Hi Team,
exec {'start_service':
command => '/opt/agent/bin/service start --accept-license',
onlyif => ".....",
}
The command should get execute only if the service "splunk" is not running.
I would like to put `ps -ef | grep -i "splunk"`
Please help here..!
Regards,
Rohith
↧
Execute a command onlyif service is not running.
↧
Hiera configuration file had wrong type
Hi,
I'm getting this error when doing puppet apply (I'm running masterless puppet). I was using Hiera 4 configuration in hiera.yaml but I couldnt find configuration for eyaml for that version. I switched configuration file version to hiera 3 but I see these errors now. Without upgrading my puppet agent, is there a way to fix my issue ?
Error: The Hiera Configuration at '/etc/puppetlabs/code/environments/production/modules/mymodule/hiera.yaml' had wrong type, entry 'hierarchy' index 0 expected a Struct value, got String
The Hiera Configuration at '/etc/puppetlabs/code/environments/production/modules/mymodule/hiera.yaml' had wrong type, entry 'hierarchy' index 1 expected a Struct value, got String
The Hiera Configuration at '/etc/puppetlabs/code/environments/production/modules/mymodule/hiera.yaml' had wrong type, entry 'hierarchy' index 2 expected a Struct value, got String
The Hiera Configuration at '/etc/puppetlabs/code/environments/production/modules/mymodule/hiera.yaml' had wrong type, expected a value for key 'version'
The Hiera Configuration at '/etc/puppetlabs/code/environments/production/modules/mymodule/hiera.yaml' had wrong type, unrecognized key 'backends'
The Hiera Configuration at '/etc/puppetlabs/code/environments/production/modules/mymodule/hiera.yaml' had wrong type, unrecognized key 'eyaml'
The Hiera Configuration at '/etc/puppetlabs/code/environments/production/modules/mymodule/hiera.yaml' had wrong type, unrecognized key 'yaml'
Here is my VM with packages installed
Agent version: 4.5.3
Hiera: 3.2.0
Puppet gems installed
*** LOCAL GEMS ***
bigdecimal (1.2.4)
deep_merge (1.0.1)
facter (3.3.0)
hiera (3.2.0)
hiera-eyaml (2.1.0)
highline (1.6.21)
hocon (0.9.3)
io-console (0.4.3)
json (1.8.1)
minitest (4.7.5)
net-ssh (2.9.2)
psych (2.0.5)
puppet (4.5.3)
rake (10.1.0)
rdoc (4.1.0)
semantic_puppet (0.1.2)
stomp (1.3.3)
test-unit (2.1.9.0)
trollop (2.1.2)
↧
↧
hiera function in yaml
My yaml looks something like below
---
database::db_user:
'asuser':
password: 'somepassword'
Now, can I do this in another yaml file ?
---
mymodule::db_pass: "%{hiera('database::db_user')['asuser']}"
↧
Puppet Compatibility old server new client software.
The information on the main page talks about old agents with a new server. I have the opposite. So in order to plan I am trying to determine my best option going forward.
On my new CentOS machines the version of puppet is 3.6.2 installed, the current Puppet Master is running CentOS 6.9 and puppet version is reported back as 2.7.23.
So my question is whether or not my new puppet 3.6.2 will be compatible with the legacy master. When we upgrade the master we are switching to Ansible and scrapping puppet well.
If i am not providing the right information please let me know. I am more familiar with Ansible. This is my opening foray into using Puppet and as I prepare to add in the new modules for the CentOS 7 machine we are incorporating to the final release before a full system redesign.
I am asking this question because of the changes between iptables and firewalld is one of the first issues I am trying to figure out if the modules will be able to work with the software installed.
↧
Customize default tagmail report
Hi, I have integrated latest tagmail module with my PE2017.2 and it's working like charm. I am able to send mails based on the log level. However I have some special requirement to set some specific messages in Subject or in Mail Body. e.g. Right now I am getting subject text in mails as below:
Puppet Report for puppetnode
But instead I like to have following in case of failure or successful respectively:
Puppet Report for puppetnode [FAILED]
Puppet Report for puppetnode [SUCCESSFUL]
It seem we can use report processor but I'm not sure where and how? Any ideas or example?
↧
↧
Hiera Array not returning all items
We're having a few issues with using ```hiera_array``` to bulk install a list of packages from Hiera data. We have defined a list of support packages we need installing at the ```common```, ```os``` and sometimes the ```node``` level, recently we've seen that only the items on the top most level get installed. I'm completely lost on what would be causing this, and I'm hoping someone can point out something I've missed.
Puppet Agent 4.10.4
Puppet Server 2.7.2
Here is the snippets we're using:
base.pp
# Support packages
$support_packages = hiera_array('mds::support_packages')
package { $support_packages: ensure => 'installed', }
hiera.yaml
---
:backends:
- yaml
:hierarchy:
- "node/%{::fqdn}"
- "vlan/%{vlan}"
- "customer/%{customer}"
- "network/%{network_env}"
- "os/%{::osfamily}/%{::operatingsystem}/%{::operatingsystemrelease}"
- "os/%{::osfamily}/%{::operatingsystem}/%{::operatingsystemmajrelease}"
- "os/%{::osfamily}/%{::operatingsystem}"
- "os/%{::osfamily}"
- "common"
:yaml:
:datadir: "/etc/puppet/environments/%{::environment}/hieradata"
:merge_behavior: deeper
common.yaml
mds::support_packages:
- lsof
- strace
- sysstat
- tcpdump
- nfs-utils
- mlocate
- parted
- wget
- telnet
- unzip
- zip
- nano
- dos2unix
- mutt
- p7zip
- sharutils
- net-tools
- eject
- time
os/RedHat/RedHat/7.yaml
mds::support_packages:
- nmap-ncat
- tmux
- compat-libstdc++-33
Target system state.yaml
[root@xxxxxx state]# grep Package state.yaml
Package[nmap-ncat]:
Package[tmux]:
Package[compat-libstdc++-33]:
Output of a hiera CLI call
[root@puppet ~]# hiera -c /etc/puppetlabs/puppet/hiera.yaml -a mds::support_packages environment=production ::fqdn=xxxx ::osfamily=RedHat ::operatingsystem=RedHat ::operatingsystemmajrelease=7
["nmap-ncat",
"tmux",
"compat-libstdc++-33",
"psmisc",
"coreutils",
"bind-utils",
"lsof",
"strace",
"sysstat",
"tcpdump",
"nfs-utils",
"mlocate",
"parted",
"wget",
"telnet",
"unzip",
"zip",
"nano",
"dos2unix",
"mutt",
"p7zip",
"sharutils",
"eject",
"time"]
↧
Prevent puppet run from iterating over user from winbind
Hi,
I am trying to add an existing node with winbind configured to puppet. The puppet run is iterating over every user object provided from winbind. See example debug output below:
Debug: /User[username]: Provider useradd does not support features libuser; not managing attribute forcelocal Debug: /User[username]: Provider useradd does not support features manages_solaris_rbac; not managing attribute roles Debug: /User[username]: Provider useradd does not support features manages_solaris_rbac; not managing attribute auths Debug: /User[username]: Provider useradd does not support features manages_solaris_rbac; not managing attribute profiles Debug: /User[username]: Provider useradd does not support features manages_solaris_rbac; not managing attribute keys Debug: /User[username]: Provider useradd does not support features manages_solaris_rbac; not managing attribute project Debug: /User[username]: Provider useradd does not support features manages_aix_lam; not managing attribute attributes Debug: /User[username]: Provider useradd does not support features manages_password_salt; not managing attribute salt Debug: /User[username]: Provider useradd does not support features manages_password_salt; not managing attribute iterations
Is it possible to prevent puppet from iterating over every ldap user object?
↧
using 'example.com' as iis module application pool name
I'm trying to create an app pool with the name of 'example.com' using the puppetlabs iis module - https://forge.puppet.com/puppetlabs/iis
It's throwing an error saying 'name is not a valid web site name at...'
If I remove the period, '.', it works. Is there a way for me to use it in the name without it throwing an error?
Thanks!
↧
how to ignore iptables internal chain when purge firewallchain
When I use
resources { 'firewallchain':
purge => true,
}
I got errors beow:
Warning: Firewallchain[INPUT:filter:IPv4](provider=iptables_chain): Attempting to destroy internal chain INPUT:filter:IPv4
Error: Execution of '/sbin/iptables -t filter -X INPUT' returned 1: iptables: Invalid argument. Run `dmesg' for more information.
Error: /Stage[main]/Main/Node[default]/Firewallchain[INPUT:filter:IPv4]/ensure: change from present to absent failed: Execution of '/sbin/iptables -t filter -X INPUT' returned 1: iptables: Invalid argument. Run `dmesg' for more information.
Then I tried:
resources { 'firewallchain':
purge => true,
ignore => [
'INPUT',
'OUTPUT',
'FORWARD',
'PREROUTING',
'POSTROUTING',
]
}
Then I got another error:
Error: no parameter named 'ignore' at /root/test.pp:13 on Resources[firewallchain] at /root/test.pp:13 on node vdn-bj-bgp-1-1.self.pili
so my question is how to ignore iptables internal chain when purge firewallchain.
Thanks in advance.
↧
↧
update line if found in file
I am trying to figure out how to replace a line in a file, but only if it already exists in the file.
eg, i only want to update the proxy where it is already configured in /etc/yum.conf
this is what i am trying, but i cant seem to make it work
file_line { 'yum_proxy':
ensure => 'present',
path => '/etc/yum.conf',
line => 'proxy=http://new.proxy.address:8080',
match => '^proxy\=',
match_for_absence => 'false',
}
is there any way in which I can do this ?
↧
update line if exists within file
I am trying to figure out how to replace a line in a file, but only if it already exists in the file.
eg, i only want to update the proxy where it is already configured in /etc/yum.conf
this is what i am trying, but i cant seem to make it work
file_line { 'yum_proxy':
ensure => 'present',
path => '/etc/yum.conf',
line => 'proxy=http://new.proxy.address:8080',
match => '^proxy\=',
match_for_absence => 'false',
}
is there any way in which I can do this ?
↧
failed to apply catalog upon initial puppet startup
Hi,
I have been struggling with this for quite some time. After successful installation of the puppetmaster (enterprise 3.x) and agent (using yum install on the latter), I keep getting the following messages:
Failed to apply catalog: execution expired
and
Could not send report: execution expired
I have all the servers in one vlan. The puppetmaster comes up with the correct URL and I am able to ping using DNS. I also tried to run:
puppet agent --test --server puppetmaster
but get the same results. SSL keys are never exchanged nor do I see the request for it in puppetmaster.
Help.......
↧
Inspiration for long term package management
I'm exploring Puppet and over the past weeks have created a nice manifest that installs and configures all applications that I need over the two OS that we use. I can now spin up boxes real fast and keep configuration in sync, and that already solves a major problem!
However, with creating boxes out of the way, maintaining them is still an unknown for me. I'm not yet sure on a good Puppet strategy for managing package updates over a longer time.
Currently, I don't specify package versions, I just 'ensure' what I need to 'installed'. So, at install time, I will get the latest Ubuntu packages, which is acceptable, but I don't really have a strategy for what happens after that. So after time, there will be drift between versions on different boxes, and updates still have to be done manually with the OS tools until I think of something.
I have put all my needed packages in Hiera, so I could easily add required versions to them. I am wondering what people do to manage package versions over a longer time.
Do you specify specific versions for all packages and periodically bump these versions in the manifests, so that after this change all boxes will automatically upgrade the packages using the Puppet package provider?
What do you do with dependent packages (e.g. libraries like gettext, ncurses etc)? It would seem like a tough job to also keep those packages all in the manifest and keep their versions locked.
Or do you just use the tools provided by the OS?
Do you also run OS major updates through Puppet?
Ultimately, I would like to find a better way to maintain around 50 Ubuntu boxes in a way that's centered around Puppet, which I like. Currently, we just manually run apt-get from time to time (and nobody ever has time), so this is not tenable in the long run. I would like to be both more consistent and more up-to-date.
Any resources or inspiration would be highly appreciated!
↧
↧
how to upgrade puppet master in RHOS
Hi,I ma new to puppet ,if i upgrade my existing Red Hat Enterprise Linux Server release 6.6 (Santiago) to 7
Is it like puppet master installed in it with version 3.6.2 will auto upgarde?
Also the RHOS with version 7 are unable to connect with my puppet master ..pls suggest
What could be the reason and how to resolve it?
↧
hwo to upgrade puppet master when RHOS gets upgarded
1.when i upgrade the RHOS to 7 (from 6.6) .Is it that puppet master (3.6.2) will auto upgrade?
2.how to ensure consistency in sharing data with puppet agent in the upgraded OS
In our existing system,RHOS with 7 areunable to connect to puppet master(3.6.2) installed in OS(6.6)..
How to fix it and what can be the cause?
↧
unable to connect to puppet master in RhoS (6.6) from RHOS(7.1)
when trying to test agent from RHOS (7.7)
puppet agent --test
i get this output
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Error: Could not retrieve local facts: undefined method `to_a' for "ens160":String
Error: Failed to apply catalog: Could not retrieve local facts: undefined method `to_a' for "ens160":String
could you please suggest how should i begin analysing it..It wl be learning for me as well..I ma new to puppet
↧
How to prevent puppet agent from being disabled in a non-admin session?
Currently in our Puppet setup on Windows I can disable and enable the puppet agent in a non-admin session. Disabling will write the specified reason in %USERPROFILE%\.puppetlabs\opt\puppet\cache\state\agent_disabled.lock.
Running the Puppet agent in a non-admin session does not work. And it should not so that's ok. But it gives developers the wrong impression that the agent is disabled. Because if you run the agent is a admin session it will run. Checking the status of the agent in that session will also state that it is enabled.
Disabling in a non-admin session gives the impression the agent is disabled:
> puppet agent --configprint agent_catalog_run_lockfile
C:/Users/xxxxx.adm/.puppetlabs/opt/puppet/cache/state/agent_catalog_run.lock> puppet agent --disable "testing STRY0011213"> type .\.puppetlabs\opt\puppet\cache\state\agent_disabled.lock
{"disabled_message":"testing STRY0011213"}
Running in an admin session just works. Nothing seems to indicate the agent is disabled:
> puppet agent --configprint agent_catalog_run_lockfile
C:/ProgramData/PuppetLabs/puppet/cache/state/agent_catalog_run.lock> type C:\programdata\PuppetLabs\puppet\cache\state\agent_disabled.lock
type : Cannot find path 'C:\programdata\PuppetLabs\puppet\cache\state\agent_disabled.lock' because it does not exist.> puppet agent -tv
Notice: Local environment: 'production' doesn't match server specified node environment 'development', switching agent to 'development'.
...
You can enable the agent in a non-admin session but to no use, the agent will not run:
> puppet agent --enable> type .\.puppetlabs\opt\puppet\cache\state\agent_disabled.lock
type : Cannot find path 'C:\Users\xxxxx.adm\.puppetlabs\opt\puppet\cache\state\agent_disabled.lock' because it does not exist.> puppet agent -tv
Error: Could not request certificate: getaddrinfo: No such host is known.
Exiting; failed to retrieve certificate and waitforcert is disabled
The agent should only run in an admin session and enabling/disabling should also only be possible in an admin session. How could I accomplish that, or what am I doing wrong?
↧
↧
No response for puppet cert list in puppet server
I have setup the puppet server and puppet agent, both are active and running good. But certificates are not getting exchanged. When I try to list the certificates in puppet server, I am not getting any response. I checked SSL directory for certificates but there is no certificate exchange happened.
root@EMJUPuppetmaster:/etc/default# sudo systemctl status puppetserver
● puppetserver.service - puppetserver Service
Loaded: loaded (/lib/systemd/system/puppetserver.service; disabled; vendor preset: enabled)
Active: active (running) since Tue 2017-06-27 13:54:09 UTC; 18s ago
Process: 7590 ExecStart=/opt/puppetlabs/server/apps/puppetserver/bin/puppetserver start (code=exited, status=0/SUCCESS)
Main PID: 7601 (java)
Tasks: 28
Memory: 1.2G
CPU: 59.318s
CGroup: /system.slice/puppetserver.service
└─7601 /usr/bin/java -Xms3g -Xmx3g -XX:MaxPermSize=256m -Djava.security.egd=/dev/urandom -XX:OnOutOfMemoryError=ki
Jun 27 13:53:33 EMJUPuppetmaster systemd[1]: Starting puppetserver Service...
Jun 27 13:53:33 EMJUPuppetmaster puppetserver[7590]: OpenJDK 64-Bit Server VM warning: ignoring option MaxPermSize=256m; supp
Jun 27 13:54:09 EMJUPuppetmaster systemd[1]: Started puppetserver Service.
lines 1-14/14 (END)
root@EMJUPuppetmaster:/etc/default# sudo systemctl enable puppetserver
Synchronizing state of puppetserver.service with SysV init with /lib/systemd/systemd-sysv-install...
Executing /lib/systemd/systemd-sysv-install enable puppetserver
root@EMJUPuppetmaster:/etc/default# sudo /opt/puppetlabs/bin/puppet cert list
root@EMJUPuppetmaster:/etc/default# sudo /opt/puppetlabs/bin/puppet cert list
root@EMJUPuppetmaster:/etc/default#
**Puppet agent creating certificate and trying to exchange but getting below error during communication.**
root@emjupuppetagent:/etc# sudo /opt/puppetlabs/bin/puppet agent --test
Info: Creating a new SSL key for emjupuppetagent.1elecabews1e1icy5kmbzzo5cf.dx.internal.cloudapp.net
Error: Could not request certificate: getaddrinfo: Name or service not known
Exiting; failed to retrieve certificate and waitforcert is disabled
root@emjupuppetagent:/etc#
Having the host file updated in puppet agent also.
Can someone suggest a option to get rid of it. Facing this for the first time.
↧
Which puppet module should I include for a managed database mysql::client using netmanagers/bareos?
When I include the following in my `nodes.pp`:
class {'bareos':
...
manage_database => true,
...
I get the following error:
==> bareOSdirector: Error: Could not find class mysql::client for bareosdirector on node bareosdirector
==> bareOSdirector: Error: Could not find class mysql::client for bareosdirector on node bareosdirector
There seem to be quite a few mysql modules out there, does anyone have an idea of which one was intended to be a dependency of this library?
I'm aware that [netmanagers bareos][1] is unmaintained.
[1]: https://forge.puppet.com/netmanagers/bareos/compatibility
↧
Which puppet module should I include for a managed database mysql::client using netmanagers/bareos?
When I include the following in my `nodes.pp`:
class {'bareos':
...
manage_database => true,
...
I get the following error:
==> bareOSdirector: Error: Could not find class mysql::client for bareosdirector on node bareosdirector
==> bareOSdirector: Error: Could not find class mysql::client for bareosdirector on node bareosdirector
There seem to be quite a few mysql modules out there, does anyone have an idea of which one was intended to be a dependency of this library?
I'm aware that [netmanagers bareos][1] is unmaintained.
[1]: https://forge.puppet.com/netmanagers/bareos/compatibility
↧