[Puppet Users] New to puppet trying to copy files based on extension to certain nodes
Is there a wildcard type feature I can use to copy all files from a folder with specific extension to certain hosts? Here is what I have I have a large number of files with the hostname at end of file. files/ssl.conf_xq-poc02 files/svn-deny.conf_xq-poc02 files/userdir.conf_xq-poc02 files/welcome.conf_xq-poc02 files/ssl.conf_xq-poc01 files/svn-deny.conf_xq-poc01 files/userdir.conf_xq-poc01 files/welcome.conf_xq-poc01 So I only want files with extension poc01 to go to that host and extension poc02 to go to its host In production I will have a large number of hosts and writing a module is not logical since we will be using the same module for new systems built ad we can stage the files with hostname extension. Hope that makes sense. I did something like this for some other files but was only a couple files. * file { '/var/tmp/httpd-qa9.conf' :* * ensure=> 'present',* * mode => '660',* * source=> [* * "puppet:///modules/test_1/httpd-qa9.conf.${::hostname}",* * "puppet:///modules/test_1/httpd-qa10.conf.${::domain}",* * 'puppet:///modules/test_1/default_httpd_qa.conf'* *],* * }* I will have about 80 files per node that will need to be copied. Looking at options and trying to figure this out with very little knowledge of puppet. Thanks -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/89c72805-dc4f-48db-8d13-49f543f019ff%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] New to Puppet :wanted more information of VM provisioning in puppet
Whether you use Puppet Enterprise or Razor, Puppet can still be used in your provisioning pipeline. That's how it fits into Foreman, for instance. If you're a VMware shop, you can tie it into vRO/vRA workflows. You can fit into an Openstack workflow (but I'm not familiar with that to name the right project), or an AWS or Azure workflow, etc. Even if you do manual deployments, it can still be part of your provisioning process by running `puppet agent -t` on the console/ssh terminal. As for versions it will support, check out https://docs.puppet.com/puppet/latest/reference/system_requirements.html. I believe there's a much prettier chart of supported platforms and versions but of course I can't find it right now. Rob Nelson rnels...@gmail.com On Tue, Nov 22, 2016 at 7:03 AM, Martin Alfkewrote: > One more tool: there is razor (from Puppet and it is open source) > https://forge.puppet.com/puppetlabs/razor/readme > https://puppet.com/product/capabilities/automated-provisioning > https://github.com/puppetlabs/razor-server > > > On 22 Nov 2016, at 12:46, Akai wrote: > > > > Its possible but not by Puppet OpenSource itself, Puppet OpenSource is > just the configuration management. > > For provisioning, you need a complete lifecycle management tool. You can > choose between: > > > > - Foreman (OpenSource and free) > > - Puppet Enterprise > > > > Iam using Puppet together with Foreman. We are provisioning CentOS and > Windows Server from scratch on VMWare and Amazaon Cloud. Works great. > > > > -- > > You received this message because you are subscribed to the Google > Groups "Puppet Users" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to puppet-users+unsubscr...@googlegroups.com. > > To view this discussion on the web visit https://groups.google.com/d/ > msgid/puppet-users/e6760c7c-5420-43ec-87a7-8c5fbc1ad322%40googlegroups.com > . > > For more options, visit https://groups.google.com/d/optout. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/puppet-users/98ED10C7-3165-46EB-8FE9-5B81A517BD90%40gmail.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAC76iT-_pfpN1HS7Kr%2BsjkRtcmjqJyjRzNwpixLW6bjYif7ODw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] New to Puppet :wanted more information of VM provisioning in puppet
One more tool: there is razor (from Puppet and it is open source) https://forge.puppet.com/puppetlabs/razor/readme https://puppet.com/product/capabilities/automated-provisioning https://github.com/puppetlabs/razor-server > On 22 Nov 2016, at 12:46, Akaiwrote: > > Its possible but not by Puppet OpenSource itself, Puppet OpenSource is just > the configuration management. > For provisioning, you need a complete lifecycle management tool. You can > choose between: > > - Foreman (OpenSource and free) > - Puppet Enterprise > > Iam using Puppet together with Foreman. We are provisioning CentOS and > Windows Server from scratch on VMWare and Amazaon Cloud. Works great. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/e6760c7c-5420-43ec-87a7-8c5fbc1ad322%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/98ED10C7-3165-46EB-8FE9-5B81A517BD90%40gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] New to Puppet :wanted more information of VM provisioning in puppet
Puppet can be used to provision infrastructure, but to answer this in any more depth, we'd need to know what infrastructure you want to provision. Andrew -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAEpa1DL0p44z5Z0sa75oqFWj-We14_csvR2N_fb9O3R%2BPbbnLQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] New to Puppet :wanted more information of VM provisioning in puppet
Hi, I am new to puppet and have following requirement for my infrastructure : 1) Is VM provisioning possible from puppet ? And if possible then which version will it support. ? Can any one help me regarding this ? Thanks in advance. Regards, Ritesh -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/2a5caaae-4882-4ab7-862a-f2186a2e467c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] new to puppet.
Hi, the best way is to start with learning puppet vm and the according website: https://docs.puppetlabs.com/learning/index.html https://docs.puppetlabs.com/learning/index.html At https://puppetlabs.com/learn https://puppetlabs.com/learn you have the possibility to get a guide through Puppet basics without the need for a VM. It is always the best to first understand the concept behind puppet and then start with real world problems. hth, Martin On 19.03.2015, at 15:45, manyi anche...@gmail.com wrote: does anyone has a manifest I can use to: 1. Create an account for Mary, maryjane on all systems 2. Create a specific user on just a specific system (For example, create account john.doe on puppet-domain but not on puppetagent) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com mailto:puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/78b8556c-2bff-4da4-a335-101a19a5f402%40googlegroups.com https://groups.google.com/d/msgid/puppet-users/78b8556c-2bff-4da4-a335-101a19a5f402%40googlegroups.com?utm_medium=emailutm_source=footer. For more options, visit https://groups.google.com/d/optout https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/F88CFF7B-8194-48E9-B72C-BD2356F3DA2A%40gmail.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] new to puppet.
does anyone has a manifest I can use to: 1. Create an account for Mary, maryjane on all systems 2. Create a specific user on just a specific system (For example, create account john.doe on puppet-domain but not on puppetagent) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/78b8556c-2bff-4da4-a335-101a19a5f402%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] New to puppet
Ok, I am newbie to puppet. So be nice. I may ask some stupid questions. I could not find some similar post so creating new post. I have not worked on puppet before except of downloading puppet on my linux machine and playing with some commands just to get feel of it. I do not work on Linux either but I do have fair background of linux. I am planning to give puppet certification in 2-3 months. Below are some quesitons which I have. What type of hardware do I need ? (I only have one laptop, I can use virtual box and fire couple of more systems), Should that be enough ? I do believe I can download puppet version for free and use it to manage 10 nodes but does it come with all require components? Is exam based on MCQ's ? What is passing score ? Any other information I should know ? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/79dc4ccf-5c1a-43f2-9df1-6325c93cd35b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] new to puppet - simple ordering question
Hi, I have a puppet file I'm running via vagrant that sets up oracle and changes the system password. I need to make sure that the oracle-xe service is running before executing my password change script via sql plus. Here is the code: service {'oracle-xe': ensure = running } service {'iptables': ensure = stopped } exec {changeDbPassword: environment = [ORACLE_HOME=/u01/app/oracle/product/11.2.0/xe, ORACLE_SID=XE], command = sqlplus -s /nolog EOF connect sa/sa ALTER USER system IDENTIFIED BY mypassword; quit EOF, path = /u01/app/oracle/product/11.2.0/xe/bin/, logoutput = 'true' } This code works, but my understanding that the ordering isn't guaranteed, so how do I make sure that the exec command runs AFTER the oracle-xe service command? Please let me know of other improvements - guessing that I can reference the environment variable instead of repeating it in the path = /u01/app/oracle/product/11.2.0/xe/bin/ Thanks! phil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/8f702cfc-21af-4595-96ed-f6ff79d92108%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] New to puppet and recieving mcollective error
On Fri, Dec 13, 2013 at 2:05 PM, Alan Renouf ajw.ren...@gmail.com wrote: Im new to puppet and installed it in my home lab to mess with, when i installed it i used the hostname rather than FQDN so went back and changed puppet and reran the certificate tool to regenerate the certificates etc, the agent works fine now but i am getting an mccollective error i think, is there anything in the config i need to change for mccollective after altering the name to the FQDN? My error is below.. Thanks! root@testnix:~# puppet agent --test Info: Retrieving plugin Info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/puppetdb_server_status.rb Info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/iptables_persistent_version.rb Info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/windows.rb Info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/pe_version.rb Info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/puppet_vardir.rb Info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/postgres_default_version.rb Info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/root_home.rb Info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/ip6tables_version.rb Info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/iptables_version.rb Info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/concat_basedir.rb Info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/staging_http_get.rb Info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/facter_dot_d.rb Info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/custom_auth_conf.rb Info: Caching catalog for testnix.home.lan Info: Applying configuration version '1386955608' Notice: /Stage[main]/Pe_mcollective::Server/File[/etc/puppetlabs/mcollective/server.cfg]/content: --- /etc/puppetlabs/mcollective/server.cfg 2013-06-07 11:09:23.0 -0700 +++ /tmp/puppet-file20131213-2681-oblovd 2013-12-13 09:24:46.579199297 -0800 @@ -1,22 +1,55 @@ -topicprefix = /topic/ +# Centrally managed by Puppet version 3.3.1 (Puppet Enterprise 3.1.0) +topicprefix = /topic/ main_collective = mcollective -collectives = mcollective -libdir = /opt/puppet/libexec/mcollective/ -logfile = /var/log/pe-mcollective/mcollective.log -loglevel = info -daemonize = 1 +collectives = mcollective +libdir = /opt/puppet/libexec/mcollective/ +logfile = /var/log/pe-mcollective/mcollective.log +loglevel= info +daemonize = 1 +identity = testnix.home.lan # Plugins -securityprovider = psk -plugin.psk = unset +securityprovider = ssl +plugin.ssl_server_private = /etc/puppetlabs/mcollective/ssl/mcollective-private.pem +plugin.ssl_server_public = /etc/puppetlabs/mcollective/ssl/mcollective-public.pem +plugin.ssl_client_cert_dir = /etc/puppetlabs/mcollective/ssl/clients/ +plugin.ssl_serializer = yaml -connector = stomp -plugin.stomp.host = localhost -plugin.stomp.port = 61613 -plugin.stomp.user = mcollective -plugin.stomp.password = secret +connector = activemq +plugin.activemq.pool.size = 1 +plugin.activemq.pool.1.host = puppetmaster.home.lan +plugin.activemq.pool.1.port = 61613 +plugin.activemq.pool.1.user = mcollective +plugin.activemq.pool.1.password = ngT4ya8aAEnWHaoEsLQl +plugin.activemq.pool.1.ssl = true +plugin.activemq.pool.1.ssl.ca = /etc/puppetlabs/mcollective/ssl/mcollective-cacert.pem +plugin.activemq.pool.1.ssl.key = /etc/puppetlabs/mcollective/ssl/mcollective-private.pem +plugin.activemq.pool.1.ssl.cert = /etc/puppetlabs/mcollective/ssl/mcollective-cert.pem # Facts factsource = yaml plugin.yaml = /etc/puppetlabs/mcollective/facts.yaml +# Puppet Classes +classesfile = /var/opt/lib/pe-puppet/classes.txt + +# Puppet Agent plugin configuration +plugin.puppet.command = /opt/puppet/bin/puppet agent +plugin.puppet.config = /etc/puppetlabs/puppet/puppet.conf + +plugin.puppet.splay = true +plugin.puppet.splaylimit = 120 + +# Periodcally broadcast metdata for registration purposes. +# This registration plugin will broadcast current Facter fact values. +registration = Meta +# registerinterval is intentionally long to prevent systems from being overly +# chatty on the message bus by default. If you want a higher frequency, this +# may be set to 300 (5 minutes) +registerinterval = 600 + +# authorization +rpcauthorization = 1 +rpcauthprovider = action_policy +plugin.actionpolicy.allow_unconfigured = 1 +direct_addressing = 1 *Error: Could not back up /etc/puppetlabs/mcollective/server.cfg: Connection refused - connect(2)* *Error: Could not back up /etc/puppetlabs/mcollective/server.cfg: Connection refused - connect(2)* *Error: /Stage[main]/Pe_mcollective::Server/File[/etc/puppetlabs/mcollective/server.cfg]/content: change from {md5}a9c7335a83c5ac9f6a19bb195ea0c63e to {md5}32b98584ef48c0b099f43fd1f70e05fc failed: Could not back up
[Puppet Users] New to puppet and recieving mcollective error
Im new to puppet and installed it in my home lab to mess with, when i installed it i used the hostname rather than FQDN so went back and changed puppet and reran the certificate tool to regenerate the certificates etc, the agent works fine now but i am getting an mccollective error i think, is there anything in the config i need to change for mccollective after altering the name to the FQDN? My error is below.. Thanks! root@testnix:~# puppet agent --test Info: Retrieving plugin Info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/puppetdb_server_status.rb Info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/iptables_persistent_version.rb Info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/windows.rb Info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/pe_version.rb Info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/puppet_vardir.rb Info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/postgres_default_version.rb Info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/root_home.rb Info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/ip6tables_version.rb Info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/iptables_version.rb Info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/concat_basedir.rb Info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/staging_http_get.rb Info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/facter_dot_d.rb Info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/custom_auth_conf.rb Info: Caching catalog for testnix.home.lan Info: Applying configuration version '1386955608' Notice: /Stage[main]/Pe_mcollective::Server/File[/etc/puppetlabs/mcollective/server.cfg]/content: --- /etc/puppetlabs/mcollective/server.cfg 2013-06-07 11:09:23.0 -0700 +++ /tmp/puppet-file20131213-2681-oblovd 2013-12-13 09:24:46.579199297 -0800 @@ -1,22 +1,55 @@ -topicprefix = /topic/ +# Centrally managed by Puppet version 3.3.1 (Puppet Enterprise 3.1.0) +topicprefix = /topic/ main_collective = mcollective -collectives = mcollective -libdir = /opt/puppet/libexec/mcollective/ -logfile = /var/log/pe-mcollective/mcollective.log -loglevel = info -daemonize = 1 +collectives = mcollective +libdir = /opt/puppet/libexec/mcollective/ +logfile = /var/log/pe-mcollective/mcollective.log +loglevel= info +daemonize = 1 +identity = testnix.home.lan # Plugins -securityprovider = psk -plugin.psk = unset +securityprovider = ssl +plugin.ssl_server_private = /etc/puppetlabs/mcollective/ssl/mcollective-private.pem +plugin.ssl_server_public = /etc/puppetlabs/mcollective/ssl/mcollective-public.pem +plugin.ssl_client_cert_dir = /etc/puppetlabs/mcollective/ssl/clients/ +plugin.ssl_serializer = yaml -connector = stomp -plugin.stomp.host = localhost -plugin.stomp.port = 61613 -plugin.stomp.user = mcollective -plugin.stomp.password = secret +connector = activemq +plugin.activemq.pool.size = 1 +plugin.activemq.pool.1.host = puppetmaster.home.lan +plugin.activemq.pool.1.port = 61613 +plugin.activemq.pool.1.user = mcollective +plugin.activemq.pool.1.password = ngT4ya8aAEnWHaoEsLQl +plugin.activemq.pool.1.ssl = true +plugin.activemq.pool.1.ssl.ca = /etc/puppetlabs/mcollective/ssl/mcollective-cacert.pem +plugin.activemq.pool.1.ssl.key = /etc/puppetlabs/mcollective/ssl/mcollective-private.pem +plugin.activemq.pool.1.ssl.cert = /etc/puppetlabs/mcollective/ssl/mcollective-cert.pem # Facts factsource = yaml plugin.yaml = /etc/puppetlabs/mcollective/facts.yaml +# Puppet Classes +classesfile = /var/opt/lib/pe-puppet/classes.txt + +# Puppet Agent plugin configuration +plugin.puppet.command = /opt/puppet/bin/puppet agent +plugin.puppet.config = /etc/puppetlabs/puppet/puppet.conf + +plugin.puppet.splay = true +plugin.puppet.splaylimit = 120 + +# Periodcally broadcast metdata for registration purposes. +# This registration plugin will broadcast current Facter fact values. +registration = Meta +# registerinterval is intentionally long to prevent systems from being overly +# chatty on the message bus by default. If you want a higher frequency, this +# may be set to 300 (5 minutes) +registerinterval = 600 + +# authorization +rpcauthorization = 1 +rpcauthprovider = action_policy +plugin.actionpolicy.allow_unconfigured = 1 +direct_addressing = 1 *Error: Could not back up /etc/puppetlabs/mcollective/server.cfg: Connection refused - connect(2)* *Error: Could not back up /etc/puppetlabs/mcollective/server.cfg: Connection refused - connect(2)* *Error: /Stage[main]/Pe_mcollective::Server/File[/etc/puppetlabs/mcollective/server.cfg]/content: change from {md5}a9c7335a83c5ac9f6a19bb195ea0c63e to {md5}32b98584ef48c0b099f43fd1f70e05fc failed: Could not back up /etc/puppetlabs/mcollective/server.cfg: Connection refused - connect(2)* Notice: /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]: Dependency
[Puppet Users] New Zealand Puppet user group
Hi all, We are scheduling a user group meeting in Wellington, New Zealand on 11th November, at Catalyst House. Details are at http://www.meetup.com/New-Zealand-Puppet-Masters/events/147372012/ and it would be great to get to know some of you if you fancy coming along. Feel free to contact me off list if there's any questions. Thanks Xav -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] New to Puppet, trying to get it workign with a FreeBSD agent
Hello, I have been following through some of the documentation trying to make use of puppet in a test environment. I went ahead and tried to install puppet-passenger and puppet dashboard. I think i have succesfully done this, because at mymaster.local:3000/ I get the dashboard webpage (albeit with no nodes or anything reporting) and at https://mymaster.local:8140 I get a cert trying to be served to my browser. Are these good indicators of something at least working? On my pupper master box, which is Ubuntu, here is what /etc/puppet/puppet.conf contains [main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter templatedir=$confdir/templates [master] # These are needed when the puppetmaster is run by passenger # and can safely be removed if webrick is used. reports = store, http reporturl = http://mymaster.local:3000/reports/upload ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY and in the master's etc/hosts there is a reference to the agent, so it can ping it by name. and as of right now, i only have one FreeBSD puppet client. In it's /usr/local/etc/puppet/puppet.conf [agent] server = mymaster report = true pluginsync = true and its hosts file has mymaster, so I can ping it by name. However, on my agent, if i type puppet agent -t I get the following: Error: Could not request certificate: SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: (null) Exiting; failed to retrieve certificate and waitforcert is disabled I tried this with the -w option, and did sudo puppet cert list on the master, but i never saw anything show up. What am I missing here? Can someone point me to some better documentation? It seemed like what I read was lacking a bit, especially for the agent setup in the FreeBSD box. Thanks! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] New to Puppet bash: command not found
I have installed PE 2.8 server None of the commands work =, for example... puppet --server list, puppet agent --test,puppet agent --test --server=`hostname`, puppetca, I get the following error: *bash: puppetca: command not found * I get this no matter which command I try to run. ** *lease help, extremely frustrated.* *I have installed the server without issue and the agent on another server without issue. I am stuck like chuck.* -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] New to Puppet bash: command not found
Make sure the puppet binaries are in your path. -- Peter (from phone) On Jun 15, 2013, at 12:11 PM, gfdadd...@gmail.com wrote: I have installed PE 2.8 server None of the commands work =, for example... puppet --server list, puppet agent --test,puppet agent --test --server=`hostname`, puppetca, I get the following error: bash: puppetca: command not found I get this no matter which command I try to run. lease help, extremely frustrated. I have installed the server without issue and the agent on another server without issue. I am stuck like chuck. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] New to Puppet
Hi, welcome aboard. I fear there may be no available solutions. When in doubt, ask here ;-) Although in the end of the day, if you manage to get puppet to do what you want, you're fine. Cheers On 04/04/2013 10:53 PM, HassanzDaName wrote: Hello Everyone, I'm a new Puppet user. I'm still learning the ropes by going through the documentation available at docs.puppetlabs.com. Does anyone know where one might be able to find solutions to the exercises that they have posted? I have worked on a few of them but I'm not sure if I'm writing my manifests correctly or not... Any help would greatly be appreciated. Thanks again! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] New to Puppet
Hello Everyone, I'm a new Puppet user. I'm still learning the ropes by going through the documentation available at docs.puppetlabs.com. Does anyone know where one might be able to find solutions to the exercises that they have posted? I have worked on a few of them but I'm not sure if I'm writing my manifests correctly or not... Any help would greatly be appreciated. Thanks again! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] (New To Puppet)Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find class sudo for pupclient on node pupclient
Something to help you avoid it in the future: Put all of your puppet manifests into a git repo (very good practice to get setup right away), and then put a git pre-commit hook that uses puppet parser validate to check for syntax errors. This will basically not let you commit new manifests if they have syntax problems. Much more efficient troubleshooting. This site covers the details: http://projects.puppetlabs.com/projects/1/wiki/puppet_version_control On Monday, January 21, 2013 5:10:49 PM UTC-8, Fusebox wrote: yeah..I figured that out after posting..works after fixing it.. but thanks for looking into it and responding..appreciate much :) On Sunday, January 20, 2013 8:40:54 PM UTC-6, nseagoon wrote: It looks like a syntax issue (at a minimum): *package { sudo-ldap:* *ensure = present,* *require = Package[sudo],* *}* *}* * * There isn't a trailing doublequote for the sudo line. On 20 January 2013 16:38, Fusebox dnvi...@gmail.com wrote: Hello Folks! I am trying to learn puppet. Installed the puppet 3.0.2 and configured one node as the master and the other as the client. Generated the certs and all that. But, I seem to be doing something wrong wrt to the init.pp file. Attached is exact error and my current server configuration. Any help in helping me fix this issue is appreciated: *[root@pupclient ~]# puppet agent --test* *Info: Retrieving plugin* *Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find class sudo for pupclient on node pupclient* *Warning: Not using cache on failed catalog* *Error: Could not retrieve catalog; skipping run* puppet.conf file on the client is pointed to the server which I named as puppet and which the client is able to resolve in DNS. *[root@pupclient ~]# cat /etc/puppet/puppet.conf* *[main]* *# The Puppet log directory.* *# The default value is '$vardir/log'.* *logdir = /var/log/puppet* * * *# Where Puppet PID files are kept.* *# The default value is '$vardir/run'.* *rundir = /var/run/puppet* * * *# Where SSL certificates are kept.* *# The default value is '$confdir/ssl'.* *ssldir = $vardir/ssl* *server=puppet* * * *[agent]* *# The file in which puppetd stores a list of the classes* *# associated with the retrieved configuratiion. Can be loaded in* *# the separate ``puppet`` executable using the ``--loadclasses``* *# option.* *# The default value is '$confdir/classes.txt'.* *classfile = $vardir/classes.txt* * * *# Where puppetd caches the local configuration. An* *# extension indicating the cache format is added automatically.* *# The default value is '$confdir/localconfig'.* *localconfig = $vardir/localconfig* * * Below is the configuration on the puppet master: * * *[root@puppet manifests]# pwd* */etc/puppet/manifests* * * *[root@puppet manifests]# cat site.pp* *import 'nodes.pp'* *$puppetserver = 'puppet'* * * *[root@puppet manifests]# cat nodes.pp* *node 'pupclient' {* *include sudo* *package {'firefox': ensure = present}* *}* *[root@puppet manifests]# pwd* */etc/puppet/modules/sudo/manifests* * * *[root@puppet manifests]# ls -l* *total 4* *-rw-r--r-- 1 root root 327 Jan 19 23:15 init.pp* * * *[root@puppet manifests]# cat init.pp* *class sudo {* *package { sudo:* *ensure = present,* *}* *if $operatingsystem == Ubuntu {* *package { sudo-ldap:* *ensure = present,* *require = Package[sudo],* *}* *}* *file { /etc/sudoers:* *owner = root,* *group = root,* *mode = 0440,* *source = puppet://$puppetserver/modules/sudo/etc/sudoers,* *require = Package[sudo],* *}* *}* * * Is this error result of a syntax issue or something else? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/elQPK2m6uLkJ. To post to this group, send email to puppet...@googlegroups.com. To unsubscribe from this group, send email to puppet-users...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/tiNvdSArEUoJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] (New To Puppet)Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find class sudo for pupclient on node pupclient
yeah..I figured that out after posting..works after fixing it.. but thanks for looking into it and responding..appreciate much :) On Sunday, January 20, 2013 8:40:54 PM UTC-6, nseagoon wrote: It looks like a syntax issue (at a minimum): *package { sudo-ldap:* *ensure = present,* *require = Package[sudo],* *}* *}* * * There isn't a trailing doublequote for the sudo line. On 20 January 2013 16:38, Fusebox dnvi...@gmail.com javascript: wrote: Hello Folks! I am trying to learn puppet. Installed the puppet 3.0.2 and configured one node as the master and the other as the client. Generated the certs and all that. But, I seem to be doing something wrong wrt to the init.pp file. Attached is exact error and my current server configuration. Any help in helping me fix this issue is appreciated: *[root@pupclient ~]# puppet agent --test* *Info: Retrieving plugin* *Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find class sudo for pupclient on node pupclient* *Warning: Not using cache on failed catalog* *Error: Could not retrieve catalog; skipping run* puppet.conf file on the client is pointed to the server which I named as puppet and which the client is able to resolve in DNS. *[root@pupclient ~]# cat /etc/puppet/puppet.conf* *[main]* *# The Puppet log directory.* *# The default value is '$vardir/log'.* *logdir = /var/log/puppet* * * *# Where Puppet PID files are kept.* *# The default value is '$vardir/run'.* *rundir = /var/run/puppet* * * *# Where SSL certificates are kept.* *# The default value is '$confdir/ssl'.* *ssldir = $vardir/ssl* *server=puppet* * * *[agent]* *# The file in which puppetd stores a list of the classes* *# associated with the retrieved configuratiion. Can be loaded in* *# the separate ``puppet`` executable using the ``--loadclasses``* *# option.* *# The default value is '$confdir/classes.txt'.* *classfile = $vardir/classes.txt* * * *# Where puppetd caches the local configuration. An* *# extension indicating the cache format is added automatically.* *# The default value is '$confdir/localconfig'.* *localconfig = $vardir/localconfig* * * Below is the configuration on the puppet master: * * *[root@puppet manifests]# pwd* */etc/puppet/manifests* * * *[root@puppet manifests]# cat site.pp* *import 'nodes.pp'* *$puppetserver = 'puppet'* * * *[root@puppet manifests]# cat nodes.pp* *node 'pupclient' {* *include sudo* *package {'firefox': ensure = present}* *}* *[root@puppet manifests]# pwd* */etc/puppet/modules/sudo/manifests* * * *[root@puppet manifests]# ls -l* *total 4* *-rw-r--r-- 1 root root 327 Jan 19 23:15 init.pp* * * *[root@puppet manifests]# cat init.pp* *class sudo {* *package { sudo:* *ensure = present,* *}* *if $operatingsystem == Ubuntu {* *package { sudo-ldap:* *ensure = present,* *require = Package[sudo],* *}* *}* *file { /etc/sudoers:* *owner = root,* *group = root,* *mode = 0440,* *source = puppet://$puppetserver/modules/sudo/etc/sudoers,* *require = Package[sudo],* *}* *}* * * Is this error result of a syntax issue or something else? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/elQPK2m6uLkJ. To post to this group, send email to puppet...@googlegroups.comjavascript: . To unsubscribe from this group, send email to puppet-users...@googlegroups.com javascript:. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/SDVqxW7FC-0J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] (New To Puppet)Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find class sudo for pupclient on node pupclient
Hello Folks! I am trying to learn puppet. Installed the puppet 3.0.2 and configured one node as the master and the other as the client. Generated the certs and all that. But, I seem to be doing something wrong wrt to the init.pp file. Attached is exact error and my current server configuration. Any help in helping me fix this issue is appreciated: *[root@pupclient ~]# puppet agent --test* *Info: Retrieving plugin* *Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find class sudo for pupclient on node pupclient* *Warning: Not using cache on failed catalog* *Error: Could not retrieve catalog; skipping run* puppet.conf file on the client is pointed to the server which I named as puppet and which the client is able to resolve in DNS. *[root@pupclient ~]# cat /etc/puppet/puppet.conf* *[main]* *# The Puppet log directory.* *# The default value is '$vardir/log'.* *logdir = /var/log/puppet* * * *# Where Puppet PID files are kept.* *# The default value is '$vardir/run'.* *rundir = /var/run/puppet* * * *# Where SSL certificates are kept.* *# The default value is '$confdir/ssl'.* *ssldir = $vardir/ssl* *server=puppet* * * *[agent]* *# The file in which puppetd stores a list of the classes* *# associated with the retrieved configuratiion. Can be loaded in* *# the separate ``puppet`` executable using the ``--loadclasses``* *# option.* *# The default value is '$confdir/classes.txt'.* *classfile = $vardir/classes.txt* * * *# Where puppetd caches the local configuration. An* *# extension indicating the cache format is added automatically.* *# The default value is '$confdir/localconfig'.* *localconfig = $vardir/localconfig* * * Below is the configuration on the puppet master: * * *[root@puppet manifests]# pwd* */etc/puppet/manifests* * * *[root@puppet manifests]# cat site.pp* *import 'nodes.pp'* *$puppetserver = 'puppet'* * * *[root@puppet manifests]# cat nodes.pp* *node 'pupclient' {* *include sudo* *package {'firefox': ensure = present}* *}* *[root@puppet manifests]# pwd* */etc/puppet/modules/sudo/manifests* * * *[root@puppet manifests]# ls -l* *total 4* *-rw-r--r-- 1 root root 327 Jan 19 23:15 init.pp* * * *[root@puppet manifests]# cat init.pp* *class sudo {* *package { sudo:* *ensure = present,* *}* *if $operatingsystem == Ubuntu {* *package { sudo-ldap:* *ensure = present,* *require = Package[sudo],* *}* *}* *file { /etc/sudoers:* *owner = root,* *group = root,* *mode = 0440,* *source = puppet://$puppetserver/modules/sudo/etc/sudoers,* *require = Package[sudo],* *}* *}* * * Is this error result of a syntax issue or something else? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/elQPK2m6uLkJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] (New To Puppet)Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find class sudo for pupclient on node pupclient
It looks like a syntax issue (at a minimum): *package { sudo-ldap:* *ensure = present,* *require = Package[sudo],* *}* *}* * * There isn't a trailing doublequote for the sudo line. On 20 January 2013 16:38, Fusebox dnvik...@gmail.com wrote: Hello Folks! I am trying to learn puppet. Installed the puppet 3.0.2 and configured one node as the master and the other as the client. Generated the certs and all that. But, I seem to be doing something wrong wrt to the init.pp file. Attached is exact error and my current server configuration. Any help in helping me fix this issue is appreciated: *[root@pupclient ~]# puppet agent --test* *Info: Retrieving plugin* *Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find class sudo for pupclient on node pupclient* *Warning: Not using cache on failed catalog* *Error: Could not retrieve catalog; skipping run* puppet.conf file on the client is pointed to the server which I named as puppet and which the client is able to resolve in DNS. *[root@pupclient ~]# cat /etc/puppet/puppet.conf* *[main]* *# The Puppet log directory.* *# The default value is '$vardir/log'.* *logdir = /var/log/puppet* * * *# Where Puppet PID files are kept.* *# The default value is '$vardir/run'.* *rundir = /var/run/puppet* * * *# Where SSL certificates are kept.* *# The default value is '$confdir/ssl'.* *ssldir = $vardir/ssl* *server=puppet* * * *[agent]* *# The file in which puppetd stores a list of the classes* *# associated with the retrieved configuratiion. Can be loaded in* *# the separate ``puppet`` executable using the ``--loadclasses``* *# option.* *# The default value is '$confdir/classes.txt'.* *classfile = $vardir/classes.txt* * * *# Where puppetd caches the local configuration. An* *# extension indicating the cache format is added automatically.* *# The default value is '$confdir/localconfig'.* *localconfig = $vardir/localconfig* * * Below is the configuration on the puppet master: * * *[root@puppet manifests]# pwd* */etc/puppet/manifests* * * *[root@puppet manifests]# cat site.pp* *import 'nodes.pp'* *$puppetserver = 'puppet'* * * *[root@puppet manifests]# cat nodes.pp* *node 'pupclient' {* *include sudo* *package {'firefox': ensure = present}* *}* *[root@puppet manifests]# pwd* */etc/puppet/modules/sudo/manifests* * * *[root@puppet manifests]# ls -l* *total 4* *-rw-r--r-- 1 root root 327 Jan 19 23:15 init.pp* * * *[root@puppet manifests]# cat init.pp* *class sudo {* *package { sudo:* *ensure = present,* *}* *if $operatingsystem == Ubuntu {* *package { sudo-ldap:* *ensure = present,* *require = Package[sudo],* *}* *}* *file { /etc/sudoers:* *owner = root,* *group = root,* *mode = 0440,* *source = puppet://$puppetserver/modules/sudo/etc/sudoers,* *require = Package[sudo],* *}* *}* * * Is this error result of a syntax issue or something else? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/elQPK2m6uLkJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] New NRPE Puppet module
Hello Puppet Users and Dev, I have just a pushed a puppet module for NRPE to github. Initially it supports the Debian, Redhat, and Solaris based operating systems. I plan on adding FreeBSD support in the near future. In the meantime I will be updating the documentation and getting it ready for a forge release. I would appreciate any feedback or pull requests to add additional functionality. https://github.com/pdxcat/puppet-module-nrpe My nick is blkperl in #puppet if you want to bounce ideas. -- Thanks, William Van Hevelingen -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] New NRPE Puppet module
Nice to find out who pdxcat is :) (I am using a couple of your modules) I published my nrpe module to github a while back as well. It looks like you have taken a vaguely similar approach. Maybe some collaboration is in order... My module is here if you want to take a look. https://github.com/rendhalver/puppet-nrpe I published it to the forge as well. On 17 January 2013 03:58, William Van Hevelingen wva...@gmail.com wrote: Hello Puppet Users and Dev, I have just a pushed a puppet module for NRPE to github. Initially it supports the Debian, Redhat, and Solaris based operating systems. I plan on adding FreeBSD support in the near future. In the meantime I will be updating the documentation and getting it ready for a forge release. I would appreciate any feedback or pull requests to add additional functionality. https://github.com/pdxcat/puppet-module-nrpe My nick is blkperl in #puppet if you want to bounce ideas. -- Thanks, William Van Hevelingen -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] New to Puppet -- why the puppet user
All answers helped a lot. Thanks, George On Tuesday, November 27, 2012 8:06:00 AM UTC-7, thbe wrote: 2012/11/27 Steven VanDevender ste...@uoregon.edu javascript: [...] One gathers you're not really a practicing sysadmin. What you cite are a bunch of good reasons one should avoid running daemons and applications as root. But you can't create and manage the mechanisms that are used to avoid running things as root without root access. [...] The question is more what actions are done by the daemon. Compiling the catalog, transfer files from a file server, sending reports to a central instance and a lot of stuff more are not necessarily things where the daemon need root privileges, installing packages or replacing configuration files is a different thing. But under normal circumstances it is better to only be root if it is really necessary. So starting as a user and gain more privileges only where needed. Regards, Thomas -- Linux ... enjoy the ride! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/u-OV4h4YktYJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] New to Puppet -- why the puppet user
2012/11/27 Steven VanDevender ste...@uoregon.edu [...] One gathers you're not really a practicing sysadmin. What you cite are a bunch of good reasons one should avoid running daemons and applications as root. But you can't create and manage the mechanisms that are used to avoid running things as root without root access. [...] The question is more what actions are done by the daemon. Compiling the catalog, transfer files from a file server, sending reports to a central instance and a lot of stuff more are not necessarily things where the daemon need root privileges, installing packages or replacing configuration files is a different thing. But under normal circumstances it is better to only be root if it is really necessary. So starting as a user and gain more privileges only where needed. Regards, Thomas -- Linux ... enjoy the ride! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] New to Puppet -- why the puppet user
I'm looking at Puppet as a configuration manager solution, and I was wondering Why is there a puppet user and group? I realize the obvious answer is that Puppet won't run w/o it, but I don't understand why it just wasn't set up with root access. thanks in advance, george -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/WtXL0ugYO0YJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] New to Puppet -- why the puppet user
Because standard systems administration practice is to rarely if ever run anything at all as root. This practice, generally speaking, will not pass ITIL, SOX, HIPAA, or PCI compliance auditing, and if something like Puppet (which has complete run of your system) ran as root, you could easily demolish not only one but thousands of machines with a single keystroke... well, Root is just a bad idea, then http://askubuntu.com/questions/16178/why-is-it-bad-to-run-as-root http://cboard.cprogramming.com/tech-board/123049-why-running-programs-root-so-bad.html http://unix.stackexchange.com/questions/52268/why-is-it-a-bad-idea-to-run-as-root A good best practices document on system security and elevated permissions: http://www.sans.org/reading_room/whitepapers/bestprac/system-administrator-security-practices_657 An access control article: http://www.softpanorama.org/Access_control/Accounts/root_account.shtml Another article on best practices (#1 addresses the root user) http://brajeshwar.com/2008/5-best-practices-for-linux-users/ I could go on. I just know that if the Root user could login remotely (or directly) to anything but the console on any of my corporate hosts, I'd fail audit on just about any government-compliance required site. --jms On Nov 26, 2012, at 5:17 PM, george glwray1...@gmail.com wrote: I'm looking at Puppet as a configuration manager solution, and I was wondering Why is there a puppet user and group? I realize the obvious answer is that Puppet won't run w/o it, but I don't understand why it just wasn't set up with root access. thanks in advance, george -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/WtXL0ugYO0YJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] New to Puppet -- why the puppet user
Jerald Sheets writes: Because standard systems administration practice is to rarely if ever run anything at all as root. This practice, generally speaking, will not pass ITIL, SOX, HIPAA, or PCI compliance auditing, and if something like Puppet (which has complete run of your system) ran as root, you could easily demolish not only one but thousands of machines with a single keystroke... well, Root is just a bad idea, then One gathers you're not really a practicing sysadmin. What you cite are a bunch of good reasons one should avoid running daemons and applications as root. But you can't create and manage the mechanisms that are used to avoid running things as root without root access. A sysadmin avoids doing things as root that aren't necessary, but is otherwise obligated to use root access (carefully) on a constant basis. Puppet runs as root because it should be used to do a lot of the things that have to to be done as root. Proper standards for security should say that root access should be carefully regulated and monitored, not that it must never be allowed for remote access. If used well Puppet should actually improve your security because it can enforce site-wide standards automatically and provide better auditing of changes than haphazard manual practices. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] New to Puppet -- why the puppet user
Aaron Grewell writes: To answer OP's question, the Puppet Master runs as user/group puppet. The agent runs as root. Which is, of course, entirely desirable. puppetmaster needs access only to a limited set of files, which it needs only to serve to agents, and hence is best run in a dedicated user/group. The agents, however, need root access to do their jobs. Unfortunately I failed to notice that was a top-posted reply. Sorry. On Mon, Nov 26, 2012 at 3:41 PM, Steven VanDevender ste...@uoregon.eduwrote: Jerald Sheets writes: Because standard systems administration practice is to rarely if ever run anything at all as root. This practice, generally speaking, will not pass ITIL, SOX, HIPAA, or PCI compliance auditing, and if something like Puppet (which has complete run of your system) ran as root, you could easily demolish not only one but thousands of machines with a single keystroke... well, Root is just a bad idea, then One gathers you're not really a practicing sysadmin. What you cite are a bunch of good reasons one should avoid running daemons and applications as root. But you can't create and manage the mechanisms that are used to avoid running things as root without root access. A sysadmin avoids doing things as root that aren't necessary, but is otherwise obligated to use root access (carefully) on a constant basis. Puppet runs as root because it should be used to do a lot of the things that have to to be done as root. Proper standards for security should say that root access should be carefully regulated and monitored, not that it must never be allowed for remote access. If used well Puppet should actually improve your security because it can enforce site-wide standards automatically and provide better auditing of changes than haphazard manual practices. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] New to Puppet -- why the puppet user
In regard to: Re: [Puppet Users] New to Puppet -- why the puppet user,...: Because standard systems administration practice is to rarely if ever run anything at all as root. When it doesn't require root, that's absolutely true. This relates to the principle of least privilege. However, the puppet agent that runs on each puppet client requires the ability to make modifications to nearly everything about the client system, all in an effort to enforce the state that the puppet server has indicated that the client should be in. I suppose you could do that using something like sudo or Solaris RBAC, but you would end up granting so much access to the puppet agent that you would essentially be running it as root anyway. There's very little point going through that exercise for an agent that requires unfettered access to the client system. To answer the original question: there's a puppet user and group for the very few things that do *not* require root: specifically, the puppet master and components like Dashboard. They are, essentially, web applications, and don't require any special privileges, so the PuppetLabs folks wisely made them run as a non-privileged user ( group). Note that if your puppet master is a client of itself (or some other puppet master) then the puppet agent running there still needs to be run as root. The agent enforces the state, which requires administrative access. The master calculates the state, which doesn't. Tim -- Tim Mooney tim.moo...@ndsu.edu Enterprise Computing Infrastructure 701-231-1076 (Voice) Room 242-J6, IACC Building 701-231-8541 (Fax) North Dakota State University, Fargo, ND 58105-5164 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] New to Puppet and a Query
My Query is - I have CITRIX API Scripts written in Python language and i have a Server which provisions OS from the Template of Citrix when users login and when more number of users login it should autoprovision a OS from the existing template automatically and for this i have a device for load balancing called F5 which gives me the min and max users if the user count reaches max then i shld execute a script to auto create the OS from template is this possible to do with puppet is my details based on the threshold what i set in load balancer i should be able to auto create OS automatically without user intervention i have a python script to autoprovision OS but i wanted to integrate my loadbalancer threshold values and write a script in puppet Any help would be highly appreciable -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] New To Puppet - Two Questions
On Wed, Jul 28, 2010 at 7:42 AM, krisread kris.r...@gmail.com wrote: New to Puppet, heard about it for the first time at OSCON. Two quick questions: 1. Is there a web interface? This is really key to our company since we have some dev/ops people but also some customer service people (not command-line savvy) who need to do things. Puppet Dashboard and Foreman are the current active projects that i'm aware of. 2. Does it just manage server configuration or could I write custom extensions or modules to do things like list all of our customers who have accounts on a server, add/remove customers from our database, enable/disable logins to our web app, etc? These would be more like business operations not it/server management operations. You could easily extend the language(e.g. using defines etc) or in your case, maybe external nodes is an easy way to go forward. Ohad -K.R. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] New To Puppet - Two Questions
New to Puppet, heard about it for the first time at OSCON. Two quick questions: 1. Is there a web interface? This is really key to our company since we have some dev/ops people but also some customer service people (not command-line savvy) who need to do things. 2. Does it just manage server configuration or could I write custom extensions or modules to do things like list all of our customers who have accounts on a server, add/remove customers from our database, enable/disable logins to our web app, etc? These would be more like business operations not it/server management operations. -K.R. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] New To Puppet - Two Questions
On Tue, Jul 27, 2010 at 4:42 PM, krisread kris.r...@gmail.com wrote: New to Puppet, heard about it for the first time at OSCON. Two quick questions: 1. Is there a web interface? This is really key to our company since we have some dev/ops people but also some customer service people (not command-line savvy) who need to do things. the Puppet Dashboard will be able to support rbac rules in the near future to support this use case. 2. Does it just manage server configuration or could I write custom extensions or modules to do things like list all of our customers who have accounts on a server, try: ralsh user this command lists all users on a machine add/remove customers from our database, this can be supported, but you will probably have to write your own types/providers enable/disable logins to our web app, etc? as long as this can be scripted, it can be done with puppet. These would be more like business operations not it/server management operations. -K.R. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] New To Puppet - Two Questions
Hello Krisread! On Tue, Jul 27, 2010 at 20:42, krisread kris.r...@gmail.com wrote: could I write custom extensions or modules to do things like list all of our customers who have accounts on a server, add/remove customers from our database, enable/disable logins to our web app, etc? You can write your custom modules to perform those operations. You can see a guide for building a new custom module at Puppet's documentation: http://docs.puppetlabs.com/guides/modules.html and http://docs.puppetlabs.com/guides/custom_types.html -- Carla -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] new to puppet. how to add condition in a class?
Hi. II am trying puppet after cfengine and I am looking for a method to use a class if a file exist. exemple I have a condition class. I have to create on the server the condition class but i do not want to have it execute on every client. It is not easy for me to set on the server the condition to execute the class. I prefer runing class on my client if thereis a file exemple if the file /etc/mypuppet/condition is present execute the condition class. Is it possible? How can i do it? thanks for your help. regards --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---