Re: [Puppet Users] Ordering agent runs

2015-10-07 Thread Xav Paice 
On 07/10/15 08:20, Rick Lindal wrote:
> Thanks for the link Martin. We are using open source.
>

Same - that's why I've started to look at using Salt to drive
orchestration for Puppet - see
https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.puppet.html

I like Puppet a lot, but orchestration is the biggest headache.  It's
great to see Puppetlabs produce a solution but sad it's not open source,
which is driving me to look at alternatives.  Combining the two means I
don't have to walk away from the massive investment in Puppet dev we
have already made, while enjoying the benefit of plugging the holes.

> On Tue, Oct 6, 2015 at 1:03 PM, Martin Alfke  > wrote:
>
>
> On 06 Oct 2015, at 11:39, rjl  > wrote:
>
> > Hi All,
> > I have an odd requirement to contend with. We have puppet
> clients that have peers. While a catalog is being executed on one
> client, its peer must not execute its catalog until the other is
> complete. Each client has only one peer. Has anyone done something
> similar? I have not yet been able to derive a good solution.
> >
> > Scratching my head…
>
> Hi rjl,
>
> you might want to view or attend PuppetConf keynote.
> https://puppetlabs.com/introducing-puppet-application-orchestration
>
> Best,
> Martin
>
> >
> > Thanks in advance.
> >
> > rjl
> >
> > --
> > You received this message because you are subscribed to the
> Google Groups "Puppet Users" group.
> > To unsubscribe from this group and stop receiving emails from
> it, send an email to puppet-users+unsubscr...@googlegroups.com
> .
> > To view this discussion on the web visit 
> https://groups.google.com/d/msgid/puppet-users/941fa895-4356-4bb3-bf03-264fee982d5b%40googlegroups.com.
> > For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to a topic in
> the Google Groups "Puppet Users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/puppet-users/ONKtSBuE_6M/unsubscribe.
> To unsubscribe from this group and all its topics, send an email
> to puppet-users+unsubscr...@googlegroups.com
> .
> To view this discussion on the web visit
> 
> https://groups.google.com/d/msgid/puppet-users/AD749615-4ABC-429F-8C15-0B22EC6E05C5%40gmail.com.
> For more options, visit https://groups.google.com/d/optout.
>
>
> -- 
> You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to puppet-users+unsubscr...@googlegroups.com
> .
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/CAKHF65jso%2B%3Dex1eawJ4O9uSGotq-N3N-w%3DEv3qdwu8_EeySW7A%40mail.gmail.com
> .
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56158CDD.6010501%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Slow Mirror

2015-06-16 Thread Xav Paice 
On 12/06/15 12:05, Daniel Parks wrote:
> On Thu, Jun 11, 2015 at 3:25 AM, Denny B  > wrote:
>
> We can't download faster than 1mb/s. When I use another Server
> from other network everything works fine.
> Can you check if there is a speedlimit active for 217.79.215.0/24
>  ?
> To other mirrors (such as debian) we can download as fast as
> possible (~30-50mb/s)
>
>  
> We don’t do any kind of bandwidth limiting for that box, and our
> hosting provider reports that there shouldn’t be any problems. Looks
> like there’s a problem between our networks. Could you open a ticket
> with your hosting provider to see what they can do? Feel free to give
> them my email (d...@puppetlabs.com ) and I’ll
> do whatever I can to help.
>

When we go to http://apt.puppetlabs.com/pool/trusty/main/p/puppet/
there's no files at all - although the server responds pretty quickly -
is this a known thing?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5580A8F5.4060007%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] hiera - default parameter values and design questions

2014-09-11 Thread Xav Paice 
inline

On 12/09/14 13:36, Mike Reed wrote:
> Hello all,
>
> I ran into a problem with hiera and in particular, assigning or not
> assigning default values to variables within a data source.  I'm using
> the mcollective module (currently using version 1.1.6) and I've built
> a very simple hiera backend to start adding site-specific data into a
> single place.  Within the mcollective init.pp manifest, I've
> identified four places for which I'd like to abstract data into hiera;
> they are:
>
> $server= hiera('::mcollective::server'),
> $client = hiera('::mcollective::client'),
> $middleware = hiera('::mcollective::middleware'),
> $middleware_hosts = hiera('::mcollective::middleware_hosts'),
>
> I've created a fqdn specific hiera source (ourlocalhost.local.yaml)
> and added this:
>
> classes:
>   - mcollective
>
> # mcollective parameters
> mcollective::middleware: true
> mcollective::server: true
> mcollective::client: true
> mcollective::middleware_hosts:
>   - ourlocalhost.local
>
> Upon running puppet on this specific host, the puppet run completes
> and I marvel at the wonder of puppet and heiras' beautiful co-existence.
>
> Now I'd like to simply add mcollective to any node in my network so I
> go to common.yaml and add the following:
>
> classes:
>   - mcollective
>
> # mcollective parameters
> mcollective::server: true
> mcollective::middleware_hosts:
>   - outlocalhost.local
>
> However, upon running puppet on a fresh machine, I get the following
> error:
>
> Error: Could not retrieve catalog from remote server: Error 400 on
> SERVER: Could not find data item ::mcollective::client in any Hiera
> data file and no default supplied at
> /etc/puppet/environments/test/modules/mcollective/manifests/init.pp:5
> on node mynode.local
>
> If I add this line into common.yaml (mcollective::client: false) then
> I get the following failure:
>
> Error: Could not retrieve catalog from remote server: Error 400 on
> SERVER: Could not find data item ::mcollective::middleware in any
> Hiera data file and no default supplied at
> /etc/puppet/environments/test/modules/mcollective/manifests/init.pp:6
> on node mynode.local
>
> If I then go back into common.yaml and add 'false' to the values I
> don't want, everything works:
>
> classes: mcollective
> mcollective::middleware: false
> mcollective::server: true
> mcollective::client: false
> mcollective::middleware_hosts:
>   - ourlocalhost.local
>
>
> I've been searching for answers on the interwebs and haven't been able
> to find anything specific for this one so I figured I'd ask a few
> questions:
>
> 1.  Is this the expected functionality?  If so, am I to understand
> that I have to keep track of every hiera call (ex $server =
> hiera('::mcollective::server'), $client =
> hiera('::mcollective::client')), in my many modules and create
> defaults for each of these values in the various hiera source files
> that I create?  My understanding was that I could create these hiera
> calls in my classes and a al carte these values within my hiera source
> files.  Am I mistaken and if not, doesn't that create redundant data
> within my hiera source file tree?  Also, if future-me adds one
> additional hiera call to the init.pp, does that mean I have to track
> down every hiera data source and add a default value to each one? 
>

There's two approaches to hiera - if you want to use the hiera()
function, you can give it two args - hiera('::mcollective::client',
false) would look at the content of ::mcollective::client and if there's
nothing in hiera, would return a default of false.  That's probably the
simplest approach for this example.

Also be aware that you don't have to use the hiera() function in
parameterized classes (although it's nice and clear coding to do so). 
You could, for example, declare a class like so:

class myclass (
  $param1 = 'defaultvalue'
) {
  codeblock
}

This would give $param1 a default value of 'defaultvalue'.  If you want
to override that, you can call the class with param1 => 'thing', or you
can add the value to hiera like this (assuming yaml, edit accordingly):
---
myclass::param1: 'overridevalue'

Puppet is smart enough to read hiera and use the value from hiera over
the default in the class definition.

> Which brings me to my next question:
>
> 2.  It seems that things could get messy very quickly if I am
> declaring parameters via hiera (let's take this mcollective example)
> and I have multiple hiera source files for which these values are
> declared.  As an example, let's say I have a custom fact which
> determines that a node is a 'server' based on hostname. I then create
> a hiera data source called 'server.yaml' and assign the mcollective
> parameters to that data source and all is well in the universe. 
>
> But if I later I want to create a custom hostname data source for that
> server called 'nodename.yaml' and assign parameters from that source,
> I now have two places to check for declared values.  Additionally, if
> I g

Re: [Puppet Users] scripts

2014-08-06 Thread Xav Paice 
On 07/08/14 09:07, Dan White wrote:
> And this is the second time you have asked almost the same question in
> rapid succession. 
>
> You might want to read some of the Puppet documentation. 
>
> On Aug 6, 2014, at 3:21 PM, Cathal O Mul  > wrote:
>
>> I have a file call pr.sh it is a scrip I would like puppet to run it
>> how would I go about doing this
>>

RTFM is an important reminder, since the answer to the original (two)
questions is clearly documented already.  Cathal, look at
https://docs.puppetlabs.com/references/latest/type.html#exec - but
please don't think that's an answer.  The reality is, exec is not an
ideal thing to do, and nearly all of what people should do with Puppet
is best done with either existing or custom types and providers. The
link above also has a listing of the current types.  Dan's first
response was exactly the way you should ensure a file is removed using
Puppet, not with a script performing rm.

I wonder if you might want to look at the problem in a different way,
rather than attempt to get something to run a shell script.  You need to
look well beyond running a program, and get the concept of describing
the end result you're looking for.

There's an excellent lot of stuff to get started at
https://puppetlabs.com/learn - I really recommend making use of the
learning VM, and the Puppetlabs training is excellent, well worth the money.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/53E29CDF.9020301%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Managing users using puppet

2014-07-23 Thread Xav Paice 
On 24/07/14 11:42, huhm4n wrote:
> I just want to audit the server, like if someone created the user
> manually, then i'd know. How do i do that?

Sounds like you're after something more like aide or Tripwire rather
than a config management system.

Each user is a resource, you could regularly run 'puppet resource user'
and pipe that to a file, then diff the results.  If you're doing that
you probably want to use a proper intrusion detection system because
whatever is driving your need to check user accounts would also require
a much more thorough check of the system.

Of course, if you wanted to enforce a particular list of users is
present, and a particular user(s) is absent, you can do that with Puppet. 



>
> On Wednesday, July 23, 2014 4:08:07 PM UTC-7, Ygor wrote:
>
> Use puppet to create new users. 
>
> On Jul 23, 2014, at 6:09 PM, huhm4n  > wrote:
>
>> How do i make puppet notify me when new users are created? Thanks
>> in advance
>> -- 
>> You received this message because you are subscribed to the
>> Google Groups "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it,
>> send an email to puppet-users...@googlegroups.com .
>> To view this discussion on the web visit
>> 
>> https://groups.google.com/d/msgid/puppet-users/4567f4ad-946c-4e8f-8c4e-71e04825dcb9%40googlegroups.com
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout
>> .
>
> -- 
> You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to puppet-users+unsubscr...@googlegroups.com
> .
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/1cfcca43-ff18-4348-bf8c-e257b9168893%40googlegroups.com
> .
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/53D04D12.9070706%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Help with dependancy cycle

2014-03-27 Thread Xav Paice 
On 28/03/14 15:31, Adam Clark wrote:
> Hi all,
>   I am writing a module to manage MySQL/MariaDB with Galera extensions
> and have run into a problem I don't seem to be able to figure out.
>
> Error: Could not apply complete catalog: Found 1 dependency cycle:
> (File[/etc/mysql/conf.d/wsrep.cnf] => Service[mysqld] =>
> Class[Mysql::Server] => Class[Mysql::Config] =>
> File[/etc/mysql/conf.d] => File[/etc/mysql/conf.d/wsrep.cnf])
> Cycle graph written to /var/lib/puppet/state/graphs/cycles.dot.
>
>
Hi,

I usually find a cup of coffee and a walk round the block sorts that
kind of issue out - but it also usually involves a bit of drastic
re-thinking and a large whiteboard picture ;(.

You might find https://github.com/xavpaice/puppet-mariadb helpful - it's
a bit of work I nabbed from NeCTAR and added bits to, but it's quite out
of date now.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5334E836.3060309%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Inserting Data back into hiera

2014-03-18 Thread Xav Paice 
On 19/03/14 17:11, Spencer Krum wrote:
>
> so far about 99% of our use cases have
> been taken care of by exported resources and PuppetDB
>
>
>
> Where controlling a system that is well modeled by puppet resources,
> host entries in /etc/hosts for example, exported resources work well.
> I find myself often wanting to just pick up strings and use them in
> templates. The only way I know how to do this in PuppetDB is to export
> a concat fragment resource.

Templates - yeah that's where it gets really hard using exported resources.

>
> Your hiera_insert function looks to be the sort of thing we'd be
> able to
> make good use of, even if we do have to change backend.
>
>
> Of the 'dynamic' backends, redis, postgres, etc which backend would
> you be most likely to use?

we love postgres here, so I guess that would be it (plus it's already on
our puppetmaster for puppetdb).  Others are an option, just more effort.

>
> Would love to see the ability to incorporate encryption as well - then
> we can hiera_insert an encrypted password/key/etc with some greater
> confidence.
>
>
> Can you expand a bit more on this? Do you mean a transparent
> encryption layer? Right now you could put an encrypted password into a
> redis key. We could also write a function to encrypt a plaintext
> string to the puppet master's public gpg key. That would enable hostA
> to have the plaintext and export only the encrypted version into
> redis, then hostB would receive the cleartext as well. I'm not sure
> how 'encrypted' hiera really works, since it always seems pointless to me.
>

sorry - wasn't very clear.  We use eyaml for passwords and one or two
ssl certs.  The private key to decrypt the content of that yaml is
located on the puppetmaster (not on the client) and the client receives
the cleartext as the puppetmaster does the decryption as part of the
eyaml backend.  It's not ideal, but suits our needs and was really easy
to set up.  I've not explored the code to figure out how it works (yet).

Encrypting a string using the puppetmaster's public gpg key sounds like
a better way to go, I'm not sure how the backend might trigger the
decryption before sending the cleartext to hostB - but I'm sure we can
work that one out.  It's a function of the hiera backend, and wouldn't
fit into hiera_insert anyway.

Thanks
Xav



-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5329221F.1050902%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Inserting Data back into hiera

2014-03-18 Thread Xav Paice 
On 19/03/14 16:40, Spencer Krum wrote:
> Hello,
>
> The other day I was on IRC and someone asked how to export strings in
> PuppetDB. As far as I am aware this isn't possible with PuppetDB. It
> is possible with certain hiera backends.
>
> I've created a hiera_insert module at
> https://github.com/nibalizer/hiera-insert. This module only has one
> function right now, redis_insert(). When using the redis backend to
> hiera(and some assumptions I've hardcoded for now), its possible to
> push key:value pairs into hiera and pull them out.
>
> On its own this isn't very interesting. But it enables multi node
> communication. And since you can configure the hiera lookups on
> 'subscriber' nodes to fail catalog compilation until the key they're
> looking up on is present, you have some guarantees of in order
> execution across your infrastructure.
>
> I'm wondering if other people think this is a good idea? Are there
> other implementations I should be contributing to? Would people use it
> if it supported different hiera backends? Really just interested in
> feedback.
>
> It's not on the forge right now because I still consider it
> experimental and proof of concept. But if there is interest I will be
> happy to publish it.
>
> Thanks,
> Spencer
>

This is something we've been attempting to overcome and have been
thinking about for some time - so far about 99% of our use cases have
been taken care of by exported resources and PuppetDB - e.g. rather than
using a fact and creating the resource on box B that refers to something
in box A, we simply export the resource itself on box A and collect it
on box B, filtering if needs be with tags.  I've not looked at the IRC
logs but I'm sure that came up.

The remaining examples have included things which we've, so far, put
statically into hiera (we use yaml).

Your hiera_insert function looks to be the sort of thing we'd be able to
make good use of, even if we do have to change backend.

Would love to see the ability to incorporate encryption as well - then
we can hiera_insert an encrypted password/key/etc with some greater
confidence.

Thanks
Xav

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/532916B9.8080307%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] munin service wont' star

2014-03-03 Thread xav 
On Mon, 2014-03-03 at 21:07 -0500, Tim Dunphy wrote:


> 
> Error: Failed to apply catalog: Could not find dependency
> Package[munin-node] for Service[munin-node]
> at /etc/puppet/environments/production/modules/munin/manifests/service.pp:8
> 

Looks to me like puppet isn't finding the declaration for
Package['munin-node'] - is that the right package name?

Perhaps you could share the munin::install manifest where I would expect
the package install to be?


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/1393908321.31830.14.camel%40debian.my.home.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Beginner Question: Structure of a full "application"

2014-01-29 Thread xav 
On Wed, 2014-01-29 at 05:05 -0800, Kevin Breit wrote:
> I am trying to make Puppet provision an OpenStack node from a base
> Ubuntu 12.04 install. Unfortunately, I'm new to Puppet and having
> problems conceptualizing how the programming logic should work. At
> this time I have a Puppet master and Puppet agent for script
> development. Here are the steps I expect to have Puppet take:
> 
> 1. Install and configure NTP
> 2. Update apt repositories with proper OpenStack Havana PPA
> 3. Install proper OpenStack packages (probably just openstack-compute
> and mysql-client, maybe a few others)
> 4. Develop configuration files based on templates
> 
> Step 1 is done as I developed a simple NTP module. Step 2 is where I'm
> getting caught up. Last night I discovered the puppet-apt module but
> I'm not quite sure how to call it. I feel like I'm thinking in
> traditional programming language flow where I can call most anything
> at any time. In my site.pp there is a node section where I do an
> "include apt" but beyond that, I don't know how to pass arguments and
> call functions to the apt module. Do I create a custom manifest for
> this or include code in the node statement?

Just a pointer here to a bunch of really good OpenStack Puppet modules: 

https://github.com/stackforge/puppet-openstack

https://github.com/hastexo/kickstack

There's some gaps, such as HA for controller components, monitoring, etc
- but the structure and ease of use is excellent.

Particularly, for your use case, take a look at Florian's Kickstack
module - I did see a 10 min video where he goes through the use of it,
but I can't find the link to hand now...  What I like about the
Kickstack module is the way roles and profiles have been arranged to
make application of intended config fast and easy.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/1391035606.19881.5.camel%40debian.my.home.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: Exporting a resource only once....

2014-01-23 Thread xav 
On Thu, 2014-01-23 at 08:26 -0800, Krist van Besien wrote:

> 
> 
> 
> Basically my situation is the following:
> - A database server
> - Several web application servers. 
> 
> The whole managed using foreman/puppet
> 
> My Web applications each need a database, so I would like to just
> export on the web application nodes the databases I need, and collect
> them on the database server. However, several nodes that run the same
> web application of course need the same database. What do I do when I
> have two nodes, that both need the same database? 
> The logical, intuitive solution would be to export it on all of them,
> but only collect it once on the database server. 
> 
> Other situations are : backends to a loadbalancer that export both
> frontend and backend URLs. The loadbalancer collects both, and creates
> it's configuration based on them.
> 
> Krist

We have something quite similar - as we use hiera extensively we managed
to have a common yaml file with a list of databases in a hash, and used
create_resources to create the databases (and users, and haproxy
listeners) on the database/haproxy nodes.

The application nodes that want to register with a load balancer export
resources for themselves only, which are collected on the load balancer
only.

An alternative is to have a manifest that ensures there is a suitable
database available, creating it if not, running on the web application
servers - you've got a db client there already which should be able to
access the db server.  That approach also allows you to ensure there's a
database created before attempting to populate it and start the app,
exported resources mean you'll need several runs before everything is
clean.


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/1390501547.11665.13.camel%40debian.my.home.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Unpleasant puppetlabs experience

2013-12-06 Thread xav 
On Fri, 2013-12-06 at 11:31 -0500, Jerald Sheets wrote:

> Please note that the exact same documentation is expected to be used
> for either and people spending crap-tons of money are expected to put
> up with the same issues.  This is not a licensed/open source
> argument.  This is a "do a better job of documentation" argument.
> 
> 
> I shouldn't have to go hunt down other admins in my town to learn
> things with/from because none of us can make sense of the
> documentation...or its wrong... or it ignores systems or development
> best practices, or whatever your particular gripe may be.  
> 
> 
> Puppet is the best there is, but it (and its docs) can be better. 

This feels like it's a very negative discussion and I wanted to
highlight my own experiences with Puppetlabs.

Puppetlabs make their money in part from their excellent additions to
the open source version (which makes deployment a bunch easier), but
also from paid support engagements - if someone wants to pay them to
update the docs for the open source parts, they will.  If not then we
either wait for them to get the time to do so, or we submit a pull
request.  We're not talking about a company the size of Google here,
Puppetlabs doesn't have large bunches of cash to throw around, and my
overall experience of the Puppet documentation has been excellent.  The
particular page in the bug report was extremely helpful when I started
out with Puppet.

I'd be keen to see more examples and helpful tutorials, but that's not
core product documentation - the actual reference documentation on the
puppetlabs site is bang up to date, complete, and way beyond the level
of documentation available for many other products that sell for big
money.  And even better, if that's not enough the source is very
readable and well commented.

There are several areas in the documentation where gaps exist, and I
commend Puppetlabs for highlighting these and over time filling them in.
The product is still in active development and over time just gets
better and better.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/1386364284.6023.33.camel%40debian.my.home.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] external node classifier with a back-end

2013-12-04 Thread xav 
On Wed, 2013-12-04 at 20:06 -0800, Stuart Cracraft wrote:
> And if you do not want to store secretive (complete) company data in 
> PuppetDB but instead an alternative securable database, what then pray
tell?
> 
> 

Your original question wasn't about security at all.  It was much more
vague than that, so perhaps you could restate the question more clearly?

Going back to your original post, the Puppet Dashboard and/or Foreman
are excellent candidates as ENC's that are backed by Postgresql.  Both
play nicely if you're wanting the functionality of Puppetdb as well. 

However, if your query is about storing data securely, you're looking at
something else entirely such as hiera-gpg or hiera integrated with eyaml
- although that's not an ENC solution, the encryption might be more what
you're after.  I've had good results using hiera-gpg to store passwords
etc., and find editing yaml files and storing them in git a bunch easier
than stuffing around in an ENC gui.

Alternately if you're wanting to use something for exported resources,
how about encrypting that before exporting it so that what's stored is
secured?  Just a thought.

To restate previous clarifications - PuppetDB uses a Postgresql database
to store data.  There's an api to access it, but it's reasonably locked
down.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/1386219051.6023.14.camel%40debian.my.home.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Error: Could not retrieve catalog from remote server Puppet Enterprise

2013-11-13 Thread Xav Paice 
That one seems to happen every time I stuff up the permissions on the
puppet and SSL directories, probably worth a check.
On 12/11/2013 11:03 am, "Sam Oehlert"  wrote:

> We are trying to set up PE 3.1 on RHEL 6 boxes. We were able to install
> the clients fine and they were listed as working in the console. After a
> while, we started to see a bunch of errors that look like this:
>
> Error: Could not retrieve catalog from remote server: Error 400 on SERVER:
> Puppet::Parser::Compiler failed with error NoMethodError: undefined method
> `[]' for nil:NilClass on node (hostname here)
>
> They don't seem to really give any useful information. Other googling
> usually shows some error in a manifest at the end of the line that points
> to a specific line number in a .pp file, but we don't get that help even.
> Any ideas? If more information is needed, let me know and I'll find it.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/9a65faa4-30ee-4edc-95b6-33c7544e3699%40googlegroups.com
> .
> For more options, visit https://groups.google.com/groups/opt_out.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAMb5LvpmGnrdh_w5rmiF2Wn1noGe3df6tS2PeqUtRZ72k%3DgR0g%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] New Zealand Puppet user group

2013-10-25 Thread Xav Paice 
Hi all,

We are scheduling a user group meeting in Wellington, New Zealand on 11th 
November, at Catalyst House.

Details are 
at http://www.meetup.com/New-Zealand-Puppet-Masters/events/147372012/ and 
it would be great to get to know some of you if you fancy coming along.

Feel free to contact me off list if there's any questions.

Thanks
Xav

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.