similar to: Restricting host access to files

Hello, I just attempted to remove both the ypbind and the yp-tools packages using the package parameter with yum. As it turns out, both of these packages depend on each other. Is there a way of forcing package removal and, if there is not, is there a way of making all packages to be removed be collapsed into the same yum command? Either of these solutions would solve the problem with the

Hello, I''ve recently begun looking at Puppet as an alternative to Cfengine and I have a couple of questions. 1) Besides the information posted on the Puppet website, are there any critical differences between Puppet and Cfengine? 2) Does Puppet allow for client-specific file text manipulation. For instance, in Cfengine I can add a line of text to a file if the line doesn''t

https://build-automation.108.redhat.com/ Just a thought that it might get some more press. Trevor

Has anyone done rollbacks with puppet? The story goes that last night I pushed a change out, which intentionally changed the way certain services where managed. The change involved pushing out a few files, cronjobs, etc., which was okay until it was discovered there was a bug with the service. My configurations are kept in subversion and rolling back to a previous configuration would have

Does anyone know if it''s possible to do the following: Given the directory structure: /foo/bar /foo/bar/<bunch of stuff> Is it possible to set /foo/bar to, say 555, and all stuff below to 440 or the directory equivalent? Thanks, Trevor

So I have been trying to run puppet once in my kickstart %post scripts but every time it detaches and daemonizes even though I have explicitly stated otherwise. Am I missing something? # rpm -q puppet puppet-0.24.8-1 # /usr/sbin/puppetd --onetime --no-daemonize --verbose --debug debug: Creating default schedules debug: Failed to load library ''shadow'' for feature

Would it be possible to... ( I suppose that this is an enhancement request )... automatically do the following on a client-side manifest failure: 1. Wipe localconfig.yaml and state.yaml and try again (seems to fix most things for me) 2. Revert to a last known good configuration if all else fails. Thanks, Trevor _______________________________________________ Puppet-users mailing list

Hello, I would like to know on what platforms Puppet runs. I cannot seem to find the information on Puppet''s web site. Bcfg2 has it on it''s front page :-) I know there are .debs and .rpms, but are, for instance, Solaris, FreeBSD and AIX supported? Thanks. -- Guillaume Pratte Recherche et développement Révolution Linux Toutes les opinions et les prises de position

Greetings! Are there any plans of using Kerberos for authentication in addition to (or in place of) SSL certificates in Puppet? Kerberos provides mutual, cryptographically strong authentication. A number of different services are Kerberos-enabled (SSH, NFSv4 and HTTP are common examples), and thus use the same authentication mechanism system-wide. At our site, almost all services and users are

I''m having a heck of a time with this. Basically I want to write a custom function that returns a value to the file content type. Ex: file { /blah: content => do_stuff(option) } I looked at the wiki posting but just haven''t been able to figure out how to make this work. The first error that I get when I try to actually use ''return'' is: "return

I''m not sure if this is the way things are supposed to happen but, when I specify a directory with recursion and md5 checksums, the directory itself is checksummed and assumed to have changed. Of course, if anything in the directory changed, the directory checksum will change. What I would like to do is to manipulate all of the files in a directory, but ignore the directory itself.

I''m having a bit of trouble understanding what to do with the ''type'' attribute of ''file''. I would like to perform different operations on directories vs. files under the same structure, can ''type'' be used for this? Are there any other examples of doing this kind of thing? Thanks, Trevor

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I''ve created a small patch, below, to take care of the case when you wish to use yum to ensure that the latest version of the package is installed but the yum server is down. This patch makes the assumption that, in the case of an yum query error, you want to assume that, if the application is installed, it is the latest. This allows you

Ok, given the statement on the web page about unlesssystemuser under Resources ( http://reductivelabs.com/projects/puppet/documentation/typedocs.html#resources), I assume that users can be purged. However, when I attempt to do this with resources { user: purge => true, noop => true } and what I get is: err: Found a bug: private method ''split'' called for nil:NilClass.

If I do something like the following: class blah { File { mode => 111 } file { "/cheese": } } Will the File override stay within the class or break outside? Also, if I then do: class moo inherits blah { File { owner => bob } file { "/bobsfile": } } What will happen? Thanks, Trevor _______________________________________________ Puppet-users mailing

Does anyone have a technique for performing an exec the first time puppetd runs but then reverting to refreshonly => true state for subsequent runs? The basic idea is: file { "/etc/foo": notify => Exec["bar"] } exec { "bar": command => "Do stuff to /etc/foo", refreshonly => true } Should I use a fact that is unset based on a

Hi, I''ve been using puppet for about a week and a half now, and it''s definitely making my life a lot easier. I''m using 0.24.1 and I''ve run into a small snag. I''m trying to write some code to make sure user home directories exist for users in LDAP. I''m trying to get their uid, gid and home directory from getent with something like: $uid =

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Attached is a patch which attempts to enforce ''proper'' permissions of all files controlled directly by the puppet processes. All owners and groups are explicitly set as are all permissions. The idea is that the Puppet process configuration files should be relatively tamper resistant and at least throw a warning that the

I''ve been tinkering around with managing users and am concerned with the overall administrative usability of the inheritance overrides. For instance, the user games: redhat_base: user { games: ensure => present } local_site inherits redhat_base: User[games] { ensure => absent } This is fine, but imagine a few levels of nesting later with an admin that wants to ensure that a

I just talked to Mike McGrath from Fedora Infrastructure, and he told me that they are seeing load spikes (not quite performance problems yet, but definitely a concern) in their setup. As an example, the graph [1] shows a typical client - the spikes from 16:00 to 8:00 are almost exclusively puppetd doing its thing. It seems that the most likely culprit is the fileserver - they serve 500-1500