I'm managing /etc/hosts in openstack projects using puppet in a masterless setup using exported resources as seen below, where I use tag = openstack_project_id where the ID is a unique id of an openstack project/tennant. But the problem is when I have hosts with the same name in two different projects I run into some kind of a race condition, where hosts start to disappear randomly from /etc/hosts, I'd think the tag would prevent this but I'm not too familiar with how stored configs work in PupptDB.
Any suggestions how I could fix this, since I do not have the luxury of ensuring unique hostnames
if $::openstack_project_id {
resources { 'host':
purge => true,
}
@@host { "${::openstack_project_id}-${::fqdn}":
name => $::fqdn,
ensure => present,
ip => $::ipaddress,
host_aliases => $::hostname,
tag => $::openstack_project_id,
}
Host <<| tag == $::openstack_project_id |>>
} else {
warning('openstack_project_id fact must be set')
}
↧
Exported resources where two hosts have the same name in masterless puppet
↧
Multiple hosts with same name in masterless puppet and exported resources
I'm managing /etc/hosts in openstack projects using puppet in a masterless setup using exported resources as seen below, where I use tag = openstack_project_id where the ID is a unique id of an openstack project/tennant. But the problem is when I have hosts with the same name in two different projects I run into some kind of a race condition, where hosts start to disappear randomly from /etc/hosts, I'd think the tag would prevent this but I'm not too familiar with how stored configs work in PupptDB.
Any suggestions how I could fix this, since I do not have the luxury of ensuring unique hostnames
if $::openstack_project_id {
resources { 'host':
purge => true,
}
@@host { "${::openstack_project_id}-${::fqdn}":
name => $::fqdn,
ensure => present,
ip => $::ipaddress,
host_aliases => $::hostname,
tag => $::openstack_project_id,
}
Host <<| tag == $::openstack_project_id |>>
} else {
warning('openstack_project_id fact must be set')
}
↧
↧
Does Puppet provide a validation/syntax checker for Hiera?
The tool `puppet parser validate` will [check the syntax of my Puppet manifests](http://docs.puppetlabs.com/references/latest/man/parser.html#ACTIONS):
[root@puppet3 ~]# puppet parser validate /etc/puppet/manifests/site.pp
Warning: The use of 'import' is deprecated at /etc/puppet/manifests/site.pp:18. See http://links.puppetlabs.com/puppet-import-deprecation
(at grammar.ra:610:in `_reduce_190')
Error: Could not parse for environment production: No file(s) found for import of 'nodes/*.pp' at /etc/puppet/manifests/site.pp:18
[root@puppet3 ~]#
And I can check my manifests against the Puppet Style Guide using `puppet-lint`:
[root@puppet3 ~]# puppet-lint /etc/puppet/modules/hosts/manifests/init.pp
WARNING: class not documented on line 1
[root@puppet3 ~]#
Is there a Puppet validation tool for Hiera or for my YAML files?
↧
Install apecific version of Apache, PHP and MySQL in with a Vagrant Puppet Provisioner?
On the Puppet Blog I found the following [post](https://puppet.com/blog/lamp-stacks-made-easy-vagrant-puppet) on creating a Puppet / Vagrant box; and I followed the directions with the exception of Step 2 where I decided to use the `ubuntu/trusty64`box instead.
My goal is to setup a LAMP development environment with the following versions of the programs in the LAMP Stack:
- MySQL: 5.2.38
- PHP: 5.6.16
- Apache: 2.2.31
...to match that of the host of the website.
Though I'd prefer to use the standard puppet labs modules ([apache](https://github.com/puppetlabs/puppetlabs-apache), [mysql](https://github.com/puppetlabs/puppetlabs-mysql)) for these, I decided to go with the versions in the [blog post](https://puppet.com/blog/lamp-stacks-made-easy-vagrant-puppet) since most of it is already setup and can just be cloned from [github](https://github.com/jrodriguezjr/puppet-lamp-stack) (though it does look a little old to me, 2013 was a while ago).
I thought this would be pretty easy to do; that I could just change the version numbers in the various manifest files from the github clone, for example in `puppet-lamp-stack/modules/apache/manifests/init.pp`, I changed `ensure => present` to `ensure => '2.2.31`:
class apache {
# install apache
package { "apache2":
ensure => '2.2.31'
require => Exec["apt-get update"]
}
...
and in `puppet-lamp-stack/modules/mysql/manifests/init.pp`, I changed `ensure => present` to `ensure => '5.2.38`:
class mysql {
# root mysql password
$mysqlpw = "d3v0p5"
# install mysql server
package { "mysql-server":
ensure => '5.2.38',
require => Exec["apt-get update"]
}
....
But then when I looked to do the same thing for php in `puppet-lamp-stack/modules/php/manifests/init.pp`, I noticed the format was completely different, and not specific to just php:
class php {
# package install list
$packages = [
"php5",
"php5-cli",
"php5-mysql",
"php-pear",
"php5-dev",
"php5-gd",
"php5-mcrypt",
"libapache2-mod-php5"
]
package { $packages:
ensure => present,
require => Exec["apt-get update"]
}
}
So how do I know that I would be getting the right version of these packages if I changed `ensure => present` to `ensure => 5.6.16`?
Or should I be setting this up in some other way? Also am I actually using the puppet-labs standard versions of these packages in the code I cloned?
↧
Need help with python msi install on windows
I'm trying to install python (via msi) onto a windows 2008R2 box. I'm using puppet 3.1 on the client, 3.0.2 on the puppet server. Here is my install.pp:
class python::install {
package { 'python':
ensure => installed,
provider => 'windows',
source => '\\\\example.com\\software\\python\\python-2.7.3.amd64.msi',
install_options => {
'INSTALLDIR' => 'C:\\python27' ,
'ALLUSERS' => '1',
}
}
}
When I run "puppet agent -t", I get "Failed on INT 24". I am a domain administrator
Thanks, any help GREATLY appreciated!
↧
↧
How should one handle »Duplicate declarations« between Forge modules?
I'm new to puppet and encountered the problem, that even in simple scenarios modules seem not work together.
For example, I want to use NIS and NFS and installed the popular modules from forge ericsson-nisclient und derdanne-nfs.
This leads to this error:
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Evaluation Error: Error while evaluating a Function Call, Duplicate declaration: Service[rpcbind] is already declared in file /etc/puppetlabs/code/environments/testing/modules/rpcbind/manifests/init.pp:83; cannot redeclare at /etc/puppetlabs/code/environments/testing/modules/nfs/manifests/client/service.pp:43:5 on node test.local
When using desalvo-nis instead of ericsson-nisclient, there is a conflict with ghoneycutt-nsswitch.
My question is: what is the approved way to avoid these conflicts? I want to use puppet forge modules, because I don't want to reinvent the wheel.
↧
How to interpret #downloads of a module on Forge?
Hi,
Forgive me if this is not the right question to ask here (I'm new to the Forge ecosystem).
For each module, the module page would show the total number of downloads of the module. To me, #downloads are usually a big indicator of popularity (even maturity). If two modules have distinct download times, I tend to first try the one with higher #downloads. Presumably, this is the purpose for Forge to show users the #downloads.
So I'm very curious about how does the Forge count #downloads for each published module? I would guess 1 download means the module is downloaded either from the website (downloading the tarball) or from the client (using puppet module install)? However, such counting cannot tell how many people use the module because it is clearly biased to whom with big clusters. I believe Forge has better way to count the downloads.
The question comes from my recently published module on Forge. It's for a very new and specific software project, and I just find it has got ~250 downloads which does not seem reasonable to me (though I'm happy with the number).
Thank you very much!
↧
Cute and innocent fifa 17 points
Wearing the flowers on wrist corsages serves as an accessory and adds to your beauty. If all the relatives wear it to the occasion it would appear coordinated and elegant. Also the floral jewellery can be used by the bride which makes her look
cute and innocent fifa 17 points account and at the same time elegant.Using flowers as centerpieces is a popular idea. These can be placed in the vase or placed in the gazebo or in the arcs. Flowers make the most beautiful centerpieces and give a soft natural
feel to the surroundings.The furniture becomes fifa 17 xbox one coins more pronounced when coverer with the floral designs and patterns. The chairs are decorated with silk or real flowers and ribbons are used to enhance the beauty. Flowers also make an excellent icing for wedding cake.
↧
no implicit conversion of String into Array at
I'm trying to use hiera to customize data instead of putting everything in one manifest.
For attachmentgenie/timezone module I want to setup the time zone. Thus instead of setting the timezone in in site.pp like this:
-----------site.pp-----------
class { 'timezone': }
zone => "America/Montreal"
---------------*-----------------
I removed (zone => "America/Montreal") and created the yaml file:
-------global.yaml---------
timezone::zone:
-- ["America/Montreal"]
--------------*-----------------
But it gives me this error:
**DEBUG ssh: stderr: Error: Evaluation Error: Error while evaluating a Function Call, Failed to parse inline template: no implicit conversion of String into Array at /tmp/vagrant-puppet/environments/production/modules/timezone/manifests/init.pp:9:16 on node server1.myworld.org**
The culprite line in the timezone's module's init.pp is : *file { '/etc/timezone': content => inline_template('<%= @zone + "\n" %>'), }*
String vs Array ... I'm not sure if I can set the type withing the yaml file?
↧
↧
hiera: Failed to parse inline template: no implicit conversion of String into Array
I'm trying to use hiera to customize data instead of putting everything in one manifest.
For attachmentgenie/timezone module I want to setup the time zone. Thus instead of setting the timezone in in site.pp like this:
-----------site.pp-----------
class { 'timezone': }
zone => "America/Montreal"
---------------*-----------------
I removed (zone => "America/Montreal") and created the yaml file:
-------global.yaml---------
timezone::zone:
-- ["America/Montreal"]
--------------*-----------------
But it gives me this error:
**DEBUG ssh: stderr: Error: Evaluation Error: Error while evaluating a Function Call, Failed to parse inline template: no implicit conversion of String into Array at /tmp/vagrant-puppet/environments/production/modules/timezone/manifests/init.pp:9:16 on node server1.myworld.org**
The culprite line in the timezone's module's init.pp is : *file { '/etc/timezone': content => inline_template('<%= @zone + "\n" %>'), }*
String vs Array ... I'm not sure if I can set the type withing the yaml file?
Thank you.
↧
Unable to connect to Puppet server using Windows agent
I have setup Puppet server ([Puppet Collection](https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm)) on CentOS Linux 7 (Core).
# /opt/puppetlabs/bin/puppetserver --version
puppetserver version: 2.7.2
I have installed Puppet agent on Win Server 2008 R2 Enterprise (64-bit).
C:\Users\Administrator>puppet --version
4.8.1
When i try connecting to the Puppet server, i get only the following output:
C:\Windows\system32>puppet agent --test
Exiting; no certificate found and waitforcert is disabled
On server, if i check for any pending cert signing request, i see nothing:
# puppet cert --list
I have verified that i am able to telnet to Puppet server on port 8140 from my Win agent box.
Also shown below is the Puppet service running as Local System user.
My Puppet server has the following entry in /etc/puppetlabs/puppet/puppet.conf
[master]
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /etc/puppetlabs/code
certname = puppet-server
[agent]
server = puppet-server
On Win agent, i have specified the Puppet server name in host file:
xx.yy.zz.zzz puppet-server
On Win agent, I have also mentioned the server name in C:\ProgramData\PuppetLabs\puppet\etc\puppet.conf file
[main]
server=puppet-server
autoflush=true
environment=production
Any pointers?
↧
How do I recursively set perms on files while leaving the permissions of subdirectories alone?
I'd like to remove group write and world write on all files in a directory tree while leaving permissions of subdirectories alone. Is there a way to do this in puppet?
Thanks.
↧
mco rpc shell start... using ruby 1.8.7?
Hi everyone,
I have over 1000 machines using ruby 1.8.7. I want to use the mcollective command
mco rpc shell start command=/usr/local/sbin/some.sh -I somehost
At first I was getting an error regarding securerandom.uuid. I was able to backport that code. Now I'm getting
undefined method 'spawn' for Process:Module
Can someone give me a hint as to how to solve this without upgrading ruby to 1.9.3? Thanks.
↧
↧
setting environment variable for package provider
Having issue installing an rpm for a CA product. The installer fails when install through puppet. Found the issue to be puppet not setting the HOME environment variable causing some CA tool to fail. I converted the install through exec and setting the environment this works.
Question is: How I can change the puppet environment for package resource. or any other resources.
↧
Error on agent after upgrading to current version
I upgraded my Puppet master to the most recent version today. In my dev environment the upgrade completed successfully and all agents connected to the master without error
In production the upgrade completed successfully but all agents are getting the following error
Info: Computing checksum on file /opt/puppetlabs/mcollective/plugins/mcollective/application/puppet.rb
Error: Could not back up /opt/puppetlabs/mcollective/plugins/mcollective/application/puppet.rb: Error 500 on SERVER: {"message":"Server Error: Got passed new contents for sum {md5}13731d27f1276cdd3314f7fa30aa5eb1","issue_kind":"RUNTIME_ERROR"}
Error: Could not back up /opt/puppetlabs/mcollective/plugins/mcollective/application/puppet.rb: Error 500 on SERVER: {"message":"Server Error: Got passed new contents for sum {md5}13731d27f1276cdd3314f7fa30aa5eb1","issue_kind":"RUNTIME_ERROR"}
Error: /Stage[main]/Puppet_enterprise::Mcollective::Server::Plugins/File[/opt/puppetlabs/mcollective/plugins/mcollective/application/puppet.rb]/content: change from {md5}13731d27f1276cdd3314f7fa30aa5eb1 to {md5}e8085d91ddaa1f92984bde5d34cc47d5 failed: Could not back up /opt/puppetlabs/mcollective/plugins/mcollective/application/puppet.rb: Error 500 on SERVER: {"message":"Server Error: Got passed new contents for sum {md5}13731d27f1276cdd3314f7fa30aa5eb1","issue_kind":"RUNTIME_ERROR"}
Notice: /Stage[main]/Puppet_enterprise::Mcollective::Service/Service[mcollective]: Dependency File[/opt/puppetlabs/mcollective/plugins/mcollective/application/puppet.rb] has failures: true
Warning: /Stage[main]/Puppet_enterprise::Mcollective::Service/Service[mcollective]: Skipping because of failed dependencies
↧
Unable to connect to Enterprise Puppet server using Windows agent
I have setup Puppet Enterprise server on CentOS Linux 7 (Core).
# /opt/puppetlabs/bin/puppetserver --version
puppetserver version: 2016.5.0.11
I have installed Puppet Enterprise agent on Win Server 2008 R2 Enterprise (64-bit).
C:\Users\Administrator>puppet --version
4.8.1
When i try connecting to the Puppet server, i get only the following output:
C:\Windows\system32>puppet agent --test
Exiting; no certificate found and waitforcert is disabled
On server, if i check for any pending cert signing request, i see nothing:
# puppet cert --list
I have verified that i am able to telnet to Puppet server on port 8140 from my Win agent box.
Also shown below is the Puppet service running as Local System user.
My Puppet server has the following entry in /etc/puppetlabs/puppet/puppet.conf
[main]
certname = gc.abc.com
server = gc.abc.com
user = pe-puppet
group = pe-puppet
environment_timeout = 0
app_management = true
module_groups = base+pe_only
environmentpath = /etc/puppetlabs/code/environments
codedir = /etc/puppetlabs/code
[agent]
graph = true
[master]
node_terminus = classifier
storeconfigs = true
storeconfigs_backend = puppetdb
reports = puppetdb
certname = gc.abc.com
always_cache_features = true
On Win agent, i have specified the Puppet server name in host file:
xx.yy.zz.zzz puppet-server
On Win agent, I have also mentioned the server name in C:\ProgramData\PuppetLabs\puppet\etc\puppet.conf file
[main]
server=puppet-server
autoflush=true
environment=production
Any pointers?
↧
Error when trying to start Apache after installing Passenger for Puppet on Ubuntu 12.04
I am having an issue that I am not able to start Apache after installing passenger and configuring the puppetmaster file in /etc/apache2/sites-available/.
I am getting the following error when I try to start Apache:
root@puppet-master:/etc/apache2/sites-available# service apache2 start
* Starting web server apache2
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:8140
no listening sockets available, shutting down
Unable to open logs
Action 'start' failed.
The Apache error log may have more information.
...fail!
I don't know if the problem is related to the puppetmaster file or the apache2.conf or ports.conf files.
**ports.conf**:
root@puppet-master:/etc/apache2/sites-available# cat ../ports.conf
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz
NameVirtualHost *:8140
Listen 8140
# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl
# to
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
Listen 443
Listen 443
**apache2.conf**:
root@puppet-master:/etc/apache2/sites-available# cat ../apache2.conf
#
# Based upon the NCSA server configuration files originally by Rob McCool.
#
# This is the main Apache server configuration file. It contains the
# configuration directives that give the server its instructions.
# See http://httpd.apache.org/docs/2.2/ for detailed information about
# the directives.
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
# The configuration directives are grouped into three basic sections:
# 1. Directives that control the operation of the Apache server process as a
# whole (the 'global environment').
# 2. Directives that define the parameters of the 'main' or 'default' server,
# which responds to requests that aren't handled by a virtual host.
# These directives also provide default values for the settings
# of all virtual hosts.
# 3. Settings for virtual hosts, which allow Web requests to be sent to
# different IP addresses or hostnames and have them handled by the
# same Apache server process.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path. If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "foo.log"
# with ServerRoot set to "/etc/apache2" will be interpreted by the
# server as "/etc/apache2/foo.log".
#
### Section 1: Global Environment
#
# The directives in this section affect the overall operation of Apache,
# such as the number of concurrent requests it can handle or where it
# can find its configuration files.
#
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# NOTE! If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the LockFile documentation (available
# at );
# you will save yourself a lot of trouble.
#
# Do NOT add a slash at the end of the directory path.
#
#ServerRoot "/etc/apache2"
#
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
LockFile ${APACHE_LOCK_DIR}/accept.lock
#
# PidFile: The file in which the server should record its process
# identification number when it starts.
# This needs to be set in /etc/apache2/envvars
#
PidFile ${APACHE_PID_FILE}
#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300
#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On
#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100
#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 5
##
## Server-Pool Size Regulation (MPM specific)
##
# prefork MPM
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves
StartServers 5
MinSpareServers 5
MaxSpareServers 10
MaxClients 150
MaxRequestsPerChild 0
# worker MPM
# StartServers: initial number of server processes to start
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadLimit: ThreadsPerChild can be changed to this maximum value during a
# graceful restart. ThreadLimit can only be changed by stopping
# and starting Apache.
# ThreadsPerChild: constant number of worker threads in each server process
# MaxClients: maximum number of simultaneous client connections
# MaxRequestsPerChild: maximum number of requests a server process serves
StartServers 2
MinSpareThreads 25
MaxSpareThreads 75
ThreadLimit 64
ThreadsPerChild 25
MaxClients 150
MaxRequestsPerChild 0
# event MPM
# StartServers: initial number of server processes to start
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxClients: maximum number of simultaneous client connections
# MaxRequestsPerChild: maximum number of requests a server process serves
StartServers 2
MinSpareThreads 25
MaxSpareThreads 75
ThreadLimit 64
ThreadsPerChild 25
MaxClients 150
MaxRequestsPerChild 0
# These need to be set in /etc/apache2/envvars
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
#
# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#
AccessFileName .htaccess
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
Order allow,deny
Deny from all
Satisfy all
#
# DefaultType is the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value. If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
#
# It is also possible to omit any default MIME type and let the
# client's browser guess an appropriate action instead. Typically the
# browser will decide based on the file's extension then. In cases
# where no good assumption can be made, letting the default MIME type
# unset is suggested instead of forcing the browser to accept
# incorrect metadata.
#
DefaultType None
#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a
# container, that host's errors will be logged there and not here.
#
ErrorLog ${APACHE_LOG_DIR}/error.log
#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn
# Include module configuration:
Include mods-enabled/*.load
Include mods-enabled/*.conf
# Include all the user configurations:
Include httpd.conf
# Include ports listing
Include ports.conf
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
# If you are behind a reverse proxy, you might want to change %h into %{X-Forwarded-For}i
#
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
# Include of directories ignores editors' and dpkg's backup files,
# see README.Debian for details.
# Include generic snippets of statements
Include conf.d/
# Include the virtual host configurations:
Include sites-enabled/
**puppetmaster**:
root@puppet-master:/etc/apache2/sites-available# cat puppetmaster
# Example puppetmaster.conf configuration file for Pluralsight's Puppet Fundamentals for System Administrators course
LoadModule passenger_module /var/lib/gems/1.8/gems/passenger-4.0.56/buildout/apache2/mod_passenger.so
PassengerRoot /var/lib/gems/1.8/gems/passenger-4.0.56
PassengerDefaultRuby /usr/bin/ruby1.8
PassengerHighPerformance on
PassengerMaxPoolSize 12
PassengerPoolIdleTime 1500
PassengerMaxRequests 1000
PassengerStatThrottleRate 120
Listen 8140
SSLEngine on
SSLProtocol ALL -SSLv2 -SSLv3
SSLCipherSuite EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:$
SSLHonorCipherOrder on
SSLCertificateFile /var/lib/puppet/ssl/certs/puppet-master.localdomain.pem
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet-master.localdomain.pem
SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars +ExportCertData
RequestHeader unset X-Forwarded-For
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/
RackBaseURI /
Puppet master is turned off now so nothing is using the 8140 port:
root@puppet-master:/etc/apache2/sites-available# sudo netstat -tnlp | grep 8140
root@puppet-master:/etc/apache2/sites-available#
Also Apache is turned off so neither start or restart works with it.
root@puppet-master:/etc/apache2/sites-available# sudo service apache2 start
* Starting web server apache2
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:8140
no listening sockets available, shutting down
Unable to open logs
Action 'start' failed.
The Apache error log may have more information.
...fail!
root@puppet-master:/etc/apache2/sites-available# sudo service apache2 restart
* Restarting web server apache2
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:8140
no listening sockets available, shutting down
Unable to open logs
Action 'start' failed.
The Apache error log may have more information.
...fail!
Is it possible that someone helps me with that?
Thanks..
↧
↧
How can I have multiple uses of the same group resource?
Background:
I am making puppet modules that will handle the Windows server configuration for one of our platforms. One module handles if the server is a web server, and another handles if its an application server. These modules are intended so that they can both be ran if the resulting server should have both layers. A third module has been created for any resources that would be the same for each, and the other modules include it.
The method above has worked great for fixing true collisions where the same thing was ran in both of the main modules, as it allows me to just define it once. However, I am hitting a similar problem when it comes to establishing a means of configuring local Administrator group membership.
The web server would need User A and User B as local Administrators. Meanwhile, the application server would only need User A and User C. I previously tried the following method:
For the web module:
group { 'Local Administrators - Web':
name => 'Administrators',
ensure => present,
members => ['DOMAIN\\UserA','DOMAIN\\UserB'],
auth_membership => false,
}
For the application module:
group { 'Local Administrators - Application':
name => 'Administrators',
ensure => present,
members => ['DOMAIN\\UserA','DOMAIN\\UserC'],
auth_membership => false,
}
However, this collides, as both groups have the same `name`. I then tried (as I believe I have in the past) to use a user resource to try and get a domain user, but that does not work:
Manifest:
user {'DOMAIN\\UserA':
ensure => present,
groups => 'Administrators',
}
Agent output:
Error: ADSI connection error: failed to parse display name of moniker 'WinNT://DOMAIN/UserA,user'
HRESULT error code:0x800706ba
The RPC server is unavailable.
Wrapped exception: failed to parse display name of moniker 'WinNT://DOMAIN/UserA,user'
HRESULT error code:0x800706ba
The RPC server is unavailable.
Error: /Stage[main]/Abp_global/User[DOMAIN\UserA]/groups: change from to Administrators failed: ADSI connection error: failed to parse display name of moniker 'WinNT://DOMAIN/UserA,user'
HRESULT error code:0x800706ba
The RPC server is unavailable.
So, I'm kind of stuck. The way of being able to define a resource with a unique name (the user resource) doesn't seem to work, based on threads [such as this one](https://ask.puppet.com/question/1403/how-can-i-add-a-domain-user-to-the-local-administrators-group/). The method that does work (the group resource) has collision issues since I'm calling it against the same group (Administrators) 2-3 times.
I feel like I'm reaching a point where I'm going to have to roll my own checking via the Exec resource and PowerShell, but that seems silly for something like this.
Does anyone have any ideas that I am missing?
↧
Error 502 on SERVER: Incomplete response received from application
I am trying to run puppet agent on my own puppet master, which is using Passenger. All other agents can grab their catalogues without _any issues whatsoever_ however my master cannot get it's own catalogue. What's going on?
# puppet agent --test --server=puppet
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Loading facts
Error: Could not retrieve catalog from remote server: Error 502 on SERVER:
Incomplete response received from application
Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run I have tried rebooting the server, to no avail. I also have puppetdb installed. Versions: httpd-2.2.15-54.0.1.el6_8.x86_64 libselinux-ruby-2.0.94-5.8.el6.x86_64 mod_passenger-5.0.30-8.el6.x86_64 passenger-5.0.30-8.el6.x86_64 puppet-3.8.7-1.el6.noarch puppetdb-2.3.8-1.el6.noarch puppetdb-terminus-2.3.8-1.el6.noarch puppetlabs-release-6-12.noarch puppet-server-3.8.7-1.el6.noarch ruby-1.8.7.374-4.el6_6.x86_64 ruby-augeas-0.4.1-3.el6.x86_64 ruby-devel-1.8.7.374-4.el6_6.x86_64 rubygem-json-1.5.5-3.el6.x86_64 rubygem-rack-1.1.0-2.el6.noarch rubygem-rake-0.8.7-2.1.el6.noarch rubygems-1.3.7-5.el6.noarch ruby-irb-1.8.7.374-4.el6_6.x86_64 ruby-libs-1.8.7.374-4.el6_6.x86_64 ruby-rdoc-1.8.7.374-4.el6_6.x86_64 ruby-shadow-2.2.0-2.el6.x86_64 OS: Red Hat Enterprise Linux Server release 6.5 (Santiago)↧
Puppet Provider usage for puppet resource
I am trying to develop a provider that will query the system for my custom resource
myfile. However when I run puppet resource myfile --environment tap --debug I get the following results:
Debug: Runtime environment: puppet_version=4.5.3, ruby_version=2.1.9, run_mode=user, default_encoding=UTF-8
Debug: Executing: '/bin/ls /folders'
Debug: #each property -> {:ensure=>:present, :name=>"/folders/otherfile", :owner=>"root"}
Debug: #each property -> {:ensure=>:present, :name=>"/folders/testf", :owner=>"root"}
myfile { '/folders/otherfile':
ensure => 'present',
}
myfile { '/folders/testf':
ensure => 'present',
}
This looks good except it is missing my owner property that I am also searching for. My provider is below:
Puppet::Type.type(:myfile).provide(:ruby) do
commands :touch => 'touch', :ls => 'ls'
mk_resource_methods
def self.get_list_of_myfiles
files = ls('/folders')
files = files.gsub(/\s+/m, ' ').strip.split(" ")
files
end
def self.get_list_of_myfiles
files = ls('/folders')
files = files.gsub(/\s+/m, ' ').strip.split(" ")
files
end
def self.get_properties(file)
properties = {}
begin
output = `ls -l /folders/#{file}`
rescue Puppet::ExecutionFailure => e
Puppet.debug "#get_properties had an error -> #{e.inspect}"
return {}
end
output = output.gsub(/\s+/m, '::').strip.split("::")
# 0 1 2 3 4 5 6 7 8
#-rw-r--r-- 1 root root 0 Dec 30 07:28 /folders/otherfile
properties[:ensure] = :present
properties[:name] = output[8]
properties[:owner] = output[2]
properties
end
def self.instances
get_list_of_myfiles.collect do |each|
properties = get_properties(each)
Puppet.debug "#each property -> #{properties}"
new(properties)
end
end
end
**Why is my owner field missing?**
↧