Re: [Puppet Users] Recursive directory management
thank you very much, i'm gonna try this
and tell you
2011/7/7 Nan Liu
> On Thu, Jul 7, 2011 at 9:43 AM, romuald FREBAULT
> wrote:
> > Hi,
> >
> > We decide to manage all our specific crons for applications with puppet.
> > As all people who creates crons does'nt have to cope with puppet syntax,
> the
> > easier way to do that seemed to be giving them a place on the
> puppetmaster
> > where placing their crons, and deploying those crons in /etc/cron.d on
> > nodes.
> > That works fine, but i can't get a cron being removed on the node when
> > removed on the puppetmaster.
> >
> > I can't use purge (it would be too easy ;-) because some package install
> > crons in /etc/crons.d and we don't want to remove these crons, and we
> don't
> > want to get them handle by puppet due to errors risk in case of
> > update/upgrade
> >
> > has anyone an idea of how i could have managed files removed on
> destnation
> > when removed from source without using the entierely purge function?
> >
>
> Well just an idea and it's a bit hideous because I'm abusing resource
> behaviors, and please give it more testing and feedback. So the
> process:
>
> deploy cron jobs with .puppet extension
> touch any crontab files with puppet extentions (unless mask the Exec
> so it doesn't show up in logs).
> use tidy to clean up old *.puppet files.
>
> define cronfile ($content) {
> file { "/etc/cron.d/${name}.puppet":
>owner => "root",
>group => "root",
>mode=> "0400",
>content => $content,
> }
> exec { "update_${name}_timestamp":
>command => '/bin/false',
>unless => "/bin/touch /etc/cron.d/${name}.puppet",
>require => File["/etc/cron.d/${name}.puppet"],
>before => Tidy['/etc/cron.d'],
> }
> }
>
> tidy { "/etc/cron.d":
> age => "30m",
> recurse => 1,
> matches => ["*.puppet"],
> }
>
> cronfile { "demo":
> content => "* * * * * * /bin/true",
> }
>
> Set the tidy age to something sane so it doesn't remove files you just
> deployed (basically anything longer than a single puppet run), and
> this won't remove any files that doesn't have *.puppet extension.
> About the only thing to add is maybe ensure ntp timesync before you
> start touching any files. If you use cronfile custom resource it will
> deploy the cronjob in the right directory with appropriate extensions.
>
> Thanks,
>
> Nan
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Recursive directory management
Hi, We decide to manage all our specific crons for applications with puppet. As all people who creates crons does'nt have to cope with puppet syntax, the easier way to do that seemed to be giving them a place on the puppetmaster where placing their crons, and deploying those crons in /etc/cron.d on nodes. That works fine, but i can't get a cron being removed on the node when removed on the puppetmaster. I can't use purge (it would be too easy ;-) because some package install crons in /etc/crons.d and we don't want to remove these crons, and we don't want to get them handle by puppet due to errors risk in case of update/upgrade has anyone an idea of how i could have managed files removed on destnation when removed from source without using the entierely purge function? thanks -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet agent problem on Ubuntu
did you tried sudo pupetd --server= --test
it will run puppet onetime as root and verbosely...
2011/6/21 John Nicholson
> I'm in the process of setting up puppet and experiencing some issues.
> I'm running Ubuntu 11.04 desktop and server in two seperate VM's. I've
> installed puppet master (2.6.4) and puppet (2.6.4). The puppet master
> and agent are happily working together.
>
> I'm running the example in the book Pro Puppet. This is the first
> example;
>
> Code:
>
> class sudo {
>package { sudo:
>ensure => present,
>}
>if $operatingsystem == "Ubuntu" {
>package { "sudo-ldap":
>ensure => present,
>require => Package["sudo"],
>}
>}
>file { "/etc/sudoers":
>owner => "root",
>group => "root",
>mode => 0440,
>source => "puppet://$puppetserver/modules/sudo/etc/sudoers",
>require => Package["sudo"],
>}
> }
>
> On the agent I run the following command;
>
> puppet agent --server= --no-daemonize --verbose --onetime
>
> The agent see's the change but I get an error;
>
> info: Caching catalog for
> info: Applying configuration version '123456789'
> err: /Stage[main]/Sudo/Package[sudo-ldap]/ensure: change from purged
> to present
> failed: Execution of '/usr/bin/apt-get -q -y -o DPkg::Options::=--
> force-confold
> install sudo-ldap' returned 100: E: Could not open lock file /var/lib/
> dpkg/lock
> - open (13: Permission denied)
> E: Unable to lick the administration directory (/var/lib/dpkg/), are
> you root?
>
> I don't have another package manager open.
>
> I understand what the problem is. The agent is being run as the
> current logged in user and that user doesn't have permission to run
> apt-get. Generally to run apt-get i have to do sudo apt-get.
>
> I've thought about modifying the sudoers file and adding nopasswd for
> my user (as suggested in other posts) for apt-get but that doesn't
> solve the problem since the command in the puppet agent is not run
> with sudo.
>
> I understand if I run the puppet agent as a daemon then it runs as
> user root which I guess would solve the problem. I'm not sure it's
> best to run the agent as a daemon. I might want to control when the
> agent pulls the updates from the puppet master (or through cron).
>
> If I run;
>
> sudo puppet agent --server= --no-daemonize --verbose --
> onetime
>
> I get a different error;
>
> err: Could not request certificate: Retrieved certificate does not
> match private
> key; please remove certificate from server and regenerate it with the
> current key
>
> I've tried removing the ssl certs from both the puppet master and
> agent and run the command again. I get the same problem. When I remove
> the sudo from the start of the command the puppet agent is happy with
> the cert.
>
> I though about adding my user to the root group as a test. Even when I
> do that if I run apt-get update manually a permission denied. I
> wondered if this has something to do with the root user being disabled
> by default on Ubuntu.
>
> I'm a novice when it comes to these sorts of things. Has anyone got
> this working or have any suggestions of how I might solve this issue?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Adding LDAP users to system group
hi,
i'm maybe misunderstanding your quetiosn but for me there's 2 ways doing
thaht:
first with exec
exec {"add_user_to_group":
command => "usermod -G mysql $user",
unless => "getent group mysql | grep $user"
}
this will add mysql as secondary group for $user
or
user {"$user":
groups => ["primarygroup","mysql"]
}
this will do the same
but for me, the best would be to handle this by your ldap configuration with
something like this
http://blog.dimaj.net/2010/07/howto-verify-that-a-member-is-part-of-a-secondary-group-in-openldap/
2011/6/14 Gareth Allen
> Hi all,
>
> All our users are stored in LDAP, but I need to add users to a system
> group for sudo rules. Is there a way to do this without having Puppet
> manage the user? For example:
> getent passwd gareth.allen
> gareth.allen:XX:1100:1100:Gareth Allen:/home/gareth.allen:/bin/bash
>
> /etc/group contents:
> mysql:x:27:
>
> Now, I need Puppet to do the following:
> mysql:x:27:gareth.allen
>
> The only way I can think of doing this is by having Puppet manage
> /etc/groups, but I'm a bit nervous of going that route. Does anyone
> have any ideas?
>
> Thanks,
> Gareth
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] array in template
hi, no, it use facts architecture in facter and not the lsb_release facts architecture => i386 we have debian and redhat nodes, no ubuntu, but i think it's the same result 2011/6/15 Nathan Clemons > Do you have any machines which show the 32-bit machines as i686? I know at > least 32-bit Ubuntu will use that: > > nathan@vervain:~$ arch > i686 > nathan@vervain:~$ cat /etc/lsb-release > DISTRIB_ID=Ubuntu > DISTRIB_RELEASE=10.04 > DISTRIB_CODENAME=lucid > DISTRIB_DESCRIPTION="Ubuntu 10.04.2 LTS" > nathan@vervain:~$ > > -- > Nathan Clemons > http://www.livemocha.com > The worlds largest online language learning community > > > > On Wed, Jun 15, 2011 at 5:35 AM, romuald FREBAULT wrote: > >> thanks for your answer, i finally wrote >> >> <% if architecture == i386 %> >> stuff >> <%else%> >> stuff >> <%end%> >> >> >> 2011/6/14 Ken Barber >> >>> Try: >>> >>> <% if ["x86_64","amd64"].include?(architecture) %> >>> ... do stuff ... >>> <% end %> >>> >>> ken. >>> >>> On Tue, Jun 14, 2011 at 11:30 AM, romuald FREBAULT >>> wrote: >>> > Hi, >>> > >>> > I have a recipe that deploy a nrpe_local.cfg. >>> > In my template, i want to deploy diffrent lines between 32 and 64 bits. >>> > >>> > We have hosts uder redhat and debian,. >>> > When i write <% if architecture == "i386" -%> >>> > no problem, the lines are well deployed on redhat and debian, but for >>> the 64 >>> > bits, redhat call the architecture x86_64 and debian amd64... >>> > i tried to make an array like this >>> > <% if architecture == "x86_64", "amd64" -%> >>> > or like this >>> > <% if architecture == "x86_64, amd64" -%> >>> > or >>> > <% if architecture == "x86_64" | "amd64" -%> >>> > >>> > and many other tries, but i couldn't get it to work... >>> > >>> > does anyone knows how i could solve my problem? >>> > >>> > -- >>> > You received this message because you are subscribed to the Google >>> Groups >>> > "Puppet Users" group. >>> > To post to this group, send email to puppet-users@googlegroups.com. >>> > To unsubscribe from this group, send email to >>> > puppet-users+unsubscr...@googlegroups.com. >>> > For more options, visit this group at >>> > http://groups.google.com/group/puppet-users?hl=en. >>> > >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "Puppet Users" group. >>> To post to this group, send email to puppet-users@googlegroups.com. >>> To unsubscribe from this group, send email to >>> puppet-users+unsubscr...@googlegroups.com. >>> For more options, visit this group at >>> http://groups.google.com/group/puppet-users?hl=en. >>> >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] array in template
thanks for your answer, i finally wrote <% if architecture == i386 %> stuff <%else%> stuff <%end%> 2011/6/14 Ken Barber > Try: > > <% if ["x86_64","amd64"].include?(architecture) %> > ... do stuff ... > <% end %> > > ken. > > On Tue, Jun 14, 2011 at 11:30 AM, romuald FREBAULT > wrote: > > Hi, > > > > I have a recipe that deploy a nrpe_local.cfg. > > In my template, i want to deploy diffrent lines between 32 and 64 bits. > > > > We have hosts uder redhat and debian,. > > When i write <% if architecture == "i386" -%> > > no problem, the lines are well deployed on redhat and debian, but for the > 64 > > bits, redhat call the architecture x86_64 and debian amd64... > > i tried to make an array like this > > <% if architecture == "x86_64", "amd64" -%> > > or like this > > <% if architecture == "x86_64, amd64" -%> > > or > > <% if architecture == "x86_64" | "amd64" -%> > > > > and many other tries, but i couldn't get it to work... > > > > does anyone knows how i could solve my problem? > > > > -- > > You received this message because you are subscribed to the Google Groups > > "Puppet Users" group. > > To post to this group, send email to puppet-users@googlegroups.com. > > To unsubscribe from this group, send email to > > puppet-users+unsubscr...@googlegroups.com. > > For more options, visit this group at > > http://groups.google.com/group/puppet-users?hl=en. > > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] array in template
Hi, I have a recipe that deploy a nrpe_local.cfg. In my template, i want to deploy diffrent lines between 32 and 64 bits. We have hosts uder redhat and debian,. When i write <% if architecture == "i386" -%> no problem, the lines are well deployed on redhat and debian, but for the 64 bits, redhat call the architecture x86_64 and debian amd64... i tried to make an array like this <% if architecture == "x86_64", "amd64" -%> or like this <% if architecture == "x86_64, amd64" -%> or <% if architecture == "x86_64" | "amd64" -%> and many other tries, but i couldn't get it to work... does anyone knows how i could solve my problem? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
