I''d like to be removed from the puppet-users email list... but I cant
find my name on the webpage.
Thanks,
Jennifer Ford
***********************************
Manager, Unix Administration
Teach For America
Phone: 212-279-2080 ext. 688
jennifer.ford at teachforamerica.org
One day, all children in this nation will have the opportunity to attain
an excellent education.
http://www.teachforamerica.org
-----Original Message-----
From: puppet-users-bounces at madstop.com
[mailto:puppet-users-bounces at madstop.com] On Behalf Of
puppet-users-request at madstop.com
Sent: Sunday, October 14, 2007 1:00 PM
To: puppet-users at madstop.com
Subject: Puppet-users Digest, Vol 16, Issue 25
Send Puppet-users mailing list submissions to
puppet-users at madstop.com
To subscribe or unsubscribe via the World Wide Web, visit
https://mail.madstop.com/mailman/listinfo/puppet-users
or, via email, send a message with subject or body ''help'' to
puppet-users-request at madstop.com
You can reach the person managing the list at
puppet-users-owner at madstop.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Puppet-users digest..."
Today''s Topics:
1. Re: external nodes (Luke Kanies)
2. Re: Puppet is reporting missing libraries (Luke Kanies)
3. Re: puppetca is unable to sign certificate (Luke Kanies)
4. Re: puppetca is unable to sign certificate (Luke Kanies)
5. Re: #786: exported resources not refreshed (Luke Kanies)
6. Re: puppet (Timeout::Error) HELP??? (Luke Kanies)
7. Re: external nodes (Chris MacLeod)
----------------------------------------------------------------------
Message: 1
Date: Sat, 13 Oct 2007 12:47:25 -0500
From: Luke Kanies <luke at madstop.com>
Subject: Re: [Puppet-users] external nodes
To: Puppet User Discussion <puppet-users at madstop.com>
Message-ID: <4EF7773A-42D8-4646-944A-2F7E6C331C1B at madstop.com>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
On Oct 12, 2007, at 12:51 PM, Chris MacLeod wrote:
> the example below works really well but I can''t express it via my
> external nodes, I have to bury it in a class (or module). I''m
> trying to avoid having to have a class for each node.
>
> I know I can call a define with an array, but I need the parameters
> to be different for each element of the array.
I don''t really understand the problem you''re trying to solve.
Is it that each node has a unique list of ethernet interfaces, each
with its own IP addresses? If not, what is it?
--
You can''t have everything. Where would you put it?
-- Stephen Wright
---------------------------------------------------------------------
Luke Kanies | http://reductivelabs.com | http://madstop.com
------------------------------
Message: 2
Date: Sat, 13 Oct 2007 12:48:50 -0500
From: Luke Kanies <luke at madstop.com>
Subject: Re: [Puppet-users] Puppet is reporting missing libraries
To: Puppet User Discussion <puppet-users at madstop.com>
Message-ID: <781C75CE-5089-49DD-89B7-B9CD8702E155 at madstop.com>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
On Oct 12, 2007, at 4:51 PM, Thomas Underhill wrote:
> Am I missing something that needs to be done to convince Puppet
> that I do indeed have the Ruby/LDAP libraries installed (I am a
> Ruby newbie so I may have missed something obvious)? Getting
> puppet to utilize our LDAP infrastructure for node information is
> critical for our Puppet rollout project to move forward as we
don''t
> want to have to duplicate node information in manifests.
>
> Any pointers would be greatly appreciated, as I have not found
> anything (so far) that has helped resolve this issue. If I come
> across a solution, then I will update the Puppet wiki accordingly.
Run this:
ruby -lldap -e ''puts :yep''
If that throws an error, then Ruby is not finding your library, and
thus neither will Puppet. If that does not throw an error but Puppet
still can''t find the library, then it looks like a bug in Puppet.
--
Nonreciprocal Laws of Expectations:
Negative expectations yield negative results. Positive expectations
yield negative results.
---------------------------------------------------------------------
Luke Kanies | http://reductivelabs.com | http://madstop.com
------------------------------
Message: 3
Date: Sat, 13 Oct 2007 12:56:11 -0500
From: Luke Kanies <luke at madstop.com>
Subject: Re: [Puppet-users] puppetca is unable to sign certificate
To: Puppet User Discussion <puppet-users at madstop.com>
Message-ID: <7B471A05-7546-431C-B494-A0C8EA313394 at madstop.com>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
On Oct 12, 2007, at 4:06 AM, Stephen Tan wrote:
> Wow. I''ve not used strace before and it spews a LOT of output! The
> reason for this is because for some reason,
> /usr/local/lib/site_ruby/1.8/i486-linux/ is referenced for a LONG time
> before it goes to /usr/lib.
>
> I''ve filtered the output through grep 64 | grep -v /usr/local to
get
> some sort of relevant output. Please find it attached. I can see
> nothing weird about any file locations for certificates.
Looks like it''s finding a cert in /etc/puppet/ssl/certs, but I
don''t
see it looking for any requests at all.
> I''m going to download a source version of the latest stable
version
> and see if this makes a difference.
I can''t imagine it will; certs have been stable for ages.
--
Puritanism: The haunting fear that someone, somewhere, may be happy.
-- H. L. Mencken
---------------------------------------------------------------------
Luke Kanies | http://reductivelabs.com | http://madstop.com
------------------------------
Message: 4
Date: Sat, 13 Oct 2007 12:58:11 -0500
From: Luke Kanies <luke at madstop.com>
Subject: Re: [Puppet-users] puppetca is unable to sign certificate
To: Puppet User Discussion <puppet-users at madstop.com>
Message-ID: <C1F15794-0328-4C6C-B883-45F1AB36AE25 at madstop.com>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
On Oct 12, 2007, at 7:59 AM, Stephen Tan wrote:
> Luke - in order to help me debug this issue from a more basic level, I
> was wondering if it would be possible to give a brief summary of what
> happens between client and server when a puppet client requests a
> certificate? I can then go through and follow this to see where this
> process might be failing.
The client creates a certificate request and sends it to the server.
If autosign is enabled, the server signs it and sends the signed cert
back, writing the cert to disk, also. If autosign is not enabled, it
writes the request to the csrdir.
The user then signs the cert using puppetca --sign.
The client then requests the cert again, this time getting the signed
cert.
> I''m afraid that I can''t find any meaningful documentation
for this on
> the ReductiveLabs site.
Hopefully someone will put this info in a useful place on the wiki,
then (hint, hint).
--
My favorite was a professor at a University I Used To Be Associated
With who claimed that our requirement of a non-alphabetic character in
our passwords was an abridgement of his freedom of speech.
-- Jacob Haller
---------------------------------------------------------------------
Luke Kanies | http://reductivelabs.com | http://madstop.com
------------------------------
Message: 5
Date: Sat, 13 Oct 2007 13:06:15 -0500
From: Luke Kanies <luke at madstop.com>
Subject: Re: [Puppet-users] #786: exported resources not refreshed
To: Puppet User Discussion <puppet-users at madstop.com>
Message-ID: <9AD6C6E1-5ADB-4316-9519-F9E5F94BC0F5 at madstop.com>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
On Oct 9, 2007, at 2:01 PM, udo waechter wrote:
> Hi Luke,
> On 09.10.2007, at 06:08, Luke Kanies wrote:
>>
>> ''freshness'' is called on the server by the client
every time the
>> client runs. It''s used by the client to determine if the
client
>> should recompile.
>>
> Well that''s what I thought too, but still it does not happen.
Then you need to debug why it''s not getting called on the clients.
At this point, I think the only possible solution is for you to ping
me on irc and go through interactive debugging. It''s clear that
sending emails around isn''t working.
> I am sorry, but this does not happen. Almost never. It happened once
> or twice for one or two hosts. Unfortunately I can not find out from
> which of the hosts this came, since most of the clients run at the
> same time. Thus the syslog entries are mixed up.
>
> The strange thing is now that only the first output from the first
> line of the freshness function shows up.
> Either of both outputs form the lines
>
> 88 if defined? @interpreter
> 89 bla = [exportdate.to_i, @interpreter.parsedate].max
> 90 Puppet.info "=================EXPORTDATE IS:
"+bla
> 91 return bla
> 92 else
> 93 Puppet.info "===========NO
EXPORTDATE============="
> 94 return 0
> 95 end
>
> do not show up, which can not be!
Like I said, time to debug on the clients, then.
Really, though, it''s time to do this interactively, because something
retarded is happening, something that both of us are missing somehow.
--
I went to a restaurant that serves "breakfast at anytime". So I
ordered French Toast during the Renaissance. -- Stephen Wright
---------------------------------------------------------------------
Luke Kanies | http://reductivelabs.com | http://madstop.com
------------------------------
Message: 6
Date: Sat, 13 Oct 2007 13:07:01 -0500
From: Luke Kanies <luke at madstop.com>
Subject: Re: [Puppet-users] puppet (Timeout::Error) HELP???
To: Puppet User Discussion <puppet-users at madstop.com>
Message-ID: <1DF18B6C-BA5C-4092-9E0F-18CDB8DE5E81 at madstop.com>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
On Oct 12, 2007, at 8:21 AM, Joseph Holland wrote:
> Can anyone help me with this error I am having. I am using puppet on
> Debian Etch, version 0.20.1-1 from apt works OK, but due to one or two
> problems we want to use the version from testing, 0.23.2-10, but the
> puppetd just fails upon startup spitting this out:
>
> Starting puppet configuration management
> tool/usr/lib/ruby/1.8/timeout.rb:54:in `open'': execution expired
Is the server running? If so, what does it say?
We need the output from both client and server to be of any help.
--
I hate to advocate drugs, alcohol, violence, or insanity to anyone,
but
they''ve always worked for me. -- Hunter S.
Thompson
---------------------------------------------------------------------
Luke Kanies | http://reductivelabs.com | http://madstop.com
------------------------------
Message: 7
Date: Sat, 13 Oct 2007 20:58:02 -0400
From: "Chris MacLeod" <stickm at gmail.com>
Subject: Re: [Puppet-users] external nodes
To: "Puppet User Discussion" <puppet-users at madstop.com>
Message-ID:
<426cef8e0710131758n32455c93g3237bb4aa4b0331d at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
that''s just the current example. I certainly need to solve that one.
David''s suggestion of including a node specific class file would work,
but
I''d like to keep all node specific data in the yaml rather than be
splitting
it between a node/class file and the yaml.
the conceptual problem is that I have node specific data (that has sub
attributes as well) that I want to express in my external nodes.
I certainly need to solve this specific problem, on our front level
proxies
they have any number of interface aliases for ssl purposes.
Ideally I''d think the solution (in yaml) would be something like:
interface:
eth0:
ip: 1.1.1.1
netmask: 255.255.255.0
... etc
eth1:
ip: 1.1.2.1
... etc.
and so on, but I have no clue how I could express that in a way that a
define would work with it (or if I even can do that)
If it''s confusing the issue, we can step away from the conceptual
problem,
how are people handling multiple ethernet interfaces on a single node,
when
using external nodes.
Maybe the way to go is not to have a yaml file per host for external
nodes
to read and just have it output a small set of default classes and a
hostname.pp class file and do everything in there? Seems kinda
backwards
but I guess it could work.
I really like the concept of only being able to define classes and
variables
at a host level and having all the modules and classes be fairly generic
and
reusable.
C
On 10/13/07, Luke Kanies <luke at madstop.com>
wrote:>
> On Oct 12, 2007, at 12:51 PM, Chris MacLeod wrote:
>
> > the example below works really well but I can''t express it
via my
> > external nodes, I have to bury it in a class (or module).
I''m
> > trying to avoid having to have a class for each node.
> >
> > I know I can call a define with an array, but I need the parameters
> > to be different for each element of the array.
>
> I don''t really understand the problem you''re trying to
solve.
>
> Is it that each node has a unique list of ethernet interfaces, each
> with its own IP addresses? If not, what is it?
>
> --
> You can''t have everything. Where would you put it?
> -- Stephen Wright
>
---------------------------------------------------------------------> Luke Kanies | http://reductivelabs.com | http://madstop.com
>
>
> _______________________________________________
> Puppet-users mailing list
> Puppet-users at madstop.com
> https://mail.madstop.com/mailman/listinfo/puppet-users
>
--
stickm at gmail.com
-==< Stick >==-
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://mail.madstop.com/pipermail/puppet-users/attachments/20071013/04b9
825c/attachment.html
------------------------------
_______________________________________________
Puppet-users mailing list
Puppet-users at madstop.com
https://mail.madstop.com/mailman/listinfo/puppet-users
End of Puppet-users Digest, Vol 16, Issue 25
********************************************
____________________________________________
This communication and any file transmitted with it may contain information that
is confidential, privileged and exempt from disclosure under applicable law. It
is intended solely for the use of the individual or entity to which it is
addressed. If you are not the intended recipient, you are hereby notified that
any use, dissemination or copying of this communication is strictly prohibited.
If you have received this communication in error, please notify the sender.
Thank you for your cooperation.