Josh
2012-May-09 01:55 UTC
[Puppet Users] Lots of problems with Puppet 2.7 and Passenger on FreeBSD
Hello,
I continually get error messages about denied requests and can''t figure
out
why...starting to get really frustrated. AFAICT, the SSL stuff doesn''t
actually work, which makes me think I have something configured
incorrectly. This is my first attempt with Passenger. I''ve previously
used
Puppet (0.24) with Mongrel and that worked well, I figured I would see how
Passenger worked. Seems a lot harder to get going so far.
I can see a signing request, I sign it, seems to work, but the agent never
attempts again. If I manually restart the agent I start getting 403s. If I
wipe out the SSL files and restart, the same thing happens: start agent,
get request, sign, restart agent, 403, rinse and repeat. It worked as
[user] but when I changed it to [agent], everything broke, even with the
same certificates. These are the errors I see:
May 8 21:36:06 puppet puppet-master[11776]: Denying access: Forbidden
request: backup1(192.168.3.9) access to /catalog/backup1.int.domain.com
[find] at line 98
May 8 21:36:06 puppet puppet-master[11776]: Forbidden request:
backup1(192.168.3.9) access to /catalog/backup1.int.domain.com [find] at
line 98
I also had plugin errors and report errors but I turned those options off.
I created the master cert with dns_alt_name=puppet, and I see the extension
in the cert ONLY for the master''s FQDN cert file, the CA cert file
doesn''t
have an alt name (ssl/certs/ca.pem). Neither does ssl/ca/ca_crt.pem. Is
this correct? Does the client also need an alt name in its cert?
This, believe it or not, is the default puppet.conf I got on FreeBSD (with
comments/whitespace removed, [user] changed to [agent], and my domain
replaced):
[agent]
tagmap = /usr/local/etc/puppet/tagmail.conf
lastrunreport = /var/puppet/state/last_run_report.yaml
server = puppet.int.domain.com
clientyamldir = /var/puppet/client_yaml
clientbucketdir = /var/puppet/clientbucket
puppetdlog = /var/puppet/log/puppetd.log
report_server = puppet
runinterval = 10
inventory_port = 8140
classfile = /var/puppet/state/classes.txt
ca_port = 8140
puppetdlockfile = /var/puppet/state/puppetdlock
report = false
localconfig = /var/puppet/state/localconfig
splaylimit = 1800
client_datadir = /var/puppet/client_data
report_port = 8140
lastrunfile = /var/puppet/state/last_run_summary.yaml
graphdir = /var/puppet/state/graphs
statefile = /var/puppet/state/state.yaml
resourcefile = /var/puppet/state/resources.txt
reportserver = puppet
inventory_server = puppet
ca_name = Puppet CA: jail-5.isc.freebsd.org
cakey = /var/puppet/ssl/ca/ca_key.pem
caprivatedir = /var/puppet/ssl/ca/private
capass = /var/puppet/ssl/ca/private/ca.pass
cert_inventory = /var/puppet/ssl/ca/inventory.txt
cadir = /var/puppet/ssl/ca
capub = /var/puppet/ssl/ca/ca_pub.pem
csrdir = /var/puppet/ssl/ca/requests
serial = /var/puppet/ssl/ca/serial
cacert = /var/puppet/ssl/ca/ca_crt.pem
cacrl = /var/puppet/ssl/ca/ca_crl.pem
signeddir = /var/puppet/ssl/ca/signed
autosign = /usr/local/etc/puppet/autosign.conf
masterlog = /var/puppet/log/puppetmaster.log
modulepath = /usr/local/etc/puppet/modules:/usr/share/puppet/modules
ssl_client_header = SSL_CLIENT_S_DN
server_datadir = /var/puppet/server_data
masterhttplog = /var/puppet/log/masterhttp.log
bucketdir = /var/puppet/bucket
ssl_client_verify_header = SSL_CLIENT_VERIFY
fileserverconfig = /usr/local/etc/puppet/fileserver.conf
manifestdir = /usr/local/etc/puppet/manifests
manifest = /usr/local/etc/puppet/manifests/site.pp
rest_authconfig = /usr/local/etc/puppet/auth.conf
yamldir = /var/puppet/yaml
reportdir = /var/puppet/reports
inventory_terminus = facter
plugindest = /var/puppet/lib
privatekeydir = /var/puppet/ssl/private_keys
hostcsr = /var/puppet/ssl/csr_jail-5.isc.freebsd.org.pem
factsource = puppet://puppet/facts/
hostpubkey = /var/puppet/ssl/public_keys/jail-5.isc.freebsd.org.pem
authconfig = /usr/local/etc/puppet/namespaceauth.conf
logdir = /var/puppet/log
httplog = /var/puppet/log/http.log
publickeydir = /var/puppet/ssl/public_keys
pluginsource = puppet://puppet/plugins
privatedir = /var/puppet/ssl/private
factpath = /var/puppet/lib/facter:/var/puppet/facts
hostcert = /var/puppet/ssl/certs/jail-5.isc.freebsd.org.pem
localcacert = /var/puppet/ssl/certs/ca.pem
certdir = /var/puppet/ssl/certs
libdir = /var/puppet/lib
requestdir = /var/puppet/ssl/certificate_requests
pluginsync = false
route_file = /usr/local/etc/puppet/routes.yaml
passfile = /var/puppet/ssl/private/password
hostprivkey = /var/puppet/ssl/private_keys/jail-5.isc.freebsd.org.pem
statedir = /var/puppet/state
hostcrl = /var/puppet/ssl/crl.pem
bindaddress = 0.0.0.0
config = /usr/local/etc/puppet/puppet.conf
pidfile = /var/run/puppet/agent.pid
rrdinterval = 1800
rrddir = /var/puppet/rrd
dblocation = /var/puppet/state/clientconfigs.sqlite3
railslog = /var/puppet/log/rails.log
deviceconfig = /usr/local/etc/puppet/device.conf
devicedir = /var/puppet/devices
templatedir = /var/puppet/templates
archive_file_server = puppet
There is no auth.conf on the client.
This is the puppet.conf on the master, also default and sanitized. There is
not and never was a [master] section:
[agent]
tagmap = /usr/local/etc/puppet/tagmail.conf
ca_server = puppet
lastrunreport = /var/puppet/state/last_run_report.yaml
clientyamldir = /var/puppet/client_yaml
clientbucketdir = /var/puppet/clientbucket
puppetdlog = /var/puppet/log/puppetd.log
report_server = puppet
inventory_port = 8140
classfile = /var/puppet/state/classes.txt
ca_port = 8140
puppetdlockfile = /var/puppet/state/puppetdlock
localconfig = /var/puppet/state/localconfig
splaylimit = 1800
client_datadir = /var/puppet/client_data
report_port = 8140
lastrunfile = /var/puppet/state/last_run_summary.yaml
graphdir = /var/puppet/state/graphs
statefile = /var/puppet/state/state.yaml
resourcefile = /var/puppet/state/resources.txt
reportserver = puppet
node_name_value = jail-5.isc.freebsd.org
inventory_server = puppet
ca_name = Puppet CA: jail-5.isc.freebsd.org
cakey = /var/puppet/ssl/ca/ca_key.pem
caprivatedir = /var/puppet/ssl/ca/private
capass = /var/puppet/ssl/ca/private/ca.pass
cert_inventory = /var/puppet/ssl/ca/inventory.txt
cadir = /var/puppet/ssl/ca
capub = /var/puppet/ssl/ca/ca_pub.pem
csrdir = /var/puppet/ssl/ca/requests
serial = /var/puppet/ssl/ca/serial
cacert = /var/puppet/ssl/ca/ca_crt.pem
cacrl = /var/puppet/ssl/ca/ca_crl.pem
signeddir = /var/puppet/ssl/ca/signed
autosign = /usr/local/etc/puppet/autosign.conf
masterlog = /var/puppet/log/puppetmaster.log
modulepath = /usr/local/etc/puppet/modules:/usr/share/puppet/modules
ssl_client_header = SSL_CLIENT_S_DN
server_datadir = /var/puppet/server_data
masterhttplog = /var/puppet/log/masterhttp.log
bucketdir = /var/puppet/bucket
ssl_client_verify_header = SSL_CLIENT_VERIFY
fileserverconfig = /usr/local/etc/puppet/fileserver.conf
manifestdir = /usr/local/etc/puppet/manifests
manifest = /usr/local/etc/puppet/manifests/site.pp
rest_authconfig = /usr/local/etc/puppet/auth.conf
yamldir = /var/puppet/yaml
reportdir = /var/puppet/reports
inventory_terminus = facter
plugindest = /var/puppet/lib
privatekeydir = /var/puppet/ssl/private_keys
hostcsr = /var/puppet/ssl/csr_jail-5.isc.freebsd.org.pem
factsource = puppet://puppet/facts/
hostpubkey = /var/puppet/ssl/public_keys/jail-5.isc.freebsd.org.pem
authconfig = /usr/local/etc/puppet/namespaceauth.conf
dns_alt_names = puppet
logdir = /var/puppet/log
httplog = /var/puppet/log/http.log
publickeydir = /var/puppet/ssl/public_keys
pluginsource = puppet://puppet/plugins
privatedir = /var/puppet/ssl/private
factpath = /var/puppet/lib/facter:/var/puppet/facts
hostcert = /var/puppet/ssl/certs/jail-5.isc.freebsd.org.pem
localcacert = /var/puppet/ssl/certs/ca.pem
certdir = /var/puppet/ssl/certs
libdir = /var/puppet/lib
requestdir = /var/puppet/ssl/certificate_requests
pluginsync = false
route_file = /usr/local/etc/puppet/routes.yaml
passfile = /var/puppet/ssl/private/password
hostprivkey = /var/puppet/ssl/private_keys/jail-5.isc.freebsd.org.pem
statedir = /var/puppet/state
hostcrl = /var/puppet/ssl/crl.pem
bindaddress = 0.0.0.0
config = /usr/local/etc/puppet/puppet.conf
pidfile = /var/run/puppet/apply.pid
rrdinterval = 1800
rrddir = /var/puppet/rrd
dblocation = /var/puppet/state/clientconfigs.sqlite3
railslog = /var/puppet/log/rails.log
deviceconfig = /usr/local/etc/puppet/device.conf
devicedir = /var/puppet/devices
templatedir = /var/puppet/templates
archive_file_server = puppet
This is my auth.conf on the master, copied from -dist (there was none
initially):
path ~ ^/catalog/([^/]+)$
method find
allow $1
path ~ ^/node/([^/]+)$
method find
allow $1
path /certificate_revocation_list/ca
method find
allow *
path /report
method save
allow *
path /file
allow *
path /certificate/ca
auth no
method find
allow *
path /certificate/
auth no
method find
allow *
path /certificate_request
auth no
method find, save
allow *
path /
auth any
This is my Apache config on the master:
PassengerHighPerformance on
PassengerMaxPoolSize 12
PassengerPoolIdleTime 1500
PassengerStatThrottleRate 120
RackAutoDetect Off
RailsAutoDetect Off
Listen 8140
<VirtualHost *:8140>
SSLEngine on
SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA
SSLCertificateFile /var/puppet/ssl/certs/puppet.int.domain.com.pem
SSLCertificateKeyFile
/var/puppet/ssl/private_keys/puppet.int.domain.com.pem
SSLCertificateChainFile /var/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile /var/puppet/ssl/ca/ca_crt.pem
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
DocumentRoot /usr/local/etc/puppet/rack/public/
RackBaseURI /
<Directory /local/etc/puppet/rack/>
Options None
AllowOverride None
Order allow,deny
allow from all
</Directory>
</VirtualHost>
Does anything stand out?
THanks,
Josh
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/LQZ6QHiiiT8J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Jo Rhett
2012-May-30 22:20 UTC
Re: [Puppet Users] Lots of problems with Puppet 2.7 and Passenger on FreeBSD
Authorization is handled by auth.conf, you should look at this file. The default syntax which handles this is something like so: # allow nodes to retrieve their own catalog (ie their configuration) path ~ ^/catalog/([^/]+)$ method find allow $1 On May 8, 2012, at 6:55 PM, Josh wrote:> I continually get error messages about denied requests and can''t figure out why...starting to get really frustrated. AFAICT, the SSL stuff doesn''t actually work, which makes me think I have something configured incorrectly. This is my first attempt with Passenger. I''ve previously used Puppet (0.24) with Mongrel and that worked well, I figured I would see how Passenger worked. Seems a lot harder to get going so far. > > I can see a signing request, I sign it, seems to work, but the agent never attempts again. If I manually restart the agent I start getting 403s. If I wipe out the SSL files and restart, the same thing happens: start agent, get request, sign, restart agent, 403, rinse and repeat. It worked as [user] but when I changed it to [agent], everything broke, even with the same certificates. These are the errors I see: > > May 8 21:36:06 puppet puppet-master[11776]: Denying access: Forbidden request: backup1(192.168.3.9) access to /catalog/backup1.int.domain.com [find] at line 98 > May 8 21:36:06 puppet puppet-master[11776]: Forbidden request: backup1(192.168.3.9) access to /catalog/backup1.int.domain.com [find] at line 98 > > I also had plugin errors and report errors but I turned those options off. I created the master cert with dns_alt_name=puppet, and I see the extension in the cert ONLY for the master''s FQDN cert file, the CA cert file doesn''t have an alt name (ssl/certs/ca.pem). Neither does ssl/ca/ca_crt.pem. Is this correct? Does the client also need an alt name in its cert? > > This, believe it or not, is the default puppet.conf I got on FreeBSD (with comments/whitespace removed, [user] changed to [agent], and my domain replaced): > > [agent] > tagmap = /usr/local/etc/puppet/tagmail.conf > lastrunreport = /var/puppet/state/last_run_report.yaml > server = puppet.int.domain.com > clientyamldir = /var/puppet/client_yaml > clientbucketdir = /var/puppet/clientbucket > puppetdlog = /var/puppet/log/puppetd.log > report_server = puppet > runinterval = 10 > inventory_port = 8140 > classfile = /var/puppet/state/classes.txt > ca_port = 8140 > puppetdlockfile = /var/puppet/state/puppetdlock > report = false > localconfig = /var/puppet/state/localconfig > splaylimit = 1800 > client_datadir = /var/puppet/client_data > report_port = 8140 > lastrunfile = /var/puppet/state/last_run_summary.yaml > graphdir = /var/puppet/state/graphs > statefile = /var/puppet/state/state.yaml > resourcefile = /var/puppet/state/resources.txt > reportserver = puppet > inventory_server = puppet > ca_name = Puppet CA: jail-5.isc.freebsd.org > cakey = /var/puppet/ssl/ca/ca_key.pem > caprivatedir = /var/puppet/ssl/ca/private > capass = /var/puppet/ssl/ca/private/ca.pass > cert_inventory = /var/puppet/ssl/ca/inventory.txt > cadir = /var/puppet/ssl/ca > capub = /var/puppet/ssl/ca/ca_pub.pem > csrdir = /var/puppet/ssl/ca/requests > serial = /var/puppet/ssl/ca/serial > cacert = /var/puppet/ssl/ca/ca_crt.pem > cacrl = /var/puppet/ssl/ca/ca_crl.pem > signeddir = /var/puppet/ssl/ca/signed > autosign = /usr/local/etc/puppet/autosign.conf > masterlog = /var/puppet/log/puppetmaster.log > modulepath = /usr/local/etc/puppet/modules:/usr/share/puppet/modules > ssl_client_header = SSL_CLIENT_S_DN > server_datadir = /var/puppet/server_data > masterhttplog = /var/puppet/log/masterhttp.log > bucketdir = /var/puppet/bucket > ssl_client_verify_header = SSL_CLIENT_VERIFY > fileserverconfig = /usr/local/etc/puppet/fileserver.conf > manifestdir = /usr/local/etc/puppet/manifests > manifest = /usr/local/etc/puppet/manifests/site.pp > rest_authconfig = /usr/local/etc/puppet/auth.conf > yamldir = /var/puppet/yaml > reportdir = /var/puppet/reports > inventory_terminus = facter > plugindest = /var/puppet/lib > privatekeydir = /var/puppet/ssl/private_keys > hostcsr = /var/puppet/ssl/csr_jail-5.isc.freebsd.org.pem > factsource = puppet://puppet/facts/ > hostpubkey = /var/puppet/ssl/public_keys/jail-5.isc.freebsd.org.pem > authconfig = /usr/local/etc/puppet/namespaceauth.conf > logdir = /var/puppet/log > httplog = /var/puppet/log/http.log > publickeydir = /var/puppet/ssl/public_keys > pluginsource = puppet://puppet/plugins > privatedir = /var/puppet/ssl/private > factpath = /var/puppet/lib/facter:/var/puppet/facts > hostcert = /var/puppet/ssl/certs/jail-5.isc.freebsd.org.pem > localcacert = /var/puppet/ssl/certs/ca.pem > certdir = /var/puppet/ssl/certs > libdir = /var/puppet/lib > requestdir = /var/puppet/ssl/certificate_requests > pluginsync = false > route_file = /usr/local/etc/puppet/routes.yaml > passfile = /var/puppet/ssl/private/password > hostprivkey = /var/puppet/ssl/private_keys/jail-5.isc.freebsd.org.pem > statedir = /var/puppet/state > hostcrl = /var/puppet/ssl/crl.pem > bindaddress = 0.0.0.0 > config = /usr/local/etc/puppet/puppet.conf > pidfile = /var/run/puppet/agent.pid > rrdinterval = 1800 > rrddir = /var/puppet/rrd > dblocation = /var/puppet/state/clientconfigs.sqlite3 > railslog = /var/puppet/log/rails.log > deviceconfig = /usr/local/etc/puppet/device.conf > devicedir = /var/puppet/devices > templatedir = /var/puppet/templates > archive_file_server = puppet > > There is no auth.conf on the client. > > This is the puppet.conf on the master, also default and sanitized. There is not and never was a [master] section: > > [agent] > tagmap = /usr/local/etc/puppet/tagmail.conf > ca_server = puppet > lastrunreport = /var/puppet/state/last_run_report.yaml > clientyamldir = /var/puppet/client_yaml > clientbucketdir = /var/puppet/clientbucket > puppetdlog = /var/puppet/log/puppetd.log > report_server = puppet > inventory_port = 8140 > classfile = /var/puppet/state/classes.txt > ca_port = 8140 > puppetdlockfile = /var/puppet/state/puppetdlock > localconfig = /var/puppet/state/localconfig > splaylimit = 1800 > client_datadir = /var/puppet/client_data > report_port = 8140 > lastrunfile = /var/puppet/state/last_run_summary.yaml > graphdir = /var/puppet/state/graphs > statefile = /var/puppet/state/state.yaml > resourcefile = /var/puppet/state/resources.txt > reportserver = puppet > node_name_value = jail-5.isc.freebsd.org > inventory_server = puppet > ca_name = Puppet CA: jail-5.isc.freebsd.org > cakey = /var/puppet/ssl/ca/ca_key.pem > caprivatedir = /var/puppet/ssl/ca/private > capass = /var/puppet/ssl/ca/private/ca.pass > cert_inventory = /var/puppet/ssl/ca/inventory.txt > cadir = /var/puppet/ssl/ca > capub = /var/puppet/ssl/ca/ca_pub.pem > csrdir = /var/puppet/ssl/ca/requests > serial = /var/puppet/ssl/ca/serial > cacert = /var/puppet/ssl/ca/ca_crt.pem > cacrl = /var/puppet/ssl/ca/ca_crl.pem > signeddir = /var/puppet/ssl/ca/signed > autosign = /usr/local/etc/puppet/autosign.conf > masterlog = /var/puppet/log/puppetmaster.log > modulepath = /usr/local/etc/puppet/modules:/usr/share/puppet/modules > ssl_client_header = SSL_CLIENT_S_DN > server_datadir = /var/puppet/server_data > masterhttplog = /var/puppet/log/masterhttp.log > bucketdir = /var/puppet/bucket > ssl_client_verify_header = SSL_CLIENT_VERIFY > fileserverconfig = /usr/local/etc/puppet/fileserver.conf > manifestdir = /usr/local/etc/puppet/manifests > manifest = /usr/local/etc/puppet/manifests/site.pp > rest_authconfig = /usr/local/etc/puppet/auth.conf > yamldir = /var/puppet/yaml > reportdir = /var/puppet/reports > inventory_terminus = facter > plugindest = /var/puppet/lib > privatekeydir = /var/puppet/ssl/private_keys > hostcsr = /var/puppet/ssl/csr_jail-5.isc.freebsd.org.pem > factsource = puppet://puppet/facts/ > hostpubkey = /var/puppet/ssl/public_keys/jail-5.isc.freebsd.org.pem > authconfig = /usr/local/etc/puppet/namespaceauth.conf > dns_alt_names = puppet > logdir = /var/puppet/log > httplog = /var/puppet/log/http.log > publickeydir = /var/puppet/ssl/public_keys > pluginsource = puppet://puppet/plugins > privatedir = /var/puppet/ssl/private > factpath = /var/puppet/lib/facter:/var/puppet/facts > hostcert = /var/puppet/ssl/certs/jail-5.isc.freebsd.org.pem > localcacert = /var/puppet/ssl/certs/ca.pem > certdir = /var/puppet/ssl/certs > libdir = /var/puppet/lib > requestdir = /var/puppet/ssl/certificate_requests > pluginsync = false > route_file = /usr/local/etc/puppet/routes.yaml > passfile = /var/puppet/ssl/private/password > hostprivkey = /var/puppet/ssl/private_keys/jail-5.isc.freebsd.org.pem > statedir = /var/puppet/state > hostcrl = /var/puppet/ssl/crl.pem > bindaddress = 0.0.0.0 > config = /usr/local/etc/puppet/puppet.conf > pidfile = /var/run/puppet/apply.pid > rrdinterval = 1800 > rrddir = /var/puppet/rrd > dblocation = /var/puppet/state/clientconfigs.sqlite3 > railslog = /var/puppet/log/rails.log > deviceconfig = /usr/local/etc/puppet/device.conf > devicedir = /var/puppet/devices > templatedir = /var/puppet/templates > archive_file_server = puppet > > This is my auth.conf on the master, copied from -dist (there was none initially): > > path ~ ^/catalog/([^/]+)$ > method find > allow $1 > path ~ ^/node/([^/]+)$ > method find > allow $1 > path /certificate_revocation_list/ca > method find > allow * > path /report > method save > allow * > path /file > allow * > path /certificate/ca > auth no > method find > allow * > path /certificate/ > auth no > method find > allow * > path /certificate_request > auth no > method find, save > allow * > path / > auth any > > This is my Apache config on the master: > > PassengerHighPerformance on > PassengerMaxPoolSize 12 > PassengerPoolIdleTime 1500 > PassengerStatThrottleRate 120 > RackAutoDetect Off > RailsAutoDetect Off > Listen 8140 > <VirtualHost *:8140> > SSLEngine on > SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA > SSLCertificateFile /var/puppet/ssl/certs/puppet.int.domain.com.pem > SSLCertificateKeyFile /var/puppet/ssl/private_keys/puppet.int.domain.com.pem > SSLCertificateChainFile /var/puppet/ssl/ca/ca_crt.pem > SSLCACertificateFile /var/puppet/ssl/ca/ca_crt.pem > SSLVerifyClient optional > SSLVerifyDepth 1 > SSLOptions +StdEnvVars > RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e > RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e > RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e > DocumentRoot /usr/local/etc/puppet/rack/public/ > RackBaseURI / > <Directory /local/etc/puppet/rack/> > Options None > AllowOverride None > Order allow,deny > allow from all > </Directory> > </VirtualHost> > > Does anything stand out? > > THanks, > Josh > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/LQZ6QHiiiT8J. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.-- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.