[Puppet Users] Could not generate DH keypair
Run openssl to create a 1024 DH keypair # openssl dhparam 1024 and add this block of code (incl BEGIN DH PARAMETERS and END DH PARAMETERS to your /etc/katello/certs/katello-apache.crt on your satellite server Hope this helps Rene -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5e85a2bb-dd7d-4599-a9a0-3dddfc0fb3b9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: How do I set global noop?
Sam, You could make some changes to you site.pp and set some defaults like this Exec { schedule => $::globalvars_schedule, noop => $::globalvars_noop, } File { schedule => $::globalvars_schedule, noop => $::globalvars_noop, } Group { schedule => $::globalvars_schedule, noop => $::globalvars_noop, } Mount { schedule => $::globalvars_schedule, noop => $::globalvars_noop, } Package { schedule => $::globalvars_schedule, noop => $::globalvars_noop, } Service { schedule => $::globalvars_schedule, noop => $::globalvars_noop, } User { schedule => $::globalvars_schedule, noop => $::globalvars_noop, } . and more . Make sure that all puppet types you use within you modules are covered in the site.pp and have the noop => $::globalvars_noop added. The final step is to set the topscope variable 'globalvars_noop' somewhere (for example hiera, or Puppet console) and your node will be run with noop. No need to touch any puppet config on the clients, and very easy to manage :-) Regards, Rene vd Linden Blog: https://www.rvanderlinden.net/wordpress On Tuesday, July 23, 2013 1:29:24 AM UTC+2, Sam Morrison wrote: > I'm trying to set a global noop but it doesn't seem possible, > > There are 2 bugs open about this which to me look pretty serious as the > expected behaviour isn't the case. > > http://projects.puppetlabs.com/issues/21286 > http://projects.puppetlabs.com/issues/6549 > > If anyone has a work around (that doesn't include modifying puppet.conf > file) I would be very interested. > > Cheers, > Sam > > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Create a variable variable
Hi all, I'm wondering if puppet can create a variable based on another variable ?? Here is an example 3 global varibles $::gbl_users_groups = app1,app2 $::gbl_users_accounts_app1 = app1user1,app1user2 $::gbl_users_accounts_app2 = app2user1,app2user2 What does work is this $groups_name_array = split($::gbl_users_accounts_app1,',') or $groups_name_array = split($::gbl_users_accounts_app2,',') What I really want to do, is replace the static app1 and app2 within the $groups_name_array, to something dynamic like this $groups_array = split($::gbl_users_groups,',') $groups_name_array = split($::gbl_users_accounts_*$groups_array*,',') If have tried various combination, but just can seen to find the right one (if it is possible) Any suggestions Regards, Rene -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/OROoQBAoDCUJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Augeas question a
FYI, I use puppet enterprise 2.0.2 and augeas 0.10 on RHEL6, but the same problem occured on Puppet 2.7.9 and augeas 0.9 on RHEL5/6 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Augeas question a
Hi, I'm having some 'strange' issues with augeas and an onlyif statement This is my code augeas { "classx_sysctl_shmmax": incl=> '/etc/sysctl.conf', lens=> 'Sysctl.lns', changes => "set kernel.shmmax ${sysctl_kernel_shmmax}", onlyif => "get kernel.shmmax < ${sysctl_kernel_shmmax}", } I only want to change the kernel.shmmax in /etc/sysctl.conf when the value is greater than what is currently configured. For example kernel.shmmax defauls to 784009728 and I changed it manually to 784009729 (so +1) => When puppet runs, nothing needs to be done (as expected) kernel.shmmax defaults to 784009728 and I changed it manually to 784009727 (so -1) When puppet runs, it wants to change the value (as expected) -kernel.shmmax = 784009727 +kernel.shmmax = 784009728 notice: /Stage[main]/Classx/Augeas[classx_sysctl_shmmax]/returns: current_value need_to_run, should be 0 (noop) So for now, everything looks fine, however ... If I change the value to something really small, like from 784009728 to 84009728 (removed the first digit), pupppet does not want to change it anymore. What I can see is that puppet/augeas only evaluates values correctly as long as the number of digits stays the same, so 100 is less than 101 101 is greater than 100 but 99 is greater than 100 ?!? :-( Anyone an idea how I can configure augeas to do this correctly ?? Regards, Rene -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: ssh_authorized_key in 2.7.10 keeps looping when options are set
Thanks I run puppet on RHEL5 with Ruby 1.8.7 On Jan 27, 4:56 pm, Nan Liu wrote: > On Fri, Jan 27, 2012 at 10:27 AM, rvlinden > > > > > > wrote: > > Hi all, > > > I just upgraded a client with puppet 2.7.9 to 2.7.10 and now the > > authorized_keys started to loop > > > notice: /Stage[main]/Authorizedkey::UserX/ > > Authorizedkey::Manage[userx_dss_domainx_test]/ > > Ssh_authorized_key[userx_dss_domainx_test]/options: options changed > > 'no-port-forwarding,no-agent-forwarding,no-X11-forwarding' to 'no-port- > > forwarding,no-agent-forwarding,no-X11-forwarding' > > > It says it changed .ssh/authorized_keys, but when I compare the > > current authorized_keys in the user's homedir with the one in the > > filebucket, they are identical. The only difference is the date/ > > timestamp > > > diff > > < # HEADER: This file was autogenerated at Fri Jan 27 16:10:31 +0100 > > 2012 > > --- > >> # HEADER: This file was autogenerated at Fri Jan 27 16:12:58 +0100 2012 > > > It only loops on authorized keys with options, which are configured as > > an array like this > > > options => [ > > 'no-port-forwarding', > > 'no-agent-forwarding', > > 'no-X11-forwarding', > > ] > > Perhaps a variation of this issue:http://projects.puppetlabs.com/issues/12197 > > There's an ongoing thread, and check if you have Ruby 1.8.7. > > Nan- Hide quoted text - > > - Show quoted text - -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] ssh_authorized_key in 2.7.10 keeps looping when options are set
Hi all, I just upgraded a client with puppet 2.7.9 to 2.7.10 and now the authorized_keys started to loop notice: /Stage[main]/Authorizedkey::UserX/ Authorizedkey::Manage[userx_dss_domainx_test]/ Ssh_authorized_key[userx_dss_domainx_test]/options: options changed 'no-port-forwarding,no-agent-forwarding,no-X11-forwarding' to 'no-port- forwarding,no-agent-forwarding,no-X11-forwarding' It says it changed .ssh/authorized_keys, but when I compare the current authorized_keys in the user's homedir with the one in the filebucket, they are identical. The only difference is the date/ timestamp diff < # HEADER: This file was autogenerated at Fri Jan 27 16:10:31 +0100 2012 --- > # HEADER: This file was autogenerated at Fri Jan 27 16:12:58 +0100 2012 It only loops on authorized keys with options, which are configured as an array like this options => [ 'no-port-forwarding', 'no-agent-forwarding', 'no-X11-forwarding', ] -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppet 2.7.5 and augeas break grub.conf on RHEL5
Hi, I was running puppet (2.7.5) on a host which needed to have some settings changed in it's /boot/grub/menu.lst file. This file is however a link to /boot/grub/grub.conf When I used augeas in puppet like shown below augeas { "${dom0::params::module_label}_menu.lst_memory": incl => '/ boot/grub/menu.lst', lens => 'Grub.lns', changes => [ 'set title[1]/ kernel/dom0_mem 2G', 'set title[last()]/kernel/dom0_mem 2G', ], } it updated the menu.lst, but menu.lst is now a file and not a link anymore to grub.conf After changing the puppet module to incl => '/boot/grub/grub.conf', augeas handled it well Was this a mistake my side that I included a link instead of a real file, or is this someting that changed in augeas. I have used this setup for a long time now and on older servers the link was not broken. I use the following software # augeas-0.8.1-2.el5 # augeas-libs-0.8.1-2.el5 # ruby- augeas-0.4.1-1.el5 # puppet-2.7.5-1.el5 Rene -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: I can't seem to create mountpoint and change permissions after mounting in 2.7.3
John, At this moment I'm trying to reproduce the problem by starting small and add more modules to it. I have been able to succesfully create a puppet config that creates a mountpoint directory with 'mkdir -p' as root, mount a filesystem on top of that directory and change the ownership once is has been mounted to another user and permissions. When I debugged puppet, it reported nothing about autorequire and I only saw the requires I manaully added. After that I also added a user module which has another file definition for the user' homedirectory. Even with a user' homedir set to the mountpoint, still no issues. For now I can not reproduce the autorequire I saw before where the Exec["mkdir_/a/b/c"] was linked to File["/a/b/c"] Rene On Sep 29, 6:13 pm, jcbollinger wrote: > On Sep 28, 5:02 pm, rvlinden wrote: > > > Hi, > > > I'm using puppet 2.7.3 on RHEL/CentOS and I have an issue which is now > > a big blocking issue within my environment. What I'm trying to > > accomplish wit puppet is a create a mountpoint, mount a filesystem on > > it and install an application on that filesystems are set proper user/ > > group and permissions on it, but it fails big time. > > > The issues I currently run into are about 3 things > > > 1. The file type does not allow multiple directories to be created at > > once ('mkdir -p') > > Surely that's a convenience issue, not a blocker. In any event, I am > confident that if all the parent directories are intended to have the > same properties then it should be possible to use a recursive defined > type to ensure all are present. > > > 2. exec & file type create autorequire dependensies which creates > > dependency cycles > > See below. > > > 3. Puppet does not allow duplicate resouces > > Indeed not. How would that make sense? It does provide virtual > resources, which can address some of the scenarios where people > otherwise would want to duplicate resource declarations. You declare > the resource once, virtually, for all nodes that could possibly need > it, then you realize that resource every place where otherwise you > would declare it. > > After reading the rest of your post, however, I suspect the problem is > not really duplicate resources. My guess is that your complaint is > really that Puppet cannot manage both a mount point and the root of > the filesystem mounted on it. These are distinct resources, but the > underlying operating system design makes it difficult to distinguish > them, and Puppet cannot do so. Indeed, the mount point's properties > are invisible -- and thus unmanageable -- when a file system is > mounted on it, so I attribute this issue to the OS, not to Puppet. > > [...] > > > These are the relations I created myself within puppet > > > 1. exec mkdir /a/b/c => mount /a/b/c => file /a/b/c > > 2. exec logical volume => mount /a/b/c > > > This setup does not result in a cycle, but when puppet adds an > > autorequire between exec mkdir /a/b/c and file a/b/c, it causes the > > whole thing to cycle. > > > Quote from the manual > > > Autorequires: If Puppet is managing an exec’s cwd or the executable > > file used in an exec’s command, the exec resource will autorequire > > those files. If Puppet is managing the user that an exec should run > > as, the exec resource will autorequire that user. > > Right, but how does that explain the behavior you see? Surely /a/b/c > is not the working directory or executable of your Exec. I would > guess that it is instead Mount autorequiring its mount point that is > causing the cycle. That's not documented (which constitutes a > documentation bug if Puppet does this), but it seems sort of logical. > Also, there is a feature request asking for this (http:// > projects.puppetlabs.com/issues/5015), though it is marked "Code > Insufficient". If you can verify that behavior, however, then I would > file a bug ticket on it, as at minimum there is a documentation bug. > Alternatively, if you can confirm that the Exec is the source of the > autorequire then I would definitely file a ticket for that, as it > would unquestionably be buggy. > > > I don't mind if I have to rewrite my code or start from scratch, but I > > need help to create my mountpoint location with root:root/755 and > > after mounting allow the same location to have a different owner:group/ > > permissions. > > If autorequirements are indeed the root of the problem then the > easiest thing to do might be to declare explicit relationships in the > correct direction. Autorequirements should always be overr
[Puppet Users] Re: Announce: Puppet 2.7.4 Available [security + more ]
On the RPM repo at http://yum.puppetlabs.com/el/5/products/x86_64/, the puppet-server rpm for 2.7.4 seems to be missing. el5 puppet-2.7.4-1.el5.noarch.rpm --- el6 puppet-2.7.4-1.el6.noarch.rpm puppet-server-2.7.4-1.el6.noarch.rpm -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] I can't seem to create mountpoint and change permissions after mounting in 2.7.3
Hi, I'm using puppet 2.7.3 on RHEL/CentOS and I have an issue which is now a big blocking issue within my environment. What I'm trying to accomplish wit puppet is a create a mountpoint, mount a filesystem on it and install an application on that filesystems are set proper user/ group and permissions on it, but it fails big time. The issues I currently run into are about 3 things 1. The file type does not allow multiple directories to be created at once ('mkdir -p') 2. exec & file type create autorequire dependensies which creates dependency cycles 3. Puppet does not allow duplicate resouces I have a define named "lvm::createfs" and what it does is three things 1. Create the mountpoint with an exec {} which used an mkdir -p to create multiple directories deep at once 2. Create the logical volume with an exec {} 3. Mount the logical volume from step 2 onto the directory from step 1 via Mount {} Before the filesystem is mounted, the underlaying directory MUST be owned by root:root with permissions 755. If this is incorrect, some linux command which do strange things (like the 'rm -R' command) Once the filesystem is created and mounted, I use puppet to install applications After the applications are installed I need to set the application files in the filesystem to it's proper owner:group and permissions. To do this I have another define named "sysconfig::permissions". All this define does is use file {} to set owner, group, mode and recurse. Before I moved to puppet 2.7.3, puppet allowed me to do this without problems, but since 2.7.3 puppet is more strict and now 60% of al my modules fail as I use filesystems, apps and permissions everywhere. Based on the documentation I read about exec {}, I can now explain why I get dep.cycles, but I'mout of options and have no ideas anymore how to get this 'simple normal unix task' to work in puppet. These are the relations I created myself within puppet 1. exec mkdir /a/b/c => mount /a/b/c => file /a/b/c 2. exec logical volume => mount /a/b/c This setup does not result in a cycle, but when puppet adds an autorequire between exec mkdir /a/b/c and file a/b/c, it causes the whole thing to cycle. Quote from the manual Autorequires: If Puppet is managing an exec’s cwd or the executable file used in an exec’s command, the exec resource will autorequire those files. If Puppet is managing the user that an exec should run as, the exec resource will autorequire that user. I don't mind if I have to rewrite my code or start from scratch, but I need help to create my mountpoint location with root:root/755 and after mounting allow the same location to have a different owner:group/ permissions. These are the defines I use at this moment define lvm::createfs ( $mountpath = undef, $mountpoint = undef, $lvsize = undef, $fstype = undef, $vgname = undef, $lvname = "${name}", $requisite = '' ) { # Load defaults require lvm::params # Check mountpath equals root $rootpath = $mountpath ? { '/' => undef, default => $mountpath, } # Create directory tree including subdirectories exec { "${lvm::params::module_label}_mkdir_${mountpath}/$ {mountpoint}": command => "mkdir -p ${mountpath}/${mountpoint}", onlyif => "test ! -d ${mountpath}/${mountpoint}", before => Mount["${rootpath}/${mountpoint}"], } if $requisite != '' { Exec["${lvm::params::module_label}_mkdir_${mountpath}/$ {mountpoint}"] { require => Mount["${requisite}"], } } # Create logical volume and format filesystem exec { "${lvm::params::module_label}-${vgname}-${lvname}": logoutput => false, command => "lvcreate -n ${lvname} -L ${lvsize} /dev/${vgname} && mkfs -t ${fstype} /dev/${vgname}/${lvname}", unless=> "lvs | grep -q '${lvname} .*${vgname}'", before=> Mount["${rootpath}/${mountpoint}"], } # Mount filesystem mount { "${rootpath}/${mountpoint}": atboot => true, device => "/dev/${vgname}/${lvname}", ensure => mounted, fstype => "${fstype}", options => 'defaults', dump=> '1', pass=> '2', } if $requisite != '' { Mount["${rootpath}/${mountpoint}"] { require => Mount["${requisite}"], } } } # End define define sysconfig::permissions ( $sysconfig_module, $sysconfig_name, $sysconfig_recurse = 'false', $sysconfig_owner, $sysconfig_group, $sysconfig_mode = undef ) { # Load defaults require sysconfig::params # Set permissions file { "${sysconfig_module}_${sysconfig_name}": name=> "${sysconfig_name}", recurse => "${sysconfig_recurse}", owner => "${sysconfig_owner}", group => "${sysconfig_group}", } if $sysconfig_mode != undef { File["${sysconfig_module}_${sysconfig_name}"] { mode => "${sysconfig_mode}", } } } # End define I call these define from a application class. In the example below a piece of the MQ class. class mq { # Create filesystems lvm::createfs { "${mq::
[Puppet Users] Two parameterized classes calling both a thirth class (results in already defined)
Hi all, I have three parameterized classes, named mq, mq_gsk and apache. The mq class always calls the mq_gsk class, but the apache class should only call the mq_gsk class when the mq class is not used in a hosts' node definition Here is my configuration class mq ( $gsk_version = undef ) { require mq::params < . > class { 'mq_gsk': gsk_version => "${mq::params::package_gsk_version}", } } class mq_gsk ( $gsk_version = undef ) { require mq_gsk::params package { $mq_gsk::params::gsk_packages: ensure => "${mq_gsk::params::package_gsk_version}", } } When a node needs to be configured as an MQ server, the mq class will be included and mq and the mq gsk software will be installed. However some servers only need to have an Apache server installed, but apache uses an additional plugin which requires the mq gsk software also. If I configure a host with either MQ or Apache all is well, but as soon as both classes are included in a node, I get a duplicate / already defined error (as expected) ERROR: Could not retrieve catalog from remote server: Error 400 on SERVER: Duplicate definition: Class[Mq_gsk] is already defined in file /etc/ puppet/modules/apache/manifests/init.pp at line 104; cannot redefine at /etc/puppet/modules/mq/manifests/init.pp:62 on node nodex.domainy.com Within my apache class, I tried to use "if defined()", but this does not seem to work at all Here is one of my many attempts if defined(Package["mq_gsk"]) { notice ( "${apache::params::module_name}, mq module defined, mq_gsk already included" ) } else { notice ( "${apache::params::module_name}, mq module not defined, check websphere module defined" ) if defined(Package["${apache::params::package_name_module_was}"]) { notice ( "${apache::params::module_name}, websphere module defined, mq_gsk included" ) class { 'mq_gsk': gsk_version => undef, } } } I also tried other things which I read on Puppet Users, like if defined("mq_gsk") { if defined("mg_gsk::gsk_version") { but nothings seems to work. It always says that the mq module is defined (while the mq class is not included in the host definition) or it says not included (while the mq class is included in the node) I wonder I 'defined' is to way forward, of if there is a better way to solve the 'already defined' issue. I'm using puppet 2.7.3 on CentOS/RHEL 5.7 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet 2.7.3 Cannot alias .. already defined
On Sep 17, 3:54 pm, Peter Meier wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > > A single manifests works fine, but this is not the only module I have > > where I set permissions using the sysconfig::permissions module. > > Ah, now I as I read your problem better: The error indicates more that > you name two resources with the same name/alias. And you can't and > shouldn't do that! > Actually your code should imho not work on 2.6.9 either and yes it looks > like 2.7 got more strict. > > Anyway, you shouldn't do what you do currently, this is quite dangerous! > > Note: Puppet automagically sets the execute flag on directories, so if > you'd like to have the directory 0750 and the files 0640, then simply > set the mode of the directory to 0640 and to recurse. If you would like > to set the files to 0600, then you have to manage them invidually, > because the file provider of puppet does (currently) not (yet) support > that feature. > > > I can rewrite them, (and probably have to, to make it work again) but > > then it seems that the ' name' option in the file type is going to be > > obsoleted as it doesn't work anymore. > > Unlikely, name is quite an important attribute for all resources. It is > more that you end up having two different resources with the same name > or alias. And that should really not be. It looks like a serious bug > _got_ fixed in 2.7 > > ~pete > > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.11 (GNU/Linux) > Comment: Using GnuPG with Mozilla -http://enigmail.mozdev.org/ > > iEYEARECAAYFAk50prIACgkQbwltcAfKi3+vjQCfboeXmfrBJzDS1/5NSsO8McDB > pwIAn2QOSWif3fZVkCEvLt/se5BoeoFL > =SOll > -END PGP SIGNATURE- I just read the 2.7.3 changelog in detail and it's bug 8596 that was fixed and caused this to not work anymore. they also concluded that the documentation was incorrect and based on that document I created my modules :-( -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet 2.7.3 Cannot alias .. already defined
On Sep 16, 8:55 pm, Peter Meier wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > > I would reference from back from the sysconfig::permissions module to > > the ntp module file by specifying > > name => "/var/lib/ntp" > > > Do I need to change all my modules because I used a feature of puppet > > which should not be there, and if so, how could I best fix this. > > does a single manifests like > > file{'foo': > name => '/tmp/foo', > mode => 0700; > > } > > with puppet apply, also raise an error? > > ~pete > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.11 (GNU/Linux) > Comment: Using GnuPG with Mozilla -http://enigmail.mozdev.org/ > > iEYEARECAAYFAk5zm6YACgkQbwltcAfKi3/k2QCfcG/LwcP+pebtbOA1vwFlOLwq > BoAAn1ukeUejmGFp4w4yCBk4No34xJhw > =pvok > -END PGP SIGNATURE- A single manifests works fine, but this is not the only module I have where I set permissions using the sysconfig::permissions module. I can rewrite them, (and probably have to, to make it work again) but then it seems that the ' name' option in the file type is going to be obsoleted as it doesn't work anymore. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet 2.7.3 Cannot alias .. already defined
On Sep 16, 8:55 pm, Peter Meier wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > > I would reference from back from the sysconfig::permissions module to > > the ntp module file by specifying > > name => "/var/lib/ntp" > > > Do I need to change all my modules because I used a feature of puppet > > which should not be there, and if so, how could I best fix this. > > does a single manifests like > > file{'foo': > name => '/tmp/foo', > mode => 0700; > > } > > with puppet apply, also raise an error? > > ~pete > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.11 (GNU/Linux) > Comment: Using GnuPG with Mozilla -http://enigmail.mozdev.org/ > > iEYEARECAAYFAk5zm6YACgkQbwltcAfKi3/k2QCfcG/LwcP+pebtbOA1vwFlOLwq > BoAAn1ukeUejmGFp4w4yCBk4No34xJhw > =pvok > -END PGP SIGNATURE- A single manifest works fine and this might be my only option to get it working again. I donhowever -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet 2.7.3 Cannot alias .. already defined
Hi all, Today I upgraded both my puppet server (2.7.1) a puppet client(s) (2.6.9) to 2.7.3 and suddenly my modules didn't work anymore. I don't know if 2.7.3 is more strict than 2.7.1, or if it's a bug, so I hope someone can help me. I have several modules where the file and/or directory are separated from the permissions I set on them This is because I sometimes want to create a single directory, and later set specific user/group and permissions to one or all files (recurse) in it. Here is an example for the ntp module class ntp ( $autoupgrade = 'false' ){ require ntp::params # Create var directory file { "${ntp::params::var_directory}": ensure => directory, } # Set var permissions sysconfig::permissions { "${ntp::params::module_label}_permissions$ {ntp::params::var_directory}": sysconfig_module => "${ntp::params::module_label}", sysconfig_name => "${ntp::params::var_directory}", sysconfig_owner => "${ntp::params::user_name}", sysconfig_group => "${ntp::params::group_name}", sysconfig_mode => "${ntp::params::var_permissions}", } .. removed some lines } # End class and also the sysconfig::permissions define module define sysconfig::permissions ( $sysconfig_module, $sysconfig_name, $sysconfig_recurse = 'false', $sysconfig_owner, $sysconfig_group, $sysconfig_mode = undef ) { # Load defaults require sysconfig::params # Set permissions file { "${sysconfig_module}_${sysconfig_name}": name=> "${sysconfig_name}", recurse => "${sysconfig_recurse}", owner => "${sysconfig_owner}", group => "${sysconfig_group}", } if $sysconfig_mode != undef { File["${sysconfig_module}_${sysconfig_name}"] { mode => "${sysconfig_mode}", } } } # End define When puppet runs, I get the following error err: Could not retrieve catalog from remote server: Error 400 on SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError: Cannot alias File[ntp_/var/lib/ntp] to ["/var/lib/ntp"] at /etc/puppet/ modules/sysconfig/manifests/permissions.pp:47; resource ["File", "/var/ lib/ntp"] already defined at /etc/puppet/modules/ntp/manifests/init.pp: 18 at /etc/puppet/modules/sysconfig/manifests/permissions.pp:47 on node client.mydomain.com In the previous version, this would not be a problem as the file in the ntp module would be file { "/var/lib/ntp": } and the file in the sysconfig::permissions module would be file { "ntp_/var/lib/ntp": } I would reference from back from the sysconfig::permissions module to the ntp module file by specifying name => "/var/lib/ntp" Do I need to change all my modules because I used a feature of puppet which should not be there, and if so, how could I best fix this. Kind regards, Rene -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Relationships (puppet 2.7)
All, I was wondering if I could create a relationship between a define and an exec (without using stages) Example I call a define 'sudo::manage' with the variable '$sudofile' where the variable contains and array or sudofiles I want to deploy. sudo::manage { $sudofile: } Once the sudofiles are installed, I want to execute a command to syntax check all the sudo files exec { 'sudo_syntax_check': command => "/usr/sbin/visudo -cq", } I tried to create a relationship between the two, but I can't get it right The only thing that does work is this line below, but that is not what I want (unless I could dynamically find out what the last records was instead of using [0]) Sudo::Manage[$sudofile[0]] -> Exec[sudo_syntax_check] NOTE: As last resort I could use stages and run the exec in a post- main stage, but I'm trying to keep away from this. Regards, Rene -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Node or site.pp for global variables without dynamic lookup
Thanks vagn, Will have a look at your suggestion On Jul 24, 1:14 am, vagn scott wrote: > Node scope is not global scope. But, more interesting: > > On 07/23/2011 04:18 PM, rvlinden wrote: > > > I really love the way I can inherit from nodes and define new or > > overrule existing variables. > > I have been experimenting with puppet 2.7.1. > It turns out that parameterized classes can inherit from other > parameterized classes. > Also, hashes behave well, can be passed as arguments, and can be > augmented on the fly. > Hashes that act as structures, that can be passed around and modified, > make puppet > feel like a 'real' programming language. > > See attached. > > -- > vagn > > scopes.pp > 1KViewDownload > > scopes-and-hashes.pp > 1KViewDownload -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Node or site.pp for global variables without dynamic lookup
Hi all, I am working on rewriting my entire puppet environment and try to 'fix' 'Dynamic lookup' as it will be deprecated in some time, but even after reading quite some docs and on the forum, it's not really clear to me. What I have read so far, is that each variable must be fully-qualified or parameterized in a class. As a quick 'fix' I thought I might just make them all fully-qualified, but that doesn't seem to work within my current setup This is the way I already had configured my nodes node 'prodserver.mydomain.com' inherits node 'prd' which inherits node 'basenode node 'prodserver.mydomain.com' inherits prd { } # End node node prd inherits basenode { $gblvar_zone = 'prd' } # End node node basenode { $gblvar_puppetserver = 'puppet.mydomain.com' $gblvar_domain = 'mydomain.com' . } # End node Normally I would reference these variables in other classes like "$ {gblvar_zone}", but as this is a Dynamic lookup, I redefined them as "$ {::gblvar_zone}" or $::gblvar_zone. This however does not work. If I remove the lines from the node and put it site.pp eg: $gblvar_zone = 'prd' it works fine. I really love the way I can inherit from nodes and define new or overrule existing variables. Is this a bug that $::varx works only from site.pp or is it by design and do I need to find another way to inherit and overrule variables ?? or can I just put all global variables in site.pp Regards, Rene -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Variables in nodes classes and defines (headache)
All, The entire puppet configuration I have is based on the rule that nodes can only have variables and/or classes. below are two examples how I configured puppet to deal with an apache installation and addding users The 'apache' example does work perfectly, but the 'users' example does not and this is where I need your help For example a node named apache.mydomain.com could be like this node 'apache.mydomain.com' { # Variables $apache_srv_version = "2.2.17-1" $apache_vgname = "vg01" # Classes include apache::setup } Apache module ## init.pp class apache { require apache::params } ## params.pp class apache::params { $package_version = $apache_srv_version ? { "2.2.16" => "2.2.16-1.el5", "2.2.16-1" => "2.2.16-1.el5", "2.2.17" => "2.2.17-1.el5", "2.2.17-1" => "2.2.17-1.el5", default=> "latest", } # End package version } ## setup.pp class apache::setup inherits apache { class { "apache::setup::pre1": stage => pre1 } } class apache::setup::pre1 inherits apache::setup { package { $apache::params::package_name_modules: ensure => "${apache::params::package_version}", .. } } What happens is that the variable gets set in the node 'apache.mydomain.com' $apache_srv_version = "2.2.17-1" Then it's evaluated in the apache::params class and the proper version value is stored in $package_version $package_version = $apache_srv_version ? { } When the actual package get installed in apache::setup::pre1, the value is retrieved from apache::params ensure => "${apache::params::package_version}", This all works like a charm and I have dozens of other classes which work the same way as the apache class. The module I have a problem with is my users module. This looks like the apache module, but is slightly different (like the 'define' used instead of only classes) Let me explain node 'users.mydomain.com' { # Variables $users_application_name = "ap1" # Classes include users::funcusers::was } ## init.pp define users ( $ensure = "present", $username = "${title}", $uid, $gid, $comment = "${username}", $home = "/home/${username}", $shell = "/bin/bash", $system = "false", $password = "", $password_min_age = "0", $password_max_age = "90", $groups = "", $membership = "", $mode = "700", $force = "false" ) { # # Load subclasses include users::params include users::virtual # # Required user settings user { "${username}": ensure => "${ensure}", uid => "${uid}", gid => "${gid}", comment => "${comment}", home=> "${home}", shell => "${shell}", system => "${system}", } # # Additional user settings if $password != "" and "${users::params::password_initialize}" == "true" { User["${username}"] { password => "${password}", } } if $groups != "" { User["${username}"] { groups => $groups, } } if $membership != "" { User["${username}"] { membership => $membership, } } if $password_min_age != "" and $centrify_mode == "" { User["${username}"] { password_min_age => $password_min_age, } } if $password_max_age != "" and $centrify_mode == "" { User["${username}"] { password_max_age => $password_max_age, } } # # Create homedirectory file { "${home}": ensure => $ensure ? { "present" => "directory", "absent" => "absent", default => "directory", }, owner => "${uid}", group => "${gid}", mode=> "${mode}", force => "${force}", require => User["${username}"], } } ## params.pp class users::params { $users_applications = $users_application_name ? { "ap1" => "ap1", "ap1" => "ap2", default => "unknown", } } ## funcusers.pp import "funcusers/*.pp" class users::funcusers inherits users::virtual { $user_type = "funcusers" } ## funcusers/was.pp class users::funcusers::was inherits users::funcusers { case $users::params::users_applications { "ap1": { Users <| title == was |> <-
[Puppet Users] Puppet 2.7.x and Facter 1.6 packages for Redhat/CentOS 5
All, I used to download the Puppet and Facter RHEL5 rpm packages from http://people.fedoraproject.org/~tmz/repo/puppet/epel/ but the latest version on that site is puppet 2.6.9 and facter 1.5.9. Does anyone know if this site is the still maintained ? or if there are other locations where the rpm's are published Regards, Rene -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: ssh_authorized_key loops when options is defined
Felix, I just found the problem. It was in the 'define' I had created. Initially I just used a single string instead of an array and in the define I had this options => "${options}", I just changed it into this options => $options, and now the various array elements are handled correctly. The loop is gone and the authorized_keys file is perfect Thanks for the eye-opener This is my 'new' define for authorizedkey define authorizedkey ( $ensure = "present", $tag = "", $type = "ssh-dss", $key = "", $options = "", $user ) { # # Load subclasses include authorizedkey::params include authorizedkey::virtual # # ssh_authorized_key ssh_authorized_key { "${name}": ensure => "${ensure}", type=> "${type}", key => "${key}", user=> "${user}", } # End ssh_authorized_key # # Additional settings if $options != "" { Ssh_authorized_key["${name}"] { options => $options, } # End options } # End if } # End define setup On May 13, 2:15 pm, Felix Frank wrote: > On 05/13/2011 01:49 PM, rvlinden wrote: > > > If I remove the comma's from the no-port and no-agent, like this > > > options => [ > > "from=\"server1.mydomain,server1,192.168.1.2\"", > > "no-port-forwarding", > > "no-agent-forwarding", > > ]; > > > I get one big blob in my authorized_keys file > > Can you post your manifest (i.e. the resource in question) verbatim? > > I just pasted this into a test manifest and it works perfectly fine with > 2.6.8: > > ssh_authorized_key { > "foobar": > user => "ffrank", > key => "abcdef", > options => [ > > "from=\"server1.mydomain,server1,192.168.1.2\"", > "no-port-forwarding", > "no-agent-forwarding", > ], > type => "ssh-dss", > > } > > The entry is in my authorized_keys and puppet recognizes it. The commas > are present. > > Regards, > Felix -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: ssh_authorized_key loops when options is defined
Felix, If I remove the comma's from the no-port and no-agent, like this options => [ "from=\"server1.mydomain,server1,192.168.1.2\"", "no-port-forwarding", "no-agent-forwarding", ]; I get one big blob in my authorized_keys file from="server1.mydomain,server1,192.168.1.2"no-port-forwardingno-agent- forwarding ssh-dss ...= userx_dss and it still loops due the comma's in the from="" to separate the servernames and ip-addresses. I don't see how I can remove the comma's without destroying the syntax of the authorized_keys file Regards, Rene On May 13, 1:29 pm, Felix Frank wrote: > Hi, > > On 05/13/2011 01:20 PM, rvlinden wrote: > > > as an array ... > > > @authorizedkey { > > "userx_dss": > > user => "userx", > > type => "ssh-dss", > > key => "...=", > > options => [ > > "from=\"server1.mydomain,server1,192.168.1.2\"", > > ",no-port-forwarding", > > ",no-agent-forwarding", > > ]; > > } > > this is right, but you made a doo-doo: There is commas *in* your array > elements. > > Works for me (but the commas need to go). > > HTH, > Felix -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: ssh_authorized_key loops when options is defined
BTW, the puppet version I use is 2.6.8 on Red Hat 5.6 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] ssh_authorized_key loops when options is defined
Hi all, I have no problem with creating ssh keys for users, but as soon as I specify 'options', puppet keeps repeating and replacing the key with an identical key. I have written the various options in various formats, like one big strings, as an array, with double quotes or single quotes, etc, etc (see examples below), but the issue stays as a string ... @authorizedkey { "userx_dss": user => "userx", type => "ssh-dss", key => "...=", options => 'from="server1.mydomain,server1,192.168.1.2",no- port-forwarding,no-agent-forwarding', } as an array ... @authorizedkey { "userx_dss": user => "userx", type => "ssh-dss", key => "...=", options => [ "from=\"server1.mydomain,server1,192.168.1.2\"", ",no-port-forwarding", ",no-agent-forwarding", ]; } When I run puppet (puppetd --test --noop), it reports the value has to be changed from x to y. The problem is that x and y are identical and even if I let puppet correct it, the next run it will report it again notice: /Stage[init]/Authorizedkey::Userx/Authorizedkey[userx_dss]/ Ssh_authorized_key[userx_dss]/options: current_value from="server1.mydomain,server1,192.168.1.2",no-port-forwarding,no- agent-forwarding, should be from="server1.mydomain,server1,192.168.1.2",no-port-forwarding,no- agent-forwarding (noop) The acual key (.ssh/authorized_keys) for userx works fine and looks like this from="server1.mydomain,server1,192.168.1.2",no-port-forwarding,no- agent-forwarding ssh-dss ...= userx_dss This looks to me like a bug where puppet does something weird as soon as a comma is somewhere down the options line. If I put a single option in there, puppet runs fine (and only once) This works fine options => "no-port-forwarding", and this doesn't options => "no-port-forwarding,no-agent-forwarding", please advice Regards, Rene -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Set password for local user account but not for remote accounts in LDAP/AD
hi john, thanks for your suggestions, i can certainly use the renewed declaration and I will have a look at the way you realized them, Rene -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Set password for local user account but not for remote accounts in LDAP/AD
I have a list of virtual users define (like the example below) and the same account will be realized on servers where the account will be local (/etc/passwd), but also on servers which have local accounts and remote accounts (like LDAP and/or AD). @user { "userx": ensure => present, uid => "500", gid => "200", groups => "users", comment => "User x", home => "/home/userx", password => "blablabla", shell=> "/bin/bash", managehome => "true", } For local accounts, this works fine, but for LDAP/AD enabled servers, puppet also wants to change the password and this is not what I want. Is there a way to skip setting the password for LDAP/AD enabled servers ? NOTE: At this moment I have to change the virtual user definition by commenting (out) the password line each time. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: User type password_max_age not working
Ruby shadow 1.4.1-7 was already installed so it has to be something else I will report it as a bug On Nov 11, 11:26 pm, Daniel Pittman wrote: > rvlinden writes: > > I have a virtual user (mqm) in puppet (v2.6.2 on CentOS 5.5 with Ruby > > 1.8.6.383-6) > > [...] > > > and it does get created on the server when I realze it, but each time > > I run puppet again, it reports the max_age is not set > > > notice: /Stage[main]/User::Virtual/User[mqm]/password_max_age: is > > absent, should be 9 (noop) > > notice: Finished catalog run in 0.14 seconds > > [...] > > > please help > > Mmmm. It looks to me like the adduser provider requires the Ruby 'shadow' > library to be able to get the "age" field - or it unconditionally returns > "absent" without any additional information. > > Which would explain your problem. Can you verify my guess, please? > > 1. Install the ruby shadow library, confirm if the problem goes away. > 2. If so, file a bug complaining that isn't entirely reasonable. > (At least, not silently. :) > > http://projects.puppetlabs.com/projects/puppet > > Regards, > Daniel > > -- > ✣ Daniel Pittman ✉ dan...@rimspace.net ☎ +61 401 155 707 > ♽ made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] User type password_max_age not working
I have a virtual user (mqm) in puppet (v2.6.2 on CentOS 5.5 with Ruby 1.8.6.383-6) @user { "mqm": ensure => present, uid => "300", gid => "300", comment => "Functional user", home => "/home/mqm", password_max_age => "9", shell=> "/bin/bash", managehome => "true"; } # End user and it does get created on the server when I realze it, but each time I run puppet again, it reports the max_age is not set notice: /Stage[main]/User::Virtual/User[mqm]/password_max_age: is absent, should be 9 (noop) notice: Finished catalog run in 0.14 seconds but this is not true as the system reports the user to created correctly # chage -l mqm Last password change: Nov 11, 2010 Password expires: never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 9 Number of days of warning before password expires : 7 NOTE: I have also tried the latest versions of puppet (2.6.3-0.3.rc2), but no change. please help Regards, Rene -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.