run/puppet

     # Where SSL certificates are kept.
     # The default value is '$confdir/ssl'.
     ssldir = $vardir/ssl

 [production]
 modulepath=/etc/puppet/modules
 manifest=/etc/puppet/manifests/site.pp

 [development]
 modulepath=/etc/puppet/environments/development/modules
 manifest=/etc/puppet/environments/development/manifests/site.pp
 trace=true
 report=false

 [agent]
     # The file in which puppetd stores a list of the classes
     # associated with the retrieved configuratiion.  Can be loaded in
     # the separate ``puppet`` executable using the ``--loadclasses``
     # option.
     # The default value is '$confdir/classes.txt'.
     classfile = $vardir/classes.txt

     # Where puppetd caches the local configuration.  An
     # extension indicating the cache format is added automatically.
     # The default value is '$confdir/localconfig'.
     localconfig = $vardir/localconfig

 [master]
     user = root
     storeconfigs = false
     dbadapter = mysql
     dbuser = puppet
     dbpassword =
     dbserver = localhost
     dbsocket = /var/lib/mysql/mysql.sock

     modulepath = $confdir/modules

     factsync = true
     factpath = $vardir/facts

     environments=production,development

     # The list of reports to generate.  All reports are looked for
     # in puppet/reports/name.rb, and multiple report names should be
     # comma-separated (whitespace is okay).
     # The default value is 'store'.
     reports = store, rrdgraph, tagmail
     tagmap = /etc/puppet/tagmail.conf

     # Whether RRD information should be graphed.
     rrdgraph = true

     # How often RRD should expect data.
     # This should match how often the hosts report back to the server.
     # The default value is '$runinterval'.
     rrdinterval = $runinterval

     # The directory where RRD database files are stored.
     # Directories for each reporting host will be created under
     # this directory.
     # The default value is '$vardir/rrd'.
     rrddir = $vardir/rrd

 $ cat /etc/sysconfig/puppetmaster
 # Location of the main manifest
 #PUPPETMASTER_MANIFEST=/etc/puppet/manifests/site.pp

 # Where to log general messages to.
 # Specify syslog to send log messages to the system log.
 #PUPPETMASTER_LOG=syslog

 # You may specify an alternate port or an array of ports on which
 # puppetmaster should listen. Default is: 8140
 # If you specify more than one port, the puppetmaster ist
 automatically
 # started with the servertype set to mongrel. This might be
 interesting
 # if you'd like to run your puppetmaster in a loadbalanced cluster.
 # Please note: this won't setup nor start any loadbalancer.
 # If you'd like to run puppetmaster with mongrel as servertype but
 only
 # on one (specified) port, you have to add --servertype=mongrel to
 # PUPPETMASTER_EXTRA_OPTS.
 # Default: Empty

Re: [Puppet Users] Re: Strange Could not find dependency error

[Christian Kauhaus]

Am 10.08.2011 22:24, schrieb piavlo:
 Does anyone have clear logical explanation why nagios::client 
 nagios::server
 have no dep problems but nagios-client  nagios-server does?

- is no legal character in identifier names. Unfortunately, the error
messages are not very helpful in such a case.

Regards

Christian

-- 
Dipl.-Inf. Christian Kauhaus  · k...@gocept.com · systems administration
gocept gmbh  co. kg · forsterstraße 29 · 06112 halle (saale) · germany
http://gocept.com · tel +49 345 1229889 11 · fax +49 345 1229889 1
Zope and Plone consulting and development

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Puppet Class is applied but is not executed

[christian huber]

Hi all,

i' am having a strange problem with a puppet class, basically i wrote
a small class, no special content (ensure packed is installed). I
applied this class to a linuxbox with puppetclient 2.6.4 installed
(and working for the other classes).

So the problem if I'am forcing now the client to get the new
configuration, it does it very well. No error's even with the debug
option. In the /var/lib/puppet directory i take a look at the
classes.txt and i find the new class inside.

So i try to force en error with the class be doing a modifying the
class and adding a parser error. Executing again on the linuxbox the
puppet command, nothing happens. I would now expect a error. But it
looks like puppet just doesn't executed this class.

anyone a idea what i'am missing .. ?

thanks
Christian

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Could not find a default provider for package

[Christian Kauhaus]

Am 19.06.2011 03:24, schrieb d0ugb:
 Need some help here. I am using puppet to mange some Gentoo boxes, and
 when working with packages I keep getting the following error:
 Could not find a default provider for package

I suspect that the portage package provider need 'eix' to function. Is eix
installed?

Regards

Christian

-- 
Dipl.-Inf. Christian Kauhaus  · k...@gocept.com · systems administration
gocept gmbh  co. kg · forsterstraße 29 · 06112 halle (saale) · germany
http://gocept.com · tel +49 345 1229889 11 · fax +49 345 1229889 1
Zope and Plone consulting and development

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Cannot dry run puppet on the puppetmaster

[Christian Kauhaus]

Am 08.05.2011 05:12, schrieb treydock:
 Here's the output using debug option.
 [...]
 debug: catalog supports formats: b64_zlib_yaml dot marshal pson raw
 yaml; using pson
 err: Could not retrieve catalog from remote server: execution expired
 warning: Not using cache on failed catalog
 err: Could not retrieve catalog; skipping run

There's not much to see here. It would probably more informative to start
the server with the --debug flag and see what is going on there.

Regards

Christian

-- 
Dipl.-Inf. Christian Kauhaus  · k...@gocept.com · systems administration
gocept gmbh  co. kg · forsterstraße 29 · 06112 halle (saale) · germany
http://gocept.com · tel +49 345 1229889 11 · fax +49 345 1229889 1
Zope and Plone consulting and development

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] help with template and has_variable?

[Christian Kauhaus]

Am 02.05.2011 15:41, schrieb Arnau Bria:
 so, any ideawhy is ruby doing it? 

Identifiers beginning with uppercase letters denote constants in Ruby. The
most visible example for this rule are class names. Class names are
constants that point to their respective class objects.

Regards

Christian

-- 
Dipl.-Inf. Christian Kauhaus  · k...@gocept.com · systems administration
gocept gmbh  co. kg · forsterstraße 29 · 06112 halle (saale) · germany
http://gocept.com · tel +49 345 1229889 11 · fax +49 345 1229889 1
Zope and Plone consulting and development

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppetmaster best practice for multiple zones

[Christian Kauhaus]

Am 19.04.2011 18:13, schrieb James Bailey:
 I am bit stuck however for how best I can managed the remaining two
 zones.  Do create another two puppetmasters and configure them to use
 the existing storeconfigs DB I am currently using.  Or do I have two
 additional standalone puppetmasters?  If do the later how will I be
 able to unify my view of the three zones?

I'd prefer one puppetmaster for everything. If the puppetmaster needs to
reachable from everywhere, it belongs into the production zone.

Regards

Christian

-- 
Dipl.-Inf. Christian Kauhaus  · k...@gocept.com · systems administration
gocept gmbh  co. kg · forsterstraße 29 · 06112 halle (saale) · germany
http://gocept.com · tel +49 345 1229889 11 · fax +49 345 1229889 1
Zope and Plone consulting and development

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Multiple file path for single module in the fileserver.conf

[Christian]

Yeah i have two repositories with different kind of configuration
which are managed under different responsiblity. But from the logical
point of view they belonging to the same module.

There could be a kind of priorisation that the in case of a clash only
the file from the first file location should be taken.

Is there an interest on a change request?

As a workaround i probably will simply create two separated modules.


On 13 Apr., 16:01, Felix Frank felix.fr...@alumni.tu-berlin.de
wrote:
 On 04/12/2011 04:44 PM, Christian wrote:

  Is it possible to have multiple file paths defined for a single module
  in the fileserver.conf?

  For example

  [files]
    path /first/path/files
    path /second/path/files
    allow *

 What's this supposed to do?

 You probably want to be able to serve files from each tree. But what if
 both trees contain files with identical names?

 Regards,
 Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Multiple file path for single module in the fileserver.conf

[Christian]

Is it possible to have multiple file paths defined for a single module
in the fileserver.conf?

For example

[files]
  path /first/path/files
  path /second/path/files
  allow *

[modules]
  allow *

[plugins]
  allow *


The here described configuration did not work as i tried it already.
Any idea if this is possible.

Thanks a lot

Christian

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Use puppet to preconfigure gnome gvfs shares

[Christian Kauhaus]

Am 01.04.2011 11:11, schrieb spidernik84:

1. puppet detects the logged in username and sets this as a variable
2. puppet outputs a customized .gtk-bookmarks file with the network
paths inside, in this format 
smb://domain.com;john...@url.of.the.server/home$/johndoe
Johndoe share
3. puppet saves this file as /home/johndoe/.gtk-bookmarks


I don't think that Puppet is designed to support this sort of interactive 
behavior. I'd rather suggest to deploy a custom shell script via Puppet that 
performs the outlined actions on a user's first login. For example, pam_exec 
is providing this functionality. Something in /etc/profile (or your login 
shell's equivalent) would also be feasible.


Regards

Christian

--
Dipl.-Inf. Christian Kauhaus  · k...@gocept.com · systems administration
gocept gmbh  co. kg · forsterstraße 29 · 06112 halle (saale) · germany
http://gocept.com · tel +49 345 1229889 11 · fax +49 345 1229889 1
Zope and Plone consulting and development

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Use puppet to preconfigure gnome gvfs shares

[Christian Kauhaus]

Am 31.03.2011 15:19, schrieb spidernik84:

Here's the problem: how to instruct puppet to generate a customized
file with the interpretedusername  variable, and how to tell puppet
to place this file in /home/username?
Ideally, the file should be created only at first login to avoid
existing bookmarks to be overwritten...


The problem is not very clear to me. Do you just try to manage a file with a 
variable in it's path name?


Given that the target username is already present as a variable in the 
manifest, you'd just write:


file {
  /home/${username}/path/to/file:
content = template(path/to/template)
}

given that the template makes use of the $username variable too. If you need 
the same procedure for more than one user, wrap the whole thing into a define. 
Add 'replace = false' to make this a one-shot operation.


Did I get the problem right? Did I miss something?

Regards

Christian

--
Dipl.-Inf. Christian Kauhaus  · k...@gocept.com · systems administration
gocept gmbh  co. kg · forsterstraße 29 · 06112 halle (saale) · germany
http://gocept.com · tel +49 345 1229889 11 · fax +49 345 1229889 1
Zope and Plone consulting and development

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] RFC: Splitting up the file{} type functionality.

[Christian Kauhaus]

Am 22.03.2011 23:52, schrieb Nigel Kersten:
 If you're enabling recursive copies for Directories, then you're also
 supporting the 'source' property, and you're also supporting the
 links = {follow, manage, ignore} parameter and recurse and
 recurselimit

I see your point.

As an alternative, extracting the recursive directory copy facility is
definitely a step in the right direction. I'm not sure if the symlink
feature should be extracted too. It should at least get a different
parameter name, though. The overloaded 'ensure' is confusing.

Regards

Christian

-- 
Dipl.-Inf. Christian Kauhaus  · k...@gocept.com · systems administration
gocept gmbh  co. kg · forsterstraße 29 · 06112 halle (saale) · germany
http://gocept.com · tel +49 345 1229889 11 · fax +49 345 1229889 1
Zope and Plone consulting and development

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] RFC: Splitting up the file{} type functionality.

[Christian Kauhaus]

Am 22.03.2011 02:53, schrieb Nigel Kersten:

The intersection of files and directories isn't that big a deal, but
we could split out directories too if we wanted.


From the user's perspective, it's more like the other way round. We should 
not let implementation issues guide the design of the manifest language. Files 
and directories are different concepts, but symlinks to either files or 
directories are handled mostly transparently.


I would rather suggest a File and a Directory type. Both types should share 
basic attributes like owner/mode etc and both should support symlinks. Each 
one has unique attributes: files should support source/content, while 
directories should support the recursive copy feature.


Regards

Christian

--
Dipl.-Inf. Christian Kauhaus  · k...@gocept.com · systems administration
gocept gmbh  co. kg · forsterstraße 29 · 06112 halle (saale) · germany
http://gocept.com · tel +49 345 1229889 11 · fax +49 345 1229889 1
Zope and Plone consulting and development

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] RFC: Refactoring the mount provider.

[Christian Kauhaus]

Am 17.03.2011 18:40, schrieb Nigel Kersten:
 TL;DR The mount provider has used a mish-mash of checking fstab and
 actual mount state to determine state. A possible solution we're
 looking at is splitting into two types, one that manages /etc/fstab
 (or /etc/filesystem on other OSes), and one that manages actual mount
 state.

+1

Regards

Christian

-- 
Dipl.-Inf. Christian Kauhaus  · k...@gocept.com · systems administration
gocept gmbh  co. kg · forsterstraße 29 · 06112 halle (saale) · germany
http://gocept.com · tel +49 345 1229889 11 · fax +49 345 1229889 1
Zope and Plone consulting and development

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Proposal: strict mode for manifests

[Christian Kauhaus]

Am 08.03.2011 23:37, schrieb Robin Bowes:
 I'd really like puppet to blow-up at this stage and tell me that I've
 used an variable without defining it first. Those familiar with perl
 will recognise this as use strict;.

I would greatly appreciate such a feature.

Is there already a ticket to vote?

Regards

Christian

-- 
Dipl.-Inf. Christian Kauhaus  · k...@gocept.com · systems administration
gocept gmbh  co. kg · forsterstraße 29 · 06112 halle (saale) · germany
http://gocept.com · tel +49 345 1229889 11 · fax +49 345 1229889 1
Zope and Plone consulting and development

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: puppet dashboard group and class

[Christian]

Hi Nicolas,

i had exactly the same problem when i start using puppet dashboard
some months ago. There is no documentation about it on the page and i
would say that the names 'Classes' and 'Groups' are used unlucky. It
turns out that classes acutally are the puppet modules (why the hell
they dont use the same expression in puppet dashboard like in the rest
puppet) and groups can be used to model a kind of inheritance. If you
use classes and groups you have to use puppet dashboard as an external
node classifier means you are not using node.pp anymore. The modeling
which module belongs to which node will be done then in puppet
dashboard. Your class name have of course be exactly the same name as
the module name you have in your folder structure in the puppet module
folder.

Hope that helps a bit

Christian



On 15 Dez., 02:17, Nicolas Aizier nicolas.aiz...@googlemail.com
wrote:
 Hi everyone,

 I'm actually kind of new in puppet but I'm doing good in progressing.
 I have read lot of docs and how to to understand the whole behaviour
 of puppet.
 Installed a puppet master server, deployed 15 clients to test it on
 some of our testing servers.
 Written modules to get exactly what we want, and then installed puppet
 dashboard which work really fine.

 My question might sound a bit noobish but I'm stuck on that point and
 I really don't like to don't understand every part of a tool.
 What is the use of adding groups and class in the dashboard ?
 It seems that the dashboard don't see your class from the modules (saw
 that it will be corrected soon), but what is the point to creating
 class in the GUI ? Can you do anything with that ? and if yes will
 that not spread the config through dashboard + puppet config files,
 it'll be messy to maintain 
 Same question with the groups, I understand that you can assign class
 to groups so it's easyer to add a server in a global behavior but it
 only uses class from dashboard . And is there a way to create such
 group in puppet config files (if yes I didn't manage to find it ...) ?

 Thx a lot for your time and to all the puppet users !

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: managing normal users with Puppet

[Christian]

In this context i have a question.

I migrate an autoyast settings into Puppet modules. Originally users
are created in the autoyast file for SLES9.

Following setting i have for one of my user.

encrypted config:type=booleantrue/encrypted

Unfortuniatially i can't find such a flag as a parameter for the
puppet 'user' resource.

Christian

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Puppetrun reports certificates were not trusted

[Christian]

Actually that problem were solved by simply rebooting all machines.
After a restart suddenly it worked for all of them.

From time to time i experience however that single nodes produces
following errors even if i havent run puppetrun very short before that
run:

Host hostname is already running
finished with exit code 3

If i run puppetrun a second time than the same node does not report
problems anymore.
Does anybody know what is the background of that problem?

Christian

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] templating woes....

[Christian Kauhaus]

Am 15.10.2010 00:42, schrieb Jacob Helwig:
 % nagios_conf_dirs.each do |dir| -%
 cfg_dir=%= dir %
 % end -%

I would rather prefer the for notation in templates, since it is
easier to read when interspersed with other text:

| % for dir in nagios_conf_dirs -%
| cfg_dir=%= dir %
| % end -%


Regards,
  Christian

-- 
Dipl.-Inf. Christian Kauhaus  · k...@gocept.com · systems administration
gocept gmbh  co. kg · forsterstraße 29 · 06112 halle (saale) · germany
http://gocept.com · tel +49 345 1229889 11 · fax +49 345 1229889 1
Zope and Plone consulting and development

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Puppetrun reports certificates were not trusted

[Christian]

Hi Doug,

What i did with my manual puppet runs was a copy of the ntp.conf files
to the clients and restart the ntp service.
So if you would declare that as a time change... yeah i did change
it.

Times on server and clients are complete identically. I checked the
validity of the certificate regarding the valid time range. And the
time range seems correct for me.

The most problems with that were due to wrong time synchronisation
which ends up to a time on the client outside the certificate time
validity treshold. That however seems not the case for me.

I dont understand what is the difference between the working node and
the rest of the node...

Thanks a lot

Christian



On 14 Okt., 06:10, Douglas Garstang doug.garst...@gmail.com wrote:
 On Tue, Oct 12, 2010 at 10:32 AM, Christian 



 berwangerchrist...@googlemail.com wrote:
  Hi all,

  All my nodes are signed successfully with the puppetmaster. A manual
  puppetd run works perfectly on every node. A report is generated for
  each run in puppet-dashboard.

  All machines are correctly synchronised via ntp.

  Using puppetrun on one of my node works without problem. However using
  puppetrun on the rest of the nodes does suddenly not work.

  Following is reported:

  HOSTNAME Certificates were not trusted: certificate erify failed.
  HOSTNAME finished with exit code 2

  Under [puppetmasterd] i set the certname = PUPPETMASTERHOST

  I tried as well to delete the /ssl folder on the client and
  regenerated them but with out success on the puppetrun result.

  Has somebody an idea what is going wrong here.

 I've seen this too. Did your time change during a previous puppet run on
 your client?

 Doug.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Puppetrun reports certificates were not trusted

[Christian]

Hi all,

All my nodes are signed successfully with the puppetmaster. A manual
puppetd run works perfectly on every node. A report is generated for
each run in puppet-dashboard.

All machines are correctly synchronised via ntp.

Using puppetrun on one of my node works without problem. However using
puppetrun on the rest of the nodes does suddenly not work.

Following is reported:

HOSTNAME Certificates were not trusted: certificate erify failed.
HOSTNAME finished with exit code 2

Under [puppetmasterd] i set the certname = PUPPETMASTERHOST

I tried as well to delete the /ssl folder on the client and
regenerated them but with out success on the puppetrun result.

Has somebody an idea what is going wrong here.

Thanks a lot

Christian

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Puppet Server

[Christian Bryant]

I'm going to be starting a project in a month or so for a Puppet
Server using SUSE Studio to generate the ISO and VM I'll be using for
testing.  I'm curious to get feedback from folks that have already
built Puppet servers.  I don't have any specific questions yet,
naturally, but I would like to know how it's working for you.  Also,
per every server, how nodes on average is everyone managing?

Cheers,

Christian Bryant
http://en.opensuse.org/User:christian_bryant

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Installing puppet 0.25.5 on SLES 9 64bit

[Christian]

Thanks to Sandor's suggestion i was able to run facter. By running
puppetd with the right ruby path a new error message appeared.

It seems that it can't be found the ./openssl.so library.

Following message appears:
Cannot open shared object file: No such file or directory - ./
openssl.so (LoadError)

The file openssl.so i was able to find on the system so i pointed also
a second ruby loadpath on that folder. However without success...

Some idea how to solve that problem and how i can make the ./
openssl.so loadable?

Christian

On 30 Sep., 10:26, Sandor Szuecs sandor.szu...@fu-berlin.de wrote:
 On Sep 29, 2010, at 3:45 PM, Christian wrote:

  /usr/sbin/puppetd:159:in `require': No such file to load -- puppet/
  application/puppetd (LoadError)
         from /usr/sbin/puppetd:159

  What went wrong here? Is there a bug in the rpm? Or do i have to set a
  path somewhere?

 It seems you have to set the ruby loadpath, $:, yourself to the folder
 where the files puppet.rb and facter.rb are.
 You can add a load path with `ruby -Ipath/to/load` or add it to GEM_PATH
 env variable. You can add a path to $GEM_PATH separated with ':', like
 bash/zsh $PATH.

 All the best, Sandor Szücs
 --

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.