[Puppet Users] How best to accomplish geographic location of clients?

2014-09-02 Thread randal cobb 
Hello all,

I have a small problem I'm trying to resolve, and I'm bowing to the masters 
for suggestions.   Our development organization uses VMware and desktop VMs 
to perform development efforts;  I've come up with mechanisms to populate 
these VMs using puppet to install all the tools they need, such as Eclipse, 
Maven, JDKs, etc. but I'm faced with an issue that I have put off until 
now:  using geographically located tools and servers.  In my environment, 
we have several geographically located "mirror" or "slave" servers for key 
infrastructure environments such as Nexus, Sonar, Subversion, etc.  So, 
while all of our "master" servers are located in data-centers in the US, we 
will have "slave" versions of them located in other countries, such as 
Brazil, India, Canada, etc.   So, on to my question:  Is there a way for 
Puppet to detect where a client is running, geographically?   For example, 
if a VM starts up in Hyderabad, India, I want to add host entries to the VM 
that point services like SVN, Nexus, Sonar, Jenkins, etc. to local slaves. 
 I already have manifests to set the host entries appropriately for a given 
location, so this is the easy part.  To add a wrinkle, my company has added 
rules so that ALL VMs that end-users can run on their desktops or laptops 
MUST use NAT ip addresses, so I can't easily use an IP subnet to calculate 
what the best hosts to use are.

So, might anyone have any suggestions or ideas of how I might try to 
accomplish this?

Thanks in advance!
Randy

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/80707b3f-d635-4ea5-a9f5-8643ff5f7bc7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] how to force a zypper refresh?

2014-08-25 Thread randal cobb 
Thanks for the very quick reply!  I'll give that a shot.

On Monday, August 25, 2014 11:37:26 AM UTC-4, Darin Perusich wrote:
>
> Use the zypprepo module to managing your zypper repositories. 
>
> https://forge.puppetlabs.com/darin/zypprepo 
>
> puppet module install darin-zypprepo 
> -- 
> Later, 
> Darin 
>
>
> On Mon, Aug 25, 2014 at 10:35 AM, randal cobb  > wrote: 
> > Hello all, 
> > 
> > I'm trying to solve an issue with Puppet and I'm hoping you can help 
> guide 
> > me.  We have an internal YUM repository that we build/deploy to quite 
> > frequently, and several of the artifacts we publish to that repository 
> need 
> > to be pushed out (via puppet) to servers a couple of times per day.   
> All of 
> > my servers are SLES or openSuse based, and thus use Zypper.  My question 
> is, 
> > since the repository gets updated frequently and zypper doesn't refresh 
> > repository indexes by itself, is there a way to force a zypper refresh 
> > ALWAYS as the first task in a manifest? 
> > 
> > I've tried adding an exec item in a sample machine's manifest and having 
> all 
> > the "packages" require it, but it isn't doing what I expect.  It never 
> seems 
> > to run the "refresh" prior to trying to install any packages.  Here are 
> a 
> > few snippets from my manifest structure: 
> > 
> > in base.pp: 
> > exec { zypper-refresh: 
> > command => 'zypper --no-gpg-checks refresh', 
> > path => ["/usr/bin", "/bin", "/sbin"], 
> > } 
> > 
> > 
> > package { "puppet": 
> > ensure => installed, 
> > require => Exec['zypper-refresh'], 
> > } 
> > 
> > 
> > package { "augeas": 
> > ensure => present, 
> > require => Package['puppet'], 
> > } 
> > 
> > 
> > package { "rubygem-ruby-augeas": 
> > ensure => present, 
> > require => Package['augeas'], 
> > } 
> > 
> > 
> > in test-server.pp (which inherits base.pp) 
> > package { 'geany': 
> > ensure => installed, 
> > require => Exec['zypper-refresh'], 
> > } 
> > 
> > package { 'myjavamodule_xx': 
> > ensure => installed, 
> > require => Exec['zypper-refresh'], 
> > } 
> > 
> > 
> > etc. 
> > 
> > Any suggestions? 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups 
> > "Puppet Users" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an 
> > email to puppet-users...@googlegroups.com . 
> > To view this discussion on the web visit 
> > 
> https://groups.google.com/d/msgid/puppet-users/a98d4d09-c0a0-480e-8904-adf075179a8e%40googlegroups.com.
>  
>
> > For more options, visit https://groups.google.com/d/optout. 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/2e324cae-7005-4ef5-b294-b4cc99eac71e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] how to force a zypper refresh?

2014-08-25 Thread randal cobb 
Hello all,

I'm trying to solve an issue with Puppet and I'm hoping you can help guide 
me.  We have an internal YUM repository that we build/deploy to quite 
frequently, and several of the artifacts we publish to that repository need 
to be pushed out (via puppet) to servers a couple of times per day.   All 
of my servers are SLES or openSuse based, and thus use Zypper.  My question 
is, since the repository gets updated frequently and zypper doesn't refresh 
repository indexes by itself, is there a way to force a zypper refresh 
ALWAYS as the first task in a manifest?

I've tried adding an exec item in a sample machine's manifest and having 
all the "packages" require it, but it isn't doing what I expect.  It never 
seems to run the "refresh" prior to trying to install any packages.  Here 
are a few snippets from my manifest structure:

in base.pp:
exec { zypper-refresh:
command => 'zypper --no-gpg-checks refresh',
path => ["/usr/bin", "/bin", "/sbin"],
}


package { "puppet":
ensure => installed,
require => Exec['zypper-refresh'],
}


package { "augeas":
ensure => present,
require => Package['puppet'],
}


package { "rubygem-ruby-augeas":
ensure => present,
require => Package['augeas'],
}


in test-server.pp (which inherits base.pp)
package { 'geany':
ensure => installed,
require => Exec['zypper-refresh'],
}

package { 'myjavamodule_xx':
ensure => installed,
require => Exec['zypper-refresh'],
}


etc.

Any suggestions? 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/a98d4d09-c0a0-480e-8904-adf075179a8e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Augeas hates me!!!

2014-08-13 Thread randal cobb 
ok, that didn't seem to help.  I now have this result:
Debug: Augeas[apache2](provider=augeas): Opening augeas with root /, lens 
path , flags 64
Debug: Augeas[apache2](provider=augeas): Augeas version 1.0.0 is installed
Debug: Augeas[apache2](provider=augeas): Will attempt to save and only run 
if files changed
Debug: Augeas[apache2](provider=augeas): sending command 'set' with params [
"/files/etc/sysconfig/apache2/APACHE_MODULES", "\"actions alias auth_basic 
authn_file authz_host authz_groupfile authz_user autoindex cgi dir env 
expires include log_config mime negotiation setenvif ssl userdir reqtimeout 
authn_core authz_core status asis auth_digest headers proxy proxy_http 
rewrite vhost_alias authz_default proxy_balancer\""]
Debug: Augeas[apache2](provider=augeas): Skipping because no files were 
changed
Debug: Augeas[apache2](provider=augeas): Closed the augeas connection


from this manifest entry:
augeas { 'apache2':
context => "/files/etc/sysconfig/apache2",
lens=> "sysconfig.lns",
incl=> '/usr/share/augeas/lenses/dist/',
changes =>
'set APACHE_MODULES \'"actions alias auth_basic authn_file 
authz_host authz_groupfile authz_user autoindex cgi dir env expires include 
log_config mime negotiation setenvif ssl userdir reqtimeout authn_core 
authz_core status asis auth_digest headers proxy proxy_http rewrite 
vhost_alias authz_default proxy_balancer"\'',
}




On Tuesday, August 12, 2014 8:38:59 PM UTC-4, Vikas Kumar wrote:
>
> Hello,
>
> I think double quotes in your set statement are the culprit.
>
> Try to use set as below
>
> 'set /files/whatever/path \'"your text in quotes"\'',
>
>
>
> Regards,
> Vikas
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/2b04d1c1-6a6b-4544-b77b-b1f916838cd0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Augeas hates me!!!

2014-08-12 Thread randal cobb 
Thanks,  I'll give that a try in the morning.
 On Aug 12, 2014 8:39 PM, "Vikas Kumar"  wrote:

> Hello,
>
> I think double quotes in your set statement are the culprit.
>
> Try to use set as below
>
> 'set /files/whatever/path \'"your text in quotes"\'',
>
>
>
> Regards,
> Vikas
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Puppet Users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/puppet-users/BPOYk4BU-bY/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/8698f74d-b5cf-470f-983e-ca170861d468%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CABd8GATM_LTiqDiDBKXvbUifF8VHN19pPu4T_aVwkg4UJgjxag%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Augeas hates me!!!

2014-08-12 Thread randal cobb 
Hello, all!

I am trying to add some new modules to an openSuse 13.1 host with Puppet 
and Augeas with no luck.  The modules themselves are already installed by 
the example42/apache module, but I can't get the apache::module syntax to 
properly add the modules to the proper openSuse config files.  So, I'm 
opting for Augeas to do the dirty-work.  I have the following definition in 
the server's manifest (dev-apache.pp) file (the apache::module command are 
still there, but don't work, so the augeas section is the brute-force 
attempt; I just included them both so you can see the current state of this 
class manifest):
 

> ...
>
> apache::module { 'status': }
> apache::module { 'asis': }
> apache::module { 'auth_digest': }
> apache::module { 'headers': }
> apache::module { 'proxy': }
> apache::module { 'proxy_http': }
> apache::module { 'rewrite': }
> apache::module { 'vhost_alias': }
> apache::module { 'authz_default': }
> apache::module { 'proxy_balancer': }
>
> augeas { 'apache2':
> context => "/files/etc/sysconfig/apache2",
> lens=> "sysconfig.lns",
> incl=> '/usr/share/augeas/lenses/dist/',
> changes =>
> 'set APACHE_MODULES "actions alias auth_basic authn_file 
> authz_host authz_groupfile authz_user autoindex cgi dir env expires include 
> log_config mime negotiation setenvif ssl userdir reqtimeout authn_core 
> authz_core status asis auth_digest headers proxy proxy_http rewrite 
> vhost_alias authz_default proxy_balancer"',
> }
> ...
>

When running the agent in --debug --verbose --test, I get this debug output 
from augeas:

Debug: Augeas[apache2](provider=augeas): Opening augeas with root /, lens 
path , flags 64
Debug: Augeas[apache2](provider=augeas): Augeas version 1.0.0 is installed
Debug: Augeas[apache2](provider=augeas): Will attempt to save and only run 
if files changed
Debug: Augeas[apache2](provider=augeas): sending command 'set' with params [
"/files/etc/sysconfig/apache2/APACHE_MODULES", "actions alias auth_basic 
authn_file authz_host authz_groupfile authz_user autoindex cgi dir env 
expires include log_config mime negotiation setenvif ssl userdir reqtimeout 
authn_core authz_core status asis auth_digest headers proxy proxy_http 
rewrite vhost_alias authz_default proxy_balancer"]
Debug: Augeas[apache2](provider=augeas): Skipping because no files were 
changed
Debug: Augeas[apache2](provider=augeas): Closed the augeas connection


No errors, but the file is marked as unchanged.  

Before the puppet run, /etc/sysconfig/apache2 contains this line:
APACHE_MODULES="foo"
and obviously, it's the same afterwards.

Any insight into what I may be doing wrong?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/3d666f47-8b6e-436a-8791-a15e50ab9771%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Websphere profile creation with Puppet

2014-07-30 Thread randal cobb 
Hello all,

I can't seem to find any sort of solution while googling, so here goes:

I'm fairly new to Puppet and understand the concepts and solutions I've 
researched so far.  I'm even successfully building servers with all needed 
software packages.  But I'm struggling a bit with one install:  WebSphere 
app server (NOT Liberty profile, the old WAS 7.0.0.x monster - liberty 
would be a nice blessing).  I can get it installed successfully, but I 
can't find a module or suitable solution to creating an augmented profile 
via puppet.  It kinda defeats the purpose of using automated provisioning 
just to have to SSH in to each box just to create a WAS profile.  I'm also 
sure I'm not the first person who has this need, so I turn to you 
experts...  is there a module I'm missing, or perhaps googling for the 
wrong information?  Is there a way to solve this?  If so, ANY insight, even 
if its:  "dude, go goole XXX and YYY" would be helpful.  I just can't seem 
to find anything, so ANY suggestion is a good one.

Thanks in advance!
Randy

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/0877b273-5901-4bb6-9e56-52b7b43485ce%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: multiple VMs from a single node.pp file

2014-07-16 Thread randal cobb 
Thanks, all!

I took highlights from all your posts and came up with the following 
solution:

I wrote a relatively simple shell script that users of the VM image will 
run at launch to set up their VMs.  It does the following:
1) requires them to enter a domain userId
2) formulates a certname using their ID concatenated with "-dev-vm"
3) passes that formulated certname as an environment variable that facter 
can read (later via augeas to set the certname in the VM's puppet config)
4) calls the puppet agent --onetime -w...  command to request a cert
5) waits for me to approve the cert on the master
6) uses regex in the nodes.pp file to look for a hostname containing 
"-dev-vm", then applies that machine's class
7) uses the passed in certname to populate (via augeas) the vm's 
/etc/puppet/puppet.conf certname

I also set up a script on the master to send and respond to Jabber messages 
whenever a new cert request came in, so I can simply respond to the message 
with "approve" or "deny" the cert request without having to SSH to the 
master just to approve certs!

It works pretty slick!  I knew asking the experts would lead me to a good 
solution!  You all rock and I owe you all a beer!

Thanks again!
Randy

On Tuesday, July 15, 2014 3:09:57 PM UTC-4, randal cobb wrote:
>
> Hello, all...
>
> I have a scenario where all of our developers (spread geographically 
> around the world) use a VMWare or VirtualBox VM on their local desktop to 
> develop portions of a single product.  I've seemed to inherit this 
> nightmare of a process and believe I can make it much simpler, quicker, and 
> cleaner using Puppet.  Currently, they have to download an 80Gb VM image 
> from a single server in the US; so, because of the massive size of the VM, 
> most developers never upgrade their VMs to the latest image.   I know that 
> Puppet can fix this for me, but I have a few questions I'm hoping y'all can 
> help answer (I've used puppet for a few months to manage some 
> infrastructure servers, so concepts aren't alien to me).  Here are my 
> questions:
>
> Supposed I have 200 different machines (VMs) sitting on each developer's 
> desktop (rather in their VMware hypervisor)... 
> 1) can they all have the same certname, so I only have to maintain a 
> single node.pp manifest?
> 2) If so, how are SSL certs maintained, given there would be 200 different 
> VMs trying to use the same set of certs.  Or, does that even matter from a 
> node perspective?
> 3) If not, do I REALLY have to maintain 200 different manifests; all 
> identical to each other?
>
> I've been able to put together a single node.pp file that sets up 
> everything for them, so they only download a 2.8Gb bare VM image and puppet 
> does the rest.  But, when firing up subsequent VMs, of course the client 
> gets all confused because the generated certs don't match up.
>
> Any suggestions for a better solution, or workaround to this one?  (I've 
> thought about using NAT and a fixed MAC address, but with so many 
> developers out there, I'm sure some will re-create MAC addresses at some 
> point during their initial setup, or change their networking type for the 
> VM and start flooding the network with duplicated mac errors).  
>
> I'm sure I'm not the first person who's wanted to do something like this, 
> so I turn to the seasoned puppet veterans for guidance!   I HAVE googled 
> for solutions, but I may just not be using the right terminology to search 
> with; because I keep coming up blank on how best to tackle this.
>
> Thanks in advance!
> Randy
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/a1c925a0-81c7-407d-a460-d1f17ec8af97%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] multiple VMs from a single node.pp file

2014-07-15 Thread randal cobb 
Hello, all...

I have a scenario where all of our developers (spread geographically around 
the world) use a VMWare or VirtualBox VM on their local desktop to develop 
portions of a single product.  I've seemed to inherit this nightmare of a 
process and believe I can make it much simpler, quicker, and cleaner using 
Puppet.  Currently, they have to download an 80Gb VM image from a single 
server in the US; so, because of the massive size of the VM, most 
developers never upgrade their VMs to the latest image.   I know that 
Puppet can fix this for me, but I have a few questions I'm hoping y'all can 
help answer (I've used puppet for a few months to manage some 
infrastructure servers, so concepts aren't alien to me).  Here are my 
questions:

Supposed I have 200 different machines (VMs) sitting on each developer's 
desktop (rather in their VMware hypervisor)... 
1) can they all have the same certname, so I only have to maintain a single 
node.pp manifest?
2) If so, how are SSL certs maintained, given there would be 200 different 
VMs trying to use the same set of certs.  Or, does that even matter from a 
node perspective?
3) If not, do I REALLY have to maintain 200 different manifests; all 
identical to each other?

I've been able to put together a single node.pp file that sets up 
everything for them, so they only download a 2.8Gb bare VM image and puppet 
does the rest.  But, when firing up subsequent VMs, of course the client 
gets all confused because the generated certs don't match up.

Any suggestions for a better solution, or workaround to this one?  (I've 
thought about using NAT and a fixed MAC address, but with so many 
developers out there, I'm sure some will re-create MAC addresses at some 
point during their initial setup, or change their networking type for the 
VM and start flooding the network with duplicated mac errors).  

I'm sure I'm not the first person who's wanted to do something like this, 
so I turn to the seasoned puppet veterans for guidance!   I HAVE googled 
for solutions, but I may just not be using the right terminology to search 
with; because I keep coming up blank on how best to tackle this.

Thanks in advance!
Randy

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/be08e15f-44da-43f4-9f6a-8d10630ebefa%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.