New devops programmer here... I'm re-factoring puppet code and trying to keep content (hiera) separate from code to keep the sysadmins to editing hiera files.
I've successfully used augeas with hash arrays in puppet for most conf files but I'm stuck on /etc/updatedb.conf
This works with augtool:
[root@machine]$ augtool set /files/etc/updatedb.conf/PRUNEPATHS some_folder
Saved 1 file(s)
[root@puppetlab etc]$ grep PRUNEPATHS /etc/updatedb.conf
PRUNEPATHS = some_folder
But in puppet I get an error:
[root@puppetlab etc]$ puppet apply --verbose --modulepath=/etc/puppetlabs/code/environments/production/modules/ -e "augeas { \"updatedb.conf\": changes => [ 'set /files/etc/updatedb.conf/PRUNEPATHS some_folder' ] }"
Info: Loading facts
Info: Loading facts
Info: Loading facts
Notice: Compiled catalog for puppetlab.localdomain in environment production in 0.16 seconds
Info: Applying configuration version '1495117608'
Error: /Stage[main]/Main/Augeas[updatedb.conf]: Could not evaluate: Saving failed, see debug
Notice: Applied catalog in 1.49 seconds
I'm at a roadblock here and it seems augeas errors via puppet do not show up in /augeas//error
Any pointers would be appreciated. If I were not OCD I'd just do it another way and move on but I'm OCD and I need it to all be the same ;)
↧
updatedb.conf with augeas
↧
How to adjust the crontab file from the install.sh file manifest
I am using the Mcafee module:
[https://forge.puppet.com/Ramorous/mcafee\_epo\_agent](https://forge.puppet.com/Ramorous/mcafee_epo_agent)
I need to look about having either the install.sh or the mcafee manifest adjust the cron that mcafee agent uses:
It should add the below line to the crontab:
0,30 * * * * /opt/McAfee/agent/scripts/ma checkhealth >/dev/null 2>&1
how can I edit the current module or the install.sh file on the master?
I edited manually now , but I need puppet to do it, without using more module like crontab module
↧
↧
Puppet Array in hiera
Hello,
I am trying to rewrite some puppet apache profiles we have, also trying to remove array etc and move them to hiera. Does anyone know how to add this to hiera:
$aliases = [{
scriptalias => '/awstats',
path => '/usr/lib/cgi-bin/', } , {
alias => '/awstats-icon',
path => '/usr/share/awstats/icon/', } , {
alias => '/awstatsclasses',
path => '/usr/share/awstats/lib/', } , {
alias => '/awstatscss',
path => '/usr/share/doc/awstats/examples/css', } ]
I tried something like:
profile::apache::httpd::someapache:aliases:
- alias:
- '/awstatsclasses'
- '/awstats-icon'
- path:
- '/usr/share/awstats/lib/'
- '/usr/share/awstats/icon/'
But it keeps overwriting the Alias line with the last values....
Could someone help me please ?
Kind regards,
- Pascal den Bekker
↧
override an resource
Hi there,
How could I overwrite these courios resource-statement from openstack-neutron in authtoken.pp.
Here the class directly from github:
[link text](https://github.com/openstack/puppet-neutron/blob/stable/ocata/manifests/keystone/authtoken.pp)
I've tried it by calling the class
class profiles::neutron {
class { '::neutron':
core_plugin => 'ml2',
allow_overlapping_ips => true,
service_plugins => ['router'],
auth_strategy => 'keystone',
dns_domain => 'webterrorist.local.',
default_transport_url => 'rabbit://openstack:askgoogle@192.168.253.10',
rabbit_password => 'askgoogle',
rabbit_user => 'openstack',
rabbit_host => '192.168.253.10',
}
class { '::neutron::keystone::authtoken':
user_domain_name => 'default',
project_domain_name => 'default',
username => 'neutron',
password => 'askgoogle',
project_name => 'service',
auth_url => 'http://192.168.253.10:35357',
auth_uri => 'http://192.168.253.10:5000',
auth_type => 'password',
project_domain_name => 'default',
memcached_servers => '127.0.0.1:11211',
manage_memcache_package => false,
region_name => 'ImperiumAlpha',
}
class { '::neutron::agents::ml2::ovs':
local_ip => "${::ipaddress}",
tunnel_types => ['vxlan']
}
}
But get these
Error while evaluating a Resource Statement, Keystone::Resource::Authtoken[neutron_config]: has no parameter named 'manage_memcache_package' at /usr/local/etc/puppet/environments/staging/modules/neutron/manifests/keystone/authtoken.pp:246
Keystone::Resource::Authtoken[neutron_config] is not a class but part of the class neutron::keystone::authtoken How could I call it to overide the settings in these Module?
↧
r10k Control Repos : deploy the enviroment automaticaly from main git to control repo
hello everyone .
I do not wish to reinvent the wheel. Do you know if there's something for a script that will automatically allow me to add the branch created from git to the repo control with the Puppetfile ?
At the end , a script trigger and deploy the enviroment automaticaly ?
Thank you so much ,
-t
↧
↧
Installing puppet server and agent on same machine
Hello,
I'm new on Puppet and quite lost, I would like (as a test) install puppet master and puppet agent on the same machine.
I'm stuck at the step of configuring `puppet.conf` and I have no ideas how to write the config sections.
Is that possible to install bot puppet on same machine ? If yes could you give me some example to make it clearer for me
**EDIT**
Here is my `puppet.conf`:
[main]
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /etc/puppetlabs/code
ssldir = /opt/puppetlabs/puppet/ssl/
factpath = /opt/puppetlabs/bin/facter
[master]
dns-alt-names = puppetmaster,puppet,server.example.com
certname = server.example.com
server = puppetserver
report = true
reports = log,store
modulepath = /opt/puppetlabs/puppet/modules
[agent]
server = server.example.com
After the conf of this file, the agent needs to ask a certificate, so I run this command :
puppet agent --server server.example.com --waitforcert 60 --test
It returns me this error and I can't understand it :
Error: Could not parse /etc/puppetlabs/puppet/puppet.conf: Could not match line dns-alt-names = puppetmaster,puppet,minos.grenet.fr
at /etc/puppetlabs/puppet/puppet.conf:20
**EDIT**
I found what was wrong... I writed `dns-alt-names` instead of `dns_alt_names`.. 3 days I try to solve it
Thanks
↧
puppet service failed to start
Hello,
I'm under Debian8 and I installed puppetserver and puppet-agent on the same machine. I started puppetserver and stopped before modify `puppet.conf` but after I tried to start puppet agent and puppetserver with the following command :
/etc/init.d/puppetserver start
and
/etc/init.d/puppet start
and when I check logs it returns me this error :
-- Subject: L'unité (unit) puppetserver.service a commencé à démarrer
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- L'unité (unit) puppetserver.service a commencé à démarrer.
mai 22 13:47:35 minos systemd[1]: puppetserver.service: control process exited, code=exited status=1
mai 22 13:47:35 minos systemd[1]: Failed to start LSB: puppetserver.
-- Subject: L'unité (unit) puppetserver.service a échoué
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- L'unité (unit) puppetserver.service a échoué, avec le résultat failed.
mai 22 13:47:35 minos systemd[1]: Unit puppetserver.service entered failed state.
mai 22 13:48:18 minos systemd[1]: Unit puppetserver.service cannot be reloaded because it is inactive.
I checked if puppetserver was listening on port 8140 but he is not anymore :
netstat -anpl | grep 8140
It gives me not result and I don't know how to solve this problem, puppet is totally new for me need some help
Thanks
↧
Error 500: pe_packages after 2017.2 install
Last week I tried to install PE 2017.2 over our working 2016.5 instance. I copied the tarball to our server, unpacked it, and ran puppet-enterprise-installer script. The install seemed to run without error and it told me to finish the install I should run puupet agent -t on the server. This is a monolithic install. The puppet run returns error 500 saying that is cannot get metadata for puppet:///pe_packages/2017.2.1/el-7_x86_64-1.10.1.
This directory does not exist but I do have a similar directory at /opt/puppetlabs/server/data/packages/public that contains all of the packages. Also /etc/puppetlabs/puppet/fileserver.conf has a [pe_puppet] section with path set to /opt/puppetlabs/server/data/packages/public and allow *
Is it possible I have bad permissions or something on the /opt/puppetlabs/server/data/packages/public folders or is there somewhere else I can look. I have tried reinstalling several times with the same issue, I have also tried reinstalling using a new pe.conf file, the one I am using though only has password, dnsaltname, and hostname settings set.
↧
hiera lookup not working?
Hit there
I am trying to create lookups for openstack-neutron
[openstack-neutron](https://github.com/openstack/puppet-neutron/tree/stable/ocata)
class profiles::neutron {
$neutron_default = lookup('neutron', {merge => deep, default_value => {}})
create_resources('neutron', $neutron_default)
}
...
---
classes:
- vswitch::ovs
- profiles::vswitch
- neutron
- profiles::neutron
neutron_default:
rabbit_password: 'askgoogle'
core_plugin: 'ml2'
service_plugins: ['router']
dns_domain: 'webterrorist.local.'
default_transport_url: 'rabbit://openstack:askgoogle@192.168.253.10'
but i get in stuck by
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Function Call, When rpc_backend is rabbitmq, you must set rabbit password at /usr/local/etc/puppet/environments/staging/modules/neutron/manifests/init.pp:548:7 on node test02.webterrorist.local
so it seems that my lookups in profiles::neutron where totaly ignored or/and are not working. Any hint why would be very welcome.
I'm using FreeBSD 10.3 as my puppetmaster and Ubuntu 17.04 on my testing nodes. And I use puppet opensource. What would be the best to debug and testing my hiera-lookups on my testing-nodes?
class { '::neutron':
core_plugin => hiera('neutron::core_plugin'),
allow_overlapping_ips => true,
service_plugins => hiera('neutron::service_plugins'),
auth_strategy => 'keystone',
dns_domain => hiera('neutron::dns_domain'),
default_transport_url => hiera('neutron::default_transport_url'),
}
So far the example above would work. But then I have to change my codingstile for my yaml-files. And it's not so flexible.
↧
↧
puppet - ini remove
I am using puppet 4.5.3 and ini_setting module version 1.4.2. I need to be able to remove a stanza in an ini file. For example:
[header]
ip = '1.1.1.1'
hostname = 'myserver'
port = 80
I am able to remove each section of the ini file using the
ensure => absent parameter but I cannot find a way to remove the stanza header, or preferably the whole thing in one command.
What I have left is
[header]
Does anyone know how this can be done? Unfortunately there are other stanzas in the same file that I need to keep so I cannot simply delete the file.
thanks,
↧
puppet - ini remove
I am using puppet 4.5.3 and ini_setting module version 1.4.2. I need to be able to remove a stanza in an ini file. For example:
[header]
ip = '1.1.1.1'
hostname = 'myserver'
port = 80
I am able to remove each section of the ini file using the
ensure => absent parameter but I cannot find a way to remove the stanza header, or preferably the whole thing in one command.
What I have left is
[header]
Does anyone know how this can be done? Unfortunately there are other stanzas in the same file that I need to keep so I cannot simply delete the file.
thanks,
↧
issue with $releasevar in yum repo on OEL7 while using puppetlabs_puppet_agent module
Hey all,
I'm having an issue with the puppet_agent module from puppetlabs while upgrade my OEL7.3 servers to the puppet4 agent.
The $releasever in pc_repo.repo seems to be evaluating to 7.3 instead of just 7. This causes yum to not find the url it's looking for (which just includes the major version 7, and not the .3 minor version). Not sure if this is just what OEL does with the releasever variable or if anyone else has run into this issue in the past.
(I haven't done this on my OEL5 or OEL6 servers yet, but I don't think those will have the same problem judging from the repo layout)
↧
http://yum.puppetlabs.com/el/5/products/x86_64/repodata/614604dc1533fc3be3429b4f96007036cf0cee6387c6c452e9c5173b7526a94e-primary.sqlite.bz2: [Errno -3] Error performing checksum
Starting since last Thursday we started getting this error on our build process. We do a yum update to the Puppet repository (3.7.4) each time:
Loaded plugins: downloadonly, security
http://yum.puppetlabs.com/el/5/products/x86_64/repodata/614604dc1533fc3be3429b4f96007036cf0cee6387c6c452e9c5173b7526a94e-primary.sqlite.bz2: [Errno -3] Error performing checksum
Trying other mirror.
http://yum.puppetlabs.com/el/5/products/x86_64/repodata/614604dc1533fc3be3429b4f96007036cf0cee6387c6c452e9c5173b7526a94e-primary.sqlite.bz2: [Errno -3] Error performing checksum
Trying other mirror.
This is happening on several machines.
It isn't happening on the machines that are updating against a newer puppet version (different code-line)
We noticed that the version of that file changed on 5/17/2017
We flushed the yum repo caches on our end but that did not help
↧
↧
invalid byte sequence in US-ASCII only on first puppet run
Hello, I am using puppet v4.10.0 on both my agents and master along side Katello 3.3.0. I am having a strange error where certain manifests cause the error "invalid byte sequence in US-ASCII" but ONLY on the first puppet run while the machine is being provisioned with RHEL 7.3. LANG is set to en_US.UTF-8 on both the master and agents. 'file' reports that the affected manifests are 'ASCII text'. I have tried replacing all non-ASCII characters in the files with "perl -i -pe 's/[^[:ascii:]]//g'" without change. I have also tried removing invalid ASCII characters with "iconv -f ASCII -t ASCII -c" without change. Can anyone please give me any suggestions as to what might be going on?
↧
invalid byte sequence in US-ASCII only on first puppet run
Hello, I am running puppet v4.10.0 on both my master and agents along side Katello 3.3.0. I am receiving the error "invalid byte sequence in US-ASCII" on certain manifests ONLY when I run puppet the first time while provisioning a machine with RHEL 7.3. This error did not occur before I upgraded from puppet 3.6. Puppet runs without error in subsequent runs.
'LANG' is set to en_US.UTF-8 on both my master and agents. 'file' reports that the affected manifests are ASCII. I have tried removing non-ASCII characters from the manifests using "perl -i -pe 's/[^[:ascii:]]//g'" to no change. I have also tried removing invalid ASCII sequences with "iconv -f ASCII -t ASCII -c" to no change, so I'm fairly confident the files really are valid ASCII. Can anyone please help me figure this out?
↧
extract file name from Nagios_host { }
I have working process of adding hosts to nagios with puppet, and was wandering if it is possible to extract cfg file name created by:
Nagios_host <<||>> {
..........
}
to use in puppet code to move file, check for existence, etc...
Any info is appreciated
Thank you.
↧
can we trigger email notification when puppet run fails?
My management is impressed with the monitoring features of puppet. They want made a custom email if puppet agent runs to fail. How to achieve this?
↧
↧
Windows puppet agent not making any changes
Hello,
I have setup Puppet OS on a Linux server in AWS; where I have created manifests to be ran on my environments, as you would expect. The manifests will do very simple tasks, and against my Windows machines, they will run a powershell script.
The windows agents have been built using Packer, which has installed the agent using Chocolatey; the puppet.conf file (on the agent) is very skinny and contains the defaults; installation completes without any visible issues.
My issue is that; I can see the Windows agent checking into the Linux server; by tailing the logs:
2017-05-24 15:56:38,261 INFO [qtp32244594-69] [puppetserver] Puppet Caching node for win-xxx.eu-west-1.compute.internal
2017-05-24 15:56:40,785 INFO [qtp32244594-67] [puppetserver] Puppet Caching node for win-xxx.eu-west-1.compute.internal
2017-05-24 15:56:40,900 INFO [qtp32244594-67] [puppetserver] Scope(Class[Company::Roles::Iiswebserver]) Installed started on WIN-xxx.eu-west-1.compute.internal as class [company::roles::iiswebserver]
2017-05-24 15:56:40,943 INFO [qtp32244594-67] [puppetserver] Puppet Compiled catalog for win-xxx.eu-west-1.compute.internal in environment production in 0.15 seconds
Now whilst it has checked in, and visible "done" something, it hasn't actually done anything. If I execute the puppet agent manually on the Windows machine or run
> puppet agent -t --debug --verbose
I can see it perform the same check in, and then actually complete the manifest. However, it doesn't do anything if left to its own devices. Have I done something wrong?
↧
where (server/agent) and how to run unit test in puppet
I want to run unit test in puppet ,i have created spec and tests folder inside my module folder.
I have tried the steps provided in (https://puppet.com/blog/next-generation-of-puppet-module-testing), but not able to make it.
Please help on it
↧
Unable to understand the benefits of r10k dynamic environments..
We use Puppet, hiera, r10k with a number of forge modules, roles and profiles patterns to perform an automated deployment of a Java/NodeJS Application.
I find r10k to be very useful in fetching all dependent modules from a Puppetfile. However I am confused with the benefits of the r10k dynamic environments. We have 8 environments, so we have created 8 branches in Git. The important feature is that all these 8 environments are identical except for heira properties.
Whenever we make a change in one of the puppet manifests(roles or profiles), we manually have to merge(sometimes cherry-pick) these changes from 1 branch to the other, when we are ready to do a new deployment in another environment.
Managing code in 8 branches is appearing to be a time-consuming and an error-prone process to me.
I am thinking of moving away from r10k dynamic environments usage and have only 1 branch (master).
Whenever we deploy anything to Production env, we just tag the appropriate commit with a Git Tag.
When the business application code that the development team are writing does not have a Git branch for every environment, why should R10K mandate that we create a branch for each environment containing the same puppet code?
I was wondering if any body has benefited from using R10k dynamic environments for automated deployment of an Application and can share their experience.
↧