[Puppet Users] How to avoid the use of defined

Hi folks, This is a "best practices" question as much as a technical one. I am trying to redefine variables when I include a specific class. The use case is installing php 5.3 on a few select centos 5 boxes while keeping the default php 5.1 install on others. Here is the relevant part of my apach

Re: [Puppet Users] Selecting repos

Hi, tu2bg...@gmail.com writes: > How do people currently select repos from which to install particular > packages? Currently we have a base centos, (enabled by default), and > several others that I want to enable and disable for particular > packages, like being able to use the --disablerepo=* >

Re: [Puppet Users] How to avoid the use of defined

Arnaud Gomes-do-Vale writes: > class wordpress { > # apache::lamp includes apache::php > include apache::lamp > > if $::os == 'rhel5' { > include apache::php53 > } > # .../... > } Including apache::php53 before apache::lamp fixes the issue

Re: [Puppet Users] Re: How to avoid the use of defined

Hi, First, thanks for your help. However I still have some issues with your solution. jcbollinger writes: > few bad ones. Here's a good rule of thumb: never use Puppet's > "defined()" function in your manifests. Ever. It is brittle, and it > will cause you grief, increasing exponentially wit

[Puppet Users] Problem overriding file resource in 2.6.x

Hi folks, I have a couple of classes to manage ssh servers. All my hosts include ssh::server which manages a generic config file, and some of them include ssh::server::forceip which use a template to force sshd to bind on specific IP addresses. Here is the code: class ssh::server { $serv

Re: [Puppet Users] Problem overriding file resource in 2.6.x

Arnaud Gomes-do-Vale writes: > What am I doing wrong? I had an old puppetd process running while it should have been killed weeks ago. I have killed it this afternoon and it looks like everything is working properly now. -- Arnaud -- You received this message because you are subscribed

[Puppet Users] LDAP nodes no longer work after upgrading to 0.25.x

Hi, I recently upgraded my test puppetmaster from 0.24.8 to 0.25.4. The host is CentOS 5, with puppet packages from epel(-testing). Since upgrading my LDAP nodes no longer work. The puppetmaster doesn't even connect to the LDAP server, the clients just get the default node configuration. The pup

Re: [Puppet Users] LDAP nodes no longer work after upgrading to 0.25.x

Arnaud Gomes-do-Vale writes: > Since upgrading my LDAP nodes no longer work. The puppetmaster doesn't > even connect to the LDAP server, the clients just get the default node > configuration. Fixed, there was a typo in my config file ([puppermasterd] instead of [puppetmasterd])

[Puppet Users] Puppetmaster with stored configs leaks file descriptors on CentOS 5

Hi folks, When I enabled stored configs on my puppet master, it began keeping lots of open connections to the MySQL server (as far as I understand it opened one connection for each client run and never closed them). I set up the server to close idle connections after 5 minutes. Now the database s

Re: [Puppet Users] Puppetmaster with stored configs leaks file descriptors on CentOS 5

Brice Figureau writes: > Can you try with a newer rails/active record? > This one is a little bit old, and I'm not sure there aren't some bugs. > I vaguely remember that puppet required rails 2.2, but I might be wrong. Will try. I was hoping I could get away with using whatever is in EPEL; has

Re: [Puppet Users] Puppetmaster with stored configs leaks file descriptors on CentOS 5

Christopher writes: > I ran into this same thing. Update (rebuild) to the following rpms > versions from fedora 11: > > rubygem-activerecord.noarch 1:2.3.2-4.fc11 > rubygem-activesupport.noarch1:2.3.2-2.fc11 > rubygem-rack.noarch 1.0.0-1.fc11 Thanks,

Re: [Puppet Users] Re: Six Puppet Questions

Hi, Matt Juszczak writes: > * Nagios: What are people doing to add hosts/services to nagios where > some hosts AREN'T puppet hosts? For instance, deprecated hosts that > were spun up prior to puppet (we won't be installing puppet on those > hosts). Just use several cfg_dir and cfg_file directi

Re: [Puppet Users] How do I automagically remove old versions of jar files?

Larry Fast writes: > Is there a standard puppet pattern for removing older versions of jars > without explicitly naming each version? A couple of solutions in addition to the proposed ones: - Use your package manager. Build a package containing your jar file and upload it to a local repo; yo

Re: [Puppet Users] apt repository appears to have dependency issue with latest release (3.2.1)

Eric Sorenson writes: > We'll do a better job in the future of > (a) pointing out the necessity of the dependencies repo in the release > notes > (b) featuring the Upgrading guide ( > http://docs.puppetlabs.com/guides/upgrading.html ) more prominently, > as it has best practice for safe upgradin

[Puppet Users] Fileserver error with Puppet 3.0

Hi, I am evaluating Puppet 3.0 on my test puppetmaster. I have what looks like a regression from Puppet 2.7.19: Info: Retrieving plugin Info: Loading facts in /var/lib/puppet/lib/facter/ircamnetwork.rb Info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb Info: Loading facts in /var/lib/

Re: [Puppet Users] Fileserver error with Puppet 3.0

Matthaus Owens writes: > In Puppet 3.x, allow directives are limited to hostnames, if you wish > to allow an ip address, the allow_ip directive should be used. This > was in response to CVE-2012-3408 > (http://puppetlabs.com/security/cve/cve-2012-3408/). Thank you for your help. Looks like somet

[Puppet Users] Broken rsync mirroring for PuppetLabs APT repo

Hi, I have sent this mail to i...@puppetlabs.com and received no answer, so I'm posting here as well; I hope somebody at PuppetLabs will be able to help. I have a local mirror of apt.puppetlabs.com which has been broken for at least a few days: the apt/dists/ subdirectory only contains symlinks t

Re: [Puppet Users] Broken rsync mirroring for PuppetLabs APT repo

Matthaus Owens writes: > What flags are you passing to rsync? The README at > http://apt.puppetlabs.com/README.txt offers a sample rsync command > which includes the --copy-links flag. When I rsync using copy links, > my dists directory looks like: Of course you're right, I used my usual rsync c

[Puppet Users] LDAP backend for Hiera

Hi folks, I have written a small LDAP backend for Hiera. I am aware of the one at but it's not what I was looking for. You can find mine at . How to use it = Basically, the hiera.yaml file should loo

Re: [Puppet Users] LDAP backend for Hiera

Arnaud Gomes-do-Vale writes: > objectclass ( 1.3.6.1.4.1.7568.1.2.43.1 NAME 'hieraSource' SUP top STRUCTURAL s/STRUCTURAL/AUXILIARY/ of cource. -- A -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe f

[Puppet Users] Security of facts (aka: who can see my facts?)

Hello, I have a module for deploying an application which relies on an (external) MySQL database. Here is a simplified version of the relevant parts: class myapp::database { $db_user = my_db_user $db_name = my_db_name # generate_db_passwd is a custom script, basically a wrapper around

Re: [Puppet Users] Re: Security of facts (aka: who can see my facts?)

Chuck writes: > I wouldn't put any sensitive information in a fact, unless the only people > with access to PuppetDB and your Servers are admins who already have access > to this information. But even then I still wouldn't do it. That's more or less the conclusion I arrived at, except I can't

Re: [Puppet Users] Re: Security of facts (aka: who can see my facts?)

jcbollinger writes: > It is relatively easy to write a custom hiera back end, in which you can > use whatever code you like to lookup or generate a value for any given key > (or not). You could use such a thing to integrate password generation and > recall (and even encrypted storage, if desi

Re: [Puppet Users] The Future - ENCs vs Hiera?

Jose Luis Ledesma writes: > Enforcing environment from the master is a must for us, and I don't > really see the point of configuring hiera against LDAP when puppet > supports it natively. Do you know some benefit I'm missing? Last time I checked the native LDAP terminus did not support parametr

Re: [Puppet Users] The Future - ENCs vs Hiera?

Johan De Wit writes: > I'm very interested in your improvement. Is it available for the > public somewhere ? No, there is just too much site-specific stuff hardcoded in there. Basically, it: - grabs the host's entry in LDAP, or bombs out if it doesn't exist - extracts the puppetclass attribut

[Puppet Users] How to make file_line autocreate files?

Hello, I am trying to manage my dsh groups with Puppet. The way I'm trying to do this: - each node has a block like this in its manifest: @@file_line { "${::fqdn} in dsh group ${group}": line => $::fqdn, path => "/etc/dsh/group/${group}", tag => 'dsh', } - each dsh client colle

Re: [Puppet Users] How to make file_line autocreate files?

Martin Alfke writes: > @@file { “/etc/dsh/group/${group}”: > ensure => file, > tag => ‘dsh’, > } > File <<|| tag == ‘ssh’ |>> -> File_line <<| tag == 'dsh' |>> > > This creates files when required and takes care on the content with file_line Error: Could not retrieve catalog from remote

Re: [Puppet Users] How to make file_line autocreate files?

Martin Alfke writes: > Maybe you can do the following ( I am unsure whether the if ! defined will be > validated properly on the client): I am quite sure it won't. :-) I may try to query the PuppetDB from a parser function to get the list of paths on the client; I am reading the docs at the mo

Re: [Puppet Users] How to make file_line autocreate files?

Arnaud Gomes-do-Vale writes: > I may try to query the PuppetDB from a parser function to get the list > of paths on the client; I am reading the docs at the moment. Here is what I came up with, and it works for me. It assumes the PuppetDB is on localhost:8080 as seen from the Puppet