with recent versions of puppet, when you clean a certificate, you also
revoke it, you apache is simply not configured to look at the CRL
(certificate revocation list).
Ohad
On Wed, Dec 22, 2010 at 11:43 PM, Dan Trainor wrote:
> Hi -
>
> I read up on this subject quite a bit, and was able to fin
On Wed, Dec 22, 2010 at 4:24 PM, Douglas Garstang
wrote:
> On Wed, Dec 22, 2010 at 2:30 PM, Nigel Kersten wrote:
>>
>> On Wed, Dec 22, 2010 at 11:30 AM, Douglas Garstang
>> wrote:
>> > We're currently going through a PCI audit process, and an internal scan
>> > by
>> > an auditor of our network
Hi Aaron,
On Mon, 20 Dec 2010 09:51:33 -0500
aaron prayther wrote:
> i'm relatively new to puppet and have not found an examples of running
> without a puppet master.
> does anyone have any examples of a "disconnected" configuration, not using a
> puppet master?
>
I have a repo that you could
On Dec 22, 2010, at 7:35 PM, Derek Yarnell wrote:
> On 12/22/10 8:38 PM, Patrick wrote:
>>
>> On Dec 22, 2010, at 5:18 PM, Derek Yarnell wrote:
>>
>>> So I was asked a bit about implications of distributing something
>>> sensitive through puppet. After a client talks to the puppet server
>>> (
On 12/22/10 8:38 PM, Patrick wrote:
>
> On Dec 22, 2010, at 5:18 PM, Derek Yarnell wrote:
>
>> So I was asked a bit about implications of distributing something
>> sensitive through puppet. After a client talks to the puppet server
>> (giving its local facts) and retrieves its catalog is the cli
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Neither Passenger, nor Mongrel, are that difficult to set up behind
Apache but I will say that the Passenger instructions are quite user
friendly.
I attempted to provide the capability to modify the cipher sets in
Puppet for my own interest, but this
On Dec 22, 2010, at 5:18 PM, Derek Yarnell wrote:
> So I was asked a bit about implications of distributing something
> sensitive through puppet. After a client talks to the puppet server
> (giving its local facts) and retrieves its catalog is the client allowed
> to fetch resources that may not
Hi,
So I was asked a bit about implications of distributing something
sensitive through puppet. After a client talks to the puppet server
(giving its local facts) and retrieves its catalog is the client allowed
to fetch resources that may not be defined in its catalog?
For example if someone is
Yeah actually I managed to write some script to help in doing that but
it's a bit dirty.
It would be good to have a cleaner and more precise wait to do it.
In puppet dashboard for example it would be nice to have the list of
files changed on a specific server with the corresponding date and MD5
che
On Wed, Dec 22, 2010 at 2:30 PM, Nigel Kersten wrote:
> On Wed, Dec 22, 2010 at 11:30 AM, Douglas Garstang
> wrote:
> > We're currently going through a PCI audit process, and an internal scan
> by
> > an auditor of our network came up with the following advisory on port
> 8139
> > on all of our
On 22 December 2010 19:38, deet wrote:
> Hello good people.
> Env: puppet 2.6.4, facter 1.5.8
>
> I'm trying to set a variable in a defaults resource like this. In
> the password attribute I set the $name variable which I hoped would be
> the the user name. I can see now that this evaluates
On 22 December 2010 21:43, Dan Trainor wrote:
> Hi -
>
[snip]
> From what I understand, Puppet's client/server authentication system -
> using SSL - is portable. I believe that I should be able to use the
> same SSL certificates and keys (and even the same CA) with regard to
> other SSL/TLS con
Nigel Kersten writes:
> We actually had a feature request in about this recently that shouldn't
> be too hard to find if you do a search. More people caring about this
> will lead us to prioritize it more, however...
> You really should move away from Webrick for production for several
> reasons
On Dec 22, 1:39 pm, "sanjiv.singh" wrote:
> hi all ,
> adding more details to it.
>
> i tried to implement this in two ways,
>
> way 1) created a new module with new puppet class in manifest that
> contains configuration of both puppet class tomcat.pp & process.pp.
Are you using
On Wed, Dec 22, 2010 at 11:30 AM, Douglas Garstang
wrote:
> We're currently going through a PCI audit process, and an internal scan by
> an auditor of our network came up with the following advisory on port 8139
> on all of our puppet servers.
> Resolution: Disable weak and medium ciphers in the h
On Dec 22, 1:16 pm, "sanjiv.singh" wrote:
> hi all,
> i started using puppet month before.
> i am playing with puppet , configured with LDAP.
>
> according to my requirement , i need to configure two nodes
> node 1. where tomcat an releted services to be deployed through
> puppet .
> nod
Hi -
I read up on this subject quite a bit, and was able to find a few
posts on the mailing list, even found a wiki article. Unfortunately
it doesn't quite address what I'm looking to do.
>From what I understand, Puppet's client/server authentication system -
using SSL - is portable. I believe
Never mind. Got this.
I had some left over ssl options in puppet.conf from the Passenger
setup. Once I removed those everything worked just fine.
On Dec 22, 1:34 pm, cyrus wrote:
> I am trying to setup Puppet + Mongrel on RHEL5. So far I have followed
> this document:
>
> http://projects.puppetl
I've been trying to enable rrdgraph reports as detailed in the
documentation. So far, this seems to be problematic.
Here are the entries (sanitized) from messages.log:
Dec 22 14:24:17 foovpuppet puppet-agent[14051]: Caching catalog for
foovpuppet.example.com
Dec 22 14:24:17 foovpuppet puppet-age
I am trying to setup Puppet + Mongrel on RHEL5. So far I have followed
this document:
http://projects.puppetlabs.com/projects/puppet/wiki/Using_Mongrel_On_Enterprise_Linux
The puppetmasters all start up and Apache starts up on 8140.
However, when my client connects I get the following errors:
[
Hi,
Search the threads, there were a few discussions about this point... at the
moment afaik, its not doable.
are you using store config for collection or just for inventory? there are a
few other options for both requirements without having your central db
blocking puppet.
Ohad
2010/12/22 Carl
I would suggest changing to the user "puppet" and then trying to create that
folder. (In a shell. Not using puppet or ruby.) This will at least tell you
if your file permissions are right.
On Dec 22, 2010, at 10:14 AM, Douglas Garstang wrote:
> I keep getting this in /var/log/messages every t
hi all ,
adding more details to it.
i tried to implement this in two ways,
way 1) created a new module with new puppet class in manifest that
contains configuration of both puppet class tomcat.pp & process.pp.
problem with approach is that there is code replication , means that
Hello good people.
Env: puppet 2.6.4, facter 1.5.8
I'm trying to set a variable in a defaults resource like this. In
the password attribute I set the $name variable which I hoped would be
the the user name. I can see now that this evaluates to the class
name. Are their any other approach
We're currently going through a PCI audit process, and an internal scan by
an auditor of our network came up with the following advisory on port 8139
on all of our puppet servers.
Resolution: Disable weak and medium ciphers in the http.conf or ssl.conf
configuration files:
SSLCipherSuite ALL:!aNUL
On Tue, Dec 21, 2010 at 9:44 PM, donavan wrote:
> On Dec 21, 4:38 pm, Douglas Garstang wrote:
> > I'd like to be able to put specific modules into 'maintenance' mode if a
> > variable has been set. I can check the variable, but the only way I can
> see
> > to have puppet skip processing is to us
hi all,
i started using puppet month before.
i am playing with puppet , configured with LDAP.
according to my requirement , i need to configure two nodes
node 1. where tomcat an releted services to be deployed through
puppet .
node 2. where java processs that will point to tomcat services
On Wed, Dec 22, 2010 at 10:26 AM, Mark Stanislav
wrote:
> Just a shot in the dark, do you have AppArmor, SELinux or any other MAC
> system enabled?
>
> -Mark
>
>
Totally not
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this gr
Just a shot in the dark, do you have AppArmor, SELinux or any other MAC system
enabled?
-Mark
On Dec 22, 2010, at 1:14 PM, Douglas Garstang wrote:
> I keep getting this in /var/log/messages every time a client grabs a
> catalog...
>
> Report store failed: Got 1 failure(s) while initializing:
I keep getting this in /var/log/messages every time a client grabs a
catalog...
Report store failed: Got 1 failure(s) while initializing: change from absent
to directory failed: Failed to set owner to '0': Operation not permitted -
/var/lib/puppet/reports/app01.den.xxx.com
Why?
Doug.
--
You re
> However, a quick grep yields zero before and require parameters in your
> module - where are those orderings you rely on?
>
Frank.
Thanks for your input. It helps alot.
WRT to the dependencies I've started using the 2.6 notation of
stating resource ordering like this
Packages::Insta
Felix Frank wrote:
> On 12/22/2010 06:03 PM, Nigel Kersten wrote:
>> On Wed, Dec 22, 2010 at 8:41 AM, Felix Frank
>> wrote:
>>
We accept many changes where people don't want to go through the
overhead of supplying the patch themselves.
If they do go to this extra effort for the
On 12/22/2010 06:03 PM, Nigel Kersten wrote:
> On Wed, Dec 22, 2010 at 8:41 AM, Felix Frank
> wrote:
>
>>> We accept many changes where people don't want to go through the
>>> overhead of supplying the patch themselves.
>>>
>>> If they do go to this extra effort for the project however, it's
>>>
On Wed, Dec 22, 2010 at 8:41 AM, Felix Frank
wrote:
>> We accept many changes where people don't want to go through the
>> overhead of supplying the patch themselves.
>>
>> If they do go to this extra effort for the project however, it's
>> greatly appreciated.
>
> Ah, but the current "contributi
> The sarcasm in the "maybe" overflowed my monitor and ruined a perfectly good
> danish. It was the quintessential open source "forget you if you can't fix
> it yourself" response. This is a user list - why would "be a developer" ever
> be an appropriate response? If you didn't mean it that way, pe
On Wed, Dec 22, 2010 at 11:21 AM, Peter Meier wrote:
> > Doesn't that seem .. I dunno.. insanely bad?
>
> I wrote *maybe* (you seem to be able to read...) so what's your problem?
>
>
You wrote:
> the best thing would be to open a documentation bug report. Oh and maybe
> even supply a patch?
>
Th
On 12/22/2010 05:28 PM, Nigel Kersten wrote:
> On Wed, Dec 22, 2010 at 7:54 AM, Disconnect wrote:
>> Wait, lets see if I understand the requirements for a 5 word addition to the
>> documentation, from a user who doesn't already use git:
>> 1: go to the page below
>> 2: discover it requires git
>>
On Wed, Dec 22, 2010 at 7:54 AM, Disconnect wrote:
> Wait, lets see if I understand the requirements for a 5 word addition to the
> documentation, from a user who doesn't already use git:
> 1: go to the page below
> 2: discover it requires git
> 3: figure out what git is
> 4: install a git client
> Doesn't that seem .. I dunno.. insanely bad?
I wrote *maybe* (you seem to be able to read...) so what's your problem?
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsub
Hi,
I was aware of the 'Contribute' page, and it does indeed seem like a lot
of work, even for a reasonably experienced Git user like myself. I will
file a documentation bug. Thanks.
Regards,
Martijn.
On 22-12-10 16:54, Disconnect wrote:
> Wait, lets see if I understand the requirements for a
Wait, lets see if I understand the requirements for a 5 word addition to the
documentation, from a user who doesn't already use git:
1: go to the page below
2: discover it requires git
3: figure out what git is
4: install a git client
5: figure out how to use same
6: clone the entire repo (I just c
> Maybe it can be noted in the text, that on Debian and Ubuntu, the package
> is called 'librrd-ruby'.
the best thing would be to open a documentation bug report. Oh and maybe
even supply a patch?
http://docs.puppetlabs.com/contribute.html
~pete
--
You received this message because you are sub
Hello,
I'm configuring an environment using multiple puppet masters geographically
distributed in different locations. We have a "central" puppet master in
our main office with the CA signing authority and we also keep the MySQL
database with the stored configs there.
As we sometimes have a lot
I think i have found the documentation i need for puppet "modules". between
that and the suggestions i have received, i should be able operate the way i
need and like Matt be able to operate in disconnected secure networks.
On Tue, Dec 21, 2010 at 11:56 PM, donavan wrote:
> On Dec 20, 6:51 am,
Hi,
At http://docs.puppetlabs.com/references/latest/report.html#tagmail I read:
"You must have the Ruby RRDtool library installed ... This package may
also be available as ruby-rrd or rrdtool-ruby in your distribution’s
package management system"
Maybe it can be noted in the text, that on Debian
On Mon, 20 Dec 2010, Nick Moffitt wrote:
> With the right harmonics a service could be effectively 99%
> downtime and ensure => running would prevent me from finding out.
The puppet logs would report that the service was being started over and
over. I don't use Puppet Dashboard, but perhaps it ca
On Wed, Dec 22, 2010 at 08:55:21AM +0200, Alan Barrett wrote:
> On Sun, 19 Dec 2010, Stefan Schulte wrote:
> > If you really depend on your headerline consider the following: Don't
> > use Time.now but use something like
> > File.stat('/etc/puppet/modules/snmp/template/snmp.conf.erb').mtime.gmtime
On 12/22/2010 04:28 AM, Nicolas Aizier wrote:
> Hi everyone,
>
> I've got several questions that are most probably obvious to some of
> you but I'm actually a bit 'in the fog' about filebucket.
>
> backup are done on a md5 basis so 1 file is generated whatever the
> number of clients if it's the
On 12/21/2010 07:05 PM, deet wrote:
> Hello.
> I recently tried to improve a module I have which is used to create
> one or more instances of mysql per node. The original module had
> lot's of code repetition to get around gaps in my skills. The new
> improved module has less code repetition
On 12/21/2010 06:57 PM, Daniel Piddock wrote:
> On 21/12/10 17:48, Arnau Bria wrote:
>> On Tue, 21 Dec 2010 17:02:20 +0100
>> Arnau Bria wrote:
>>
>>> Hi all,
>>>
>>> I've noticed that facter version superior from epel do not
>>> display lsbmajdistrelease fact:
>> Sorry for the noise, that's not tr
50 matches
Mail list logo
