[Puppet Users] Re: Nodes graphs

2011-04-03 Thread donavan 
On Apr 3, 10:10 am, Jean Baptiste FAVRE
 wrote:
> But I would like to highlight nodes dependenxies as well.
> Is there any way to get a global "node-centric" graph ?
> If yes, how: server-side, client-side, both ?

You might want to try this on puppet-dev. As far as I recall there's
no network graph representing node interactions. I think this is on
the ToDo list.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Propagating local config changes from a client to the puppetmaster

2011-03-03 Thread donavan 
On Mar 2, 5:52 pm, Patrick Connolly 
wrote:
> Any thoughts? I like the Git idea, and might pursue that, but wondering if
> anyone has input :)

If you're on EL you may want to look at cft[1]. I thought I saw
mention of work to bring ti to Deb based distros as well. I haven't
actually used it, but looks like the poor cousin of DevStructure
Blueprint.


[1] http://cft.et.redhat.com/

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Test driven manifests?

2011-02-26 Thread donavan 
On Feb 25, 4:24 pm, Dan Bode  wrote:
> this is what cucumber-puppet does.
>
> https://github.com/nistude/cucumber-puppet

I'll second cucumber-puppet. Being able to verify catalog compilation
is a great step. Beyond that you can test resources for the catalogs
as well.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Puppet 2.6 Environments

2011-02-24 Thread donavan 

I suspect you're hitting #3910, or a variant. It's possible for the
master and client to disagree on the clients environment. The client
will always request file paths based on it's concept of environment,
regardless of what the master/catalog/external node classifier
defines.

Remove $environment from your source parameters, it's already baked in
to the actual request URI. On your puppet clients try to specify the
desired environment:  'puppet agent -t --environment pax_prod'
If that works a template for puppet.conf with something like this may
help:
[main]
  environment = <%= $environment %>


If that's not the issue I'd look at fileserver.conf or access.conf
settings next.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Puppetmaster/Amazon EC2/DNS

2011-02-23 Thread donavan 
On Feb 23, 1:25 pm, Brice Figureau 
wrote:
> I unfortunately didn't had time to work on my network device framework
> for more than a month. I expect to resume this work soon :)

I know what that's like. That aws code has been sitting since the
beginning of January.

> I'm not sure it will be generic enough to support what you want to do,
> but that'd be a great opportunity to generalize it :)

Sure. I recall a lot of overlap in the NetworkDevice class that you
were basing on. The thing that really killed my provider was
serialized actions at internet latencies. The paradigm of batch
fetching the status, updating hashed instances, then flushing changes
seemed to be a smarter way forward. Route 53 also happened to map on
to your "network" components as well. I have sets of credentials with
many domains (devices), with many hosts (interfaces).

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Puppetmaster/Amazon EC2/DNS

2011-02-23 Thread donavan 
I actually made a type and provider for managing Route 53 entries a
while back[1].

I was putting off publishing it until I could rewrite it based on
Brices network device framework. If other people people could find
something like this useful I can clean it up to work with the current
2.6/2.5 and push to github.

[1] http://www.strewth.org/words/2011/02/managing-amazon-route-53-with-puppet/

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Error 400 on SERVER: Could not intern from yaml: can't convert Symbol into String

2011-02-22 Thread donavan 
On Feb 15, 5:21 pm, Patrick  wrote:
> Does anyone have a guess if this bug is in the client, the master, or 
> dashboard?  My report value is "reports = http, store".    If the error was 
> originally from dashboard, would the master have failed to save the file 
> because the order matters?

I've seen this previously. I ended up noticing this in interactive
tests, and when some clients would go "stale". Looking at debug the
error was only with storing the report on the server, the client was
fine otherwise. I only use "reports = http", so I;m not sure if you'd
have the "store" copy.

Didn't look in much detail as, IIRC, it was fixed shortly after I
noticed. I think it was recently fixed in one of the 2.6.x minor
releases, 2.6.4 maybe?. Looking at changelog would be a good starting
place to narrow it down more.

Depending on how you run the master (webrick, passenger, etc) you
should have a better error message there. Unfortunately some of the
error logs arent time stamped so it requires guesstimation.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Trigger an event after a puppet run

2011-02-16 Thread donavan 
On Feb 16, 3:38 am, "Derek J. Balling"  wrote:
> >        size = self.logs.size
> >        if size == 0 then
> >            system "/usr/lib/nagios/eventhandlers/submit_puppet_result
> > " + ip + " puppet-report 0 \"There has been no change\""
> >        else
> >            system "/usr/lib/nagios/eventhandlers/submit_puppet_result
> > " + ip + " puppet-report 2 \"There have been " + size.to_s + "
> > changes\""
> >        end
> >    end
> > end
>
> This seems, at face value, to only be reporting upward "change/no-change" 
> type of thing.
>
> I'm not at all "ruby-ready" as it were, in terms of programming skill, but it 
> occurs to me that I can think of other conditions I'd be interested in 
> reporting upward (syntax or other errors in the catalog received, or anything 
> really, which causes a cached catalog to be used).
>
> Is there some easy way to add that functionality into this script?

Off hand you may be interested in the metrics portion of the report.
Something like metrics["changes"][:failed] would give you access to
any resources that failed to apply.
I don't recall how/if actual catalog failures are show in reports. A
syntax error, for example, happens on the master and is presented to
the client as a server error.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: reduced "verbose" output

2011-02-16 Thread donavan 
On Feb 15, 1:27 pm, David Bishop  wrote:
> In a perfect world, we could have three possible "verbosity" levels:
>
> 1) Only show errors (failures to compile the catalog, "fails", etc)
>
> 2) #1 + all changes (Anything "notice", in a normal --test run), but
> without the diffs that you would normally get or anything "info" level.
>
> 3) The full output (What you get with --verbose now) including info
> (loading custom facts, diffs to changed files, etc).
>

David,

I got a bit sidetracked there. Puppet logs with the standard syslog
levels internally[2]. The 'agent' application only accepts switches
for the 'debug' and 'info' levels currently[3]. I suspect that most of
the internal actions are debug/info/warn/err, so there's probably not
enough variance. Currently you're looking at all this through
the :console log destination[4]. A new destination that outputs
structured data may do what you want too. Then you could call --
logdest json and parse that back on the mc agent.

Sending a copy of the 'report' metrics back to the mc client is
probably the best way to get what you want. Then your clients can
filter what they care about. For that you;d need a new terminus
besides 'rest'. If there's not an open RFE for this I'd open one.
Looks like #4712 [5] may be related.

[2] lib/puppet/util/log.rb
[3] lib/puppet/application/agent.rb#setup_logs
[4] lib/puppet/util/log/destinations.rb
[5] http://projects.puppetlabs.com/issues/4712

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: reduced "verbose" output

2011-02-15 Thread donavan 
On Feb 15, 1:27 pm, David Bishop  wrote:
> Does this sound reasonable?  Is it currently possible (and if so,
> pointers are welcome!)?  If I could make my trained developer monkey do
> the actual work, would patches implementing this be accepted?

You may also be interested in the --summarize option if you're
catching stdout.

As far as I know transaction reports are only serialized and sent to
the server[1]. The server is what actually processes the 'reports'
config parameter.

I'd really like alternate agent report methods as well. I think you'd
be well served by outputting structured 'report' data from the agent.
Emitting something like @metrics.to_json and then catching it with
'reply[:output] = JSON.parse(%x[#{@puppetd} --onetime --
reports=json,rest])' would be swell.

[1] lib/puppet/application/agent.rb:
Puppet::Transaction::Report.terminus_class = :rest

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Keeping a directory clean at top level

2011-02-15 Thread donavan 


On Feb 15, 10:04 am, Rich Rauenzahn  wrote:
> Say we have a directory called /FOO-- we want to only have in it what
> puppet puts into it.
...
> puppet resource file /tmp/empty_me ensure=directory purge=true
> source=/tmp/empty recurse=true recurselimit=1 force=true

I use this pattern myself, something like

file {
"/tmp/test":
ensure => directory,
purge => true,
recurse => true,
recurselimit => 1,
force => true;
"/tmp/test/foo":
ensure => directory;
}

For your particular case I suspect it's because your using the
resource application, instead of agent or apply. The applied catalog
doesn't have any other managed resources. Using the above snippet /tmp/
test/foo is ignored as a managed resource and can contain anything.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: convert yum repos into manifest

2011-02-09 Thread donavan 


On Feb 8, 4:30 pm, Michael Knox  wrote:
> Try ralsh yumrepo
>
> Just discovered that ralsh can even use custom types out of my modules
> ... cool

Yup. You can do some really cool things with custom types and
providers:
tmp donavanm$ sudo puppet resource route53
route53 { 'foo.strewth.org.':
ensure => 'present',
value => ['192.168.0.1'],
rtype => 'A',
zone => 'strewth.org.',
ttl => '360'
}

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: accessing puppet config variables inside a manifest

2011-02-01 Thread donavan 
On Jan 31, 10:09 am, Nan Liu  wrote:
> On Mon, Jan 31, 2011 at 9:06 AM, Gabriel Filion  wrote:
> Yeah, that would make manifests a lot more flexible. Here's a function
> that should work for this purpose and potentially other puppet
> configuration variables as well:

You can also wedge this in to an inline template like:
inline_template('<%= Puppet.settings[:vardir] %>')

The first (large) caveat is that this checks the setting on the puppet
master. I'm not sure if you want the value from the client. If so I
suspect you'd need to create a facter fact that parsed your
puppet.conf.

I'm also not sure on the best way to access Puppet settings. It's been
a while since I've done this off hand. I know (previously?) settings
could be accessed differently based on their section(s) in
puppet.conf. [master] and [main] may have different settings, for
example.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Puppet delegation / teams

2011-02-01 Thread donavan 
On Jan 31, 3:05 am, Pieter Baele  wrote:
> - doing some sort of check if their recipes / templates work.

A stronger check than --parseonly is to use a tool like cucumber-
puppet. It's very simple to verify that a nodes catalog can actually
compile, not just parse. Additionally you can do things like inspect
final resources to verify any required parameters.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Tell puppetmaster to restart

2011-01-26 Thread donavan 
On Jan 26, 4:16 am, JupiterMoonBeam 
wrote:
> However, there's a delay of one run between changes (as the repo gets
> updated but the current run is still under the old config).  Is there
> anyway of getting puppet to rerun with the new config when the repo
> changes?

As Daniel mentioned it isn't possible to apply that new information
inside the current catalog. However you may be able to fake it. Are
you running puppet agent as a daemon or a cronjob? If it's resident as
a service you can signal puppet to restart itself:
vcsrepo { 'puppet-production': notify => Service['puppet'] }

As I recall it will exit part way through the current run, restart,
request a new catalog, and run again.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Provider requires package to work

2011-01-26 Thread donavan 
On Jan 26, 9:20 pm, donavan  wrote:
> A common pattern to work around this is to use a 'boot strap' when
> provisioning a node. This boot strap only contains enough resources to
> get the machine, and puppet, to a workable state. After that a second
> 'full' run is done which applies the typical catalog. To implement
> this I prefer just using tags, though I know others have used stages
> and environments as well.

Forgot to mention there's an open issue where plugins, like providers,
aren't synced if you use --tags with puppet agent. A simple work
around is to use a 'full' run with --noop, which will sync plugins but
not apply resources:
puppet agent -t --noop # gets plugins, facts, etc
puppet agent -t --tags boot_strap # install minimal resources like
resolv.conf & Package[bind-utils]
puppet agent -t # 'full' run which applies everything else.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Provider requires package to work

2011-01-26 Thread donavan 
On Jan 26, 1:58 am, Jakub Pastuszek  wrote:
>
> Is it possible to tell Puppet to ensure a package is installed before
> using a custom provider that needs it for operation?
> Or I need to make sure that base OS contains all the commands that any
> provider may ever need?

I seem to recall that this is a known issue, but not solved yet. I'd
suggest reposting to puppet-dev.

A common pattern to work around this is to use a 'boot strap' when
provisioning a node. This boot strap only contains enough resources to
get the machine, and puppet, to a workable state. After that a second
'full' run is done which applies the typical catalog. To implement
this I prefer just using tags, though I know others have used stages
and environments as well.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Check version of installed RPM

2011-01-24 Thread donavan 
On Jan 24, 5:07 am, Jonathan Gazeley 
wrote:
> Hi all,
>
> Is there a way to use the Package type to find the version number of an
> installed RPM?

Have you seen 'ralsh', or 'puppet resource'[1]? You can use these
interactively to interrogate the state of a system,  'puppet resource
package foo'.
I don't recall if the common Package providers ouput more than 'ensure
=> absent|present". It's up to your provider (rpm, fbsd, etc) to
provide the state information in it's instances method. I imagine many
will only test presence, for speed. It should perfectly reasonable to
fork and create your own copy of the provider that queries for
versions etc.

[1] http://docs.puppetlabs.com/guides/tools.html#puppet-resource-or-ralsh

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: help writing types/provider

2011-01-22 Thread donavan 
On Jan 21, 11:13 am, Dick Davies  wrote:
> ensurable do
>    defaultto 'present'
> end

I've always specified the methods:
ensurable do
newvalue(:present) do
provider.create
end
newvalue(:absent) do
provider.destroy
end
defaultto :present
end

Which I admit may (habit|superstition).

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Testing custom types

2011-01-22 Thread donavan 
On Jan 21, 1:17 pm, Matthew Macdonald-Wallace
 wrote:
> Is there a way to test custom types/providers without deploying them to
> a node?
>
> I'm thinking of something along the lines of "puppet --parseonly" or
> similar.
>
> How do others test what they've written, or do you just deploy to a
> staging environment?

Yes?

I have to admit I'm a bit lazy with writing actual rspec tests. My
usual testing order would be `puppet apply /tmp/test.pp`, `cucumber-
puppet features/catalog/foo.catalog`, then finally running it in a
representative test (then staging) environment. I highly recommend
cucumber-puppet, you should be able to inspect the clients catalog for
resources and values.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Multiple Case statements

2011-01-22 Thread donavan 
On Jan 21, 1:55 pm, Felix Frank 
wrote:
> On 01/21/2011 07:31 PM, Jockster wrote:
>
> > I am writing my first module for ntp, I have a few different versions
> > of Linux and also releases. The code worked when I only had one flavor
> > of Linux but now I have four and possibly more flavors. My snippet
> > that doesn't work is as follows; ( I am not even sure this is the
> > route I should be going if anyone has a better way please advise.
> > Thank you in advance)

> But I'm not entirely sure this syntax is valid in variable assignments
> (which is not the same as assigning resource parameter values, is it?)

Yes, selectors are fine for variable assignment. But you seem to be
mixing a case and a selector[1]. Those are similar, but subtly
different.

I'm, *ahem*, just getting home but I think this may do what you're
after?
case $operatingsystem  {
'CentOS','RedHat': {
$ntp_service = $operatingsystemrelease ? {
/5.5|6.0/ => "ntpd"
}
}
'SLES': {
$ntp_service = $operatingsystemrelease ? {
/10.[1-3]|11.[0-1]/ => "ntp"
}
}
}

To reduce that further I might go for something like:
$ntp_service = $operatingsystem ? {
/CentOS|RedHat/ => 'ntpd',
'SLES'  => 'ntp'
}
Deal with the specific versions when you need to . Instead of '5.5' or
'6.0' why not catch all CentOS & RedHat versions?

And, if youre doing that, simply define exceptions and let the rest
fall through to a default value:
$ntp_service = $operatingsystem ? {
'SLES'  => 'ntp',
default => 'ntpd'
}

[1] http://docs.puppetlabs.com/guides/language_tutorial.html#selectors

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Schedules. Who uses them and why?

2011-01-19 Thread donavan 
On Jan 17, 6:38 pm, Nigel Kersten  wrote:
> I'm trying to get a feel for the actual use cases for the Schedule type in
> Puppet.
>
> Anyone care to help me out with some real world examples?

Schedules go great with exported resources. My use case is getting
applied changes on machines A-N because of a resource change on
machine M, which may be exporting only. Using Sshkey as an example a
new machine would cause a thousand other machines in its environment
to update on their next run. Then, on the new machines second run it
updates for its own key. In a busy environment that would pretty much
ensure every run on every host applied changes, which I dont like to
see.

My other example, as people have noted, is to respect maintenance
windows. I can think of httpd virtual hosts, DNS updates, & monitoring
system updates that could be affected by schedules.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Multiple packages installation in one yum call

2011-01-13 Thread donavan 
On Jan 12, 1:45 pm, Stephane  wrote:
> You could do something like following:
> $wantedpackages  = [ "perl-DBI", "perl-DBD-MySQL" ]
> package { $wantedpackages: ensure => installed }
>
> In one call, we install 2 packages.

Stephane, the problem is with requirements inside the rpms. If a.rpm
require b.rpm, and b.rpm requires a.rpm, there's no way to install
those with the puppet Package type currently. Puppet will try to
evaluate both Package[a] and Package[b] separately, calling `rpm -i a`
and then `rpm -i b`. Both of those transactions will fail with missing
dependencies. The mentioned patch would evaluate both resources at the
same time using `rpm -i a b`, which would work.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Multiple packages installation in one yum call

2011-01-11 Thread donavan 
On Jan 11, 3:09 am, Adriana  wrote:
> Hello,
> does anyone know if featurehttp://projects.puppetlabs.com/issues/2198
> had been implemented and how it is possible to use it?

I don't think it's made it into the puppet codebase yet. It should be
pretty simple to run the contributed patch though.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Considerations for puppet/cluster to manage 6000 hosts.

2011-01-11 Thread donavan 
On Jan 11, 2:45 pm, DaveQB  wrote:
> We had trouble scaling with 400+ nodes. Puppet server is a VM on an
> ESX cluster with 3.5GB of ram and 1.5GB of swap but would regularly
> kick in OOM which would kill off most if not all of the 10
> puppetmaster instances.

This is very surprising to me. Is this .24 or .25 per chance serving
large files via the File resource per chance? There were some big
memory improvements in File handling around 2.6.0.

Using 2.6.x, Ruby 1.8.7, Apache 2.2 and passenger I'd expect around
100-200mb usage per process. Even that seems a bit high to me, though
I don't know what's shared and whats resident off hand.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Considerations for puppet/cluster to manage 6000 hosts.

2011-01-11 Thread donavan 
On Jan 11, 1:05 am, Carles Amigó  wrote:
> What data is exactly discarded with "thin" storeconfigs?

Effectively only facts and exported resources are stored for each
node[1]. This is opposed to storing the complete set of resources (and
other stuff?) for each node. For normal puppet usage there's no loss
to using thin_storeconfigs. The full set is useful if you want to
query it as part of an external process. A monitoring or inventory
service, for example.

Bryce F did most of the work that actually made storeconfigs useful.
There are some very good posts on his blog[2].

[1] 
http://docs.puppetlabs.com/references/2.6.3/configuration.html#thinstoreconfigs
[2] http://www.masterzen.fr/tag/storeconfigs/

On Jan 11, 1:47 pm, Adrian Bridgett  wrote:
> It may also be worth looking at some form of improved scheduling in
> order to avoid a thundering herd of requests to your puppetmasters.

Using a cron resource with fqdn_rand() interval works pretty well and
is dead simple. cron { puppet_agent: command => 'puppet agent --
onetime', minute => [fqdn_rand(30), (fqdn_rand(30) + 30)] }

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: race conditions in using "svn update" in puppetmaster's /etc/puppet directory?

2011-01-10 Thread donavan 
On Jan 3, 1:34 pm, James Ralston  wrote:
> So, here's my question: if you are currently using the "svn update"
> approach to manage /etc/puppet on the puppetmaster, have you taken
> conscious steps to help avoid a race condition?

A late vote for Ignore It. At puppet camp SF this came up in two
breakout sessions I was in. As I can recall two large sites had seen
resource/manifest version mismatches occur and ignored the race. Noone
in the room had actually had a serious issue because of this. The
resolution for everyone present was to just let the next run correct
the problem.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Considerations for puppet/cluster to manage 6000 hosts.

2011-01-10 Thread donavan 
On Jan 8, 1:02 pm, trey85stang  wrote:
> I'm trying to get an idea of what kind of backend setup I would need
> to run puppet to manage roughly 6000 hosts.

No one else has asked, but what's the geographic/network distribution
look like?

> I see puppet by iteself is limited to 10-20;  but with mongrel/apache
> that number shoots up but I am not sure by how much?

At puppet camp US I think responses were in the 300-1000 clients/
master range. A dual socket x86_64 whitebox should do at least a few
hundred clients. Masters seem to be CPU bound almost all the time.
Client run interval, catalog size, and storeconfigs are the biggest
factors that come to mind.

> 2. Should I let a high availability apache frontend manage a puppet
> backend?

Using a front end load balancer, Apache or hardware (F5 etc), works
fine. Depending on your DNS control there's also a pending feature to
support SRV records for clients to find masters.

> 3. What is the best way to manage client signing and keeping the pem/
> files in sync across such a backend?

I'd suggest a single/central CA. The certificate signing/creation ties
easily in to the host provisioning (kickstart definition/ec2 setup/
etc) step. Signing on each master works fine, but hinders later
management. The CRL/inventory becomes worthless, for example.

Storeconfigs is a special issue. At puppet camp SF show of hands had
only two large (1000+) sites using store configs. Three or four more
wanted to, but couldnt take the performance hit, as I recall. An SQL
server is required, with postgres mysql & oracle supported IIRC. The
performance requirements for that machine shouldn't be too bad. The
dataset should be in the MB range, easy to keep in memory. Setting
thin_storeconfigs on the masters makes a very large difference in
compilation time. A (very) rough estimate for compilation times of 300
resources: 6s with "full" storeconfigs, 3-4s with 'thin' storeconfigs,
and 2s without.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Exit gracefully

2010-12-21 Thread donavan 
On Dec 21, 4:38 pm, Douglas Garstang  wrote:
> I'd like to be able to put specific modules into 'maintenance' mode if a
> variable has been set. I can check the variable, but the only way I can see
> to have puppet skip processing is to use the fail() function, which stops
> everything with a nasty error message. Is there a return() function or
> similar???
>
> Doug.

There's no way to 'uninclude' a class once it's in the catalog. I'd
probably do this with an include one level up which determines whether
to do the work or not. Does this example make sense?

class service1 {
if $service1_state == "enabled" {
include service1::enabled
} else {
maintenance{ $name: } # $name refers to the class, issue #1104
}
}
class service1::enabled {
# Do actual work here
service { "service1": enabled => true }
}
# just a cheap wrapper to log on both client and server
define maintenance($message="in maintenance mode") {
notify{
"$name": loglevel => 'warning', message => "$name $message"
}
warning("$name $message")
}

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: run without puppet master

2010-12-21 Thread donavan 
On Dec 20, 6:51 am, aaron prayther  wrote:
>
> does anyone have any examples of a "disconnected" configuration, not using a
> puppet master?
>


Aaron,

I know Jordan Sissel[1] runs his deployment very muhc like this.
There's no central puppet master, but packages that install/enforce a
particular configuration. As I recall he has a minimal 'base' set that
is responsible for ensuring a sane puppet environment, self updating,
etc.  Most of the traditional configuration is then managed in a
'content' set.

One immediate difference is that he's trusting the clients to define
which configuration is applied. It sounds like in your instance you'll
have a 'base' catalog with no per node definitions instead.

Matt Robinson also made a very interesting feature[2]. It uses a
puppet master to compile the clients catalog, but then packages the
catalog and all required resources in to a discrete tar file. The tar
is unpacked on the client then applied with a stand alone 'puppet
apply' run. As I recall this feature was actually created for a secure
environment where data had to be physically distributed on media.

Your use case could certainly package & version these complete catalog
sets using RPMs instead of tar.


[1] http://www.semicomplete.com/
[2] https://github.com/puppetlabs/puppet-compile-catalog-with-files

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Template Samples

2010-12-16 Thread donavan 
On Dec 16, 10:51 am, boddiesdrinker  wrote:
> where can i get some template samples that use the function_
> references?
>
> Many Thanks
> Martin

I replied in the other thread. I think you're hitting a bug. But this
is a working template that calls a core function:

<% value = scope.function_fqdn_rand(['10']) -%>
<%= "The random fqdn value is #{value}" %>

And a more complex example that prints a list of lines suitable for /
etc/hosts:

<%# returns a list of other puppet client fqdns %>
<% nodes = scope.function_list_nodes( ["{:classes =>
'puppet::client'}", "fqdn"] ) -%>
<% nodes.each do |fqdn| -%>
<%# lookup ipaddress and hostname of another client %>
<% ipaddr = scope.function_list_fact([fqdn, 'ipaddress']) -%>
<% hostname = scope.function_list_fact([fqdn, 'hostname']) -%>
<%= "#{ipaddr}  #{fqdn}  # {hostname}" %>
<% end -%>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: function_file error

2010-12-16 Thread donavan 
On Dec 16, 10:48 am, boddiesdrinker  wrote:
> The template file has this code:
>
> relay = scope.function_file(["/etc/puppet/secrets/smtp/" + name + "/
> relay"]).chomp
>
> Could it be the form of the file function which has changed?

I've just opened an issue that you may be hitting in 2.6[1]. Does the
puppet master appear to hang before you get the 'undefined method'
error? If you have debug you might see output like this:

debug: Scope(Node[foo.domain.tld]): Retrieving template test.erb
debug: template[/tmp/puppet/templates/test.erb]: Bound template
variables for /tmp/puppet/templates/test.erb in 0.00 seconds
err: Failed to parse template test.erb: undefined method
`function_fqdn_rand' for # at /
tmp/puppet/manifests/site.pp:43 on node foo.domain.tld

If so I believe it may be the same problem .Try using the first
workaround in the ticket, it's a trivial fix for the issue. You'll
need to make sure that the function is called in the manifest before
you parse the template though. Putting something like '$workaround =
file("/etc/puppet/secrets/smtp/relay")' in site.pp should do it.


[1] http://projects.puppetlabs.com/issues/5587

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: function_file error

2010-12-16 Thread donavan 
On Dec 16, 10:48 am, boddiesdrinker  wrote:
> The template file has this code:
>
> relay = scope.function_file(["/etc/puppet/secrets/smtp/" + name + "/
> relay"]).chomp
>
> Could it be the form of the file function which has changed?

According to the docs[1][2] it looks the same. The error you posted
sounds like the puppet master can't find the function/file.rb. It
should be somwhere in the path like "ruby/site_ruby/1.8/puppet/parser/
functions/file.rb". On the master does this manifest work for you with
'puppet apply':

$content = file("/etc/motd")
notify { $content: }


[1] http://docs.puppetlabs.com/references/0.24.5/function.html#file
[2] http://docs.puppetlabs.com/references/2.6.3/function.html#file

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Separating puppetmaster file serving and catalogs

2010-12-16 Thread donavan 
On Dec 16, 1:23 pm, Patrick  wrote:
> > If such an approach is at all possible, the complete implementation
> > would include giving the proxy the means to recognize valid client
> > certificates.
>
> The proxy can and is recognizing valid certificates.  The problem is passing 
> that information on to the puppetmaster because I really don't know how to do 
> that.  I also don't know exactly which headers the puppetmaster uses.
>
> I'm thinking that if I do this, I need to remove the SSL from the file server 
> VirtualHost and just pass the information directly through.
>
> > Even if this should work - is it work all that hassle?
>
> This is a much better question.  I'm going to work on it a little more though.

Have you see the mongrel docs[1]? It's a very similar setup as far as
passing the SSL environment. I believe there are also public docs
about using hardware (f5, etc) load balancers. I know that type of
configuration works as well.

http://projects.puppetlabs.com/projects/1/wiki/Using_Mongrel

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Separating puppetmaster file serving and catalogs

2010-12-16 Thread donavan 
On Dec 16, 8:06 am, Richard Crowley  wrote:
> > Is it possible to have the fileserving subset of puppetmasters running
> > without any SSL support? That's throwing security out of the windows of
> > course, so the proxy should be able to determine (say, by IP rule?) what
> > clients are allowed and which aren't.
>
> This seems like a job for a new file provider.  If memory serves, this
> is more involved than just adding a provider because of something
> about files not working like other resource types.  Bueller?
>

Yes, the File type isn't setup like other type/provider relationships.
Lots (most) of the work is done in the actual file type and it's param
blocks. I think the provider bits are posix & win32, relating to the
destination on the local file system. As I recall.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Prompting fact refresh from Puppet Event

2010-12-16 Thread donavan 
On Dec 15, 6:46 am, Trevor Vaughan  wrote:
> Is is possible to spawn a puppet fact refresh from the completion of an event?

Not that I know of. All of the clients facts are submitted as params
in the initial request for a catalog. There's no client <=> server
feedback loop during catalog compilation.

> The only thing that I could come up with is a custom fact that returns
> the architecture of the installed package and then adjust the path
> based on that.

Yes. That seems like the canonical way to do it.

> However, this takes *two* puppet runs to complete and I would like to
> get this down to one run by prompting a fact refresh after the package
> is installed.

Does it? I thought if you used pluginsync you had those facts
available when you requested the actual catalog. Should take just a
moment to test. Oh, you may be able to use subscribe/notify params to
signal Service[puppet] when your target package is installed. That
would force an immediate reload and run, giving you your fact for
sure.


Is this "3rd party" software installed/managed in the same puppet
catalog as your File[foo.comf]? If so you could get clever with
manifest evaluation order and try to inspect the already defined
Package:

class foo {
include foo::application
include foo::config
}
class foo::config {
require(foo::package)
if defined(Package[foo-x86_64]) or ($foo_fact == 'x86_64')  {
$foo_path = "lib64"
} elsif defined(Package[foo-i686]) or ($foo_fact == 'i686'){
$foo_path = "lib"
} else {
fail("Could not detect a version of Package[foo]. This is
bad.")
}
}

This is probably too clever by half though. And using defined() is
morally wrong 95% of the time. And I'm not positive that the require
will force the manifest eval order in your favor. But if it gets the
job done

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: storeconfig / mysql

2010-12-14 Thread donavan 
On Dec 12, 11:17 pm, walexey  wrote:
> > > Puppet (err): Could not retrieve catalog from remote server: Error 400
> > > on SERVER: Mysql::Error: MySQL server has gone away
>
> > > how can i fix it?
>
> > > wbr, alw
>
> > Would you happen to be running the puppet master(s) in mongrel?
>
> Yes, it runs with mongrel
>
> wbr, alw

It's anecdotal, but we had these same spurious disconnects. Mongrel,
not the activerecord/mysql handler, seemed to be periodically closing
an open mysql connection. When AR went to reuse the existing pooled
connection it would get a RST from the server. Never tracked down
exactly why, but it completely stopped with a change to Passenger.

I'd suggest giving Passenger a try, though I do think it's a poor
answer.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Problem with syntax checking

2010-12-11 Thread donavan 
On Dec 10, 7:15 am, "a.gorodin...@mail.ru" 
wrote:
> Hello!
>
> I'm trying to use pre-commit SVN hook for checking puppet syntax. For
> it I try to use some scripts from this 
> thread:http://groups.google.com/group/puppet-users/browse_thread/thread/50ff...
>
> But when I try some of the scripts I see the common problem,
> expression like this:
> # puppet --parseonly --ignoreimport file.pp
> produces no output, but "file.pp" has a known broken syntax. What I
> need to change in this statement to see information about syntax
> errors at STDOUT?

I think this is an open issue[1] wth 2.6.x that's borked my precommits
also. Looks like it's fixed in the testing branch.

[1] http://projects.puppetlabs.com/issues/5081

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Hudson, manitest and the hostname fact

2010-12-08 Thread donavan 
On Nov 22, 3:06 am, Ramon van Alteren  wrote:
> Hi All,
>
> We're trying to get a hudson build working for our puppet modules by using
> manitest.
>
> So far we've had good progress but right now we're stumped.
> We have a set of manifest/template combinations where the
> manifest code uses the hostname fact to pick a specific template tied to a
> particular hostname.
>
> Not the nicest code..
>
> However when running manitest with a yaml file from one of the target
> servers the manifest fails because the hostname fact is still set to the
> hostname of our hudson machine.
> It appears that the hostname fact is not replaced by the manitest code, but
> we can't figure out why not.
> The fqdn fact is set correctly, we verified that the hostname fact is
> present in the yaml file, it is.
>
> This is the manitest snippet that takes care of overriding the facts based
> on the yaml:
>
>  node = YAML.load_file options[:node]
> 
>  # export all parameters as facter env - overriding our real system values
>  # this also works for external nodes parameters
>  puts "Setting up facts:" if options[:debug]
>  node.parameters.each do |k,v|
>    begin
>      if v.is_a?Array
>        if v.empty?
>              puts "! converting empty array to empty variable" if
> options[:debug]
>          ENV["facter_#{k}"]='EMPTY'
>        else
>              puts "! converting array to joined string" if options[:debug]
>          ENV["facter_#{k}"]=v.join(", ")
>            end
>          else
>        ENV["facter_#{k}"]=v
>          end
>      puts "%s=>'%s'" % [k,ENV["facter_#{k}"]] if options[:debug]
>    rescue
>      warn "! failed to set fact #{k} => '#{v}'" if options[:debug]
>    end
>  end
>
> We put some additional code in there to deal with array based facts, which
> cause the manitest run to fail.
>
> Is there anyone who can shed some light on this or knows the issue ?
>
> We're working with puppet-2.6 and the latest trunk version of manitest.
>
> Any clues would be appreciated.
>
> Ramon

Ramon, did you ever make progress on this?
On your test host is the local puppet.conf parameter node_name set to
'cert'? I may be out of date, but I recall the default values of the
'hostname' 'fqdn' & 'domain' puppet variables would be sourced from
the CN of the local cert. The puppet variable 'hostname' is a bit
different than the others. I think it's assigned using ||= internally,
so your facter fact may not override the existing internal value.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: storeconfig / mysql

2010-12-07 Thread donavan 
On Dec 5, 10:17 pm, walexey  wrote:
> hello!
>
> centos 5.5, puppet 2.6.4, storeconfig, mysql, about150 clients.
> time to time i recive following error:
>
> Puppet (err): Could not retrieve catalog from remote server: Error 400
> on SERVER: Mysql::Error: MySQL server has gone away
>
> how can i fix it?
>
> wbr, alw

Would you happen to be running the puppet master(s) in mongrel?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Number of procs, redux

2010-12-07 Thread donavan 
On Dec 1, 9:40 am, maillis...@gmail.com wrote:
> We upgraded to 2.6.3 and we've suddenly noticed two and sometimes
> three puppet processes frequently running on the clients. Is this
> normal? Is it new to this version or are we
> just noticing it for the first time? Any input is appreciated.

This is abnormal as far as I'm aware. How are you running puppet
agent, daemon or runonce? Can you paste a `ps` of this occurring? Can
you paste a snippet of your client log when this happens?

I can think of a few different scenarios where you'd get this. It
shouldn't cause any problems per se, but it's not correct AFAIK.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: how can i configure expiration time of mysql storeconfig?

2010-12-03 Thread donavan 
On Dec 1, 2:15 am, walexey  wrote:
> Hello everybody!
>
> I use puppet storeconfig for configuring server side of bacula.
> But when i remove one of client node, its information keeps in
> storeconfig db.
> How can i expire it?
>
> wbr, alw

In the meantime theres a contrib script which will purge a host from
storeconfig db: puppetstoredconfigclean.rb[1]. Note that it wont clean
up certs etc.
[1]
http://www.google.com/url?sa=D&q=https://github.com/puppetlabs/puppet/blob/master/ext/puppetstoredconfigclean.rb&usg=AFQjCNGboM_dHLh-QRyHQe4VXViLaNpyaQ

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Thoughts on dropping 0.24.x client support in Puppet 2.7?

2010-11-25 Thread donavan 
On Nov 24, 3:50 pm, Nigel Kersten  wrote:
> I mentioned this in an earlier thread, but here's a dedicated one.
>
> We made a big change between 0.24.x and 0.25.x where we moved from
> XMLRPC to REST.
>
> How do people feel about us dropping all XMLRPC support from 2.7.x,
> such that it only supported Puppet clients 0.25.x and higher?

+1 to dropping .24 and 2.7 interoperability. I don't recall running
mismatched client/server ever being a suggested setup. How many sites
out there are actually running .24 with 2.6, or even .25, as a stable
setup?

People seem to be conflating legacy support with interversion
compatibility. From the Puppet Enterprise announcement I thought it
was clear there was a path for LTS type support.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: best way to test snippets of puppet config

2010-11-23 Thread donavan 
On Nov 22, 3:21 pm, "russell.fulton"  wrote:
> Over the last few weeks I have several times felt the need to test out
> some small snippets of puppet code without having to have them in my
> live system.
>
> At the moment I am doing all my testing by fiddling with file on the
> puppet master and then invoking puppet on one of the clients. There
> must be a better way :)

I suggest taking a look at 'cucumber-puppet'[1]. I'm primarily using
it to test catalog compilation, but you can inspect individual
resources as well.
RI also has some great tools to testing and comparing[2] catalogs. You
can compare changes before you actually apply to 'new' catalog to the
clients.

[1] http://projects.puppetlabs.com/projects/cucumber-puppet
[2] https://github.com/ripienaar/puppet-catalog-diff

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: 2.6.x Ruby DSL

2010-11-23 Thread donavan 
On Nov 22, 10:51 am, Patrick  wrote:
> Just a quick warning, I've found that 2.6.0 is too buggy to be useful, but 
> anything higher worked well for me.

Yes, I'd say the 2.6 branch is looking pretty good. I've been on 2.6.2
+ some HEAD patches in production with no real issues. Haven't looked
at 2.6.3 yet, but I expect that's going to be good as well.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: a dummy question - Could I use regular expression in Package ?

2010-11-23 Thread donavan 
On Nov 21, 6:12 pm, 張旭  wrote:
> I'm a newbie in Puppet.
> I had googled for a while,
> I just wonder if those work ? (syntax below)

There are a couple of points here. If you want to set a default
paramters for a resource[1]:
Package{ provider => yum }

I think 'allowcdrom' parameter is only for 'apt' provider, not yum[2].
You need to explicitly list each resource to manage, no wildcard:
package {
"mysql":
ensure => installed;
 "mysql-devel":
ensure => installed;
 "mysq-serverl":
ensure => installed;
}

However there is a shortcut. If all of the resources have the same
parameters you can specify an array[3] of names:
package {
["mysql", "mysql-devel", "mysq-serverl"]:
ensure => installed;
}

[1] http://docs.puppetlabs.com/guides/language_tutorial.html#resource-defaults
[2] http://docs.puppetlabs.com/references/latest/type.html#package
[3] http://docs.puppetlabs.com/guides/language_tutorial.html#arrays

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: facter fact catalog?

2010-11-21 Thread donavan 
On Nov 21, 7:55 am, Nick  wrote:
> A problem I've run into during my first attempts at writing manifests, is
> knowing what possible facts are available, and for a given fact, what values 
> my
> manifest might encounter.

I use 'default' matches liberally. For required values I throw an
error or warning where a value isn't found. Usually you can set a sane
default inside the resource[1]:
file { 'sshdconfig':
name => $operatingsystem ? {
solaris => '/usr/local/etc/ssh/sshd_config',
default => '/etc/ssh/sshd_config',
},
}

Or when the value must be known to get a functional catalog:
class foo::client {
case $operatingsystem {
'redhat':   { include foo::client::redhat }
'solaris':  { include foo::client::solaris }
default:{ fail( "unsupported operatingsystem
\"$operatingsystem\" ")}
}
}

> Of course, I know that not all facts can be enumerated, but I had expected 
> there
> be a catalog of common facts and their values somewhere, but there seems not 
> to
> be.  The Facter page [1] and API documentation [2] give rather scanty
> information about anything, yet alone list any values.  Ultimately I've been
> forced to search out the source code and infer the values from that.

I'd suggest opening a ticket for the documentation. I think puppetlabs
is making a push to improve the docs, but need tickets to prioritize
work.

> Then there is the question of how consistent the list of facts and their 
> values
> are from version to version of Puppet/Facter. That is even harder to discover
> from the source code.

I've been using puppet since .22 and I can't recall any facts changing
drastically. Usually its simply facts expanding to resolve more
accurate data.

[1] http://docs.puppetlabs.com/guides/language_tutorial.html

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Multiple CA / Puppet master environment

2010-11-17 Thread donavan 
On Nov 17, 6:57 am, CraftyTech  wrote:
> Would there be any issues with stored configs? should I either a)
> Point both masters to the same PuppetDB server (MySql), or b) Setup a
> two way replication between the masters, and connect them individually
> to their respective PuppetDB's..

Storeconfigs with "a bunch" of masters using a single DB server isn't
a problem. You'll need to turn on thin storeconfigs eventually. A few
hundred nodes with a few hundred resources per node is probably the
limit of "thick" storeconfigs. The issue isn't load on the DB server,
that's pretty light. The problem with "thick" storeconfigs is all the
time the masters spent in ActiveRecord land when compiling catalogs.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: puppet +with build support

2010-11-15 Thread donavan 
On Nov 15, 11:11 am, "sanjiv.singh" 
wrote:
> 1) Is there any machnism in which we can select  puppet modules
> according to build number..?

Look at the support for modulepath with multiple environments[1]. You
can set the "environment" value to any string. So you can use revision
numbers or tags [1002, 1003, X, Y] instead of [production, testing,
development] for $environment. This way clients can be tied to a 'tag'
of modules, while defaulting to 'main' path for unknown or unset
"environment"s.

> 2)  Is there any machnism in which we can make puppet modules/ classes
> argumented , so that  it work according to build number ?

Parameterized classes[2] may work for you, depending on what you need.
You could set the $build_version from a customer Facter fact or from
External Node Classifier[3] or LDAP Nodes.

> 3) Have  puppet  inbuild support for versioning ?

Basically it relies on your puppet master manifest & module content to
come from the VCS of your choice. For example /etc/puppet/modules
would be an work directory of svn://puppet/branches/production/puppet/modules/.
You can also track the catalog "version" based on the output of a
script[4]. So you could provide a version based on `svn info /etc/
puppet/`, for example. Be careful that config_version is built on
tracking changes to manifest files. It may miss changes in Resources
collected from storeconfigs, File resources, template content, etc.

> specificaly , i am going through critical time, where i need to
> configure one node  with build number X  for one development
> team ...
> and need to configure second node with build number Y for second
> testing  team.

I think this sounds like setting $environment on a per host basis
using External Nodes.

[1] http://projects.puppetlabs.com/projects/1/wiki/Using_Multiple_Environments
[2] 
http://docs.puppetlabs.com/guides/language_tutorial.html#parameterised-classes
[3] http://docs.puppetlabs.com/guides/external_nodes.html
[4] 
http://docs.puppetlabs.com/references/latest/configuration.html#configversion

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: proper way to purge DB data for retired hosts

2010-11-15 Thread donavan 
On Nov 15, 7:09 am, Christopher McCrory  wrote:
> Hello...
>
>  I've been testing some new servers.  I'm using exported resources for
> several configs (see other email on ssh_known_hosts), including the
> nagios tyoes (very cool!).  Now I need to retire several test servers.
> How do I 'properly' purge the exported data for these test servers from
> the mysql DB on the puppetmaster?
>
> /me not a SQL guru...

Check out puppetstoredconfigclean.rb[1]. That will purge the complete
record of each host from the storeconfig DB.

[1] 
https://github.com/puppetlabs/puppet/blob/master/ext/puppetstoredconfigclean.rb

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Problem with modules

2010-11-11 Thread donavan 
On Nov 11, 2:15 am, Daniel Pittman  wrote:
> Leonko  writes:
>
> I think it is mentioned obliquely a few times, but there certainly isn't
> anywhere super-obvious that explains this feature of manifest auto-loading.

Yes, +1 to an issue for documenting it. That said #5044 is the best
explanation of how autoloading currently works that I've seen.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: syntax for class names

2010-11-11 Thread donavan 
On Nov 11, 2:21 pm, Bruce Richardson  wrote:
>  (I wish Luke had chosen a name other than "class" for Puppet's
> classes; it only confuses people).

Wondering off topic, but my favorite alternate term so far is
"containers". Doesn't confuse people with programming backgrounds as
much. Also implies that they're singletons, to me at least. And I
think we're getting to a point in the DSL where the difference between
definitions and classes is just the singleton aspect.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Disabling Certificates

2010-11-11 Thread donavan 
On Nov 10, 7:42 pm, Derek J. Balling  wrote:
> Has anyone had any luck in actually disabling certificates entirely. Just 
> trust the hostname you get from DNS and treat that info as authoritative.
>
> I'm in the Puppet BoF @ LISA, and (essentially) was told that's never going 
> to happen, even though I have *no* need for the security that the 
> certificates theoretically provide and they get in my way far more often than 
> any alleged "help".
>
> Has anyone managed to just obliterate the whole certificate-nightmare from 
> Puppet? Is there anyone else who thinks they add way more complications than 
> they are worth?
>

Derek,

>From your comment in #3958 I think autosign[1] with "*.domain.tld"
would work for you. There are more complicated methods of supporting
transient hosts, such as in "the cloud", where not even the hostname
is consistent. I suspect that may be more work than you're looking
for.

[1] 
http://projects.puppetlabs.com/projects/puppet/wiki/Certificates_And_Security

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Query facter 'facts' from webapp

2010-11-10 Thread donavan 
On Nov 9, 6:06 am, Pieter Baele  wrote:
> Hi,
>
> I would like to query the puppetmaster (or the puppet nodes...) for some facts
> and display/use these in an external web application (written django)
> using the certificates from Puppet.
>
> What's the correct (nice) way to do this? REST?
> Can I find some code examples for this?
>
> Met vriendelijke groeten,
> Pieter Baelewww.pieterb.be

Pieter, It's not a solution today but it sounds like you're looking
for the Inventory Service[1]. The basic idea is to collect, and
export, the client facts using a REST interface from a central
service. There's a push to get this in to 2.7[2], so some of your work
may be done for you already.

The mcollective registration method also works great, if you want to
go that route.

[1] http://projects.puppetlabs.com/projects/1/wiki/InventoryServiceArchitecture
[2] 
http://groups.google.com/group/puppet-dev/browse_thread/thread/4fa1c3dc34725004/5e822ab9c65dadee

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Patch Management

2010-11-05 Thread donavan 
On Nov 2, 7:26 am, Joel Merrick  wrote:
> Hi Puppeteers!
>
> I've just been speaking to Ohad on #theforeman about package
> management, specifically about generating lists of packages : version
> numbers across the estate for things like patch management.

Hi Joel,

It's not really an answer but there was related talk at puppetcamp.
One of the ideas from puppetlabs was integration between package
management databases and puppets resource modeling. I don't think
there were any detailed plans, but I imagine it would make your query
requirements pretty easy.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Templates VS static files

2010-10-25 Thread donavan 
On Oct 25, 8:12 am, Alaric  wrote:
>   Are there any pro/cons to using templates exclusively?
>

Besides the already mentioned there are some security issues with
using the file server from puppet. Richard Crowley covered this a bit
in his puppetcamp talk[1]. He also distributes all of his configs in
the catalog, so there's an example of production. On the downside your
catalog will get pretty big. I can say that you shouldn't have any
problems at 300Kb, at least. I'd be wary of getting too much bigger
than that.

[1] http://rcrowley.org/talks/puppet-camp-2010/#1

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Templates VS static files

2010-10-25 Thread donavan 
On Oct 25, 11:13 am, "R.I.Pienaar"  wrote:
> In this scenario puppetd will use the old catalog BUT it will still fetch
> files with source from the master.

This is also possible during your VCSs 'update' if /etc/puppet is a
workdir. This came up at puppet camp, and I think two groups mentioned
seeing this actually happen in production. In both cases puppetd just
corrected it on the next run.

> I've often campaigned for a catalog that combines files and everything else
> into one artifact but I think we're some way off from realising that still.

>From the description I think #4817 implements this? I haven't even
looked at the code though, so reality may vary.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: serialized or limited parallelism

2010-10-12 Thread donavan 
On Oct 11, 2:09 pm, Philip Brown  wrote:
> Is there any pre-existing functionality in puppet, to allow limiting
> parallelism?

There's nothing inherent in puppet, besides the 'splay' options. The
other common solution is to use the $rand_from_fqdn custom Fact
pattern. That said puppet nodes typically won't know of the existence/
state of other nodes.

> So I ideally would like some kind of puppet mechanism that says,
> "run this script... but only if there are less than 10 other machines
> doing the same thing at this particular moment)"

I think this is a different tool, which I use mcollective for.
Capturing registration metadata is pretty simple, see R.Is suggestion.
For orchestrating concurrent actions look at 'mc-puppetd runall' for
an example. It runs puppetd on all of the available nodes with a
specified concurrency. Writing your own version of that plugin should
be trivial.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Using puppet to update itself

2010-10-10 Thread donavan 
On Oct 8, 1:18 pm, Disconnect  wrote:
> We just use packages:
>  package { "puppet": ensure => latest }

Seconded, mostly. We target specific versions, and test in a lab
first, but self upgrades work. We've gone through up, and down, grades
of multiple versions of .24, .25, and 2.6. In every case that I can
recall we just let puppet update itself without incident.

Typically we'll fork off a puppetmaster, then update to the target rev
& module/manifests. Next all of the regular puppetmasters run against
the fork and upgrade. Then clients start checking in and upgrading.
Downgrades are pretty much just the opposite. A key point is
controlling who upgrades when, typically just needs a case/selector
based on role/puppetclass.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: ERB / Tagging...

2010-08-07 Thread donavan 
On Aug 6, 8:50 am, CraftyTech  wrote:
> So, should the exporting
> of the necessary values be done in the same class as the collection,
> or should I just outline it on my default node definition.  Here's
> what I have so far (and it's not working):

Your example is pretty close. I don't see an obvious reason for it to
fail.

I think you may into two issues in general. Nodes with both
'webserver' & 'mailserver' would export duplicate Host resources. That
gets solved if you move the @@host to a third class and pass
variables, but now you're compile order dependent. Setting
puppetvariables (in manifest) or detecting based on class seems
difficult/unreliable. The best solution for you may be a fact or
variable on your nodes describing which "group" they're part of.

node web {
$group = ["web"]
include webserver
include host::collect
}
node webmail {
$group = ["web", "mail"]
include webserver
include mailserver
include host::collect
}
class webserver { include host::export }
class mailserver{ include host::export }
class host::export  { @@host{ "$fqdn": ip => $ipaddress, host_aliases
=> $hostname, tag => $group } }
class host::collect { Host <<| tags == $group |>> }

> Another thing, how do I ensure that the contents of "file" are what
> was collected via the "Host" collection?  If someone has a similar
> scenario running, please share your ideas...

There's no need for the 'file { "/etc/hosts": }' resource. The Host
Type should take care of that. For example 'hosts' may be stored in a
different location or format.

I do it a bit differently. Only nodes with "important" classes export
their entries. All nodes will collect all relevant entries. This
should work as an example.

node dns1 {
$location = ["chicago"]
include dns
include host::collect
}
node ldap1 {
$location = ["chicago"]
include ldap
include host::collect
}
node admin1 {
$location = ["austin"]
include dns
include ldap
include host::collect
}
node db1 {
$location = ["austin"]
include host::collect
}
node db2 {
$location = ["chicago"]
include host::collect
}

class dns   { include host::export }
class ldap  { include host::export }
class host::export  { @@host{ "$fqdn": ip => $ipaddress, host_aliases
=> $hostname, tag => $location } }
class host::collect { Host <<| tags == $location |>> }

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Test if stored config is enabled?

2010-08-05 Thread donavan 
On Aug 4, 2:33 am, dom  wrote:
> anyone?  anyone?  (bueller?  bueller?)
>
> are there internal puppet variables or some such that show puppet
> state/config that can be interrogated in a manifest?  any other way of
> telling if storedconfig is enabled?

I've never tried, so I dont know if there's a righter way to do it.
You may be able to access the config information from a rvalue
function inside your manifest. Take a look at
Puppet.settings[:storeconfigs]. As I recall here are different
settings for different sections of your config though. You should be
able to poke around at Puppet.settings from IRB. Take a look at the
scripts in contrib to get there.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: strange string in /etc/shadow

2010-06-16 Thread donavan 
On Jun 15, 8:24 pm, "Gus F."  wrote:
> It is happening on 0.25.5-1 server, but so far I have only seen the
> problem on 0.24.X clients.  I don't have an 0.25.4 master to test
> against, but at any rate I am unable to reproduce the problem.  The
> problem seems to have occurred in a relatively small time across the
> affected clients, and hasn't happened again (yet).

Sounds like the same setup here. We're in the middle of transitioning,
masters are .25.5 and clients .24.8. Wasn't able to reproduce, and a
very low occurrence rate. I only see one failure in the past ~6 hours.
Maybe a dozen for the entire day. And that's at ~1400 puppetruns/hr.

Nigel,
Doesnt look like an issue with Concat define. This is a straight File
resource here:

file {
"/etc/mail":
owner => "root", mode => 0755, group => "root", ensure => 
directory;
}

Wed Jun 16 00:00:42 -0700 2010 //#/
File[/etc/mail] (err): Failed to retrieve current state of resource:
can't convert YAML::Syck::BadAlias into Integer
Wed Jun 16 00:00:42 -0700 2010 //#/
Remotefile[/etc/mail/sendmail.cf]/File[/etc/mail/sendmail.cf]
(notice): Dependency file[/etc/mail] has 1 failures
Wed Jun 16 00:00:42 -0700 2010 //#/
Remotefile[/etc/mail/sendmail.cf]/File[/etc/mail/sendmail.cf]
(warning): Skipping because of failed dependencies
Wed Jun 16 00:00:42 -0700 2010 //#/
Remotefile[/etc/mail/aliases]/File[/etc/mail/aliases] (notice):
Dependency file[/etc/mail] has 1 failures
Wed Jun 16 00:00:42 -0700 2010 //#/
Remotefile[/etc/mail/aliases]/File[/etc/mail/aliases] (warning):
Skipping because of failed dependencies

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: strange string in /etc/shadow

2010-06-15 Thread donavan 
On Jun 15, 2:39 pm, "Gus F."  wrote:
> I am using puppet (version 0.25.5-1.e15 for redhat) for password
> management for non-system users. This morning,  users on some of my
> puppet clients had their encrypted password strings in /etc/shadow
> replaced with the following string:
>
> YAML::syck::BadAlias

Whoa. I just saw this on a .24.8 client for the first time today. I
poked at it for a few minutes and couldnt reproduce, so I shrugged it
off.

This is what I found in syslog:
puppetd: Starting catalog run
puppetd: (//#/File[/usr/local/bin/
concatfragments.sh]) Failed to retrieve current state of resource:
can't convert YAML::Syck::BadAlias into Integer
puppetd: (//#/Concat[/etc/
filename.txt]/Exec[concat_/etc/filename.txt]) Dependency file[/usr/
local/bin/concatfragments.sh] has 1 failures
puppetd: (//#/Concat[/etc/
filename.txt]/Exec[concat_/etc/filename.txt]) Skipping because of
failed dependencies
puppetd: (//#/Concat[/etc/
filename.txt]/File[/etc/filename.txt]) Dependency file[/usr/local/bin/
concatfragments.sh] has 1 failures
puppetd: (//#/Concat[/etc/
filename.txt]/File[/etc/filename.txt]) Skipping because of failed
dependencies
puppetd: Finished catalog run in 9.82 seconds

> What could have caused this?

+1 to this. Where to even look?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Nagios hostgroups

2010-06-15 Thread donavan 
On Jun 14, 11:07 pm, Gabriel Filion  wrote:
> bug or missing feature.. I haven't tried it with 0.25.5, though. I'm on
> Debian unstable, using the puppet/puppetmaster packages, so the version
> is 0.25.4
>
> should I open a bug report about this?

Take a look on puppet-dev group and the issues db. If there's nothing
found I'd just open a bug. Worst case it's a no action and youre in
the same spot.

> Interesting. I'll try this out in the next few days and give you
> feedback on whether this workaround does the job.

If you use a variable, like $nagios_hostgroups, you may also need to
specify the namespace. As an example ${nagios::nagios_hostgroups}
provides a way to access your variable from any other class. Don't
recall how that works with templates though.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Nagios hostgroups

2010-06-14 Thread donavan 
On Jun 12, 1:09 pm, Gabriel Filion  wrote:
> I tested giving a list of strings to the "hostgroups" attribute to the
> nagios_host resource but it only considers the first element of the list.

Something like this?:
nagios_host {
 "$fqdn":
  address => "$ipaddress",
  hostgroups => ["group1", "group2"]
}

I haven't tried what youre doing, but sounds like it might be a Type/
Provider bug.

> Is there a way to "collect" unique group names for a single host and to
> concatenate the final result in a comma separated string? The purpose of
> this would be to make modules add nagios groups to the hosts if they
> have those services installed.

You might be able to use a template or function to join() your array.

class bar{
  $nagios_hostgroups += ["group1"]
}

class foo {
 include bar
 $nagios_hostgroups += ["group2"]
 nagios_host {
  "$fqdn":
   address => "$ipaddress",
   hostgroups => template("join_hostgroups.erb")
 }
}

join_host_groups.erb:
<%= nagios_hostgroups.join(',') %>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Overriding user attributes

2010-06-14 Thread donavan 
On Jun 14, 1:14 pm, Brian Gallew  wrote:
> class jboss {
>   include users
>   User["java"]{home => "/home/app1"
>   realize(User["java"])}
>
> where java is declared in
>
> class users {
>   @user{"java": uid=500, gid=501}
>
> }

Brian,

I'm still in .24.8 land, so some of this is WAG.
For your stated example the error means you need to use 'class jboss
inherits users { }'[1]. This puts your Class[jboss] resources in the
right scope so you can redefine existing resources from Class[users].
The existing 'include users' will add that puppetclass, and resources,
to your node but you aren't in the correct scope to redefine them.

You might also try #1088[2] style collections, with overrides[3]. I
haven't used these, but I think you'd do something like:

class users {
 @user{ "java": uid => 500, gid => 500 }
}

class jboss {
 include users
 User <| name == "java" |> { home => "/home/app1" }
}

class notjboss {
 include users
 User <| name == "java" |> { home => "/home/app2" }
}

[1] http://docs.reductivelabs.com/guides/language_tutorial.html#classes
[2] http://projects.puppetlabs.com/issues/1088
[3] http://docs.reductivelabs.com/guides/exported_resources.html

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: FYI: Mac Configuration Management at the Los Alamos National Laboratory white paper

2010-06-08 Thread donavan 
On Jun 5, 2:31 pm, Chuck  wrote:
> I am currently using passenger and puppet 0.25.5 on RHEL 5.4
>
> I am looking to support 3000 - 4000 nodes in the up coming years.
>   2000 nodes in one data center
>   500 nodes in each of three more data centers (1500 nodes)

> I am currently worried about scalability as the number of modules and
> clients on my puppet server increases.  I am planning on locating at
> least one puppet server in each of the 4 data centers.

Chuck,

Performance wise 500 clients should easily by served from a single 4
core 4Gb server. From my rough performance tests each one of those
servers should be able to service ~1500+ clients. With regards to
client catalog complexity my quoted numbers are with 50 classes & 300
resources per client, using storeconfigs.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: puppetqd and remote mysql server

2010-06-08 Thread donavan 

On Jun 7, 1:00 pm, Christopher Johnston  wrote:
> Think I found the issue from an strace, the rubygems-sqlit3 rpm was
> missing.. still curious on where the logs end up for it though.  The fact
> that its using sqllite also doesn't help as I think I am running into
> locking issues if I try to run a cross environment update.


Chris, were you using sqlite or mysql as the backend store when you
had issues?

Evaluating remote sites with central storeconfigs is on the todo list
for me. Currently have it working just peachy with mysql, straight
storeconfig no puppetqd.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Puppet AIX contributions and small AIX nfs mountpoint snippet

2010-06-08 Thread donavan 

On Jun 8, 2:39 am, Héctor Rivas  wrote:
> Is there anybody working extending puppet for AIX?
> How is the best way to share our improvements and colaborate?

Hector,

I believe Andrew Forgue did a lot (all?) of the existing AIX work. You
can see an example here http://projects.puppetlabs.com/issues/2864.

Most of the development work is hosted github.com, as far as I know.
Someone over on http://groups.google.com/group/puppet-dev/ should be
able to point you to a Getting Started type doc.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Multiple Puppet Servers

2010-05-14 Thread donavan 
On May 14, 1:39 pm, Ken  wrote:
> Also I just realised - if the client does it using SRV with weights
> and priorities - you get global server load balancing built in. Cool
> bananas.
>
> ken.

That exact functionality is actually a big benefit to me. As an
example we have multiple geo locations, with each location having 1+
room. Getting the global availability is very nice. I'd certainly like
to avoid the tricks that can be played with Anycast and dynamic DNS
views.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: multiple OS support conventions?

2010-05-14 Thread donavan 
On May 12, 1:03 am, Rohan McGovern  wrote:
> I've been doing it like this, for an example module
> named "baselayout":
>
>  modules/baselayout/manifests/init.pp:
>
>     import "*"
>     class baselayout {
>       case $operatingsystem {
>         Darwin:   { include baselayout::mac }
>         OpenSuSE: { include baselayout::suse }
>       }
>     }
>
>  modules/baselayout/manifests/mac.pp:
>
>     class baselayout::mac {
>        ...
>     }
>
>  modules/baselayout/manifests/suse.pp:
>
>     class baselayout::suse {
>        ...
>     }
>
>  ... etc.  I've just started, so there could be problems with this I
> haven't hit yet.

+1 on this method. I handle it pretty much the same way. The
difference would be using a modulename::base class for all of the
common setup. Depending on the specific child classes they can then
inherit modulename::base or include it. A simple exmaple can be seen
in the Camp to Camp augeas module[1]. In general I try to avoid using
parameter selectors for this type of customization.

[1] 
http://github.com/camptocamp/puppet-augeas/blob/master/manifests/classes/augeas.pp

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Multiple Puppet Servers

2010-05-14 Thread donavan 
On May 13, 10:53 pm, Abhishek  wrote:
> Hi,
>
> Is there any way to define multiple puppet servers in client
> configuration so that if my one puppet server is down then my
> production config changes can be applied from other puppet server. I
> am using apache and Mongrel for puppet load balancing.

I've been waiting for http://projects.puppetlabs.com/issues/1866
(Support for specification of multiple servers). 3669 looks to
duplicate a lot of the functionality. The obvious difference being
static config or SRV records providing the list of available hosts.
Personally I'd be pleased with either one.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: ldap node attributes containing dash ( - )

2010-05-07 Thread donavan 
On May 7, 1:16 pm, "Jesús M. Navarro" 
wrote:
> Won't use the ${variable-name} version do the trick?
> Cheers.

I tried that initially, but it wouldn't pass --parseonly (.24.8) so I
didn't commit it. Let me check manually..
Yeah, parseonly and actual catalog compilation both fail:

err: Could not parse for environment production: Could not match '$
{dns-ns}' at init.pp:38

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: ldap node attributes containing dash ( - )

2010-05-07 Thread donavan 
On May 6, 4:31 pm, donavan  wrote:
> Am I missing some clever way to use variables containing a dash in the
> name?
>
> We're using LDAP nodes I may have a node like this example:
..
> And I'd like to access 'console-port' as a variable in a manifest.

Reading over I realize this may not be clear to people not using
LdapNodes[1]. "All attributes on the LDAP nodes are assigned as
variables in the Puppet configuration". This gives you puppet
variables like $ipHostNumber for free.

I have an LDAP attribute I need to check from inside my manifest. The
issue is the attribute name contains a dash. So I can't use the
regular semantics of $ to access it. Any way to get
this attribute without a hacky function/template?

[1] http://projects.puppetlabs.com/projects/puppet/wiki/Ldap_Nodes

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: ldap node attributes containing dash ( - )

2010-05-07 Thread donavan 
On May 6, 5:46 pm, Trevor Vaughan  wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> I don't think that ruby itself allows variables with dashes in the name
> since it will probably interpret them as minus signs and try to
> interpret the variables around the symbol.

Right. Which is why, in ActiveLdap for example, I would have to use a
string with the hash access method:

>> ns01.cn
=> "ns01.domain.com"
>> ns01.dns-ns
NoMethodError: undefined method `dns' for #
>> ns01["cn"]
=> "ns01.domain.com"
>> ns01["dns-ns"]
=> "10041801"

And in other cases I could use the instance_variable_get method to
pull it out:

>> ns01.instance_variable_get("@data")["dns-ns"]
=> ["10041801"]

But I don't have either of those from a manifest. So I can
trysomething like get_var[1]. I was just hoping someone out there had
a cleaner work around for me.

[1] http://projects.puppetlabs.com/projects/puppet/wiki/Ldap_Nodes

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] ldap node attributes containing dash ( - )

2010-05-06 Thread donavan 
Am I missing some clever way to use variables containing a dash in the
name?

We're using LDAP nodes I may have a node like this example:

dn: cn=ns01.domain.com,cn=machines,o=domain
cn: ns01.domain.com
objectClass: top
objectClass: puppetClient
ipHostNumber: 192.201.112.90
parentnode: basenode-without-autofs
puppetclass: default_access
console-port: 7...@cyclada4

And I'd like to access 'console-port' as a variable in a manifest. In
ruby land I end up resorting to stupid tricks like
instance_variable_get('@console-port') or ['console-port'] to get
this.

Any suggestions besides a hackier implementation of get_var() function?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Managing producton & backup datacenter

2010-05-06 Thread donavan 
> Can you please explain this method a bit more, for the
> unexperienced like me?
>
> Showing the actual code would be great, if it's possible.

Sure, I assume you mean the exported resource part. Using
storeconfigs[1] it's possible to exchange information between nodes.
Brice has some great explanations on his blog[2]. This example, using
concat[3] should give you an idea:

class dns::resolver {
 # create a file fragment pointing to this node
 @@concat::fragment{
  "resolv.conf_${fqdn}":
   target => "/etc/resolv.conf",
   order => 10,
   content => "nameserver\t$ipaddress\t# $fqdn\n",
   tag => $location;
 }
}

class dns::client {
 # concat teh fragments into the target file
 concat{"/etc/resolv.conf": }
 # insert a local fragment with search domain
 concat_fragment{
  "resolv.conf_search":
   target => "/etc/resolv.conf",
   order => 05,
   content => "search\tdomain.com\n"
 }
 # "realize" (retrieve) Concat_fragment resources provided by other
nodes in the same $location
 Concat_fragment <<| tag = $location |>>
}

I also tested using native types like Host and Augeas. Both worked
fine as far as I could see. For resources like /etc/resolv.conf you
may want to include a safe default entry in dns::client. That could
help protect against no available dns::resolver nodes, for example.

[1] 
http://projects.reductivelabs.com/projects/puppet/wiki/Using_Stored_Configuration
[2] http://www.masterzen.fr/2009/08/08/storeconfigs-use-cases/
[3] 
http://www.devco.net/archives/2010/02/19/building_files_from_fragments_with_puppet.php

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Managing producton & backup datacenter

2010-05-05 Thread donavan 
> > But for more sophisticated puppet setups - what are your ways to determine
> > which environment you are in.
>
> I wrote a custom fact, location, that embeds all the logic in a tiny bit of
> custom Ruby.  (In fact, it just grabs the hostname, domain, and IP address,
> then uses a tiny bit of logic to select between them.)

Same sort of solution here. I made a location fact that maps primary
ipaddress subnet to a descriptive location string.

>From there I went a different route than the extlookup() + case
method. I ended up using exported resources with 'tag => $location'
and '<<| tag = $location |>>' on the client side. If a resource
doesn't have a native Type I used the same technique with the concat
module.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: mcollective scalability

2010-05-05 Thread donavan 
> 2000 nodes certainly is within my goals with the design, that said there has 
> not been such a big deploy.

We've got 500+ nodes on mcollective currently. Nothing special as far
as setup, a few of the contrib agents and few more in house agents.
Nodes are primarily split between two buildings connected by gigE. 95%
response from mc-ping is 300ms, average 200ms.

I'm expecting at least 1000 nodes in three geo areas by the end of the
year. My todo list for this summer has federating some more activemqs
into the setup.

> You'd probably want a few activemq instances in a cluster in such a setup, 
> though I've heard of much larger client counts on activemq.

The above all runs off of a single activemq server currently. Quad
core xeon w/ 3gb ram sitting at 99% idle.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Default Gateway facter problems

2010-04-20 Thread donavan 
On Apr 19, 10:09 pm, Daniel Pittman  wrote:
> So, a simple "gateway" fact is essentially meaningless for our network; this
> is probably true of at-least-some machines on at-least-some large networks.
>
> (So, while your fact is meaningful, it isn't a generic "gateway" fact :)

> This can return multiple results, trivially, even on a simple network where
> you have multiple definitions in /etc/network/interfaces; it breaks in the
> face of network mapping, or of having two NICs with gateway statements.

When I made up my sites broadcast fact I solved it in a manner like
interfaces.rb. Essentially there are multiple "broadcast_$interface"
facts, and while creating these the interface associated with
"ipaddress" also sets the "broadcast" fact as primary.

Moving on to the gateway fact; I think a trivial solution is to use
your array of gateways to create a series of "gateway_$n"[1] facts. If
you can detect a default then that can be "gateway". Given I haven't
looked at this exact problem yet, so I could be overlooking the hard
bits.

[1] I could have *sworn* Facter::Util had a method for exactly this,
but now I don't see it of course.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: File Size

2010-04-07 Thread donavan 
On Apr 7, 8:56 am, Seeker  wrote:
> Hi all, Just wondering, is there a limit on the file size that you can
> transfer with PUPPET.
>
> Thank you all

As others have mentioned Puppet is pretty inefficient with file
transfers currently. Our rule of thumb limit File resources to less
than a meg. Tens of megs should work fine, but there are the memory
issues currently. Brice Figureau is doing some good work[1] to clean
this area up. He also has a great post on his blog[2] that covers the
subject in some detail.

[1] http://projects.puppetlabs.com/issues/3373
[2] http://www.masterzen.fr/2010/01/28/puppet-memory-usage-not-a-fatality/

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Better exported key value system?

2010-04-03 Thread donavan 
Let's start with two example problems:
1) Select the first available value in an address space. For example
openldap syncrepl rid, "ID uniquely identifying the replica .. an
integer which has no more than three decimal digits"[1].
2) Selecting a sticky "random" value from an array of values. In this
example choosing an available server(s) to query for directory
services. Reselection should be limited to a change in array size, or
possibly selected value deletion.

I've got this mostly 'solved' using a combination of exported files, a
lookup function, and a temp variable. But it seems awfully hacky and
wasteful. The problems seems close to RI Pienaars extlookup[2], or
Lukes data loading system[3], or even concatenated file fragments. The
key difference from [2] and [3] is that my source data is dynamically
generated by other nodes. Has anyone solved a similar issue? Or see a
good path to take on this?

So my current 'solution' in quick psuedo manifest:

class openldap::replica {
File <<| tag == $ldap_cluster |>>
file { "/var/puppet/lib/ldap_replicas": ensure => directory, purge
=> true; }
@@file{ "/var/puppet/lib/ldap_replicas/$fqdn": content =>
$ldap_rid, tag => $ldap_cluster }
$ldap_rid = ext_lookup("ldap_replicas", "available")
augeas {"slapd.conf_rid": changes => "set /files/etc/openldap/
slapd.conf/syncrepl/rid $ldap_rid" }
}

And what I think it might look like. This could be as simple as
defines, or an actual Type and a function that starts poking into the
compiler/catalog.

@@dkv_put{ $fqdn: key => "ldap_rid", value => $ldap_rid, tag =>
$ldap_cluster }
$ldap_rid = dkv_get( key => "ldap_rid", sort => "available", count =>
"1", tag => $ldap_cluster )

[1] http://www.openldap.org/doc/admin22/syncrepl.html
[2] http://www.devco.net/archives/2009/08/31/complex_data_and_puppet.php
[3] http://projects.reductivelabs.com/issues/2953

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: facter or ifconfig to find hosts with ip on certain subnet

2010-03-29 Thread donavan 
On Mar 28, 8:47 pm, deet  wrote:
>   I like the idea of accessing this information through facter instead
> of needlessly running ifconfig again.

Indeed. Take a look at the facter libraries, they're quite readable
overall. Plenty of good bits in 'facter/util' that you can use also.

>  Is their any "standard" location to put a config.yml file like in
> your above example? Or just where ever I happen to store config files
> at my location? I think i'll extend your example for default gateway
> lookups.

I think /usr/local/etc/ is pretty standard for configs that aren't
supplied by the base os. If they're specific to a single program you
could also see "/usr/local/$program/". Check 'man hier' of your
platform of choice for more info. In my case we're using config.yml to
store all those site common settings that usually get embedded into 10
different scripts and then forgotten.

Ive done similar facts for providing gateway & broadcast addresses
based on existing facts. Those were used for dhcp servers to
automagically build dhcp.conf settings for attached networks. Let me
know if you have any questions.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: facter or ifconfig to find hosts with ip on certain subnet

2010-03-26 Thread donavan 
> host has one).  I've not ventured down the custom fact road before so
> this should be an little adventure.

Your version certainly will work. I think this is how I might take a
stab at it though:

require 'facter'
require 'ipaddr'
require 'yaml'

Facter.add("nsd_gateway") do
setcode do
begin
interfaces = Facter.value(:interfaces).split(',')
nsd_gateway = nil
interfaces.each do |iface|
next unless (address =
Facter.value("ipaddress_#{iface}"))
YAML::load(File.open('/usr/local/etc/config.yml'))
['nsd_networks'].each do |net|
net = IPAddr.new(net)
nsd_gateway = address if net.include?(address)
end
end
nsd_gateway
end
end
end


Where your '/usr/local/etc/config.yml' file contains a definition of
your nsd_networks:
---
nsd_networks:
- 14.1.22.0/24
- 19.7.28.0/24
- 15.0.8.0/24


> Thanks for the alternate idea on using templating to solve the
> problem.  I had not thought of that approach!

No problem. I can't envision it offhand, but you *might* also be able
to do it in a define. But youve already solved it for now.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: facter or ifconfig to find hosts with ip on certain subnet

2010-03-26 Thread donavan 
>    And I want to say something like (pseudo code)
>   if network_* = 10.55.12.0
>   then
>   static route magic here

>From this example you're trying to detect it any interface is on the
10.55.12.0 network, correct? Are you also trying to match a set of
networks (10.55.12.0, 10.55.13.0, etc) with different behaviour for
each network?

Are you looking for a custom fact that will report a magic keyword?
What Ashley posted is, conceptually, the same as a 'location' fact I
made for work. It maps the nodes primary ipaddress to a string
physical location. Extending that to check if any interface matches is
pretty trivial.

You could also assign the output of a template to a variable, then
evaluate that. There are examples in Puppet_Templating on the wiki
that seem pretty similar.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Package Providers for OD X Server

2010-03-21 Thread donavan 
Sorry for the late reply. I hadn't noticed your response.

> How are you running the puppetmasters Donovan? Passenger?
>
> I'd like us to have a nice simple install for people wanting to run
> the server on OS X. I have a script around somewhere that will create
> a Passenger pkg from the source tarball, and that seemed to work fine
> with the built in Apache.

It's a bit fuzzy, but I recall some annoying issue with using
passenger. We're currently using apache2 as a proxy to mongrel. We
haven't had any issues with mongrel that I can recall.

> I'm not doing much OS X Server these days, but I wonder if there's any
> hope of getting a decent serveradmin type together for OS X Server
> management

Certainly seems possible. A quick poke around and we should be able to
drive servermgrd locally. /usr/share/servermgrd/cgi-bin/ looks like
it's all symlinks back to /usr/sbin/serveradmin. An xml/plist lib and
popen() should do the trick.

Do know of an existing type that supports the same type of
functionality? At first glance the closest thing looks like augeas.
The serveradmin services look like augeas lenses to me. In which case
serveradmin may just be a provider for the augeas type?

Anyways, I know we'd certainly use a serveradmin provider/type. Right
now it's a lot of exec trickery and munging of plists & configs. Off
the top of my head we're using that model to drive OSX smb & OD
servers.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Package Providers for OD X Server

2010-03-17 Thread donavan 
At work we have three puppetmasters running on OSX 10.5. I hate to say
it, but it came down to custom packages. We're using encap to deploy
across 3 different OSs for all the site common bits.

Other than the packaging the other bits of apple sauce to tackle were
service management & bizzaro configs. We also have plenty of exec{}s
to serveradmin, which I havent gotten back to. augeas should help
tackle the misc configs.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.