[Puppet Users] Re: augeas, syslog and defining numbered items.
One more thing I found, I needed an onlyif for the above puppet line.
Here is a little further syntax
augeas { syslog_local6none:
incl = /etc/syslog.conf,
lens = Syslog.lns,
changes = [
defvar syslog *[ ./action/file = \/var/log/messages\ ],
set \$syslog/selector[last() + 1]/facility local6,
defvar syslog_selector \$syslog/*[ ./facility = \local6\ ],
set \$syslog_selector/level none,
# rm \$syslog/action,
# set \$syslog/action/file /var/log/messages,
],
onlyif = 'match *[ ./action/file = /var/log/messages
]/selector[facility = local6 and level = none ] size == 0'
}
So as you can see, in the onlyif line, you can use expressions in the
[]'s and continue on to a lower level. On top of that you can use and and
or's in those. I dont know why that type of expression is not documented
well. If I didnt need to wipe out the action, it would make the manifest
much shorter and ditch the need for the variables.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/c099fce4-3993-4fb3-a3e3-af9984d9e720%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: augeas, syslog and defining numbered items.
Ok,
I figured this out. I probably worded my issue badly but what i was
looking for is the following:
#this sets a variable at the entry[#] level
defvar syslog /files/etc/syslog.conf/*[ ./action/file =
/var/log/messages]
#these two add in the new selector entries.
set $syslog/selector[last() + 1]/facility local6
set $syslog/selector[last() + 1]/facility local7
#Now we put the selector[#] into a new variable
defvar syslog_selector1 $syslog/*[./facility = local6]
defvar syslog_selector2 $syslog/*[./facility = local7]
#configure the level for the two new entries
set $syslog_selector1/level none
set $syslog_selector2/level none
#stupid bug in syslog.aug
rm $syslog/action
set $syslog/action/file /var/log/messages
#save the changes
save
The bug, for some reason action and file has to be listed after all the
selector entries. I have not checked for an updated syslog.aug this is on
centos 5.10.
I was able to write an augeas type for this
augeas { syslog_local6none:
incl = /etc/syslog.conf,
lens = Syslog.lns,
changes = [
defvar syslog *[ ./action/file = \/var/log/messages\ ],
set \$syslog/selector[last() + 1]/facility local6,
defvar syslog_selector \$syslog/*[ ./facility = \local6\ ],
set \$syslog_selector/level none,
# rm \$syslog/action,
# set \$syslog/action/file /var/log/messages,
],
}
Hopefully this helps someone else as I spent way too much time figuring
this out...
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/cfab8a27-77c0-49de-82b1-4e0a5b2966bf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[Puppet Users] augeas, syslog and defining numbered items.
How can one change an existing entry with augeas on a numbered entry list? specifically I want to add entries in syslog to the entry that has file = /var/log/messages I can use this search string to find the entry: augtool print /files/etc/syslog.conf/*/action/file[. = /var/log/messages] /files/etc/syslog.conf/entry[1]/action/file = /var/log/messages The augeas examples really only show editing values that would be below file. I need to edit a a lower level then file. i.e. /files/etc/syslog.conf/entry[1]/selector[last() + 1]? How can this be done from augeas and puppet? (also should this go the the augeas list instead?) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/a57c5719-3321-49e2-a68a-c880b9f8a55f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: update yumrepo followed by packages updates.
Well no go with metadata_expire or a yum clean all after updating the
repo. This appears to be a bug of some sort. Debugging output shows
before any packages checked this output:
debug: Prefetching yum resources for package
debug: Puppet::Type::Package::ProviderYum: Executing '/bin/rpm --version'
debug: Puppet::Type::Package::ProviderYum: Executing '/bin/rpm -qa
--nosignature --nodigest --qf '%{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION}
%{RELEASE}
%{ARCH}
''
debug: Puppet::Type::Package::ProviderYum: Executing '/usr/bin/python
/usr/lib/ruby/site_ruby/1.8/puppet/provider/package/yumhelper.py'
I am thinking puppet somehow uses this information throughout the puppet
run, to verify packages are the latest. The obvious problem is this
doesnt get updated if a repo is updated. Hopefully I can get this worded
correctly and into a bug report.
On Monday, August 13, 2012 2:20:37 PM UTC-5, trey85stang wrote:
Thanks for the replies. I will give them metadata_expire option a try and
if that doesnt work.. ill just execute a yum clean all with every internal
repo update.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/H8lKCaEv-cUJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: update yumrepo followed by packages updates.
dohh... I just realized this host had 2.6 installed... not 2.7.
Everything works fine on 2.7.
On Tuesday, August 14, 2012 9:07:39 AM UTC-5, trey85stang wrote:
Well no go with metadata_expire or a yum clean all after updating the
repo. This appears to be a bug of some sort. Debugging output shows
before any packages checked this output:
debug: Prefetching yum resources for package
debug: Puppet::Type::Package::ProviderYum: Executing '/bin/rpm --version'
debug: Puppet::Type::Package::ProviderYum: Executing '/bin/rpm -qa
--nosignature --nodigest --qf '%{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION}
%{RELEASE}
%{ARCH}
''
debug: Puppet::Type::Package::ProviderYum: Executing '/usr/bin/python
/usr/lib/ruby/site_ruby/1.8/puppet/provider/package/yumhelper.py'
I am thinking puppet somehow uses this information throughout the puppet
run, to verify packages are the latest. The obvious problem is this
doesnt get updated if a repo is updated. Hopefully I can get this worded
correctly and into a bug report.
On Monday, August 13, 2012 2:20:37 PM UTC-5, trey85stang wrote:
Thanks for the replies. I will give them metadata_expire option a try
and if that doesnt work.. ill just execute a yum clean all with every
internal repo update.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/Nqy9xmmEv-kJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: update yumrepo followed by packages updates.
Thanks for the replies. I will give them metadata_expire option a try and if that doesnt work.. ill just execute a yum clean all with every internal repo update. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/FQTPajbMirIJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] update yumrepo followed by packages updates.
Hey All,
I have an issue I need help working around or determining if it is a bug
the issue is as follows, I have a custom repo(s) that has all my software
for a specific version release in it. A new version gets a new repo.
The problem lies when I move to upgrade software. My idea was to have a a
simple version variable in an external nodes script. When that changed the
repo would change... and all my software would be updated. The problem lies
that for some reason I need to puppet restarts to make this work??
example
class repos {
yumrepo { custom_app:
descr= custom_app,
baseurl =
http://reporserver/\$releasever/application-${::VERSION}/\$basearch;,
gpgkey = http://reposerver/RPM-GPG-KEY-Interop;,
enabled = 1,
gpgcheck = 1
}
}
class packages {
include repos
package { custom_app_rpm1:
ensure = latest,
require = Yumrepo[custom_app],
}
package { custom_app_rpm2:
ensure = latest,
require = Yumrepo[custom_app],
}
}
This is just a snippet...
Issue:
1) I update my VERSION variable
2) the next puppet run and only updates the repo (no rpms are upgraded)
3) next puppet run updates the rpms.
There are no errors. but shouldn't my rpms update on the first run after
the variable change?
Any ideas?
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/jS4yhakSc-AJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Foreman 1.0 released!
Very nice and polished release. I upgraded perfectly with the rpms on centos 6.3. I greatly appreciate the new texteditor for the provisioning templates/scripts. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/F5T_TKhUlUYJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: service * { enable = true } fails on puppet runs... (one client only)
Im with you in thinking it is a host issue I thought I would check here first before abandoning hope. Puppet is ran as root and selinux is disabled. On Tuesday, July 17, 2012 8:18:03 AM UTC-5, jcbollinger wrote: On Monday, July 16, 2012 5:23:15 PM UTC-5, Corey Hammerton wrote: it works for me when redhat is quoted. Puppet generally does a good job of choosing the right provider, so it is rarely necessary to specify one explicitly. That's especially so for RedHat variants, which tend to be well tested and well supported. In particular, I have never needed to specify a Service provider explicitly for CentOS 5.x / 6.x clients. Furthermore, it is a matter of good style to quote parameter values, but it is not actually necessary to do so for many of them, especially those that are strictly alphanumeric. Since the manifests work on a large number of boxes and fail only on one, it seems likely that there's something strange about the odd system that's causing the problem. Is the Puppet running as root, or at least as a sufficiently-privileged user? Speaking of privilege, is SELinux running in enforcing mode? John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/jqjx0ayeBCoJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: service * { enable = true } fails on puppet runs... (one client only)
ok, verified it was 100% a host problem puppet did good showing the error. the binary of chkconfig was corrupt every command line argument output a return code of 0 no matter what. Im not sure where puppet got that the command actually failed... but im glad it did. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/kv-bym0QtpMJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] service * { enable = true } fails on puppet runs... (one client only)
I have a puppet client that fails when trying to enable mcollective and nrpe (the only two services I have enable set for). I have 160+ machines that this works fine on but one just gives me the following: Jul 16 15:21:21 server1 puppet-agent[29413]: (/Stage[main]/Mcollective/Service[mcollective]/enable) change from false to true failed: Could not enable mcollective: Exec ution of '/sbin/chkconfig mcollective on' returned 1: Jul 16 15:21:21 server1 puppet-agent[29413]: (/Stage[main]/Nagios_plugins/Service[nrpe]/enable) change from false to true failed: Could not enable nrpe: Execution of '/ sbin/chkconfig nrpe on' returned 1: Jul 16 15:21:21 server1 puppet-agent[29413]: Finished catalog run in 2.38 seconds The problem is, these commands return zero when I run as root (puppet runs as root) [ server1 ~]# /sbin/chkconfig mcollective on [ server1 ~]# echo $? 0 [ server1 ~]# /sbin/chkconfig nrpe on [ server1 ~]# echo $? 0 [ server1 ~]# cat /etc/redhat-release CentOS release 5.2 (Final) [ server1 ~]# rpm -qa | grep puppet puppet-2.7.18-1.el5.noarch Any idea what is going on here? I can post the debug entries if it will help but it doesnt tell much more then what the messages log says. Thanks, Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/3nwpAaZtXVQJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Problem dealing with multi role servers/manifests. resource already declared.
Sounds good, not the way I was hoping to have to do it.. but that will work. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/Ld0sFBSIFnwJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Problem dealing with multi role servers/manifests. resource already declared.
Actually, one more question to spawn off this... Is there a way in my nagios/repo class to say if you have this class go ahead and assign yourself to my new services:httpd class? Can that be done with inheritance? I have never used inheritance so I am not sure. On Thursday, June 21, 2012 9:01:24 AM UTC-5, trey85stang wrote: Sounds good, not the way I was hoping to have to do it.. but that will work. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/8-pcqQeLB4sJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Problem dealing with multi role servers/manifests. resource already declared.
Hey All,
Im running into a road block with a server that is going to to be
multi role.
Example:
I want to run a nagios server and a repo server on one box.
My nagios manifest has two services defined:
class nagios::server {
...
service { nagios:
ensure = running,
...
}
service { httpd:
ensure = running
...
}
...
}
Now I also want to assign my reposerver manifest to a server already
running the nagios manifest
class repo::server {
...
service { httpd:
ensure = running
}
...
}
Now in each case I have files where httpd is notified to refresh...
Is there a way to work around this without creating a custom module
just for this one case? As you can see from the below error message I
tried changing the name and using an alias.. but it does not like that
either.
There error message:
Could not retrieve catalog from remote server: Error 400 on SERVER:
Puppet::Parser::AST::Resource failed with error ArgumentError: Cannot
alias Service[reposerver-httpd] to [httpd] at /etc/puppet/
environments/dev/modules/repo/manifests/init.pp:113; resource
[Service, httpd] already declared at /etc/puppet/environments/dev/
modules/nagios/manifests/init.pp:217 at /etc/puppet/environments/dev/
modules/opservers/manifests/init.pp:113 on node mynode.com
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] scheduling package installs - ignore schedule if not installed
Is there a way to override a schedule for a package if the package is
not installed?
class packages {
schedule { installs:
range = 2-4,
period = daily,
repeat = 1,
}
package { openssh:
ensure = latest,
schedule = installs,
}
}
I dont want to check if openssh is the latest package everytime puppet
runs; but I do want it installed if it is not already installed
regardless of the schedule.
Anyway to do this?
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Gerenating client certs... where to put them?
When I generate a cert on the puppetmaster, where do I get the cert, andwhere do I put them on the client so everything will work? Im prepping up for a deployment and have been looking through a lot of threads on the best way to deal with this.. but I havent seen one that says where to put the files on the client. and what I have tried so far does not work. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Gerenating client certs... where to put them?
http://projects.puppetlabs.com/projects/1/wiki/Certificates_And_Security answer is buried in that link, All good to go now. Thanks On Apr 7, 8:22 am, trey85stang trey85st...@gmail.com wrote: When I generate a cert on the puppetmaster, where do I get the cert, andwhere do I put them on the client so everything will work? Im prepping up for a deployment and have been looking through a lot of threads on the best way to deal with this.. but I havent seen one that says where to put the files on the client. and what I have tried so far does not work. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] syntax error with case statment; in file type.
I am getting a syntax error in a module and I'm not sure why...
Anyone care to take a look?
class audit {
file { /etc/audit.rules:
owner = root,
group = root,
mode = 640,
case $operatingsystemrelease {
10.2: { path = /etc/audit.rules,
source = puppet:///modules/audit/audit.rules.sles10,
require = Package[audit-libs,audit]
}
11.1: { path = /etc/audit/audit.rules,
source = puppet:///modules/audit/audit.rules.sles11,
require = Package[audit-libs,audit,audit-audispd-
plugins]
}
}
}
}
error on client is:
err: Could not retrieve catalog from remote server: Error 400 on
SERVER: Syntax error at 'case'; expected '}' at /etc/puppet/shared/
modules/audit/manifests/init.pp:6 on node node.example.com
Also, is it possible to do regex's in the case statement?
i.e
/^10\.[0-3]*/: { stuff here }
/^11\.[0-3]*/: { other stuff }
Thanks
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: syntax error with case statment; in file type.
Correction:
# subscribe = $highavailability ? {
#true = File[myapp],
#false = $hostname ? {
# /$m[0-9]*/ = File[myapp1],
# /$s[0-9]*/ = File[myapp2],
#},
# },
On Mar 30, 12:20 pm, trey85stang trey85st...@gmail.com wrote:
sweet, got it fixed by using selectors instead of case Im going
to add one more question to this thread since it appears to be syntax
related as well... perhaps my logic is just a little fubar
but, I have this module that the services complains that it cannot
find the file dependencies:
class apparmor {
if $highavailability == true {
file { myapp:
owner = root,
group = root,
mode = 640,
path = /etc/apparmor.d/path.to.myapp,
source = puppet://modules/apparmor/path.to.myapp,
require = Package[libapparmor,apparmor-profiles,perl-
libapparmor,yast2-apparmor],
}
} else {
case $hostname {
/$m[0-9]*$/: {
file { myapp1:
owner = root,
group = root,
mode = 640,
path = /etc/apparmor.d/path.to.myapp1,
source = puppet://modules/apparmor/path.to.myapp1,
require = Package[libapparmor,apparmor-profiles,perl-
libapparmor,yast2-apparmor],
}
}
/$s[0-9]*$/: {
file { myapp2:
owner = root,
group = root,
mode = 640,
path = /etc/apparmor.d/path.to.myapp2,
source = puppet://modules/apparmor/path.to.myapp2,
require = Package[libapparmor,apparmor-profiles,perl-
libapparmor,yast2-apparmor],
}
}
}
}
service { apparmor:
ensure = running,
# subscribe = $highavailability ? {
# true = File[myapp_profile],
# false = $hostname ? {
# /$m[0-9]*/ = File[myapp1_apparmor],
# /$s[0-9]*/ = File[myapp2_apparmor],
# },
# },
hasrestart = true,
hasstatus = true,
restart = /etc/init.d/apparmor restart,
status = /etc/init.d/apparmor status,
}
}
The commented out part under service is the section I am having
trouble with; as it always compalins that it cannot find
File[myapp]; the logic works but but the file type is never found.
With that section commented out the respective files transfer to their
respective location.
Any idea's on this one? I seem to be having problems with my logic
building in these modules.
On Mar 30, 9:32 am, Martin Alfke tux...@gmail.com wrote:
On Mar 30, 2011, at 4:03 PM, trey85stang wrote:
I am getting a syntax error in a module and I'm not sure why...
Anyone care to take a look?
class audit {
file { /etc/audit.rules:
owner = root,
group = root,
mode = 640,
case $operatingsystemrelease {
10.2: { path = /etc/audit.rules,
source = puppet:///modules/audit/audit.rules.sles10,
require = Package[audit-libs,audit]
}
11.1: { path = /etc/audit/audit.rules,
source = puppet:///modules/audit/audit.rules.sles11,
require = Package[audit-libs,audit,audit-audispd-
plugins]
}
}
}
}
You need to use a selector for each resource item:
path = $operatingsystemrelease ? {
10.2 = /etc/audit.rules,
11.1 = /etc/audit/audit.rules,
default = undef,},
source = $operatingsystemrelease ? {
10.2 = puppet...,
11.1 = puppet...,
default = ...,
},
another option would be to separate this to multiple manifests (one for
each os-release) and include based upon os-release number.
error on client is:
err: Could not retrieve catalog from remote server: Error 400 on
SERVER: Syntax error at 'case'; expected '}' at /etc/puppet/shared/
modules/audit/manifests/init.pp:6 on node node.example.com
Also, is it possible to do regex's in the case statement?
i.e
/^10\.[0-3]*/: { stuff here }
/^11\.[0-3]*/: { other stuff }
Regexp are possible, But you have to take care of upper/lower letters
yourself.
Thanks
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group
athttp://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: syntax error with case statment; in file type.
sweet, got it fixed by using selectors instead of case Im going
to add one more question to this thread since it appears to be syntax
related as well... perhaps my logic is just a little fubar
but, I have this module that the services complains that it cannot
find the file dependencies:
class apparmor {
if $highavailability == true {
file { myapp:
owner = root,
group = root,
mode= 640,
path= /etc/apparmor.d/path.to.myapp,
source = puppet://modules/apparmor/path.to.myapp,
require = Package[libapparmor,apparmor-profiles,perl-
libapparmor,yast2-apparmor],
}
} else {
case $hostname {
/$m[0-9]*$/: {
file { myapp1:
owner = root,
group = root,
mode= 640,
path= /etc/apparmor.d/path.to.myapp1,
source = puppet://modules/apparmor/path.to.myapp1,
require = Package[libapparmor,apparmor-profiles,perl-
libapparmor,yast2-apparmor],
}
}
/$s[0-9]*$/: {
file { myapp2:
owner = root,
group = root,
mode= 640,
path= /etc/apparmor.d/path.to.myapp2,
source = puppet://modules/apparmor/path.to.myapp2,
require = Package[libapparmor,apparmor-profiles,perl-
libapparmor,yast2-apparmor],
}
}
}
}
service { apparmor:
ensure = running,
# subscribe = $highavailability ? {
#true = File[myapp_profile],
#false = $hostname ? {
# /$m[0-9]*/ = File[myapp1_apparmor],
# /$s[0-9]*/ = File[myapp2_apparmor],
#},
# },
hasrestart = true,
hasstatus = true,
restart= /etc/init.d/apparmor restart,
status = /etc/init.d/apparmor status,
}
}
The commented out part under service is the section I am having
trouble with; as it always compalins that it cannot find
File[myapp]; the logic works but but the file type is never found.
With that section commented out the respective files transfer to their
respective location.
Any idea's on this one? I seem to be having problems with my logic
building in these modules.
On Mar 30, 9:32 am, Martin Alfke tux...@gmail.com wrote:
On Mar 30, 2011, at 4:03 PM, trey85stang wrote:
I am getting a syntax error in a module and I'm not sure why...
Anyone care to take a look?
class audit {
file { /etc/audit.rules:
owner = root,
group = root,
mode = 640,
case $operatingsystemrelease {
10.2: { path = /etc/audit.rules,
source = puppet:///modules/audit/audit.rules.sles10,
require = Package[audit-libs,audit]
}
11.1: { path = /etc/audit/audit.rules,
source = puppet:///modules/audit/audit.rules.sles11,
require = Package[audit-libs,audit,audit-audispd-
plugins]
}
}
}
}
You need to use a selector for each resource item:
path = $operatingsystemrelease ? {
10.2 = /etc/audit.rules,
11.1 = /etc/audit/audit.rules,
default = undef,},
source = $operatingsystemrelease ? {
10.2 = puppet...,
11.1 = puppet...,
default = ...,
},
another option would be to separate this to multiple manifests (one for each
os-release) and include based upon os-release number.
error on client is:
err: Could not retrieve catalog from remote server: Error 400 on
SERVER: Syntax error at 'case'; expected '}' at /etc/puppet/shared/
modules/audit/manifests/init.pp:6 on node node.example.com
Also, is it possible to do regex's in the case statement?
i.e
/^10\.[0-3]*/: { stuff here }
/^11\.[0-3]*/: { other stuff }
Regexp are possible, But you have to take care of upper/lower letters
yourself.
Thanks
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group
athttp://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: syntax error with case statment; in file type.
ok, dont bother answering the question about the other module... I
got it straightened out... the logic was fubar I cut it down to a
single file type, and service type with a few separators and it all
works now.
On Mar 30, 12:22 pm, trey85stang trey85st...@gmail.com wrote:
Correction:
# subscribe = $highavailability ? {
# true = File[myapp],
# false = $hostname ? {
# /$m[0-9]*/ = File[myapp1],
# /$s[0-9]*/ = File[myapp2],
# },
# },
On Mar 30, 12:20 pm, trey85stang trey85st...@gmail.com wrote:
sweet, got it fixed by using selectors instead of case Im going
to add one more question to this thread since it appears to be syntax
related as well... perhaps my logic is just a little fubar
but, I have this module that the services complains that it cannot
find the file dependencies:
class apparmor {
if $highavailability == true {
file { myapp:
owner = root,
group = root,
mode = 640,
path = /etc/apparmor.d/path.to.myapp,
source = puppet://modules/apparmor/path.to.myapp,
require = Package[libapparmor,apparmor-profiles,perl-
libapparmor,yast2-apparmor],
}
} else {
case $hostname {
/$m[0-9]*$/: {
file { myapp1:
owner = root,
group = root,
mode = 640,
path = /etc/apparmor.d/path.to.myapp1,
source = puppet://modules/apparmor/path.to.myapp1,
require = Package[libapparmor,apparmor-profiles,perl-
libapparmor,yast2-apparmor],
}
}
/$s[0-9]*$/: {
file { myapp2:
owner = root,
group = root,
mode = 640,
path = /etc/apparmor.d/path.to.myapp2,
source = puppet://modules/apparmor/path.to.myapp2,
require = Package[libapparmor,apparmor-profiles,perl-
libapparmor,yast2-apparmor],
}
}
}
}
service { apparmor:
ensure = running,
# subscribe = $highavailability ? {
# true = File[myapp_profile],
# false = $hostname ? {
# /$m[0-9]*/ = File[myapp1_apparmor],
# /$s[0-9]*/ = File[myapp2_apparmor],
# },
# },
hasrestart = true,
hasstatus = true,
restart = /etc/init.d/apparmor restart,
status = /etc/init.d/apparmor status,
}
}
The commented out part under service is the section I am having
trouble with; as it always compalins that it cannot find
File[myapp]; the logic works but but the file type is never found.
With that section commented out the respective files transfer to their
respective location.
Any idea's on this one? I seem to be having problems with my logic
building in these modules.
On Mar 30, 9:32 am, Martin Alfke tux...@gmail.com wrote:
On Mar 30, 2011, at 4:03 PM, trey85stang wrote:
I am getting a syntax error in a module and I'm not sure why...
Anyone care to take a look?
class audit {
file { /etc/audit.rules:
owner = root,
group = root,
mode = 640,
case $operatingsystemrelease {
10.2: { path = /etc/audit.rules,
source = puppet:///modules/audit/audit.rules.sles10,
require = Package[audit-libs,audit]
}
11.1: { path = /etc/audit/audit.rules,
source = puppet:///modules/audit/audit.rules.sles11,
require = Package[audit-libs,audit,audit-audispd-
plugins]
}
}
}
}
You need to use a selector for each resource item:
path = $operatingsystemrelease ? {
10.2 = /etc/audit.rules,
11.1 = /etc/audit/audit.rules,
default = undef,},
source = $operatingsystemrelease ? {
10.2 = puppet...,
11.1 = puppet...,
default = ...,
},
another option would be to separate this to multiple manifests (one for
each os-release) and include based upon os-release number.
error on client is:
err: Could not retrieve catalog from remote server: Error 400 on
SERVER: Syntax error at 'case'; expected '}' at /etc/puppet/shared/
modules/audit/manifests/init.pp:6 on node node.example.com
Also, is it possible to do regex's in the case statement?
i.e
/^10\.[0-3]*/: { stuff here }
/^11\.[0-3]*/: { other stuff }
Regexp are possible, But you have to take care of upper/lower letters
yourself.
Thanks
--
You received this message because you are subscribed to the Google
Groups Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group
athttp://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users
[Puppet Users] Re: Passenger, Puppet/ nodes.pp ignored with external nodes script?
I know its been a while, but that is exactly what I was doing.. returning nothing. Added the blank yaml and all is working. On Feb 19, 5:40 pm, Gary Larizza ccsh...@gmail.com wrote: With regard to the External Nodes problem - are you returning an empty block of YAML if the node isn't defined in the external nodes script? That's the way Puppet knows to check for the nodes.pp file. If you return /NOTHING/ (i.e. not an empty YAML block), then nodes.pp isn't checked. -Gary On Tue, Feb 15, 2011 at 6:11 PM, trey85stang trey85st...@gmail.com wrote: Hey All, I'm still experimenting with a puppet backend for 6000 hosts. I have switched from mongrel to a passenger backend on a single puppetserver. Afterwards any node that is not defined in the external nodes script, is now rejected even if they have an entry in my nodes.pp manifest. With the mongrel server this works as expected. Anyone know what might be wrong? OS is CentOS 5.5 ruby 1.8.7 compiled from source rake from source latest puppet 2.6.4 latest facter everything else is 5.5 based rpms. Config files are verbatim from the passenger on enterprise linux from the puppet documentation. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Gary Larizza Director of Technology Huron City Schoolshttp://www.huronhs.com 悟 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Need ideas on how to deploy custom software package... Stages?
Thanks for the suggestion, Ill give this a try.
On Mar 8, 3:09 pm, Disconnect dc.disconn...@gmail.com wrote:
class app {
exec { prescript:
refreshonly = true, command = ..,
}
package { package1: ensure = installed, require = Exec[prescript],
notify = Exec[postscript] }
package { package2: ensure = installed, require = Package[package1],
notify = Exec[postscript] }
# or require the exec if ordering doesn't matter
..
exec { postscript:
command = post install,
refreshonly = true,
}
}
Not 100% sure that the require will run the prescript, but I think that is
correct. And the postscript will get run once at the end (even though it is
notified 4 times)
On Tue, Mar 8, 2011 at 4:00 PM, trey85stang trey85st...@gmail.com wrote:
I have a custom app I need to attempt to deploy with puppet but Im not
quite grasping how I can do this... So I figured I would share the
steps needed and maybe someone can give me an idea:
1. Run pre script to setup environment (must exit with 0)
2. Install 4 rpm packages
3. Run post installation script. (must exit with 0)
That's all I need to do, but I want to ensure that 1,2,3 never run
again after the application is installed (hopefully with an onlyif or
something but I'm not sure how to do that without creating errors
My initial thought, is something along the lines of the following:
class mycoolapp {
exec { bash prescript:
path = /path/to/prescript_dir,
unless = grep -q $desiredver /path/to/somefile,
}
package { package1: ensure = installed }
package { package2: ensure = installed }
pacakge { package3: ensure = installed }
package { package4: ensure = installed }
exec { bash postscript:
path = /path/to/postscript_dir,
}
}
I also see recommendations of stages? Im not sure if that would be a
better route to try? Will the above do what I am looking for?
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Passenger, Puppet/ nodes.pp ignored with external nodes script?
Hey All, I'm still experimenting with a puppet backend for 6000 hosts. I have switched from mongrel to a passenger backend on a single puppetserver. Afterwards any node that is not defined in the external nodes script, is now rejected even if they have an entry in my nodes.pp manifest. With the mongrel server this works as expected. Anyone know what might be wrong? OS is CentOS 5.5 ruby 1.8.7 compiled from source rake from source latest puppet 2.6.4 latest facter everything else is 5.5 based rpms. Config files are verbatim from the passenger on enterprise linux from the puppet documentation. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Passenger, Puppet/ nodes.pp ignored with external nodes script?
while I am at it, what is the best way to load balance between multiple servers using passenger? a dedicated load balancer or can the balancing be done within passenger like mongrel? On Feb 15, 8:11 pm, trey85stang trey85st...@gmail.com wrote: Hey All, I'm still experimenting with a puppet backend for 6000 hosts. I have switched from mongrel to a passenger backend on a single puppetserver. Afterwards any node that is not defined in the external nodes script, is now rejected even if they have an entry in my nodes.pp manifest. With the mongrel server this works as expected. Anyone know what might be wrong? OS is CentOS 5.5 ruby 1.8.7 compiled from source rake from source latest puppet 2.6.4 latest facter everything else is 5.5 based rpms. Config files are verbatim from the passenger on enterprise linux from the puppet documentation. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Passenger, Puppet/ nodes.pp ignored with external nodes script?
Thanks Ben, that is simple enough. On Feb 15, 8:38 pm, Ben Hughes b...@puppetlabs.com wrote: On Tue, Feb 15, 2011 at 06:30:29PM -0800, trey85stang wrote: while I am at it, what is the best way to load balance between multiple servers using passenger? a dedicated load balancer or can the balancing be done within passenger like mongrel? As you're using Passenger you could get Apache (or nginx if that's what you're using) to do the load balancing for you. Using mod_proxy as you would with mongrel to serve it out between a number of passenger vhosts on multiple backends. -- ben -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Problem with file serving and envrionments.
Finally figured it out, Maybe this is a bug I am not sure. But I was setting the environment only from the external_nodes script. I was not making any changes to the client config. When I add the environment to the puppet.conf on the client everything now works as expected. Not exactly the way it seems it should work, if you can specify the environment with ext_nodes then the client shouldn't need to configured to point to it; should it? Thanks, Trey On Feb 10, 1:16 pm, trey85stang trey85st...@gmail.com wrote: one more thing to note. If I turn off all the evironments, restart puppetmaster and then everything works fine; and just one more clairification it's only new modules being created that have the problem. On Feb 10, 10:23 am, trey85stang trey85st...@gmail.com wrote: Hey all, Im still new to puppet so I may be doing something wrong. The problem I am having is I have setup multiple environments. Going from one environment. To get started with testing that I copied my manifests directory and modules dirctories into a handful of different directories to setup the environments. The I made the changes to my puppet.conf which is below: [main] vardir = /var/lib/puppet logdir = /var/log/puppet rundir = /var/run/puppet ssldir = $vardir/ssl manifest = /etc/puppet/environments/production/manifests/site.pp modulepath = /etc/puppet/environments/production/modules external_nodes = /etc/puppet/ext_node.sh node_terminus = exec [agent] classfile = $vardir/classes.txt localconfig = $vardir/localconfig [master] environments=production,development,testing,beta,pilot [production] manifest = /etc/puppet/environements/production/manifests/site.pp modulepath = /etc/puppet/environments/production/modules [development] manifest = /etc/puppet/environments/development/manifests/site.pp modulepath = /etc/puppet/environments/development/modules [testing] manifest = /etc/puppet/environments/testing/manifests/site.pp modulepath = /etc/puppet/environments/testing/modules [beta] manifest = /etc/puppet/environments/beta/manifests/site.pp modulepath = /etc/puppet/environments/beta/modules [pilot] manifest = /etc/puppet/environments/pilot/manifests/site.pp modulepath = /etc/puppet/environments/pilot/modules This all works perfectly, until I add a new module to one of the environemtns to push a file out, after which my clients will receive the following message: Feb 10 10:06:31 mynode1 puppet-agent[28932]: (/Stage[main]/Environment/ File[/etc/pupdev]) Could not evaluate: Error 400 on SERVER: Not authorized to call find on /file_metadata/environment/pupdev Could not retrieve file metadata for puppet:///environment/pupdev: Error 400 on SERVER: Not authorized to call find on /file_metadata/environment/ pupdev at /etc/puppet/environments/development/modules/environment/ manifests/init.pp:7 The message on the server is: Feb 10 10:05:02 puppetserver puppet-master[5377]: Not authorized to call find on /file_metadata/environment/pupdev I've seen a few posts mentioning that the fileserver.conf file needs to be updated. I have added allow * to it as suggested in a few other palces but all that does is keeps puppetmaster from restarting. Does anyone have any ideas as to what the problem is? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Problem with file serving and envrionments.
Thanks for the 411, Looks like I will just deal with the config file on the client. I can't say that would be my preferred way but I can deal with that. Thanks for the reponses and it's not a big deal. I can't complain too much when my work load is going to be decreasing greatly when I get this deployed. On Feb 11, 1:27 pm, Nigel Kersten ni...@puppetlabs.com wrote: On Fri, Feb 11, 2011 at 10:30 AM, trey85stang trey85st...@gmail.com wrote: Finally figured it out, Maybe this is a bug I am not sure. But I was setting the environment only from the external_nodes script. I was not making any changes to the client config. When I add the environment to the puppet.conf on the client everything now works as expected. Not exactly the way it seems it should work, if you can specify the environment with ext_nodes then the client shouldn't need to configured to point to it; should it? Ah, you're becoming familiar with 3910 my old dear friend. https://projects.puppetlabs.com/issues/3910 time to devote some more cycles to this one... -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Problem with file serving and envrionments.
Hey all, Im still new to puppet so I may be doing something wrong. The problem I am having is I have setup multiple environments. Going from one environment. To get started with testing that I copied my manifests directory and modules dirctories into a handful of different directories to setup the environments. The I made the changes to my puppet.conf which is below: [main] vardir = /var/lib/puppet logdir = /var/log/puppet rundir = /var/run/puppet ssldir = $vardir/ssl manifest = /etc/puppet/environments/production/manifests/site.pp modulepath = /etc/puppet/environments/production/modules external_nodes = /etc/puppet/ext_node.sh node_terminus = exec [agent] classfile = $vardir/classes.txt localconfig = $vardir/localconfig [master] environments=production,development,testing,beta,pilot [production] manifest = /etc/puppet/environements/production/manifests/site.pp modulepath = /etc/puppet/environments/production/modules [development] manifest = /etc/puppet/environments/development/manifests/site.pp modulepath = /etc/puppet/environments/development/modules [testing] manifest = /etc/puppet/environments/testing/manifests/site.pp modulepath = /etc/puppet/environments/testing/modules [beta] manifest = /etc/puppet/environments/beta/manifests/site.pp modulepath = /etc/puppet/environments/beta/modules [pilot] manifest = /etc/puppet/environments/pilot/manifests/site.pp modulepath = /etc/puppet/environments/pilot/modules This all works perfectly, until I add a new module to one of the environemtns to push a file out, after which my clients will receive the following message: Feb 10 10:06:31 mynode1 puppet-agent[28932]: (/Stage[main]/Environment/ File[/etc/pupdev]) Could not evaluate: Error 400 on SERVER: Not authorized to call find on /file_metadata/environment/pupdev Could not retrieve file metadata for puppet:///environment/pupdev: Error 400 on SERVER: Not authorized to call find on /file_metadata/environment/ pupdev at /etc/puppet/environments/development/modules/environment/ manifests/init.pp:7 The message on the server is: Feb 10 10:05:02 puppetserver puppet-master[5377]: Not authorized to call find on /file_metadata/environment/pupdev I've seen a few posts mentioning that the fileserver.conf file needs to be updated. I have added allow * to it as suggested in a few other palces but all that does is keeps puppetmaster from restarting. Does anyone have any ideas as to what the problem is? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Problem with file serving and envrionments.
one more thing to note. If I turn off all the evironments, restart puppetmaster and then everything works fine; and just one more clairification it's only new modules being created that have the problem. On Feb 10, 10:23 am, trey85stang trey85st...@gmail.com wrote: Hey all, Im still new to puppet so I may be doing something wrong. The problem I am having is I have setup multiple environments. Going from one environment. To get started with testing that I copied my manifests directory and modules dirctories into a handful of different directories to setup the environments. The I made the changes to my puppet.conf which is below: [main] vardir = /var/lib/puppet logdir = /var/log/puppet rundir = /var/run/puppet ssldir = $vardir/ssl manifest = /etc/puppet/environments/production/manifests/site.pp modulepath = /etc/puppet/environments/production/modules external_nodes = /etc/puppet/ext_node.sh node_terminus = exec [agent] classfile = $vardir/classes.txt localconfig = $vardir/localconfig [master] environments=production,development,testing,beta,pilot [production] manifest = /etc/puppet/environements/production/manifests/site.pp modulepath = /etc/puppet/environments/production/modules [development] manifest = /etc/puppet/environments/development/manifests/site.pp modulepath = /etc/puppet/environments/development/modules [testing] manifest = /etc/puppet/environments/testing/manifests/site.pp modulepath = /etc/puppet/environments/testing/modules [beta] manifest = /etc/puppet/environments/beta/manifests/site.pp modulepath = /etc/puppet/environments/beta/modules [pilot] manifest = /etc/puppet/environments/pilot/manifests/site.pp modulepath = /etc/puppet/environments/pilot/modules This all works perfectly, until I add a new module to one of the environemtns to push a file out, after which my clients will receive the following message: Feb 10 10:06:31 mynode1 puppet-agent[28932]: (/Stage[main]/Environment/ File[/etc/pupdev]) Could not evaluate: Error 400 on SERVER: Not authorized to call find on /file_metadata/environment/pupdev Could not retrieve file metadata for puppet:///environment/pupdev: Error 400 on SERVER: Not authorized to call find on /file_metadata/environment/ pupdev at /etc/puppet/environments/development/modules/environment/ manifests/init.pp:7 The message on the server is: Feb 10 10:05:02 puppetserver puppet-master[5377]: Not authorized to call find on /file_metadata/environment/pupdev I've seen a few posts mentioning that the fileserver.conf file needs to be updated. I have added allow * to it as suggested in a few other palces but all that does is keeps puppetmaster from restarting. Does anyone have any ideas as to what the problem is? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] if statement in class not working...
I have a simple class like so for cronjobs:
class cron_jobs {
cron { cron1:
command = /path/to/cron1,
user= root,
hour= 0,
minute = 5,
ensure = present,
}
cron { cron2:
command = /path/to/cron2,
user= root,
hour= 0,
minute = 0,
ensure = present,
}
if $myvar == 'foo' {
cron { cron3.$myvar:
command = /path/to/cron3,
user= root,
}
} else {
cron { cron3.$myvar:
commad = /path/to/cron3,
user = root,
}
}
}
but I am obviously doing something wrong because the clients always
give a syntax error:
Could not retrieve catalog from remote server: Error 400 on SERVER:
Syntax error at '.'; expected '}' at /etc/puppet/modules/cron_jobs/
manifests/init.pp:17 on node noe.domain.com
Can anyone tell me what I am doing wrong? I've also tried with a case
statement instead of if but I get the same syntax error at the first
cron line. So Im guessing something is wrong with the cron command
in the bracked if statement ?
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: if statement in class not working...
I have figured it out, the cron name had a dot n it. I needed to
encase that in quotes before it would work. so it wasn't a syntax
error like the log message was leading me to believe.
On Feb 9, 12:10 pm, trey85stang trey85st...@gmail.com wrote:
I have a simple class like so for cronjobs:
class cron_jobs {
cron { cron1:
command = /path/to/cron1,
user = root,
hour = 0,
minute = 5,
ensure = present,
}
cron { cron2:
command = /path/to/cron2,
user = root,
hour = 0,
minute = 0,
ensure = present,
}
if $myvar == 'foo' {
cron { cron3.$myvar:
command = /path/to/cron3,
user = root,
}
} else {
cron { cron3.$myvar:
commad = /path/to/cron3,
user = root,
}
}
}
but I am obviously doing something wrong because the clients always
give a syntax error:
Could not retrieve catalog from remote server: Error 400 on SERVER:
Syntax error at '.'; expected '}' at /etc/puppet/modules/cron_jobs/
manifests/init.pp:17 on node noe.domain.com
Can anyone tell me what I am doing wrong? I've also tried with a case
statement instead of if but I get the same syntax error at the first
cron line. So Im guessing something is wrong with the cron command
in the bracked if statement ?
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: apache frontend not running puppetmaster.
Jeff, Thanks for answering this question in detail. It is greatly
appreciated. I have everything working as is now but want to get the
ssl signing corrected as I just point to a dedicated ca, if I can get
this handled all through the mod_ssl proxy that would be ideal.
Ill post back with any further questions that I may have after
digesting the information you have provided me.
Thanks,
Trey
On Jan 31, 7:19 pm, Jeff McCune j...@puppetlabs.com wrote:
On Fri, Jan 28, 2011 at 4:00 PM, trey85stang trey85st...@gmail.com wrote:
Hey All, does anyone know how I would go about creating a front-end
apache config for a set of 3 puppetmaster backend servers? Id rather
not run puppetmaster on the apache front-end.
How do I handle the clients?
I recommend configuring a virtual host in Apache to handle this. This
Apache virtual host will do three main things:
1: Terminate SSL connections using a certificate issued with the
puppet cert command.
2: Set HTTP request headers if the client is authenticated.
3: Distribute requests to the back end workers.
For the SSL portion, you can generate a certificate for Apache using
something like:
$ puppet cert --generate loadbalancer.mydomain.lan --certdnsnames puppet
Then copy the CA certificate, certificate revocation list, SSL
certificate and private key to the load balancer host. The Apache
options to load these files are:
SSLCertificateFile /path/to/ssl_cert.pem
SSLCertificateKeyFile /path/to/ssl_cert_key.pem
SSLCertificateChainFile /path/to/ssl_cert_chain.pem
SSLCACertificateFile /path/to/ssl_ca_cert.pem
SSLCARevocationFile /path/to/ssl_ca_crl.pem
The SSLCertificateChainFile and SSLCACertificateFile may be identical
if you're using a self signed certificate authority (since we have a 1
link chain), which is the default when Puppet generates the CA
certificate.
Once you have the certificates configured, you need to set the
verification policy:
SSLVerifyClient (optional if you want the load balancer to handle
certificate signing requests from the agent, required if you want to
drop any connections that do not already have a signed certificate)
SSLVerifyDepth 1
You also need to set the SSL options, but these are normally already
set when Apache is installed. The following settings use strong
ciphers.
SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
For the second task of setting the authentication headers, you can use:
SSLOptions +StdEnvVars
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
Finally, you need to distribute the requests some how. For this I
recommend reading up on mod_proxy_balancer
at:http://httpd.apache.org/docs/2.2/mod/mod_proxy_balancer.html
I use something like this outside the vhost block:
Proxy balancer://puppetmaster/
BalancerMemberhttp://1.2.3.4:8140/loadfactor=10
BalancerMemberhttp://1.2.3.5:8140/loadfactor=10
BalancerMemberhttp://1.2.3.6:8140/loadfactor=10
/Proxy
And inside the vhost block:
ProxyPass / balancer://puppetmaster/
ProxyPassReverse / balancer://puppetmaster/
Once you have the load balancer configured like this, the workers
should be configured as per the Using Passenger document
athttp://projects.puppetlabs.com/projects/1/wiki/Using_Passenger
_except_ they shouldn't be SSL enabled virtual hosts since the load
balancer handles that. (NOTE! This is a huge security risk if you're
workers are exposed. The traffic from the LB to the workers is in the
clear and client request headers can be forged! Beware! Protect your
workers!)
My though is the following for my setup:
standalone Puppet CA server that will handle signing of certs only.
I recommend using ProxyPassMatch and ProxyPassReverse to direct all
certificate requests to one worker. Something like this works well:
ProxyPassMatch ^(/.*?)/(certificate.*?)/(.*)$ balancer://puppetmaster_ca/
ProxyPassReverse ^(/.*?)/(certificate.*?)/(.*)$ balancer://puppetmaster_ca/
Hope this helps,
--
Jeff McCunehttp://www.puppetlabs.com/
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] apache frontend not running puppetmaster.
Hey All, does anyone know how I would go about creating a front-end apache config for a set of 3 puppetmaster backend servers? Id rather not run puppetmaster on the apache front-end. How do I handle the clients? My though is the following for my setup: standalone Puppet CA server that will handle signing of certs only. An apache front end, to distribute load to 3-5 backend puppetmaster servers. Im just confused on how handle the ssl portion of this config based off the puppet.conf file in this link: http://projects.puppetlabs.com/projects/puppet/wiki/Using_Mongrel_On_Enterprise_Linux Any help would be appreciated. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppet agent 2.6.4... log file no longer careted/updated?
I recently installed puppet 2.6.4 on a server and client... And I can not get puppet agent to write to a log file. puppet.conf is as follows: [main] vardir = /var/puppet logdir = $vardir/log rundir = $vardir/run ssldir = $vardir/ssl [agent] classfile = $vardir/classes.txt puppetdlog = $logdir/puppetd.log localconfig = $vardir/localconfig Am I missing something? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: puppet agent 2.6.4... log file no longer careted/updated?
They certainly are, thats for pointing that out. Ill just feel embarassed now for not looking there to begin with. :) On Jan 14, 3:43 pm, Mohamed Lrhazi lrh...@gmail.com wrote: are the logs in syslogd ? grep -r puppet /var/log ? On Fri, Jan 14, 2011 at 4:30 PM, trey85stang trey85st...@gmail.com wrote: I recently installed puppet 2.6.4 on a server and client... And I can not get puppet agent to write to a log file. puppet.conf is as follows: [main] vardir = /var/puppet logdir = $vardir/log rundir = $vardir/run ssldir = $vardir/ssl [agent] classfile = $vardir/classes.txt puppetdlog = $logdir/puppetd.log localconfig = $vardir/localconfig Am I missing something? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en. -- يوم نلقاك يوم فرحي و هنايا -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: pushing files with host based variables?
Thanks for the reply,
It looks like I would need an entry for every host if I were to take
that route? My environment would require 6000*3 entries... That
doesn't seem logical.
Am I understanding this correctly?
On Jan 10, 4:35 am, Bruce Richardson itsbr...@workshy.org wrote:
On Sun, Jan 09, 2011 at 10:42:19AM -0800, trey85stang wrote:
192.168.1.20 host1.domain.com
192.168.1.30 host2.domain.com
192.168.1.250 unique_host.domain.com
Is there a way to manage this with puppet? What I would like to do is
be able to check that those 3 entries exist... if not replace the file
and generate the custom content that needs to be in the file?
If you use host resources, as already recommended, Puppet will create
the entries if they do not exist. If you only want those entries
present, tell Puppet to purge all host entries not specified in the
puppet configuration for that host.
host { 'host1.domain.com':
ip = '192.168.1.20',
ensure = 'present'
}
host { 'host2.domain.com':
ip = '192.168.1.30',
ensure = 'present'
}
host { 'unique_host.domain.com':
ip = '192.168.1.250',
ensure = 'present'
}
resources { 'host': purge = true }
Stop thinking custom scripts; start thinking resources. Most Puppet
configuration consists of specifying which resources you do or don't
want present in which circumstances. Most of the rest of it is about
defining which resources depend on which others (e.g. this running
application depends on that configuration file). You describe how a
system should look and Puppet does what is necessary to make it so.
--
Bruce
I object to intellect without discipline. I object to power without
constructive purpose. -- Spock
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: pushing files with host based variables?
Actually, upon more reading on my own, this is where stored configs
will come into play? Ill approach more reading on that subject.
On Jan 10, 9:56 am, trey85stang trey85st...@gmail.com wrote:
Thanks for the reply,
It looks like I would need an entry for every host if I were to take
that route? My environment would require 6000*3 entries... That
doesn't seem logical.
Am I understanding this correctly?
On Jan 10, 4:35 am, Bruce Richardson itsbr...@workshy.org wrote:
On Sun, Jan 09, 2011 at 10:42:19AM -0800, trey85stang wrote:
192.168.1.20 host1.domain.com
192.168.1.30 host2.domain.com
192.168.1.250 unique_host.domain.com
Is there a way to manage this with puppet? What I would like to do is
be able to check that those 3 entries exist... if not replace the file
and generate the custom content that needs to be in the file?
If you use host resources, as already recommended, Puppet will create
the entries if they do not exist. If you only want those entries
present, tell Puppet to purge all host entries not specified in the
puppet configuration for that host.
host { 'host1.domain.com':
ip = '192.168.1.20',
ensure = 'present'
}
host { 'host2.domain.com':
ip = '192.168.1.30',
ensure = 'present'
}
host { 'unique_host.domain.com':
ip = '192.168.1.250',
ensure = 'present'
}
resources { 'host': purge = true }
Stop thinking custom scripts; start thinking resources. Most Puppet
configuration consists of specifying which resources you do or don't
want present in which circumstances. Most of the rest of it is about
defining which resources depend on which others (e.g. this running
application depends on that configuration file). You describe how a
system should look and Puppet does what is necessary to make it so.
--
Bruce
I object to intellect without discipline. I object to power without
constructive purpose. -- Spock
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: pushing files with host based variables?
Upon further reading, it looks like what I want would be better
accomplished with using stored configs?
On Jan 10, 9:56 am, trey85stang trey85st...@gmail.com wrote:
Thanks for the reply,
It looks like I would need an entry for every host if I were to take
that route? My environment would require 6000*3 entries... That
doesn't seem logical.
Am I understanding this correctly?
On Jan 10, 4:35 am, Bruce Richardson itsbr...@workshy.org wrote:
On Sun, Jan 09, 2011 at 10:42:19AM -0800, trey85stang wrote:
192.168.1.20 host1.domain.com
192.168.1.30 host2.domain.com
192.168.1.250 unique_host.domain.com
Is there a way to manage this with puppet? What I would like to do is
be able to check that those 3 entries exist... if not replace the file
and generate the custom content that needs to be in the file?
If you use host resources, as already recommended, Puppet will create
the entries if they do not exist. If you only want those entries
present, tell Puppet to purge all host entries not specified in the
puppet configuration for that host.
host { 'host1.domain.com':
ip = '192.168.1.20',
ensure = 'present'
}
host { 'host2.domain.com':
ip = '192.168.1.30',
ensure = 'present'
}
host { 'unique_host.domain.com':
ip = '192.168.1.250',
ensure = 'present'
}
resources { 'host': purge = true }
Stop thinking custom scripts; start thinking resources. Most Puppet
configuration consists of specifying which resources you do or don't
want present in which circumstances. Most of the rest of it is about
defining which resources depend on which others (e.g. this running
application depends on that configuration file). You describe how a
system should look and Puppet does what is necessary to make it so.
--
Bruce
I object to intellect without discipline. I object to power without
constructive purpose. -- Spock
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: pushing files with host based variables?
Sorry for going back to scripts, I keep reading and reading that if you think in terms of scripts you're only going to confuse yourself been writing automation/admin scripts for way too long. I think you all have giving me a lot more to read up on so I will be doing that. I'll do some more reading and come back to this when I get a little further. So I will be looking at classes/define/repeat to see what I can come up with. On Jan 10, 1:46 pm, Bruce Richardson itsbr...@workshy.org wrote: On Mon, Jan 10, 2011 at 11:19:03AM -0800, trey85stang wrote: Bruce, I think what you are saying is clicking now. Now does puppet allow any variable substitution? I do urge you to stop thinking in terms of scripts. It doesn't map well onto the way that Puppet works. If you mean How do I apply the same changes to multiple nodes, with different values for each host?, then one answer is to put the common actions into a class and set different variable values in each node declaration. Alternatively, put them into a define and pass different parameters each time you call it. You can also use defines to repeate the same actions/changes with multiple values within a single context (e.g. a node). You should be able to find examples in the online documentation. -- Bruce I must admit that the existence of Disneyland (which I know is real) proves that we are not living in Judea in AD 50. -- Philip K. Dick signature.asc 1KViewDownload -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: pushing files with host based variables?
Forgot to mention I appreciate everyone's help! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] pushing files with host based variables?
I hope my title makes sense. I'm still new to puppet but have made a lot o progress in a matter of 2-3 days and have a good grasp on the fundamentals... Now I'm trying to determine how to do a little more then basic things. My hosts all have standard hosts files that are almost identical, what's not identical is 3 lines, 2 lines I can generate with ip address information and hostname, the third line I can pull from an outside db or from the existing file. i.e.: custom host entries: 192.168.1.20host1.domain.com 192.168.1.30host2.domain.com 192.168.1.250 unique_host.domain.com Is there a way to manage this with puppet? What I would like to do is be able to check that those 3 entries exist... if not replace the file and generate the custom content that needs to be in the file? Not sure how to do this in puppet.. or if it is even possible. My thought's are a custom script that verifies the file, if that script fails... replace the file, then run another script to populate the custom information. Or can this all be done from within puppet? Also the hosts file is just an example... I have probably a dozen other files I need to be able to do this with. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Considerations for puppet/cluster to manage 6000 hosts.
I'm trying to get an idea of what kind of backend setup I would need to run puppet to manage roughly 6000 hosts. I see puppet by iteself is limited to 10-20; but with mongrel/apache that number shoots up but I am not sure by how much? Im still new to puppet and running it in a lab but want to take it to our production environment but there are some details that I need to work out but thought I would pose this question first since there are surely people who have already went through all this already. 1. With a 1000mb connection, how many clients can I serve with mongrel apache/setup? I'm guessing around 200-300? or can it take more? 2. Should I let a high availability apache frontend manage a puppet backend? ( i.e. load balance port 8140 from apache to multiple puppet backend servers like so: Proxy balancer://puppetmaster BalancerMember http://10.0.0.10:18140 BalancerMember http://10.0.0.10:18141 BalancerMember http://10.0.0.10:18142 BalancerMember http://10.0.0.10:18143 BalancerMember http://10.0.0.11:18140 BalancerMember http://10.0.0.11:18141 BalancerMember http://10.0.0.11:18142 BalancerMember http://10.0.0.11:18143 BalancerMember http://10.0.0.12:18140 BalancerMember http://10.0.0.12:18141 BalancerMember http://10.0.0.12:18142 BalancerMember http://10.0.0.12:18143 /Proxy ) 3. What is the best way to manage client signing and keeping the pem/ files in sync across such a backend? 4. Am I thinking about this type of setup all wrong? Any advice appreciated -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Considerations for puppet/cluster to manage 6000 hosts.
Thanks for the reply, is there any documentation available on this type of setup? Where would the sql servers come into play? On Jan 8, 4:06 pm, Eduardo S. Scarpellini scarpell...@gmail.com wrote: My suggestions for big scenarios is: mod_passenger/apache22 (+ ruby-enterprise), subversion (or another scm you like), puppet2.6.4 + stored_configs_async, some stomp server (like activemq), and a couple of mysql servers. You don't need to sync the ssl keys (pem, etc) between backend servers, since you copy your CA to all of them. Mongrels + proxy_http is not a good idea for high loads scenarios and you should consider a hardware load balancer and separation of the puppet instances in manifests-server and file-server. 2011/1/8 trey85stang trey85st...@gmail.com I'm trying to get an idea of what kind of backend setup I would need to run puppet to manage roughly 6000 hosts. I see puppet by iteself is limited to 10-20; but with mongrel/apache that number shoots up but I am not sure by how much? Im still new to puppet and running it in a lab but want to take it to our production environment but there are some details that I need to work out but thought I would pose this question first since there are surely people who have already went through all this already. 1. With a 1000mb connection, how many clients can I serve with mongrel apache/setup? I'm guessing around 200-300? or can it take more? 2. Should I let a high availability apache frontend manage a puppet backend? ( i.e. load balance port 8140 from apache to multiple puppet backend servers like so: Proxy balancer://puppetmaster BalancerMemberhttp://10.0.0.10:18140 BalancerMemberhttp://10.0.0.10:18141 BalancerMemberhttp://10.0.0.10:18142 BalancerMemberhttp://10.0.0.10:18143 BalancerMemberhttp://10.0.0.11:18140 BalancerMemberhttp://10.0.0.11:18141 BalancerMemberhttp://10.0.0.11:18142 BalancerMemberhttp://10.0.0.11:18143 BalancerMemberhttp://10.0.0.12:18140 BalancerMemberhttp://10.0.0.12:18141 BalancerMemberhttp://10.0.0.12:18142 BalancerMemberhttp://10.0.0.12:18143 /Proxy ) 3. What is the best way to manage client signing and keeping the pem/ files in sync across such a backend? 4. Am I thinking about this type of setup all wrong? Any advice appreciated -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Eduardo S. Scarpellini scarpell...@gmail.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Considerations for puppet/cluster to manage 6000 hosts.
Thanks for all the replies, looks like a have a lot more reading to do. Appreciate all the info! Thanks On Jan 8, 4:18 pm, Patrick kc7...@gmail.com wrote: You'll need one or more mysql servers if you use storedconfigs. Storedconfigs can be useful, but will drastically increase the server CPU usage and will require a mysql backend. You can always turn it on later. There are two (working) ways to setup SSL which is used for authentication and security. When last I checked, the chained certificates method still doesn't work due to bugs. 1) Copy the same certificate authority to each server. This is easy to do, but will break certificate revocation lists (CRL). 2) Dedicate one computer to be the certificate authority. Requires more client config, but allows CRLs to work. On Jan 8, 2011, at 2:11 PM, trey85stang wrote: Thanks for the reply, is there any documentation available on this type of setup? Where would the sql servers come into play? On Jan 8, 4:06 pm, Eduardo S. Scarpellini scarpell...@gmail.com wrote: My suggestions for big scenarios is: mod_passenger/apache22 (+ ruby-enterprise), subversion (or another scm you like), puppet2.6.4 + stored_configs_async, some stomp server (like activemq), and a couple of mysql servers. You don't need to sync the ssl keys (pem, etc) between backend servers, since you copy your CA to all of them. Mongrels + proxy_http is not a good idea for high loads scenarios and you should consider a hardware load balancer and separation of the puppet instances in manifests-server and file-server. 2011/1/8 trey85stang trey85st...@gmail.com I'm trying to get an idea of what kind of backend setup I would need to run puppet to manage roughly 6000 hosts. I see puppet by iteself is limited to 10-20; but with mongrel/apache that number shoots up but I am not sure by how much? Im still new to puppet and running it in a lab but want to take it to our production environment but there are some details that I need to work out but thought I would pose this question first since there are surely people who have already went through all this already. 1. With a 1000mb connection, how many clients can I serve with mongrel apache/setup? I'm guessing around 200-300? or can it take more? 2. Should I let a high availability apache frontend manage a puppet backend? ( i.e. load balance port 8140 from apache to multiple puppet backend servers like so: Proxy balancer://puppetmaster BalancerMemberhttp://10.0.0.10:18140 BalancerMemberhttp://10.0.0.10:18141 BalancerMemberhttp://10.0.0.10:18142 BalancerMemberhttp://10.0.0.10:18143 BalancerMemberhttp://10.0.0.11:18140 BalancerMemberhttp://10.0.0.11:18141 BalancerMemberhttp://10.0.0.11:18142 BalancerMemberhttp://10.0.0.11:18143 BalancerMemberhttp://10.0.0.12:18140 BalancerMemberhttp://10.0.0.12:18141 BalancerMemberhttp://10.0.0.12:18142 BalancerMemberhttp://10.0.0.12:18143 /Proxy ) 3. What is the best way to manage client signing and keeping the pem/ files in sync across such a backend? 4. Am I thinking about this type of setup all wrong? Any advice appreciated -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Eduardo S. Scarpellini scarpell...@gmail.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
