Puppet users - Apr 2008 - puppetrun pings the remote host

Hi there,

I noticed puppetrun first starts to ping the remote host to see if
it''s reachable.  The problem is that there is no timeout, or at least
a very long one, and puppetrun takes about one minute to error out.
And my firewall is setup to block ICMP requests, so ping cannot pass
through anyway.

Providing a --noping option would be great :-)

WDYT?
-- 
Jean-Baptiste Quenot
http://caraldi.com/jbq/blog/

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

On Apr 1, 2008, at 7:58 AM, Jean-Baptiste Quenot wrote:
>
> Hi there,
>
> I noticed puppetrun first starts to ping the remote host to see if
> it''s reachable.  The problem is that there is no timeout, or at
least
> a very long one, and puppetrun takes about one minute to error out.
> And my firewall is setup to block ICMP requests, so ping cannot pass
> through anyway.
>
> Providing a --noping option would be great :-)
>
> WDYT?

Really, the ping time should just be really short.  If it can''t ping  
in about a second, it probably can''t ping.  Maybe make it  
configurable, but this will mostly be used on internal networks, so  
it''s pretty reasonable to expect a 1s ping.

-- 
I have an answering machine in my car. It says, "I''m home now. But
leave a message and I''ll call when I''m out. -- Stephen Wright
---------------------------------------------------------------------
Luke Kanies | http://reductivelabs.com | http://madstop.com


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Well, the time to live can be specified with eg "-t 2" to timeout
after 2 seconds.  But  in my case I don''t want puppetrun to skip the
host if the ping fails, as ICMP is specifically blocked, but Puppet
port is allowed.

Cheers,
-- 
Jean-Baptiste Quenot
http://caraldi.com/jbq/blog/

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

On Apr 1, 2008, at 10:14 AM, Jean-Baptiste Quenot wrote:
> Well, the time to live can be specified with eg "-t 2" to timeout
> after 2 seconds.  But  in my case I don''t want puppetrun to skip
the
> host if the ping fails, as ICMP is specifically blocked, but Puppet
> port is allowed.

Ah, in that case, yeah, although you''ll then want a timeout on the  
call itself, since otherwise the timeout is about 3 minutes, I think.

-- 
I have a switch in my apartment... It doesn''t do anything. Every once
in a while, I turn it on and off. One day I got a call... It was from
a woman in France... She said, "Cut it out!"
     -- Stephen Wright
---------------------------------------------------------------------
Luke Kanies | http://reductivelabs.com | http://madstop.com


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

On 01/04/2008, Jean-Baptiste Quenot <jbq@caraldi.com>
wrote:
>
>  Well, the time to live can be specified with eg "-t 2" to
timeout
>  after 2 seconds.  But  in my case I don''t want puppetrun to skip
the
>  host if the ping fails, as ICMP is specifically blocked, but Puppet
>  port is allowed.
How about changing your firewall(s) to allow ping from your
puppetmaster?  If you''re real paranoid you could use rate limit and
restrict the icmp type.
Kent

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

I thought about changing the firewall, but it doesn''t make much sense
to change it just for the sake of being able to use puppetrun.  IMO
puppetrun should behave the same as all other puppet tools.

I removed the ping system call in puppetrun and it works like a charm.

Cheers,
-- 
Jean-Baptiste Quenot
http://caraldi.com/jbq/blog/

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Yet another reason blocking ICMP is a bad idea...

On Tue, Apr 1, 2008 at 8:28 AM, Jean-Baptiste Quenot <jbq@caraldi.com>
wrote:
>
>  I thought about changing the firewall, but it doesn''t make much
sense
>  to change it just for the sake of being able to use puppetrun.  IMO
>  puppetrun should behave the same as all other puppet tools.
>
>  I removed the ping system call in puppetrun and it works like a charm.
>
>
>  Cheers,
>  --
>  Jean-Baptiste Quenot
>  http://caraldi.com/jbq/blog/
>
>  >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---