similar to: machine network interfaces, dhcpd.conf, and zone files

Hi, [First, a quick introduction... I''m one of the sysadmins at Koumbit.org, and we''re evaluating puppet for managing our modest server farm. I''ve already started writing recipes and manifests and intend to share those with this community. Part of my time worked on this will be directly paid by Koumbit.] So we''ve got a few half-finished puppet modules here:

As everyone probably realizes, I''m getting swamped with incoming problems and tickets and I still need help triaging the tickets. James Turnbull has volunteered to help some, but I think we need more than one person. We''ve had a few people step in once or twice, but I''d like to be able to depend on Unreviewed tickets getting handled by someone else, rather

Hi all, I''m a new puppet user and I''m running into some weirdness around creating users on solaris. (puppet version 0.23.2) The virt_all_users way of managing users seems pretty reasonable, but I don''t see how to deal with user specific groups with that. I have: class virt_all_users { @user { "seph": ensure => "present",

Hi there, I''m facing a problem that I think it''s common enough to be solved directly by puppet or at least have a best practice recommended: building a config file from snippets. I''m thinking for example about a dns zone and hosts inside that zone, ldap server and ldap databases, samba server and samba shares, a firewall config and firewall rules,... The first part of

I''m installing puppet modules from scratch on a new machine, using the code at https://hg.koumbit.net/module-puppet/ btw. The bootstrap script grabs a few base modules (to do dvcs checkouts) from http://reductivelabs.com/trac/puppet/wiki/CommonModules , uses the new modules to get the rest. However, the modules as checked out don''t bootstrap cleanly. The fix is simple, just

Hi all Luke and I have been discussing the wiki and how its future development might pan out. As a result I thought I''d canvas people for feedback. Currently the wiki''s layout and structure is fairly ad hoc and it''s a mix of wiki mark-up and REStructured Text (RST). We''d like to make it more "manual" like or at least move a significant portion of

Greetings Debian Xen team, I spent a weekend getting 3.0.2-testing building and thought i'd share the love. Manoj and I are already working to update make-kpkg for the new Xen architecture. My repo is at: http://debian.thoughtcrime.co.nz/debian/ I have posted a Breezy-centric howto for this build at: http://debian.thoughtcrime.co.nz/debian/README.txt Hope you enjoy it, and hope we can

Hi all, I want to use puppet to distribute keys to multiple users. I wanted to do something like we have already: - define a key per real person - define groups containing several keys, people can be in multiple groups - deploy these groups of keys to specific users however it looks like the ssh_authorized_key resource ties a key and a user together so it looks like I fall at the first

Hi, Thanks to some pointers from Christian Kratzer, I am now able to join the office VPN from a random WiFi hotspot. With the configuration files changes detailed below, from a public WiFi hotspot I can now use this 3 step procedure to login to the office VPN. 1) While at hotspot, boot up my -STABLE laptop. 2) Insert wireless card. 3) "rsh server" This procedure works for a DHCP

I''m trying to use ssh_authorized_key to manage my user''s ssh keys. I basically have this (across a couple of files): class user::virtual { @user { "seph": ensure => "present", uid => "2001", comment => "seph", home => "/home/seph", shell =>

If I use the ''file'' type to sync a file where the parent directory doesn''t exist the sync fails. According to the puppet docs "Puppet will autorequire any parent directories that are being managed". Am i missing something? Example: file { "/tmp/dhcp/dhcpd.include": source => "/tmp/dhcpd.include", } In

I''ve been using camptocamp''s iptables module. It works pretty well, lets me define rules in various modules, etc. Now I find myself needing to generate a commented list of it''s rules. I notice that the README has a nice exec suggestion. But, when I try it, I can''t get it to work. In my iptables/manifests/init.pp I have: Iptables { before =>

Hi, this might be a dumb question, but I''m not finding much information online. I''m trying to setup a 2.6 linux box to run nat across multiple upstream links as a simple way to aggregate bandwidth. I found the instructions in lartc section 4.2 (http://lartc.org/howto/lartc.rpdb.multiple-links.html) fairly clear and straightforward. I implemented those, and a couple of trivial

I''m about to leave town for three weeks and my home server keeps rebooting. It''s my mail server, unfortunately, so there''s a good chance you won''t get this. :/ Anyway, I''ve been meaning to do this for ages and ages, and it''s time to finally do so. I need to move all of the Puppet lists to a public, non-me provider, someone who has

I have a pretty simple setup. I''ve got a linux nat box, with some internal hosts. I''ve also got some servers in a dmz. It looks something like this: Internet | (external network) | | | | linux dmz nat hosts |

Are exec resources triggered by notify events supposed to be run once for every event received or only run once per run irregardless of the number of resources that notified it? It seems to me that it gets run twice no matter how many resources triggered it. consider the following class: class dhcp { $prefix = "/usr/local/etc/dhcpd" $dhcpd_conf = "$prefix/dhcpd.conf"

Inspired by the recent thread titled "Array input of dirs, ensuring their existence" I thought I''d write up the problem I''m running into. I was chatting on irc about it, I don''t think puppet has a clean solution. Like the other poster, I''m defining an object that takes an array. In my case, I''m defining gpg keystore, which can contain a

I''m trying to setup a puppetmaster, and I''ve got a couple of questions. The first, is a design question. Since I expect to eventually have multiple puppetmaster servers, I''d like to name this one to be named puppet1.example.com. But I''d like my clients to connect via a cname as puppet.example.com. Is this pretty standard? Is there some more common way?

Scenario: FreeBSD box running IPFW acting as a gateway to private network. The private network is made up of entirely routeable IP addresses. External users running Win2k and XP on DSL connections with dynamic IPs. Goal: To have the FreeBSD gateway securely authenticate and encrypt the traffic between the outside users and the internal network. I've spent the last 3 days running up and

I''m trying to change the password complexity requirements in pam.d/system-auth using augeas. I can append the values (lcredit=-1, ucredit=-1, etc) onto the correct place, but if another value is already present (i.e. lcredit=-2), the onlyif match statement doesn''t seem to support checking regular expressions inside of strings. How do I check that any numeric value exists in the