[Puppet Users] Re: select ip-address for sshd_config
On Mar 20, 3:51 pm, Peter Meier wrote:
> >> if $ipaddress_eth1 {
> >> $sshd_listen_address = $ipadress_eth1
>
> ipaddress vs. ipadress
Ah, you tricked me :-) Thanks!
> Regarding the order: no this doesn't matter. There is a distinction
> between parsing and applying. Variables are set while parsing, so is
> the template evaluated, hence for parsing (which happens btw on the
> master) the order is fine like that.
Ok, good to know. Thanks again !
-jf
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: select ip-address for sshd_config
On Mar 20, 12:40 pm, Peter Meier wrote:
> case $sshd_listen_address {
> '': {
> if $ipaddress_eth1 {
> $sshd_listen_address = $ipadress_eth1
> } else {
> $sshd_listen_address = $ipaddress
> }
> }
> }
Oh.. I was thinking about putting the logic inside the template, but
see that maybe it fits better in the manifest. So I tried this in the
ssh class manifest:
case $sshd_listen_address {
'': {
if $ipaddress_eth1 {
$sshd_listen_address = $ipadress_eth1
} else {
$sshd_listen_address = $ipaddress
}
}
}
file { "/etc/ssh/sshd_config":
owner => root,
group => root,
mode=> 400,
content => template("ssh/sshd_config.erb"),
require => [ Package["openssh-server"], Class["banner"],
File["/etc/pam.d/sshd"] ]
}
and only use a "ListenAddress <%= sshd_listen_address %>" in the
template. But this gives me a blank listenaddress if
$sshd_listen_address isn't defined in the node, so I'm wondering if
this is maybe because the case statement is evaluated after the
template is pushed.. Hmm, can "file" require a variable to enforce the
order here, or is there any other sensible way without splitting this
in sub-classes ?
-jf
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] select ip-address for sshd_config
We're using the ListenAddress directive in our sshd_config to tell which interface sshd is supposed to listen on. Normally it's the address for eth1, but it might be the address for eth0 if there is none for eth1, and it might be both.. So, could someone help me with the erb template for my sshd_config: ListenAddress <%= sshd_listen_address %> The priority should be: 1 - $sshd_listen_address defined in node template 2 - $ipaddress_eth1 fact if defined 3 - $ipaddress fact 4 - default = 0.0.0.0 (probably not necessary since $ipaddress should always be defined..?) -jf -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] push file once
Is there any way to have puppet push an initial configuration file, and then let local admins modify it without it being overwritten by subsequent puppet runs ? Two examples: Push-if-not-existing: - I want to push a default /etc/httpd/conf.d/00-local-defaults.conf , but would like to allow the local webmaster to change it if he needs to override some defaults here. Push-if-default (maybe based on checksum) When installing mysql, I want to overwrite the RPM-supplied /etc/ my.cnf with our default, and still let the local mysql-admin to override the defaults here. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: realize group before user ?
That worked. Great, thanks! -jf -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: realize group before user ?
Sorry, but it doesn't seem to be that simple. I just tried to include a class that does: realize ( Group["policyd"], User["policyd"] ) and see on the puppet client: Mar 10 12:00:16 asav puppetd[20247]: Starting Puppet client version 0.25.4 Mar 10 12:00:31 asav puppetd[20247]: (//user::virtual/User[policyd]/ ensure) change from absent to present failed: Could not create user policyd: Execution of '/usr/sbin/useradd -u 103 -g 103 -d /home/ policyd -c Postfix Policy Daemon -s /bin/bash -M policyd' returned 6: useradd: unknown group 103 Mar 10 12:00:32 asav puppetd[20247]: (//user::virtual/Group[policyd]/ ensure) created Mar 10 12:00:33 asav puppetd[20247]: Finished catalog run in 6.58 seconds So, it fails to create the user on first run.. but will of course succeed the next time since now the group is created... But how can I force group creation before user creation, when the order listed in realize() obviously doesn't matter. -jf -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: RHEL4 / 0.25.4-1 / Failed to retrieve current state of resource: Could not retrieve file metadata for
On Mar 6, 2:18 pm, Jan-Frode Myklebust wrote: > As far as I can see, all RHEL5 puppets are running fine. Oops, no, I've gotten this once now from a RHEL5 host too. The only 32- bit RHEL5-host I have in this environment. My staging environment has 20 hosts: 3x 32-bit RHEL4 1x 32-bit RHEL5 16x 64bit RHEL5 and the error has only come from the 32-bit hosts. I'm also wondering if this could simply be caused by an overloaded puppetmaster, as it's only running a single puppetmaster-process... ? But that doesn't explain why I'm not seeing this problem on the 64-bit machines... -jf -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
