Tuesday, 2008-04-08

[2008/04/08 00:00:23] <ashp> oh, now I took the time to write all this out I immediately solved my own problem (OF COURSE)
[2008/04/08 00:01:41] <Volcane> what was the problem? :)
[2008/04/08 00:01:57] <ashp> I had somehow grabbed ruby-shadow for RHEL4
[2008/04/08 00:01:59] <ashp> not 5 :)
[2008/04/08 00:02:22] <ashp> i'm surprised it let me install it without an error or even warning
[2008/04/08 00:02:46] <Volcane> heh
[2008/04/08 00:03:41] @ jfluhmann joined channel #puppet
[2008/04/08 00:14:40] @ Quit: johnf: Read error: 110 (Connection timed out)
[2008/04/08 00:15:43] @ brscott joined channel #puppet
[2008/04/08 00:16:02] @ rabbit7 joined channel #puppet
[2008/04/08 00:16:03] @ brscott left channel #puppet ()
[2008/04/08 00:16:18] <rabbit7> hey, is there a way to force puppetmaster to recompile a configuration ?
[2008/04/08 00:18:12] <duritong> from the client with --test afait
[2008/04/08 00:19:04] @ Quit: peterhoeg: Remote closed the connection
[2008/04/08 00:24:09] @ lak joined channel #puppet
[2008/04/08 00:29:59] @ jgonzalez left channel #puppet ()
[2008/04/08 00:37:23] <ashp> morning lak
[2008/04/08 00:39:20] @ stick joined channel #puppet
[2008/04/08 00:43:12] <stevenjenkins> hi lak.
[2008/04/08 00:43:15] <lak> hi
[2008/04/08 00:45:38] @ jvanzyl joined channel #puppet
[2008/04/08 00:45:43] @ shake-n-bake joined channel #puppet
[2008/04/08 00:48:52] <ashp> hmm, my first test with .4, lets see if it adds the shadow passwords in the initial run now :)
[2008/04/08 01:08:20] @ martha joined channel #puppet
[2008/04/08 01:19:49] @ Quit: kolla: Remote closed the connection
[2008/04/08 01:24:42] @ Quit: shake-n-bake:
[2008/04/08 01:24:48] @ markl__ joined channel #puppet
[2008/04/08 01:26:58] @ Quit: Innocenti: Client Quit
[2008/04/08 01:30:35] @ Quit: jvanzyl:
[2008/04/08 01:31:06] @ Quit: tim\|mb: "This computer has gone to sleep"
[2008/04/08 01:39:19] @ ckm joined channel #puppet
[2008/04/08 01:43:47] @ Quit: stick: Read error: 110 (Connection timed out)
[2008/04/08 01:47:34] @ huggie joined channel #puppet
[2008/04/08 01:48:34] @ Quit: f--z: "KVIrc 3.2.5 Anomalies http://www.kvirc.net/"
[2008/04/08 01:49:24] <huggie> Hi all. I'm seeing: err: Could not run Puppet::Network::Client::Master: Could not understand configuration: syntax error on line 384, col -1: ` Which looks a bit like: http://marc.info/?l=puppet-users&m=119951617819990&w=2 and was solved by an update to ruby (http://marc.info/?l=puppet-users&m=119987041026682&w=2) but updating ruby to 1.8.5 didn't seem to help me. Anyone any ideas of how I can debug it?
[2008/04/08 01:51:35] * Volcane 's never seen template length related issues
[2008/04/08 01:51:47] <Volcane> but my templates are small
[2008/04/08 01:51:55] <huggie> Oh hi Volcane.
[2008/04/08 01:52:24] <Volcane> hey huggie :) hows things?
[2008/04/08 01:52:38] <Volcane> what you up too post bcn?
[2008/04/08 01:53:40] * huggie takes that bit to /msg
[2008/04/08 01:53:51] <huggie> But the files I want to generate aren't /that/ big.
[2008/04/08 01:54:16] <huggie> It's possible I broke it all horribly :)
[2008/04/08 01:57:34] @ Quit: stevil: Read error: 110 (Connection timed out)
[2008/04/08 02:01:32] @ jvanzyl joined channel #puppet
[2008/04/08 02:03:48] <rabbit7> how can i create an empty directory in a class ?
[2008/04/08 02:05:05] <Volcane> File{"/blah":
[2008/04/08 02:05:08] <Volcane> ensure => directory
[2008/04/08 02:05:08] <Volcane> }
[2008/04/08 02:06:12] [msg(#puppet)] ::puppet:: Ticket #1179 (enhancement created): Allow to use a single attribute in LDAP to define variables in P... @ http://reductivelabs.com/trac/puppet/ticket/1179
[2008/04/08 02:09:52] <rabbit7> thanks
[2008/04/08 02:10:06] @ tlockney joined channel #puppet
[2008/04/08 02:12:42] @ Quit: oxtail: "Bye for now..."
[2008/04/08 02:13:53] * Volcane really dislikes the new nagios classes
[2008/04/08 02:14:39] <lak> Volcane: you're welcome to pay me to fix them, since someone else paid me to develop them :)
[2008/04/08 02:14:51] <Volcane> hehe
[2008/04/08 02:15:03] <Volcane> the namevar being service_description :(
[2008/04/08 02:15:17] * Volcane was writing patches to start including missing parameters
[2008/04/08 02:15:22] <Volcane> but then came across that
[2008/04/08 02:15:59] <Volcane> would really love to have many serrvices (on diff hosts) with the same description
[2008/04/08 02:16:01] <ashp> i wish osx was capable of displaying monotype fonts that aren't an inch thick
[2008/04/08 02:17:11] <Volcane> ashp: monaco 10 looks ok?
[2008/04/08 02:17:39] @ Quit: ckm: Read error: 110 (Connection timed out)
[2008/04/08 02:18:19] <ashp> I wanted the fonts bigger, but yeah, monaco 10 is all I can stand
[2008/04/08 02:18:28] <ashp> I tried consolas, and others, anti-aliased and bigger
[2008/04/08 02:18:31] <ashp> but it just looks a mess
[2008/04/08 02:18:36] <Volcane> yeah annoyingly mondaco 11 looks really bad
[2008/04/08 02:18:48] <Volcane> monaco even
[2008/04/08 02:18:57] <Volcane> would go a bit bigger on my 24" screen ideally
[2008/04/08 02:19:07] <ashp> I just wish I could override the massive cleartype attempt on terminal, and set it to light
[2008/04/08 02:19:19] <ashp> because it overblurs any monotype fonts at a bigger size
[2008/04/08 02:19:39] @ stick joined channel #puppet
[2008/04/08 02:20:00] <Volcane> iterm does kind of useful anti aliasing that seems to make things a bit better
[2008/04/08 02:20:23] <lak> iterm seems to render text differently every time i restart it
[2008/04/08 02:20:25] <lak> it's very strange
[2008/04/08 02:20:29] <Volcane> hehe
[2008/04/08 02:20:41] <huggie> Gah. This works fine if my template (that I parse into a variable and put into another tmeplate) is the first 175 bytes but the longer (6092 byte) one fails.
[2008/04/08 02:21:43] <lak> huggie: $10 says it's the ruby version on your server
[2008/04/08 02:22:04] <huggie> lak: I upgraded to 1.8.5. What should I be running?
[2008/04/08 02:22:09] <lak> on the server?
[2008/04/08 02:22:15] <lak> and you restarted the server process?
[2008/04/08 02:22:24] <huggie> Oh, hrm, server.
[2008/04/08 02:22:29] <huggie> No, I upgraded the client.
[2008/04/08 02:22:38] <lak> the templates are all interpreted on the server
[2008/04/08 02:22:56] @ Quit: wrobel: Read error: 104 (Connection reset by peer)
[2008/04/08 02:23:03] <lak> the client doesn't know whether a string was created with a template or just statically declared or whatever
[2008/04/08 02:25:28] <ashp> hmm i'm surprised there's no existing module that handles setting up puppetmaster, I would have figured there'd be lots of examples of that :)
[2008/04/08 02:25:39] <Volcane> heh
[2008/04/08 02:26:26] <Volcane> lak: is it hard to create namvars that is for example a concat of service_description + hostname? for example?
[2008/04/08 02:26:47] <Volcane> cos i understand why service description was chosen - cos naginator needs to parse the stuff and uniquely identify them
[2008/04/08 02:26:50] <huggie> lak: Woo I owe you $10 :D
[2008/04/08 02:27:02] @ wrobel joined channel #puppet
[2008/04/08 02:28:03] @ stevil joined channel #puppet
[2008/04/08 02:29:27] <lak> Volcane: yes, it's hard to create composite namevars
[2008/04/08 02:29:35] <lak> but it's getting closer to being possible
[2008/04/08 02:29:37] <Volcane> lak: ah :(
[2008/04/08 02:29:41] <Volcane> lak: ok
[2008/04/08 02:29:47] <lak> the work i committed last week is the last major step toward making it at least possible
[2008/04/08 02:29:54] <lak> but it didn't actually add the ability
[2008/04/08 02:30:46] <Volcane> kewl, last time i saw teh code behind some of this was on debugging the interface type, and that was scary so I'll just trust you on that :P I abstraced the code to actually make the files into a define
[2008/04/08 02:31:03] <Volcane> so now i am just using a template, once the ability to make better namevars exist I can easily switch to the native types
[2008/04/08 02:32:40] @ Quit: DerekW: "Leaving"
[2008/04/08 02:33:47] @ shake-n-bake joined channel #puppet
[2008/04/08 02:34:38] @ pleemans joined channel #puppet
[2008/04/08 02:36:34] @ shake-n-bake_ joined channel #puppet
[2008/04/08 02:39:05] @ Quit: mikepea: Read error: 113 (No route to host)
[2008/04/08 02:43:11] <ashp> oh god, this got complicated fast
[2008/04/08 02:43:20] <ashp> first it was 'install puppetmaster', then 'svn', then 'apache for svn'..
[2008/04/08 02:45:37] @ kolla joined channel #puppet
[2008/04/08 02:49:56] @ Quit: shake-n-bake: Read error: 110 (Connection timed out)
[2008/04/08 02:58:23] @ plathrop_ joined channel #puppet
[2008/04/08 02:59:07] <shiruken> now it's "build a superconducting clear aluminum" ?
[2008/04/08 02:59:31] @ Quit: plathrop: "leaving"
[2008/04/08 02:59:54] @ plathrop_ is now known as plathrop
[2008/04/08 03:03:22] @ ckm joined channel #puppet
[2008/04/08 03:10:25] @ Quit: stick: Nick collision from services.
[2008/04/08 03:12:41] @ ckm is now known as stick
[2008/04/08 03:12:44] <ashp> i'm up to 'build a space elevator' at this point
[2008/04/08 03:12:44] <shiruken> 're-implement ruby in tcl;'
[2008/04/08 03:12:44] <ashp> i have to work out the nice way to have an apache module, but allow servers to include all kinds of different configurations
[2008/04/08 03:12:45] <ashp> i'll probably reinvent the wheel ten times
[2008/04/08 03:16:45] @ shadoi joined channel #puppet
[2008/04/08 03:21:51] <plathrop> lak: I tried out the stub stuff this weekend and couldn't get it right. Is there any examples in the codebase I can look at?
[2008/04/08 03:22:07] <lak> which stuff, again?
[2008/04/08 03:22:47] <ashp> I should be able to include modules from other modules, right?
[2008/04/08 03:22:59] <ashp> So I can have a puppetmaster/ and svn/ module, and include svn from puppetmaster?
[2008/04/08 03:23:26] <plathrop> For the loadedfile unit tests, you suggested I stub out the stat method of File so we don't have to have sleep calls which make the test take 20 seconds.
[2008/04/08 03:24:20] @ Quit: Wakko666: "Leaving."
[2008/04/08 03:24:24] <lak> ah, right
[2008/04/08 03:25:29] <lak> plathrop: look on line 212 in spec/unit/ral/type/schedule.rb
[2008/04/08 03:25:42] <lak> in your case, you'd want to stub it to return something like (Time.now - 20)
[2008/04/08 03:25:52] <lak> which would be the equivalent of sleeping 20 seconds
[2008/04/08 03:26:18] <plathrop> lak: Thanks, I'll look and see if that helps me digest it.
[2008/04/08 03:26:25] <lak> you just need to hunt down the code the gets the current timestamp, and stub that to return one time
[2008/04/08 03:26:39] <lak> and then stub the code that returns the second time
[2008/04/08 03:26:50] <lak> such that when they get compared, there's a time difference
[2008/04/08 03:27:43] @ andrewcshafer joined channel #puppet
[2008/04/08 03:27:52] <plathrop> lak: Those examples definitely help clear things up. Hopefully I'll have loadedfile finished tonight :-)
[2008/04/08 03:27:57] <lak> cool
[2008/04/08 03:29:18] <ashp> Apr 7 13:04:40 hlstestrhel01 puppetmasterd[22210]: Could not find resource type svn::repo at /etc/puppet/modules/puppetmaster/manifests/init.pp:12 on node hlslinutil02.law.harvard.edu
[2008/04/08 03:29:30] <ashp> it's weird as i include svn, and have the define svn::repo{} right in there
[2008/04/08 03:30:39] @ Wakko666 joined channel #puppet
[2008/04/08 03:31:23] <shadoi> ashp: this is a bug I ran into, it doesn't autoload defines for some reason
[2008/04/08 03:31:33] <shadoi> ashp: you have to specifically import the file
[2008/04/08 03:31:49] <ashp> well what I have is svn/manifests/init.pp and the define is in there
[2008/04/08 03:31:50] <shadoi> I haven't figured out where the issue is
[2008/04/08 03:31:55] <ashp> I'll have to include svn::init then?
[2008/04/08 03:32:09] <shadoi> ah that's weird, is the define in a class in init.pp?
[2008/04/08 03:32:20] <ashp> yes, class svn {}
[2008/04/08 03:32:25] <ashp> i have class svn, the define is in that
[2008/04/08 03:32:33] <shadoi> very strange
[2008/04/08 03:32:39] <ashp> then in the module puppetmaster I have in init.pp, inside the puppetmaster class, include svn, then i call the define
[2008/04/08 03:33:08] <shadoi> yeah I think there's a problem with the parser for defines
[2008/04/08 03:33:26] <shadoi> ashp: try putting the define in a repo.pp inside your svn module and import it
[2008/04/08 03:33:44] <shadoi> (in the svn module should be sufficient)
[2008/04/08 03:34:38] <ashp> ok
[2008/04/08 03:34:52] <ashp> just a straight include svn::repo in class svn?
[2008/04/08 03:36:08] <ashp> oh, import, i don't normally mess with that, hang on
[2008/04/08 03:36:43] <shadoi> yeah import the file explicitly
[2008/04/08 03:37:10] <ashp> aha, hang on
[2008/04/08 03:37:16] <ashp> now after moving it, it can't find class svn
[2008/04/08 03:37:31] <ashp> which means I can't import classes from other modules within modules?
[2008/04/08 03:37:44] <ashp> Maybe as it's meant to be self contained?
[2008/04/08 03:38:29] <ashp> i was hoping to have a generic svn module I could use for stuff, and just include it within puppetmaster's module, for ease of ensuring no depedencies got missed and it didn't need listing elsewhere
[2008/04/08 03:43:26] @ Quit: zobbo: Read error: 113 (No route to host)
[2008/04/08 03:47:56] <ashp> i'm not sure how to fix this :/
[2008/04/08 03:49:53] @ dysinger joined channel #puppet
[2008/04/08 03:52:31] <shadoi> ashp: yeah I meant that you should import the define in the init.pp for the svn module
[2008/04/08 03:52:40] @ flakrat joined channel #puppet
[2008/04/08 03:52:42] <shadoi> then you should be able to use the define in other modules
[2008/04/08 03:52:49] <ashp> shadoi: but the trouble is puppetmaster/ can't even see class svn anymore
[2008/04/08 03:53:03] <ashp> Maybe I need to import svn
[2008/04/08 03:53:05] <shadoi> that must be a syntax issue then
[2008/04/08 03:53:07] <ashp> rather than just doing include svn
[2008/04/08 03:53:29] <ashp> I think the issue is when I do 'include svn' in class puppetmaster
[2008/04/08 03:53:30] <shadoi> no the module autoloading should work fine for that
[2008/04/08 03:53:34] <ashp> it doesn't check other .. oh, hmm
[2008/04/08 03:53:42] <ashp> in that case I can't figure it out, i guess i should prepare a pastebin
[2008/04/08 03:53:47] <shadoi> pastie your svn init.pp?
[2008/04/08 03:53:52] <shadoi> yeah :)
[2008/04/08 03:54:50] <ashp> http://pastebin.com/d27fb6efb
[2008/04/08 03:54:57] <ashp> ok, that's puppetmaster/ and svn/'s init and the error
[2008/04/08 03:55:00] <ashp> see if that makes some sense
[2008/04/08 03:55:59] <shadoi> take the import out of the svn class
[2008/04/08 03:56:14] <shadoi> shouldn't be an issue but put it at the top of the init.pp
[2008/04/08 03:56:51] <shadoi> ah and you need quotes around repo.oo
[2008/04/08 03:56:55] <shadoi> repo.pp*
[2008/04/08 03:57:06] <ashp> ok
[2008/04/08 03:57:23] <shadoi> what I do in my modules is a generic "import definitions/*.pp" and put all my definitions in that dir
[2008/04/08 03:57:34] <holoway> me too, fwiw
[2008/04/08 03:57:39] <shadoi> import "definitions/*.pp"
[2008/04/08 03:57:43] <shadoi> rather
[2008/04/08 03:57:46] <ashp> i might start doing that then
[2008/04/08 03:57:56] <ashp> what root does this start looking from as it failed to find repo.pp
[2008/04/08 03:58:03] <ashp> do i need to do import "svn/manifests/repo.pp"?
[2008/04/08 03:58:05] <shadoi> module/manifests
[2008/04/08 03:58:10] <shadoi> is the root
[2008/04/08 03:58:23] <ashp> oh, i know the flaw with this bit
[2008/04/08 03:58:34] <ashp> hmm, lets see
[2008/04/08 03:58:45] <ashp> back to 'can't find class svn in namespace puppetmaster
[2008/04/08 04:01:52] @ f--z joined channel #puppet
[2008/04/08 04:02:08] <ashp> hmm, do you do anything in sites.pp that includes importing modules?
[2008/04/08 04:02:14] <shadoi> no
[2008/04/08 04:02:27] <shadoi> you can put all defines there and do without namespacing... if you wanted.
[2008/04/08 04:02:41] <shadoi> if they're used between modules it may make more sense anyway
[2008/04/08 04:02:59] <ashp> i just wanted to check if i was doing things wrong and should be importing modules
[2008/04/08 04:03:17] <ashp> i actually found for some reason i was attempting to import four modules in site.pp
[2008/04/08 04:03:20] <shadoi> nope, that's part of the benefits of using modules.. autoloading by naming convention.
[2008/04/08 04:03:32] <ashp> i just removed those and now i have a different error, so I may have screwed something up with my accidental importing
[2008/04/08 04:03:39] <shadoi> nod
[2008/04/08 04:03:54] <holoway> we generally don't namespace our defines for that reason
[2008/04/08 04:03:56] <ashp> i guess until now it went unnoticed as other things worked (somehow)
[2008/04/08 04:04:12] <ashp> i think i'll just move to importing defines elsewhere like you said, and importing that into modules
[2008/04/08 04:04:27] @ Quit: f--z: Client Quit
[2008/04/08 04:04:53] <holoway> since I usually want them to feel like "native" types in the manifest
[2008/04/08 04:04:53] <holoway> we have stuff like rails_app { .. } instead of rails::app { }
[2008/04/08 04:06:14] <ashp> i guess my defines so far are so specific they would only ever be used in context of svn
[2008/04/08 04:06:23] <ashp> so i figured i'd leave them specific
[2008/04/08 04:06:27] <holoway> makes total sense
[2008/04/08 04:06:30] <ashp> this is probably something thats more of an issue as things grow
[2008/04/08 04:06:51] <holoway> I think it's a style thing more than anything
[2008/04/08 04:09:57] <shadoi> less of a mental block to a flat namespace for most people I think
[2008/04/08 04:10:11] * holoway nods
[2008/04/08 04:10:35] <holoway> it made sense in my head since I'm "defining" a new type
[2008/04/08 04:12:28] <shadoi> I think a lot of people think of definitions as functions when they're new to puppet, it causes all sort of issues.
[2008/04/08 04:13:42] @ Quit: roald: "KVIrc 3.2.6 Anomalies http://www.kvirc.net/"
[2008/04/08 04:29:08] @ Quit: andrewcshafer:
[2008/04/08 04:34:29] @ andrewcshafer joined channel #puppet
[2008/04/08 04:41:16] <plathrop> Huh, I really don't understand why this isn't working...
[2008/04/08 04:41:20] <plathrop> pastie: Give me a link.
[2008/04/08 04:44:08] <pastie> http://pastie.org/176674 by plathrop.
[2008/04/08 04:45:16] <plathrop> lak: When you have a second, can you look at the link and tell me what I'm doing wrong? It's almost as if the stub method is being ignored entirely.
[2008/04/08 04:48:18] <holoway> plathrop: does puppet use something other than the regular rspec mock/stubs?
[2008/04/08 04:48:46] <plathrop> holoway: I'm not entirely sure. I'm following Luke's example from another file. Why do you ask?
[2008/04/08 04:49:20] <holoway> pastie: url me
[2008/04/08 04:51:35] <pastie> http://pastie.org/176678 by holoway.
[2008/04/08 04:51:58] @ \ask joined channel #puppet
[2008/04/08 04:52:55] <plathrop> holoway: Yeah, Puppet must be using something else, because when I try that syntax I get undefined method `stub!' for File::Stat:Class
[2008/04/08 04:53:54] <holoway> ahh
[2008/04/08 04:53:57] <plathrop> Looks like mocha
[2008/04/08 04:55:33] @ Quit: kolla: Read error: 113 (No route to host)
[2008/04/08 04:58:34] <plathrop> Ah ha!
[2008/04/08 04:58:36] <plathrop> Figured it out.
[2008/04/08 04:58:45] <plathrop> holoway: If you're curious I'll paste it.
[2008/04/08 05:00:43] @ zobbo joined channel #puppet
[2008/04/08 05:09:32] <lak> holoway: puppet uses mocha for mock and stubs
[2008/04/08 05:10:09] <lak> plathrop: the problem with that is that you're stubbing a class method
[2008/04/08 05:10:13] <lak> you need something like:
[2008/04/08 05:10:25] <lak> stat = stub 'stat', :ctime => faketime
[2008/04/08 05:10:36] <lak> File.stubs(:stat).returns(stat)
[2008/04/08 05:10:59] <lak> you're creating a fake stat object, which will get returned when the file is stat'ed
[2008/04/08 05:13:15] <plathrop> lak: Okay, that makes more sense. Thanks.
[2008/04/08 05:18:52] <lak> np
[2008/04/08 05:20:00] @ Quit: lak:
[2008/04/08 05:21:13] @ Quit: morfoh: Read error: 104 (Connection reset by peer)
[2008/04/08 05:33:40] @ Quit: Ned_: Read error: 104 (Connection reset by peer)
[2008/04/08 05:35:16] @ Quit: dysinger:
[2008/04/08 05:40:17] @ lak joined channel #puppet
[2008/04/08 05:46:54] @ flakrat_ joined channel #puppet
[2008/04/08 06:06:05] @ mikepea joined channel #puppet
[2008/04/08 06:12:29] <ashp> i can use facter facts in erb files, right?
[2008/04/08 06:13:09] <holoway> ashp: yep!
[2008/04/08 06:13:18] <ashp> good, that makes generating hosts easy at least :)
[2008/04/08 06:13:28] <holoway> lak: I just updated #1177
[2008/04/08 06:13:31] <gepetto_> holoway: lak: #1177 is http://reductivelabs.com/trac/puppet/ticket/1177 "One cannot test within a template for whether a variable or fact is defined"
[2008/04/08 06:13:31] <ashp> i don't have access to our dns so i am just kludging a puppet entry into hosts
[2008/04/08 06:13:50] <holoway> is there already someplace you are testing the TemplateWrapper?
[2008/04/08 06:14:53] <lak> if at all, it'd be in the template function
[2008/04/08 06:15:07] <lak> i consider it a hidden class, mostly, so i only test its affects, i think
[2008/04/08 06:15:18] <lak> but you can look in test/language/functions.rb
[2008/04/08 06:15:22] <holoway> so where would you want a test for that has_variable? stuff
[2008/04/08 06:15:24] <lak> or maybe spec/unit/parser/functions.rb
[2008/04/08 06:15:38] <lak> it probably makes sense to directly test the class, in that case
[2008/04/08 06:15:59] <holoway> ok
[2008/04/08 06:16:15] <holoway> I'm pretty sure that variable.nil? won't work, since we'll still get the exception on an undefined variable
[2008/04/08 06:17:10] <lak> holoway: just so you know, i'm on the bugs list, so i get copies of all ticket changes :)
[2008/04/08 06:17:28] <lak> i wasn't sure if i'd set things up to throw an exception on a missing value, or just return nil
[2008/04/08 06:17:32] <lak> apparently an exception
[2008/04/08 06:17:39] <holoway> ya, I mostly just wanted a pointer to the place to test it
[2008/04/08 06:18:17] <lak> ok
[2008/04/08 06:19:09] <shadoi> holoway: I often monkey patch nil? and rescue with false
[2008/04/08 06:19:10] <shadoi> heh
[2008/04/08 06:19:24] <tim\|imac> velocity looks way cool... wish i was rich
[2008/04/08 06:24:10] @ Quit: rodjek: Read error: 128 (Network is unreachable)
[2008/04/08 06:24:28] @ jeffl joined channel #puppet
[2008/04/08 06:26:57] @ rodjek joined channel #puppet
[2008/04/08 06:27:33] @ Quit: lak:
[2008/04/08 06:31:59] @ elrako joined channel #puppet
[2008/04/08 06:33:35] @ Quit: Zothar_Work: "ChatZilla 0.9.81 [Firefox 2.0.0.13/2008031115]"
[2008/04/08 06:34:19] @ kolla joined channel #puppet
[2008/04/08 06:39:54] <hacim> is 'status' a reserved word in puppet? I made a class called status and included it, and nothing in that class is happening
[2008/04/08 06:41:45] <Volcane> does it show up in your localcanfig.yaml ?
[2008/04/08 06:41:46] <hacim> ah no... i found a parse error
[2008/04/08 06:41:49] <Volcane> on the client
[2008/04/08 06:41:52] <Volcane> :)
[2008/04/08 06:41:53] <hacim> weird that it wasn't reported
[2008/04/08 06:44:09] @ Quit: kolla: Read error: 104 (Connection reset by peer)
[2008/04/08 06:46:32] @ kolla joined channel #puppet
[2008/04/08 06:47:45] @ lak joined channel #puppet
[2008/04/08 06:47:58] <ashp> can i just overwrite /var/lib/puppet/ssl on my new puppet server with the contents of the old one
[2008/04/08 06:48:12] <ashp> or is that going to melt down and i should just sign all the certs fresh?
[2008/04/08 06:55:17] <ashp> it didn't work so well
[2008/04/08 06:56:25] <ashp> err: Could not retrieve catalog: Certificates were not trusted: tlsv1 alert unknown ca
[2008/04/08 06:56:34] <ashp> puppetca -l -a shows no certs even listed
[2008/04/08 06:56:48] <ashp> does puppet (the client) store its certs somewhere, I want to ensure I clear those out
[2008/04/08 06:56:52] <ashp> so that it can resign itself
[2008/04/08 07:00:18] <Volcane> if you clean the master, client will try and make new ones next time
[2008/04/08 07:00:28] <stick> lak: you around?
[2008/04/08 07:00:39] <lak> for about two minutes
[2008/04/08 07:01:05] <stick> I'll email the list it isn't important
[2008/04/08 07:01:10] <lak> ok
[2008/04/08 07:01:12] <lak> ttyl
[2008/04/08 07:01:13] @ Quit: lak:
[2008/04/08 07:01:20] <stick> trying to understand the right fix for an intermiddent problem I have
[2008/04/08 07:01:30] @ Quit: pleemans: "Ex-Chat"
[2008/04/08 07:03:13] @ Quit: zobbo: Read error: 110 (Connection timed out)
[2008/04/08 07:03:31] @ Quit: jvanzyl:
[2008/04/08 07:11:29] <stick> how are people managing pam in puppetland?
[2008/04/08 07:12:15] <holoway> stick: in what context?
[2008/04/08 07:12:17] <holoway> I use templates
[2008/04/08 07:12:23] <holoway> for managing the pam.d files
[2008/04/08 07:12:34] <stick> holoway: any context :)
[2008/04/08 07:12:46] @ rcoup joined channel #puppet
[2008/04/08 07:12:53] <stick> I'm looking at pam.d/sshd right now
[2008/04/08 07:13:07] <holoway> we make auth classes based on the underlying authentication mechanism
[2008/04/08 07:13:16] <holoway> for example, we have ldap::auth
[2008/04/08 07:13:27] <holoway> which encapsulates all the changes you need to use ldap auth
[2008/04/08 07:13:36] <holoway> pam, nss, the ldap.conf configs, etc
[2008/04/08 07:13:42] <stick> I do the same for authconfig, it's these kinda one off pam things that I'm thinking about now
[2008/04/08 07:13:57] <stick> like on some servers we use pam_makehomedir.so to autocreate homedirs
[2008/04/08 07:14:45] <stick> which needs pam.d/sshd tweaked, same thing goes for the set of things that use access.conf (though that requires more tweaking)
[2008/04/08 07:15:21] <holoway> we use tempaltes and variables to tweak the behavior
[2008/04/08 07:15:56] <holoway> so for the automounted hosts, they would get an automounted_home = true instead of false
[2008/04/08 07:16:02] <holoway> and then do the right thing in the template
[2008/04/08 07:16:22] <holoway> for stuff like access.conf, we use LDAP posixGroups
[2008/04/08 07:16:52] <holoway> and if we can, we base the login groups on hostname convention
[2008/04/08 07:17:09] <holoway> so all systems of class X wind up allowing x-login and x-root
[2008/04/08 07:17:13] <holoway> as ldap groups
[2008/04/08 07:17:20] <holoway> if you're in either, you can log in, if you're in x-root, you have sudo privs
[2008/04/08 07:17:34] <fujin> ew pam.d files
[2008/04/08 07:17:41] <fujin> Ihated managing those files when puppet was corrupting them
[2008/04/08 07:17:47] <holoway> fujin: amen
[2008/04/08 07:17:51] <fujin> heh, it'd lock boxes out completely, can't even login on the TTY
[2008/04/08 07:17:52] <holoway> that was the suck
[2008/04/08 07:18:35] <holoway> was any of that helpful, stick? :)
[2008/04/08 07:19:18] <stick> holoway: a bit
[2008/04/08 07:19:44] <stick> looks like I'm writing a pam module in the next day or so
[2008/04/08 07:20:42] <holoway> we kind of avoid having a pam module, and stick the pam changes under the other functional headings
[2008/04/08 07:20:45] <shadoi> stick: I'll chime in and rattle holoway's cage a bit by saying that having all that logic in the template is crazy. ;)
[2008/04/08 07:20:47] <holoway> (like ldap::auth)
[2008/04/08 07:21:23] <stick> yeah but it seems like there's enough going on for pam to warrant some seperation there
[2008/04/08 07:21:25] <holoway> shadoi: where else would you put it? even if you call N templates, or N files, it's the same bag of wax :)
[2008/04/08 07:21:42] <stick> maybe modeling a type is the better way to go
[2008/04/08 07:21:47] <holoway> or should pam.d files get abstraced into the RAL? :)
[2008/04/08 07:22:07] <shadoi> holoway: except all your code is nestled in a spaghetti gloop of templates rather than real types.
[2008/04/08 07:22:46] <shadoi> holoway: same old argument. :)
[2008/04/08 07:23:42] <holoway> that still baffles me, because writing a bug-free provider that's generic enough to handle all the crazy shit that happens in a pam config sounds nuts to me
[2008/04/08 07:23:51] <holoway> but I'm apparently the luddite here :)
[2008/04/08 07:24:05] <shadoi> holoway: crazy shit only happens because there's no standard way of doing it. Gotta start somewhere.
[2008/04/08 07:24:25] <holoway> there is totally a standard way of doing it... it's the pam.d config syntax.
[2008/04/08 07:24:35] <shadoi> yeah but every distro has their own flavor
[2008/04/08 07:24:46] <holoway> every distro uses the syntax differently
[2008/04/08 07:24:52] <shadoi> yeah
[2008/04/08 07:25:11] <holoway> which only further gets to the heart of the matter, which is that the "redhat" provider shouldn't replace redhat's pam.d stack
[2008/04/08 07:25:15] <shadoi> pam is a pretty complex example for abstraction too
[2008/04/08 07:25:44] <holoway> almost anything harder than /etc/hosts and /etc/aliases is a pretty complex example for abstraction, in my book
[2008/04/08 07:25:44] <shadoi> holoway: of course it shouldn't replace it, it should do it the redhat way.
[2008/04/08 07:25:47] <shadoi> that's sort of the point
[2008/04/08 07:26:13] <holoway> (thank god lak left!)
[2008/04/08 07:26:16] <holoway> :)
[2008/04/08 07:26:18] <shadoi> haha
[2008/04/08 07:26:44] <holoway> we both agree on the ideal end state
[2008/04/08 07:26:52] <shadoi> nod
[2008/04/08 07:27:07] <holoway> I'm just not sure that having complicated parsers for complicated syntax that evolves outside of your control
[2008/04/08 07:27:21] <holoway> is that much better than the same (actually much slimmer) logic around rendering that syntax
[2008/04/08 07:27:24] <holoway> which you still have to write
[2008/04/08 07:27:32] <shadoi> I understand that painful upfront time is sometimes a non-starter in busines. :)
[2008/04/08 07:27:33] <holoway> you've just kicked the abstraction back a layer
[2008/04/08 07:28:18] <shadoi> holoway: but isn't that the point of using something like puppet? get a common abstraction that everyone using puppet can use and help maintain?
[2008/04/08 07:28:22] <shadoi> I mean... otherwise what's the point?
[2008/04/08 07:28:32] <shadoi> it's a weird DSL to use for convenience....
[2008/04/08 07:29:11] <holoway> shadoi: the common abstraction is how you manage and assemble the spec of how you want the system to behave
[2008/04/08 07:29:29] <holoway> and that you can pass around whether it's a template or a native type
[2008/04/08 07:29:51] <shadoi> yeah.. that's the problem I have with templates though. They're usually not shareable at all
[2008/04/08 07:30:17] <shadoi> the simplest cases, sure
[2008/04/08 07:30:18] <holoway> that to me is a way easier cat to skin than writing a proper parser/generator for pam.d
[2008/04/08 07:30:48] <holoway> even the complex ones, like nagios or pam
[2008/04/08 07:31:20] <holoway> you can easily start with a basic template and override from there, keeping all the external logic outside the template itself
[2008/04/08 07:31:45] <holoway> I'm not saying all abstraction is bad, far from it
[2008/04/08 07:32:09] <holoway> I'm just saying that for a huge set of common cases, it's not even about how long it might take to build a native provider
[2008/04/08 07:32:52] <holoway> it's about the fact that the native provider might never actually be complete enough to handle a large set of cases, or flexible enough to allow me to get into the guts and make it do the right thing
[2008/04/08 07:33:07] <holoway> (clearly, I spend too much time thinking about this)
[2008/04/08 07:33:55] <shadoi> hmm.. I think that's a benefit of types actually. Solve the core cases, if there's an edge case let that person add support for it or hack around it.
[2008/04/08 07:34:37] <shadoi> hopefully it'll encourage people to stick to standard implementations so we can stop carrying a bag of tricks around.
[2008/04/08 07:34:54] <holoway> but "standard" is never standard. :)
[2008/04/08 07:35:37] <shadoi> yeah but a motivator like "Oh, if I use the apache module I don't have to do a damn thing, but I have to live with how the config is structured. Gosh, I guess I'll use since it saves me a few hours"
[2008/04/08 07:35:38] <holoway> I think you could make a world where dealing with templates doesn't suck
[2008/04/08 07:35:59] <holoway> shadoi: right, exactly
[2008/04/08 07:36:09] <holoway> we have a ton of really functional apache examples with puppet
[2008/04/08 07:36:15] <holoway> and no apache native type
[2008/04/08 07:36:28] <holoway> because even the base-line case is almost to complicated to think about
[2008/04/08 07:36:43] <Volcane> shadoi: thats like saying Rails is worth using :P
[2008/04/08 07:37:31] <holoway> but a great set of definitions and easily swappable templates
[2008/04/08 07:37:38] <holoway> goes a long way to getting you to that goal
[2008/04/08 07:37:43] <Volcane> nods
[2008/04/08 07:37:44] <Volcane> i agree
[2008/04/08 07:37:52] <holoway> and you could absolutely share it
[2008/04/08 07:38:09] <Volcane> ultimately more bendable to your needs, if there was a solid this-is-how-you-sanely-use-templates guide
[2008/04/08 07:38:26] <shadoi> yeah
[2008/04/08 07:38:30] <Volcane> it would be worth more than a totally capable native type
[2008/04/08 07:38:43] <holoway> I'm not saying the native types aren't good, or useful, or a valuable abstraction
[2008/04/08 07:38:50] <shadoi> it would be easier to stomache if templates weren't just native ruby (or close to it)
[2008/04/08 07:38:52] <holoway> but I don't think it's the ultimate evolution of configuration management
[2008/04/08 07:38:59] <Volcane> yeah
[2008/04/08 07:40:07] <holoway> shadoi: I think the native-ruby-ness of the templates is a real advantage.. otherwise you wind up in Template Toolkit
[2008/04/08 07:40:11] <holoway> which is all good
[2008/04/08 07:40:19] <holoway> but maybe not how I want to mock up my configs
[2008/04/08 07:40:26] @ shenson is now known as shenson_not_here
[2008/04/08 07:40:42] <holoway> (and you wind up with hashes, and arrays, and loops, and conditionals, etc etc etc until you are, once again, a programming langauge)
[2008/04/08 07:41:02] <Volcane> you dont have to use them just cos they're there :P
[2008/04/08 07:41:13] <shadoi> holoway: yeah, it's good and bad. bad that people can do insane crap and there's very few limits.
[2008/04/08 07:41:26] <holoway> but good in that you don't have to do insane crap
[2008/04/08 07:41:34] <shadoi> nod
[2008/04/08 07:41:44] <holoway> it makes the easy things easy, and the hard things hard, and the impossible things ugly
[2008/04/08 07:41:48] <holoway> :)
[2008/04/08 07:42:33] <shadoi> given a choice between a module for apache that uses templates and native types, I think I'd trust the types more. shrug
[2008/04/08 07:43:02] <holoway> pastie: url me
[2008/04/08 07:43:55] <Volcane> shadoi: nod, well like the current incarnation of nagios types, they're there, but mostly useless
[2008/04/08 07:44:08] <Volcane> shadoi: and even if they had all the config directives, I'd still consider them useles
[2008/04/08 07:44:16] <Volcane> shadoi: so templates it is
[2008/04/08 07:45:12] <pastie> http://pastie.org/176818 by holoway.
[2008/04/08 07:45:32] <plathrop> To each their own. I prefer the type abstraction. But use your tools however you feel comfortable.
[2008/04/08 07:45:41] <holoway> how do you translate that to native types?
[2008/04/08 07:46:14] <holoway> the ordinality of RewriteCond and RewriteRule
[2008/04/08 07:46:35] <holoway> the nesting of Proxy directives in a virtual host
[2008/04/08 07:46:45] <plathrop> If anyone claimed that all we need is native types, templates wouldn't exist.
[2008/04/08 07:47:42] <shadoi> Volcane: yeah the nagios stuff is pretty rough, it's almost identical to writing nagios configs.
[2008/04/08 07:47:43] <holoway> plathrop: for sure
[2008/04/08 07:47:44] <Volcane> plathrop: i prefer them too but i think theres a level of complexity where the current set of types just doesnt deliver on the true flexibilty of the targets they manage
[2008/04/08 07:47:45] <holoway> I'm just saying, a lot of "native types are good, files and tempaltes are bad" goes around
[2008/04/08 07:47:46] <holoway> and I think it's not true at all
[2008/04/08 07:48:03] <holoway> more accurately, "files and templates are hacks"
[2008/04/08 07:48:26] <plathrop> I think that's Luke's opinion and he's entitled to it. Clearly he isn't an absolute purist or his software wouldn't be as awesome as it is.
[2008/04/08 07:48:31] <Volcane> shadoi: dont mind that, i think the advantages in exported resources etc makes them worth it, you can do a lo by setting defaults and creating definitions etc to encapsulate things
[2008/04/08 07:49:01] <shadoi> nod
[2008/04/08 07:49:23] <Volcane> just wish i wasnt forced into unique service_descriptions
[2008/04/08 07:49:27] <Volcane> for example
[2008/04/08 07:49:28] <plathrop> I can't speak for Luke, but I think that, for me, the stance is "files and templates are hacks" for the most part, but hey we all gotta get work done and can't spend 100% of our time improving the native types to the point where we don't need files & templates, so... go for it.
[2008/04/08 07:49:38] <shadoi> holoway: keep in mind that lak's attitude is required to drive development of more native types, thus making puppet more compelling by default.
[2008/04/08 07:50:11] <holoway> I guess I'm not convinced that more native types makes puppet more compelling by default
[2008/04/08 07:50:31] <holoway> but I should probably speak with contributions more than irc blather :)
[2008/04/08 07:50:37] <Volcane> hehe
[2008/04/08 07:50:47] <shadoi> and really... creating a definition and using a template is.... basically a "non-native native type"
[2008/04/08 07:50:51] <plathrop> Volcane: Right, so you just have to decide whether you want to go idealist like Luke and spend your efforts on improving the abstraction, pragmatist like holoway and build stuff that works, now, and is fairly elegant, or somewhere in the middle. (Note I'm exaggerating both of their stances)
[2008/04/08 07:50:52] <shadoi> heh
[2008/04/08 07:51:52] <Volcane> plathrop: hehe, well i abstract because it allows me to plug in native types when they arrive. So the way i configure things is by relying on there being a native type at some point to do what i want and do today with templates
[2008/04/08 07:52:34] <plathrop> Volcane: Me too :-) Meanwhile I learn Ruby as fast as I can spare the time to do so one day I can help build native types.
[2008/04/08 07:53:21] * Volcane debugged the interface type, got a headache and stopped :P
[2008/04/08 07:53:57] <holoway> that's what always gets my goat on this topic
[2008/04/08 07:54:08] <plathrop> Man, most of Puppet gives me a headache, whether because it's crufty (many corners are) or because it is too elegant for me to understand.
[2008/04/08 07:54:35] <shadoi> plathrop: it's a hard time to understand the code... hopefully post 0.25 will be much better.
[2008/04/08 07:54:40] <holoway> if templates weren't considered a hack, people would probably share their interface definitions
[2008/04/08 07:55:07] @ oxtail joined channel #puppet
[2008/04/08 07:55:25] <holoway> and you could just have picked the one that fit your needs the most, and contributed changes to make it more functional
[2008/04/08 07:55:59] <holoway> damn you, shadoi, now I'm all worked up
[2008/04/08 07:56:00] <holoway> :)
[2008/04/08 07:56:14] <shadoi> holoway: you're too much of a developer to "get it". :) Sysadmins LOVE their bag of tricks..
[2008/04/08 07:56:27] <holoway> hey, I'm a 14 year sysadmin
[2008/04/08 07:56:29] <holoway> I've got tricks
[2008/04/08 07:56:38] <holoway> :)
[2008/04/08 07:56:48] <shadoi> yeah but you're a developer now.
[2008/04/08 07:56:52] <fujin> sysprog
[2008/04/08 07:56:53] <shadoi> you can't say otherwise.
[2008/04/08 07:56:54] <shadoi> haha
[2008/04/08 07:57:09] <holoway> yeah, no, I write code now.. but it's code to run infrastructures
[2008/04/08 07:57:16] <shadoi> holoway: I think sysadmins default to not sharing, that's why something like puppet had to exist.
[2008/04/08 07:57:18] <holoway> and a huge part of my value is still in my ability to straddle
[2008/04/08 07:57:36] <holoway> at least, my value to my clients
[2008/04/08 07:57:56] <shadoi> holoway: maybe if you wrote a "template best practices" it would help. :)
[2008/04/08 07:57:58] <holoway> puppet is a quantum leap forward in tools for this
[2008/04/08 07:58:19] <holoway> lak deserves all the praise he gets (from me, and from everyone else)
[2008/04/08 07:58:38] <holoway> shadoi: I may very well do that
[2008/04/08 07:59:12] <holoway> one issue with templates and puppet, though, is that the language makes using them in an non-nasty way hard
[2008/04/08 07:59:26] <holoway> templates without hashes is like oreo cookies without creamy filling
[2008/04/08 07:59:28] <holoway> :)
[2008/04/08 07:59:29] <shadoi> the puppet language or ruby?
[2008/04/08 07:59:41] <holoway> the puppet language
[2008/04/08 07:59:55] <shadoi> ah so you'd like to pass a hash to the template before parsing?
[2008/04/08 08:00:04] <holoway> right, shit like
[2008/04/08 08:00:14] <holoway> pastie: url me, sweetckes
[2008/04/08 08:00:24] <plathrop> holoway: you crack me up
[2008/04/08 08:00:37] <plathrop> "sweetcakes" snicker
[2008/04/08 08:01:24] <holoway> it's important to keep a light heart when talking about stuff like this. :)
[2008/04/08 08:01:28] @ Quit: jeckersb: "Leaving"
[2008/04/08 08:01:34] <stick> holoway: I fake hashes alot in puppet
[2008/04/08 08:01:49] <pastie> http://pastie.org/176829 by holoway.
[2008/04/08 08:02:00] * Volcane wants to do something like escape($string) in a puppet manifest
[2008/04/08 08:02:11] <Volcane> turn all " " into _ or whatever
[2008/04/08 08:02:15] <stick> [ "foo\|bar\|baz", "bar\|foo\|foo" ] then split etc in the template
[2008/04/08 08:02:20] <holoway> stick: yeah
[2008/04/08 08:02:27] <holoway> I cry a little every time I do that
[2008/04/08 08:02:33] <Volcane> holoway: lol
[2008/04/08 08:02:37] <fujin> heh :\
[2008/04/08 08:02:45] <fujin> join the club
[2008/04/08 08:02:46] <holoway> so, all that iclassify stuff at the top
[2008/04/08 08:02:53] <holoway> really wants to be in the manifest
[2008/04/08 08:03:16] <holoway> so that nagios_hosts_nodes could be set outside the template
[2008/04/08 08:03:23] <holoway> and not get my model/controller all up in my view, so to speak
[2008/04/08 08:03:31] <plathrop> I really hate being That Guy, but if you can code it, do so!
[2008/04/08 08:03:40] <holoway> but puppet's language is designed specifically not to let me do that
[2008/04/08 08:03:46] <holoway> plathrop: no shame in being that guy
[2008/04/08 08:03:49] <shadoi> holoway: it looks like an export/collect scenario
[2008/04/08 08:03:51] <holoway> you are absolutely right
[2008/04/08 08:04:16] <plathrop> I'd love to add the feature, but I'm still taking Ruby baby steps.
[2008/04/08 08:04:24] <holoway> plathrop: I have to want it badly enough to write it
[2008/04/08 08:04:33] <holoway> and having conversations like this make me start to want it
[2008/04/08 08:04:34] <holoway> :)
[2008/04/08 08:04:42] <holoway> some of this, though, I'm not sure lak would accept
[2008/04/08 08:04:58] <plathrop> That's always the catch, isn't it? Wanting it enough to do it :-)
[2008/04/08 08:05:00] <holoway> as it really, really isn't his vision for how puppet evolvs
[2008/04/08 08:05:09] <holoway> at least, not how I understand it
[2008/04/08 08:05:28] <plathrop> Yeah, I can't say. He's definitely got a Vision.
[2008/04/08 08:06:56] <shadoi> I think the goal is to make system administration obsolete. :)
[2008/04/08 08:07:37] <plathrop> Maybe that's his goal :-P
[2008/04/08 08:07:40] <holoway> shadoi: export/collect is definetly the canonical puppet way to solve that, but it assumes the existence of native types
[2008/04/08 08:07:54] <shadoi> holoway: no it doesn't, you can use definitions
[2008/04/08 08:07:56] <holoway> or definitions that handle discrete bits
[2008/04/08 08:08:02] <shadoi> yeah
[2008/04/08 08:08:22] <holoway> ie, hosts.cfg becomes N hosts.cfg's created as virtual reosurces and collected
[2008/04/08 08:08:31] <plathrop> My goal is to be able to code infrastructures using a language that treats configuration "primitives" as first-class objects :-D
[2008/04/08 08:08:47] <shadoi> holoway: I think if iclassify and puppetshow merged somewhat, it would be very natural to do that sort of thing.
[2008/04/08 08:09:15] <holoway> shadoi: right if it evolved to the point where externally defined nodes could declare resources
[2008/04/08 08:09:29] <holoway> becuase otherwise, I'm just writing a bunch of nagios_host { "" } for each host
[2008/04/08 08:09:39] <holoway> and that's exactly what I want to avoid :)
[2008/04/08 08:10:03] <shadoi> holoway: you lost me on the "externally defined nodes could declare resources"
[2008/04/08 08:10:25] <shadoi> create new ones outside of manifests?
[2008/04/08 08:11:29] <holoway> well, if definitions and discrete chunks is the way to fly with that hosts.cfg example
[2008/04/08 08:11:39] <holoway> and I want to not have to add a new resource for each host I build
[2008/04/08 08:11:43] <holoway> because, really, that sucks
[2008/04/08 08:12:13] <holoway> I already know what the hosts are (because they are in iClassify, my node config, etc)
[2008/04/08 08:12:47] <holoway> the syntax that makes sense for that stuff is @nagios_host { "foobar": .. }
[2008/04/08 08:12:56] <holoway> but I really need that nagios_host to be implicit
[2008/04/08 08:13:13] <holoway> otherwise, I need to always remember to come back and update my nagios recipe with another node
[2008/04/08 08:13:15] <stick> holoway: it sounds like you put an awful lot of stuff into your node classification
[2008/04/08 08:13:26] <shadoi> holoway: can't we just use the $hostname fact?
[2008/04/08 08:13:37] * stick is the opposite almost nothing is defined at the node level, I class everything
[2008/04/08 08:13:43] <holoway> shadoi: sure
[2008/04/08 08:13:46] <stick> overclass some people might say :)
[2008/04/08 08:13:51] <holoway> so @nagios_host { $hostname: .. }
[2008/04/08 08:13:56] <holoway> that would work
[2008/04/08 08:14:04] <shadoi> holoway: it'd just be a generic nagios class that everything includes
[2008/04/08 08:14:30] <holoway> shadoi: that makes sense
[2008/04/08 08:14:36] * Volcane defines some node specific stuff in each node, like a nagios description etc
[2008/04/08 08:14:45] <Volcane> then 'include common_linux' or whatever
[2008/04/08 08:15:04] <Volcane> which will export resources for nagios hosts, ext info etc, based ont hose defines in the node
[2008/04/08 08:15:08] <holoway> stick: we dont' put that much int he node classification.. we do configure how things are monitored, for example
[2008/04/08 08:15:23] <Volcane> and stuff like each nodes notification groups etc
[2008/04/08 08:15:23] <holoway> from within classes the node includes
[2008/04/08 08:15:26] <Volcane> seems like it belong there
[2008/04/08 08:15:43] <stick> yeah I shoot people that tried to do that here, all of our monitoring it determined by the functional classes you have
[2008/04/08 08:15:52] <shadoi> stick: I think it makes sense to do as much classification in the node tool
[2008/04/08 08:16:12] <shadoi> stick: the less complex logic that's in the manifests, the bette.r
[2008/04/08 08:16:13] <stick> shadoi: non-specific classification sure
[2008/04/08 08:16:14] <shadoi> better*
[2008/04/08 08:16:59] <holoway> shadoi: I still have a huge fear of the export/collect/storeconfig model in large infrastructures
[2008/04/08 08:17:04] <holoway> but I haven't tried it either
[2008/04/08 08:17:17] <stick> I use external nodes rather than node foo { } configs, but my classification is all based on class
[2008/04/08 08:17:17] <holoway> so that fear may well be unfounded
[2008/04/08 08:17:30] <holoway> stick: so is ours, fwiw
[2008/04/08 08:17:34] <stick> holoway: I'll let you know how it goes, we're using it pretty heavy in our new DC
[2008/04/08 08:17:45] <shadoi> holoway: I think it probably needs optimizing, but we have to get it into some larger infrastructures to do it. :)
[2008/04/08 08:17:48] <holoway> how many nodes?
[2008/04/08 08:18:08] <shadoi> holoway: I'm working on getting it into stanford, it takes forever to get stuff into production here though.
[2008/04/08 08:18:14] <stick> 420 blades total though only about 15 are configured atm
[2008/04/08 08:18:29] <stick> plus any non-blade hardware we put in (databases and whatnot)
[2008/04/08 08:18:44] <holoway> that'll do it, for sure, stick
[2008/04/08 08:19:05] <stick> then once we get our corp infrastructure moved over it'll be in the neighborhood of probably 600+
[2008/04/08 08:19:06] <Volcane> stick: how many puppetmasters?
[2008/04/08 08:19:09] <holoway> at any rate, I'm not complaining, just thinking out loud because I think it's interesting
[2008/04/08 08:20:11] <stick> Volcane: right now 1 in the DC and 1 for corp, but we are only about 3 weeks in so we don't have nearly that number of clients
[2008/04/08 08:20:23] <stick> I imagine we'll hit some scaling problems before it's said and done
[2008/04/08 08:20:40] <Volcane> stick: nods, i think the new keep alive code will probably help but be prepared for some mongrel/whatever load balancing b/s
[2008/04/08 08:20:53] <holoway> Volcane: we have some 300+ node installs with 4 mongrels, checking in every half hour
[2008/04/08 08:20:54] <stick> yeah
[2008/04/08 08:21:06] <holoway> doing external nodes
[2008/04/08 08:21:10] <shadoi> Volcane: keep-alive is dead in 0.24.4
[2008/04/08 08:21:14] <holoway> and no storeconfigs
[2008/04/08 08:21:14] <shadoi> Volcane: FYI. :)
[2008/04/08 08:21:15] <Volcane> ah :)
[2008/04/08 08:21:32] <shadoi> Volcane: #1010
[2008/04/08 08:21:36] <gepetto_> shadoi: Volcane: #1010 is http://reductivelabs.com/trac/puppet/ticket/1010 "puppet/puppetmaster randomly corrupts file{} resources, seemingly after leaking RAM for some time"
[2008/04/08 08:21:57] <holoway> shadoi: stoked to drink a beer with you, though, and I promise to shut up about it if you want. :)
[2008/04/08 08:22:02] <Volcane> shadoi: ah, i saw in the lists some mention of it.
[2008/04/08 08:22:27] <Volcane> shadoi: upgraded to 0.24.4 and saw it replace a bunch of files with new ones, obviously ones it previous corupted :(
[2008/04/08 08:22:28] <shadoi> holoway: no, I think it's important to talk through this issue.. it's definitely something that's lurking behind all this.
[2008/04/08 08:23:08] <Volcane> 0.24.3 also managed to crash so often on the yum provider that my one rpm db is totally hosed
[2008/04/08 08:23:12] <Volcane> box needs a reinstall :(
[2008/04/08 08:23:17] <shadoi> holoway: I don't get offended by any of this crap, I guess I'm too mellow.
[2008/04/08 08:23:24] <holoway> shadoi: I'm with you
[2008/04/08 08:23:32] <holoway> Luke is very, very tired of talking aobut it
[2008/04/08 08:23:38] <holoway> I can see the look on his face now
[2008/04/08 08:23:44] <shadoi> haha
[2008/04/08 08:23:44] <shadoi> yeah
[2008/04/08 08:24:09] <shadoi> I'm willing to try to preach the religion.
[2008/04/08 08:24:13] <holoway> to the point where talking to him about it is realy useless, because he's thought it through to his own conclusions
[2008/04/08 08:24:36] <holoway> and he's grown a very thick armor around the conversation
[2008/04/08 08:24:47] @ Quit: stick: "Leaving"
[2008/04/08 08:24:54] <shadoi> holoway: I think the solution will be to come up with a standard way of doing both, and providing a way to share it easily with everyone.
[2008/04/08 08:24:57] * holoway adopts heretic status
[2008/04/08 08:26:12] <holoway> shadoi: I'm sure you are correct
[2008/04/08 08:26:35] <shadoi> holoway: I really want to work on a module etc. sharing site.
[2008/04/08 08:27:21] * Volcane has only a handfull of cfengine machines left woohoo
[2008/04/08 08:27:32] <shadoi> I think we definitely have to come up with a standard way of sharing metadata.. somelike like a WSDL for modules, etc.
[2008/04/08 08:28:04] * plathrop wishes he had time to work on a modules sharing site.
[2008/04/08 08:30:43] <shadoi> I don't have time either, but I'm way too easily distracted. :)
[2008/04/08 08:49:49] <martha> shadoi: I'm interested in helping with a module sharing site.
[2008/04/08 08:49:55] <martha> I'm not very good at design, though
[2008/04/08 08:55:04] * Volcane can provide hosting, provided its not in rails :P
[2008/04/08 08:55:17] <Volcane> for free
[2008/04/08 08:55:52] <martha> I have tons of nice modules
[2008/04/08 08:57:00] <martha> over 3000 lines of .pp files now
[2008/04/08 08:57:05] <Volcane> wow
[2008/04/08 08:57:33] <Volcane> what industry you in if you dont mind me asking?
[2008/04/08 08:58:09] <martha> my company does marketing and advertising of online sites
[2008/04/08 08:58:14] <martha> most gambling
[2008/04/08 08:58:26] <Volcane> ah ok
[2008/04/08 08:59:05] @ jvanzyl joined channel #puppet
[2008/04/08 08:59:29] <martha> non-site-specific stuff is more like 2000 lines of manifests
[2008/04/08 09:00:23] * Volcane never counted how much the big site he worked on was, think it was probably more than that, not sure
[2008/04/08 09:00:29] <martha> I've put up some recipes on the wiki already, but there is really no way to keep that updated
[2008/04/08 09:00:39] <Volcane> yeah the wiki is a big job
[2008/04/08 09:01:19] <plathrop> We need our own version of gems... puppet "strings"?
[2008/04/08 09:01:53] <martha> right now I've only moved 18 servers to puppet. out of nearly 100
[2008/04/08 09:02:28] <martha> yeah, the hard part of this is figuring out how to manage the modules
[2008/04/08 09:02:40] <martha> and deal with site changes, etc.
[2008/04/08 09:02:57] <martha> also, which modules work on which OS
[2008/04/08 09:03:20] <Volcane> martha: standrdise on the operating system :)
[2008/04/08 09:03:47] <martha> I've done that, but my modules probably won't work on, say, solaris
[2008/04/08 09:03:57] <Volcane> ah i see wht u mean
[2008/04/08 09:04:00] <martha> we are mostly debian here, with a few bsd machines
[2008/04/08 09:04:33] <Volcane> martha: kewl, do you host at bezeq? I had some machines there like in 2001 maybe, but not anymore
[2008/04/08 09:04:46] <Volcane> martha: some big IBM RS6000, they didnt know a thing about unix then
[2008/04/08 09:04:56] @ jeckersb joined channel #puppet
[2008/04/08 09:04:56] <martha> no, all of our servers are abroad
[2008/04/08 09:05:08] <martha> except for the ones for our local office
[2008/04/08 09:05:22] <Volcane> ah ok
[2008/04/08 09:06:20] <martha> I have machines in 10 hosting centers in 5 countries
[2008/04/08 09:06:58] <Volcane> central puppetmaster?
[2008/04/08 09:07:24] <Volcane> i get lots of timeouts and weird stuff with comms between puppetmaster and puppetd's time outs over long distance, my puppetmaster is in germany with machines all over too
[2008/04/08 09:07:28] @ Quit: jvanzyl:
[2008/04/08 09:08:17] <Toad> hmm
[2008/04/08 09:08:29] <Toad> i'm getting the error "files must be fully qualified" trying to use a puppet:// link for a file() function
[2008/04/08 09:08:33] <martha> yeah, central master, lots of timeouts
[2008/04/08 09:08:43] <martha> Toad: pastie the lines
[2008/04/08 09:08:56] <martha> Volcane: you are also here in Israel?
[2008/04/08 09:09:02] <Toad> martha: http://rafb.net/p/XP2D8S41.html
[2008/04/08 09:09:17] <Volcane> martha: nope, uk :) i worked for a company that had a branch in tel aviv for a few years so went there a few times then
[2008/04/08 09:09:33] <Toad> ohh, could be DNS
[2008/04/08 09:09:38] <Toad> that name might not resolve on the server it's running on
[2008/04/08 09:10:06] <martha> Toad: also look at the pathname you are writing to
[2008/04/08 09:10:16] <Toad> martha: i'm just getting into a variable there
[2008/04/08 09:10:26] <Toad> $servername seems to be set server-side instead of client-side
[2008/04/08 09:10:43] <martha> Toad: is key_repo set?
[2008/04/08 09:11:00] <Toad> see the warning output
[2008/04/08 09:11:20] <martha> that doesn't say
[2008/04/08 09:11:31] <Toad> it has the puppet:// link properly
[2008/04/08 09:11:37] <Toad> File path: puppet://janus.corp.amiestreet.com/files/ssh_keys/todd.pub
[2008/04/08 09:11:50] @ johnf joined channel #puppet
[2008/04/08 09:12:10] <martha> what about the local path
[2008/04/08 09:12:22] <martha> that you are writing to
[2008/04/08 09:13:18] <shadoi> martha: I think that's part of what should go into a metadata entry.. "supports: debian, redhat"
[2008/04/08 09:13:21] <Toad> i'm not writing to an internal path... the error is on the line right there
[2008/04/08 09:14:21] <shadoi> plathrop: we don't want to get into the package management business
[2008/04/08 09:14:26] <fujin> hdd upgrade, brb
[2008/04/08 09:14:35] <shadoi> plathrop: if lak wasn't so against gems, it would be fine to use for our purposes.
[2008/04/08 09:14:36] @ Quit: fujin: "leaving"
[2008/04/08 09:14:38] <plathrop> I was being facetious, sorry :-P
[2008/04/08 09:14:57] <martha> Toad: what is file($shared_key_file) ?
[2008/04/08 09:14:59] <shadoi> plathrop: ah, but.. well you are right in a way. :)
[2008/04/08 09:15:03] * Volcane hates installing packages onto a rpm based system from other sources, like gem, pear etc
[2008/04/08 09:15:13] <Volcane> destroys the whole reason for putting up with rpm in the first place
[2008/04/08 09:15:43] <martha> shadoi: except that some modules might work on non-tested OSes
[2008/04/08 09:16:02] <shadoi> martha: they should explicitly fail until they are tested IMHO
[2008/04/08 09:16:11] <martha> or you need a way to easily modify that locally
[2008/04/08 09:16:19] <shadoi> using a case statement and a failure message that explains that
[2008/04/08 09:16:39] <shadoi> probably with a way to override it and report success to the site
[2008/04/08 09:17:20] <martha> Volcane: yeah, although puppet makes that a little nicer.
[2008/04/08 09:17:53] <martha> I have pear plugin for puppet
[2008/04/08 09:18:07] <plathrop> Was there ever a reason to put up with RPM? :-P
[2008/04/08 09:18:12] <shadoi> Volcane: yeah, like I said, I don't like the idea of creating yet another package management system.. but gems are really our best option if that's a requirement. They're OS agnostic, and ruby friendly.
[2008/04/08 09:18:18] * plathrop is prejudiced against rpm-based distros
[2008/04/08 09:18:25] <Toad> oh lame... you just can't use file(...) with puppet:// urls
[2008/04/08 09:18:43] * Volcane only uses redhat/centos now
[2008/04/08 09:18:44] <plathrop> Toad: What do you mean?
[2008/04/08 09:18:52] <shadoi> plathrop: I'm with you there. :)
[2008/04/08 09:19:03] <shadoi> Yum constantly amazes me at it's ineptitude.
[2008/04/08 09:19:18] <Toad> plathrop: with the file() function
[2008/04/08 09:19:19] <Toad> not the file resource
[2008/04/08 09:19:27] <Toad> I'm trying to load the contents of a file stored on the master
[2008/04/08 09:19:30] <plathrop> Every time a package management system makes me want to cry, I just remind myself it could be RPMs
[2008/04/08 09:19:36] <martha> since I moved to debian, I've forgotten all my redhat stuff. and most of it has changed in the last few years anyway
[2008/04/08 09:19:53] <martha> Toad: what is the file() function?
[2008/04/08 09:19:54] <plathrop> Toad: I think you misunderstand how it works.
[2008/04/08 09:20:05] <shadoi> Toad: you don't use file() if you use source
[2008/04/08 09:20:12] <shadoi> they're exclusive
[2008/04/08 09:20:32] <plathrop> The source parameter does exactly what you are trying to do.
[2008/04/08 09:20:40] <plathrop> Ugh. I type slow.
[2008/04/08 09:20:47] <Toad> plathrop: I'm not trying to realize the file directly onto disk on the target system
[2008/04/08 09:20:58] <Toad> I'm just trying to get it into a variable
[2008/04/08 09:21:05] <plathrop> Toad: Ah, I misunderstood.
[2008/04/08 09:21:10] <Toad> (get the contents of the file on the master side)
[2008/04/08 09:21:18] <plathrop> Can you paste what you've got and maybe I can interpret?
[2008/04/08 09:21:26] <Toad> do I have to use a file {} resource to get it onto disk on the client, then use file() to read it in?
[2008/04/08 09:21:48] <Toad> http://rafb.net/p/8ZCNWi89.html
[2008/04/08 09:21:59] <plathrop> It was my understanding that functions ran on the server, not the client. So file() should work by itself
[2008/04/08 09:22:20] * plathrop isn't sure because he hasn't tried it.
[2008/04/08 09:22:20] <shadoi> Toad: have you tried the authorized_key native type that was posted to the puppet-user list?
[2008/04/08 09:22:37] <Toad> shadoi: I saw the authorized_keys recipe, which is what I"m modifying from
[2008/04/08 09:22:41] <Toad> but I don't quite like the way it does things
[2008/04/08 09:23:33] <shadoi> Toad: nobody does, that's why the native type is being worked on
[2008/04/08 09:23:50] <Toad> hm
[2008/04/08 09:23:58] <Toad> i'm not even trying to do anything complicated with key generation or anything
[2008/04/08 09:24:12] <Toad> just have some central repo of keys on the puppet master, and being able to apply sets of them to client nodes
[2008/04/08 09:24:23] <Toad> this should be simple
[2008/04/08 09:24:59] <plathrop> Toad: If file isn't working directly (I'm still confused - the other functions run server-side) then the best way I know is to pull the file down with a file resource and then read it in.
[2008/04/08 09:25:39] <shadoi> Toad: I see it
[2008/04/08 09:25:54] <shadoi> Toad: you can't test for "blankness" in a case
[2008/04/08 09:26:03] <shadoi> Toad: set it to something like "NA" by default
[2008/04/08 09:26:04] <shadoi> and it will work
[2008/04/08 09:26:21] <shadoi> Toad: it never sets the full path for your homedir, that's what the error is
[2008/04/08 09:26:51] <Toad> hrmm i odn't think that's the error
[2008/04/08 09:27:03] <Toad> i'll try pulling in
[2008/04/08 09:27:12] <shadoi> Toad: "Files must be fully qualified" sure it is
[2008/04/08 09:27:55] * Volcane goes to bed
[2008/04/08 09:28:14] <Toad> shadoi: I read the source. Files must be fully qualified is because the argument to the file() function has to start with /
[2008/04/08 09:28:18] <Toad> i.e. it can't take a puppet url
[2008/04/08 09:28:27] <Toad> it has nothing to do with where I"m trying to put the file... the error isn't on that line
[2008/04/08 09:28:50] <shadoi> Toad: ah, yeah sorry, I just re-read it
[2008/04/08 09:29:00] <shadoi> Toad: the $key_repo is set somewhere else?
[2008/04/08 09:29:03] <shadoi> is it in scope?
[2008/04/08 09:29:22] <Toad> yes and yes. that's what the warning shows
[2008/04/08 09:29:34] <Toad> it has puppet:// which isn't support by file() :P
[2008/04/08 09:29:46] <shadoi> yeah
[2008/04/08 09:29:50] <shadoi> just needs to be a local file path
[2008/04/08 09:31:00] @ Quit: jeckersb: "Leaving"
[2008/04/08 09:31:06] <shadoi> that function should get renamed to server_file I think
[2008/04/08 09:31:51] <Volcane> hehe the whole server/client relationship in puppet is beyond resolving by a simple naming convention :P
[2008/04/08 09:33:08] <shadoi> well, it should be absolutely clear that all functions are executed on the server.
[2008/04/08 09:33:29] <shadoi> wonder if I can add that to the generator for that page. hmmm
[2008/04/08 09:34:25] <plathrop> I'm confused again. If all functions are run on the server why can't Toad just load his file using the file function?
[2008/04/08 09:35:33] <shadoi> plathrop: because it requires a file local to the server
[2008/04/08 09:35:38] <shadoi> fully qualified path
[2008/04/08 09:35:54] <shadoi> file("puppet:///blah") is invalied
[2008/04/08 09:35:57] <shadoi> invalid
[2008/04/08 09:36:20] <plathrop> Right, but if you are trying to use "puppet://" then the file is already on the server, right?
[2008/04/08 09:36:25] <shadoi> yes
[2008/04/08 09:36:45] <plathrop> So, just use file w/o the puppet:// voodoo?
[2008/04/08 09:36:51] <shadoi> it could technically figure it out, it just doesn't. ;)
[2008/04/08 09:37:07] <shadoi> plathrop: actually no because it could be in a module, etc.
[2008/04/08 09:37:20] <shadoi> paths could be different for any user configuration too
[2008/04/08 09:37:34] <plathrop> shadoi: Ah, nows me understand.
[2008/04/08 09:37:50] <plathrop> Except, I know Puppet can do it. Templates are automagic like that.
[2008/04/08 09:37:56] <shadoi> yup
[2008/04/08 09:38:05] <shadoi> plathrop: patch! :)
[2008/04/08 09:38:16] <shadoi> I don't think it's really worth it though
[2008/04/08 09:38:21] * plathrop is bitten by his own words!
[2008/04/08 09:38:24] <shadoi> I doubt lak would either
[2008/04/08 09:48:13] @ stevil_ joined channel #puppet
[2008/04/08 09:52:10] @ Quit: mikepea:
[2008/04/08 09:52:44] @ Quit: stevil: Read error: 110 (Connection timed out)
[2008/04/08 09:53:14] <shadoi> plathrop: just realized also, puppet:// can be on any puppetmaster (or even just a dedicated puppet fileserver)
[2008/04/08 09:53:38] <plathrop> shadoi: That's true. Hadn't thought of that.
[2008/04/08 09:53:51] <shadoi> even more majick required to figure it out automatically
[2008/04/08 09:54:08] <plathrop> Because obviously the way I do things is the one and only Right Way, so why should I consider people doing things differently? :-P
[2008/04/08 09:54:15] * plathrop slaps forehead
[2008/04/08 09:54:16] <shadoi> hehe
[2008/04/08 09:54:29] <benp-> anyone here using the nagios types? doesn't seem to be possible to make host or service templates because of the namevar being 'host_name' or 'service_description'
[2008/04/08 09:55:27] <shadoi> benp-: I think you're the emminent expert on them other than lak. :)
[2008/04/08 09:55:38] <benp-> heh, damn
[2008/04/08 09:56:46] <benp-> i guess i can just use defines to do roughly the same thing.
[2008/04/08 10:09:21] @ genehack joined channel #puppet
[2008/04/08 10:23:17] <Toad> so... maybe i'm missing something fundamental here
[2008/04/08 10:23:26] <Toad> can I not have two different classes depend on the same file?
[2008/04/08 10:23:50] <Toad> (and define a file resource for it?)
[2008/04/08 10:24:03] <plathrop> Toad: They can't both define a file resource for it.
[2008/04/08 10:24:23] <Toad> so how do you have multiple defines that require the same file with the same permission?
[2008/04/08 10:24:54] @ Quit: trombik_: Client Quit
[2008/04/08 10:24:57] <shadoi> Toad: they need a unique $name
[2008/04/08 10:24:58] <plathrop> Toad: You define the file resource in one place and then use the capitalized syntax to reference it.
[2008/04/08 10:25:08] <Toad> plathrop: but where's the one place I define it?
[2008/04/08 10:25:10] <plathrop> I'm actually on my way out, hopefully shadoi can help ya.
[2008/04/08 10:25:15] <Toad> I want it to only be pulled in if something else depends on it
[2008/04/08 10:25:18] <plathrop> Talk to you all tomorrow.
[2008/04/08 10:25:22] @ plathrop left channel #puppet ()
[2008/04/08 10:25:54] <Toad> is there no dependency resolution capability in this thing?
[2008/04/08 10:26:17] <shadoi> Toad: if you want to keep it the way you have it, you set whatever is before the colon to something unique and use the path => param
[2008/04/08 10:26:45] <Toad> shadoi: is there no way to have a virtual resource which then gets pulled in if necesasry?
[2008/04/08 10:26:53] <Toad> this whole thing makes very little sense to me...
[2008/04/08 10:26:57] <shadoi> Sure, but the name of that has to be unique
[2008/04/08 10:27:08] <shadoi> require => File["uniquename"]
[2008/04/08 10:27:20] <Toad> sure, but then I have to define file { uniquename: }
[2008/04/08 10:27:21] <Toad> somewhere
[2008/04/08 10:27:35] <Toad> which means that that file will get pulled in whether or not i pull in the thing that depends on it
[2008/04/08 10:28:04] <shadoi> yeah it's for load-order requirements, etc.
[2008/04/08 10:28:17] <Toad> can't it just build a dependency tree?
[2008/04/08 10:28:21] <shadoi> it does
[2008/04/08 10:28:34] <Toad> and then realize the parts of the dep tree that are necessary?
[2008/04/08 10:28:40] <shadoi> but files can be willy-nilly so it can't always do it
[2008/04/08 10:28:56] <Toad> so how are you supposed to accomplish anything?
[2008/04/08 10:29:04] <Toad> I may go back to home grown perl scripts very soon...
[2008/04/08 10:29:51] <shadoi> So you want it to automatically build a file object when you add a "this thing depends on File["/etc/blah"]"?
[2008/04/08 10:30:13] <Toad> sure. or I could make my own class which explains how to build it
[2008/04/08 10:30:41] <Toad> basically all i want is to be able to say: authorized_keys { ["todd", "jason"]: auth_user => "admin" }
[2008/04/08 10:30:55] <Toad> and have it automatically create /home/admin/.ssh/authorized_keys if it doesn't exist
[2008/04/08 10:31:08] <shadoi> then put that in your authorized_keys definition
[2008/04/08 10:31:28] <Toad> yea, but then if another class that's included on the same node tries to authorize more users, I get duplicate definition of that file resource
[2008/04/08 10:32:17] <shadoi> no, just make the file resource have a unique name, like file { "authorized_keys_for_$name": ... }
[2008/04/08 10:32:37] <Toad> i guess... seems ugly
[2008/04/08 10:32:50] <Toad> puppet should have an actual idea of a class of resources that can be instantiated
[2008/04/08 10:33:10] <shadoi> It does, they're called virtual objects
[2008/04/08 10:33:17] <Toad> (which is really what defines should do imo)
[2008/04/08 10:33:29] <Toad> yea, the docs don't discuss virtual objs that I can find
[2008/04/08 10:33:43] <Toad> oh, i found it on the wiki though
[2008/04/08 10:33:53] <shadoi> http://reductivelabs.com/trac/puppet/wiki/VirtualResources
[2008/04/08 10:34:20] <shadoi> Toad: but for authorized keys you're going to want to use export/colelct
[2008/04/08 10:34:24] <shadoi> collect*
[2008/04/08 10:34:36] <shadoi> http://reductivelabs.com/trac/puppet/wiki/ExportedResources
[2008/04/08 10:34:54] <shadoi> but you may want to look at that native type, like I said before.
[2008/04/08 10:35:22] <Toad> is it just me or is this whole thing WAY harder than it should be for this task...
[2008/04/08 10:35:36] <shadoi> Toad: unfortunately you picked one of the worst cases to try
[2008/04/08 10:35:45] <shadoi> authorized_keys has been an issue for a while
[2008/04/08 10:36:57] <Toad> oi.. seems simple
[2008/04/08 10:37:09] <Toad> I think I will just write a damn perl script
[2008/04/08 10:39:38] <shadoi> Toad: yeah, it's not super hard, it just takes someone who will write it for everyone else
[2008/04/08 10:40:47] <shadoi> Toad: the problem is everyone goes what?! I have to contribute? fuck that!
[2008/04/08 10:40:58] <Toad> shadoi: are there docs on how to write a plugin that would accomplish this sort of thing?
[2008/04/08 10:41:17] <Toad> I'm happy to get messy in code... at least code makes sense
[2008/04/08 10:41:34] <shadoi> Toad: like I said, check out the native type that someone just recently sent to the puppet-users list, it's a good start.
[2008/04/08 10:42:21] <shadoi> http://reductivelabs.com/trac/puppet/wiki/CreatingCustomTypes
[2008/04/08 10:42:28] <shadoi> http://reductivelabs.com/trac/puppet/wiki/PracticalTypes
[2008/04/08 10:42:50] <shadoi> there are other links to info on those two pages
[2008/04/08 10:43:09] <shadoi> those two docs should probably be merged
[2008/04/08 10:50:08] <shadoi> bbl
[2008/04/08 10:50:11] @ Quit: shadoi: "leaving"
[2008/04/08 10:52:30] @ bender183 joined channel #puppet
[2008/04/08 11:01:58] @ martha left channel #puppet ()
[2008/04/08 11:19:32] <benp-> toad why cant you just use file{} to manage your authorized_keys ?
[2008/04/08 11:20:12] <Toad> benp-: because I'm trying to manage authorized keys separately across different machines
[2008/04/08 11:20:20] <Toad> i.e. user joe has access to appuser on app2, but not on app7
[2008/04/08 11:20:31] <Toad> because app2 also happens to be in the pricing_server class
[2008/04/08 11:29:04] @ Quit: shake-n-bake_:
[2008/04/08 11:31:09] <benp-> ahh
[2008/04/08 11:31:37] @ fujin joined channel #puppet
[2008/04/08 11:37:30] @ jvanzyl joined channel #puppet
[2008/04/08 11:45:29] @ Quit: fujin: "leaving"
[2008/04/08 11:45:37] @ fujin joined channel #puppet
[2008/04/08 11:51:35] @ lak joined channel #puppet
[2008/04/08 12:00:38] @ msf joined channel #puppet
[2008/04/08 12:00:44] <msf> hello
[2008/04/08 12:10:29] <johnf> can someone with some git knowledge let me know if the instructions at the top of http://reductivelabs.com/trac/puppet/wiki/AqueosShorewall are correct? They don't seem to work for me
[2008/04/08 12:11:36] [msg(#puppet)] ::puppet:: Ticket #1180 (enhancement created): nagios types should be able to generate /template definitions/ i... @ http://reductivelabs.com/trac/puppet/ticket/1180
[2008/04/08 12:16:19] @ Quit: lak:
[2008/04/08 12:19:10] @ Quit: jvanzyl:
[2008/04/08 12:42:39] * fujin just printed out james' book
[2008/04/08 12:42:56] <fujin> <3 duplexing/stapling autoprinter
[2008/04/08 12:45:28] @ shake-n-bake joined channel #puppet
[2008/04/08 12:46:17] @ Quit: shake-n-bake: Client Quit
[2008/04/08 12:46:19] @ Quit: rcoup: Read error: 104 (Connection reset by peer)
[2008/04/08 12:48:13] @ jvanzyl joined channel #puppet
[2008/04/08 12:53:20] <fujin> Anyone else get really irritated with huangmingyou's emails?
[2008/04/08 13:02:05] @ lak joined channel #puppet
[2008/04/08 13:04:22] @ shadoi joined channel #puppet
[2008/04/08 13:08:22] @ Quit: bender183: Connection timed out
[2008/04/08 13:14:56] @ plathrop joined channel #puppet
[2008/04/08 13:15:19] <fujin> anyone seen this http://rafb.net/p/rotY2843.html
[2008/04/08 13:15:21] <fujin> behaviour?
[2008/04/08 13:15:23] <fujin> some weird shit going on
[2008/04/08 13:15:28] <fujin> notice: //Node[homepages]/generic-systems/ntp/Package[]/ensure: is purged, should be present (noop)
[2008/04/08 13:19:32] @ Quit: plathrop: Client Quit
[2008/04/08 13:27:29] <shadoi> fujin: you're not using noop?
[2008/04/08 13:27:43] <fujin> no, I am using noop
[2008/04/08 13:27:56] <fujin> (that's a cronjob that runs every hour, with --test --noop, emails the output to myself and my colleague)
[2008/04/08 13:28:08] <fujin> the Package[] behaviour is the weird thing.
[2008/04/08 13:28:15] <fujin> & the subsequent other changes
[2008/04/08 13:28:46] <shadoi> fujin: so the ntp package SHOULD be purged or not?
[2008/04/08 13:29:03] <fujin> no, shouldn't be.
[2008/04/08 13:29:06] <fujin> It is installed
[2008/04/08 13:29:07] <fujin> eh
[2008/04/08 13:29:09] <fujin> I think i worked out what it is
[2008/04/08 13:29:15] <fujin> It's cause my variable assignment is outside of the class
[2008/04/08 13:29:23] <fujin> and therefore only applied when the module is imported
[2008/04/08 13:29:28] * fujin moves it into the class
[2008/04/08 13:46:06] @ Quit: jvanzyl:
[2008/04/08 13:47:39] @ Quit: andrewcshafer:
[2008/04/08 13:57:39] @ Quit: rodjek: Read error: 145 (Connection timed out)
[2008/04/08 13:57:43] <fastjay> holy moly.. i am alive
[2008/04/08 13:58:09] <fastjay> evening folks
[2008/04/08 14:01:07] <fujin> hiya
[2008/04/08 14:07:02] @ andrewcshafer joined channel #puppet
[2008/04/08 14:11:01] <jamesturnbull> fujin: patience is a virtue :)
[2008/04/08 14:13:12] <fujin> huh?? ;>
[2008/04/08 14:13:33] <jamesturnbull> fujin: "Anyone else get really irritated with huangmingyou's emails?"
[2008/04/08 14:13:37] <fujin> ah
[2008/04/08 14:13:39] <fujin> right
[2008/04/08 14:13:41] <fujin> ;\
[2008/04/08 14:13:45] <fujin> I get real annoyed whenever I read one :(
[2008/04/08 14:13:48] <fujin> I'm terrible, I know
[2008/04/08 14:14:13] <jamesturnbull> fujin: I feel the same way when you kiwis call me "bro"
[2008/04/08 14:14:37] <jamesturnbull> :P
[2008/04/08 14:14:38] @ dysinger joined channel #puppet
[2008/04/08 14:14:59] <fujin> actually??
[2008/04/08 14:15:08] <fujin> I can't help it; I call everyone bro
[2008/04/08 14:15:23] <fujin> well, nearly everyone
[2008/04/08 14:15:26] <fujin> not in email anyway.
[2008/04/08 14:16:08] <jamesturnbull> fujin: nah I don't mind - I have a lot of kiwi mates - you get used to it
[2008/04/08 14:19:50] @ shake-n-bake joined channel #puppet
[2008/04/08 14:21:21] <fujin> hum
[2008/04/08 14:21:29] <fujin> Trying to work out why one of my nodes isn't graphign with munin, but all others are
[2008/04/08 14:21:36] <fujin> and I can telnet to the box and do list/fetch blah etc
[2008/04/08 14:22:43] @ jvanzyl joined channel #puppet
[2008/04/08 14:24:22] * jamesturnbull puts on his security hat
[2008/04/08 14:24:32] <jamesturnbull> fujin: don't you mean I can "ssh to the box"
[2008/04/08 14:24:33] <jamesturnbull> ?
[2008/04/08 14:24:40] <jamesturnbull> fujin: any error mesages?
[2008/04/08 14:24:50] <jamesturnbull> fujin: anythign different about the box?
[2008/04/08 14:25:18] <fujin> nah, nothing
[2008/04/08 14:25:20] <fujin> we recently mgirated it
[2008/04/08 14:25:26] <fujin> and no I do mean telnet, I meant telnet to the munin port
[2008/04/08 14:26:30] <jamesturnbull> fujin: migrated it to?
[2008/04/08 14:26:43] <fujin> between ESX hosts
[2008/04/08 14:27:54] <fujin> going to nuke all it's old RRD data and try again
[2008/04/08 14:28:05] <fujin> lalala
[2008/04/08 14:28:05] <fujin> I wish this day would end
[2008/04/08 14:28:38] <shadoi> <end>day</end>
[2008/04/08 14:28:41] <shadoi> there you go
[2008/04/08 14:30:22] <fujin> lol
[2008/04/08 14:30:44] [msg(#puppet)] ::puppet:: UPGRADE edited by mcbride @ http://reductivelabs.com/trac/puppet/wiki/UPGRADE
[2008/04/08 14:47:17] @ bender183 joined channel #puppet
[2008/04/08 15:29:39] @ Quit: shake-n-bake:
[2008/04/08 15:59:02] @ zobbo joined channel #puppet
[2008/04/08 16:02:13] @ Quit: shadoi: "leaving"
[2008/04/08 16:13:18] @ stahnma_ joined channel #puppet
[2008/04/08 16:14:15] @ Quit: stahnma: Read error: 104 (Connection reset by peer)
[2008/04/08 16:32:47] @ Quit: zobbo: Read error: 110 (Connection timed out)
[2008/04/08 16:41:47] @ Quit: kolla: Remote closed the connection
[2008/04/08 16:46:06] @ Quit: johnf: Read error: 110 (Connection timed out)
[2008/04/08 16:52:52] @ johnf joined channel #puppet
[2008/04/08 16:54:12] @ DerekW joined channel #puppet
[2008/04/08 16:57:11] @ Quit: stevil_: Read error: 113 (No route to host)
[2008/04/08 17:09:20] @ yure joined channel #puppet
[2008/04/08 17:22:43] @ f--z joined channel #puppet
[2008/04/08 17:24:17] @ Innocenti joined channel #puppet
[2008/04/08 17:32:28] @ stevil joined channel #puppet
[2008/04/08 17:36:33] @ zobbo joined channel #puppet
[2008/04/08 17:38:07] @ Quit: jvanzyl:
[2008/04/08 17:38:44] @ jvanzyl joined channel #puppet
[2008/04/08 17:41:08] @ Quit: lak:
[2008/04/08 17:53:09] @ roald joined channel #puppet
[2008/04/08 17:54:01] @ jgonzalez joined channel #puppet
[2008/04/08 17:58:51] @ kolla joined channel #puppet
[2008/04/08 18:22:52] @ mikepea joined channel #puppet
[2008/04/08 18:25:28] @ Quit: andrewcshafer:
[2008/04/08 18:29:56] @ Quit: remil: Read error: 110 (Connection timed out)
[2008/04/08 19:01:07] [msg(#puppet)] ::puppet:: Using Stored Configuration edited by dhill @ http://reductivelabs.com/trac/puppet/wiki/UsingStoredConfiguration
[2008/04/08 19:01:08] [msg(#puppet)] ::puppet:: Puppet Show edited by dhill @ http://reductivelabs.com/trac/puppet/wiki/PuppetShow
[2008/04/08 19:03:17] @ Quit: oxtail: Read error: 113 (No route to host)
[2008/04/08 19:11:40] @ happymcplaksin joined channel #puppet
[2008/04/08 19:39:21] @ oxtail joined channel #puppet
[2008/04/08 19:41:46] @ bch_ joined channel #puppet
[2008/04/08 19:42:11] @ bch__ joined channel #puppet
[2008/04/08 19:42:18] @ Quit: bch820: Read error: 104 (Connection reset by peer)
[2008/04/08 19:47:47] <kolla> hm, which ports do puppet use? I've found 8140, but I suspect this is not used for file transfers
[2008/04/08 19:57:59] @ Quit: bch_: Read error: 110 (Connection timed out)
[2008/04/08 20:03:00] <kolla> which port is used for puppet://?
[2008/04/08 20:03:50] <Volcane> my ruby only has 8140 open
[2008/04/08 20:04:08] <kolla> mine as well, as far as I can tell
[2008/04/08 20:04:53] <kolla> however, when I run puppetd on the client, I get "err: Could not call fileserver.describe: #<Errno::EHOSTUNREACH: No route to host - connect(2)"
[2008/04/08 20:05:00] <kolla> which indicated access-list problem
[2008/04/08 20:05:18] <kolla> reaching port 8140 is not a problem though....
[2008/04/08 20:05:19] <kolla> hm
[2008/04/08 20:06:43] <kolla> no, appearently puppet doesnt use ipv6 whatsoever, so it's not that either