Re: [Puppet Users] Best practices for infrastructure

2013-08-25 Thread Martin Langhoff
On Sat, Aug 24, 2013 at 5:18 PM, Jakov Sosic wrote: > Only if you use autosign option. After the certificate is signed, agents > report certname and not hostname. Well-behaved clients report certname. A malicious client could use one cert, but report a different name. AIUI the puppet master check

Re: [Puppet Users] Best practices for infrastructure

2013-08-25 Thread Gabriel Filion
On 23/08/13 12:51 PM, Martin Langhoff wrote: > On Fri, Aug 23, 2013 at 12:03 PM, Paul Archer > wrote: > > I'm thinking about setting up a master in the colo with a slaved > master at each site, > > > I would strongly recommend using "master-less" recipes, whi

Re: [Puppet Users] Best practices for infrastructure

2013-08-25 Thread Jakov Sosic
On 08/25/2013 02:17 PM, Martin Langhoff wrote: On Sat, Aug 24, 2013 at 5:18 PM, Jakov Sosic wrote: Only if you use autosign option. After the certificate is signed, agents report certname and not hostname. Well-behaved clients report certname. A malicious client could use one cert, but report

[Puppet Users] Re: Could not parse for environment production: Cannot assign to variables in other namespaces

2013-08-25 Thread Mike Delaney
If you're assigning $role inside the role::nameserver class, then its scope is limited to just role::nameserver (and any classes that inherit from role::nameserver)[1]. So, hiera lookups from inside role::nameserver will see that level of your hierarchy, but it will be invisible almost everywhere

[Puppet Users] What is the alternative to Ruby DSL as use of the Ruby DSL is deprecated ?

2013-08-25 Thread Stefan Schmid
Hi I am new to puppet and need to manage host entries in file /etc/hosts as follows on node mail.example.com and db.example.com. I do not want to manage the whole file /etc/hosts with puppet, only a few entries. puppet version 3.2.1 node mail.example.com, file /etc/hosts: (..) 172.16.89.96

Re: [Puppet Users] What is the alternative to Ruby DSL as use of the Ruby DSL is deprecated ?

2013-08-25 Thread Brian Lalor
There's a host type built into puppet. -- Brian Lalor bla...@bravo5.org On Aug 25, 2013, at 9:39 AM, Stefan Schmid wrote: > Hi > > I am new to puppet and need to manage host entries in file /etc/hosts as > follows on node mail.example.com and db.example.com. I do not want to manage > the wh

Re: [Puppet Users] What is the alternative to Ruby DSL as use of the Ruby DSL is deprecated ?

2013-08-25 Thread Mike Delaney
Hi Stefan, I believe for the general case, the best practice is to encapsulate the logic that can't be expressed directly in the PuppetDSL in custom functions called from the DSL. Some of the features in the new experimental parser like iteration are aimed at reducing the need to write trivial, on

[Puppet Users] service subscription to a concat managed file

2013-08-25 Thread opticpow
Hi All, I'm using the ripienaar/concatmodule to manage a number of configuration files. Is it possible for a service to subscribe to the managed file so that when another module inserts a fragment, the service is restarted? Below is an example o

Re: [Puppet Users] Re: Puppet Manage Cisco ASA

2013-08-25 Thread aussielunix
G`Day All ! On Friday, 1 March 2013 02:13:27 UTC+11, James Turnbull wrote: > > > Cisco is working on integration and we hope to have some news on this > soon. > > What is the current state of Cisco device management with Puppet ? I have found https://github.com/uniak/puppet-networkdevice but no