I was just about to move my first Puppet-built box into production, and
I''m getting a terribly troublesome error. I''m using an
external node
classifier and am not using storedconfigs.
We have a more-or-less generic httpd config for all of our boxen -
except this one. I''m generating httpd.conf from a template, so in the
template I have something like:
<% if scope.compiler.classlist.include?("edu_rutgers_css_resnet")
then -%>
# PUPPET: set due to presence of class
''edu_rutgers_css_resnet''
ServerAdmin foo@bar.com
# END PUPPET
<% else %>
# PUPPET: default value
ServerAdmin root@localhost
# END PUPPET
<% end -%>
I also generate /etc/sysconfig/iptables from a template, which includes:
<% if scope.compiler.classlist.include?("httpd") then -%>
# accept port 80, added by Puppet template with "httpd" class
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j
ACCEPT
<% else -%>
# puppet doesn''t see the class ''httpd'' defined, NOT
opening port 80...
<% end -%>
It seems that Puppet is "missing" the httpd class. When Puppet runs
every half hour, flaps between the if and else values for these two
statements, causing it to replace the config files and restart the
associated services. I originally thought that this was happening at
exactly each cycle, but it seems somewhat intermittent:
Jul 28 02:19:56 resnet2 puppetd[24046]:
(//iptables/File[/etc/sysconfig/iptables]/content) content changed
''{md5}654732a5f76e975e1fef1907ce6c5b46'' to
''{md5}fffc88c34693d4ee67a22c4190d1e608''
Jul 28 02:19:57 resnet2 puppetd[24046]: (//iptables/Service[iptables])
Triggering ''refresh'' from 2 dependencies
Jul 28 04:20:20 resnet2 puppetd[24046]:
(//iptables/File[/etc/sysconfig/iptables]/content) content changed
''{md5}fffc88c34693d4ee67a22c4190d1e608'' to
''{md5}654732a5f76e975e1fef1907ce6c5b46''
Jul 28 04:20:20 resnet2 puppetd[24046]: (//iptables/Service[iptables])
Triggering ''refresh'' from 2 dependencies
Jul 28 06:50:44 resnet2 puppetd[24046]:
(//iptables/File[/etc/sysconfig/iptables]/content) content changed
''{md5}654732a5f76e975e1fef1907ce6c5b46'' to
''{md5}fffc88c34693d4ee67a22c4190d1e608''
Jul 28 06:50:44 resnet2 puppetd[24046]: (//iptables/Service[iptables])
Triggering ''refresh'' from 2 dependencies
Jul 28 07:50:56 resnet2 puppetd[24046]:
(//iptables/File[/etc/sysconfig/iptables]/content) content changed
''{md5}fffc88c34693d4ee67a22c4190d1e608'' to
''{md5}654732a5f76e975e1fef1907ce6c5b46''
Jul 28 07:50:56 resnet2 puppetd[24046]: (//iptables/Service[iptables])
Triggering ''refresh'' from 2 dependencies
Jul 28 04:20:18 resnet2 puppetd[24046]:
(//httpd/File[/etc/httpd/conf/httpd.conf]/content) content changed
''{md5}e20ffe121bc385871c43c1c8d4c83376'' to
''{md5}d42e551de04a44d8e9121de93795ad33''
Jul 28 04:20:19 resnet2 puppetd[24046]: (//httpd/Service[httpd])
Triggering ''refresh'' from 1 dependencies
Jul 28 06:20:39 resnet2 puppetd[24046]:
(//httpd/File[/etc/httpd/conf/httpd.conf]/content) content changed
''{md5}d42e551de04a44d8e9121de93795ad33'' to
''{md5}e20ffe121bc385871c43c1c8d4c83376''
Jul 28 06:20:40 resnet2 puppetd[24046]: (//httpd/Service[httpd])
Triggering ''refresh'' from 1 dependencies
Jul 28 06:50:45 resnet2 puppetd[24046]:
(//httpd/File[/etc/httpd/conf/httpd.conf]/content) content changed
''{md5}e20ffe121bc385871c43c1c8d4c83376'' to
''{md5}d42e551de04a44d8e9121de93795ad33''
Jul 28 06:50:46 resnet2 puppetd[24046]: (//httpd/Service[httpd])
Triggering ''refresh'' from 1 dependencies
Jul 28 07:50:58 resnet2 puppetd[24046]:
(//httpd/File[/etc/httpd/conf/httpd.conf]/content) content changed
''{md5}d42e551de04a44d8e9121de93795ad33'' to
''{md5}e20ffe121bc385871c43c1c8d4c83376''
Jul 28 07:50:58 resnet2 puppetd[24046]: (//httpd/Service[httpd])
Triggering ''refresh'' from 1 dependencies
Any ideas on why this is happening? I''ve been running Puppet on a
non-critical network for a month now, with storedconfigs, and no major
problems. It seemed time to move it over to the production boxes (as the
new ones are built) but this seems like a serious issue...
Thanks for any advice,
Jason
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
I tried using the same check in a template of mine and I got it to
work
I found that the closures for the if and end statements are %> and not
-%>
so your statement would look like this.
<% if scope.compiler.classlist.include?("edu_rutgers_css_resnet")
then
%>
# PUPPET: set due to presence of class
''edu_rutgers_css_resnet''
ServerAdmin f...@bar.com
# END PUPPET
<% else %>
# PUPPET: default value
ServerAdmin root@localhost
# END PUPPET
<% end %>
give that a try.
On Jul 28, 11:37 pm, Jason Antman <ja...@jasonantman.com>
wrote:> I was just about to move my first Puppet-built box into production, and
> I''m getting a terribly troublesome error. I''m using an
external node
> classifier and am not using storedconfigs.
>
> We have a more-or-less generic httpd config for all of our boxen -
> except this one. I''m generating httpd.conf from a template, so in
the
> template I have something like:
>
> <% if
scope.compiler.classlist.include?("edu_rutgers_css_resnet") then
-%>
> # PUPPET: set due to presence of class
''edu_rutgers_css_resnet''
> ServerAdmin f...@bar.com
> # END PUPPET
> <% else %>
> # PUPPET: default value
> ServerAdmin root@localhost
> # END PUPPET
> <% end -%>
>
> I also generate /etc/sysconfig/iptables from a template, which includes:
>
> <% if scope.compiler.classlist.include?("httpd") then -%>
> # accept port 80, added by Puppet template with "httpd" class
> -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j
> ACCEPT
> <% else -%>
> # puppet doesn''t see the class ''httpd'' defined,
NOT opening port 80...
> <% end -%>
>
> It seems that Puppet is "missing" the httpd class. When Puppet
runs
> every half hour, flaps between the if and else values for these two
> statements, causing it to replace the config files and restart the
> associated services. I originally thought that this was happening at
> exactly each cycle, but it seems somewhat intermittent:
>
> Jul 28 02:19:56 resnet2 puppetd[24046]:
> (//iptables/File[/etc/sysconfig/iptables]/content) content changed
> ''{md5}654732a5f76e975e1fef1907ce6c5b46'' to
> ''{md5}fffc88c34693d4ee67a22c4190d1e608''
> Jul 28 02:19:57 resnet2 puppetd[24046]: (//iptables/Service[iptables])
> Triggering ''refresh'' from 2 dependencies
> Jul 28 04:20:20 resnet2 puppetd[24046]:
> (//iptables/File[/etc/sysconfig/iptables]/content) content changed
> ''{md5}fffc88c34693d4ee67a22c4190d1e608'' to
> ''{md5}654732a5f76e975e1fef1907ce6c5b46''
> Jul 28 04:20:20 resnet2 puppetd[24046]: (//iptables/Service[iptables])
> Triggering ''refresh'' from 2 dependencies
> Jul 28 06:50:44 resnet2 puppetd[24046]:
> (//iptables/File[/etc/sysconfig/iptables]/content) content changed
> ''{md5}654732a5f76e975e1fef1907ce6c5b46'' to
> ''{md5}fffc88c34693d4ee67a22c4190d1e608''
> Jul 28 06:50:44 resnet2 puppetd[24046]: (//iptables/Service[iptables])
> Triggering ''refresh'' from 2 dependencies
> Jul 28 07:50:56 resnet2 puppetd[24046]:
> (//iptables/File[/etc/sysconfig/iptables]/content) content changed
> ''{md5}fffc88c34693d4ee67a22c4190d1e608'' to
> ''{md5}654732a5f76e975e1fef1907ce6c5b46''
> Jul 28 07:50:56 resnet2 puppetd[24046]: (//iptables/Service[iptables])
> Triggering ''refresh'' from 2 dependencies
>
> Jul 28 04:20:18 resnet2 puppetd[24046]:
> (//httpd/File[/etc/httpd/conf/httpd.conf]/content) content changed
> ''{md5}e20ffe121bc385871c43c1c8d4c83376'' to
> ''{md5}d42e551de04a44d8e9121de93795ad33''
> Jul 28 04:20:19 resnet2 puppetd[24046]: (//httpd/Service[httpd])
> Triggering ''refresh'' from 1 dependencies
> Jul 28 06:20:39 resnet2 puppetd[24046]:
> (//httpd/File[/etc/httpd/conf/httpd.conf]/content) content changed
> ''{md5}d42e551de04a44d8e9121de93795ad33'' to
> ''{md5}e20ffe121bc385871c43c1c8d4c83376''
> Jul 28 06:20:40 resnet2 puppetd[24046]: (//httpd/Service[httpd])
> Triggering ''refresh'' from 1 dependencies
> Jul 28 06:50:45 resnet2 puppetd[24046]:
> (//httpd/File[/etc/httpd/conf/httpd.conf]/content) content changed
> ''{md5}e20ffe121bc385871c43c1c8d4c83376'' to
> ''{md5}d42e551de04a44d8e9121de93795ad33''
> Jul 28 06:50:46 resnet2 puppetd[24046]: (//httpd/Service[httpd])
> Triggering ''refresh'' from 1 dependencies
> Jul 28 07:50:58 resnet2 puppetd[24046]:
> (//httpd/File[/etc/httpd/conf/httpd.conf]/content) content changed
> ''{md5}d42e551de04a44d8e9121de93795ad33'' to
> ''{md5}e20ffe121bc385871c43c1c8d4c83376''
> Jul 28 07:50:58 resnet2 puppetd[24046]: (//httpd/Service[httpd])
> Triggering ''refresh'' from 1 dependencies
>
> Any ideas on why this is happening? I''ve been running Puppet on a
> non-critical network for a month now, with storedconfigs, and no major
> problems. It seemed time to move it over to the production boxes (as the
> new ones are built) but this seems like a serious issue...
>
> Thanks for any advice,
> Jason
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
Peter, I made that change in both affected templates late last night. Both services are still experiencing strange issues (flapping), but it''s no longer as regular as before (now, say, each one will be OK for 4 or 5 cycles and then flap back and forth). I''ve confirmed via debugging output to syslog that the external node classifier script *is* getting the correct FQDN and sending the correct list of classes and parameters. I''ve confirmed via notice() statements that the master is doing things right and is entering all of the correct classes, and entering the correct branches of the conditionals. Any other tips from you guys? Is there any strong way to debug the templates, like do a state dump of defined classes and facts to an error log every time the template generates? Thanks, Jason Peter wrote:> I tried using the same check in a template of mine and I got it to > work > I found that the closures for the if and end statements are %> and not > -%> > > so your statement would look like this. > > <% if scope.compiler.classlist.include?("edu_rutgers_css_resnet") then > %> > # PUPPET: set due to presence of class ''edu_rutgers_css_resnet'' > ServerAdmin f...@bar.com > # END PUPPET > <% else %> > # PUPPET: default value > ServerAdmin root@localhost > # END PUPPET > <% end %> > > give that a try. > > On Jul 28, 11:37 pm, Jason Antman <ja...@jasonantman.com> wrote: > >> I was just about to move my first Puppet-built box into production, and >> I''m getting a terribly troublesome error. I''m using an external node >> classifier and am not using storedconfigs. >> >> We have a more-or-less generic httpd config for all of our boxen - >> except this one. I''m generating httpd.conf from a template, so in the >> template I have something like: >> >> <% if scope.compiler.classlist.include?("edu_rutgers_css_resnet") then -%> >> # PUPPET: set due to presence of class ''edu_rutgers_css_resnet'' >> ServerAdmin f...@bar.com >> # END PUPPET >> <% else %> >> # PUPPET: default value >> ServerAdmin root@localhost >> # END PUPPET >> <% end -%> >> >> I also generate /etc/sysconfig/iptables from a template, which includes: >> >> <% if scope.compiler.classlist.include?("httpd") then -%> >> # accept port 80, added by Puppet template with "httpd" class >> -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j >> ACCEPT >> <% else -%> >> # puppet doesn''t see the class ''httpd'' defined, NOT opening port 80... >> <% end -%> >> >> It seems that Puppet is "missing" the httpd class. When Puppet runs >> every half hour, flaps between the if and else values for these two >> statements, causing it to replace the config files and restart the >> associated services. I originally thought that this was happening at >> exactly each cycle, but it seems somewhat intermittent: >> >> Jul 28 02:19:56 resnet2 puppetd[24046]: >> (//iptables/File[/etc/sysconfig/iptables]/content) content changed >> ''{md5}654732a5f76e975e1fef1907ce6c5b46'' to >> ''{md5}fffc88c34693d4ee67a22c4190d1e608'' >> Jul 28 02:19:57 resnet2 puppetd[24046]: (//iptables/Service[iptables]) >> Triggering ''refresh'' from 2 dependencies >> Jul 28 04:20:20 resnet2 puppetd[24046]: >> (//iptables/File[/etc/sysconfig/iptables]/content) content changed >> ''{md5}fffc88c34693d4ee67a22c4190d1e608'' to >> ''{md5}654732a5f76e975e1fef1907ce6c5b46'' >> Jul 28 04:20:20 resnet2 puppetd[24046]: (//iptables/Service[iptables]) >> Triggering ''refresh'' from 2 dependencies >> Jul 28 06:50:44 resnet2 puppetd[24046]: >> (//iptables/File[/etc/sysconfig/iptables]/content) content changed >> ''{md5}654732a5f76e975e1fef1907ce6c5b46'' to >> ''{md5}fffc88c34693d4ee67a22c4190d1e608'' >> Jul 28 06:50:44 resnet2 puppetd[24046]: (//iptables/Service[iptables]) >> Triggering ''refresh'' from 2 dependencies >> Jul 28 07:50:56 resnet2 puppetd[24046]: >> (//iptables/File[/etc/sysconfig/iptables]/content) content changed >> ''{md5}fffc88c34693d4ee67a22c4190d1e608'' to >> ''{md5}654732a5f76e975e1fef1907ce6c5b46'' >> Jul 28 07:50:56 resnet2 puppetd[24046]: (//iptables/Service[iptables]) >> Triggering ''refresh'' from 2 dependencies >> >> Jul 28 04:20:18 resnet2 puppetd[24046]: >> (//httpd/File[/etc/httpd/conf/httpd.conf]/content) content changed >> ''{md5}e20ffe121bc385871c43c1c8d4c83376'' to >> ''{md5}d42e551de04a44d8e9121de93795ad33'' >> Jul 28 04:20:19 resnet2 puppetd[24046]: (//httpd/Service[httpd]) >> Triggering ''refresh'' from 1 dependencies >> Jul 28 06:20:39 resnet2 puppetd[24046]: >> (//httpd/File[/etc/httpd/conf/httpd.conf]/content) content changed >> ''{md5}d42e551de04a44d8e9121de93795ad33'' to >> ''{md5}e20ffe121bc385871c43c1c8d4c83376'' >> Jul 28 06:20:40 resnet2 puppetd[24046]: (//httpd/Service[httpd]) >> Triggering ''refresh'' from 1 dependencies >> Jul 28 06:50:45 resnet2 puppetd[24046]: >> (//httpd/File[/etc/httpd/conf/httpd.conf]/content) content changed >> ''{md5}e20ffe121bc385871c43c1c8d4c83376'' to >> ''{md5}d42e551de04a44d8e9121de93795ad33'' >> Jul 28 06:50:46 resnet2 puppetd[24046]: (//httpd/Service[httpd]) >> Triggering ''refresh'' from 1 dependencies >> Jul 28 07:50:58 resnet2 puppetd[24046]: >> (//httpd/File[/etc/httpd/conf/httpd.conf]/content) content changed >> ''{md5}d42e551de04a44d8e9121de93795ad33'' to >> ''{md5}e20ffe121bc385871c43c1c8d4c83376'' >> Jul 28 07:50:58 resnet2 puppetd[24046]: (//httpd/Service[httpd]) >> Triggering ''refresh'' from 1 dependencies >> >> Any ideas on why this is happening? I''ve been running Puppet on a >> non-critical network for a month now, with storedconfigs, and no major >> problems. It seemed time to move it over to the production boxes (as the >> new ones are built) but this seems like a serious issue... >> >> Thanks for any advice, >> Jason >> > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---