[Puppet Users] Re: puppet logging with passenger
Hi I have similar issues with puppet 0.25 + passenger 2.2.2, All logs are going to /var/log/messages even when logdir is defined in /etc/puppet/puppec.conf on the server? ## site id_api_cd [id_api_cd_keyA_prd] manifest = /etc/puppet/site/id_api_cd/prd/site.pp modulepath = /etc/puppet/site/id_api_cd/prd/modules/:/etc/puppet/site/id_api_cd/public/modules/ logdir = /etc/puppet/site/id_api_cd/logs usecacheonfailure = true [math_keyC_dev] manifest = /etc/puppet/site/math/dev/site.pp modulepath = /etc/puppet/site/math/dev/modules/:/etc/puppet/site/math/public/modules/ logdir = /etc/puppet/site/math/logs usecacheonfailure = false Like I'm using several environments it's imported that each environment logs to separate directory ... Under 0.25 the /etc/puppet/rack/config.ru looks like: $0 = puppetmasterd require 'puppet' # if you want debugging: # ARGV --debug ARGV --rack require 'puppet/application/puppetmasterd' # we're usually running inside a Rack::Builder.new {} block, # therefore we need to call run *here*. run Puppet::Application[:puppetmasterd].run May somebody has ans answer? Ohad Levy schrieb: I've tried to change logging to warn, it ended up breaking the puppetmaster not being able to sign new certificates. I know the setup in 0.25 is different, so it might work there. Ohad On Sat, Aug 8, 2009 at 3:30 AM, cnjohnson gm.johns...@gmail.com mailto:gm.johns...@gmail.com wrote: On Aug 7, 12:50 am, David Schmitt da...@dasz.at mailto:da...@dasz.at wrote: cnjohnson wrote: I am running puppet-0.24.8 with passenger-2.2.2, apache-2.2.3 on RHEL 5.2. I have two nodes, one x86_64 and one ppc64, that have the client running and they are checking in regularly as expected. I have a minimal site.pp file which defines the owner, group and permissions on several files. Changes to those files on the two client nodes are reverted according to the site.pp file as expected. I have a question about logging, though. Puppet now logs through /var/ log/messages. This is fine, but not my first choice. Is this being handled by apache? Do I need to add an entry in the virtual host section of httpd.conf; or is this being handled by rack? I would prefer that the logging be done in /var/puppet/log/masterhttp.log Any suggestions would be appreciated. Take a look at the configuration reference at [1], especially the httplog, logdir, rails_loglevel. railslog, report*, and syslogfacility. See [2] for details on reporting. Regards, DavidS [1]http://reductivelabs.com/trac/puppet/wiki/ConfigurationReference [2]http://reductivelabs.com/trac/puppet/wiki/ReportReference Thank you for the reply. Unfortunately, I still cannot change where puppetmasterd logs when used as a rack app. The cofig.ru http://cofig.ru file has the following lines: # startup code stolen from bin/puppetmasterd Puppet.parse_config Puppet::Util::Log.level = :info Puppet::Util::Log.newdestination(:syslog) Commenting out the last two lines has the effect of stopping logging altogether even though logdir and httplog are specified in /etc/puppet/ puppet.conf Doing the following causes the clients to report: Could not call puppetmaster.getconfig: #RuntimeError: HTTP-Error: 500 Internal Server Error mylog = File.new(/var/puppet/log/myhttp.log, a+) Puppet::Util::Log.newdestination(mylog) I am clearly missing something. Any further clues would be appreciated. Cheers-- Charles --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] puppetrun 0.25.0 - cacrl error message?
Hi I'm trying puppetrun on puppet 0.25.0 (with passenger). For that I added on the client in /etc/puppet/puppet.conf the following line listen = true and added /etc/puppet/namespaceauth.conf file with: [fileserver] allow *.domain.ch [puppetmaster] allow *.domain.ch [puppetrunner] allow *.domain.ch [puppetbucket] allow *.domain.ch [puppetreports] allow *.domain.ch [resource] allow *.domain.ch After that I restarted puppet on the client and tried to connect from the puppetserver r...@id-lnx-deployment:/opt/foreman # puppetrun --host slabstb251.domain.ch Triggering slabstb251.domain.ch Host slabstb251.domain.ch failed: Could not connect to slabstb251.domain.ch on port 8139 slabstb251.domain.ch finished with exit code 2 Failed: slabstb251.domain.ch Than I figured out that the client daemon isn't running (like before without the listen option) or even listening on Port 8139 In /var/log/messages (on the client) I found the following lines: Oct 5 13:53:01 slabstb251 puppetd[31843]: Setting the :cacrl to 'false' is deprecated; Puppet will just ignore the crl if yours is missing Oct 5 13:53:02 slabstb251 puppetd[31843]: Starting Puppet client version 0.25.0 Oct 5 13:53:02 slabstb251 puppetd[31843]: Cached certificate_revocation_list for ca failed: Cannot manage the CRL when :cacrl is set to false Oct 5 13:53:02 slabstb251 puppetd[31843]: Could not retrieve catalog from remote server: Could not intern from s: Cannot manage the CRL when :cacrl is set to false I haven't used cacrl option in the puppet.conf file, So I don't understand this error messages ... I tried cacrl = true but with the same effect ... Any help ? Philipp --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Puppet 0.25 - passenger + foreman (webfrontend)
I found the answer by myself ... mongrel network settings can be changend in /opt/foreman/vendor/rails/railties/lib/commands/server.rb I noticed that our company firewall is blocking Port 3000. Now it is working, I can see the webgui ... Next steps will be to use passenger instead of mongrel philipp Hanselmann wrote: Hi I was trying to installed foreman, but up to know it fails ... (Setup: Redhat Server 5.0 Puppet 0.25 + Passenger, foreman is installed on the same server than Puppet ) I did the following steps: 1.) r...@id-lnx-deployment:/opt # git clone git://github.com/ohadlevy/foreman.git foreman Initialized empty Git repository in /opt/foreman/.git/ remote: Counting objects: 3578, done. remote: Compressing objects: 100% (2690/2690), done. remote: Total 3578 (delta 1193), reused 2516 (delta 566) Receiving objects: 100% (3578/3578), 3.29 MiB | 1269 KiB/s, done. Resolving deltas: 100% (1193/1193), done. 2.) r...@id-lnx-deployment:/opt # cd foreman 3.) r...@id-lnx-deployment:/opt/foreman # git submodule init Submodule 'vendor/plugins/active_scaffold' (git://github.com/activescaffold/active_scaffold.git) registered for path 'vendor/plugins/active_scaffold' No submodule mapping found in .gitmodules for path 'vendor/plugins/ruby-net-ldap' 4.) r...@id-lnx-deployment:/opt/foreman # git submodule update Initialized empty Git repository in /opt/foreman/vendor/plugins/active_scaffold/.git/ remote: Counting objects: 8210, done. remote: Compressing objects: 100% (2166/2166), done. remote: Total 8210 (delta 6070), reused 7746 (delta 5647) Receiving objects: 100% (8210/8210), 1016.04 KiB | 614 KiB/s, done. Resolving deltas: 100% (6070/6070), done. Submodule path 'vendor/plugins/active_scaffold': checked out '4dcef6d830b3201711ae5b3d2c193a19a31924fd' No submodule mapping found in .gitmodules for path 'vendor/plugins/ruby-net-ldap' 5.) RAILS_ENV=production rake db:migrate 6.) rake puppet:migrate:populate_hosts RAILS_ENV=production 7.) r...@id-lnx-deployment:/opt/foreman # ./script/server -e production = Booting Mongrel = Rails 2.3.2 application starting on http://0.0.0.0:3000 = Call with -d to detach = Ctrl-C to shutdown server When I did these steps it looked for me everything was working, but when I finally try to get access to id-lnx-deployment:3000 in my webbrowser I can't load the page ;-( For me it looks like that http://0.0.0.0:3000 is only accessible locally but not not from outside? And if I try on the server cd /tmp ; wget http://localhost:3000; I will download successfully a *empty* page? The same empty page I get on my local machine with http://localhost:3000; with an ssh tunnel (ssh -D 3000 r...@id-lnx-deployment) ... Questions: 1.) Where can I configure that mongrel is accepting connections from outside? 2.) Why does foreman provide empty pages? Thanks for the help! Philipp --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Puppet 0.25 - passenger + foreman (webfrontend)
Hi I was trying to installed foreman, but up to know it fails ... (Setup: Redhat Server 5.0 Puppet 0.25 + Passenger, foreman is installed on the same server than Puppet ) I did the following steps: 1.) r...@id-lnx-deployment:/opt # git clone git://github.com/ohadlevy/foreman.git foreman Initialized empty Git repository in /opt/foreman/.git/ remote: Counting objects: 3578, done. remote: Compressing objects: 100% (2690/2690), done. remote: Total 3578 (delta 1193), reused 2516 (delta 566) Receiving objects: 100% (3578/3578), 3.29 MiB | 1269 KiB/s, done. Resolving deltas: 100% (1193/1193), done. 2.) r...@id-lnx-deployment:/opt # cd foreman 3.) r...@id-lnx-deployment:/opt/foreman # git submodule init Submodule 'vendor/plugins/active_scaffold' (git://github.com/activescaffold/active_scaffold.git) registered for path 'vendor/plugins/active_scaffold' No submodule mapping found in .gitmodules for path 'vendor/plugins/ruby-net-ldap' 4.) r...@id-lnx-deployment:/opt/foreman # git submodule update Initialized empty Git repository in /opt/foreman/vendor/plugins/active_scaffold/.git/ remote: Counting objects: 8210, done. remote: Compressing objects: 100% (2166/2166), done. remote: Total 8210 (delta 6070), reused 7746 (delta 5647) Receiving objects: 100% (8210/8210), 1016.04 KiB | 614 KiB/s, done. Resolving deltas: 100% (6070/6070), done. Submodule path 'vendor/plugins/active_scaffold': checked out '4dcef6d830b3201711ae5b3d2c193a19a31924fd' No submodule mapping found in .gitmodules for path 'vendor/plugins/ruby-net-ldap' 5.) RAILS_ENV=production rake db:migrate 6.) rake puppet:migrate:populate_hosts RAILS_ENV=production 7.) r...@id-lnx-deployment:/opt/foreman # ./script/server -e production = Booting Mongrel = Rails 2.3.2 application starting on http://0.0.0.0:3000 = Call with -d to detach = Ctrl-C to shutdown server When I did these steps it looked for me everything was working, but when I finally try to get access to id-lnx-deployment:3000 in my webbrowser I can't load the page ;-( For me it looks like that http://0.0.0.0:3000 is only accessible locally but not not from outside? And if I try on the server cd /tmp ; wget http://localhost:3000; I will download successfully a *empty* page? The same empty page I get on my local machine with http://localhost:3000; with an ssh tunnel (ssh -D 3000 r...@id-lnx-deployment) ... Questions: 1.) Where can I configure that mongrel is accepting connections from outside? 2.) Why does foreman provide empty pages? Thanks for the help! Philipp --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: environments for several internal customers?
Meanwhile I found a solution ... I just use environment names which can't be guessed ... like On puppet.conf on the puppetmaster: [math-34lkdfjop34j-dev] modulepath = /etc/puppet/data/math/dev/modules manifest = /etc/puppet/date/math/dev/manifests/init.pp [math-34lkdfjop34j-prd] modulepath = /etc/puppet/data/math/prd/modules manifest = /etc/puppet/date/math/prd/manifests/init.pp [infk-.289n3D0dg2-dev] modulepath = /etc/puppet/data/inf/dev/modules manifest = /etc/puppet/date/inf/dev/manifests/init.pp [infk-.289n3D0dg2-prd] modulepath = /etc/puppet/data/inf/dev/modules manifest = /etc/puppet/date/inf/prd/manifests/init.pp So the math department has it's own user math. With this, they have only access to /etc/puppet/data/math/ So they know their own environments, but they don't know the environment names of the other puppet users. The puppet.conf on the puppet server is only readable by the puppetmaster deamon ... It this suitable way? Philipp Macno schrieb: I do that in this way: On puppet.conf on the puppetmaster: --- [puppetmasterd] reports = store,rrdgraph,tagmail,log autosign = true environments = alpha,beta,gamma manifest = /no/file [beta] modulepath = /etc/puppet/data/beta/ manifest = /etc/puppet/manifests/site-beta.pp [alpha] modulepath = /etc/puppet/data/alpha/ manifest = /etc/puppet/manifests/site-alpha.pp [gamma] modulepath = /etc/puppet/data/gamma/ manifest = /etc/puppet/manifests/site-gamma.pp --- /etc/puppet/manifests/site-beta.pp has something like: import project_beta (a module, in where you define your infrastructure, placed in /etc/puppet/data/beta/ ) Permissions on /etc/puppet/data/beta/ are limited to the users/groups that can manage files for the beta environment. On puppet.conf on the client (for example of the beta environment): [main] vardir = /var/lib/puppet logdir = /var/log/puppet rundir = /var/run/puppet ssldir = $vardir/ssl environment = beta [puppetd] classfile = $vardir/classes.txt localconfig = $vardir/localconfig environments = beta You can define also testing / production environments for each department, with something like: On clients: [main] vardir = /var/lib/puppet logdir = /var/log/puppet rundir = /var/run/puppet ssldir = $vardir/ssl environment = betaprod [puppetd] classfile = $vardir/classes.txt localconfig = $vardir/localconfig environments = betatest,betaprod (normal puppetruns use beta-prod, with puppetd -t -- environment=betatest you run on the test environment of beta). puppet.conf on the puppet master becomes something like: [puppetmasterd] reports = store,rrdgraph,tagmail,log autosign = true environments = alphatest,alphaprod,betatest,betaprod ... manifest = /no/file [betatest] modulepath = /etc/puppet/data/beta/test/ manifest = /etc/puppet/manifests/site-beta.pp [betaprod] modulepath = /etc/puppet/data/beta/prod/ manifest = /etc/puppet/manifests/site-beta.pp /etc/puppet/data/beta/test/ and /etc/puppet/data/beta/prod/ are both git clones that pull from something like /etc/puppet/data/beta/ gitrepo My2c Alessandro Franceschi On 7 Set, 10:24, philipp Hanselmann philipp.hanselm...@gmail.com wrote: We are planning to use a puppet server for several internal customers at our school (ETHZ - Swiss Fedral Institute of Technology Zürich). One way could be to choose a separate environment for each customer ... Each customer will get a normal user on the puppet server. With this he can edit his files inside his own environment path ... But how can we ensure that the customers are separated? It should NOT be possible for customer X to choose a environment from customer Y. Is there a way to implement this? Philipp Hanselmann --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Puppet 0.25 migration
Matt schrieb: For info - I removed passenger 2.2.5, installed 2.2.2 - rebuilt the passenger apache module, then removed all traces of puppet includes certs. Installed puppet 0.25 rpms, set up the config.ru and all worked. And the /etc/httpd/conf.d/puppet.conf ? Have you edited that file after the installation of 0.25 ? 2009/9/10 philipp Hanselmann philipp.hanselm...@gmail.com: philipp Hanselmann schrieb: I have similar issues with passenger 2.2.5. Now I am trying to downgrade passenger to 2.2.2 gem install passenger -v 2.2.2 This will install 2.2.2, but the passenger 2.2.5 remains installed? Than I noticed that the install process, still use 2.2.5! passenger-install-apache2-module So how can I remove passenger 2.2.5 ? Ok. I found it by myself .. gem uninstall passenger -v 2.2.5 Pete Emerson schrieb: Done. The issue is now posted here, and I added --trace to my puppetmasterd arguments to provide more info. http://projects.reductivelabs.com/issues/2620 Pete On Wed, Sep 9, 2009 at 4:29 PM, Luke Kanies l...@madstop.com wrote: Can you file this as a bug, and add all of this logging data to it? On Sep 9, 2009, at 3:58 PM, Pete Emerson wrote: I'm seeing this as well, and have some info that may be useful. For me the problem happens whether I use passenger-2.2.5, passenger-2.2.2, or the puppetmasterd daemon directly. I started with exactly the auth.conf from here: http://github.com/reductivelabs/puppet/blob/c2e26b9bb28ebcb8e07822015f99bd6a971b51c8/conf/auth.conf When I run the puppetmasterd in --no-daemon --debug mode, I see this when the client connects: info: access[^/catalog/([^/]+)$]: allowing 'method' find info: access[^/catalog/([^/]+)$]: allowing $1 access info: access[/certificate_revocation_list/ca]: allowing 'method' find info: access[/certificate_revocation_list/ca]: allowing * access info: access[/report]: allowing 'method' save info: access[/report]: allowing * access info: access[/file]: allowing * access info: access[/certificate/ca]: adding authentication no info: access[/certificate/ca]: allowing 'method' find info: access[/certificate/ca]: allowing * access info: access[/certificate/]: adding authentication no info: access[/certificate/]: allowing 'method' find info: access[/certificate/]: allowing * access info: access[/certificate_request]: adding authentication no info: access[/certificate_request]: allowing 'method' find info: access[/certificate_request]: allowing 'method' save info: access[/certificate_request]: allowing * access info: access[/]: adding authentication any info: access[^/catalog/([^/]+)$]: defaulting to no access for 01.admin.demo.nym1 warning: Denying access: Forbidden request: 01.admin.demo.nym1(my.ip.address.here) access to /catalog/01.admin.demo.nym1 [find] authenticated at line 52 err: Forbidden request: 01.admin.demo.nym1(my.ip.address.here) access to /catalog/01.admin.demo.nym1 [find] authenticated at line 52 Lines 51 through 54 of the auth.conf: # allow nodes to retrieve their own catalog (ie their configuration) path ~ ^/catalog/([^/]+)$ method find allow $1 When I change 'allow $1' to 'allow *', the client is able to connect and it successfully ran my manifest. If I change my allow line to 'allow fakesstringhere', I see this: info: access[^/catalog/([^/]+)$]: allowing fakestringhere access When I change it back to 'allow $1': info: access[^/catalog/([^/]+)$]: allowing $1 access It seems like the regex capture of (^[/]+) isn't being stored in $1, and $1 is being used literally instead of substituting in the value from the regex? In case versions are interesting, I'm using CentOS 5 with the rpms found at http://tmz.fedorapeople.org/repo/puppet/epel/5/x86_64/ puppet-0.25.0-0.4.el5.noarch puppet-server-0.25.0-0.4.el5.noarch ruby-1.8.5-5.el5_3.7.x86_64 ruby-augeas-0.3.0-1.el5.x86_64 ruby-devel-1.8.5-5.el5_3.7.x86_64 rubygems-1.3.1-1.el5.noarch ruby-irb-1.8.5-5.el5_3.7.x86_64 ruby-libs-1.8.5-5.el5_3.7.x86_64 ruby-rdoc-1.8.5-5.el5_3.7.x86_64 ruby-shadow-1.4.1-7.el5.x86_64 ruby gem info (although passenger is out of the mix): fastthread (1.0.7) passenger (2.2.2) rack (1.0.0) rake (0.8.7) Pete On Wed, Sep 9, 2009 at 11:30 AM, jrojas ja...@nothingbeatsaduck.com wrote: I am seeing this problem as well. Reverting from 2.2.5 to 2.2.2 did not help. On Sep 9, 9:12 am, Matt mattmora...@gmail.com wrote: Reverting back to the passenger 2.2.2 gem worked for me. 2009/9/8 Larry Ludwig la...@reductivelabs.com: hmm passenger 2.2.5 is released? hmm I'll have to test it out. -L -- Larry Ludwig Reductive Labs -- It is well to remember that the entire universe, with one trifling exception, is composed of others. --John Andrew Holmes
[Puppet Users] Re: Puppet 0.25 migration
I have similar issues with passenger 2.2.5. Now I am trying to downgrade passenger to 2.2.2 gem install passenger -v 2.2.2 This will install 2.2.2, but the passenger 2.2.5 remains installed? Than I noticed that the install process, still use 2.2.5! passenger-install-apache2-module So how can I remove passenger 2.2.5 ? Pete Emerson schrieb: Done. The issue is now posted here, and I added --trace to my puppetmasterd arguments to provide more info. http://projects.reductivelabs.com/issues/2620 Pete On Wed, Sep 9, 2009 at 4:29 PM, Luke Kanies l...@madstop.com wrote: Can you file this as a bug, and add all of this logging data to it? On Sep 9, 2009, at 3:58 PM, Pete Emerson wrote: I'm seeing this as well, and have some info that may be useful. For me the problem happens whether I use passenger-2.2.5, passenger-2.2.2, or the puppetmasterd daemon directly. I started with exactly the auth.conf from here: http://github.com/reductivelabs/puppet/blob/c2e26b9bb28ebcb8e07822015f99bd6a971b51c8/conf/auth.conf When I run the puppetmasterd in --no-daemon --debug mode, I see this when the client connects: info: access[^/catalog/([^/]+)$]: allowing 'method' find info: access[^/catalog/([^/]+)$]: allowing $1 access info: access[/certificate_revocation_list/ca]: allowing 'method' find info: access[/certificate_revocation_list/ca]: allowing * access info: access[/report]: allowing 'method' save info: access[/report]: allowing * access info: access[/file]: allowing * access info: access[/certificate/ca]: adding authentication no info: access[/certificate/ca]: allowing 'method' find info: access[/certificate/ca]: allowing * access info: access[/certificate/]: adding authentication no info: access[/certificate/]: allowing 'method' find info: access[/certificate/]: allowing * access info: access[/certificate_request]: adding authentication no info: access[/certificate_request]: allowing 'method' find info: access[/certificate_request]: allowing 'method' save info: access[/certificate_request]: allowing * access info: access[/]: adding authentication any info: access[^/catalog/([^/]+)$]: defaulting to no access for 01.admin.demo.nym1 warning: Denying access: Forbidden request: 01.admin.demo.nym1(my.ip.address.here) access to /catalog/01.admin.demo.nym1 [find] authenticated at line 52 err: Forbidden request: 01.admin.demo.nym1(my.ip.address.here) access to /catalog/01.admin.demo.nym1 [find] authenticated at line 52 Lines 51 through 54 of the auth.conf: # allow nodes to retrieve their own catalog (ie their configuration) path ~ ^/catalog/([^/]+)$ method find allow $1 When I change 'allow $1' to 'allow *', the client is able to connect and it successfully ran my manifest. If I change my allow line to 'allow fakesstringhere', I see this: info: access[^/catalog/([^/]+)$]: allowing fakestringhere access When I change it back to 'allow $1': info: access[^/catalog/([^/]+)$]: allowing $1 access It seems like the regex capture of (^[/]+) isn't being stored in $1, and $1 is being used literally instead of substituting in the value from the regex? In case versions are interesting, I'm using CentOS 5 with the rpms found at http://tmz.fedorapeople.org/repo/puppet/epel/5/x86_64/ puppet-0.25.0-0.4.el5.noarch puppet-server-0.25.0-0.4.el5.noarch ruby-1.8.5-5.el5_3.7.x86_64 ruby-augeas-0.3.0-1.el5.x86_64 ruby-devel-1.8.5-5.el5_3.7.x86_64 rubygems-1.3.1-1.el5.noarch ruby-irb-1.8.5-5.el5_3.7.x86_64 ruby-libs-1.8.5-5.el5_3.7.x86_64 ruby-rdoc-1.8.5-5.el5_3.7.x86_64 ruby-shadow-1.4.1-7.el5.x86_64 ruby gem info (although passenger is out of the mix): fastthread (1.0.7) passenger (2.2.2) rack (1.0.0) rake (0.8.7) Pete On Wed, Sep 9, 2009 at 11:30 AM, jrojas ja...@nothingbeatsaduck.com wrote: I am seeing this problem as well. Reverting from 2.2.5 to 2.2.2 did not help. On Sep 9, 9:12 am, Matt mattmora...@gmail.com wrote: Reverting back to the passenger 2.2.2 gem worked for me. 2009/9/8 Larry Ludwig la...@reductivelabs.com: hmm passenger 2.2.5 is released? hmm I'll have to test it out. -L -- Larry Ludwig Reductive Labs -- It is well to remember that the entire universe, with one trifling exception, is composed of others. --John Andrew Holmes - Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Puppet 0.25 migration
philipp Hanselmann schrieb: I have similar issues with passenger 2.2.5. Now I am trying to downgrade passenger to 2.2.2 gem install passenger -v 2.2.2 This will install 2.2.2, but the passenger 2.2.5 remains installed? Than I noticed that the install process, still use 2.2.5! passenger-install-apache2-module So how can I remove passenger 2.2.5 ? Ok. I found it by myself .. gem uninstall passenger -v 2.2.5 Pete Emerson schrieb: Done. The issue is now posted here, and I added --trace to my puppetmasterd arguments to provide more info. http://projects.reductivelabs.com/issues/2620 Pete On Wed, Sep 9, 2009 at 4:29 PM, Luke Kanies l...@madstop.com wrote: Can you file this as a bug, and add all of this logging data to it? On Sep 9, 2009, at 3:58 PM, Pete Emerson wrote: I'm seeing this as well, and have some info that may be useful. For me the problem happens whether I use passenger-2.2.5, passenger-2.2.2, or the puppetmasterd daemon directly. I started with exactly the auth.conf from here: http://github.com/reductivelabs/puppet/blob/c2e26b9bb28ebcb8e07822015f99bd6a971b51c8/conf/auth.conf When I run the puppetmasterd in --no-daemon --debug mode, I see this when the client connects: info: access[^/catalog/([^/]+)$]: allowing 'method' find info: access[^/catalog/([^/]+)$]: allowing $1 access info: access[/certificate_revocation_list/ca]: allowing 'method' find info: access[/certificate_revocation_list/ca]: allowing * access info: access[/report]: allowing 'method' save info: access[/report]: allowing * access info: access[/file]: allowing * access info: access[/certificate/ca]: adding authentication no info: access[/certificate/ca]: allowing 'method' find info: access[/certificate/ca]: allowing * access info: access[/certificate/]: adding authentication no info: access[/certificate/]: allowing 'method' find info: access[/certificate/]: allowing * access info: access[/certificate_request]: adding authentication no info: access[/certificate_request]: allowing 'method' find info: access[/certificate_request]: allowing 'method' save info: access[/certificate_request]: allowing * access info: access[/]: adding authentication any info: access[^/catalog/([^/]+)$]: defaulting to no access for 01.admin.demo.nym1 warning: Denying access: Forbidden request: 01.admin.demo.nym1(my.ip.address.here) access to /catalog/01.admin.demo.nym1 [find] authenticated at line 52 err: Forbidden request: 01.admin.demo.nym1(my.ip.address.here) access to /catalog/01.admin.demo.nym1 [find] authenticated at line 52 Lines 51 through 54 of the auth.conf: # allow nodes to retrieve their own catalog (ie their configuration) path ~ ^/catalog/([^/]+)$ method find allow $1 When I change 'allow $1' to 'allow *', the client is able to connect and it successfully ran my manifest. If I change my allow line to 'allow fakesstringhere', I see this: info: access[^/catalog/([^/]+)$]: allowing fakestringhere access When I change it back to 'allow $1': info: access[^/catalog/([^/]+)$]: allowing $1 access It seems like the regex capture of (^[/]+) isn't being stored in $1, and $1 is being used literally instead of substituting in the value from the regex? In case versions are interesting, I'm using CentOS 5 with the rpms found at http://tmz.fedorapeople.org/repo/puppet/epel/5/x86_64/ puppet-0.25.0-0.4.el5.noarch puppet-server-0.25.0-0.4.el5.noarch ruby-1.8.5-5.el5_3.7.x86_64 ruby-augeas-0.3.0-1.el5.x86_64 ruby-devel-1.8.5-5.el5_3.7.x86_64 rubygems-1.3.1-1.el5.noarch ruby-irb-1.8.5-5.el5_3.7.x86_64 ruby-libs-1.8.5-5.el5_3.7.x86_64 ruby-rdoc-1.8.5-5.el5_3.7.x86_64 ruby-shadow-1.4.1-7.el5.x86_64 ruby gem info (although passenger is out of the mix): fastthread (1.0.7) passenger (2.2.2) rack (1.0.0) rake (0.8.7) Pete On Wed, Sep 9, 2009 at 11:30 AM, jrojas ja...@nothingbeatsaduck.com wrote: I am seeing this problem as well. Reverting from 2.2.5 to 2.2.2 did not help. On Sep 9, 9:12 am, Matt mattmora...@gmail.com wrote: Reverting back to the passenger 2.2.2 gem worked for me. 2009/9/8 Larry Ludwig la...@reductivelabs.com: hmm passenger 2.2.5 is released? hmm I'll have to test it out. -L -- Larry Ludwig Reductive Labs -- It is well to remember that the entire universe, with one trifling exception, is composed of others. --John Andrew Holmes - Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com
[Puppet Users] environments for several internal customers?
We are planning to use a puppet server for several internal customers at our school (ETHZ - Swiss Fedral Institute of Technology Zürich). One way could be to choose a separate environment for each customer ... Each customer will get a normal user on the puppet server. With this he can edit his files inside his own environment path ... But how can we ensure that the customers are separated? It should NOT be possible for customer X to choose a environment from customer Y. Is there a way to implement this? Philipp Hanselmann --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Controlling the order of execution of puppet code?
Junhao schrieb: Greg wrote: Only way I know is to make individual objects depend on other objects. Can't do it at class level... I think there is a feature request somewhere in the system for this, because I'd like it as well... Greg On May 27, 9:56 pm, philipp Hanselmann philipp.hanselm...@gmail.com wrote: May somebody has answer ... How can I ensure that certain classes get executed on the client side before the other ones do? Have a look on the example: class AA case $operatingsystem { redhat: { include AA::do-first } default: {} } include AA::software include AA::desktop } class AA::do-first { # do an rhn_register exec { register-system: command = rm -f /etc/sysconfig/rhn/systemid ; rhnreg_ks --force --serverUrl=https://$rhn_server/XMLRPC --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=$activation_key, logoutput = true, unless = /usr/sbin/rhn_check, tag = register-system, } } class AA::software { # do someting after AA::do-first } class AA::desktop { # do something after AA::do-first } For an Redhat system the resource(s) in AA::do-first should run before the resource(s) in AA::software AA::desktop. Is their an simple way for that? An other wish would be: If Exec register-system fails, puppet should stop his execution without do go through the class AA::software AA::desktop. Thanks for the help! Philipp What about: module AA: class AA {} class AA::do-first { $myvariable } class AA::software inherits AA::do-first {} class AA::desktop inherits AA::do-first {} node foo: node foo { import AA include AA::desktop } Junhao Hi Janhao Even this works, I had issues with the scope of my global defined variables, so I decided to replace all my inherits code trough include(s). Since than puppet handle my variables like expected. So not really willing to go back. I must commit up to date I couldn't understand the advances of using class inheritance comparing to include statements ... class master { # do something } class slave inherits master { # do something } OR class master { # do something } class slave { include master # do something } What are differences execpt to get issues with the variable scope in inheritanced classes? Philipp --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Controlling the order of execution of puppet code?
James Turnbull schrieb: Brice Figureau wrote: On Thu, 2009-05-28 at 11:55 +0200, Peter Meier wrote: Hi Only way I know is to make individual objects depend on other objects. Can't do it at class level... I think there is a feature request somewhere in the system for this, because I'd like it as well... hmm did I only dream that in the upcoming release there will be a require (or something like that) keyword to include a class and require it. Unfortunately I'm not able to find the appropriate bug report. I implemented it for sure, but in the end I think it was rejected: http://projects.reductivelabs.com/issues/1907 Re-reading the thread I see why we rejected the bug, but not the patch. I think I'll have to resubmit it. Yes - had to go re-read myself. As long as we provide both functions - include and a stronger require - I think this is an easy +1. Regards James Turnbull Yes, that will be great when require for classes comes in. With this I can much more control, how puppet evaluates the configuration. Thanks! Philipp --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Controlling the order of execution of puppet code?
May somebody has answer ... How can I ensure that certain classes get executed on the client side before the other ones do? Have a look on the example: class AA case $operatingsystem { redhat: { include AA::do-first } default: {} } include AA::software include AA::desktop } class AA::do-first { # do an rhn_register exec { register-system: command = rm -f /etc/sysconfig/rhn/systemid ; rhnreg_ks --force --serverUrl=https://$rhn_server/XMLRPC --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=$activation_key, logoutput = true, unless = /usr/sbin/rhn_check, tag = register-system, } } class AA::software { # do someting after AA::do-first } class AA::desktop { # do something after AA::do-first } For an Redhat system the resource(s) in AA::do-first should run before the resource(s) in AA::software AA::desktop. Is their an simple way for that? An other wish would be: If Exec register-system fails, puppet should stop his execution without do go through the class AA::software AA::desktop. Thanks for the help! Philipp --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: How to use definitions with common resources?
Simon J Mudd schrieb: philipp.hanselm...@gmail.com (puppet) writes: Replace this line: $download_dir = '/root/tmp' with: #NOTE: generate is executed on the puppetmaster. $download_dir = generate(/usr/bin/env,bash,'-c',/bin/ mktemp) With this every time your definition get used it will choose an random folder in your /tmp. Thanks. The idea is good, but it doesn't quite work. 1. The script unfortunately contains account information user/passwords for the application's initial installation. Hence /root/tmp is better as only root users can access this directory. 1.) With mktemp -p /root this will choose a random folder name begining with /root 2. ) permissions? Your puppet code: file { $download_dir: owner = root, group = root, mode= 700, ensure = directory, } takes already care that only root has access of new generated files in the folder $download_dir ? At least my tests confirmed that ... 3.) Clean-up of the random folder? may something like this helps? exec { $install_script/$software_env: command = $download_dir/$install_script ... appropriate parameters ... rm Rf $download_dir, onlyif = ... test if software not installed ..., require = File[$download_dir/$install_script] } Philipp --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: How to use definitions with common resources?
Replace this line: $download_dir = '/root/tmp' with: #NOTE: generate is executed on the puppetmaster. $download_dir = generate(/usr/bin/env,bash,'-c',/bin/mktemp) With this every time your definition get used it will choose an random folder in your /tmp. I hope this works? Philipp --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---