[Puppet Users] Re: Nodes graphs
On Apr 3, 10:10 am, Jean Baptiste FAVRE wrote: > But I would like to highlight nodes dependenxies as well. > Is there any way to get a global "node-centric" graph ? > If yes, how: server-side, client-side, both ? You might want to try this on puppet-dev. As far as I recall there's no network graph representing node interactions. I think this is on the ToDo list. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Propagating local config changes from a client to the puppetmaster
On Mar 2, 5:52 pm, Patrick Connolly wrote: > Any thoughts? I like the Git idea, and might pursue that, but wondering if > anyone has input :) If you're on EL you may want to look at cft[1]. I thought I saw mention of work to bring ti to Deb based distros as well. I haven't actually used it, but looks like the poor cousin of DevStructure Blueprint. [1] http://cft.et.redhat.com/ -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Test driven manifests?
On Feb 25, 4:24 pm, Dan Bode wrote: > this is what cucumber-puppet does. > > https://github.com/nistude/cucumber-puppet I'll second cucumber-puppet. Being able to verify catalog compilation is a great step. Beyond that you can test resources for the catalogs as well. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet 2.6 Environments
I suspect you're hitting #3910, or a variant. It's possible for the master and client to disagree on the clients environment. The client will always request file paths based on it's concept of environment, regardless of what the master/catalog/external node classifier defines. Remove $environment from your source parameters, it's already baked in to the actual request URI. On your puppet clients try to specify the desired environment: 'puppet agent -t --environment pax_prod' If that works a template for puppet.conf with something like this may help: [main] environment = <%= $environment %> If that's not the issue I'd look at fileserver.conf or access.conf settings next. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppetmaster/Amazon EC2/DNS
On Feb 23, 1:25 pm, Brice Figureau wrote: > I unfortunately didn't had time to work on my network device framework > for more than a month. I expect to resume this work soon :) I know what that's like. That aws code has been sitting since the beginning of January. > I'm not sure it will be generic enough to support what you want to do, > but that'd be a great opportunity to generalize it :) Sure. I recall a lot of overlap in the NetworkDevice class that you were basing on. The thing that really killed my provider was serialized actions at internet latencies. The paradigm of batch fetching the status, updating hashed instances, then flushing changes seemed to be a smarter way forward. Route 53 also happened to map on to your "network" components as well. I have sets of credentials with many domains (devices), with many hosts (interfaces). -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppetmaster/Amazon EC2/DNS
I actually made a type and provider for managing Route 53 entries a while back[1]. I was putting off publishing it until I could rewrite it based on Brices network device framework. If other people people could find something like this useful I can clean it up to work with the current 2.6/2.5 and push to github. [1] http://www.strewth.org/words/2011/02/managing-amazon-route-53-with-puppet/ -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Error 400 on SERVER: Could not intern from yaml: can't convert Symbol into String
On Feb 15, 5:21 pm, Patrick wrote: > Does anyone have a guess if this bug is in the client, the master, or > dashboard? My report value is "reports = http, store". If the error was > originally from dashboard, would the master have failed to save the file > because the order matters? I've seen this previously. I ended up noticing this in interactive tests, and when some clients would go "stale". Looking at debug the error was only with storing the report on the server, the client was fine otherwise. I only use "reports = http", so I;m not sure if you'd have the "store" copy. Didn't look in much detail as, IIRC, it was fixed shortly after I noticed. I think it was recently fixed in one of the 2.6.x minor releases, 2.6.4 maybe?. Looking at changelog would be a good starting place to narrow it down more. Depending on how you run the master (webrick, passenger, etc) you should have a better error message there. Unfortunately some of the error logs arent time stamped so it requires guesstimation. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Trigger an event after a puppet run
On Feb 16, 3:38 am, "Derek J. Balling" wrote: > > size = self.logs.size > > if size == 0 then > > system "/usr/lib/nagios/eventhandlers/submit_puppet_result > > " + ip + " puppet-report 0 \"There has been no change\"" > > else > > system "/usr/lib/nagios/eventhandlers/submit_puppet_result > > " + ip + " puppet-report 2 \"There have been " + size.to_s + " > > changes\"" > > end > > end > > end > > This seems, at face value, to only be reporting upward "change/no-change" > type of thing. > > I'm not at all "ruby-ready" as it were, in terms of programming skill, but it > occurs to me that I can think of other conditions I'd be interested in > reporting upward (syntax or other errors in the catalog received, or anything > really, which causes a cached catalog to be used). > > Is there some easy way to add that functionality into this script? Off hand you may be interested in the metrics portion of the report. Something like metrics["changes"][:failed] would give you access to any resources that failed to apply. I don't recall how/if actual catalog failures are show in reports. A syntax error, for example, happens on the master and is presented to the client as a server error. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: reduced "verbose" output
On Feb 15, 1:27 pm, David Bishop wrote: > In a perfect world, we could have three possible "verbosity" levels: > > 1) Only show errors (failures to compile the catalog, "fails", etc) > > 2) #1 + all changes (Anything "notice", in a normal --test run), but > without the diffs that you would normally get or anything "info" level. > > 3) The full output (What you get with --verbose now) including info > (loading custom facts, diffs to changed files, etc). > David, I got a bit sidetracked there. Puppet logs with the standard syslog levels internally[2]. The 'agent' application only accepts switches for the 'debug' and 'info' levels currently[3]. I suspect that most of the internal actions are debug/info/warn/err, so there's probably not enough variance. Currently you're looking at all this through the :console log destination[4]. A new destination that outputs structured data may do what you want too. Then you could call -- logdest json and parse that back on the mc agent. Sending a copy of the 'report' metrics back to the mc client is probably the best way to get what you want. Then your clients can filter what they care about. For that you;d need a new terminus besides 'rest'. If there's not an open RFE for this I'd open one. Looks like #4712 [5] may be related. [2] lib/puppet/util/log.rb [3] lib/puppet/application/agent.rb#setup_logs [4] lib/puppet/util/log/destinations.rb [5] http://projects.puppetlabs.com/issues/4712 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: reduced "verbose" output
On Feb 15, 1:27 pm, David Bishop wrote: > Does this sound reasonable? Is it currently possible (and if so, > pointers are welcome!)? If I could make my trained developer monkey do > the actual work, would patches implementing this be accepted? You may also be interested in the --summarize option if you're catching stdout. As far as I know transaction reports are only serialized and sent to the server[1]. The server is what actually processes the 'reports' config parameter. I'd really like alternate agent report methods as well. I think you'd be well served by outputting structured 'report' data from the agent. Emitting something like @metrics.to_json and then catching it with 'reply[:output] = JSON.parse(%x[#{@puppetd} --onetime -- reports=json,rest])' would be swell. [1] lib/puppet/application/agent.rb: Puppet::Transaction::Report.terminus_class = :rest -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Keeping a directory clean at top level
On Feb 15, 10:04 am, Rich Rauenzahn wrote: > Say we have a directory called /FOO-- we want to only have in it what > puppet puts into it. ... > puppet resource file /tmp/empty_me ensure=directory purge=true > source=/tmp/empty recurse=true recurselimit=1 force=true I use this pattern myself, something like file { "/tmp/test": ensure => directory, purge => true, recurse => true, recurselimit => 1, force => true; "/tmp/test/foo": ensure => directory; } For your particular case I suspect it's because your using the resource application, instead of agent or apply. The applied catalog doesn't have any other managed resources. Using the above snippet /tmp/ test/foo is ignored as a managed resource and can contain anything. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: convert yum repos into manifest
On Feb 8, 4:30 pm, Michael Knox wrote: > Try ralsh yumrepo > > Just discovered that ralsh can even use custom types out of my modules > ... cool Yup. You can do some really cool things with custom types and providers: tmp donavanm$ sudo puppet resource route53 route53 { 'foo.strewth.org.': ensure => 'present', value => ['192.168.0.1'], rtype => 'A', zone => 'strewth.org.', ttl => '360' } -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: accessing puppet config variables inside a manifest
On Jan 31, 10:09 am, Nan Liu wrote: > On Mon, Jan 31, 2011 at 9:06 AM, Gabriel Filion wrote: > Yeah, that would make manifests a lot more flexible. Here's a function > that should work for this purpose and potentially other puppet > configuration variables as well: You can also wedge this in to an inline template like: inline_template('<%= Puppet.settings[:vardir] %>') The first (large) caveat is that this checks the setting on the puppet master. I'm not sure if you want the value from the client. If so I suspect you'd need to create a facter fact that parsed your puppet.conf. I'm also not sure on the best way to access Puppet settings. It's been a while since I've done this off hand. I know (previously?) settings could be accessed differently based on their section(s) in puppet.conf. [master] and [main] may have different settings, for example. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet delegation / teams
On Jan 31, 3:05 am, Pieter Baele wrote: > - doing some sort of check if their recipes / templates work. A stronger check than --parseonly is to use a tool like cucumber- puppet. It's very simple to verify that a nodes catalog can actually compile, not just parse. Additionally you can do things like inspect final resources to verify any required parameters. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Tell puppetmaster to restart
On Jan 26, 4:16 am, JupiterMoonBeam wrote: > However, there's a delay of one run between changes (as the repo gets > updated but the current run is still under the old config). Is there > anyway of getting puppet to rerun with the new config when the repo > changes? As Daniel mentioned it isn't possible to apply that new information inside the current catalog. However you may be able to fake it. Are you running puppet agent as a daemon or a cronjob? If it's resident as a service you can signal puppet to restart itself: vcsrepo { 'puppet-production': notify => Service['puppet'] } As I recall it will exit part way through the current run, restart, request a new catalog, and run again. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Provider requires package to work
On Jan 26, 9:20 pm, donavan wrote: > A common pattern to work around this is to use a 'boot strap' when > provisioning a node. This boot strap only contains enough resources to > get the machine, and puppet, to a workable state. After that a second > 'full' run is done which applies the typical catalog. To implement > this I prefer just using tags, though I know others have used stages > and environments as well. Forgot to mention there's an open issue where plugins, like providers, aren't synced if you use --tags with puppet agent. A simple work around is to use a 'full' run with --noop, which will sync plugins but not apply resources: puppet agent -t --noop # gets plugins, facts, etc puppet agent -t --tags boot_strap # install minimal resources like resolv.conf & Package[bind-utils] puppet agent -t # 'full' run which applies everything else. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Provider requires package to work
On Jan 26, 1:58 am, Jakub Pastuszek wrote: > > Is it possible to tell Puppet to ensure a package is installed before > using a custom provider that needs it for operation? > Or I need to make sure that base OS contains all the commands that any > provider may ever need? I seem to recall that this is a known issue, but not solved yet. I'd suggest reposting to puppet-dev. A common pattern to work around this is to use a 'boot strap' when provisioning a node. This boot strap only contains enough resources to get the machine, and puppet, to a workable state. After that a second 'full' run is done which applies the typical catalog. To implement this I prefer just using tags, though I know others have used stages and environments as well. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Check version of installed RPM
On Jan 24, 5:07 am, Jonathan Gazeley wrote: > Hi all, > > Is there a way to use the Package type to find the version number of an > installed RPM? Have you seen 'ralsh', or 'puppet resource'[1]? You can use these interactively to interrogate the state of a system, 'puppet resource package foo'. I don't recall if the common Package providers ouput more than 'ensure => absent|present". It's up to your provider (rpm, fbsd, etc) to provide the state information in it's instances method. I imagine many will only test presence, for speed. It should perfectly reasonable to fork and create your own copy of the provider that queries for versions etc. [1] http://docs.puppetlabs.com/guides/tools.html#puppet-resource-or-ralsh -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: help writing types/provider
On Jan 21, 11:13 am, Dick Davies wrote: > ensurable do > defaultto 'present' > end I've always specified the methods: ensurable do newvalue(:present) do provider.create end newvalue(:absent) do provider.destroy end defaultto :present end Which I admit may (habit|superstition). -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Testing custom types
On Jan 21, 1:17 pm, Matthew Macdonald-Wallace wrote: > Is there a way to test custom types/providers without deploying them to > a node? > > I'm thinking of something along the lines of "puppet --parseonly" or > similar. > > How do others test what they've written, or do you just deploy to a > staging environment? Yes? I have to admit I'm a bit lazy with writing actual rspec tests. My usual testing order would be `puppet apply /tmp/test.pp`, `cucumber- puppet features/catalog/foo.catalog`, then finally running it in a representative test (then staging) environment. I highly recommend cucumber-puppet, you should be able to inspect the clients catalog for resources and values. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Multiple Case statements
On Jan 21, 1:55 pm, Felix Frank wrote: > On 01/21/2011 07:31 PM, Jockster wrote: > > > I am writing my first module for ntp, I have a few different versions > > of Linux and also releases. The code worked when I only had one flavor > > of Linux but now I have four and possibly more flavors. My snippet > > that doesn't work is as follows; ( I am not even sure this is the > > route I should be going if anyone has a better way please advise. > > Thank you in advance) > But I'm not entirely sure this syntax is valid in variable assignments > (which is not the same as assigning resource parameter values, is it?) Yes, selectors are fine for variable assignment. But you seem to be mixing a case and a selector[1]. Those are similar, but subtly different. I'm, *ahem*, just getting home but I think this may do what you're after? case $operatingsystem { 'CentOS','RedHat': { $ntp_service = $operatingsystemrelease ? { /5.5|6.0/ => "ntpd" } } 'SLES': { $ntp_service = $operatingsystemrelease ? { /10.[1-3]|11.[0-1]/ => "ntp" } } } To reduce that further I might go for something like: $ntp_service = $operatingsystem ? { /CentOS|RedHat/ => 'ntpd', 'SLES' => 'ntp' } Deal with the specific versions when you need to . Instead of '5.5' or '6.0' why not catch all CentOS & RedHat versions? And, if youre doing that, simply define exceptions and let the rest fall through to a default value: $ntp_service = $operatingsystem ? { 'SLES' => 'ntp', default => 'ntpd' } [1] http://docs.puppetlabs.com/guides/language_tutorial.html#selectors -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Schedules. Who uses them and why?
On Jan 17, 6:38 pm, Nigel Kersten wrote: > I'm trying to get a feel for the actual use cases for the Schedule type in > Puppet. > > Anyone care to help me out with some real world examples? Schedules go great with exported resources. My use case is getting applied changes on machines A-N because of a resource change on machine M, which may be exporting only. Using Sshkey as an example a new machine would cause a thousand other machines in its environment to update on their next run. Then, on the new machines second run it updates for its own key. In a busy environment that would pretty much ensure every run on every host applied changes, which I dont like to see. My other example, as people have noted, is to respect maintenance windows. I can think of httpd virtual hosts, DNS updates, & monitoring system updates that could be affected by schedules. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Multiple packages installation in one yum call
On Jan 12, 1:45 pm, Stephane wrote: > You could do something like following: > $wantedpackages = [ "perl-DBI", "perl-DBD-MySQL" ] > package { $wantedpackages: ensure => installed } > > In one call, we install 2 packages. Stephane, the problem is with requirements inside the rpms. If a.rpm require b.rpm, and b.rpm requires a.rpm, there's no way to install those with the puppet Package type currently. Puppet will try to evaluate both Package[a] and Package[b] separately, calling `rpm -i a` and then `rpm -i b`. Both of those transactions will fail with missing dependencies. The mentioned patch would evaluate both resources at the same time using `rpm -i a b`, which would work. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Multiple packages installation in one yum call
On Jan 11, 3:09 am, Adriana wrote: > Hello, > does anyone know if featurehttp://projects.puppetlabs.com/issues/2198 > had been implemented and how it is possible to use it? I don't think it's made it into the puppet codebase yet. It should be pretty simple to run the contributed patch though. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Considerations for puppet/cluster to manage 6000 hosts.
On Jan 11, 2:45 pm, DaveQB wrote: > We had trouble scaling with 400+ nodes. Puppet server is a VM on an > ESX cluster with 3.5GB of ram and 1.5GB of swap but would regularly > kick in OOM which would kill off most if not all of the 10 > puppetmaster instances. This is very surprising to me. Is this .24 or .25 per chance serving large files via the File resource per chance? There were some big memory improvements in File handling around 2.6.0. Using 2.6.x, Ruby 1.8.7, Apache 2.2 and passenger I'd expect around 100-200mb usage per process. Even that seems a bit high to me, though I don't know what's shared and whats resident off hand. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Considerations for puppet/cluster to manage 6000 hosts.
On Jan 11, 1:05 am, Carles Amigó wrote: > What data is exactly discarded with "thin" storeconfigs? Effectively only facts and exported resources are stored for each node[1]. This is opposed to storing the complete set of resources (and other stuff?) for each node. For normal puppet usage there's no loss to using thin_storeconfigs. The full set is useful if you want to query it as part of an external process. A monitoring or inventory service, for example. Bryce F did most of the work that actually made storeconfigs useful. There are some very good posts on his blog[2]. [1] http://docs.puppetlabs.com/references/2.6.3/configuration.html#thinstoreconfigs [2] http://www.masterzen.fr/tag/storeconfigs/ On Jan 11, 1:47 pm, Adrian Bridgett wrote: > It may also be worth looking at some form of improved scheduling in > order to avoid a thundering herd of requests to your puppetmasters. Using a cron resource with fqdn_rand() interval works pretty well and is dead simple. cron { puppet_agent: command => 'puppet agent -- onetime', minute => [fqdn_rand(30), (fqdn_rand(30) + 30)] } -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: race conditions in using "svn update" in puppetmaster's /etc/puppet directory?
On Jan 3, 1:34 pm, James Ralston wrote: > So, here's my question: if you are currently using the "svn update" > approach to manage /etc/puppet on the puppetmaster, have you taken > conscious steps to help avoid a race condition? A late vote for Ignore It. At puppet camp SF this came up in two breakout sessions I was in. As I can recall two large sites had seen resource/manifest version mismatches occur and ignored the race. Noone in the room had actually had a serious issue because of this. The resolution for everyone present was to just let the next run correct the problem. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Considerations for puppet/cluster to manage 6000 hosts.
On Jan 8, 1:02 pm, trey85stang wrote: > I'm trying to get an idea of what kind of backend setup I would need > to run puppet to manage roughly 6000 hosts. No one else has asked, but what's the geographic/network distribution look like? > I see puppet by iteself is limited to 10-20; but with mongrel/apache > that number shoots up but I am not sure by how much? At puppet camp US I think responses were in the 300-1000 clients/ master range. A dual socket x86_64 whitebox should do at least a few hundred clients. Masters seem to be CPU bound almost all the time. Client run interval, catalog size, and storeconfigs are the biggest factors that come to mind. > 2. Should I let a high availability apache frontend manage a puppet > backend? Using a front end load balancer, Apache or hardware (F5 etc), works fine. Depending on your DNS control there's also a pending feature to support SRV records for clients to find masters. > 3. What is the best way to manage client signing and keeping the pem/ > files in sync across such a backend? I'd suggest a single/central CA. The certificate signing/creation ties easily in to the host provisioning (kickstart definition/ec2 setup/ etc) step. Signing on each master works fine, but hinders later management. The CRL/inventory becomes worthless, for example. Storeconfigs is a special issue. At puppet camp SF show of hands had only two large (1000+) sites using store configs. Three or four more wanted to, but couldnt take the performance hit, as I recall. An SQL server is required, with postgres mysql & oracle supported IIRC. The performance requirements for that machine shouldn't be too bad. The dataset should be in the MB range, easy to keep in memory. Setting thin_storeconfigs on the masters makes a very large difference in compilation time. A (very) rough estimate for compilation times of 300 resources: 6s with "full" storeconfigs, 3-4s with 'thin' storeconfigs, and 2s without. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Exit gracefully
On Dec 21, 4:38 pm, Douglas Garstang wrote: > I'd like to be able to put specific modules into 'maintenance' mode if a > variable has been set. I can check the variable, but the only way I can see > to have puppet skip processing is to use the fail() function, which stops > everything with a nasty error message. Is there a return() function or > similar??? > > Doug. There's no way to 'uninclude' a class once it's in the catalog. I'd probably do this with an include one level up which determines whether to do the work or not. Does this example make sense? class service1 { if $service1_state == "enabled" { include service1::enabled } else { maintenance{ $name: } # $name refers to the class, issue #1104 } } class service1::enabled { # Do actual work here service { "service1": enabled => true } } # just a cheap wrapper to log on both client and server define maintenance($message="in maintenance mode") { notify{ "$name": loglevel => 'warning', message => "$name $message" } warning("$name $message") } -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: run without puppet master
On Dec 20, 6:51 am, aaron prayther wrote: > > does anyone have any examples of a "disconnected" configuration, not using a > puppet master? > Aaron, I know Jordan Sissel[1] runs his deployment very muhc like this. There's no central puppet master, but packages that install/enforce a particular configuration. As I recall he has a minimal 'base' set that is responsible for ensuring a sane puppet environment, self updating, etc. Most of the traditional configuration is then managed in a 'content' set. One immediate difference is that he's trusting the clients to define which configuration is applied. It sounds like in your instance you'll have a 'base' catalog with no per node definitions instead. Matt Robinson also made a very interesting feature[2]. It uses a puppet master to compile the clients catalog, but then packages the catalog and all required resources in to a discrete tar file. The tar is unpacked on the client then applied with a stand alone 'puppet apply' run. As I recall this feature was actually created for a secure environment where data had to be physically distributed on media. Your use case could certainly package & version these complete catalog sets using RPMs instead of tar. [1] http://www.semicomplete.com/ [2] https://github.com/puppetlabs/puppet-compile-catalog-with-files -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Template Samples
On Dec 16, 10:51 am, boddiesdrinker wrote: > where can i get some template samples that use the function_ > references? > > Many Thanks > Martin I replied in the other thread. I think you're hitting a bug. But this is a working template that calls a core function: <% value = scope.function_fqdn_rand(['10']) -%> <%= "The random fqdn value is #{value}" %> And a more complex example that prints a list of lines suitable for / etc/hosts: <%# returns a list of other puppet client fqdns %> <% nodes = scope.function_list_nodes( ["{:classes => 'puppet::client'}", "fqdn"] ) -%> <% nodes.each do |fqdn| -%> <%# lookup ipaddress and hostname of another client %> <% ipaddr = scope.function_list_fact([fqdn, 'ipaddress']) -%> <% hostname = scope.function_list_fact([fqdn, 'hostname']) -%> <%= "#{ipaddr} #{fqdn} # {hostname}" %> <% end -%> -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: function_file error
On Dec 16, 10:48 am, boddiesdrinker wrote: > The template file has this code: > > relay = scope.function_file(["/etc/puppet/secrets/smtp/" + name + "/ > relay"]).chomp > > Could it be the form of the file function which has changed? I've just opened an issue that you may be hitting in 2.6[1]. Does the puppet master appear to hang before you get the 'undefined method' error? If you have debug you might see output like this: debug: Scope(Node[foo.domain.tld]): Retrieving template test.erb debug: template[/tmp/puppet/templates/test.erb]: Bound template variables for /tmp/puppet/templates/test.erb in 0.00 seconds err: Failed to parse template test.erb: undefined method `function_fqdn_rand' for # at / tmp/puppet/manifests/site.pp:43 on node foo.domain.tld If so I believe it may be the same problem .Try using the first workaround in the ticket, it's a trivial fix for the issue. You'll need to make sure that the function is called in the manifest before you parse the template though. Putting something like '$workaround = file("/etc/puppet/secrets/smtp/relay")' in site.pp should do it. [1] http://projects.puppetlabs.com/issues/5587 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: function_file error
On Dec 16, 10:48 am, boddiesdrinker wrote: > The template file has this code: > > relay = scope.function_file(["/etc/puppet/secrets/smtp/" + name + "/ > relay"]).chomp > > Could it be the form of the file function which has changed? According to the docs[1][2] it looks the same. The error you posted sounds like the puppet master can't find the function/file.rb. It should be somwhere in the path like "ruby/site_ruby/1.8/puppet/parser/ functions/file.rb". On the master does this manifest work for you with 'puppet apply': $content = file("/etc/motd") notify { $content: } [1] http://docs.puppetlabs.com/references/0.24.5/function.html#file [2] http://docs.puppetlabs.com/references/2.6.3/function.html#file -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Separating puppetmaster file serving and catalogs
On Dec 16, 1:23 pm, Patrick wrote: > > If such an approach is at all possible, the complete implementation > > would include giving the proxy the means to recognize valid client > > certificates. > > The proxy can and is recognizing valid certificates. The problem is passing > that information on to the puppetmaster because I really don't know how to do > that. I also don't know exactly which headers the puppetmaster uses. > > I'm thinking that if I do this, I need to remove the SSL from the file server > VirtualHost and just pass the information directly through. > > > Even if this should work - is it work all that hassle? > > This is a much better question. I'm going to work on it a little more though. Have you see the mongrel docs[1]? It's a very similar setup as far as passing the SSL environment. I believe there are also public docs about using hardware (f5, etc) load balancers. I know that type of configuration works as well. http://projects.puppetlabs.com/projects/1/wiki/Using_Mongrel -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Separating puppetmaster file serving and catalogs
On Dec 16, 8:06 am, Richard Crowley wrote: > > Is it possible to have the fileserving subset of puppetmasters running > > without any SSL support? That's throwing security out of the windows of > > course, so the proxy should be able to determine (say, by IP rule?) what > > clients are allowed and which aren't. > > This seems like a job for a new file provider. If memory serves, this > is more involved than just adding a provider because of something > about files not working like other resource types. Bueller? > Yes, the File type isn't setup like other type/provider relationships. Lots (most) of the work is done in the actual file type and it's param blocks. I think the provider bits are posix & win32, relating to the destination on the local file system. As I recall. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Prompting fact refresh from Puppet Event
On Dec 15, 6:46 am, Trevor Vaughan wrote: > Is is possible to spawn a puppet fact refresh from the completion of an event? Not that I know of. All of the clients facts are submitted as params in the initial request for a catalog. There's no client <=> server feedback loop during catalog compilation. > The only thing that I could come up with is a custom fact that returns > the architecture of the installed package and then adjust the path > based on that. Yes. That seems like the canonical way to do it. > However, this takes *two* puppet runs to complete and I would like to > get this down to one run by prompting a fact refresh after the package > is installed. Does it? I thought if you used pluginsync you had those facts available when you requested the actual catalog. Should take just a moment to test. Oh, you may be able to use subscribe/notify params to signal Service[puppet] when your target package is installed. That would force an immediate reload and run, giving you your fact for sure. Is this "3rd party" software installed/managed in the same puppet catalog as your File[foo.comf]? If so you could get clever with manifest evaluation order and try to inspect the already defined Package: class foo { include foo::application include foo::config } class foo::config { require(foo::package) if defined(Package[foo-x86_64]) or ($foo_fact == 'x86_64') { $foo_path = "lib64" } elsif defined(Package[foo-i686]) or ($foo_fact == 'i686'){ $foo_path = "lib" } else { fail("Could not detect a version of Package[foo]. This is bad.") } } This is probably too clever by half though. And using defined() is morally wrong 95% of the time. And I'm not positive that the require will force the manifest eval order in your favor. But if it gets the job done -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: storeconfig / mysql
On Dec 12, 11:17 pm, walexey wrote: > > > Puppet (err): Could not retrieve catalog from remote server: Error 400 > > > on SERVER: Mysql::Error: MySQL server has gone away > > > > how can i fix it? > > > > wbr, alw > > > Would you happen to be running the puppet master(s) in mongrel? > > Yes, it runs with mongrel > > wbr, alw It's anecdotal, but we had these same spurious disconnects. Mongrel, not the activerecord/mysql handler, seemed to be periodically closing an open mysql connection. When AR went to reuse the existing pooled connection it would get a RST from the server. Never tracked down exactly why, but it completely stopped with a change to Passenger. I'd suggest giving Passenger a try, though I do think it's a poor answer. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Problem with syntax checking
On Dec 10, 7:15 am, "a.gorodin...@mail.ru" wrote: > Hello! > > I'm trying to use pre-commit SVN hook for checking puppet syntax. For > it I try to use some scripts from this > thread:http://groups.google.com/group/puppet-users/browse_thread/thread/50ff... > > But when I try some of the scripts I see the common problem, > expression like this: > # puppet --parseonly --ignoreimport file.pp > produces no output, but "file.pp" has a known broken syntax. What I > need to change in this statement to see information about syntax > errors at STDOUT? I think this is an open issue[1] wth 2.6.x that's borked my precommits also. Looks like it's fixed in the testing branch. [1] http://projects.puppetlabs.com/issues/5081 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Hudson, manitest and the hostname fact
On Nov 22, 3:06 am, Ramon van Alteren wrote: > Hi All, > > We're trying to get a hudson build working for our puppet modules by using > manitest. > > So far we've had good progress but right now we're stumped. > We have a set of manifest/template combinations where the > manifest code uses the hostname fact to pick a specific template tied to a > particular hostname. > > Not the nicest code.. > > However when running manitest with a yaml file from one of the target > servers the manifest fails because the hostname fact is still set to the > hostname of our hudson machine. > It appears that the hostname fact is not replaced by the manitest code, but > we can't figure out why not. > The fqdn fact is set correctly, we verified that the hostname fact is > present in the yaml file, it is. > > This is the manitest snippet that takes care of overriding the facts based > on the yaml: > > node = YAML.load_file options[:node] > > # export all parameters as facter env - overriding our real system values > # this also works for external nodes parameters > puts "Setting up facts:" if options[:debug] > node.parameters.each do |k,v| > begin > if v.is_a?Array > if v.empty? > puts "! converting empty array to empty variable" if > options[:debug] > ENV["facter_#{k}"]='EMPTY' > else > puts "! converting array to joined string" if options[:debug] > ENV["facter_#{k}"]=v.join(", ") > end > else > ENV["facter_#{k}"]=v > end > puts "%s=>'%s'" % [k,ENV["facter_#{k}"]] if options[:debug] > rescue > warn "! failed to set fact #{k} => '#{v}'" if options[:debug] > end > end > > We put some additional code in there to deal with array based facts, which > cause the manitest run to fail. > > Is there anyone who can shed some light on this or knows the issue ? > > We're working with puppet-2.6 and the latest trunk version of manitest. > > Any clues would be appreciated. > > Ramon Ramon, did you ever make progress on this? On your test host is the local puppet.conf parameter node_name set to 'cert'? I may be out of date, but I recall the default values of the 'hostname' 'fqdn' & 'domain' puppet variables would be sourced from the CN of the local cert. The puppet variable 'hostname' is a bit different than the others. I think it's assigned using ||= internally, so your facter fact may not override the existing internal value. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: storeconfig / mysql
On Dec 5, 10:17 pm, walexey wrote: > hello! > > centos 5.5, puppet 2.6.4, storeconfig, mysql, about150 clients. > time to time i recive following error: > > Puppet (err): Could not retrieve catalog from remote server: Error 400 > on SERVER: Mysql::Error: MySQL server has gone away > > how can i fix it? > > wbr, alw Would you happen to be running the puppet master(s) in mongrel? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Number of procs, redux
On Dec 1, 9:40 am, maillis...@gmail.com wrote: > We upgraded to 2.6.3 and we've suddenly noticed two and sometimes > three puppet processes frequently running on the clients. Is this > normal? Is it new to this version or are we > just noticing it for the first time? Any input is appreciated. This is abnormal as far as I'm aware. How are you running puppet agent, daemon or runonce? Can you paste a `ps` of this occurring? Can you paste a snippet of your client log when this happens? I can think of a few different scenarios where you'd get this. It shouldn't cause any problems per se, but it's not correct AFAIK. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: how can i configure expiration time of mysql storeconfig?
On Dec 1, 2:15 am, walexey wrote: > Hello everybody! > > I use puppet storeconfig for configuring server side of bacula. > But when i remove one of client node, its information keeps in > storeconfig db. > How can i expire it? > > wbr, alw In the meantime theres a contrib script which will purge a host from storeconfig db: puppetstoredconfigclean.rb[1]. Note that it wont clean up certs etc. [1] http://www.google.com/url?sa=D&q=https://github.com/puppetlabs/puppet/blob/master/ext/puppetstoredconfigclean.rb&usg=AFQjCNGboM_dHLh-QRyHQe4VXViLaNpyaQ -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Thoughts on dropping 0.24.x client support in Puppet 2.7?
On Nov 24, 3:50 pm, Nigel Kersten wrote: > I mentioned this in an earlier thread, but here's a dedicated one. > > We made a big change between 0.24.x and 0.25.x where we moved from > XMLRPC to REST. > > How do people feel about us dropping all XMLRPC support from 2.7.x, > such that it only supported Puppet clients 0.25.x and higher? +1 to dropping .24 and 2.7 interoperability. I don't recall running mismatched client/server ever being a suggested setup. How many sites out there are actually running .24 with 2.6, or even .25, as a stable setup? People seem to be conflating legacy support with interversion compatibility. From the Puppet Enterprise announcement I thought it was clear there was a path for LTS type support. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: best way to test snippets of puppet config
On Nov 22, 3:21 pm, "russell.fulton" wrote: > Over the last few weeks I have several times felt the need to test out > some small snippets of puppet code without having to have them in my > live system. > > At the moment I am doing all my testing by fiddling with file on the > puppet master and then invoking puppet on one of the clients. There > must be a better way :) I suggest taking a look at 'cucumber-puppet'[1]. I'm primarily using it to test catalog compilation, but you can inspect individual resources as well. RI also has some great tools to testing and comparing[2] catalogs. You can compare changes before you actually apply to 'new' catalog to the clients. [1] http://projects.puppetlabs.com/projects/cucumber-puppet [2] https://github.com/ripienaar/puppet-catalog-diff -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: 2.6.x Ruby DSL
On Nov 22, 10:51 am, Patrick wrote: > Just a quick warning, I've found that 2.6.0 is too buggy to be useful, but > anything higher worked well for me. Yes, I'd say the 2.6 branch is looking pretty good. I've been on 2.6.2 + some HEAD patches in production with no real issues. Haven't looked at 2.6.3 yet, but I expect that's going to be good as well. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: a dummy question - Could I use regular expression in Package ?
On Nov 21, 6:12 pm, 張旭 wrote: > I'm a newbie in Puppet. > I had googled for a while, > I just wonder if those work ? (syntax below) There are a couple of points here. If you want to set a default paramters for a resource[1]: Package{ provider => yum } I think 'allowcdrom' parameter is only for 'apt' provider, not yum[2]. You need to explicitly list each resource to manage, no wildcard: package { "mysql": ensure => installed; "mysql-devel": ensure => installed; "mysq-serverl": ensure => installed; } However there is a shortcut. If all of the resources have the same parameters you can specify an array[3] of names: package { ["mysql", "mysql-devel", "mysq-serverl"]: ensure => installed; } [1] http://docs.puppetlabs.com/guides/language_tutorial.html#resource-defaults [2] http://docs.puppetlabs.com/references/latest/type.html#package [3] http://docs.puppetlabs.com/guides/language_tutorial.html#arrays -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: facter fact catalog?
On Nov 21, 7:55 am, Nick wrote: > A problem I've run into during my first attempts at writing manifests, is > knowing what possible facts are available, and for a given fact, what values > my > manifest might encounter. I use 'default' matches liberally. For required values I throw an error or warning where a value isn't found. Usually you can set a sane default inside the resource[1]: file { 'sshdconfig': name => $operatingsystem ? { solaris => '/usr/local/etc/ssh/sshd_config', default => '/etc/ssh/sshd_config', }, } Or when the value must be known to get a functional catalog: class foo::client { case $operatingsystem { 'redhat': { include foo::client::redhat } 'solaris': { include foo::client::solaris } default:{ fail( "unsupported operatingsystem \"$operatingsystem\" ")} } } > Of course, I know that not all facts can be enumerated, but I had expected > there > be a catalog of common facts and their values somewhere, but there seems not > to > be. The Facter page [1] and API documentation [2] give rather scanty > information about anything, yet alone list any values. Ultimately I've been > forced to search out the source code and infer the values from that. I'd suggest opening a ticket for the documentation. I think puppetlabs is making a push to improve the docs, but need tickets to prioritize work. > Then there is the question of how consistent the list of facts and their > values > are from version to version of Puppet/Facter. That is even harder to discover > from the source code. I've been using puppet since .22 and I can't recall any facts changing drastically. Usually its simply facts expanding to resolve more accurate data. [1] http://docs.puppetlabs.com/guides/language_tutorial.html -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Multiple CA / Puppet master environment
On Nov 17, 6:57 am, CraftyTech wrote: > Would there be any issues with stored configs? should I either a) > Point both masters to the same PuppetDB server (MySql), or b) Setup a > two way replication between the masters, and connect them individually > to their respective PuppetDB's.. Storeconfigs with "a bunch" of masters using a single DB server isn't a problem. You'll need to turn on thin storeconfigs eventually. A few hundred nodes with a few hundred resources per node is probably the limit of "thick" storeconfigs. The issue isn't load on the DB server, that's pretty light. The problem with "thick" storeconfigs is all the time the masters spent in ActiveRecord land when compiling catalogs. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: puppet +with build support
On Nov 15, 11:11 am, "sanjiv.singh" wrote: > 1) Is there any machnism in which we can select puppet modules > according to build number..? Look at the support for modulepath with multiple environments[1]. You can set the "environment" value to any string. So you can use revision numbers or tags [1002, 1003, X, Y] instead of [production, testing, development] for $environment. This way clients can be tied to a 'tag' of modules, while defaulting to 'main' path for unknown or unset "environment"s. > 2) Is there any machnism in which we can make puppet modules/ classes > argumented , so that it work according to build number ? Parameterized classes[2] may work for you, depending on what you need. You could set the $build_version from a customer Facter fact or from External Node Classifier[3] or LDAP Nodes. > 3) Have puppet inbuild support for versioning ? Basically it relies on your puppet master manifest & module content to come from the VCS of your choice. For example /etc/puppet/modules would be an work directory of svn://puppet/branches/production/puppet/modules/. You can also track the catalog "version" based on the output of a script[4]. So you could provide a version based on `svn info /etc/ puppet/`, for example. Be careful that config_version is built on tracking changes to manifest files. It may miss changes in Resources collected from storeconfigs, File resources, template content, etc. > specificaly , i am going through critical time, where i need to > configure one node with build number X for one development > team ... > and need to configure second node with build number Y for second > testing team. I think this sounds like setting $environment on a per host basis using External Nodes. [1] http://projects.puppetlabs.com/projects/1/wiki/Using_Multiple_Environments [2] http://docs.puppetlabs.com/guides/language_tutorial.html#parameterised-classes [3] http://docs.puppetlabs.com/guides/external_nodes.html [4] http://docs.puppetlabs.com/references/latest/configuration.html#configversion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: proper way to purge DB data for retired hosts
On Nov 15, 7:09 am, Christopher McCrory wrote: > Hello... > > I've been testing some new servers. I'm using exported resources for > several configs (see other email on ssh_known_hosts), including the > nagios tyoes (very cool!). Now I need to retire several test servers. > How do I 'properly' purge the exported data for these test servers from > the mysql DB on the puppetmaster? > > /me not a SQL guru... Check out puppetstoredconfigclean.rb[1]. That will purge the complete record of each host from the storeconfig DB. [1] https://github.com/puppetlabs/puppet/blob/master/ext/puppetstoredconfigclean.rb -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Problem with modules
On Nov 11, 2:15 am, Daniel Pittman wrote: > Leonko writes: > > I think it is mentioned obliquely a few times, but there certainly isn't > anywhere super-obvious that explains this feature of manifest auto-loading. Yes, +1 to an issue for documenting it. That said #5044 is the best explanation of how autoloading currently works that I've seen. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: syntax for class names
On Nov 11, 2:21 pm, Bruce Richardson wrote: > (I wish Luke had chosen a name other than "class" for Puppet's > classes; it only confuses people). Wondering off topic, but my favorite alternate term so far is "containers". Doesn't confuse people with programming backgrounds as much. Also implies that they're singletons, to me at least. And I think we're getting to a point in the DSL where the difference between definitions and classes is just the singleton aspect. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Disabling Certificates
On Nov 10, 7:42 pm, Derek J. Balling wrote: > Has anyone had any luck in actually disabling certificates entirely. Just > trust the hostname you get from DNS and treat that info as authoritative. > > I'm in the Puppet BoF @ LISA, and (essentially) was told that's never going > to happen, even though I have *no* need for the security that the > certificates theoretically provide and they get in my way far more often than > any alleged "help". > > Has anyone managed to just obliterate the whole certificate-nightmare from > Puppet? Is there anyone else who thinks they add way more complications than > they are worth? > Derek, >From your comment in #3958 I think autosign[1] with "*.domain.tld" would work for you. There are more complicated methods of supporting transient hosts, such as in "the cloud", where not even the hostname is consistent. I suspect that may be more work than you're looking for. [1] http://projects.puppetlabs.com/projects/puppet/wiki/Certificates_And_Security -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Query facter 'facts' from webapp
On Nov 9, 6:06 am, Pieter Baele wrote: > Hi, > > I would like to query the puppetmaster (or the puppet nodes...) for some facts > and display/use these in an external web application (written django) > using the certificates from Puppet. > > What's the correct (nice) way to do this? REST? > Can I find some code examples for this? > > Met vriendelijke groeten, > Pieter Baelewww.pieterb.be Pieter, It's not a solution today but it sounds like you're looking for the Inventory Service[1]. The basic idea is to collect, and export, the client facts using a REST interface from a central service. There's a push to get this in to 2.7[2], so some of your work may be done for you already. The mcollective registration method also works great, if you want to go that route. [1] http://projects.puppetlabs.com/projects/1/wiki/InventoryServiceArchitecture [2] http://groups.google.com/group/puppet-dev/browse_thread/thread/4fa1c3dc34725004/5e822ab9c65dadee -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Patch Management
On Nov 2, 7:26 am, Joel Merrick wrote: > Hi Puppeteers! > > I've just been speaking to Ohad on #theforeman about package > management, specifically about generating lists of packages : version > numbers across the estate for things like patch management. Hi Joel, It's not really an answer but there was related talk at puppetcamp. One of the ideas from puppetlabs was integration between package management databases and puppets resource modeling. I don't think there were any detailed plans, but I imagine it would make your query requirements pretty easy. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Templates VS static files
On Oct 25, 8:12 am, Alaric wrote: > Are there any pro/cons to using templates exclusively? > Besides the already mentioned there are some security issues with using the file server from puppet. Richard Crowley covered this a bit in his puppetcamp talk[1]. He also distributes all of his configs in the catalog, so there's an example of production. On the downside your catalog will get pretty big. I can say that you shouldn't have any problems at 300Kb, at least. I'd be wary of getting too much bigger than that. [1] http://rcrowley.org/talks/puppet-camp-2010/#1 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Templates VS static files
On Oct 25, 11:13 am, "R.I.Pienaar" wrote: > In this scenario puppetd will use the old catalog BUT it will still fetch > files with source from the master. This is also possible during your VCSs 'update' if /etc/puppet is a workdir. This came up at puppet camp, and I think two groups mentioned seeing this actually happen in production. In both cases puppetd just corrected it on the next run. > I've often campaigned for a catalog that combines files and everything else > into one artifact but I think we're some way off from realising that still. >From the description I think #4817 implements this? I haven't even looked at the code though, so reality may vary. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: serialized or limited parallelism
On Oct 11, 2:09 pm, Philip Brown wrote: > Is there any pre-existing functionality in puppet, to allow limiting > parallelism? There's nothing inherent in puppet, besides the 'splay' options. The other common solution is to use the $rand_from_fqdn custom Fact pattern. That said puppet nodes typically won't know of the existence/ state of other nodes. > So I ideally would like some kind of puppet mechanism that says, > "run this script... but only if there are less than 10 other machines > doing the same thing at this particular moment)" I think this is a different tool, which I use mcollective for. Capturing registration metadata is pretty simple, see R.Is suggestion. For orchestrating concurrent actions look at 'mc-puppetd runall' for an example. It runs puppetd on all of the available nodes with a specified concurrency. Writing your own version of that plugin should be trivial. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Using puppet to update itself
On Oct 8, 1:18 pm, Disconnect wrote: > We just use packages: > package { "puppet": ensure => latest } Seconded, mostly. We target specific versions, and test in a lab first, but self upgrades work. We've gone through up, and down, grades of multiple versions of .24, .25, and 2.6. In every case that I can recall we just let puppet update itself without incident. Typically we'll fork off a puppetmaster, then update to the target rev & module/manifests. Next all of the regular puppetmasters run against the fork and upgrade. Then clients start checking in and upgrading. Downgrades are pretty much just the opposite. A key point is controlling who upgrades when, typically just needs a case/selector based on role/puppetclass. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: ERB / Tagging...
On Aug 6, 8:50 am, CraftyTech wrote: > So, should the exporting > of the necessary values be done in the same class as the collection, > or should I just outline it on my default node definition. Here's > what I have so far (and it's not working): Your example is pretty close. I don't see an obvious reason for it to fail. I think you may into two issues in general. Nodes with both 'webserver' & 'mailserver' would export duplicate Host resources. That gets solved if you move the @@host to a third class and pass variables, but now you're compile order dependent. Setting puppetvariables (in manifest) or detecting based on class seems difficult/unreliable. The best solution for you may be a fact or variable on your nodes describing which "group" they're part of. node web { $group = ["web"] include webserver include host::collect } node webmail { $group = ["web", "mail"] include webserver include mailserver include host::collect } class webserver { include host::export } class mailserver{ include host::export } class host::export { @@host{ "$fqdn": ip => $ipaddress, host_aliases => $hostname, tag => $group } } class host::collect { Host <<| tags == $group |>> } > Another thing, how do I ensure that the contents of "file" are what > was collected via the "Host" collection? If someone has a similar > scenario running, please share your ideas... There's no need for the 'file { "/etc/hosts": }' resource. The Host Type should take care of that. For example 'hosts' may be stored in a different location or format. I do it a bit differently. Only nodes with "important" classes export their entries. All nodes will collect all relevant entries. This should work as an example. node dns1 { $location = ["chicago"] include dns include host::collect } node ldap1 { $location = ["chicago"] include ldap include host::collect } node admin1 { $location = ["austin"] include dns include ldap include host::collect } node db1 { $location = ["austin"] include host::collect } node db2 { $location = ["chicago"] include host::collect } class dns { include host::export } class ldap { include host::export } class host::export { @@host{ "$fqdn": ip => $ipaddress, host_aliases => $hostname, tag => $location } } class host::collect { Host <<| tags == $location |>> } -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Test if stored config is enabled?
On Aug 4, 2:33 am, dom wrote: > anyone? anyone? (bueller? bueller?) > > are there internal puppet variables or some such that show puppet > state/config that can be interrogated in a manifest? any other way of > telling if storedconfig is enabled? I've never tried, so I dont know if there's a righter way to do it. You may be able to access the config information from a rvalue function inside your manifest. Take a look at Puppet.settings[:storeconfigs]. As I recall here are different settings for different sections of your config though. You should be able to poke around at Puppet.settings from IRB. Take a look at the scripts in contrib to get there. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: strange string in /etc/shadow
On Jun 15, 8:24 pm, "Gus F." wrote: > It is happening on 0.25.5-1 server, but so far I have only seen the > problem on 0.24.X clients. I don't have an 0.25.4 master to test > against, but at any rate I am unable to reproduce the problem. The > problem seems to have occurred in a relatively small time across the > affected clients, and hasn't happened again (yet). Sounds like the same setup here. We're in the middle of transitioning, masters are .25.5 and clients .24.8. Wasn't able to reproduce, and a very low occurrence rate. I only see one failure in the past ~6 hours. Maybe a dozen for the entire day. And that's at ~1400 puppetruns/hr. Nigel, Doesnt look like an issue with Concat define. This is a straight File resource here: file { "/etc/mail": owner => "root", mode => 0755, group => "root", ensure => directory; } Wed Jun 16 00:00:42 -0700 2010 //#/ File[/etc/mail] (err): Failed to retrieve current state of resource: can't convert YAML::Syck::BadAlias into Integer Wed Jun 16 00:00:42 -0700 2010 //#/ Remotefile[/etc/mail/sendmail.cf]/File[/etc/mail/sendmail.cf] (notice): Dependency file[/etc/mail] has 1 failures Wed Jun 16 00:00:42 -0700 2010 //#/ Remotefile[/etc/mail/sendmail.cf]/File[/etc/mail/sendmail.cf] (warning): Skipping because of failed dependencies Wed Jun 16 00:00:42 -0700 2010 //#/ Remotefile[/etc/mail/aliases]/File[/etc/mail/aliases] (notice): Dependency file[/etc/mail] has 1 failures Wed Jun 16 00:00:42 -0700 2010 //#/ Remotefile[/etc/mail/aliases]/File[/etc/mail/aliases] (warning): Skipping because of failed dependencies -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: strange string in /etc/shadow
On Jun 15, 2:39 pm, "Gus F." wrote: > I am using puppet (version 0.25.5-1.e15 for redhat) for password > management for non-system users. This morning, users on some of my > puppet clients had their encrypted password strings in /etc/shadow > replaced with the following string: > > YAML::syck::BadAlias Whoa. I just saw this on a .24.8 client for the first time today. I poked at it for a few minutes and couldnt reproduce, so I shrugged it off. This is what I found in syslog: puppetd: Starting catalog run puppetd: (//#/File[/usr/local/bin/ concatfragments.sh]) Failed to retrieve current state of resource: can't convert YAML::Syck::BadAlias into Integer puppetd: (//#/Concat[/etc/ filename.txt]/Exec[concat_/etc/filename.txt]) Dependency file[/usr/ local/bin/concatfragments.sh] has 1 failures puppetd: (//#/Concat[/etc/ filename.txt]/Exec[concat_/etc/filename.txt]) Skipping because of failed dependencies puppetd: (//#/Concat[/etc/ filename.txt]/File[/etc/filename.txt]) Dependency file[/usr/local/bin/ concatfragments.sh] has 1 failures puppetd: (//#/Concat[/etc/ filename.txt]/File[/etc/filename.txt]) Skipping because of failed dependencies puppetd: Finished catalog run in 9.82 seconds > What could have caused this? +1 to this. Where to even look? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Nagios hostgroups
On Jun 14, 11:07 pm, Gabriel Filion wrote: > bug or missing feature.. I haven't tried it with 0.25.5, though. I'm on > Debian unstable, using the puppet/puppetmaster packages, so the version > is 0.25.4 > > should I open a bug report about this? Take a look on puppet-dev group and the issues db. If there's nothing found I'd just open a bug. Worst case it's a no action and youre in the same spot. > Interesting. I'll try this out in the next few days and give you > feedback on whether this workaround does the job. If you use a variable, like $nagios_hostgroups, you may also need to specify the namespace. As an example ${nagios::nagios_hostgroups} provides a way to access your variable from any other class. Don't recall how that works with templates though. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Nagios hostgroups
On Jun 12, 1:09 pm, Gabriel Filion wrote: > I tested giving a list of strings to the "hostgroups" attribute to the > nagios_host resource but it only considers the first element of the list. Something like this?: nagios_host { "$fqdn": address => "$ipaddress", hostgroups => ["group1", "group2"] } I haven't tried what youre doing, but sounds like it might be a Type/ Provider bug. > Is there a way to "collect" unique group names for a single host and to > concatenate the final result in a comma separated string? The purpose of > this would be to make modules add nagios groups to the hosts if they > have those services installed. You might be able to use a template or function to join() your array. class bar{ $nagios_hostgroups += ["group1"] } class foo { include bar $nagios_hostgroups += ["group2"] nagios_host { "$fqdn": address => "$ipaddress", hostgroups => template("join_hostgroups.erb") } } join_host_groups.erb: <%= nagios_hostgroups.join(',') %> -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Overriding user attributes
On Jun 14, 1:14 pm, Brian Gallew wrote: > class jboss { > include users > User["java"]{home => "/home/app1" > realize(User["java"])} > > where java is declared in > > class users { > @user{"java": uid=500, gid=501} > > } Brian, I'm still in .24.8 land, so some of this is WAG. For your stated example the error means you need to use 'class jboss inherits users { }'[1]. This puts your Class[jboss] resources in the right scope so you can redefine existing resources from Class[users]. The existing 'include users' will add that puppetclass, and resources, to your node but you aren't in the correct scope to redefine them. You might also try #1088[2] style collections, with overrides[3]. I haven't used these, but I think you'd do something like: class users { @user{ "java": uid => 500, gid => 500 } } class jboss { include users User <| name == "java" |> { home => "/home/app1" } } class notjboss { include users User <| name == "java" |> { home => "/home/app2" } } [1] http://docs.reductivelabs.com/guides/language_tutorial.html#classes [2] http://projects.puppetlabs.com/issues/1088 [3] http://docs.reductivelabs.com/guides/exported_resources.html -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: FYI: Mac Configuration Management at the Los Alamos National Laboratory white paper
On Jun 5, 2:31 pm, Chuck wrote: > I am currently using passenger and puppet 0.25.5 on RHEL 5.4 > > I am looking to support 3000 - 4000 nodes in the up coming years. > 2000 nodes in one data center > 500 nodes in each of three more data centers (1500 nodes) > I am currently worried about scalability as the number of modules and > clients on my puppet server increases. I am planning on locating at > least one puppet server in each of the 4 data centers. Chuck, Performance wise 500 clients should easily by served from a single 4 core 4Gb server. From my rough performance tests each one of those servers should be able to service ~1500+ clients. With regards to client catalog complexity my quoted numbers are with 50 classes & 300 resources per client, using storeconfigs. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: puppetqd and remote mysql server
On Jun 7, 1:00 pm, Christopher Johnston wrote: > Think I found the issue from an strace, the rubygems-sqlit3 rpm was > missing.. still curious on where the logs end up for it though. The fact > that its using sqllite also doesn't help as I think I am running into > locking issues if I try to run a cross environment update. Chris, were you using sqlite or mysql as the backend store when you had issues? Evaluating remote sites with central storeconfigs is on the todo list for me. Currently have it working just peachy with mysql, straight storeconfig no puppetqd. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet AIX contributions and small AIX nfs mountpoint snippet
On Jun 8, 2:39 am, Héctor Rivas wrote: > Is there anybody working extending puppet for AIX? > How is the best way to share our improvements and colaborate? Hector, I believe Andrew Forgue did a lot (all?) of the existing AIX work. You can see an example here http://projects.puppetlabs.com/issues/2864. Most of the development work is hosted github.com, as far as I know. Someone over on http://groups.google.com/group/puppet-dev/ should be able to point you to a Getting Started type doc. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Multiple Puppet Servers
On May 14, 1:39 pm, Ken wrote: > Also I just realised - if the client does it using SRV with weights > and priorities - you get global server load balancing built in. Cool > bananas. > > ken. That exact functionality is actually a big benefit to me. As an example we have multiple geo locations, with each location having 1+ room. Getting the global availability is very nice. I'd certainly like to avoid the tricks that can be played with Anycast and dynamic DNS views. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: multiple OS support conventions?
On May 12, 1:03 am, Rohan McGovern wrote: > I've been doing it like this, for an example module > named "baselayout": > > modules/baselayout/manifests/init.pp: > > import "*" > class baselayout { > case $operatingsystem { > Darwin: { include baselayout::mac } > OpenSuSE: { include baselayout::suse } > } > } > > modules/baselayout/manifests/mac.pp: > > class baselayout::mac { > ... > } > > modules/baselayout/manifests/suse.pp: > > class baselayout::suse { > ... > } > > ... etc. I've just started, so there could be problems with this I > haven't hit yet. +1 on this method. I handle it pretty much the same way. The difference would be using a modulename::base class for all of the common setup. Depending on the specific child classes they can then inherit modulename::base or include it. A simple exmaple can be seen in the Camp to Camp augeas module[1]. In general I try to avoid using parameter selectors for this type of customization. [1] http://github.com/camptocamp/puppet-augeas/blob/master/manifests/classes/augeas.pp -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Multiple Puppet Servers
On May 13, 10:53 pm, Abhishek wrote: > Hi, > > Is there any way to define multiple puppet servers in client > configuration so that if my one puppet server is down then my > production config changes can be applied from other puppet server. I > am using apache and Mongrel for puppet load balancing. I've been waiting for http://projects.puppetlabs.com/issues/1866 (Support for specification of multiple servers). 3669 looks to duplicate a lot of the functionality. The obvious difference being static config or SRV records providing the list of available hosts. Personally I'd be pleased with either one. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: ldap node attributes containing dash ( - )
On May 7, 1:16 pm, "Jesús M. Navarro" wrote: > Won't use the ${variable-name} version do the trick? > Cheers. I tried that initially, but it wouldn't pass --parseonly (.24.8) so I didn't commit it. Let me check manually.. Yeah, parseonly and actual catalog compilation both fail: err: Could not parse for environment production: Could not match '$ {dns-ns}' at init.pp:38 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: ldap node attributes containing dash ( - )
On May 6, 4:31 pm, donavan wrote: > Am I missing some clever way to use variables containing a dash in the > name? > > We're using LDAP nodes I may have a node like this example: .. > And I'd like to access 'console-port' as a variable in a manifest. Reading over I realize this may not be clear to people not using LdapNodes[1]. "All attributes on the LDAP nodes are assigned as variables in the Puppet configuration". This gives you puppet variables like $ipHostNumber for free. I have an LDAP attribute I need to check from inside my manifest. The issue is the attribute name contains a dash. So I can't use the regular semantics of $ to access it. Any way to get this attribute without a hacky function/template? [1] http://projects.puppetlabs.com/projects/puppet/wiki/Ldap_Nodes -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: ldap node attributes containing dash ( - )
On May 6, 5:46 pm, Trevor Vaughan wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > I don't think that ruby itself allows variables with dashes in the name > since it will probably interpret them as minus signs and try to > interpret the variables around the symbol. Right. Which is why, in ActiveLdap for example, I would have to use a string with the hash access method: >> ns01.cn => "ns01.domain.com" >> ns01.dns-ns NoMethodError: undefined method `dns' for # >> ns01["cn"] => "ns01.domain.com" >> ns01["dns-ns"] => "10041801" And in other cases I could use the instance_variable_get method to pull it out: >> ns01.instance_variable_get("@data")["dns-ns"] => ["10041801"] But I don't have either of those from a manifest. So I can trysomething like get_var[1]. I was just hoping someone out there had a cleaner work around for me. [1] http://projects.puppetlabs.com/projects/puppet/wiki/Ldap_Nodes -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] ldap node attributes containing dash ( - )
Am I missing some clever way to use variables containing a dash in the name? We're using LDAP nodes I may have a node like this example: dn: cn=ns01.domain.com,cn=machines,o=domain cn: ns01.domain.com objectClass: top objectClass: puppetClient ipHostNumber: 192.201.112.90 parentnode: basenode-without-autofs puppetclass: default_access console-port: 7...@cyclada4 And I'd like to access 'console-port' as a variable in a manifest. In ruby land I end up resorting to stupid tricks like instance_variable_get('@console-port') or ['console-port'] to get this. Any suggestions besides a hackier implementation of get_var() function? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Managing producton & backup datacenter
> Can you please explain this method a bit more, for the > unexperienced like me? > > Showing the actual code would be great, if it's possible. Sure, I assume you mean the exported resource part. Using storeconfigs[1] it's possible to exchange information between nodes. Brice has some great explanations on his blog[2]. This example, using concat[3] should give you an idea: class dns::resolver { # create a file fragment pointing to this node @@concat::fragment{ "resolv.conf_${fqdn}": target => "/etc/resolv.conf", order => 10, content => "nameserver\t$ipaddress\t# $fqdn\n", tag => $location; } } class dns::client { # concat teh fragments into the target file concat{"/etc/resolv.conf": } # insert a local fragment with search domain concat_fragment{ "resolv.conf_search": target => "/etc/resolv.conf", order => 05, content => "search\tdomain.com\n" } # "realize" (retrieve) Concat_fragment resources provided by other nodes in the same $location Concat_fragment <<| tag = $location |>> } I also tested using native types like Host and Augeas. Both worked fine as far as I could see. For resources like /etc/resolv.conf you may want to include a safe default entry in dns::client. That could help protect against no available dns::resolver nodes, for example. [1] http://projects.reductivelabs.com/projects/puppet/wiki/Using_Stored_Configuration [2] http://www.masterzen.fr/2009/08/08/storeconfigs-use-cases/ [3] http://www.devco.net/archives/2010/02/19/building_files_from_fragments_with_puppet.php -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Managing producton & backup datacenter
> > But for more sophisticated puppet setups - what are your ways to determine > > which environment you are in. > > I wrote a custom fact, location, that embeds all the logic in a tiny bit of > custom Ruby. (In fact, it just grabs the hostname, domain, and IP address, > then uses a tiny bit of logic to select between them.) Same sort of solution here. I made a location fact that maps primary ipaddress subnet to a descriptive location string. >From there I went a different route than the extlookup() + case method. I ended up using exported resources with 'tag => $location' and '<<| tag = $location |>>' on the client side. If a resource doesn't have a native Type I used the same technique with the concat module. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: mcollective scalability
> 2000 nodes certainly is within my goals with the design, that said there has > not been such a big deploy. We've got 500+ nodes on mcollective currently. Nothing special as far as setup, a few of the contrib agents and few more in house agents. Nodes are primarily split between two buildings connected by gigE. 95% response from mc-ping is 300ms, average 200ms. I'm expecting at least 1000 nodes in three geo areas by the end of the year. My todo list for this summer has federating some more activemqs into the setup. > You'd probably want a few activemq instances in a cluster in such a setup, > though I've heard of much larger client counts on activemq. The above all runs off of a single activemq server currently. Quad core xeon w/ 3gb ram sitting at 99% idle. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Default Gateway facter problems
On Apr 19, 10:09 pm, Daniel Pittman wrote: > So, a simple "gateway" fact is essentially meaningless for our network; this > is probably true of at-least-some machines on at-least-some large networks. > > (So, while your fact is meaningful, it isn't a generic "gateway" fact :) > This can return multiple results, trivially, even on a simple network where > you have multiple definitions in /etc/network/interfaces; it breaks in the > face of network mapping, or of having two NICs with gateway statements. When I made up my sites broadcast fact I solved it in a manner like interfaces.rb. Essentially there are multiple "broadcast_$interface" facts, and while creating these the interface associated with "ipaddress" also sets the "broadcast" fact as primary. Moving on to the gateway fact; I think a trivial solution is to use your array of gateways to create a series of "gateway_$n"[1] facts. If you can detect a default then that can be "gateway". Given I haven't looked at this exact problem yet, so I could be overlooking the hard bits. [1] I could have *sworn* Facter::Util had a method for exactly this, but now I don't see it of course. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: File Size
On Apr 7, 8:56 am, Seeker wrote: > Hi all, Just wondering, is there a limit on the file size that you can > transfer with PUPPET. > > Thank you all As others have mentioned Puppet is pretty inefficient with file transfers currently. Our rule of thumb limit File resources to less than a meg. Tens of megs should work fine, but there are the memory issues currently. Brice Figureau is doing some good work[1] to clean this area up. He also has a great post on his blog[2] that covers the subject in some detail. [1] http://projects.puppetlabs.com/issues/3373 [2] http://www.masterzen.fr/2010/01/28/puppet-memory-usage-not-a-fatality/ -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Better exported key value system?
Let's start with two example problems: 1) Select the first available value in an address space. For example openldap syncrepl rid, "ID uniquely identifying the replica .. an integer which has no more than three decimal digits"[1]. 2) Selecting a sticky "random" value from an array of values. In this example choosing an available server(s) to query for directory services. Reselection should be limited to a change in array size, or possibly selected value deletion. I've got this mostly 'solved' using a combination of exported files, a lookup function, and a temp variable. But it seems awfully hacky and wasteful. The problems seems close to RI Pienaars extlookup[2], or Lukes data loading system[3], or even concatenated file fragments. The key difference from [2] and [3] is that my source data is dynamically generated by other nodes. Has anyone solved a similar issue? Or see a good path to take on this? So my current 'solution' in quick psuedo manifest: class openldap::replica { File <<| tag == $ldap_cluster |>> file { "/var/puppet/lib/ldap_replicas": ensure => directory, purge => true; } @@file{ "/var/puppet/lib/ldap_replicas/$fqdn": content => $ldap_rid, tag => $ldap_cluster } $ldap_rid = ext_lookup("ldap_replicas", "available") augeas {"slapd.conf_rid": changes => "set /files/etc/openldap/ slapd.conf/syncrepl/rid $ldap_rid" } } And what I think it might look like. This could be as simple as defines, or an actual Type and a function that starts poking into the compiler/catalog. @@dkv_put{ $fqdn: key => "ldap_rid", value => $ldap_rid, tag => $ldap_cluster } $ldap_rid = dkv_get( key => "ldap_rid", sort => "available", count => "1", tag => $ldap_cluster ) [1] http://www.openldap.org/doc/admin22/syncrepl.html [2] http://www.devco.net/archives/2009/08/31/complex_data_and_puppet.php [3] http://projects.reductivelabs.com/issues/2953 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: facter or ifconfig to find hosts with ip on certain subnet
On Mar 28, 8:47 pm, deet wrote: > I like the idea of accessing this information through facter instead > of needlessly running ifconfig again. Indeed. Take a look at the facter libraries, they're quite readable overall. Plenty of good bits in 'facter/util' that you can use also. > Is their any "standard" location to put a config.yml file like in > your above example? Or just where ever I happen to store config files > at my location? I think i'll extend your example for default gateway > lookups. I think /usr/local/etc/ is pretty standard for configs that aren't supplied by the base os. If they're specific to a single program you could also see "/usr/local/$program/". Check 'man hier' of your platform of choice for more info. In my case we're using config.yml to store all those site common settings that usually get embedded into 10 different scripts and then forgotten. Ive done similar facts for providing gateway & broadcast addresses based on existing facts. Those were used for dhcp servers to automagically build dhcp.conf settings for attached networks. Let me know if you have any questions. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: facter or ifconfig to find hosts with ip on certain subnet
> host has one). I've not ventured down the custom fact road before so > this should be an little adventure. Your version certainly will work. I think this is how I might take a stab at it though: require 'facter' require 'ipaddr' require 'yaml' Facter.add("nsd_gateway") do setcode do begin interfaces = Facter.value(:interfaces).split(',') nsd_gateway = nil interfaces.each do |iface| next unless (address = Facter.value("ipaddress_#{iface}")) YAML::load(File.open('/usr/local/etc/config.yml')) ['nsd_networks'].each do |net| net = IPAddr.new(net) nsd_gateway = address if net.include?(address) end end nsd_gateway end end end Where your '/usr/local/etc/config.yml' file contains a definition of your nsd_networks: --- nsd_networks: - 14.1.22.0/24 - 19.7.28.0/24 - 15.0.8.0/24 > Thanks for the alternate idea on using templating to solve the > problem. I had not thought of that approach! No problem. I can't envision it offhand, but you *might* also be able to do it in a define. But youve already solved it for now. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: facter or ifconfig to find hosts with ip on certain subnet
> And I want to say something like (pseudo code) > if network_* = 10.55.12.0 > then > static route magic here >From this example you're trying to detect it any interface is on the 10.55.12.0 network, correct? Are you also trying to match a set of networks (10.55.12.0, 10.55.13.0, etc) with different behaviour for each network? Are you looking for a custom fact that will report a magic keyword? What Ashley posted is, conceptually, the same as a 'location' fact I made for work. It maps the nodes primary ipaddress to a string physical location. Extending that to check if any interface matches is pretty trivial. You could also assign the output of a template to a variable, then evaluate that. There are examples in Puppet_Templating on the wiki that seem pretty similar. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Package Providers for OD X Server
Sorry for the late reply. I hadn't noticed your response. > How are you running the puppetmasters Donovan? Passenger? > > I'd like us to have a nice simple install for people wanting to run > the server on OS X. I have a script around somewhere that will create > a Passenger pkg from the source tarball, and that seemed to work fine > with the built in Apache. It's a bit fuzzy, but I recall some annoying issue with using passenger. We're currently using apache2 as a proxy to mongrel. We haven't had any issues with mongrel that I can recall. > I'm not doing much OS X Server these days, but I wonder if there's any > hope of getting a decent serveradmin type together for OS X Server > management Certainly seems possible. A quick poke around and we should be able to drive servermgrd locally. /usr/share/servermgrd/cgi-bin/ looks like it's all symlinks back to /usr/sbin/serveradmin. An xml/plist lib and popen() should do the trick. Do know of an existing type that supports the same type of functionality? At first glance the closest thing looks like augeas. The serveradmin services look like augeas lenses to me. In which case serveradmin may just be a provider for the augeas type? Anyways, I know we'd certainly use a serveradmin provider/type. Right now it's a lot of exec trickery and munging of plists & configs. Off the top of my head we're using that model to drive OSX smb & OD servers. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Package Providers for OD X Server
At work we have three puppetmasters running on OSX 10.5. I hate to say it, but it came down to custom packages. We're using encap to deploy across 3 different OSs for all the site common bits. Other than the packaging the other bits of apple sauce to tackle were service management & bizzaro configs. We also have plenty of exec{}s to serveradmin, which I havent gotten back to. augeas should help tackle the misc configs. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.