hi,
I’m wondering if it’s possible to add a class to a node that runs server side.
example: server adds tsm node, client configures it’s tsm client
server connects to netapp and creates nfs share, client mounts the share
triggered by a client puppet agent
thanks in advance
funksen
↧
run class server side
↧
server side
hi,
I’m wondering if it’s possible to add a class to a node that runs server side.
example: server adds tsm node, client configures it’s tsm client
server connects to netapp and creates nfs share, client mounts the share
triggered by a client puppet agent
thanks in advance
funksen
↧
↧
Access Remote Facts
Because puppet doesn't allow client to master transferring of files, I was planning to use custom facts to get some client node files. I'm wondering how I can access facts on a remote client from the puppet master.
↧
Facter wildcard
Hi,
for a non-Puppet related issue I need to compile a list of all bound IP-addresses. I've tried `ip -o a`, but I've realized Puppet's installed anyway, so utilizing `facter` providing data in a more structured fashion is very welcome. I'm writing a _shell_ script, since I think it's gonna be less than 28 lines (and it has to remain maintainable for fellow devops).
However, `facter networking.interfaces` outputs still too much, so I attempted `facter networking.interfaces.*.bindings` but that doesn't output anything.
Doesn't `facter` support wildcards, does it? If it doesn't, any suggestions for a neat approach filtering out just the addresses? `grep(1)` is no solution, and ideally I don't have to install any additional tools.
↧
[Satellite 6] Access SAT6 global parameter in file template
Setup:
Global parameter 'webserver' set to true in SAT6
I have params.pp manifest that sets default values and pulls the values from SAT6:
class hardeningrhel::params (
$webserver = 'false'
) {}
init.pp:
class hardeningrhel::init (
$webserver = hardeningrhel::params::webserver
) {
contains webserver.pp
}
webserver.pp:
class hardeningrhel::webserver {
file { "/etc/test.txt":
content => template('hardeningrhel/limits.conf.erb
}
}
limits.conf.erb:
#example text
<% if @webserver == 'true' -%>
I am a webserver<% end %->
/etc/test.txt is not populated with "I am a webserver" when ran. How can I access SAT6 global params in puppet templates?
↧
↧
Cron - Puppet not detecting 00 is the same as 0
Dear All,
I have created a cron manifest that is deploying a scheduled job successfully but I noticed that on some nodes the job was already in place. Puppet is adding a new entry even if the entry already existed in crontab. I have noticed that the minute field is being created by puppet as 0 as opposed to 00 hence it is not matching the existing rule. Can it be enforced so that puppet creates the entry as 00 ?
↧
puppet firewall rules not working as expected
I am having an issue that I cannot figure out in regards to the firewall module syntax, and source natting.
c111tqc-vm29:~ # iptables -n -t nat --list --line-numbers
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 SNAT udp -- 0.0.0.0/0 10.0.0.0/8 multiport dports 53 /* 600 Snat to Primary IP */ to:10.220.30.123
2 SNAT tcp -- 0.0.0.0/0 10.0.0.0/8 multiport dports 53 /* 605 Snat to Primary IP */ to:10.220.30.123
Here's my relevant puppet syntax code:
firewall { '600 Snat to Primary IP':
chain => 'POSTROUTING',
jump => 'SNAT',
proto => 'udp',
destination => '10.0.0.0/8',
table => 'nat',
dport => '53',
tosource => $facts['networking']['ip'],
}
firewall { '605 Snat to Primary IP':
chain => 'POSTROUTING',
jump => 'SNAT',
proto => 'tcp',
destination => '10.0.0.0/8',
table => 'nat',
dport => '53',
tosource => $facts['networking']['ip'],
}
As you can see above, when running "iptables -n -t nat --list --line-numbers", it's showing multiport dports 53... I am not sure if the puppet code is interpreting my puppet syntax incorrectly, or i am not giving it the correct syntax.
The actual iptables command line equivalent should be this:
iptables -t nat -I POSTROUTING -d 10.0.0.0/8 -j SNAT -p tcp --dport 53 --to-source 10.220.30.123
that produces below when running "iptables -t nat --list". That is what I want it to show. It's not a cosmetic issue either as I've tested the behavior, and it's not working as I wanted. Basically, I want to source NAT to 10.220.30.123 if it matches the destination being 10.0.0.0/8 network and the destinaton port is 53.
8 SNAT tcp -- 0.0.0.0/0 10.0.0.0/16 tcp dpt:53 to:10.220.30.123
↧
puppetdb service fails every few hours on puppet enterprise
On puppet enterprise master server - the jvm memory options arguments are reverted to using `-Xmx256m -Xms256m` that causes the pe-puppetdb service to fail.
I change the /etc/sysconfig/pe-puppetdb to have the `JAVA_ARGS="-Xmx1024m -Xms1024m..";` but these settings are automatically reverted to using `-Xmx256m -Xms256m` that causes the pe-puppetdb service to fail. This causes the puppet agent nodes to not be able communicate with puppet server and retrieve their catalog from puppet master via the puppetdb.
Below is the error:
Warning: Error 500 on SERVER: Server Error: Failed to find facts from PuppetDB at c3pupmast01.defensetravel.osd.mil:8140: Failed to execute '/pdb/query/v4/nodes/progress.c3web02-devlm.defensetravel.osd.mil/facts' on at least 1 of the following 'server_urls': https://c3pupmast01.defensetravel.osd.mil:8081
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Failed to execute '/pdb/cmd/v1?checksum=d2933472bc9c82dca6d898ddabb279129620669c&version=5&certname=progress.c3web02-devlm.defensetravel.osd.mil&command=replace_facts&producer-timestamp=1522097431' on at least 1 of the following 'server_urls': ..
↧
Heels are a women's good friend. They are incredible for your posture and make our legs look fantastic.
High heels are a women's good friend. They are awesome for your posture and make our legs look great. Moreover they make you feel very elegant and sexy. One minor detail
↧
↧
Unable to Install Windows Installer exe with windows provider
Hi all,
I am attempting to install an installer exe using the Windows provider. I have an Ubuntu puppet server 5.5.0 communicating with a Windows 10 computer agent of the same version.
The agent is communicating with the server and I am able to run the command "puppet agent --test" to apply changes using the file resource.
However, when I attempt to use this command with a Windows provider and package, it fails. I have one file /etc/puppetlabs/code/environments/production/init.pp defined in the manifest folder used for production. The git installer is present where stated in the manifest file init.pp. Here is the contents of init.pp:
class myinstaller2 {
package { "Git version 2.16.2":
ensure => installed,
#source => ["puppet:///modules/filetest/EuroNavController_Setup.exe"],
source => ['C:\SEP\Git-2.16.2-64-bit.exe'],
install_options => ['/SILENT'],
uninstall_options => ['/SILENT'],
}
}
node 'windows10demo' {
include myinstaller2
}
Here is the output on the agent:
C:\windows\system32>puppet agent --test
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Loading facts
Info: Caching catalog for windows10demo
Info: Applying configuration version '1522172572'
Error: Don't know how to install '["C:\\SEP\\Git-2.16.2-64-bit.exe"]'
Error: /Stage[main]/Myinstaller2/Package[Git version 2.16.2]/ensure: change from 'absent' to 'present' failed: Don't know how to install '["C:\\SEP\\Git-2.16.2-64-bit.exe"]'
Notice: Applied catalog in 0.04 seconds
C:\windows\system32>
Manifest location is confirmed to be where I thought:
root@master-Z97X-Gaming-3:/etc/puppetlabs/code/environments/production/manifests# puppet config print manifest --section master --environment production
Resolving settings from section 'master' in environment 'production'
/etc/puppetlabs/code/environments/production/manifests
↧
logicmonitor puppet module using PUT instead of PATCH
I have some custom properties set up on my logicmonitor account. I set up new devices to be monitored, using puppet (managed by Foreman). This works great for deploying new servers, but puppet is overwriting my custom properties. When I asked logicmonitor support, they said it was because puppet was using the HTTP method PUT instead of PATCH. Has anyone had any luck getting puppet to use PATCH for logicmonitor?
thanks,
Brian Minton
↧
PDK Convert and module_name variable
How can retrieve the **module_name** variable value when I execute **pdk convert** with a specific template directory.
My **spec_helper_acceptance** has a reference to this value
<% name = @configs['module_metadata']['name'] rescue '' %>
But is not populated during the **pdk convert** process.
↧
puppet agent change tmp folder
Hello fellow-puppeteers,
I have been searching for some time now to see how i can change the puppet agent tmp folder used for storing uploaded binaries to be installed and other stuff.
We are currently using puppet enterprise version v2017.2.2 on centos 7 linux systems.
Thing is that our security officer does not want to have the /tmp folder remounted with exec rights, which is apparantly required to be able to install binaries via puppet.
I saw information about how to change it for the puppet server using specific java arguments, but this does not apply to the agents.
Any help on this matter would be greatly appreciated since i have been searching online for information some time now...
Thank you for any response.
Marcel
↧
↧
proper way to define/lookup hash?
I have the following in my node yaml:
profile::named::servers:
- id: 'caspersb-sdns01'
address: '192.168.20.6'
- id: 'caspersb-sdns02'
address: '192.168.20.7'
I'm trying to capture the value in a pp file with this:
$servers = lookup('profile::named::servers', {value_type => Hash[String, String], default_value => ''})
Then I have some iteration work in a template that would go through using server['id'], etc. However, when I run a test, this errors with "Expected hash., got tuple"
Am i defining the hash incorrectly or trying to access it incorrectly?
↧
my autosign script passes cli tests, but fails when invoked by puppet master
`puppet config print autosign --section master` gives me a full readable path to an autosign.sh script which `exit $?` to give me a 0 for thumbs up and a 1 or perhaps some other non-successful grep return code if it fails. It also echos some progress indicators to STDERR.
I try to get a new certificate by kicking off a build on the jenkins server, it takes its 600s to time out.
It reports `csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml`,
but then also gives me this at 20s intervals for ten minutes: `Notice: Did not receive certificate`
If I then run the script at the command line, with the expected argument and the cert redirected on STDIN, like so:
`/etc/puppetlabs/puppet/autosign.sh thisapp00046.jenkinsagent.example.com < /etc/puppetlabs/puppet/ssl/ca/re
quests/thisapp00046.jenkinsagent.example.com.pem`
the expected file gets created, and evaluated and I get anticipated results: 0, success, yet no certificate is signed, and the csr remains in my sslca/requests folder.
I am expecting to see the STDERR from my autosign.sh script in the jenkins console, but am not, so wonder what might be amiss, that it is perhaps not getting run, in spite of what `puppet config print autosign --section master` might report after a restart.
What might I be missing please?
↧
Puppetfile not using latest commit from feature branch
Hi All,
I'm currently using Puppet enterprise, and using a puppetfile to manage my custom modules.
E.g. (inside puppetfile)
**mod 'foo_module', :ref => 'feature_branch', :git => '-gitlink-'**
When I make a new commit to the foo_modules feature branch in the foo_module repository, puppet agents don't see those updates, and therefore dont pick up new development work. This is an issue as it means for every development update I make, I need to update the puppetfile using the latest commit hash instead of it automatically updating.
For reasons I wont go into, using puppet apply and avoiding puppetfile altogether is not appropriate currently.
Is there a way to force the puppetfile to apply the latest commit without explicitly stating it?
↧
Puppetfile does not use latest commit on referenced module
Hi All,
I'm currently using Puppet enterprise, and using a puppetfile to manage my custom modules.
E.g. (inside puppetfile)
**mod 'foo_module', :ref => 'feature_branch', :git => '-gitlink-'**
When I make a new commit to the foo_modules feature branch in the foo_module repository, the puppet master does not appear to check for new updates, and therefore don't see those updates, and therefore require the main puppet repo to be updated before it will pick up changes. This is an issue as it means for every development update I make, I need to update the puppetfile instead of it automatically updating the latest changes. For reasons I wont go into, puppet applying the modules locally is not appropriate currently.
Is there a way to force it to apply the latest commit without explicitly stating it? Or is this not possible with the current way the puppet master handles code updates?
↧
↧
Installed PuppetMaster, cannot find puppet.conf file in /etc
.
Installed PuppetMaster, cannot find puppet.conf
--> Finished Dependency Resolution
Error: Package: 1:ruby-shadow-2.2.0-2.el7.x86_64 (puppetlabs-deps)
Requires: libruby.so.2.0()(64bit)
Error: Package: ruby-augeas-0.4.1-3.el7.x86_64 (puppetlabs-deps)
Requires: libruby.so.2.0()(64bit)
Error: Package: puppet-3.8.7-1.el7.noarch (puppetlabs-products)
Requires: systemd
Error: Package: ruby-augeas-0.4.1-3.el7.x86_64 (puppetlabs-deps)
Requires: ruby(release) = 2.0.0
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest
[root@localhost ~]#
Kindly advise
↧
Chaining arrows Style not clear enough
Hi!
After reading the documentation it is not clear where the resource must be set.
According to this part of the documentation [https://puppet.com/docs/puppet/5.5/style_guide.html#chaining-arrow-syntax] the resource must be always to the right of the arrow.
But in this other part of the documentation [https://puppet.com/docs/puppet/5.5/lang_relationships.html#syntax-chaining-arrows], when chaining resource declaratios, they appear in the line immediately below breaking the Style guide rule.
Also puppet-lint complains about this.
Please could you clearly state what is the right form?
↧
package update failing with multilib version error
i am trying to install the libgcc.i686 package. it's failing with multilib version error in centos 7 as the libgcc x64 version is older than the libgcc.i686 version which puppet is trying to install.
How do i install the exact version of my libgcc.x64 or update this x64 version of libgcc then install the libgcc.i686 package.
if i use latest variable then it will always make it to latest which i dont want it.
↧