Puppet users - Apr 2008 - puppet ldap integration question

I want to deploy puppet with openldap for specific node configuration, 
but only for specific nodes, every other node (not in LDAP) should 
follow the ''default'' node definition.
Is it possible to mix and match like this?

As I try it I am getting err: Could not retrieve catalog: Could not find 
node ''myhostname'' instead.

-- 
Mark Foster -  Sr. Systems Engineer
BitPusher - premier managed services provider
http://www.bitpusher.com/



--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

If I understand you correctly, all you should have to do is create a
node in LDAP named "default" and anytime puppet can''t find a
host in
LDAP it will just use the "default" LDAP node.

In regards to your "Could not find node" issue, can you start by
sending us your LDAP config parameters from your puppet.conf or
puppetmasterd.conf?

Did you add the schema to your openLDAP server and restart ldap?
Did you create the host in the Hosts ou? (i.e. ou=Hosts,
dc=<domain>,dc=<tld>)
Did you assign the objectClass puppetClient to ''myhostname'' or
whatever hostname to which you are trying to apply the catalog?
Are you seeing anything in the OpenLDAP server logs? I had to set my
logging to 2912 on the OpenLDAP server so I could see all of the
queries hitting the server.
I also recommend using the ldapsearch command to help with debugging
puppet LDAP issues. At the very least it removes the puppet
abstraction from the LDAP equation.

 - Jeremy

On Apr 24, 3:06 pm, Mark Foster <mfos...@bitpusher.com>
wrote:
> I want to deploy puppet with openldap for specific node configuration,
> but only for specific nodes, every other node (not in LDAP) should
> follow the ''default'' node definition.
> Is it possible to mix and match like this?
>
> As I try it I am getting err: Could not retrieve catalog: Could not find
> node ''myhostname'' instead.
>
> --
> Mark Foster -  Sr. Systems Engineer
> BitPusher - premier managed services providerhttp://www.bitpusher.com/
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

jpruitt@juniper.net wrote:
> If I understand you correctly, all you should have to do is create a
> node in LDAP named "default" and anytime puppet can''t
find a host in
> LDAP it will just use the "default" LDAP node.
>
>   
Thank you for explaining how it should work.  I already had other 
(non-default) ldap based nodes working.
I just created the default node in LDAP and it works as you describe.
So to summarize, you can''t mix and match (LDAP vs. file-based node 
definitions in nodes.pp).

-- 
Mark Foster -  Sr. Systems Engineer
BitPusher - premier managed services provider
http://www.bitpusher.com/



--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Yup, your summary is correct. In fact, I have found that if you have
even a single node definition in your manifest files puppet refuses to
process any of the nodes from LDAP. It still seems to search the LDAP
database, but ignores them once puppet realizes it has file based node
definitions.

 - Jeremy

On Apr 25, 1:02 pm, Mark Foster <mfos...@bitpusher.com>
wrote:
> jpru...@juniper.net wrote:
> > If I understand you correctly, all you should have to do is create a
> > node in LDAP named "default" and anytime puppet
can''t find a host in
> > LDAP it will just use the "default" LDAP node.
>
> Thank you for explaining how it should work.  I already had other
> (non-default) ldap based nodes working.
> I just created the default node in LDAP and it works as you describe.
> So to summarize, you can''t mix and match (LDAP vs. file-based node
> definitions in nodes.pp).
>
> --
> Mark Foster -  Sr. Systems Engineer
> BitPusher - premier managed services providerhttp://www.bitpusher.com/
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

jpruitt@juniper.net wrote:
> Yup, your summary is correct. In fact, I have found that if you have
> even a single node definition in your manifest files puppet refuses to
> process any of the nodes from LDAP. It still seems to search the LDAP
> database, but ignores them once puppet realizes it has file based node
> definitions.
>   
You can only use one node type at a time - external, LDAP or file based. 

Regards

James Turnbull

-- 
James Turnbull (james@lovedthanlost.net)
--
Author of:
* Pulling Strings with Puppet
(http://www.amazon.com/gp/product/1590599780/)
* Pro Nagios 2.0
(http://www.amazon.com/gp/product/1590596099/)
* Hardening Linux
(http://www.amazon.com/gp/product/1590594444/)


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

That much makes sense, I was just surprised to find that even with
"node_terminus  = ldap" a single file-based node definition broke my
ldap functionality.

 - Jeremy

On Apr 25, 11:16 pm, James Turnbull <ja...@lovedthanlost.net>
wrote:
> jpru...@juniper.net wrote:
> > Yup, your summary is correct. In fact, I have found that if you have
> > even a single node definition in your manifest files puppet refuses to
> > process any of the nodes from LDAP. It still seems to search the LDAP
> > database, but ignores them once puppet realizes it has file based node
> > definitions.
>
> You can only use one node type at a time - external, LDAP or file based.
>
> Regards
>
> James Turnbull
>
> --
> James Turnbull (ja...@lovedthanlost.net)
> --
> Author of:
> * Pulling Strings with Puppet
> (http://www.amazon.com/gp/product/1590599780/)
> * Pro Nagios 2.0
> (http://www.amazon.com/gp/product/1590596099/)
> * Hardening Linux
> (http://www.amazon.com/gp/product/1590594444/)
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

On Apr 26, 2008, at 3:38 AM, jpruitt@juniper.net wrote:
> That much makes sense, I was just surprised to find that even with
> "node_terminus  = ldap" a single file-based node definition broke
my
> ldap functionality.

Huh; I was pretty sure this isn''t true, and looking through the code I
don''t see anything indicating it would be true.  In fact, it was  
mostly my desired behaviour, but I kind of half-accidentally made it  
so you can now use both at once.

In fact, I''m pretty darn confident that external nodes work fine with  
AST nodes (the in-language nodes), since I was testing external nodes  
recently without removing all of my node definitions.

LDAP nodes shouldn''t behave much differently, but I haven''t  
specifically tested it.

If you look at parser/compiler.rb#compile, you should be able to  
follow the process of what''s happening, and from there track what  
happens when.

-- 
If you can''t be a good example, then you''ll just have to be a
horrible warning. -- Catherine Aird
---------------------------------------------------------------------
Luke Kanies | http://reductivelabs.com | http://madstop.com


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Luke Kanies wrote:
> On Apr 26, 2008, at 3:38 AM, jpruitt@juniper.net wrote:
> 
>> That much makes sense, I was just surprised to find that even with
>> "node_terminus  = ldap" a single file-based node definition
broke my
>> ldap functionality.
> 
> 
> Huh; I was pretty sure this isn''t true, and looking through the
code I
> don''t see anything indicating it would be true.  In fact, it was  
> mostly my desired behaviour, but I kind of half-accidentally made it  
> so you can now use both at once.
Really?  When?  When last I tested it - 0.23.something or maybe even the
first 0.24 release - you couldn''t have file-based nodes with external
nodes at least and I was fairly sure LDAP nodes also failed?

Happy if you can - be nice to add when that changed... :)

James

- --
James Turnbull (james@lovedthanlost.net)
- --
Author of:
- - Pulling Strings with Puppet
(http://www.amazon.com/gp/product/1590599780/)
- - Pro Nagios 2.0
(http://www.amazon.com/gp/product/1590596099/)
- - Hardening Linux
(http://www.amazon.com/gp/product/1590594444/)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIE9QE9hTGvAxC30ARAhXWAJsH72yWPgGhsnahXJj7UvhU4+8SnwCfWZ8F
L5yzMJayfuRwQpSkKvsomHE=Qv+0
-----END PGP SIGNATURE-----

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

On Apr 26, 2008, at 8:16 PM, James Turnbull wrote:
> Really?  When?  When last I tested it - 0.23.something or maybe even  
> the
> first 0.24 release - you couldn''t have file-based nodes with
external
> nodes at least and I was fairly sure LDAP nodes also failed?
>
> Happy if you can - be nice to add when that changed... :)

I''m not sure exactly when, but I expect it was around 0.24.  I
can''t
find specific mention of it, other than maybe this:

     The --use-nodes and --no-nodes options are now obsolete.
     Puppet automatically detects when nodes are defined, and if
     they are defined it will require that a node be found,
     else it will not look for a node nor will it fail if it
     fails to find one.

I think this process basically just caused AST nodes and external  
nodes to be considered two separate processes entirely, whereas in  
0.23 the same system chose which node source to use.

-- 
This space intentionally has nothing but text explaining why this
space has nothing but text explaining that this space would otherwise
have been left blank, and would otherwise have been left blank.
---------------------------------------------------------------------
Luke Kanies | http://reductivelabs.com | http://madstop.com


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

On Apr 25, 2008, at 3:02 PM, Mark Foster wrote:
>
> jpruitt@juniper.net wrote:
>> If I understand you correctly, all you should have to do is create a
>> node in LDAP named "default" and anytime puppet
can''t find a host in
>> LDAP it will just use the "default" LDAP node.
>>
>>
> Thank you for explaining how it should work.  I already had other
> (non-default) ldap based nodes working.
> I just created the default node in LDAP and it works as you describe.
> So to summarize, you can''t mix and match (LDAP vs. file-based node
> definitions in nodes.pp).
As mentioned elsewhere in the thread, this should no longer be the  
case in 0.24.  Not that I recommend it, but Puppet doesn''t forbid it  
or anything, and it should silently work.

-- 
To be positive: To be mistaken at the top of one''s voice.
     -- Ambrose Bierce
---------------------------------------------------------------------
Luke Kanies | http://reductivelabs.com | http://madstop.com


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---