[Puppet Users] Re: Upcoming Red Hat Enterprise Linux 6 and 7(s390x architecture) removal
On Thursday, February 28, 2019 at 6:09:52 AM UTC-8, jcbollinger wrote: > > > > On Wednesday, February 27, 2019 at 11:29:24 AM UTC-6, > gheorghe...@puppet.com wrote: >> >> Red Hat Enterprise Linux 6 and 7, s390x architecture. >> >> These platforms will no longer be included in future puppet-agent >> releases and will be deprecated in the next PE. >> >> >> > Please confirm: I think you must mean that RHEL *on* s390x is going to be > deprecated, not that RHEL 6 & 7 will be deprecated, and, separately support > for s390x will be deprecated. After all, RHEL 7 is still the current > release; version 8 is not out of beta yet. > Hi John, that is correct - we will no longer ship packages for *any* version of RHEL on the s390x architecture. > > > John > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/ad541786-7fa0-407a-a635-ea370f1e79c9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Announce: Puppet Agent 1.9.3 is now available
Hi All, Puppet Agent 1.9.3 is now available. This release includes Puppet 4.9.4, which includes several bug and performance fixes for Hiera 5. For a complete list of fixes in Puppet 4.9.4, please see the release notes at https://docs.puppet.com/puppet/4.9/release_notes.html. To install or upgrade Puppet Agent, follow the getting started directions: http://docs.puppetlabs.com/puppet/latest/reference/index.html For information on upcoming OS platform end-of-life (EOL) dates for Puppet Agent, please see our Platform Support Lifecycle page: https://puppet.com/ content/platform-support-lifecycle -- Geoff Nichols Puppet -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CADjnYBwh8yAm0rTwE6xhhj3MRhSrH1DAPAL61KcYZx8c76WKVg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Announce: puppet-agent 1.9.1 released
Hi All, Puppet Agent 1.9.1 is now available. This release includes Puppet 4.9.2, which fixes several bugs in Hiera 5. Please try this new release and let us know what you think! For a complete list of fixes in Puppet 4.9.2, please see the release notes at https://docs.puppet.com/puppet/4.9/release_notes.html. To install or upgrade Puppet Agent, follow the getting started directions: http://docs.puppetlabs.com/puppet/latest/reference/index.html For information on upcoming platform end-of-life (EOL) for Puppet Agent, please see our Platform Support Lifecycle page: https://puppet.com/content/platform-support-lifecycle -- Geoff Nichols Puppet Agent and Platform Team -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CADjnYBw4ZWd3kseuqUZ7V1UzX4p9tHByByCUwGc3AzybyY8-Tg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Announce: Puppet Agent 1.8.3 is available
Puppet Agent 1.8.3 is now available. This is a bug fix release that includes Puppet 4.8.2 and Facter 3.5.1. Puppet 4.8.2 reinstates and deprecates the “stacktrace” property in Puppet’s HTTP error response API. Facter 3.5.1 outputs the names of facts that belong to each blockable and cacheable group of facts when using the `--list-block-groups` and `--list-cache-groups` command line options. This release also fixes a number of smaller bugs in Puppet and Facter, as well as a bug that could lead to a potential crash in PXP Agent message parsing. Full release notes are available here: https://docs.puppet.com/puppet/4.8/release_notes_agent.html To install or upgrade Puppet Agent, follow the getting started directions: http://docs.puppetlabs.com/puppet/latest/reference/index.html For information on upcoming platform end-of-life (EOL) for Puppet Agent, please see our Platform Support Lifecycle page: https://puppet.com/content/platform-support-lifecycle -- Geoff Nichols Puppet Agent and Platform Team -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CADjnYBxRbi5XP56qAECmcKHTK3r%3DJKEhB9L%3Dcn_ZiKK9OFA7Jw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Announce: Puppet Agent 1.7.2 is available
Puppet Agent 1.7.2 is now available. Puppet Agent 1.7.2 is a Puppet Agent 1.7 series maintenance release that includes Puppet 4.7.1 and updated versions of Facter, Hiera, Mcollective, and PXP Agent. This release also fixes a bug that could lead to a potential crash in PXP Agent message parsing. In addition, Puppet Agent 1.7.2 updates Curl to address vulnerabilities recently announced by the Curl project. Full release notes are available here: https://docs.puppet.com/puppet/4.7/release_notes_agent.html To install or upgrade Puppet Agent, follow the getting started directions: http://docs.puppetlabs.com/puppet/latest/reference/index.html For information on upcoming platform end-of-life (EOL) for Puppet Agent, please see our Platform Support Lifecycle page: https://puppet.com/content/platform-support-lifecycle -- Geoff Nichols Puppet Agent and Platform Team -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CADjnYByV-ugTLtdKOT%2BOJyd1L%2B2h31MxibkrSWoDjSarnrDw%2Bg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Announce: Puppet Agent 1.8.2 is available
Puppet Agent 1.8.2 is now available. This is a bug fix release that updates PXP Agent. All other components remain the same from the previous release. Puppet Agent release notes are available here: https://docs.puppet.com/puppet/latest/reference/release_notes_agent.html To install or upgrade Puppet Agent, follow the getting started directions: http://docs.puppetlabs.com/puppet/latest/reference/index.html For information on upcoming platform end-of-life (EOL) for Puppet Agent, please see our Platform Support Lifecycle page: https://puppet.com/content/platform-support-lifecycle -- Puppet Agent and Platform Team -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CADjnYBxga3jKgtmn_TiGv%3Dw3u_bJ843Y66Y%3Dmp7idDPGqOSRHw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Announce: Puppet Agent 1.8.1 is available
Puppet Agent 1.8.1 is now available. This release includes Puppet 4.8.1, which includes a fix for a mount provider regression introduced in Puppet 4.8.0. This release also contains an updated version of Curl that addresses vulnerabilities recently announced by the Curl project. Check out the full release notes here: https://docs.puppet.com/puppet/latest/reference/release_notes_agent.html To install or upgrade puppet-agent, follow the getting started directions: http://docs.puppetlabs.com/puppet/latest/reference/index.html -- Geoff Nichols Puppet Ecosystem - Agent and Platform Team -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CADjnYBwUUDzWjRgtbe88dX_oz7CCqavVqM%3D7nB2NnhuXBpm6uQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Announce: Puppet Agent 1.8.0 is available
On Tuesday, November 1, 2016 at 6:49:20 PM UTC-7, Garrett Honeycutt wrote: > > On 11/1/16 9:29 PM, Geoff Nichols wrote: > > I’m excited to announce a new backwards-compatible feature release of > > Puppet Agent. Puppet Agent 1.8.0 contains several updated component > > versions, including new feature releases of Puppet and Facter. > > > > > > * Puppet 4.8.0 - This release includes several improvements to the type > > system and updates puppet module tool to use "forgeapi.puppet.com > > <http://forgeapi.puppet.com>" (instead of "forgeapi.puppetlabs.com > > <http://forgeapi.puppetlabs.com>"). > > > > > > * Facter 3.5.0 - New feature release allowing settings for configuring > > external and custom fact directories, setting command line options, and > > blocking facts - loaded by default from > /etc/puppetlabs/facter/facter.conf. > > > > > > This release also adds support for macOS Sierra and Windows Server 2016. > > > > > > Release notes for each of these are linked from the main puppet-agent > > note: > https://docs.puppet.com/puppet/4.8/reference/release_notes_agent.html > > > > > > For information on upcoming platform end-of-life (EOL) for Puppet Agent, > > please see our Platform Support Lifecycle page: > > https://puppet.com/content/platform-support-lifecycle > > > > > > Community shout-out to Clay Caviness for several contributions to this > > release - including a fix for ‘tidy’ and additional fixes for Mac OS X. > > > > > > > > -- > > > > Geoff Nichols > > Puppet Ecosystem - Agent and Platform Team > > Hi Geoff, > > I added puppet 4.8.0 to a test harness and it seems that it has not been > released to rubygems.org, which is needed for automated testing. > > Could you please release it to rubygems.org. > > Thanks, > -g > > -- > Garrett Honeycutt > @learnpuppet > Puppet Training with LearnPuppet.com > Mobile: +1.206.414.8658 > Hi Garrett, Puppet 4.8.0 gems are now available at rubygems.org. Thanks, Geoff -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/bb70c613-362a-4b65-8ebe-fbd51bb66939%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Announce: Puppet Agent 1.8.0 is available
I’m excited to announce a new backwards-compatible feature release of Puppet Agent. Puppet Agent 1.8.0 contains several updated component versions, including new feature releases of Puppet and Facter. * Puppet 4.8.0 - This release includes several improvements to the type system and updates puppet module tool to use "forgeapi.puppet.com" (instead of "forgeapi.puppetlabs.com"). * Facter 3.5.0 - New feature release allowing settings for configuring external and custom fact directories, setting command line options, and blocking facts - loaded by default from /etc/puppetlabs/facter/facter.conf. This release also adds support for macOS Sierra and Windows Server 2016. Release notes for each of these are linked from the main puppet-agent note: https://docs.puppet.com/puppet/4.8/reference/release_notes_agent.html For information on upcoming platform end-of-life (EOL) for Puppet Agent, please see our Platform Support Lifecycle page: https://puppet.com/content/platform-support-lifecycle Community shout-out to Clay Caviness for several contributions to this release - including a fix for ‘tidy’ and additional fixes for Mac OS X. -- Geoff Nichols Puppet Ecosystem - Agent and Platform Team -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CADjnYByDRH6eC62T5_%2BZ-1MMO85r-TdgAEOZRfvG-WrwAo%3DfsA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Announce: Puppet Agent 1.7.1 is available (with a critical security fix)
Puppet Agent 1.7.1 is available (with a critical security fix). This is a security release of Puppet Agent that addresses a critical vulnerability in PXP Agent as well as several other vulnerabilities. Please see our security page <https://docs.puppet.com/security/index.html> and these security notices regarding the vulnerabilities fixed in this release: - Puppet Execution Protocol (PXP) Command Whitelist Validation Vulnerability <https://puppet.com/security/cve/pxp-agent-oct-2016> - Unprivileged Access to Environment Catalogs <https://puppet.com/security/cve/cve-2016-5714> Puppet Agent 1.7.1 also contains updated versions of OpenSSL and Curl to address vulnerabilities recently announced by those projects. This is the second release of the puppet-agent with .deb and .rpm packages signed with our new GPG signing key. Please see our recent announcement <https://puppet.com/blog/updated-puppet-gpg-signing-key> for more information about the new GPG signing key. Full release notes are available here: https://docs.puppet.com/puppet/latest/reference/release_notes_agent.html To install or upgrade puppet-agent, follow the getting started directions: http://docs.puppetlabs.com/puppet/latest/reference/index.html -- Geoff Nichols Puppet Ecosystem - Agent and Platform Team -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CADjnYBy%3D4OiSo9ORRDW67SU5y72JTGW0zHQrF6jnfyB4ZXzEUA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Announce: Puppet Agent 1.7.0 is available
Puppet Agent 1.7.0 is now available. This is the first release of the puppet-agent with .deb and .rpm packages signed with our new GPG signing key. This release also includes Puppet 4.7.0, which contains a fix for a bug potentially affecting Puppet Server’s HTTP ‘/status’ endpoint. Please see our recent announcement <https://groups.google.com/d/msg/puppet-announce/-DiBwr51qhM/9Mu1eM89AQAJ> or the Puppet Agent 1.7.0 release notes for more information about the new GPG signing key. Check out the full release notes here: https://docs.puppet.com/puppet/latest/reference/release_notes_agent.html To install or upgrade puppet-agent, follow the getting started directions: http://docs.puppetlabs.com/puppet/latest/reference/index.html -- Geoff Nichols Puppet Ecosystem - Agent and Platform Team PuppetConf 2016 <https://puppet.com/puppetconf>, 19 - 21 October, San Diego, California *Final Countdown - Register by 5 October and save $180 <http://puppetconf2016.eventbrite.com/?discount=FinalCountdown>* -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CADjnYBwZ_qU%3DE_s4RotQdZm_tB-ZeSMThKXUws_WXuBuhW5_%2BQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Announce: Puppet-agent 1.6.1 is available
Puppet Agent 1.6.1 is now available. This release includes Puppet 4.6.1 (containing a critical bug fix, as well as a number of smaller fixes). Yesterday we removed Puppet 4.6.0 (and puppet-agent 1.6.0) from our repositories after users found a critical issue (PUP-6608) affecting variables defined in a class not being in scope after resource-like declaration of that class. Users who had installed Puppet 4.6.0 (puppet-agent 1.6.0) should upgrade to Puppet 4.6.1 (puppet-agent 1.6.1). This release fixes the critical issue and several smaller bugs in Puppet and Facter. Release notes are linked from the puppet-agent 1.6.1 note: https://docs.puppet.com/puppet/4.6/reference/release_notes_agent.html. To install or upgrade puppet-agent, follow the getting started directions: http://docs.puppet.com/puppet/latest/reference/index.html <http://docs.puppetlabs.com/puppet/latest/reference/index.html>. -- Geoff Nichols Puppet Release Engineering PuppetConf 2016 <https://puppet.com/puppetconf>, 19 - 21 October, San Diego, California *Summer Savings - Register by 15 September and save $240 <https://puppetconf2016.eventbrite.com/?discount=SummerSavings>* -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CADjnYBy-oCjxwHku_Z64R8Jw8A7biAEnCJvwzKUjz1ykzav5aA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: Announce: Ruby 2.3 update planned for puppet-agent 1.6.0
On Friday, July 29, 2016 at 5:00:26 PM UTC-7, Geoff Nichols wrote: > > Because Ruby 2.1 is approaching end-of-life (upstream bugfix support ended > March 2016), we need to move puppet-agent to a more modern Ruby version. > > If all goes well with testing, the upcoming puppet-agent 1.6.0 release > will include Ruby 2.3.1. > As an update, we found some issues during testing, so puppet-agent 1.6.0 will NOT include Ruby 2.3.1. We're now targeting the Ruby 2.3 update for a later puppet-agent release. (We'll share more information about that timeframe as the plan firms up.) Thanks, Geoff -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/e73ce75c-4d36-4a69-85c5-c6d9aa27e5bc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Announce: Ruby 2.3 update planned for puppet-agent 1.6.0
On Friday, July 29, 2016 at 7:48:26 PM UTC-7, François Lafont wrote: > > Hi, > > On 30/07/2016 02:00, Geoff Nichols wrote: > > > Because Ruby 2.1 is approaching end-of-life (upstream bugfix support > ended > > March 2016), we need to move puppet-agent to a more modern Ruby version. > > > > If all goes well with testing, the upcoming puppet-agent 1.6.0 release > will > > include Ruby 2.3.1. > > > > Since the update to Ruby 2.3 is a minor release for Ruby, we're > including > > it in a minor release of puppet-agent. > > > > However, user-installed gems in puppet-agent's gem path will require > > re-installation following the upgrade to puppet-agent 1.6.0. (If you > think > > this will affect you, please let us know how, and we’ll look into it.) > > > > If you have any questions about this, please don’t hesitate to ask. > > 1. So it concerns gems installed via this command: > > /opt/puppetlabs/puppet/bin/gem install $gem_foo > > Is it correct? > Yes, that's correct. > > > 2. And what about gems installed via this command? > > /opt/puppetlabs/bin/puppetserver gem install $gem_foo > > Is a re-installation after the upgrade needed too? > No, gems installed using Puppet Server's `puppetserver gem install` subcommand use a separate (JRuby) interpreter. Those gems should not be affected and should not require re-installation after the upgrade. > > > Thanks in advance for your help. > François Lafont > > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/111d9306-d524-4210-92c5-921b65e036cc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Announce: Ruby 2.3 update planned for puppet-agent 1.6.0
Because Ruby 2.1 is approaching end-of-life (upstream bugfix support ended March 2016), we need to move puppet-agent to a more modern Ruby version. If all goes well with testing, the upcoming puppet-agent 1.6.0 release will include Ruby 2.3.1. Since the update to Ruby 2.3 is a minor release for Ruby, we're including it in a minor release of puppet-agent. However, user-installed gems in puppet-agent's gem path will require re-installation following the upgrade to puppet-agent 1.6.0. (If you think this will affect you, please let us know how, and we’ll look into it.) If you have any questions about this, please don’t hesitate to ask. -- Geoff Nichols Puppet Release Engineering PuppetConf 2016 <https://puppet.com/puppetconf>, 19 - 21 October, San Diego, California *Summer Savings - Register by 15 September and save $240 <https://puppetconf2016.eventbrite.com/?discount=SummerSavings>* -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CADjnYBxeQA_H-dZ71-dsoobEb6fJfpwz7-YnAUXkJgREHTYTrw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Re: Keeping compile masters consistent
Cool.. I'm specifically interested in knowing how people deal with compile servers that do not update their local version of the puppet tree properly and how to prevent them serving stale or broken catalogs. -G On Tue, Jun 14, 2016 at 1:42 PM, Peter M Souter <p.mor...@gmail.com> wrote: > I've seen a few ways of doing this: > > - Running lsyncd to watch for changes to code on the MoM > - Rsync task on demand when the master is updated, maybe with something > like incrond or just with scripting or Jenkins tasks > - The R10K mco task from acidprime/r10k > https://github.com/acidprime/r10k#mcollective-support > > You can probably go for something more heavyweight with glusterfs, but I > like to keep it simple :) > > > On Tuesday, 14 June 2016 11:49:01 UTC+1, Geoff Galitz wrote: >> >> >> Hi folks. >> >> I'm curious what approaches you take towards making sure the puppet tree >> is consistent across distributed compile masters? In PE this would be code >> manager's job, I believe. What do the FOSS folks use? >> >> I was contemplating using zookeeper for this. >> >> -G >> >> >> -- >> >> >> Geoff Galitz, Systems Engineer >> Shutterstock GmbH >> Greifswalder Strasse 212 >> Aufgang F, 2 Hof >> 10405 Berlin >> >> -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/ad4530c7-7ef8-4baa-9b12-935155eea26d%40googlegroups.com > <https://groups.google.com/d/msgid/puppet-users/ad4530c7-7ef8-4baa-9b12-935155eea26d%40googlegroups.com?utm_medium=email_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- Geoff Galitz, Systems Engineer Shutterstock GmbH Greifswalder Strasse 212 Aufgang F, 2 Hof 10405 Berlin -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CABiayTB8GbcepTGk416RRJRCAYjogUssyszcv4ZwD3fm3sH%2BXw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Keeping compile masters consistent
Hi folks. I'm curious what approaches you take towards making sure the puppet tree is consistent across distributed compile masters? In PE this would be code manager's job, I believe. What do the FOSS folks use? I was contemplating using zookeeper for this. -G -- Geoff Galitz, Systems Engineer Shutterstock GmbH Greifswalder Strasse 212 Aufgang F, 2 Hof 10405 Berlin -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CABiayTDXENGyGndW_SZpVw3O2EKyeGJz-%2BA64yFRo7JPDQuGEA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Re: Puppet MultiMaster open source
Thanks for your replies.. much appreciated. -G On Thu, Apr 21, 2016 at 3:40 PM, Ryan Anderson <ryan.c.ander...@gmail.com> wrote: > This is possible, and it is not documented well. Different parts of > getting it to work are in different sections of the online documentation. I > got this working recently with these conditions: > >- One puppet server is the CA master as well as a normal compile master >- Puppet masters exist at other data centers and are compile masters >for agents at their sites, with all other masters/agents using the CA >master for SSL >- Each puppet master has a cron to regularly do a 'git pull' of the >puppet environment git repos to /etc/puppetlabs/code/environments so all >agents use the same code. Recommendation: GitLab CE (free) is amazing. >- A separate server hosts puppetdb, and all masters send agent reports >to it. To make this work, all agents/masters need to use the same CA > > On the first puppetmaster that will also be the CA master: > >- Install puppetserver >- In its /etc/puppetlabs/puppet/puppet.conf [main] section: > - server = > - ca_server = >- Startup puppetserver on it >- Put your code into /etc/puppetlabs/code/environments >- Configure it to be an agent to itself and ensure it successfully >runs before proceeding > > On other masters: > >- Install puppetserver >- Setup the git repos into /etc/puppetlabs/code/environments as you >did for the CA master >- Modify /etc/puppetlabs/puppetserver/bootstrap.cfg and follow the >comment's instruction on disabling the CA service >- Modify /etc/puppetlabs/puppetserver/conf.d/webserver.conf per >https://docs.puppet.com/puppetserver/2.2/external_ca_configuration.html >- In its /etc/puppetlabs/puppet/puppet.conf [main] section: > - server = > - ca_server = >- In its [agent] section, make its 'server' be the CA master and set >the correct environment >- Run the agent successfully (against the CA master), then make >'server' be its own FQDN, then run it successfully again > > Configure all masters to send reports to puppetdb: > >- Under [master], add: >- > >storeconfigs = true >storeconfigs_backend = puppetdb >reports = puppetdb > > > > On agents: > >- In the [main] section, have 'ca_server = ' >- In the [agent] section, have 'server = site>' >- Send agent reports, in the [agent] section, add: report = true > > > On the separate PuppetDB server: > >- Configure it as an agent and successfully run the puppet agent >- Install the excellent puppetlabs-puppetdb module from puppetforge >into your environment(s) >- In your site.pp node section, configure your masters and puppetdb >server as such with the module: >- > ># Puppet masters send reports to puppetdb server >if $::hostname =~ /(camaster|master1|master2|master3)/ { > class { 'puppetdb::master::config': >puppetdb_server => 'puppetdbserver.example.com', > } >} > ># This is the puppetdb server >if $::hostname == 'puppetdbserver' { > class { 'puppetdb': >listen_address=> '0.0.0.0', >open_listen_port => true, >open_ssl_listen_port => true, >java_args => { '-Xmx' => '2g', }, > } >} > >- I highly recommend using puppetboard with puppetdb: >https://github.com/voxpupuli/puppetboard > > > On Wednesday, April 20, 2016 at 7:59:00 AM UTC-5, Geoff Galitz wrote: >> >> >> Hi... >> >> Is it possible to get compile master, master of master and code manager >> (file sync) working in the open source versions? Specifically: >> >> puppetserver-2.3.1-1.el7.noarch >> puppetlabs-release-pc1-1.0.0-1.el7.noarch >> >> Or are there pointers to get similar functionality via the open source >> packages? >> >> -G >> >> -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/592c18b2-b20a-44a2-90c8-86365a1ee542%40googlegroups.com > <https://groups.google.com/d/msgid/puppet-users/592c18b2-b20a-44a2-90c8-86365a1ee542%40googlegroups.com?utm_medium=email_source=footer> > . > > For more options, visit https://groups.google.com/
Re: [Puppet Users] Puppet MultiMaster open source
Thanks for the replies... any pointers on setting up puppet servers as compile masters? -G On Wed, Apr 20, 2016 at 5:12 PM, Kevin Corcoran <kevin.corco...@puppet.com> wrote: > On Wed, Apr 20, 2016 at 5:58 AM, Geoff Galitz <ggal...@shutterstock.com> > wrote: > >> Is it possible to get compile master, master of master and code manager >> (file sync) working in the open source versions? >> > > Code manager and file sync are only available as part of Puppet > Enterprise. I believe the standard alternative is to run r10k directly on > each master. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/CAF-bMBeJ8%3DJ3tP7uBP4C3sugoEr6hdhugHmkzHUN_g5oFTkvxQ%40mail.gmail.com > <https://groups.google.com/d/msgid/puppet-users/CAF-bMBeJ8%3DJ3tP7uBP4C3sugoEr6hdhugHmkzHUN_g5oFTkvxQ%40mail.gmail.com?utm_medium=email_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- Geoff Galitz, Systems Engineer Shutterstock GmbH Greifswalder Strasse 212 Aufgang F, 2 Hof 10405 Berlin -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CABiayTDyM%3DMzsbc1HAmKqzy12-eqmuxfH%2B-VjK_JxBNCLi%3DrDA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Puppet MultiMaster open source
Hi... Is it possible to get compile master, master of master and code manager (file sync) working in the open source versions? Specifically: puppetserver-2.3.1-1.el7.noarch puppetlabs-release-pc1-1.0.0-1.el7.noarch Or are there pointers to get similar functionality via the open source packages? -G -- Geoff Galitz, Systems Engineer Shutterstock GmbH Greifswalder Strasse 212 Aufgang F, 2 Hof 10405 Berlin -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CABiayTAACGByEk9kEzCddLdWHNkBzdhcLr%2Btg32ATCD4%3D9OruQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Security advisory: Use of the 'port' parameter with puppetlabs-firewall could cause unexpectedly permissive firewall rules.
Security advisory: Use of the 'port' parameter with puppetlabs-firewall could cause unexpectedly permissive firewall rules. Assessed Risk Level: Medium Previous versions of the README for the puppetlabs-firewall module contained examples of configurations using the 'port' parameter instead of referencing 'dport' and 'sport'. Following these examples explicitly could result in firewall rules that are unintentionally permissive. It is recommended to always use the specific 'dport' and 'sport' parameters. With the puppetlabs-firewall 1.7.1 release, the 'port' parameter is now deprecated and will be removed in the next major release. If any manifests using puppetlabs-firewall's firewall resource are configured to use the 'port' parameter, users should update those manifests to use the specific 'dport' or 'sport' parameters instead. Please see https://puppetlabs.com/security/cve/puppetlabs-firewall-aug-2015-advisory for more information. Geoff Nichols Puppet Labs *PuppetConf 2015 <http://2015.puppetconf.com/> is coming to Portland, Oregon! Join us October 5-9.* *Register now to take advantage of the Final Countdown discount <https://www.eventbrite.com/e/puppetconf-2015-october-5-9-register-now-its-the-final-countdown-tickets-13115894995?discount=FinalCountdown> * *—**save $149!* -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CADjnYBwDbVvFP-LN-G33jSPKH04Y6Ju3E44Eznt6rqJcFhP%3DRA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Announce: Puppet Enterprise 3.8.2 is available
Dear Puppet Enterprise Users, Puppet Enterprise 3.8.2 is now available. Puppet Enterprise 3.8.2 is a bug-fix and security release of Puppet Enterprise. All users of Puppet Enterprise 3.x are encouraged to upgrade when possible to Puppet Enterprise 3.8.2. For information on the fixes in this release, please see https://puppetlabs.com/security and https://docs.puppetlabs.com/pe/3.8/release_notes.html. As a current Puppet Enterprise user, you can upgrade to this new version as part of your annual subscription. If upgrading, it is recommended to upgrade your master and console servers first. As always, we want to hear about your experiences with Puppet Enterprise. If you have any questions about upgrading, be sure to get in touch with Puppet Labs Support. Geoff Nichols Release Engineer, Puppet Labs *PuppetConf 2015 http://2015.puppetconf.com/ is coming to Portland, Oregon! Join us October 5-9.* *Register now to take advantage of the Early Bird discount https://www.eventbrite.com/e/puppetconf-2015-october-5-9-tickets-13115894995?discount=EarlyBird * *—**save $249!* -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CADjnYBwgLrZz7dLXPsfK8X%2B8PWP6dcW1idbFZ-rY1nO%2B%2BZtdfQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Announce: Puppet Enterprise 3.8.1 is available
Dear Puppet Enterprise Users, Puppet Enterprise 3.8.1 is now available. This is a bug-fix and security release of Puppet Enterprise. All users of Puppet Enterprise 3.x are encouraged to upgrade when possible to Puppet Enterprise 3.8.1 Puppet Enterprise 3.8.1 includes fixes to address security vulnerabilities in OpenSSL, PostgreSQL, ActiveMQ, RubyGems, and the Puppet Enterprise Certificate Authority Reverse Proxy. Puppet Enterprise 3.8.1 also includes a number of other bug fixes. For additional information on the fixes in this release, please see https://puppetlabs.com/security and https://docs.puppetlabs.com/pe/latest/release_notes.html. As a current Puppet Enterprise user, you can upgrade to this new version as part of your annual subscription. If upgrading, it is recommended to upgrade your master and console servers first. As always, we want to hear about your experiences with Puppet Enterprise. If you have any questions about upgrading, be sure to get in touch with Puppet Labs Support. Geoff Nichols Release Engineer, Puppet Labs *PuppetConf 2015 http://2015.puppetconf.com/ is coming to Portland, Oregon! Join us October 5-9.* *Register now to take advantage of the Early Adopter discount https://www.eventbrite.com/e/puppetconf-2015-october-5-9-tickets-13115894995?discount=EarlyAdopter * *—**save $349!* -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CADjnYBzxsUzwDo8YiU14un3hicGTpNrDFibLsgHeB99BhqTv%3Dg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Announce: Puppet Enterprise 3.7.2 is available
Dear Puppet Enterprise Users, Puppet Enterprise 3.7.2 is now available. This is primarily a bug-fix and security release of Puppet Enterprise. All users of Puppet Enterprise 3.x are encouraged to upgrade when possible to Puppet Enterprise 3.7.2. Puppet Enterprise 3.7.2 includes fixes to address security vulnerabilities in Java, OpenSSL, and a potential sensitive information leakage vulnerability in Facter. Puppet Enterprise 3.7.2 also includes a number of other bug fixes and performance and documentation improvements. For additional information on the fixes in this release, please see http://puppetlabs.com/security and https://docs.puppetlabs.com/pe/latest/release_notes.html. As a current Puppet Enterprise user, you can upgrade to this new version as part of your annual subscription. If upgrading, it is recommended to upgrade your master and console servers first. As always, we want to hear about your experiences with Puppet Enterprise. If you have any questions about upgrading, be sure to get in touch with Puppet Labs Support. Geoff Nichols Release Engineer, Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CADjnYBwaY8oaATpjWkxX6jTFAhwTRE47X-Rm9P-R6uRaB285RQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Announce: CVE-2014-9568 - Potential information leakage in puppetlabs-rabbitmq facts handling
CVE-2014-9568 - Potential information leakage in puppetlabs-rabbitmq facts handling Assessed Risk Level: Low An issue exists in puppetlabs-rabbitmq where the content of ‘/var/lib/rabbitmq/.erlang.cookie' is added to a node's facts. A non-privileged local user could access the RabbitMQ Erlang cookie value via Facter. In addition, the Erlang cookie information could be unintentionally exposed through third-party applications that display facts. Users should upgrade the puppetlabs-rabbitmq module to puppetlabs-rabbitmq 5.0. Please see http://puppetlabs.com/security/cve/cve-2014-9568 for more information. Geoff Nichols Release Engineer, Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CADjnYBwdjBZwpNq_kXCt5DCtA_brVz9BOEF9eW-Mk8Et11MoAg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Announce: CVE-2015-1029 - Vulnerability in puppetlabs-stdlib module fact cache
CVE-2015-1029 - Vulnerability in puppetlabs-stdlib module fact cache Assessed Risk Level: Low An issue exists where a non-privileged user may, under certain circumstances, be able to pre-populate the puppetlabs-stdlib module’s fact cache, potentially allowing local privilege escalation or local information leakage. Users should upgrade the puppetlabs-stdlib module to puppetlabs-stdlib 4.5.1. Please see https://puppetlabs.com/security/cve/cve-2015-1029 for more information. Geoff Nichols Release Engineer, Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CADjnYByXrB5wu4_Y3MXsvmidMqrSNt79pLsjcWbzyBdcmGQxuw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Announce: Puppet Enterprise 3.7.1 is available
Dear Puppet Enterprise Users, Puppet Enterprise 3.7.1 is now available. This is a bug-fix and security release of Puppet Enterprise. All users of Puppet Enterprise 3.x are encouraged to upgrade when possible to Puppet Enterprise 3.7.1. Puppet Enterprise 3.7.1 includes fixes to address security vulnerabilities in Rails Action Pack and an information leakage in the Puppet Enterprise Console. Puppet Enterprise 3.7.1 also includes fixes for issues that could be encountered in some specific upgrade scenarios. For additional information on the fixes in this release, please see http://puppetlabs.com/security and https://docs.puppetlabs.com/pe/latest/release_notes.html. As a current Puppet Enterprise user, you can upgrade to this new version as part of your annual subscription. If upgrading, it is recommended to upgrade your master and console servers first. As always, we want to hear about your experiences with Puppet Enterprise. If you have any questions about upgrading, be sure to get in touch with Puppet Labs Support. Geoff Nichols Release Engineer, Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CADjnYBwK0w-fZKgXq3Q6w%2Bp8DJRyL8sEZnEGn12Nm4Lzc1dseA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Announce: Puppet Enterprise 2.8.8 is available
Dear Puppet Enterprise Users, Puppet Enterprise 2.8.8 is now available. This is a security release of Puppet Enterprise. All users of Puppet Enterprise 2.x who are unable to upgrade to Puppet Enterprise 3.x are strongly encouraged to upgrade when possible to Puppet Enterprise 2.8.8. Puppet Enterprise 2.8.8 includes fixes to address multiple vulnerabilities in Apache HTTP Server and OpenSSL. Puppet Enterprise 2.8.8 also includes a fix for an issue on AIX clients where previous Puppet Enterprise installations created an incomplete /etc/inittab entry for the ‘pe-puppet’ service. For additional information on the fixes in this release, please see http://puppetlabs.com/security and https://docs.puppetlabs.com/pe/latest/release_notes.html. As a current Puppet Enterprise user, you can upgrade to this new version as part of your annual subscription. If upgrading, it is recommended to upgrade your master and console servers first. As always, we want to hear about your experiences with Puppet Enterprise. If you have any questions about upgrading, be sure to get in touch with Puppet Labs Support. -- Geoff Nichols Release Engineer, Puppet Labs *Join us at **PuppetConf 2014, **September 20-24 in San Francisco - * www.puppetconf.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CADjnYBy2LNVOY0%2BXNSSTtDmCrN3qTTepPV11DB9VApShvGE1-A%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Announce: Puppet Enterprise 3.3.1 is available
Dear Puppet Enterprise Users, Puppet Enterprise 3.3.1 is now available. This is a security and bugfix release of Puppet Enterprise. All users of Puppet Enterprise 3.x are encouraged to upgrade when possible to Puppet Enterprise 3.3.1. Puppet Enterprise 3.3.1 includes fixes to address Java vulnerabilities announced by Oracle in their July 2014 Critical Patch Update Advisory. For additional information on the fixes in this release, see https://docs.puppetlabs.com/pe/3.3/release_notes.html As a current Puppet Enterprise user, you can upgrade to this new version as part of your annual subscription. If upgrading, it is recommended to upgrade your master and console servers first. As always, we want to hear about your experiences with Puppet Enterprise. If you have any questions about upgrading, be sure to get in touch with Puppet Labs Support. -- Geoff Nichols Release Engineer, Puppet Labs *Join us at PuppetConf 2014 http://www.puppetconf.com/, September 20-24 in San Francisco* *Register by September 8th to take advantage of the Final Countdown https://www.eventbrite.com/e/puppetconf-2014-tickets-7666774529?discount=FinalCountdown * *—**save $149!* -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CADjnYBzyPu%3Dneip-_9uUK389436JjFEr1iqcDRG_sMZ%2BpTUxgw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Announce: Puppet Enterprise 2.8.7 is available
Dear Puppet Enterprise Users, Puppet Enterprise 2.8.7 is now available. This is a security and bugfix release of Puppet Enterprise. All users of Puppet Enterprise 2.x are encouraged to upgrade when possible to Puppet Enterprise 2.8.7. Puppet Enterprise 2.8.7 includes fixes to address CVE-2014-3248 and CVE-2014-3249. For information on the bug fixes in this release, see http://docs.puppetlabs.com/pe/2.8/appendix.html#release-notes. For information on the vulnerabilities resolved in this release, please visit http://puppetlabs.com/security, or visit http://puppetlabs.com/security/cve/cve-2014-3248 and http://puppetlabs.com/security/cve/cve-2014-3249. As a current Puppet Enterprise user, you can upgrade to this new version as part of your annual subscription. If upgrading, it is recommended to upgrade your master and console servers first. As always, we want to hear about your experiences with Puppet Enterprise. If you have any questions about upgrading, be sure to get in touch with Puppet Labs Support. Thanks, Puppet Labs -- Geoff Nichols Release Engineer, Puppet Labs *Join us at PuppetConf 2014 http://www.puppetconf.com/, September 20-24 in San Francisco* *Register by July 31st to take advantage of the Early Bird discount http://links.puppetlabs.com/puppetconf-early-adopter **—**save $249!* -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CADjnYBxP2k9zK3zqiTeXWaGiLLJ30KwKnUf5yoz81Ls91%2BVw0A%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Announce: Puppet Enterprise 3.2.3 is available
Dear Puppet Enterprise Users, Puppet Enterprise 3.2.3 is now available. This is a security release of Puppet Enterprise. All users of Puppet Enterprise 3.x are encouraged to upgrade when possible to Puppet Enterprise 3.2.3. Puppet Enterprise 3.2.3 includes fixes to address java vulnerabilities announced by Oracle. For information on the fixes in this release, see http://docs.puppetlabs.com/pe/3.2/appendix.html#release-notes As a current Puppet Enterprise user, you can upgrade to this new version as part of your annual subscription. If upgrading, it is recommended to upgrade your master and console servers first. As always, we want to hear about your experiences with Puppet Enterprise. If you have any questions about upgrading, be sure to get in touch with Puppet Labs Support. -- Geoff Nichols Release Engineer, Puppet Labs *Join us at PuppetConf 2014 http://www.puppetconf.com/, September 22-24 in San Francisco* *Register by May 30th to take advantage of the Early Adopter discount http://links.puppetlabs.com/puppetconf-early-adopter **—**save $349!* -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CADjnYBx1ArX0d6JsmBj88rFwkBfo%3DOkdiLff39aKg_oX0jUnqg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Puppet Dashboard Broken on Debian Jesse
The latest round of updates to Debian Jesse (testing) has really broken puppet-dashboard when using the puppetlabs repo. I currently have my apt sources list set up to use the unstable repo (since there isn't a jessie or testing repo). When I try to install puppet-dashboard I get puppet-dashboard : Depends: ruby1.8 (= 1.8.7) but it is not installable Depends: rubygems but it is not installable This probably has something to do with the lastest upgrades to ruby that came down last week, which include a message that says. The Ruby packages in Debian no longer support switching between different Ruby versions using update-alternatives. All unversioned binary names such as `ruby`, `gem` etc are now provided by the `ruby` package, and will be symbolic links pointing to the binaries corresponding to the current default version in Debian. So it looks like the usual method of switching to ruby 1.8 wont work and as far as I can tell ruby 1.8 isn't even available on Debian jessie. Geoff. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/2db9d6c8-b75b-4dbd-93f5-e36671821cd8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: Puppet Dashboard Broken on Debian Jesse
I should have also mentioned that puppet-dashboard is not available at all when using the main Debian repositories. As of right now I can't think of a way to get puppet-dasboard running on Debian jessie at all without bypassing the package managers. Geoff. On Monday, March 17, 2014 10:12:38 AM UTC-4, Geoff Goehle wrote: The latest round of updates to Debian Jesse (testing) has really broken puppet-dashboard when using the puppetlabs repo. I currently have my apt sources list set up to use the unstable repo (since there isn't a jessie or testing repo). When I try to install puppet-dashboard I get puppet-dashboard : Depends: ruby1.8 (= 1.8.7) but it is not installable Depends: rubygems but it is not installable This probably has something to do with the lastest upgrades to ruby that came down last week, which include a message that says. The Ruby packages in Debian no longer support switching between different Ruby versions using update-alternatives. All unversioned binary names such as `ruby`, `gem` etc are now provided by the `ruby` package, and will be symbolic links pointing to the binaries corresponding to the current default version in Debian. So it looks like the usual method of switching to ruby 1.8 wont work and as far as I can tell ruby 1.8 isn't even available on Debian jessie. Geoff. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/1256b903-8bfe-44f3-98a7-5a5c9be7af0a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] quiet exec script output
Hi. One of the scripts we run for systems management causes puppet to say: notice: /Stage[main]//Exec[script]/returns: executed successfully How can I suppress or quiet this output? -G -- --- Geoff Galitz, ggal...@shutterstock.com WebOps Shutterstock Images -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] ldapmodfiy via exec
For followers of this thread, I've started to create a puppet ldap dn resource which might help here: https://github.com/gtmtechltd/puppet_ldapdn On Thursday, November 13, 2008 5:41:14 PM UTC, Russell Miller wrote: On Thu, Nov 13, 2008 at 8:55 AM, jbo...@gmail.com javascript: jbo...@gmail.com javascript: wrote: I'm trying to execute an ldap modify command but have run into issues with multiple lines and can't seem to find a happy medium. Any ideas ? I just created a script that does all of the ldap server setup for me. And just execed the script. --Russell -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] problems with exported exec resources
I've got an exported exec that looks like: 38 @@exec { commvault_subclient_$hostname: 39 command = /usr/local/sbin/commvault_auto_subclient --touchstamp /srv/mnt/.$hostname_commvault_backed_up $hostname, 40 creates = /srv/mnt/.$hostname_commvault_backed_up, 41 tag = commvault_nfs_subclient 42 } Elsewhere I've got some manifest to collect these: 90 # Collect the exec's that automatically setup commvault backups 91 Exec | tag == 'commvault_nfs_subclient' | 92 But on the host that has that collection, I'm not seeing the resulting script run (which creates the file mentioned as the --touchstamp argument). It's like the collection is silently failing. I'm not sure how to debug this. Other exported resources are working, I'm successfully doing: @@nagios_host { $hostname: address = $ipaddress, use = 'linux-host', alias = $hostname, } @@nagios_service { $hostname-ping: use = 'alive-service', host_name = $hostname, } And collecting them with: Nagios_service | | Nagios_host | | I'm also seeing in my mysql database entries in the 'resources' table that have restype='Exec' and have a title like commvault_subclient_webapp01. I'm running puppet 2.6.2 on the master and the involved clients. Any suggestions? Cheers, Geoff Crompton -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Do you want a Puppet Conference in Berlin, Germany
Hi. I'd be in (with enough notice, of course). I'd be even more in if the conference was on the other side of Germany near Cologne or even in Belgium. I'm assuming you already have a space you can use in Berlin, though? -G (located near Cologne) On Mon, Nov 19, 2012 at 3:02 AM, Martin Alfke tux...@gmail.com wrote: Hello everybody, I am thinking about running a Puppet Conf in Berlin/Germany. Are there any people on this list from nearby? Do you want to support (talk, workshop)? Many thanks, Martin -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- --- Geoff Galitz, ggal...@shutterstock.com WebOps Shutterstock Images -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Do you want a Puppet Conference in Berlin, Germany
I'm only one man so don't make all your decisions around me, but do you happen to know the specific dates for those two months? Those just happen to be two difficult months for me. If necessary I can help to arrange a space on a different date. -G On Mon, Nov 19, 2012 at 3:09 AM, Martin Alfke tux...@gmail.com wrote: On 19.11.2012, at 09:06, Geoff Galitz wrote: Hi. I'd be in (with enough notice, of course). I'd be even more in if the conference was on the other side of Germany near Cologne or even in Belgium. I'm assuming you already have a space you can use in Berlin, though? -G (located near Cologne) Hi Ralf, we plan to get the conference into the BCC (directly at Alexanderplatz, where Chaos Communication Congress took place until last year). But this is not confirmed yet. Due to the reason that 2013 schedule is filling up very fast we only have two options left: - February 2013 or - late November 2013 Many thanks, Martin On Mon, Nov 19, 2012 at 3:02 AM, Martin Alfke tux...@gmail.com wrote: Hello everybody, I am thinking about running a Puppet Conf in Berlin/Germany. Are there any people on this list from nearby? Do you want to support (talk, workshop)? Many thanks, Martin -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- --- Geoff Galitz, ggal...@shutterstock.com WebOps Shutterstock Images -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- --- Geoff Galitz, ggal...@shutterstock.com WebOps Shutterstock Images -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] merging iptables rules with puppet
I'm still a bit noobish with puppet... In short what I want to do is merge puppet managed iptables with dynamically added rules added by some scripts. We have a basic config setup with a template (iptables.erb) and we can add rules to that in manifests. But of course puppet will wipe any changes made from the OS. Any advice on how to get puppet to respect the dynamically loaded rules? Thanks. -G -- --- Geoff Galitz, ggal...@shutterstock.com WebOps Shutterstock Images -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: merging iptables rules with puppet
We are executing iptables rule, not editing the backend files, though we could do that if that were the only option. -G On Wed, Aug 15, 2012 at 4:54 PM, Luke Baker bake...@missouri.edu wrote: By dynamically loading rules do you mean executing iptables rule or are you editing your iptables-save file and then reloading? On Wednesday, August 15, 2012 1:48:44 PM UTC-5, Geoff Galitz wrote: I'm still a bit noobish with puppet... In short what I want to do is merge puppet managed iptables with dynamically added rules added by some scripts. We have a basic config setup with a template (iptables.erb) and we can add rules to that in manifests. But of course puppet will wipe any changes made from the OS. Any advice on how to get puppet to respect the dynamically loaded rules? Thanks. -G -- --**- Geoff Galitz, gga...@shutterstock.com WebOps Shutterstock Images -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/VX2Sj8i2-ssJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- --- Geoff Galitz, ggal...@shutterstock.com WebOps Shutterstock Images -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Determining if hiera (or any function) is installed on a node
I'm doing some work on module development inside of a Vagrant VM of CentOS 6.2. This VM has the community version of Puppet installed (2.7.13 I think), but that doesn't include Hiera by default. My module is dependent on Nan Liu's puppet-staging module, which requires hiera. This puts me into the proverbial chicken and egg problem of not having a puppet function but also not being able to install it with puppet, since my manifests don't compile due to the hiera function not being available. Right now, I'm doing a manual bootstrap of a new vagrant box with a dedicated Puppet manifest that calls another one of Nan's modules, puppet-hiera, to install hiera on the Vagrant VM, but I'd rather use the same manifest for both bootstrap and module testing. I don't care if it takes two passes to converge, I just don't want a freshly booted Vagrant box to complain because it can't compile it's manifest. Is there a relatively foolproof way to determine if Puppet has a function available to it or not? Is there a has_function function available in the Puppet DSL, or is there a check that I could roll into a fact that works cross-platform and between Puppet Enterprise and Community? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Determining if hiera (or any function) is installed on a node
That's what I'm looking for. I'll fold in that branch into my testing until it goes mainline. Any ETA on it going mainline? On Apr 17, 2012, at 11:14 AM, Nigel Kersten wrote: On Tue, Apr 17, 2012 at 11:08 AM, Geoff Davis gada...@ucsd.edu wrote: I'm doing some work on module development inside of a Vagrant VM of CentOS 6.2. This VM has the community version of Puppet installed (2.7.13 I think), but that doesn't include Hiera by default. My module is dependent on Nan Liu's puppet-staging module, which requires hiera. This puts me into the proverbial chicken and egg problem of not having a puppet function but also not being able to install it with puppet, since my manifests don't compile due to the hiera function not being available. Right now, I'm doing a manual bootstrap of a new vagrant box with a dedicated Puppet manifest that calls another one of Nan's modules, puppet-hiera, to install hiera on the Vagrant VM, but I'd rather use the same manifest for both bootstrap and module testing. I don't care if it takes two passes to converge, I just don't want a freshly booted Vagrant box to complain because it can't compile it's manifest. Is there a relatively foolproof way to determine if Puppet has a function available to it or not? Is there a has_function function available in the Puppet DSL, or is there a check that I could roll into a fact that works cross-platform and between Puppet Enterprise and Community? There's a pending pull request in the stdlib module for adding a function_available function https://github.com/puppetlabs/puppetlabs-stdlib/pull/59 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Determining if hiera (or any function) is installed on a node
I've found a potential issue, but I'm not sure if this is within the scope of function_available or not. The vagrant basebox I'm using actually does ship with puppet-hiera, but there's no /etc/puppet/hiera.yaml Thus, even though function_available('hiera') returns true, the function isn't actually usable: Hiera config file /etc/puppet/hiera.yaml not readable at /tmp/vagrant-puppet/modules-0/staging/manifests/init.pp:31 on node centos-6-vagrant.vagrantup.com Is there a way to check whether the function is actually usable as well? Geoff Davis Scripps Institution of Oceanography gada...@ucsd.edu, (858) 822-5756 On Apr 17, 2012, at 11:56 AM, Ken Barber wrote: I'm going to review this now. Its destined for master, so someone from the release team can probably comment on the next major release schedule for stdlib. On Tue, Apr 17, 2012 at 7:35 PM, Geoff Davis gada...@ucsd.edu wrote: That's what I'm looking for. I'll fold in that branch into my testing until it goes mainline. Any ETA on it going mainline? On Apr 17, 2012, at 11:14 AM, Nigel Kersten wrote: On Tue, Apr 17, 2012 at 11:08 AM, Geoff Davis gada...@ucsd.edu wrote: I'm doing some work on module development inside of a Vagrant VM of CentOS 6.2. This VM has the community version of Puppet installed (2.7.13 I think), but that doesn't include Hiera by default. My module is dependent on Nan Liu's puppet-staging module, which requires hiera. This puts me into the proverbial chicken and egg problem of not having a puppet function but also not being able to install it with puppet, since my manifests don't compile due to the hiera function not being available. Right now, I'm doing a manual bootstrap of a new vagrant box with a dedicated Puppet manifest that calls another one of Nan's modules, puppet-hiera, to install hiera on the Vagrant VM, but I'd rather use the same manifest for both bootstrap and module testing. I don't care if it takes two passes to converge, I just don't want a freshly booted Vagrant box to complain because it can't compile it's manifest. Is there a relatively foolproof way to determine if Puppet has a function available to it or not? Is there a has_function function available in the Puppet DSL, or is there a check that I could roll into a fact that works cross-platform and between Puppet Enterprise and Community? There's a pending pull request in the stdlib module for adding a function_available function https://github.com/puppetlabs/puppetlabs-stdlib/pull/59 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Determining if hiera (or any function) is installed on a node
Alas that doesn't work as the manifest fails to compile properly without the /etc/puppet/hiera.yaml file being there. Nan's code does provide defaults for the hiera lookups similar to what you are doing below, but the compiler balks before they are even evaluated. Here's the version of staging/init.pp that generated the error below: https://github.com/nanliu/puppet-staging/blob/5e1a8763ae36c2ea21c0a5b6a1f0e586e077f0fd/manifests/init.pp Note that all of the hiera calls have defaults. Geoff Davis Scripps Institution of Oceanography gada...@ucsd.edu, (858) 822-5756 On Apr 17, 2012, at 12:14 PM, Gary Larizza wrote: Hey Geoff, I see that as two separate steps (Is Hiera enabled and is Hiera configured). I think the function satisfies the former, but you might want to write your own check for the latter (as each person probably interprets 'configured' differently). You could do a check like: if function_available('hiera') and hiera('hiera_enabled', false) { do something with hiera } else { do something without hiera } This would do a hiera lookup for a parameter 'hiera_enabled' that could be set in your common/global.yaml file (while defaulting to false if it's not found). On Tue, Apr 17, 2012 at 12:09 PM, Geoff Davis gada...@ucsd.edu wrote: I've found a potential issue, but I'm not sure if this is within the scope of function_available or not. The vagrant basebox I'm using actually does ship with puppet-hiera, but there's no /etc/puppet/hiera.yaml Thus, even though function_available('hiera') returns true, the function isn't actually usable: Hiera config file /etc/puppet/hiera.yaml not readable at /tmp/vagrant-puppet/modules-0/staging/manifests/init.pp:31 on node centos-6-vagrant.vagrantup.com Is there a way to check whether the function is actually usable as well? Geoff Davis Scripps Institution of Oceanography gada...@ucsd.edu, (858) 822-5756 On Apr 17, 2012, at 11:56 AM, Ken Barber wrote: I'm going to review this now. Its destined for master, so someone from the release team can probably comment on the next major release schedule for stdlib. On Tue, Apr 17, 2012 at 7:35 PM, Geoff Davis gada...@ucsd.edu wrote: That's what I'm looking for. I'll fold in that branch into my testing until it goes mainline. Any ETA on it going mainline? On Apr 17, 2012, at 11:14 AM, Nigel Kersten wrote: On Tue, Apr 17, 2012 at 11:08 AM, Geoff Davis gada...@ucsd.edu wrote: I'm doing some work on module development inside of a Vagrant VM of CentOS 6.2. This VM has the community version of Puppet installed (2.7.13 I think), but that doesn't include Hiera by default. My module is dependent on Nan Liu's puppet-staging module, which requires hiera. This puts me into the proverbial chicken and egg problem of not having a puppet function but also not being able to install it with puppet, since my manifests don't compile due to the hiera function not being available. Right now, I'm doing a manual bootstrap of a new vagrant box with a dedicated Puppet manifest that calls another one of Nan's modules, puppet-hiera, to install hiera on the Vagrant VM, but I'd rather use the same manifest for both bootstrap and module testing. I don't care if it takes two passes to converge, I just don't want a freshly booted Vagrant box to complain because it can't compile it's manifest. Is there a relatively foolproof way to determine if Puppet has a function available to it or not? Is there a has_function function available in the Puppet DSL, or is there a check that I could roll into a fact that works cross-platform and between Puppet Enterprise and Community? There's a pending pull request in the stdlib module for adding a function_available function https://github.com/puppetlabs/puppetlabs-stdlib/pull/59 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you
Re: [Puppet Users] Determining if hiera (or any function) is installed on a node
Cool, thanks for the quick response. In the meantime, it might be helpful to ship a default hiera.yaml in the PuppetLabs packages. I'm using the Vagrant boxes from vstone.eu [1], and he's just pulling your Puppet packages from yum.puppetlabs.com. [2] Version in my VM is: puppet.noarch 2.7.13-1.el6puppetlabs [1] http://packages.vstone.eu/vagrant-boxes/ [2] http://packages.vstone.eu/vagrant-boxes/CHANGELOG Geoff Davis Scripps Institution of Oceanography gada...@ucsd.edu, (858) 822-5756 On Apr 17, 2012, at 12:32 PM, Gary Larizza wrote: And here's the bug to track -- http://projects.puppetlabs.com/issues/10367 On Tue, Apr 17, 2012 at 12:31 PM, Eric Shamow e...@puppetlabs.com wrote: As a +1 on this (and as the guy who wrote safe_hiera) -- It shouldn't be a function, the safety should be wrapped into hiera. But yes, this will get you the right syntax so you can just search/replace safe_hiera for hiera once it's fixed. -Eric -- Eric Shamow Professional Services http://puppetlabs.com/ (c)631.871.6441 On Tuesday, April 17, 2012 at 12:29 PM, Gary Larizza wrote: Hey Geoff, We actually had a talk about this. There is this code that will help catch that scenario FOR NOW -- https://github.com/puppetlabs/hiera-puppet/pull/23 I believe this is a bug and should DEFINITELY be fixed in source. Until then, the 'safe_hiera()' function allows you to make this check. On Tue, Apr 17, 2012 at 12:21 PM, Geoff Davis gada...@ucsd.edu wrote: Alas that doesn't work as the manifest fails to compile properly without the /etc/puppet/hiera.yaml file being there. Nan's code does provide defaults for the hiera lookups similar to what you are doing below, but the compiler balks before they are even evaluated. Here's the version of staging/init.pp that generated the error below: https://github.com/nanliu/puppet-staging/blob/5e1a8763ae36c2ea21c0a5b6a1f0e586e077f0fd/manifests/init.pp Note that all of the hiera calls have defaults. Geoff Davis Scripps Institution of Oceanography gada...@ucsd.edu, (858) 822-5756 On Apr 17, 2012, at 12:14 PM, Gary Larizza wrote: Hey Geoff, I see that as two separate steps (Is Hiera enabled and is Hiera configured). I think the function satisfies the former, but you might want to write your own check for the latter (as each person probably interprets 'configured' differently). You could do a check like: if function_available('hiera') and hiera('hiera_enabled', false) { do something with hiera } else { do something without hiera } This would do a hiera lookup for a parameter 'hiera_enabled' that could be set in your common/global.yaml file (while defaulting to false if it's not found). On Tue, Apr 17, 2012 at 12:09 PM, Geoff Davis gada...@ucsd.edu wrote: I've found a potential issue, but I'm not sure if this is within the scope of function_available or not. The vagrant basebox I'm using actually does ship with puppet-hiera, but there's no /etc/puppet/hiera.yaml Thus, even though function_available('hiera') returns true, the function isn't actually usable: Hiera config file /etc/puppet/hiera.yaml not readable at /tmp/vagrant-puppet/modules-0/staging/manifests/init.pp:31 on node centos-6-vagrant.vagrantup.com Is there a way to check whether the function is actually usable as well? Geoff Davis Scripps Institution of Oceanography gada...@ucsd.edu, (858) 822-5756 On Apr 17, 2012, at 11:56 AM, Ken Barber wrote: I'm going to review this now. Its destined for master, so someone from the release team can probably comment on the next major release schedule for stdlib. On Tue, Apr 17, 2012 at 7:35 PM, Geoff Davis gada...@ucsd.edu wrote: That's what I'm looking for. I'll fold in that branch into my testing until it goes mainline. Any ETA on it going mainline? On Apr 17, 2012, at 11:14 AM, Nigel Kersten wrote: On Tue, Apr 17, 2012 at 11:08 AM, Geoff Davis gada...@ucsd.edu wrote: I'm doing some work on module development inside of a Vagrant VM of CentOS 6.2. This VM has the community version of Puppet installed (2.7.13 I think), but that doesn't include Hiera by default. My module is dependent on Nan Liu's puppet-staging module, which requires hiera. This puts me into the proverbial chicken and egg problem of not having a puppet function but also not being able to install it with puppet, since my manifests don't compile due to the hiera function not being available. Right now, I'm doing a manual bootstrap of a new vagrant box with a dedicated Puppet manifest that calls another one of Nan's modules, puppet-hiera, to install hiera on the Vagrant VM, but I'd rather use the same manifest for both bootstrap and module testing. I don't care if it takes two passes to converge, I just don't want a freshly booted Vagrant box to complain because it can't compile it's manifest. Is there a relatively
Re: [Puppet Users] Re: Case statements in a file directive
The $:: business is to force the variable look up to be in the top scope. It didn't fix have anything to do with the conditional, I just put it there for correctness. In this case, you are using a variable that is set by facter, so it appears in the top scope. Variables that you set yourself can be in the top scope if you put them in site.pp, or in a class scope if you declare them inside of a class. There's also a node scope. While referring to variables with explicit scoping is not required in the current version of puppet, there are some major upcoming changes to how Puppet makes variables available to different parts of your code. You'll most likely get a compiler warning if you don't use it in the 2.7 series, and it just won't work in the next version of Puppet. This page on variable scope is worth reading: http://docs.puppetlabs.com/guides/scope_and_puppet.html Geoff Davis Scripps Institution of Oceanography gada...@ucsd.edu, (858) 822-5756 On Apr 17, 2012, at 12:31 PM, Forrie wrote: Thank you, I appreciate it.Still learning all the interesting nuances of this syntax. I'm not yet familiar with this $:: -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Case statements in a file directive
You're pretty close. You don't want the case statement per se, but you do want a conditional: file { /usr/local/nagios/libexec: require = File['/usr/local/nagios'], ensure = directory, owner = 'root', group = 'root', mode= 655, recurse = true, source = $::architecture { /(i386|i586|i686/) = puppet:///files/32/usr/local/nagios/libexec, x86_64 = puppet:///files/64/usr/local/nagios/libexec, } } On Apr 16, 2012, at 3:43 PM, Forrie wrote: I want to distribute a binary directory based upon whether the architecture is 32- or 64-bit. It appears I cannot nest a case statement under file, however this is what I was attempting to do: file { /usr/local/nagios/libexec: require = File['/usr/local/nagios'], ensure = directory, owner = 'root', group = 'root', mode= 655, recurse = true, ## APPEARS I can't do this case $architecture { /(i386|i586|i686/): { source = puppet:///files/32/usr/local/nagios/ libexec } x86_64: { source = puppet:///files/64/usr/local/nagios/ libexec } } } I know I could reverse it and do a case first, then have redundant file {} declarations, but that seems just that, redundant. Can anyone point out what I'm doing wrong here. The output in the puppet logs isn't generally helpful with debugging. Thanks. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet in the DMZ via proxy
Hi. We're thinking of ways to get our DMZ nodes managed by puppet, and in the absence of a full-fledged push model we are thinking about pointing puppets in our DMZ network at a bastion host running squid to proxy back to our puppet master. In this scenario, the single bastion host would have an ACL allowing access through our inner firewall to the master, but the various nodes would have no direct access. That would give us a nice choke point that we can monitor and isolate if needed. We'd still get all of our reporting functions, too. Has anyone tried something along these lines? Any opinions? Thanks. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Master-less : What do I lose?
I'm an advocate of both camps. I use puppet in standalone mode when I'm demonstrating puppet to a new client. It's lightweight, I can use NFS or a CM repository to provide the recipes to a server and run it standalone post kickstart. It's the perfect mode for small scale repeatable system builds. Quite often my clients want a definable set to work. A kickstart template with a CM controlled puppet recipe works a treat. But, when the number of systems grows to a certain size, you do not want the recipes available on each host. For the reasons Nigel cited, it isn't good security practice to provide knowledge of all the servers on your estate to each server. It would be difficult to compartmentalize your recipes via your CM repository / fileshare to minimise the scope. The puppetmaster ensures only the server specific catalog is provided. That's the big win. On Feb 14, 9:33 pm, tom tom.ash...@gmail.com wrote: On 09/02/11 20:42, Kevin Beckford wrote: It would be non trivial to keep the configuration data isolated in masterless mode if you have a desire to segment and isolate configuration data by system, or even system roles (i.e. my website database system should not contain puppet manifest with my financial database password). I really am trying to understand here. To me this is the thing I love about git/merc... wait, I dont love mercurial. The thing I love about DVCS is that this seems a perfect problem domain for it. You would be the master, store the total repo on your laptop and push the branches needed, where they need to go. I suppose that the logic would be in several systems instead of one, but git does distributed versioning better, surely? Please advise. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. I use Puppet in a standalone mode. I created a templating system using Perl and TemplateToolkit to create (simple) puppet manifests and configuration files I wish to manage. These are stored in a Git repo that allows me to easily see when changes are made to a servers' configuration before pushing. Rollbacks are possible too in this scenario. Clients pull via rsync - there is definitely scope for a more robust TLS transport here. The big plus side here is that I am holding every servers' set of files in a DVCS (as well as my colleagues) so we are less dependant on backups as everyone in the team will hold a fairly recent copy of the entire server farm. Tied in mainly to CentOS, I can Kickstart a server and let it pull it's own configuration and apply it in mere minutes if I was to loose a server. As I say, manifests are fairly simple, but enough to manage files, services and other custom executables. This was inspired by some work a guy did at Oxford University. It seems to scal very well as I am managing 180+ servers this way. Tom -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet updating from relative directories or chroot
Cheers all. I suspected it was going to be too hard. Thought no-one had seen the email as it was sent close to the weekend ;) On Dec 13, 11:19 pm, Daniel Pittman dan...@rimspace.net wrote: On Tue, Dec 14, 2010 at 10:15, Patrick Mohr kc7...@gmail.com wrote: On Mon, Dec 13, 2010 at 2:39 PM, Daniel Pittman dan...@rimspace.net wrote: On Fri, Dec 3, 2010 at 22:41, Geoff geoffnew...@gmail.com wrote: I didn't respond earlier, as I imagine most people didn't, because we hoped someone would actually come along and have some experience that could help you out here. Even if they don't, though, posting a new message with bump in the content doesn't work like a web forum - it just sends out a new message with that one line in it to everyone subscribed. I had to dig back through the archives to see what you were having trouble with so I could respond. I was able to see the whole question because he either replied to himself or because he copied and pasted. Could your email client be hiding quoted text? Oh, the embarrassment. Um, yes, he did, and it did. *ahem* Thanks. Daniel Pass me that brown paper bag. -- ✣ Daniel Pittman ✉ dan...@rimspace.net ☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet updating from relative directories or chroot
Bump! On Dec 3, 11:41 am, Geoff geoffnew...@gmail.com wrote: Anyone had any experience getting puppet to update multiple OS's on a single server? For example, for a set of blades Network booting from a primary server, the OS for each blade would be stored on the primary server. For example: /pxe/host1/normal OS directory structure /pxe/host2/normal OS directory structure . /pxe/hostn/normal OS directory structure Can puppet be run in a mode that would take into account relative directories. i.e. instead of being / (root) based, it would be /pxe/ hostn/ based? I've tried the chroot approach previously (about 2 years ago) but had a nightmare with Ruby libraries. Cheers, Geoff. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet updating from relative directories or chroot
Anyone had any experience getting puppet to update multiple OS's on a single server? For example, for a set of blades Network booting from a primary server, the OS for each blade would be stored on the primary server. For example: /pxe/host1/normal OS directory structure /pxe/host2/normal OS directory structure . /pxe/hostn/normal OS directory structure Can puppet be run in a mode that would take into account relative directories. i.e. instead of being / (root) based, it would be /pxe/ hostn/ based? I've tried the chroot approach previously (about 2 years ago) but had a nightmare with Ruby libraries. Cheers, Geoff. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Installing 32bit rpms (using up2date on RHEL4) on a 64bit OS?
How do you do it with puppet? I'm attempting to automate the install of an Oracle RAC and the installer requires a whole raft of 32bit rpms even on a 64bit OS. Easy enough via: up2date --arch i386 xorg-x11-deprecated-libs But I can't find any option to pass the --arch option to the up2date puppet package provider? There have been previous posts on this topic and people seem to use a kludgy 'exec' to get around this. I want dependency resolution so 'exec' is not a good option. Regards, Geoff Linuxsolve Ltd. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] debconf10 puppet bof
JustiIn case you weren't aware, at debconf10 day 3 there will be a BoF on puppet. http://penta.debconf.org/dc10_schedule/events/587.en.html Cheers, Geoff Crompton -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppet for switches
This might be a crazy idea, but it just popped into my head, and I wanted to know if it's possible. Perhaps not possible right now, but possible in a theoretical sense. Is it possible that puppet could be modified to be used to manage switches that have a command line based interface? When I manage our Allied Telesis switches (which have a CLI similar to cisco IOS) I wonder if I could control it via a puppet-like node: node 'switch-101' { vlan { storage: id = 1234, untagged_ports = 3/e1, 4/e3, tagged_ports = 1/e1-2/e48, } include gvrp include stp::rstp stp::portfast { 1/e1-e48,2/e1-48,3/e1-48: } } Now I know we probably can't get puppet to run on the switch, but we can get a host to ssh or telnet to the switch, and to download the current configuration of the switch. -- +-Geoff Crompton +--Debian System Administrator +---Trinity College -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet Camp Schedule Posted
Yes please from those over here in the UK. 2009/9/22 Jean Spirat jeanspi...@squirk.org Peter Meier a écrit : (I'm working angles to see if we can get presentations streamed/recorded. +1 for this idea :-) I'd like to second that. Would be nice! cheers pete o yes , would love that too. Will even pay a few $$ to view it if if this help to fund the cost of the recording. regards, Ghislain. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: You should be using schedules :)
James Turnbull wrote: Geoff Crompton wrote: Mark Plaksin wrote: Maybe we're the last to the party but wow do schedules make a huge difference! Especially with file serving. We added schedules to a few file-heavy modules and cut the load and hits/day on our file serving puppetmaster by 2/3. Instead of doing everything once an hour these modules are now scheduled to run just twice a day. Have you got a url on schedules? I'm not familiar with it, unless this is just a term for some technique of using cron? http://reductivelabs.com/trac/puppet/wiki/TypeReference#id275 Regards James Turnbull Ok, assuming I've got in site.pp schedule { maint: range = 2 - 4, period = daily, repeat = 1 } How do I use that in other classes and resources? The Language tutorial http://reductivelabs.com/trac/puppet/wiki/LanguageTutorial doesn't mention them. Do you do something like: cron { 'a_beaut_cronjob': cmd = 'echo foo', requires = Schedule[ maint ], } -- +-Geoff Crompton +--Debian System Administrator +---Trinity College --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: You should be using schedules :)
Avi Miller wrote: Hey, Geoff Crompton wrote: How do I use that in other classes and resources? The Language tutorial http://reductivelabs.com/trac/puppet/wiki/LanguageTutorial doesn't mention them. The TypeReference page does. Check the exec {} type in the example: exec { /usr/bin/apt-get update: schedule = daily } cYa, Avi Ahh, it's a metaparameter documented at http://reductivelabs.com/trac/puppet/wiki/TypeReference#id343 Now that I read that bit, it does seem a little familiar. -- +-Geoff Crompton +--Debian System Administrator +---Trinity College --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] use of the resource resource
While reading about schedules, I saw: http://reductivelabs.com/trac/puppet/wiki/TypeReference#resources To check I'm reading this right, if I had the following in my site.pp: resources { file purge = true } Would puppet then attempt to purge every single file that it did not have an explicit file resource for? Including files installed by package resources? -- +-Geoff Crompton +--Debian System Administrator +---Trinity College --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Restricted puppet?
Russell Adams wrote: I run puppet via cron as my local user, for basic stuff. One of my favorites is an auto-cleaning temporary directory. I throw cruft in here, and I won't miss it after two weeks, and no more manual cleanup. For example, my ~/.puppet.pp: tidy { /home/rladams/tmp: age = 2w , backup = false , recurse = true , rmdirs = true , type = mtime } Crontab: 0 5 * * * /usr/bin/puppet --verbose /home/rladams/.puppet.pp ~/.puppet.log 21 You can't do anything that requires root privs, but you can create/maintain directories, perms on files you own, operations, etc. Good luck! puppetd runs as a non-root user: geo...@chiraz-60:~/svk/puppet/trunk$ puppetd --test info: Creating a new certificate request for chiraz-60.trinity.unimelb.edu.au info: Creating a new SSL key at /home/geoffc/.puppet/ssl/private_keys/chiraz-60.trinity.unimelb.edu.au.pem warning: peer certificate won't be verified in this SSL session err: Could not request certificate: Certificate retrieval failed: Certificate request does not match existing certificate; run 'puppetca --clean chiraz-60.trinity.unimelb.edu.au'. I imagine if you setup a ~/.puppet.conf with some settings that specify to use a different SSL certificate, or to connect to a different puppet master than what your root puppetd connects to, you would get past the SSL problem I've got here, and start having a puppetd running with the permissions of that user. Either that or you'd find a few other minor issues to work around. -- +-Geoff Crompton +--Debian System Administrator +---Trinity College --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: You should be using schedules :)
Mark Plaksin wrote: Maybe we're the last to the party but wow do schedules make a huge difference! Especially with file serving. We added schedules to a few file-heavy modules and cut the load and hits/day on our file serving puppetmaster by 2/3. Instead of doing everything once an hour these modules are now scheduled to run just twice a day. Have you got a url on schedules? I'm not familiar with it, unless this is just a term for some technique of using cron? -- +-Geoff Crompton +--Debian System Administrator +---Trinity College --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Best uses for virtual resources
Luke Kanies wrote: On May 13, 2009, at 9:12 AM, Evan Hisey wrote: Okay, I am sure virtual resources are a good idea. The problem is other than may be for users I need to include in multiple places, I have not idea of teh right way to use them. I am looking for I guess the best practice in using virtual resource, and maybe some practical examples on right ways to use them. Generally, virtual resources are useful primarily when you want to separate specification of a resource from the decision to deploy a resource to a host. Can't a define achieve the same end? Specify the resource collection in the define at one place, and choose to deploy it in multiple other places. -- +-Geoff Crompton +--Debian System Administrator +---Trinity College --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] scoping of variables in modules for reuse
Hi All, I wanted to make a module of mine to be more re-usable by declaring a variable somewhere in it. I wanted users to be able to override the variable, but I also wanted the module to work if they instantiated the class directly. I'm using puppet 0.24.5 (and the -3 debian subversion) and I found that if I do something like the following: class reprepro-test1 inherits reprepro { $reprepro_dir = /tmp/reprepro_archive1 } class reprepro-test2 { $reprepro_dir = /tmp/reprepro_archive2 include reprepro } node default { include reprepro-test1 include reprepro-test2 include reprepro } With the following file (reprepro/manifests/init.pp) on the module search path: class reprepro { $reprepro_dir = /tmp/reprepro_archive_module file { $reprepro_dir: ensure = directory, } } Then /tmp/reprepro_archive_module gets created with no warnings or errors (due to the node including reprepro), but /tmp/reprepro-test2 does not get created. My variable does not get overloaded. If I change the module to: $reprepro_dir = /tmp/reprepro_archive_module class reprepro { file { $reprepro_dir: ensure = directory, } } And I stop using class reprepro-test1 in the node (*): node default { #include reprepro-test1 include reprepro-test2 inclure reprepro } Then I only get /tmp/reprepro_archive2 created, and no warnings. So I think the following statements are true: * variables in a module have scope of only that module. * The scope of variables inside classes bind tighter than those of module variables. * Class inheritance is limited (as the documentation says), you can't override parent variables. * class includeness binds tighter than module variables, regardless of where in the module you declare the variable. I can't think of how I can achieve what I want, where both include reprepro-test2 and include reprepro do what I expect them to do. I also tried in a separate file: $reprepro_dir = /tmp/reprepro_archive3 class reprepro-test3 inherits reprepro { } class reprepro-test4 { include reprepro } But it looks like class reprepro-test3 behaves exactly like reprepro-test1, and reprepro-test4 behaves exactly like class reprepro. The $reprepro_dir in that file gets global scope, and gets overridden by the definition of $reprepro_dir in the module, regardless of where in the module you declare it. So I think that the documentation here: http://reductivelabs.com/trac/puppet/wiki/LanguageTutorial#importing-manifests says: Puppet has an import keyword for importing other manifests. Code in those external manifests should always be stored in a class or definition or it will be imported into the main scope and applied to all nodes. Should be extended to describe how the scope of variables in modules works. But I've already spent an hour writing this email, so I'm not going to suggest a patch just now. (*) If you keep reprepro-test1 included, then when reprepro-test1 is evaluated the $reprepro_dir is not defined at all, and you see the following errors: err: Could not create : Parameter path failed: File paths must be fully qualified warning: Not using cache on failed catalog warning: Configuration could not be instantiated: Parameter path failed: File paths must be fully qualified --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: best practices stand-alone puppet
Yes. I've done something similar for creating turn-key systems. Do a kickstart of the host and as part of the kickstart, retrieve a puppet manifest from CVS/Subversion. Then run the 'puppet' binary against the manifest to do the final host specific config on the turn-key system. Works great and produces a fully configured, ready to go Linux appliance. Geoff On 11/03/2009, thomas thomas.bik...@gmail.com wrote: Thanks! Here it goes: - there are between 30 and 40 Apache instances (on 20-30 physical servers) that I need to supply with htppd.conf, mod_security.conf and the keys. - all instances are running in pairs for fail-over some are used just as ssl endpoints, some as reverse proxies, some host custom modules - all I can do on these machines is to push via ssh - can not install puppet to pull (unfortunately) I wanted to use puppet just to manage/generate files I need to push to the target hosts (this would have been ideal, since I could group my stuff, use inheritance, etc ...) My idea was to have a deployment box where I will create my puppet DSL files describing servers, services and topology, than using puppet executable generate files, and push them over. Questions I have at this stage: - can I do this at all with puppet? - any pointers to .pp scripting? - how can I loop through all nodes executing .pp script? - how can I select just one host when running puppet? ( For sure I am trying to use puppet not at all in the way it meant to be in the first place, degrading it to ant/maven type of utility, hence my question if this is possible at all) Thomas On Mar 10, 11:25 pm, Andrew Shafer and...@reductivelabs.com wrote: It depends on what you are trying to do exactly, but you can run 'puppet' stand alone without the master. The only thing that gets tricky is if you have interhost configurations that you want to manage. You can also use the master as a file server for the stand alone puppet executable. If you can explain a little bit more about what you are trying to accomplish and your constraints, you'll hopefully get a better answer. Cheers, Andrew On Tue, Mar 10, 2009 at 4:11 PM, Stephen John Smoogen smo...@gmail.com wrote: On Tue, Mar 10, 2009 at 1:28 PM, thomas thomas.bik...@gmail.com wrote: Hello, I was evaluating the use of the puppet with the single purpose to generate a handful of httpd.conf files for several apache instances. Unfortunately my deployment environment is very restrictive and I can not use puppetd on the target hosts - I wanted however take advantage of puppet DSL to describe the system (few dozen of instances with ever- changing ports) and generate stuff I need on the external box, deploying configuration via ssh afterwards on the clients. If someone has faced similar situation - what pointers would you suggest? I believe I would do the following: I would skip the needing for apache in this case. the out of the box puppetmaster runs a webbrick that runs on port 8141 and seems to cover what you are looking for. In this case, you are wanting to make sure that it only listens/talks on 127.0.0.1 and then sync out the puppet directories. -- Stephen J Smoogen. -- BSD/GNU/Linux How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. The Merchant of Venice --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] exporter resource to push out nss-db files
In http://groups.google.com/group/puppet-users/browse_thread/thread/1dc2dbac1f6cc0de?hl=en I was asking about pushing passwd.db out to clients, and James pointed me to Exported Resources. I've read up on Exported Resources, but I'm not getting where I want. The wiki has http://reductivelabs.com/trac/puppet/wiki/ExportedResources#file-example which shows definining some content on node-a, and it appearing on node-b. For my passwd.db I don't want to define the content of the file within the puppet manifest. I want a script to generate the file on one server, and then make that file available elsewhere. So I did a test. On chiraz-60 I created /var/tmp/nss.db with the content 'test'. Then I defined: node 'chiraz-60.trinity.unimelb.edu.au' inherits default { @@file { /var/tmp/nss.db: tag = nss-db-file, } } node 'test-db-01.trinity.unimelb.edu.au' inherits default { File | tag == 'nss-db-file' | } And after running puppetd --test on both a few times, the files haven't shown up on test-db-01. So I tried something else. I thought maybe if on chiraz-60 I defined a file with source from that machine, I could get there: node 'chiraz-60.trinity.unimelb.edu.au' inherits default { @@file { /var/tmp/nss2.db: tag = nss-db-file, source = /var/tmp/nss.db, } } node 'test-db-01.trinity.unimelb.edu.au' inherits default { File | tag == 'nss-db-file' | } But then when running 'puppetd --test' on test-db-01 I see: err: //Node[test-db-01.trinity.unimelb.edu.au]/File[/var/tmp/nss2.db]: Failed to retrieve current state of resource: No specified source was found from /var/tmp/nss.db Another approach would be: node 'chiraz-60.trinity.unimelb.edu.au' inherits default { @@file { /var/tmp/nss.db: tag = nss-db-file, source = puppet:///nss.db, } } And on the puppet master install a cronjob that updates that file, where ever nss.db might be on the filesystem. But I'd prefer not to do this because my manifest is in svn, and the cronjob would be creating files inside an svn working directory that were not under revision control. Also, I'd prefer the generation of nss.db to happen on the ldap master, rather than on the puppet master. -- +-Geoff Crompton +--Debian System Administrator +---Trinity College --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Puppet for password management
I'm working on a turnkey Linux system where the post build config is handled with puppet. One of the unique constraints with a turnkey system is that passwords are essentially set at build time and then stay fixed for the life of the product. I was wondering if anyone had used puppet to manage user passwords? The 'user' type supports an encrypted hash, but ideally I need the facility of passing in a plaintext password, md5 hash it and then have puppet idempotently check it's been set. Thoughts? Geoff. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---