[Puppet Users] Re: puppet logging with passenger

2009-10-28 Thread philipp Hanselmann 

Hi

I have similar issues with puppet 0.25 + passenger 2.2.2,

All logs are going to /var/log/messages even when logdir is defined in 
/etc/puppet/puppec.conf on the server?

## site id_api_cd
[id_api_cd_keyA_prd]
manifest = /etc/puppet/site/id_api_cd/prd/site.pp
modulepath =

/etc/puppet/site/id_api_cd/prd/modules/:/etc/puppet/site/id_api_cd/public/modules/
logdir = /etc/puppet/site/id_api_cd/logs
usecacheonfailure = true
[math_keyC_dev]
manifest = /etc/puppet/site/math/dev/site.pp
modulepath =
/etc/puppet/site/math/dev/modules/:/etc/puppet/site/math/public/modules/
logdir = /etc/puppet/site/math/logs
usecacheonfailure = false



Like I'm using several environments it's imported that each environment 
logs to separate directory ...

Under 0.25 the /etc/puppet/rack/config.ru looks like:

$0 = puppetmasterd
require 'puppet'

# if you want debugging:
# ARGV  --debug

ARGV  --rack
require 'puppet/application/puppetmasterd'
# we're usually running inside a Rack::Builder.new {} block,
# therefore we need to call run *here*.
run Puppet::Application[:puppetmasterd].run


May somebody has ans answer?


Ohad Levy schrieb:
 I've tried to change logging to warn, it ended up breaking the 
 puppetmaster not being able to sign new certificates.

 I know the setup in 0.25 is different, so it might work there.

 Ohad

 On Sat, Aug 8, 2009 at 3:30 AM, cnjohnson gm.johns...@gmail.com 
 mailto:gm.johns...@gmail.com wrote:


 On Aug 7, 12:50 am, David Schmitt da...@dasz.at
 mailto:da...@dasz.at wrote:
  cnjohnson wrote:
   I am running puppet-0.24.8 with passenger-2.2.2, apache-2.2.3
 on RHEL
   5.2. I have two nodes, one x86_64 and one ppc64, that have the
 client
   running and they are checking in regularly as expected. I have a
   minimal site.pp file which defines the owner, group and
 permissions on
   several files. Changes to those files on the two client nodes are
   reverted according to the site.pp file as expected.
 
   I have a question about logging, though. Puppet now logs
 through /var/
   log/messages. This is fine, but not my first choice. Is this being
   handled by apache? Do I need to add an entry in the virtual host
   section of httpd.conf; or is this being handled by rack? I would
   prefer that the logging be done in /var/puppet/log/masterhttp.log
 
   Any suggestions would be appreciated.
 
  Take a look at the configuration reference at [1], especially the
  httplog, logdir, rails_loglevel. railslog, report*, and
 syslogfacility.
 
  See [2] for details on reporting.
 
  Regards, DavidS
 
  [1]http://reductivelabs.com/trac/puppet/wiki/ConfigurationReference
  [2]http://reductivelabs.com/trac/puppet/wiki/ReportReference

 Thank you for the reply. Unfortunately, I still cannot change where
 puppetmasterd logs when used as a rack app. The cofig.ru
 http://cofig.ru file has the
 following lines:

 # startup code stolen from bin/puppetmasterd
 Puppet.parse_config
 Puppet::Util::Log.level = :info
 Puppet::Util::Log.newdestination(:syslog)

 Commenting out the last two lines has the effect of stopping logging
 altogether even though logdir and httplog are specified in
 /etc/puppet/
 puppet.conf

 Doing the following causes the clients to report: Could not call
 puppetmaster.getconfig: #RuntimeError: HTTP-Error: 500 Internal
 Server Error

 mylog = File.new(/var/puppet/log/myhttp.log, a+)
 Puppet::Util::Log.newdestination(mylog)

 I am clearly missing something. Any further clues would be
 appreciated.

 Cheers--

 Charles



 


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] puppetrun 0.25.0 - cacrl error message?

2009-10-05 Thread philipp Hanselmann 

Hi

I'm trying puppetrun on puppet 0.25.0 (with passenger).

For that I added on the client in /etc/puppet/puppet.conf  the following 
line 
listen = true

and added /etc/puppet/namespaceauth.conf file with:
[fileserver]
   allow *.domain.ch
[puppetmaster]
allow *.domain.ch
[puppetrunner]
  allow *.domain.ch
[puppetbucket]
allow *.domain.ch
[puppetreports]
  allow *.domain.ch
[resource]
  allow *.domain.ch


After that I restarted puppet on the client and tried to connect from 
the puppetserver

r...@id-lnx-deployment:/opt/foreman # puppetrun --host slabstb251.domain.ch
Triggering slabstb251.domain.ch
Host slabstb251.domain.ch failed: Could not connect to 
slabstb251.domain.ch on port 8139
slabstb251.domain.ch finished with exit code 2
Failed: slabstb251.domain.ch

Than I figured out that the client daemon isn't running (like before 
without the listen option) or even listening on Port 8139

In /var/log/messages (on the client) I found the following lines:

Oct  5 13:53:01 slabstb251 puppetd[31843]: Setting the :cacrl to 'false' 
is deprecated; Puppet will just ignore the crl if yours is missing
Oct  5 13:53:02 slabstb251 puppetd[31843]: Starting Puppet client 
version 0.25.0
Oct  5 13:53:02 slabstb251 puppetd[31843]: Cached 
certificate_revocation_list for ca failed: Cannot manage the CRL when 
:cacrl is set to false
Oct  5 13:53:02 slabstb251 puppetd[31843]: Could not retrieve catalog 
from remote server: Could not intern from s: Cannot manage the CRL when 
:cacrl is set to false


I haven't used cacrl option in the puppet.conf file, So I don't 
understand this error messages ...

I tried cacrl = true but with the same effect ...

Any help ?

Philipp



--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: Puppet 0.25 - passenger + foreman (webfrontend)

2009-10-02 Thread philipp Hanselmann 


I found the answer by myself ...

mongrel network settings can be changend in 
/opt/foreman/vendor/rails/railties/lib/commands/server.rb

I noticed that our company firewall is blocking Port 3000.


Now it is working, I can see the webgui ...

Next steps will be to use passenger instead of mongrel

philipp Hanselmann wrote:
 Hi


 I was trying to installed foreman, but up to know it fails ...

 (Setup: Redhat Server 5.0 Puppet 0.25 + Passenger, foreman is 
 installed on the same server than Puppet )

 I did the following steps:


 1.) r...@id-lnx-deployment:/opt # git clone 
 git://github.com/ohadlevy/foreman.git foreman
Initialized empty Git repository in /opt/foreman/.git/
remote: Counting objects: 3578, done.
remote: Compressing objects: 100% (2690/2690), done.
remote: Total 3578 (delta 1193), reused 2516 (delta 566)
Receiving objects: 100% (3578/3578), 3.29 MiB | 1269 KiB/s, done.
Resolving deltas: 100% (1193/1193), done.

 2.) r...@id-lnx-deployment:/opt # cd foreman


 3.) r...@id-lnx-deployment:/opt/foreman # git submodule init
Submodule 'vendor/plugins/active_scaffold' 
 (git://github.com/activescaffold/active_scaffold.git) registered for 
 path 'vendor/plugins/active_scaffold'
No submodule mapping found in .gitmodules for path 
 'vendor/plugins/ruby-net-ldap'

 4.) r...@id-lnx-deployment:/opt/foreman # git submodule update
Initialized empty Git repository in 
 /opt/foreman/vendor/plugins/active_scaffold/.git/
remote: Counting objects: 8210, done.
remote: Compressing objects: 100% (2166/2166), done.
remote: Total 8210 (delta 6070), reused 7746 (delta 5647)
Receiving objects: 100% (8210/8210), 1016.04 KiB | 614 KiB/s, done.
Resolving deltas: 100% (6070/6070), done.
Submodule path 'vendor/plugins/active_scaffold': checked out 
 '4dcef6d830b3201711ae5b3d2c193a19a31924fd'
No submodule mapping found in .gitmodules for path 
 'vendor/plugins/ruby-net-ldap'


 5.)
RAILS_ENV=production rake db:migrate


 6.) rake puppet:migrate:populate_hosts RAILS_ENV=production


 7.) r...@id-lnx-deployment:/opt/foreman # ./script/server -e production
 = Booting Mongrel
 = Rails 2.3.2 application starting on http://0.0.0.0:3000
 = Call with -d to detach
 = Ctrl-C to shutdown server

 When I did these steps it looked for me everything was working, but 
 when I finally try to get access to id-lnx-deployment:3000 in my 
 webbrowser I can't load the page ;-(


 For me it looks like that http://0.0.0.0:3000 is only accessible 
 locally but not not from outside?

 And if I try on the server cd /tmp ; wget http://localhost:3000; I  
 will download successfully a *empty* page?

 The same empty page I get on my local machine with 
 http://localhost:3000; with an ssh tunnel (ssh -D 3000 
 r...@id-lnx-deployment) ...

 Questions:
 1.) Where can I configure that mongrel is accepting connections from 
 outside?
 2.) Why does foreman provide empty pages?

 Thanks for the help!
 Philipp




--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Puppet 0.25 - passenger + foreman (webfrontend)

2009-10-01 Thread philipp Hanselmann 

Hi


I was trying to installed foreman, but up to know it fails ...

(Setup: Redhat Server 5.0 Puppet 0.25 + Passenger, foreman is installed 
on the same server than Puppet )

I did the following steps:


1.) r...@id-lnx-deployment:/opt # git clone 
git://github.com/ohadlevy/foreman.git foreman
Initialized empty Git repository in /opt/foreman/.git/
remote: Counting objects: 3578, done.
remote: Compressing objects: 100% (2690/2690), done.
remote: Total 3578 (delta 1193), reused 2516 (delta 566)
Receiving objects: 100% (3578/3578), 3.29 MiB | 1269 KiB/s, done.
Resolving deltas: 100% (1193/1193), done.

2.) r...@id-lnx-deployment:/opt # cd foreman


3.) r...@id-lnx-deployment:/opt/foreman # git submodule init
Submodule 'vendor/plugins/active_scaffold' 
(git://github.com/activescaffold/active_scaffold.git) registered for 
path 'vendor/plugins/active_scaffold'
No submodule mapping found in .gitmodules for path 
'vendor/plugins/ruby-net-ldap'

4.) r...@id-lnx-deployment:/opt/foreman # git submodule update
Initialized empty Git repository in 
/opt/foreman/vendor/plugins/active_scaffold/.git/
remote: Counting objects: 8210, done.
remote: Compressing objects: 100% (2166/2166), done.
remote: Total 8210 (delta 6070), reused 7746 (delta 5647)
Receiving objects: 100% (8210/8210), 1016.04 KiB | 614 KiB/s, done.
Resolving deltas: 100% (6070/6070), done.
Submodule path 'vendor/plugins/active_scaffold': checked out 
'4dcef6d830b3201711ae5b3d2c193a19a31924fd'
No submodule mapping found in .gitmodules for path 
'vendor/plugins/ruby-net-ldap'


5.)
RAILS_ENV=production rake db:migrate


6.) rake puppet:migrate:populate_hosts RAILS_ENV=production


7.) r...@id-lnx-deployment:/opt/foreman # ./script/server -e production
= Booting Mongrel
= Rails 2.3.2 application starting on http://0.0.0.0:3000
= Call with -d to detach
= Ctrl-C to shutdown server

When I did these steps it looked for me everything was working, but when 
I finally try to get access to id-lnx-deployment:3000 in my webbrowser I 
can't load the page ;-(


For me it looks like that http://0.0.0.0:3000 is only accessible locally 
but not not from outside?

And if I try on the server cd /tmp ; wget http://localhost:3000; I  
will download successfully a *empty* page?

The same empty page I get on my local machine with http://localhost:3000; 
with an ssh tunnel (ssh -D 3000 r...@id-lnx-deployment) ...

Questions:
1.) Where can I configure that mongrel is accepting connections from 
outside?
2.) Why does foreman provide empty pages?

Thanks for the help!
Philipp


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: environments for several internal customers?

2009-09-22 Thread philipp Hanselmann 

Meanwhile I found a solution ...

I just use environment names which can't be guessed ... like

On puppet.conf on the puppetmaster:
[math-34lkdfjop34j-dev]
modulepath = /etc/puppet/data/math/dev/modules
manifest = /etc/puppet/date/math/dev/manifests/init.pp
[math-34lkdfjop34j-prd]
modulepath = /etc/puppet/data/math/prd/modules
manifest = /etc/puppet/date/math/prd/manifests/init.pp
[infk-.289n3D0dg2-dev]
modulepath = /etc/puppet/data/inf/dev/modules
manifest = /etc/puppet/date/inf/dev/manifests/init.pp
[infk-.289n3D0dg2-prd]
modulepath = /etc/puppet/data/inf/dev/modules
manifest = /etc/puppet/date/inf/prd/manifests/init.pp


So the math department has it's own user math. With this, they have only 
access to /etc/puppet/data/math/
So they know their own environments, but they don't know the environment 
names of the other puppet users.
The puppet.conf on the puppet server is only readable by the 
puppetmaster deamon ...

It this suitable way?


Philipp




Macno schrieb:
 I do that in this way:

 On puppet.conf on the puppetmaster:
 ---
 [puppetmasterd]
 reports = store,rrdgraph,tagmail,log
 autosign = true
 environments = alpha,beta,gamma
 manifest = /no/file

 [beta]
 modulepath = /etc/puppet/data/beta/
 manifest = /etc/puppet/manifests/site-beta.pp

 [alpha]
 modulepath = /etc/puppet/data/alpha/
 manifest = /etc/puppet/manifests/site-alpha.pp

 [gamma]
 modulepath = /etc/puppet/data/gamma/
 manifest = /etc/puppet/manifests/site-gamma.pp
 ---

  /etc/puppet/manifests/site-beta.pp has something like:
 import project_beta (a module, in  where you define your
 infrastructure, placed in /etc/puppet/data/beta/ )

 Permissions on /etc/puppet/data/beta/ are limited to the users/groups
 that can manage files for the beta environment.


 On puppet.conf on the client (for example of the beta environment):
 [main]
 vardir = /var/lib/puppet
 logdir = /var/log/puppet
 rundir = /var/run/puppet
 ssldir = $vardir/ssl
 environment = beta

 [puppetd]
 classfile = $vardir/classes.txt
 localconfig = $vardir/localconfig
 environments = beta



 You can define also testing / production environments for each
 department, with something like:

 On clients:
 [main]
 vardir = /var/lib/puppet
 logdir = /var/log/puppet
 rundir = /var/run/puppet
 ssldir = $vardir/ssl
 environment = betaprod

 [puppetd]
 classfile = $vardir/classes.txt
 localconfig = $vardir/localconfig
 environments = betatest,betaprod

 (normal puppetruns use beta-prod, with puppetd -t --
 environment=betatest you run on the test environment of beta).

 puppet.conf on the puppet master becomes something like:
 [puppetmasterd]
 reports = store,rrdgraph,tagmail,log
 autosign = true
 environments = alphatest,alphaprod,betatest,betaprod ...
 manifest = /no/file


 [betatest]
 modulepath = /etc/puppet/data/beta/test/
 manifest = /etc/puppet/manifests/site-beta.pp

 [betaprod]
 modulepath = /etc/puppet/data/beta/prod/
 manifest = /etc/puppet/manifests/site-beta.pp


 /etc/puppet/data/beta/test/ and /etc/puppet/data/beta/prod/ are both
 git clones that pull from something like  /etc/puppet/data/beta/
 gitrepo

 My2c

 Alessandro Franceschi

 On 7 Set, 10:24, philipp Hanselmann philipp.hanselm...@gmail.com
 wrote:
   
 We are planning to use a puppet server for several internal customers at
 our school (ETHZ - Swiss Fedral Institute of Technology Zürich).

 One way could be to choose  a separate environment for each customer ...

 Each customer will get a normal user on the puppet server. With this he
 can edit his files inside his own environment path ...

 But how can  we ensure that the customers are separated? It should NOT
 be possible for customer X to choose a environment from customer Y.

 Is there a way to implement this?

 Philipp Hanselmann
 
 

   


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: Puppet 0.25 migration

2009-09-11 Thread philipp Hanselmann 

Matt schrieb:
 For info - I removed passenger 2.2.5, installed 2.2.2 - rebuilt the
 passenger apache module, then removed all traces of puppet includes
 certs.

 Installed puppet 0.25 rpms, set up the config.ru and all worked.
   

And the /etc/httpd/conf.d/puppet.conf ?
Have you edited that file after the installation of 0.25 ?
 2009/9/10 philipp Hanselmann philipp.hanselm...@gmail.com:
   
 philipp Hanselmann schrieb:
 
 I have similar issues with passenger 2.2.5.

 Now I am trying to downgrade passenger to 2.2.2
gem install passenger -v 2.2.2

 This will install 2.2.2, but the passenger 2.2.5 remains installed?

 Than I noticed that the  install process, still use 2.2.5!
 passenger-install-apache2-module


 So how can I remove passenger 2.2.5 ?


   
 Ok. I found it by myself ..
 gem uninstall passenger -v 2.2.5



 
 Pete Emerson schrieb:
   
 Done. The issue is now posted here, and I added --trace to my
 puppetmasterd arguments to provide more info.

 http://projects.reductivelabs.com/issues/2620

 Pete

 On Wed, Sep 9, 2009 at 4:29 PM, Luke Kanies l...@madstop.com wrote:

 
 Can you file this as a bug, and add all of this logging data to it?

 On Sep 9, 2009, at 3:58 PM, Pete Emerson wrote:


   
 I'm seeing this as well, and have some info that may be useful. For me
 the problem happens whether I use passenger-2.2.5, passenger-2.2.2, or
 the puppetmasterd daemon directly.

 I started with exactly the auth.conf from here:

 http://github.com/reductivelabs/puppet/blob/c2e26b9bb28ebcb8e07822015f99bd6a971b51c8/conf/auth.conf


 When I run the puppetmasterd in --no-daemon --debug mode, I see this
 when the client connects:

 info: access[^/catalog/([^/]+)$]: allowing 'method' find
 info: access[^/catalog/([^/]+)$]: allowing $1 access
 info: access[/certificate_revocation_list/ca]: allowing 'method' find
 info: access[/certificate_revocation_list/ca]: allowing * access
 info: access[/report]: allowing 'method' save
 info: access[/report]: allowing * access
 info: access[/file]: allowing * access
 info: access[/certificate/ca]: adding authentication no
 info: access[/certificate/ca]: allowing 'method' find
 info: access[/certificate/ca]: allowing * access
 info: access[/certificate/]: adding authentication no
 info: access[/certificate/]: allowing 'method' find
 info: access[/certificate/]: allowing * access
 info: access[/certificate_request]: adding authentication no
 info: access[/certificate_request]: allowing 'method' find
 info: access[/certificate_request]: allowing 'method' save
 info: access[/certificate_request]: allowing * access
 info: access[/]: adding authentication any
 info: access[^/catalog/([^/]+)$]: defaulting to no access for
 01.admin.demo.nym1
 warning: Denying access: Forbidden request:
 01.admin.demo.nym1(my.ip.address.here) access to
 /catalog/01.admin.demo.nym1 [find] authenticated  at line 52
 err: Forbidden request: 01.admin.demo.nym1(my.ip.address.here) access
 to /catalog/01.admin.demo.nym1 [find] authenticated  at line 52

 Lines 51 through 54 of the auth.conf:

 # allow nodes to retrieve their own catalog (ie their configuration)
 path ~ ^/catalog/([^/]+)$
 method find
 allow $1

 When I change 'allow $1' to 'allow *', the client is able to connect
 and it successfully ran my manifest.

 If I change my allow line to 'allow fakesstringhere', I see this:

 info: access[^/catalog/([^/]+)$]: allowing fakestringhere access

 When I change it back to 'allow $1':

 info: access[^/catalog/([^/]+)$]: allowing $1 access

 It seems like the regex capture of (^[/]+) isn't being stored in $1,
 and $1 is being used literally instead of substituting in the value
 from the regex?

 In case versions are interesting, I'm using CentOS 5 with the rpms
 found at http://tmz.fedorapeople.org/repo/puppet/epel/5/x86_64/

 puppet-0.25.0-0.4.el5.noarch
 puppet-server-0.25.0-0.4.el5.noarch
 ruby-1.8.5-5.el5_3.7.x86_64
 ruby-augeas-0.3.0-1.el5.x86_64
 ruby-devel-1.8.5-5.el5_3.7.x86_64
 rubygems-1.3.1-1.el5.noarch
 ruby-irb-1.8.5-5.el5_3.7.x86_64
 ruby-libs-1.8.5-5.el5_3.7.x86_64
 ruby-rdoc-1.8.5-5.el5_3.7.x86_64
 ruby-shadow-1.4.1-7.el5.x86_64

 ruby gem info (although passenger is out of the mix):
 fastthread (1.0.7)
 passenger (2.2.2)
 rack (1.0.0)
 rake (0.8.7)

 Pete


 On Wed, Sep 9, 2009 at 11:30 AM, jrojas
 ja...@nothingbeatsaduck.com wrote:

 
 I am seeing this problem as well.
 Reverting from 2.2.5 to 2.2.2 did not help.


 On Sep 9, 9:12 am, Matt mattmora...@gmail.com wrote:

   
 Reverting back to the passenger 2.2.2 gem worked for me.

 2009/9/8 Larry Ludwig la...@reductivelabs.com:




 
 hmm passenger 2.2.5 is released?  hmm I'll have to test it out.
 -L
 --
 Larry Ludwig
 Reductive Labs

   
 --
 It is well to remember that the entire universe, with one trifling
 exception, is composed of others. --John Andrew Holmes

[Puppet Users] Re: Puppet 0.25 migration

2009-09-10 Thread philipp Hanselmann 

I have similar issues with passenger 2.2.5.

Now I am trying to downgrade passenger to 2.2.2
gem install passenger -v 2.2.2

This will install 2.2.2, but the passenger 2.2.5 remains installed?

Than I noticed that the  install process, still use 2.2.5!
 passenger-install-apache2-module


So how can I remove passenger 2.2.5 ?




Pete Emerson schrieb:
 Done. The issue is now posted here, and I added --trace to my
 puppetmasterd arguments to provide more info.

 http://projects.reductivelabs.com/issues/2620

 Pete

 On Wed, Sep 9, 2009 at 4:29 PM, Luke Kanies l...@madstop.com wrote:
   
 Can you file this as a bug, and add all of this logging data to it?

 On Sep 9, 2009, at 3:58 PM, Pete Emerson wrote:

 
 I'm seeing this as well, and have some info that may be useful. For me
 the problem happens whether I use passenger-2.2.5, passenger-2.2.2, or
 the puppetmasterd daemon directly.

 I started with exactly the auth.conf from here:

 http://github.com/reductivelabs/puppet/blob/c2e26b9bb28ebcb8e07822015f99bd6a971b51c8/conf/auth.conf

 When I run the puppetmasterd in --no-daemon --debug mode, I see this
 when the client connects:

 info: access[^/catalog/([^/]+)$]: allowing 'method' find
 info: access[^/catalog/([^/]+)$]: allowing $1 access
 info: access[/certificate_revocation_list/ca]: allowing 'method' find
 info: access[/certificate_revocation_list/ca]: allowing * access
 info: access[/report]: allowing 'method' save
 info: access[/report]: allowing * access
 info: access[/file]: allowing * access
 info: access[/certificate/ca]: adding authentication no
 info: access[/certificate/ca]: allowing 'method' find
 info: access[/certificate/ca]: allowing * access
 info: access[/certificate/]: adding authentication no
 info: access[/certificate/]: allowing 'method' find
 info: access[/certificate/]: allowing * access
 info: access[/certificate_request]: adding authentication no
 info: access[/certificate_request]: allowing 'method' find
 info: access[/certificate_request]: allowing 'method' save
 info: access[/certificate_request]: allowing * access
 info: access[/]: adding authentication any
 info: access[^/catalog/([^/]+)$]: defaulting to no access for
 01.admin.demo.nym1
 warning: Denying access: Forbidden request:
 01.admin.demo.nym1(my.ip.address.here) access to
 /catalog/01.admin.demo.nym1 [find] authenticated  at line 52
 err: Forbidden request: 01.admin.demo.nym1(my.ip.address.here) access
 to /catalog/01.admin.demo.nym1 [find] authenticated  at line 52

 Lines 51 through 54 of the auth.conf:

 # allow nodes to retrieve their own catalog (ie their configuration)
 path ~ ^/catalog/([^/]+)$
 method find
 allow $1

 When I change 'allow $1' to 'allow *', the client is able to connect
 and it successfully ran my manifest.

 If I change my allow line to 'allow fakesstringhere', I see this:

 info: access[^/catalog/([^/]+)$]: allowing fakestringhere access

 When I change it back to 'allow $1':

 info: access[^/catalog/([^/]+)$]: allowing $1 access

 It seems like the regex capture of (^[/]+) isn't being stored in $1,
 and $1 is being used literally instead of substituting in the value
 from the regex?

 In case versions are interesting, I'm using CentOS 5 with the rpms
 found at http://tmz.fedorapeople.org/repo/puppet/epel/5/x86_64/

 puppet-0.25.0-0.4.el5.noarch
 puppet-server-0.25.0-0.4.el5.noarch
 ruby-1.8.5-5.el5_3.7.x86_64
 ruby-augeas-0.3.0-1.el5.x86_64
 ruby-devel-1.8.5-5.el5_3.7.x86_64
 rubygems-1.3.1-1.el5.noarch
 ruby-irb-1.8.5-5.el5_3.7.x86_64
 ruby-libs-1.8.5-5.el5_3.7.x86_64
 ruby-rdoc-1.8.5-5.el5_3.7.x86_64
 ruby-shadow-1.4.1-7.el5.x86_64

 ruby gem info (although passenger is out of the mix):
 fastthread (1.0.7)
 passenger (2.2.2)
 rack (1.0.0)
 rake (0.8.7)

 Pete


 On Wed, Sep 9, 2009 at 11:30 AM, jrojas
 ja...@nothingbeatsaduck.com wrote:
   
 I am seeing this problem as well.
 Reverting from 2.2.5 to 2.2.2 did not help.


 On Sep 9, 9:12 am, Matt mattmora...@gmail.com wrote:
 
 Reverting back to the passenger 2.2.2 gem worked for me.

 2009/9/8 Larry Ludwig la...@reductivelabs.com:



   
 hmm passenger 2.2.5 is released?  hmm I'll have to test it out.
 
 -L
 
 --
 Larry Ludwig
 Reductive Labs
 
 --
 It is well to remember that the entire universe, with one trifling
 exception, is composed of others. --John Andrew Holmes
 -
 Luke Kanies | http://reductivelabs.com | http://madstop.com


 

 

   


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: Puppet 0.25 migration

2009-09-10 Thread philipp Hanselmann 

philipp Hanselmann schrieb:
 I have similar issues with passenger 2.2.5.

 Now I am trying to downgrade passenger to 2.2.2
gem install passenger -v 2.2.2

 This will install 2.2.2, but the passenger 2.2.5 remains installed?

 Than I noticed that the  install process, still use 2.2.5!
 passenger-install-apache2-module


 So how can I remove passenger 2.2.5 ?


Ok. I found it by myself ..
gem uninstall passenger -v 2.2.5





 Pete Emerson schrieb:
 Done. The issue is now posted here, and I added --trace to my
 puppetmasterd arguments to provide more info.

 http://projects.reductivelabs.com/issues/2620

 Pete

 On Wed, Sep 9, 2009 at 4:29 PM, Luke Kanies l...@madstop.com wrote:
  
 Can you file this as a bug, and add all of this logging data to it?

 On Sep 9, 2009, at 3:58 PM, Pete Emerson wrote:


 I'm seeing this as well, and have some info that may be useful. For me
 the problem happens whether I use passenger-2.2.5, passenger-2.2.2, or
 the puppetmasterd daemon directly.

 I started with exactly the auth.conf from here:

 http://github.com/reductivelabs/puppet/blob/c2e26b9bb28ebcb8e07822015f99bd6a971b51c8/conf/auth.conf
  


 When I run the puppetmasterd in --no-daemon --debug mode, I see this
 when the client connects:

 info: access[^/catalog/([^/]+)$]: allowing 'method' find
 info: access[^/catalog/([^/]+)$]: allowing $1 access
 info: access[/certificate_revocation_list/ca]: allowing 'method' find
 info: access[/certificate_revocation_list/ca]: allowing * access
 info: access[/report]: allowing 'method' save
 info: access[/report]: allowing * access
 info: access[/file]: allowing * access
 info: access[/certificate/ca]: adding authentication no
 info: access[/certificate/ca]: allowing 'method' find
 info: access[/certificate/ca]: allowing * access
 info: access[/certificate/]: adding authentication no
 info: access[/certificate/]: allowing 'method' find
 info: access[/certificate/]: allowing * access
 info: access[/certificate_request]: adding authentication no
 info: access[/certificate_request]: allowing 'method' find
 info: access[/certificate_request]: allowing 'method' save
 info: access[/certificate_request]: allowing * access
 info: access[/]: adding authentication any
 info: access[^/catalog/([^/]+)$]: defaulting to no access for
 01.admin.demo.nym1
 warning: Denying access: Forbidden request:
 01.admin.demo.nym1(my.ip.address.here) access to
 /catalog/01.admin.demo.nym1 [find] authenticated  at line 52
 err: Forbidden request: 01.admin.demo.nym1(my.ip.address.here) access
 to /catalog/01.admin.demo.nym1 [find] authenticated  at line 52

 Lines 51 through 54 of the auth.conf:

 # allow nodes to retrieve their own catalog (ie their configuration)
 path ~ ^/catalog/([^/]+)$
 method find
 allow $1

 When I change 'allow $1' to 'allow *', the client is able to connect
 and it successfully ran my manifest.

 If I change my allow line to 'allow fakesstringhere', I see this:

 info: access[^/catalog/([^/]+)$]: allowing fakestringhere access

 When I change it back to 'allow $1':

 info: access[^/catalog/([^/]+)$]: allowing $1 access

 It seems like the regex capture of (^[/]+) isn't being stored in $1,
 and $1 is being used literally instead of substituting in the value
 from the regex?

 In case versions are interesting, I'm using CentOS 5 with the rpms
 found at http://tmz.fedorapeople.org/repo/puppet/epel/5/x86_64/

 puppet-0.25.0-0.4.el5.noarch
 puppet-server-0.25.0-0.4.el5.noarch
 ruby-1.8.5-5.el5_3.7.x86_64
 ruby-augeas-0.3.0-1.el5.x86_64
 ruby-devel-1.8.5-5.el5_3.7.x86_64
 rubygems-1.3.1-1.el5.noarch
 ruby-irb-1.8.5-5.el5_3.7.x86_64
 ruby-libs-1.8.5-5.el5_3.7.x86_64
 ruby-rdoc-1.8.5-5.el5_3.7.x86_64
 ruby-shadow-1.4.1-7.el5.x86_64

 ruby gem info (although passenger is out of the mix):
 fastthread (1.0.7)
 passenger (2.2.2)
 rack (1.0.0)
 rake (0.8.7)

 Pete


 On Wed, Sep 9, 2009 at 11:30 AM, jrojas
 ja...@nothingbeatsaduck.com wrote:
  
 I am seeing this problem as well.
 Reverting from 2.2.5 to 2.2.2 did not help.


 On Sep 9, 9:12 am, Matt mattmora...@gmail.com wrote:

 Reverting back to the passenger 2.2.2 gem worked for me.

 2009/9/8 Larry Ludwig la...@reductivelabs.com:



  
 hmm passenger 2.2.5 is released?  hmm I'll have to test it out.
 -L
 --
 Larry Ludwig
 Reductive Labs
 
 -- 
 It is well to remember that the entire universe, with one trifling
 exception, is composed of others. --John Andrew Holmes
 -
 Luke Kanies | http://reductivelabs.com | http://madstop.com


 

 

   




--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com

[Puppet Users] environments for several internal customers?

2009-09-07 Thread philipp Hanselmann 

We are planning to use a puppet server for several internal customers at 
our school (ETHZ - Swiss Fedral Institute of Technology Zürich).

One way could be to choose  a separate environment for each customer ...

Each customer will get a normal user on the puppet server. With this he 
can edit his files inside his own environment path ...


But how can  we ensure that the customers are separated? It should NOT 
be possible for customer X to choose a environment from customer Y.

Is there a way to implement this?


Philipp Hanselmann

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: Controlling the order of execution of puppet code?

2009-05-29 Thread philipp Hanselmann 

Junhao schrieb:
 Greg wrote:
   
 Only way I know is to make individual objects depend on other objects.
 Can't do it at
 class level... I think there is a feature request somewhere in the
 system for this, because
 I'd like it as well...

 Greg

 On May 27, 9:56 pm, philipp Hanselmann philipp.hanselm...@gmail.com
 wrote:
 
 May somebody has answer ...

 How can I ensure that certain classes get executed on the client side
 before the other ones do?

 Have a look on the example:

  class AA
 case  $operatingsystem {
  redhat: { include AA::do-first }
 default: {}
 }
   include AA::software
   include AA::desktop
  }

 class AA::do-first {
 # do an rhn_register
 exec { register-system:
 command = rm -f /etc/sysconfig/rhn/systemid ; rhnreg_ks
 --force --serverUrl=https://$rhn_server/XMLRPC
 --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
 --activationkey=$activation_key,
 logoutput = true,
 unless = /usr/sbin/rhn_check,
 tag = register-system,
 }

 }
 class AA::software {
 # do someting after AA::do-first
 }
 class AA::desktop {
 # do something after AA::do-first
 }

 For an Redhat system the resource(s) in AA::do-first should run before
 the resource(s) in AA::software   AA::desktop.

 Is their an simple way for that?

 An other wish would be: If Exec register-system fails, puppet should
 stop his execution without do go through the class AA::software 
 AA::desktop.

 Thanks for the help!

 Philipp
   

 What about:

 module AA:
 class AA {}
 class AA::do-first {
$myvariable
 }
 class AA::software inherits AA::do-first {}
 class AA::desktop inherits AA::do-first {}

 node foo:
   
 node foo {
  import AA
  include AA::desktop
 }

 Junhao

   
Hi Janhao


Even this works, I had issues with the scope of my global defined 
variables, so I decided to replace all my inherits code trough 
include(s). Since than puppet handle my variables like expected.

So not really willing to go back.
I must commit up to date I couldn't understand the advances of using 
class inheritance comparing to include statements ...

class master {
# do something
}
class slave inherits master {
# do something
}

OR

class master {
   # do something
}
class slave {
include master
# do something
}



What are differences execpt to get issues with the variable scope in 
inheritanced classes?

Philipp



 

   


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: Controlling the order of execution of puppet code?

2009-05-29 Thread philipp Hanselmann 

James Turnbull schrieb:
 Brice Figureau wrote:
   
 On Thu, 2009-05-28 at 11:55 +0200, Peter Meier wrote:
 
 Hi

   
 Only way I know is to make individual objects depend on other objects.
 Can't do it at
 class level... I think there is a feature request somewhere in the
 system for this, because
 I'd like it as well...
 
 hmm did I only dream that in the upcoming release there will be a  
 require (or something like that) keyword to include a class and  
 require it. Unfortunately I'm not able to find the appropriate bug  
 report.
   
 I implemented it for sure, but in the end I think it was rejected:
 http://projects.reductivelabs.com/issues/1907

 Re-reading the thread I see why we rejected the bug, but not the patch.
 I think I'll have to resubmit it.
 

 Yes - had to go re-read myself.  As long as we provide both functions -
 include and a stronger require - I think this is an easy +1.

 Regards

 James Turnbull

   
Yes, that will be great when require for classes comes in.
With this I can much more control, how puppet evaluates the configuration.

Thanks!

Philipp


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Controlling the order of execution of puppet code?

2009-05-27 Thread philipp Hanselmann 

May somebody has answer ...

How can I ensure that certain classes get executed on the client side 
before the other ones do?

Have a look on the example:

 class AA
case  $operatingsystem {
 redhat: { include AA::do-first }
default: {}
}
  include AA::software
  include AA::desktop
 }

class AA::do-first {
# do an rhn_register
exec { register-system:
command = rm -f /etc/sysconfig/rhn/systemid ; rhnreg_ks
--force --serverUrl=https://$rhn_server/XMLRPC
--sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
--activationkey=$activation_key,
logoutput = true,
unless = /usr/sbin/rhn_check,
tag = register-system,
}

}
class AA::software {
# do someting after AA::do-first
}
class AA::desktop {
# do something after AA::do-first
}


For an Redhat system the resource(s) in AA::do-first should run before 
the resource(s) in AA::software   AA::desktop.

Is their an simple way for that?

An other wish would be: If Exec register-system fails, puppet should 
stop his execution without do go through the class AA::software  
AA::desktop.


Thanks for the help!

Philipp
 

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: How to use definitions with common resources?

2009-04-16 Thread philipp Hanselmann 

Simon J Mudd schrieb:
 philipp.hanselm...@gmail.com (puppet) writes:

   
 Replace this line:
 
  $download_dir  = '/root/tmp'
   
 with:

#NOTE: generate is executed on the puppetmaster.
 $download_dir = generate(/usr/bin/env,bash,'-c',/bin/
 mktemp)

 With this every time your definition get used it will choose an random
 folder in your /tmp.
 

 Thanks. The idea is good, but it doesn't quite work.

 1. The script unfortunately contains account information
user/passwords for the application's initial installation. Hence
/root/tmp is better as only root users can access this directory.

   
1.) With
mktemp -p /root

this will choose a random folder name begining with /root


2. ) permissions?
Your puppet code:

file { $download_dir:
 owner   = root,
 group   = root,
 mode= 700,
 ensure  = directory,
 }

takes already care that only root has access of new generated files in 
the folder $download_dir ?
At least my tests confirmed  that ...


3.) Clean-up of the random folder?

may something like this helps?

exec { $install_script/$software_env:
 command = $download_dir/$install_script ... appropriate 
parameters ...   rm Rf $download_dir,
 onlyif  = ... test if software not installed ...,
 require = File[$download_dir/$install_script]
 }



Philipp

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: How to use definitions with common resources?

2009-04-15 Thread philipp Hanselmann 

Replace this line:
  $download_dir  = '/root/tmp'   
with:

#NOTE: generate is executed on the puppetmaster.
 $download_dir = generate(/usr/bin/env,bash,'-c',/bin/mktemp)


With this every time your definition get used it will choose an random 
folder in your /tmp.


I hope this works?

Philipp

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---