[Puppet Users] Re: Why?
See the little arrows? No i didn't See the puppet language guide. I did and now (...) I see it! Thank you! Rgds Mat .. On Aug 10, 4:28 pm, vagn scott vagnsc...@gmail.com wrote: On 08/10/2011 02:40 AM, ki_chi_saga wrote: exec { 'a': ... } - exec { 'b': ... } - exec { 'c': ... } can I really be sure that puppet evaluates this in the sequence of writing? See the little arrows? - That is one way to declare sequence. There are others. See the puppet language guide. -- vagn -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Why?
if you care about order you should make it explicit: Good point, but; exec { 'a': ... } - exec { 'b': ... } - exec { 'c': ... } can I really be sure that puppet evaluates this in the sequence of writing? Rgds, Mats _ On Aug 9, 7:29 pm, vagn scott vagnsc...@gmail.com wrote: On 08/09/2011 01:19 PM, ki_chi_saga wrote: if you care about order you should make it explicit: exec { 'a': ... } - exec { 'b': ... } - exec { 'c': ... } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Why?
On Aug 9, 8:23 pm, Stefan Schulte stefan.schu...@taunusstein.net wrote: If I understand this, »shareall« will only run if both services are up? Thats is correct. First thing I would do: check what returncode 32 stands for. I've tried but unable to find it. Then run your manifest in debug mode Good point, I will If I recall correctly svcadm enable can actually return before the service is really up. Very interesting. I've also suspecting some kind of timing issue Rgds, Mats -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Why?
On Aug 9, 8:37 pm, Scott Smith sc...@ohlol.net wrote: I suggest using a notice = Exec[shareall] in your dfsshare rather than before. Also make exec{shareall: refreshonly = true} That may or may not help with your problem but either way good design Thanks I will try this Rgds, Mat -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Why?
Hello everybody out there! Is there anyone who can explain why; .. $share1 = share -F nfs -o ro,anon=0 /jumpstart/install $share2 = share -F nfs -o ro,anon=0 /jumpstart/config dfshare {[$share1,$share2]: before = Exec[shareall] } service { rpc/bind: enable = true, ensure = running } service { nfs/server: enable = true, ensure = running, require = Service[rpc/bind] } exec { shareall: command = /usr/sbin/shareall, require = Service[nfs/server] . Sometimes results in; = err: /Stage[main]/Nfsexport/Exec[shareall]/returns: change from notrun to 0 failed: /usr/sbin/shareall returned 32 instead of one of [0] at /proj/unixteam/ puppet/modules/jumpstart/manifests/init.pp:36 == To me the Exec[shareall] will be run last? But does it? Rgds, Mat -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: unable to request certificate
Hello Felix! In most circumstances, disabling autosigning is indeed a good idea. That's what I've read too. About your general problems, Well, this is the first time I installed a puppet client and I wanted having it going right away an a Solaris system (to an on-site education on puppet). I wanted it installed the *easiest* way possible ... As I wrot in my initial post I went to reductivelabs.com and from there to the OpenCSW archive: /opt/csw/bin/pkgutil -U /opt/csw/bin/pkgutil --install puppet That was it! Everything installed nicely but to my suprise no working default's were setup (???). And this has caused *a*lot* of confusion for me. Is it so that you *have* to create you first initial configuration yourself? (i.e there is really no DEFAULT configuration) Or is this dependent on *where* how you install puppet (for example from source)? If someone light me up on this, I would really appreciate this. And now finally ... === info: Caching certificate for ca warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session info: Creating a new SSL certificate request for selix063gh.lmera.ericsson.se info: Certificate Request fingerprint (md5): 77:50:45:46:C3:C1:3B: 08:70:2E:6C:DE:0C:C6:DC:7D warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session info: Caching certificate for selix063gh.lmera.ericsson.se info: Caching certificate_revocation_list for ca info: Caching catalog for selix063gh.lmera.ericsson.se info: Applying configuration version '1303986887' info: Creating state file /var/opt/csw/puppet/state/state.yaml notice: Finished catalog run in 0.15 seconds === I can hardly believe my eays !!! *** * THANK YOU EVERBODY WHO REPLIED, LEADING ME TO THE RIGHT DIRECTION ! * *** Rgds, Mat -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] unable to request certificate
Hello! Background; We're just in the initial stage of setting up a testenv. for checking out puppet. And a working master and client(s) (ver. 2.6.7 is now started on one of our Suse/Linux servers. I'm about to get a working puppet client (on Solaris 10-09) to connect to the above puppet master. I wanted to have it going as fast as possible so I went to http://projects.puppetlabs.com/projects/puppet/wiki/Puppet_Solaris From there I was lead to Blastwave and installed it the easiest way I found; # /opt/csw/bin/pkgutil -U # /opt/csw/bin/pkgutil --install puppet Everything installed nicely but to my suprise no working default's were setup (???), but that has been done now. The version I received was 2.6.6 When I start my pupppet client I get; ... ./sbin/puppetd --server puppet-server.lmera.ericsson.se --waitforcert 60 --verbose --test info: Creating a new SSL key for selix063gh.lmera.ericsson.se warning: peer certificate won't be verified in this SSL session info: Caching certificate for ca warning: peer certificate won't be verified in this SSL session info: Caching certificate for selix063gh.lmera.ericsson.se err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key err: Could not retrieve catalog from remote server: Retrieved certificate does not match private key; warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run .. Searching the net suggests removing '/var/opt/csw/puppet/ssl' from client and running puppetca --clean hostname (hostname in this case is selix063gh.lmera.ericsson.se) When I issue 'puppetca --clean selix063gh.lmera.ericsson.se' I get a the response; 'Could not find client certificate or request for selix063gh.lmera.ericsson.se' which isn't particurlarly suprising, since this is a new client and one would expect that its unknown to puppetmaster. However looking on the puppetserver the client is all but unknown ... Listing /var/lib/puppet/ssl/ca/signed gives at hand; .. -rw-r- 1 puppet puppet 1021 Mar 31 15:09 puppet- server.lmera.ericsson.se.pem -rw-r- 1 puppet puppet 908 Apr 26 12:34 puppetc1.lmera.ericsson.se.pem -rw-r- 1 puppet puppet 912 Apr 26 12:34 selix063gh.lmera.ericsson.se.pem .. and /var/lib/puppet/ssl/ca/inventory.txt shows; .. # Inventory of signed certificates # SERIAL NOT_BEFORE NOT_AFTER SUBJECT 0x0001 2011-03-30T13:09:33GMT 2016-03-28T13:09:33GMT /CN=Puppet CA: puppet-server.lmera.ericsson.se 0x0002 2011-03-30T13:09:33GMT 2016-03-28T13:09:33GMT /CN=puppet- server.lmera.ericsson.se 0x0003 2011-04-20T12:11:44GMT 2016-04-18T12:11:44GMT / CN=puppetc1.lmera.ericsson.se 0x0004 2011-04-25T10:34:09GMT 2016-04-23T10:34:09GMT / CN=selix063gh.lmera.ericsson.se 0x0005 2011-04-25T10:34:09GMT 2016-04-23T10:34:09GMT / CN=puppetc1.lmera.ericsson.se .. Being a puppet rockie it appears that something is very wrong. Err. msg. says 'remove certificate from server' and when i try that from puppetmasterd, I'll get a msg. saying that there is no certificate for the hostname. Removing /var/opt/csw/puppet/ssl from client and running puppetca -- clean hostname does not change anything I'll get the same error message nomatter what I try. Anyone having a way out of this ? Rgds, Mat -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: unable to request certificate
Hello Felix What does puppetca --list --all give you? It gives me; -- puppet@puppet-server:~ puppetca --list --all puppet@puppet-server:~ puppetca --list No certificates to sign puppet@puppet-server:~ -- Have you ever told puppet to sign any cert for that box? Yes,by running; /sbin/puppetd --server puppet-server.lmera.ericsson.se --verbose -- test Is autosign enabled per chance? Hmmm, it appears so; puppet@puppet-server:~ more /etc/puppet/autosign.conf *.lmera.ericsson.se puppet@puppet-server:~ I believe this is mistake. I will definitly remove that and see what happens. The first wooden hammer you can swing is move the cert away from the master's ssl dir. I'll try that but I'll first see the outcome of getting rid of the autosign. I believe that autosign has been put in place by mistake caused by the fact that there is no working default configuration. Thanks Rgds, Mat The first wooden hammer you can swing is move the cert away from the master's ssl dir. Another approach (albeit crooked) would be to try and find the privkey for the cert that somehow made it to your master and use that for the client. I don't think you'll find it, though. Have you ever told puppet to sign any cert for that box? Is autosign enabled per chance? HTH, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: unable to request certificate
Sorry Yes,by running; /sbin/puppetd --server puppet-server.lmera.ericsson.se --verbose -- test should be # ../sbin/puppetd --server puppet-server.lmera.ericsson.se -- waitforcert 60 --verbose --test -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.