Re: [Puppet Users] Ruby script to download files without 'puppet agent'

2011-07-18 Thread vagn scott 

On 07/18/2011 11:27 AM, zu...@puzzle.ch wrote:

I saw that some use the shebang "#!/usr/bin/puppet apply" to start such
manifests directly as a script. This does not seam to work for me. All i
get is:


If your script name is foo, and you have

"#!/usr/bin/puppet apply"

as the first line, then you can run the script with

chmod +x foo
./foo

what will not work is:

sh foo

it fails because it is not a shell script.

--
vagn

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Ruby script to download files without 'puppet agent'

2011-07-18 Thread zuber 
>> On Mon, Jun 27, 2011 at 7:27 AM,  wrote:
>>
>>> We have often the Problem that some files need to be checked for
>>> updates
>>> faster than the cycle of the puppet agent. I try to solve this with a
>>> script which tries to download the files directly from the fileserver
>>> of
>>> the puppetmaster. So far i couldn't get it to work.
>>>
>>
>> Have you considered using tags instead to filter for a subset of your
>> resources?
>
> I need to check 1 file and 1 directory every 5min from >600 puppet nodes.
> As far as i know the puppetmaster still needs to compile the whole
> catalog. I did not test this, but i think this would not scale well.

The solution to this was easier than expected.
I simply write the folowing file and execute it with puppet apply

-
$source = 'puppet.example.com'

file{'/etc/sudoers':
source => [ "puppet://$source/files/sudo/sudoers/${fqdn}/sudoers",
"puppet://$source/files/sudo/sudoers/sudoers",
"puppet://$source/sudo/sudoers/${operatingsystem}/sudoers",
"puppet://$source/sudo/sudoers/sudoers" ],
owner => root, group => 0, mode => 0440;
}
-

It then just deploys this one file without the need of compiling a
catalog. I can call this from cron then as often as i wish.

I saw that some use the shebang "#!/usr/bin/puppet apply" to start such
manifests directly as a script. This does not seam to work for me. All i
get is:

./puppet_sync_sudo2.pp: line 3: =: command not found
./puppet_sync_sudo2.pp: line 5: file{/tmp/sudoers:: No such file or directory
./puppet_sync_sudo2.pp: line 6: =: No such file or directory
./puppet_sync_sudo2.pp: line 7: puppet:///files/sudo/sudoers/sudoers,: No
such file or directory
./puppet_sync_sudo2.pp: line 8: puppet:///sudo/sudoers//sudoers,: No such
file or directory
./puppet_sync_sudo2.pp: line 9: puppet:///sudo/sudoers/sudoers: No such
file or directory
./puppet_sync_sudo2.pp: line 10: owner: command not found
./puppet_sync_sudo2.pp: line 11: syntax error near unexpected token `}'
./puppet_sync_sudo2.pp: line 11: `}'

Any ideas?

Greetings
Andy

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Ruby script to download files without 'puppet agent'

2011-06-29 Thread Peter Meier 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

> [root@foo me]# ./puppet-wget file_content/sudo/sudoers
> https://foo.bar:8140/file_content/sudo/sudoers
> warning: peer certificate won't be verified in this SSL session
> /usr/lib/ruby/1.8/net/http.rb:2099:in `error!': 403 "Forbidden request:
> foo.bar(10.2.3.4) access to /sudo/sudoers [find] authenticated  at line 93
> " (Net::HTTPServerException)
> from ./puppet-wget:56
> from ./puppet-wget:43:in `each'
> from ./puppet-wget:43

Using your script works to get a file from a module files, like:

./puppet_wget
/development/file_content/modules/site-bind/etc/rz.foo.ch/named.conf

However your error looks like the client is not authorized to find that
content. Maybe some tweaks in the auth.conf are missing to fetch files
from the fileserver instead from modules?

~pete
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk4LCqYACgkQbwltcAfKi38O9wCgnUKnyugLiukznBcjjLQ2wXbd
sK0AnA8UAYkrIiFPAkIbCELvFLu7F6q3
=iiOQ
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Ruby script to download files without 'puppet agent'

2011-06-29 Thread Andreas Zuber 

> >  # make ssl request
> >  connection = Net::HTTP.new(url.host, url.port)
> >  connection.use_ssl = true
> >  connection.cert = OpenSSL::X509::Certificate.new(File.read(certpath))
> >  connection.key = OpenSSL::PKey::RSA.new(File.read(pkey_path))
> 
> you are missing the CA file... something like
> connection.ca_file = Puppet[:localcacert]

Tested that, but it seams to make no difference. From what i unerstand the ca 
is not really needed for this on the client.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Ruby script to download files without 'puppet agent'

2011-06-27 Thread Ohad Levy 
On Mon, Jun 27, 2011 at 5:55 PM,   wrote:
>> On Mon, Jun 27, 2011 at 7:27 AM,  wrote:
>>
>>> I don't know if i got the URL right, i did not find any examples on the
>>> REST API documentation for the fileserver.
>>>
>>
>> This should cover it.
>>
>> http://docs.puppetlabs.com/guides/rest_api.html#file-server
>
> This isn't still clear to me. Would appreciate if someone could give a
> concrete example how a path in a module or in the filepath would tanslate.
>
> Here is what i try:
>
> fileserver.conf
> [files]
>  path /etc/puppet/manifests/files
>  allow 127.0.0.1
>  allow *.smobi.mobicorp.test
>
>
> The file is located at /etc/puppet/manifests/files/sudo/sudoers
>
>
> [root@foo me]# ./puppet-wget file_content/sudo/sudoers
> https://foo.bar:8140/file_content/sudo/sudoers
> warning: peer certificate won't be verified in this SSL session
> /usr/lib/ruby/1.8/net/http.rb:2099:in `error!': 403 "Forbidden request:
> foo.bar(10.2.3.4) access to /sudo/sudoers [find] authenticated  at line 93
> " (Net::HTTPServerException)
>        from ./puppet-wget:56
>        from ./puppet-wget:43:in `each'
>        from ./puppet-wget:43
>
>
> AFAIK if something is wrong with the certs the server would answer with a
> 401 and not 403. It really looks to me as if i get that path wrong.
>
> --
> #!/bin/env ruby
> #
> # Puppet Wget
> #
> # Downloads files from the puppetmaster without the puppet agent
>
>
> require 'optparse'
> require 'puppet/rails'
> require 'uri'
> require 'net/https'
>
>
> # Parse all Options
> options = {}
> OptionParser.new do |opts|
>  opts.banner = "Usage: puppet-wget [options] module/path/to/file"
>
>  opts.on("-r", "--recursive", "Download directory recursively") do |r|
>    options[:recursive] = r
>  end
> end.parse!
>
>
> # Get some settings for the puppet config
> Puppet[:config] = "/etc/puppet/puppet.conf"
> Puppet.parse_config
> puppet_conf = Puppet.settings.instance_variable_get(:@values)[:main]
>
>
> # default values
> puppet_conf[:server]     ||= 'puppet'
> puppet_conf[:masterport] ||= '8140'
> puppet_conf[:ssldir]     ||= '/etc/puppet/ssl'
>
>
> server    = puppet_conf[:server]
> port      = puppet_conf[:masterport]
> certpath  = puppet_conf[:ssldir] + '/certs/'        + ENV['HOSTNAME'] +
> '.pem'
> pkey_path = puppet_conf[:ssldir] + '/private_keys/' + ENV['HOSTNAME'] +
> '.pem'
>
>
> ARGV.each do |filepath|
>  url = URI.parse("https://#{server}:#{port}/#{filepath}";)
>  req = Net::HTTP::Get.new("#{url.path}?#{url.query}", "Accept" => 's')
>
>  puts url
>
>  # make ssl request
>  connection = Net::HTTP.new(url.host, url.port)
>  connection.use_ssl = true
>  connection.cert = OpenSSL::X509::Certificate.new(File.read(certpath))
>  connection.key = OpenSSL::PKey::RSA.new(File.read(pkey_path))
you are missing the CA file... something like
connection.ca_file = Puppet[:localcacert]

>  res = connection.start { |http| http.request(req) }
>
>  res.error! unless res.code_type == Net::HTTPOK
>  puts res.body
>
> end
>
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Ruby script to download files without 'puppet agent'

2011-06-27 Thread zuber 
> On Mon, Jun 27, 2011 at 7:27 AM,  wrote:
>
>> I don't know if i got the URL right, i did not find any examples on the
>> REST API documentation for the fileserver.
>>
>
> This should cover it.
>
> http://docs.puppetlabs.com/guides/rest_api.html#file-server

This isn't still clear to me. Would appreciate if someone could give a
concrete example how a path in a module or in the filepath would tanslate.

Here is what i try:

fileserver.conf
[files]
  path /etc/puppet/manifests/files
  allow 127.0.0.1
  allow *.smobi.mobicorp.test


The file is located at /etc/puppet/manifests/files/sudo/sudoers


[root@foo me]# ./puppet-wget file_content/sudo/sudoers
https://foo.bar:8140/file_content/sudo/sudoers
warning: peer certificate won't be verified in this SSL session
/usr/lib/ruby/1.8/net/http.rb:2099:in `error!': 403 "Forbidden request:
foo.bar(10.2.3.4) access to /sudo/sudoers [find] authenticated  at line 93
" (Net::HTTPServerException)
from ./puppet-wget:56
from ./puppet-wget:43:in `each'
from ./puppet-wget:43


AFAIK if something is wrong with the certs the server would answer with a
401 and not 403. It really looks to me as if i get that path wrong.

--
#!/bin/env ruby
#
# Puppet Wget
#
# Downloads files from the puppetmaster without the puppet agent


require 'optparse'
require 'puppet/rails'
require 'uri'
require 'net/https'


# Parse all Options
options = {}
OptionParser.new do |opts|
  opts.banner = "Usage: puppet-wget [options] module/path/to/file"

  opts.on("-r", "--recursive", "Download directory recursively") do |r|
options[:recursive] = r
  end
end.parse!


# Get some settings for the puppet config
Puppet[:config] = "/etc/puppet/puppet.conf"
Puppet.parse_config
puppet_conf = Puppet.settings.instance_variable_get(:@values)[:main]


# default values
puppet_conf[:server] ||= 'puppet'
puppet_conf[:masterport] ||= '8140'
puppet_conf[:ssldir] ||= '/etc/puppet/ssl'


server= puppet_conf[:server]
port  = puppet_conf[:masterport]
certpath  = puppet_conf[:ssldir] + '/certs/'+ ENV['HOSTNAME'] +
'.pem'
pkey_path = puppet_conf[:ssldir] + '/private_keys/' + ENV['HOSTNAME'] +
'.pem'


ARGV.each do |filepath|
  url = URI.parse("https://#{server}:#{port}/#{filepath}";)
  req = Net::HTTP::Get.new("#{url.path}?#{url.query}", "Accept" => 's')

  puts url

  # make ssl request
  connection = Net::HTTP.new(url.host, url.port)
  connection.use_ssl = true
  connection.cert = OpenSSL::X509::Certificate.new(File.read(certpath))
  connection.key = OpenSSL::PKey::RSA.new(File.read(pkey_path))
  res = connection.start { |http| http.request(req) }

  res.error! unless res.code_type == Net::HTTPOK
  puts res.body

end


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Ruby script to download files without 'puppet agent'

2011-06-27 Thread Nigel Kersten 
On Mon, Jun 27, 2011 at 7:41 AM,  wrote:

> > On Mon, Jun 27, 2011 at 7:27 AM,  wrote:
> >
> >> We have often the Problem that some files need to be checked for updates
> >> faster than the cycle of the puppet agent. I try to solve this with a
> >> script which tries to download the files directly from the fileserver of
> >> the puppetmaster. So far i couldn't get it to work.
> >>
> >
> > Have you considered using tags instead to filter for a subset of your
> > resources?
>
> I need to check 1 file and 1 directory every 5min from >600 puppet nodes.
> As far as i know the puppetmaster still needs to compile the whole
> catalog. I did not test this, but i think this would not scale well.


Possibly.

You could also do something like this. Put the thing you need to check
frequently into a module, we'll call it "frequent" for now, and structure
your setup with environments like the following:

# normal environment
[normal]
modulepath=/var/lib/puppet/env/normal/modules:/var/lib/puppet/env/frequent/modules


[frequent]
modulepath=/var/lib/puppet/env/frequent/modules


Then you could choose to run every 5 minutes against the "frequent"
environment, and you'd have a very minimal catalog for the rapid runs, and a
more comprehensive one for your "normal" runs.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Ruby script to download files without 'puppet agent'

2011-06-27 Thread zuber 
> On Mon, Jun 27, 2011 at 7:27 AM,  wrote:
>
>> We have often the Problem that some files need to be checked for updates
>> faster than the cycle of the puppet agent. I try to solve this with a
>> script which tries to download the files directly from the fileserver of
>> the puppetmaster. So far i couldn't get it to work.
>>
>
> Have you considered using tags instead to filter for a subset of your
> resources?

I need to check 1 file and 1 directory every 5min from >600 puppet nodes.
As far as i know the puppetmaster still needs to compile the whole
catalog. I did not test this, but i think this would not scale well.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Ruby script to download files without 'puppet agent'

2011-06-27 Thread Nigel Kersten 
On Mon, Jun 27, 2011 at 7:27 AM,  wrote:

> We have often the Problem that some files need to be checked for updates
> faster than the cycle of the puppet agent. I try to solve this with a
> script which tries to download the files directly from the fileserver of
> the puppetmaster. So far i couldn't get it to work.
>

Have you considered using tags instead to filter for a subset of your
resources?


>
> I don't know if i got the URL right, i did not find any examples on the
> REST API documentation for the fileserver.
>

This should cover it.

http://docs.puppetlabs.com/guides/rest_api.html#file-server

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Ruby script to download files without 'puppet agent'

2011-06-27 Thread zuber 
We have often the Problem that some files need to be checked for updates
faster than the cycle of the puppet agent. I try to solve this with a
script which tries to download the files directly from the fileserver of
the puppetmaster. So far i couldn't get it to work.

I don't know if i got the URL right, i did not find any examples on the
REST API documentation for the fileserver.

for example if the file is /etc/puppet/manifests/files/sudo/sudoers

fileserver.conf:
[files]
  path /etc/puppet/manifests/files
  allow 127.0.0.1
  allow *.bar

to what path would this translate?
https://foo.bar:8140/file_content/sudo/sudoers
https://bli.bla:8140/file_content/files/sudo/sudoers

Greetings
Andy

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.