Wednesday, 2008-04-09

« Tuesday, 2008-04-08 Index Thursday, 2008-04-10 »
[2008/04/09 00:00:58] <ashp> I wish there was some kind of acl i could set to say files are managed by puppet, so no other idiot tries to modify them directly
[2008/04/09 00:02:46] <thom> they learn pretty quickly when stuff gets blown away
[2008/04/09 00:03:04] @ lak joined channel #puppet
[2008/04/09 00:03:19] @ Quit: dysinger:
[2008/04/09 00:03:43] <ashp> I don't suppose anyone attempts to manage files that are updated by software within puppet? (my aim being for recovery purposes, rather than restoring from backups I want to rebuild to the current state)
[2008/04/09 00:03:56] <ashp> I have several files modified by cobbler, and I want to be able to manage those in some sensible way
[2008/04/09 00:04:08] <ashp> i'll probably just ignore them and rely on backups anyway, but i want to hear what anyone else does first
[2008/04/09 00:05:09] @ Quit: Toad: Read error: 101 (Network is unreachable)
[2008/04/09 00:12:19] <Zothar_Work> ashp: tell Puppet to make the file read-only for all classes of users; then the mentioned idiot would have to be root to modify them and at least with vim you get prompted with an "are you sure" type of approach even then
[2008/04/09 00:12:25] <johnf> ashp: I always put the output of "echo puppet | figlet" at the top of puppet managed files
[2008/04/09 00:13:38] <Zothar_Work> ashp: if "cobbler" (not familiar with it myself) were to update the file on the puppetmaster rather than on the Puppet client, you'd be golden in that sense
[2008/04/09 00:14:13] <Zothar_Work> johnf: good idea
[2008/04/09 00:15:21] @ f--z joined channel #puppet
[2008/04/09 00:31:57] @ Quit: Volcane: "Lost terminal"
[2008/04/09 00:32:34] @ Volcane joined channel #puppet
[2008/04/09 00:32:39] @ Volcane left channel #puppet ("brb")
[2008/04/09 00:32:45] @ Volcane joined channel #puppet
[2008/04/09 00:34:29] <ashp> I decided against trying to manage changing files in puppet as it's kind of a pain
[2008/04/09 00:34:41] <ashp> I'd have to script things to grab the files and import them and check them in, realistically
[2008/04/09 00:36:13] @ jgonzalez left channel #puppet ()
[2008/04/09 00:38:28] @ Quit: happymcplaksin: Remote closed the connection
[2008/04/09 00:39:53] [msg(#puppet)] ::puppet:: Common Modules edited by immerda @ http://reductivelabs.com/trac/puppet/wiki/CommonModules
[2008/04/09 00:49:19] @ Quit: johnf: "Leaving."
[2008/04/09 01:03:56] @ vinbarnes left channel #puppet ()
[2008/04/09 01:08:03] [msg(#puppet)] ::puppet:: Using Multiple Environments edited by immerda @ http://reductivelabs.com/trac/puppet/wiki/UsingMultipleEnvironments
[2008/04/09 01:16:42] @ Quit: jeffl: Remote closed the connection
[2008/04/09 01:23:56] @ Quit: stevil: Connection timed out
[2008/04/09 01:24:08] @ ezralini joined channel #puppet
[2008/04/09 01:28:40] [msg(#puppet)] ::puppet:: Ticket #1156 (refactor closed): Add rspec tests for lib/puppet/util/loadedfile.rb @ http://reductivelabs.com/trac/puppet/ticket/1156#comment:5
[2008/04/09 01:28:40] [msg(#puppet)] ::puppet:: Ticket #1020 (defect closed): Error reporting on OpenSSL errors should be clearer @ http://reductivelabs.com/trac/puppet/ticket/1020#comment:10
[2008/04/09 01:28:40] [msg(#puppet)] ::puppet:: Using Multiple Environments edited by immerda @ http://reductivelabs.com/trac/puppet/wiki/UsingMultipleEnvironments
[2008/04/09 01:28:40] [msg(#puppet)] ::puppet:: Using Multiple Environments edited by immerda @ http://reductivelabs.com/trac/puppet/wiki/UsingMultipleEnvironments
[2008/04/09 01:31:55] @ martha joined channel #puppet
[2008/04/09 01:32:49] [msg(#puppet)] ::puppet:: Ticket #1148 (defect closed): shebang should be '/usr/bin/env ruby' @ http://reductivelabs.com/trac/puppet/ticket/1148#comment:17
[2008/04/09 01:32:49] [msg(#puppet)] ::puppet:: Ticket #1160 (enhancement closed): puppet-mode.el updates @ http://reductivelabs.com/trac/puppet/ticket/1160#comment:4
[2008/04/09 01:32:49] [msg(#puppet)] ::puppet:: Ticket #1161 (defect closed): service provider on Debian doesn't realize a service is disabled @ http://reductivelabs.com/trac/puppet/ticket/1161#comment:6
[2008/04/09 01:32:49] [msg(#puppet)] ::puppet:: Ticket #1174 (defect closed): Redhat init script uses wrong pidfile @ http://reductivelabs.com/trac/puppet/ticket/1174#comment:2
[2008/04/09 01:33:17] @ Quit: kolla: Remote closed the connection
[2008/04/09 01:37:29] @ andrewcshafer joined channel #puppet
[2008/04/09 01:37:52] [msg(#puppet)] ::puppet:: Using Multiple Environments edited by jamtur01 @ http://reductivelabs.com/trac/puppet/wiki/UsingMultipleEnvironments
[2008/04/09 01:37:52] [msg(#puppet)] ::puppet:: Using Multiple Environments edited by jamtur01 @ http://reductivelabs.com/trac/puppet/wiki/UsingMultipleEnvironments
[2008/04/09 01:37:52] [msg(#puppet)] ::puppet:: Ticket #646 (defect closed): Puppet behaves differently relative to current working directory @ http://reductivelabs.com/trac/puppet/ticket/646#comment:6
[2008/04/09 01:41:02] @ Quit: Innocenti: Client Quit
[2008/04/09 01:42:46] <duritong> thanks jamesturnbull for fixin the stuff
[2008/04/09 01:44:07] @ jeffl joined channel #puppet
[2008/04/09 01:44:13] [msg(#puppet)] ::puppet:: Ticket #975 (defect closed): regex characters in filenames are not properly quoted @ http://reductivelabs.com/trac/puppet/ticket/975#comment:3
[2008/04/09 01:45:49] <chadh> heh, lak is an oracle :)
[2008/04/09 01:45:58] <lak> i am?
[2008/04/09 01:46:02] <lak> that would be nice
[2008/04/09 01:46:18] <chadh> lak: you replied about what people have done in the future
[2008/04/09 01:46:26] <chadh> I assume you meant past, but it tickled me
[2008/04/09 01:46:33] <lak> yeah, i realized that as i was hitting control-d
[2008/04/09 01:46:40] <lak> i only got about 4 hrs of sleep last night
[2008/04/09 01:46:44] <lak> and the coffee hadn't hit yet
[2008/04/09 01:46:51] <lak> well, that, and i can see into the future
[2008/04/09 01:46:57] * chadh had his first full night of sleep in several last night
[2008/04/09 01:48:21] @ shake-n-bake joined channel #puppet
[2008/04/09 01:50:23] [msg(#puppet)] ::puppet:: Ticket #1013 (defect closed): latest verion of Yum in Fedora Core 7 and 8 break puppet @ http://reductivelabs.com/trac/puppet/ticket/1013#comment:4
[2008/04/09 01:50:23] [msg(#puppet)] ::puppet:: Ticket #1015 (defect closed): err: Got an uncaught exception of type SystemStackError: stack level t... @ http://reductivelabs.com/trac/puppet/ticket/1015#comment:2
[2008/04/09 01:50:23] [msg(#puppet)] ::puppet:: Ticket #1022 (defect closed): Solaris group management @ http://reductivelabs.com/trac/puppet/ticket/1022#comment:2
[2008/04/09 01:54:45] @ Quit: DerekW: "Leaving"
[2008/04/09 01:56:26] @ pleemans joined channel #puppet
[2008/04/09 01:58:01] [msg(#puppet)] ::puppet:: Ticket #1095 (defect closed): Puppetmaster leaving half-open connections @ http://reductivelabs.com/trac/puppet/ticket/1095#comment:3
[2008/04/09 02:00:29] @ stevil joined channel #puppet
[2008/04/09 02:01:50] @ Quit: shake-n-bake:
[2008/04/09 02:03:25] [msg(#puppet)] ::puppet:: Ticket #1181 (defect created): Installation Guide typo @ http://reductivelabs.com/trac/puppet/ticket/1181
[2008/04/09 02:03:26] @ Quit: Xteven: Read error: 104 (Connection reset by peer)
[2008/04/09 02:04:54] @ shake-n-bake joined channel #puppet
[2008/04/09 02:14:41] [msg(#puppet)] ::puppet:: Ticket #944 (defect closed): multiple warnings: "Other end went away; restarting connection and retr... @ http://reductivelabs.com/trac/puppet/ticket/944#comment:5
[2008/04/09 02:14:42] [msg(#puppet)] ::puppet:: Ticket #1181 (defect closed): Installation Guide typo @ http://reductivelabs.com/trac/puppet/ticket/1181#comment:1
[2008/04/09 02:17:30] [msg(#puppet)] ::puppet:: Installation Guide edited by jamtur01 @ http://reductivelabs.com/trac/puppet/wiki/InstallationGuide
[2008/04/09 02:20:08] @ Quit: f--z: "KVIrc 3.2.5 Anomalies http://www.kvirc.net/"
[2008/04/09 02:21:04] @ Quit: Toad__: Read error: 110 (Connection timed out)
[2008/04/09 02:22:36] <stick> I always forget this... if I have a custom defined type like foo::bar and I'm refering to it already existing is it Foo::Bar or Foo::bar ?
[2008/04/09 02:24:15] [msg(#puppet)] ::puppet:: Installation Guide edited by jamtur01 @ http://reductivelabs.com/trac/puppet/wiki/InstallationGuide
[2008/04/09 02:24:32] <mikepea> stick: Foo::Bar
[2008/04/09 02:24:44] <stick> mikepea: thanks
[2008/04/09 02:26:34] @ plathrop joined channel #puppet
[2008/04/09 02:30:39] @ nigelk joined channel #puppet
[2008/04/09 02:43:44] <duritong> lak: hmm ok maybe I didn't remember your former mails correctly (default environment)
[2008/04/09 02:46:31] <lak> duritong: you == evan?
[2008/04/09 02:53:38] <Volcane> for me, prod->dev is just changing configs
[2008/04/09 02:53:55] <duritong> lak: pete
[2008/04/09 02:54:00] <Volcane> so its totally conceivable that i would want puppet to manage that process
[2008/04/09 02:54:03] <lak> ah, ok
[2008/04/09 03:14:25] @ Toad joined channel #puppet
[2008/04/09 03:14:25] @ Quit: elrako: Read error: 104 (Connection reset by peer)
[2008/04/09 03:14:45] @ shadoi joined channel #puppet
[2008/04/09 03:18:07] [msg(#puppet)] ::puppet:: Puppet Show edited by shadoi @ http://reductivelabs.com/trac/puppet/wiki/PuppetShow
[2008/04/09 03:19:35] @ efghph joined channel #puppet
[2008/04/09 03:20:40] @ Quit: zobbo: "Enough no more 'tis not as sweet as it was before"
[2008/04/09 03:24:53] <duritong> lak: just to be clear, is there yet a patch needed to change the default environment or you pushed no one? sometimes my understanding is not the best :(
[2008/04/09 03:25:09] <lak> i pushed a fix in the 0.24.x branch
[2008/04/09 03:26:31] <duritong> ok
[2008/04/09 03:26:57] <duritong> just was in progress of making one, but then reread your mail :-/
[2008/04/09 03:27:07] <duritong> so thanks to you! :)
[2008/04/09 03:33:33] <shadoi> lak: Puppet.settings.instance_variable_get(:@values)[:puppetmasterd] I should be able to just do Puppet.settings.use(:puppetmasterd) and get the same thing right?
[2008/04/09 03:34:00] <shadoi> doesn't seem to work for me
[2008/04/09 03:34:01] <lak> no
[2008/04/09 03:34:10] <lak> .use actually does work to the system
[2008/04/09 03:34:19] <shadoi> ah.. hrmm
[2008/04/09 03:34:26] <lak> it's probably actually reasonable to provide a method that returns all of the values for a given section name
[2008/04/09 03:34:32] <lak> which is what you're looking for
[2008/04/09 03:34:34] <shadoi> yeah
[2008/04/09 03:34:39] <shadoi> ok I'll tinker
[2008/04/09 03:49:03] @ oxtail joined channel #puppet
[2008/04/09 03:53:55] @ Quit: oxtail: Client Quit
[2008/04/09 03:56:29] @ kolla joined channel #puppet
[2008/04/09 03:56:49] @ patobrien joined channel #puppet
[2008/04/09 03:56:50] <martha> shadoi: let me know when you want me to test puppetshow
[2008/04/09 03:56:52] @ Quit: malikeye|work: "Lost terminal"
[2008/04/09 03:58:12] <shadoi> martha: let me push this one tweak and you can pull from my git repo
[2008/04/09 03:59:07] <martha> ok
[2008/04/09 04:00:14] <shadoi> martha: http://github.com/shadoi/puppetshow/tree/master
[2008/04/09 04:00:17] <shadoi> go hog-wild
[2008/04/09 04:00:39] <shadoi> martha: I'm especially curious if the default dabase settings stuff works for you
[2008/04/09 04:00:45] <shadoi> database*
[2008/04/09 04:05:25] @ jason^ joined channel #puppet
[2008/04/09 04:06:48] <jason^> is there any problem with creating a "base-node" and making all other machine classes inherit the "base-node"?
[2008/04/09 04:07:05] <jason^> the base node just includes a large number of classes i use
[2008/04/09 04:07:33] <jason^> or should a server class like "mysql_server" just use include "base-node"
[2008/04/09 04:07:47] <ashp> i do that
[2008/04/09 04:07:53] <ashp> oh wait, basenode
[2008/04/09 04:07:57] <ashp> i just have a baseclass
[2008/04/09 04:08:00] <jason^> well base-class
[2008/04/09 04:08:03] <ashp> that has loads of include modulename, modulename
[2008/04/09 04:08:04] <nigelk> jason^: so what we do is try to use modules for everything. Our site.pp basically just includes node default { include base }
[2008/04/09 04:08:06] <ashp> yeah i do that right now
[2008/04/09 04:08:17] <nigelk> and then our base module is where the base class is defined
[2008/04/09 04:08:28] <jason^> ashp: you inherit or include?
[2008/04/09 04:08:49] <jason^> hmm i'm not using modules...
[2008/04/09 04:09:15] <plathrop> jason^: You're missing out. Once I switched to modules, they made things a lot easier and more logical.
[2008/04/09 04:09:29] <nigelk> modules rock. really.
[2008/04/09 04:09:57] <nigelk> and once you have everything in modules, environments become a lot more useful too
[2008/04/09 04:10:15] <jason^> i'm pretty early on in my rollout, i should research modules
[2008/04/09 04:10:32] <jason^> is there a good wiki article on using modules for this purpose?
[2008/04/09 04:10:56] <plathrop> jason^: The wiki docs on Modules in general is pretty comprehensible.
[2008/04/09 04:11:27] @ brenton joined channel #puppet
[2008/04/09 04:12:11] <jason^> ok, i'll take a look around
[2008/04/09 04:18:47] <ashp> modules are fantastic
[2008/04/09 04:19:32] <ashp> right from the start I went with them, and I'm glad I did
[2008/04/09 04:20:00] <ashp> on my new server I just put together I have include baseclass, puppetmaster and cobbler, and the rest are modules
[2008/04/09 04:20:09] <ashp> I'm a little naughty in that they aren't quite self contained, and I know they should be, but it seemed like code duplication
[2008/04/09 04:21:19] @ malikeye|work joined channel #puppet
[2008/04/09 04:27:37] @ zobbo joined channel #puppet
[2008/04/09 04:32:03] @ Quit: patobrien: "Leaving"
[2008/04/09 04:34:49] @ ribo joined channel #puppet
[2008/04/09 04:36:21] <ribo> # puppetmasterd --mkusers --verbose
[2008/04/09 04:36:24] <ribo> Could not configure for running; got 1 failure(s)
[2008/04/09 04:37:43] <ribo> not very verbose : (
[2008/04/09 04:38:39] <lak> yeah, i've been tryiing to fix that
[2008/04/09 04:38:46] <lak> you can try debug mode
[2008/04/09 04:38:59] <lak> you normally get exceptions, but sometimes they aren't visible
[2008/04/09 04:39:34] <lak> shadoi: you around?
[2008/04/09 04:42:50] @ Quit: stevil: Read error: 113 (No route to host)
[2008/04/09 04:47:17] <ezralini> gepetto_: help
[2008/04/09 04:47:18] <gepetto_> ezralini: help topics: 6 core modules: auth, basics, config, httputil, remote, userdata; 5 plugins: rss, seen, shortenurls, stats, tracurls (help <topic> for more info)
[2008/04/09 04:51:54] @ Zothar_Work left channel #puppet ()
[2008/04/09 05:03:08] <flakrat_> anyone here run puppet client on RHEL5 or CentOS5 systems? I have a check to see if iptables is running, and to start it if not "service { "iptables": enable => true, ensure => running, hasstatus => true, } but on the el5 systems it always results in an SElinux error
[2008/04/09 05:03:32] <flakrat_> just curious how others are handling that type of issue on el5 with regards to puppet
[2008/04/09 05:07:55] <stick> flakrat_: I've got alot of rhel5
[2008/04/09 05:08:05] <stick> but we disable selinux everywhere
[2008/04/09 05:08:42] <flakrat_> stick, I've been trying to "stay the course" and work with SElinux, but it really is a pain in the rear
[2008/04/09 05:08:50] <stick> flakrat_: yes it is
[2008/04/09 05:09:36] <flakrat_> I take it you've not had any compromised systems due to SELinux being disabled?
[2008/04/09 05:09:47] <stick> my thought on it is unless you have a really good reason to use selinux (govt regulation, etc) stay away from it, especially with puppet. at least until puppet becomes selinux aware itself
[2008/04/09 05:09:52] <stick> no
[2008/04/09 05:10:00] <flakrat_> good point
[2008/04/09 05:10:19] <holoway> +1 to sticks comments re SElinux
[2008/04/09 05:10:28] <stick> selinux and puppet are kinda diametrically opposed anyway
[2008/04/09 05:10:51] <stick> selinux is all about separation of duties puppet's all about consolidation :)
[2008/04/09 05:11:05] <flakrat_> haha, that it is
[2008/04/09 05:11:22] <holoway> and even a lot of the audit requirements that selinux fills can in many cases be filled by puppet and limited access control
[2008/04/09 05:11:28] <holoway> depending on what it's solving for you
[2008/04/09 05:11:32] <stick> yup
[2008/04/09 05:11:48] <flakrat_> thanks to puppet (attempting to ensure a package was present) I found a bug on my yum repo server :-) so it even helps in ways it wasn't meant to
[2008/04/09 05:11:52] <holoway> most of the Sarbox requirements, for example, are easy to fill with puppet
[2008/04/09 05:12:14] <holoway> in terms of ensuring that developers can't change things in production without oversight
[2008/04/09 05:12:21] <holoway> on systems that generate revenue
[2008/04/09 05:12:22] * stick docs holoway 1 demerit for mentioning the 'S' word :)
[2008/04/09 05:12:35] <holoway> shit
[2008/04/09 05:12:45] <holoway> busted back to private again
[2008/04/09 05:12:50] <holoway> I'll never stay a corporal
[2008/04/09 05:12:51] <holoway> :)
[2008/04/09 05:12:55] <stick> haha
[2008/04/09 05:13:08] <flakrat_> hahaha, peal them potatos
[2008/04/09 05:13:22] <flakrat_> or get puppet to do it for you :0
[2008/04/09 05:15:03] * holoway starts on potato::peeler
[2008/04/09 05:15:17] <shadoi> lak: yeah
[2008/04/09 05:15:51] <lak> shadoi: nevermind; i was getting failing tests, and i thought i remembered you adding new base classes to nagios
[2008/04/09 05:15:55] <lak> but i fixed it myself
[2008/04/09 05:16:05] <shadoi> lak: did I break stuff?
[2008/04/09 05:16:06] <lak> i had to add some new puppet resource types to match those naginator base classes
[2008/04/09 05:16:10] <lak> well, you broke tests
[2008/04/09 05:16:13] <lak> the code still worked
[2008/04/09 05:16:17] <shadoi> oh I see
[2008/04/09 05:16:32] <shadoi> tests? what are those?
[2008/04/09 05:17:47] * z00dax looks in
[2008/04/09 05:18:00] <stick> lak: is there test documentation anywhere? I've got some basic types that I've written (almost all parsed file stuff) that at some point I want to submit back but I figure I need to do tests for them, just not sure how to do those
[2008/04/09 05:18:36] <lak> no, there aren't any docs :/
[2008/04/09 05:18:46] <lak> one more thing i should add to my todo list, i guess
[2008/04/09 05:19:04] <z00dax> lak: in what vers of puppet did class inheritance start working ?
[2008/04/09 05:19:05] <lak> you can theoretically get examples by looking in the output of 'git log spec/'
[2008/04/09 05:19:14] <lak> z00dax: erm, 0.9?
[2008/04/09 05:19:16] <lak> not sure
[2008/04/09 05:19:20] <lak> really early
[2008/04/09 05:19:27] <lak> probably not quite that early, i guess
[2008/04/09 05:19:35] <stick> lak: *nod*
[2008/04/09 05:19:40] <z00dax> humm.. i have 0.22.3 here, and its not working for me. obviously doing something wrong then. hang on let me sho you the snippet
[2008/04/09 05:21:23] <z00dax> http://www.pastebin.ca/977314
[2008/04/09 05:21:28] <z00dax> should that not work ?
[2008/04/09 05:21:54] <z00dax> the Mount[] is a class in workstatoin
[2008/04/09 05:21:57] <chadh> so does that mean the dates in late May are set?
[2008/04/09 05:24:55] <lak> training dates?
[2008/04/09 05:25:15] @ Quit: shake-n-bake: Read error: 110 (Connection timed out)
[2008/04/09 05:25:24] <chadh> lak: yes
[2008/04/09 05:25:30] <ashp> hmm, i wish there was some way to monitor files with puppet
[2008/04/09 05:25:33] <z00dax> .oO0 ( training ? )
[2008/04/09 05:25:35] <ashp> and back them up whenever they change
[2008/04/09 05:25:43] <ashp> i know that's really the job of a backup system, but it would make redeploying things easier
[2008/04/09 05:25:51] <z00dax> lak: got a min to look at that pastebin and see what i am doing wrong ?
[2008/04/09 05:26:15] <lak> z00dax: not this minute, hold on
[2008/04/09 05:28:50] <lak> chadh: the date is not set
[2008/04/09 05:29:03] <chadh> lak: ok, I couldn't tell from Gwendolyn's mail
[2008/04/09 05:29:06] @ shake-n-bake joined channel #puppet
[2008/04/09 05:29:07] <lak> the hotels in downtown were $500/night, so we're trying to find a part of town that's still cool but not ridiculous
[2008/04/09 05:29:12] <chadh> whoa
[2008/04/09 05:29:15] <lak> "As soon as we have that, the date will be set"
[2008/04/09 05:29:17] <lak> yeah
[2008/04/09 05:29:41] <chadh> lak: my bad, I see it
[2008/04/09 05:29:46] <lak> np
[2008/04/09 05:29:59] <chadh> I really want to make it, but it is getting tight
[2008/04/09 05:30:08] <lak> in terms of timing?
[2008/04/09 05:30:31] <chadh> yeah, our fiscal year ends in June, and they will be locking down spending any time now
[2008/04/09 05:30:36] <lak> ah
[2008/04/09 05:30:45] <lak> i'm going to do my damnedest to get it locked down this week
[2008/04/09 05:30:48] <lak> i know i've been slow
[2008/04/09 05:33:04] <lak> z00dax: class inheritance can't pass information up the heirarchy
[2008/04/09 05:33:15] <lak> so a subclass can't define defaults that will affect the parent class
[2008/04/09 05:33:26] <lak> i know it's not the best, but i can't come up with a way to fix it
[2008/04/09 05:33:30] @ Quit: malikeye|work: "leaving"
[2008/04/09 05:33:53] <shadoi> lak: that's an override not a default right?
[2008/04/09 05:34:19] <lak> yeah, sorry
[2008/04/09 05:34:25] @ malikeye|work joined channel #puppet
[2008/04/09 05:34:26] <lak> i shouldn't try to help when i'm this scattered
[2008/04/09 05:34:39] <duritong> stick: i would disagree with you about selinux, but i think this would be a rather long discussion
[2008/04/09 05:35:03] <stick> duritong: ok :)
[2008/04/09 05:35:08] <shadoi> lak: that syntax looks right, maybe it's something to do with the Mount type specifically?
[2008/04/09 05:35:11] <lak> z00dax: it looks like you're setting it somewhere
[2008/04/09 05:35:12] <lak> no
[2008/04/09 05:35:21] <lak> there's *never* anything specific to any type in the parser
[2008/04/09 05:35:26] <lak> you can bank on that
[2008/04/09 05:35:30] <shadoi> ah ok
[2008/04/09 05:35:33] <lak> if it works for one type, it'll always work for all types
[2008/04/09 05:35:43] * z00dax gets back in #puppet
[2008/04/09 05:35:58] <lak> yeah, i notice you're coming up for air after being gone a while
[2008/04/09 05:36:02] <stick> duritong: it's certainly a wonderful idea but isn't baked enough (even now) for 90% of the SAs out there, unless you are willing to devote pretty much 1 full time person to selinux context writing and auditing
[2008/04/09 05:36:03] <z00dax> I've never actually used this, this is the first time I am trying to make this work, and its not happy
[2008/04/09 05:36:04] * lak needs to get back over to .eu
[2008/04/09 05:36:55] <stick> duritong: for the % of people that need selinux they can certainly make it work, it's just not ready for the masses yet
[2008/04/09 05:37:13] <z00dax> lak: perhaps next round of training this side ?
[2008/04/09 05:37:15] <stick> most applications don't even consider contexts
[2008/04/09 05:37:32] <duritong> stick: yeah this is right, nevertheless security is never for free :P and never expect to run current working code again in a selinux system. because it simply might be broken already yet.
[2008/04/09 05:37:32] <stick> puppet The World Tour!
[2008/04/09 05:37:37] <duritong> example: http://danwalsh.livejournal.com/17156.html
[2008/04/09 05:37:51] <shadoi> I'm curious if that would work with an alias instead of the name
[2008/04/09 05:38:21] <z00dax> worth a try, i have about 4 dozen machines in a branch at the moment :/
[2008/04/09 05:38:34] <stick> duritong: I also think alot of people look at selinux as a security blanket and a reason to be less diligent in traditional systems security
[2008/04/09 05:39:26] <lak> z00dax: that's my goal
[2008/04/09 05:39:27] <stick> duritong: yeah don't get me started on oracle :)
[2008/04/09 05:39:28] <lak> at least, some time this year
[2008/04/09 05:39:37] <lak> assuming i can actually pull this training off :)
[2008/04/09 05:40:10] <stick> lak: serve beer, everyone who attends will come back raving about how great the training was :)
[2008/04/09 05:41:04] <duritong> stick: well actually selinux won't make your app more secure. it just limit the possibilities to interract with the underlaying system in case of an misuse
[2008/04/09 05:41:37] <stick> duritong: correct but I don't think alot of people realize that distinctino
[2008/04/09 05:41:44] <stick> *distinction
[2008/04/09 05:42:13] * duritong agrees
[2008/04/09 05:43:41] <z00dax> stick: no luck, same issue with alias as well
[2008/04/09 05:43:52] <z00dax> actually, the interesting thing is that on one machine it says :
[2008/04/09 05:43:55] <z00dax> err: Could not retrieve configuration: Could not find object(s) Mount[publicmount]
[2008/04/09 05:43:56] <stick> z00dax: ?
[2008/04/09 05:43:59] <z00dax> warning: Not using cache on failed configuration
[2008/04/09 05:44:01] <z00dax> err
[2008/04/09 05:44:11] <lak> aliases don't work in the parser
[2008/04/09 05:44:17] <lak> only on the client
[2008/04/09 05:44:18] <z00dax> s/ stick / shadoi /
[2008/04/09 05:44:34] <z00dax> hummm
[2008/04/09 05:44:57] @ dysinger joined channel #puppet
[2008/04/09 05:45:31] @ Quit: lak:
[2008/04/09 05:49:19] [msg(#puppet)] ::puppet:: Ticket #1108 (defect closed): variables become undefined on second puppetd run @ http://reductivelabs.com/trac/puppet/ticket/1108#comment:5
[2008/04/09 05:53:08] @ Quit: pleemans: "Ex-Chat"
[2008/04/09 05:57:14] <martha> shadoi: the new puppetshow doesn't seem to like the fact that I'm not running on the same server as the db
[2008/04/09 05:58:02] <stick> has anyone run into any issues with puppet not creating directories even though all the parts are defined in the manifest
[2008/04/09 06:00:17] <martha> shadoi: never mind
[2008/04/09 06:02:40] @ Quit: mikearr: Read error: 104 (Connection reset by peer)
[2008/04/09 06:04:00] @ Quit: roald: Remote closed the connection
[2008/04/09 06:07:02] @ Quit: malikeye|work: "Lost terminal"
[2008/04/09 06:10:46] @ malikeye|work joined channel #puppet
[2008/04/09 06:11:46] @ mikearr joined channel #puppet
[2008/04/09 06:13:57] <martha> shadoi: the db migrate worked, and puppet show is up. but very very slow
[2008/04/09 06:24:41] <shadoi> martha: how many nodes?
[2008/04/09 06:24:59] <shadoi> and is this mysql?
[2008/04/09 06:26:42] @ Quit: mikearr: Read error: 104 (Connection reset by peer)
[2008/04/09 06:29:24] <riddley> lak around?
[2008/04/09 06:30:27] <z00dax> shadoi: btw, that seems to work if the first node including the class sets the overrides, if another node then inherits this node, its unable to make this work
[2008/04/09 06:30:33] <z00dax> for now, SIGHOMETIME!
[2008/04/09 06:32:05] @ efghph left channel #puppet ()
[2008/04/09 06:35:21] @ Quit: jshar1: Read error: 104 (Connection reset by peer)
[2008/04/09 06:35:57] @ Quit: jeffl: Remote closed the connection
[2008/04/09 06:38:38] @ Quit: jvanzyl:
[2008/04/09 06:40:01] @ jshare joined channel #puppet
[2008/04/09 06:40:09] @ Quit: jshare: Read error: 104 (Connection reset by peer)
[2008/04/09 06:40:21] @ jshare joined channel #puppet
[2008/04/09 06:44:16] @ mikearr joined channel #puppet
[2008/04/09 06:45:29] <shadoi> z00dax: heh, I just barely realized that you're doing overrides inside nodes, I think it's only meant to work inside classes.
[2008/04/09 06:46:52] <martha> shadoi: postgresql, 18 nodes
[2008/04/09 06:52:22] <shadoi> martha: where is it slow?
[2008/04/09 06:55:09] <shadoi> martha: can you give me a better idea of what you're seeing? I'd really like to optimize it.
[2008/04/09 07:05:06] <martha> shadoi: just loading the first page takes about 20 seconds
[2008/04/09 07:07:42] @ mfedyk joined channel #puppet
[2008/04/09 07:23:22] <shadoi> hmm.. must be doing too much association loading
[2008/04/09 07:23:31] @ Gareth is now known as Morph
[2008/04/09 07:24:07] <shadoi> martha: I assume you have a LOT of classes & resources?
[2008/04/09 07:24:28] @ Morph is now known as Gareth
[2008/04/09 07:28:51] <martha> shadoi: yes
[2008/04/09 07:30:39] @ Quit: jason^:
[2008/04/09 07:31:19] @ Quit: cmoates:
[2008/04/09 07:32:09] @ Quit: tim|imac: "Leaving"
[2008/04/09 07:34:41] @ tim|imac joined channel #puppet
[2008/04/09 07:37:06] @ pawalls_ joined channel #puppet
[2008/04/09 07:37:17] @ nigelk_ joined channel #puppet
[2008/04/09 07:38:50] @ nigelk_ left channel #puppet ()
[2008/04/09 07:42:11] @ lak joined channel #puppet
[2008/04/09 07:45:14] @ brscott joined channel #puppet
[2008/04/09 07:47:28] @ brscott left channel #puppet ()
[2008/04/09 07:49:05] @ oxtail joined channel #puppet
[2008/04/09 07:49:15] @ Quit: shake-n-bake:
[2008/04/09 07:51:12] @ wibbit joined channel #puppet
[2008/04/09 07:52:51] @ Quit: nigelk: Read error: 110 (Connection timed out)
[2008/04/09 07:54:08] @ Quit: pawalls: Read error: 110 (Connection timed out)
[2008/04/09 07:54:56] @ f--z joined channel #puppet
[2008/04/09 08:07:39] @ [newbie] joined channel #puppet
[2008/04/09 08:08:41] @ Quit: f--z: Read error: 104 (Connection reset by peer)
[2008/04/09 08:17:47] <benp-> nagios sucks
[2008/04/09 08:19:02] <plathrop> benp-: But it's better than all the other solutions in that space
[2008/04/09 08:19:23] <benp-> yep
[2008/04/09 08:19:40] <chadh> lak: don't forget Atlanta, although Portland works for me. I have some friends I need to visit in those parts
[2008/04/09 08:20:08] <plathrop> chadh: Yeah, that's why I was rooting for Chicago. Don't get yer hopes up :-P
[2008/04/09 08:20:56] <lak> chadh: yeah, that's true, i can add it to the list
[2008/04/09 08:22:19] <lak> ok, atlanta is in
[2008/04/09 08:22:33] <chadh> :)
[2008/04/09 08:24:59] @ Quit: zobbo: Read error: 110 (Connection timed out)
[2008/04/09 08:34:00] @ shenson is now known as shenson_not_here
[2008/04/09 08:35:52] [msg(#puppet)] ::puppet:: Puppet Book Errata edited by ezralini @ http://reductivelabs.com/trac/puppet/wiki/PuppetBookErrata
[2008/04/09 08:36:07] @ ezralini left channel #puppet ()
[2008/04/09 08:38:26] @ plathrop left channel #puppet ()
[2008/04/09 08:38:42] <fujin> morning chaps!
[2008/04/09 08:46:47] @ roald joined channel #puppet
[2008/04/09 08:51:52] <z00dax> fujin: its not morning yet, there are still 10 min to go
[2008/04/09 08:52:05] @ Quit: jeckersb: "Leaving"
[2008/04/09 08:52:28] <mikepea> z00dax: nope, fujin lives in the footure...
[2008/04/09 08:52:58] @ \ask_ joined channel #puppet
[2008/04/09 08:53:35] @ Quit: [newbie]: Read error: 110 (Connection timed out)
[2008/04/09 08:53:40] * mikepea should have gone to bed a while ago.
[2008/04/09 08:57:22] <fujin> aye, I do;
[2008/04/09 08:57:24] <fujin> Wed Apr 9 10:57:24 NZST 2008
[2008/04/09 08:57:40] @ jvanzyl joined channel #puppet
[2008/04/09 09:02:35] @ Quit: roald: "KVIrc 3.2.6 Anomalies http://www.kvirc.net/"
[2008/04/09 09:13:24] @ johnf joined channel #puppet
[2008/04/09 09:23:18] @ Quit: lak:
[2008/04/09 09:26:31] <z00dax> is there a problem with the reductivelabs website ?
[2008/04/09 09:27:55] <fujin> http://downforeveryoneorjustme.com/reductivelabs.com
[2008/04/09 09:29:35] @ Quit: stick: Read error: 110 (Connection timed out)
[2008/04/09 09:42:59] @ Quit: ianm: "Waiting for the deus ex machina"
[2008/04/09 09:55:00] @ shake-n-bake joined channel #puppet
[2008/04/09 10:09:37] @ Quit: dysinger:
[2008/04/09 10:13:48] @ stevenjenkins left channel #puppet ()
[2008/04/09 10:21:06] @ Quit: \ask_:
[2008/04/09 10:26:07] @ jeckersb joined channel #puppet
[2008/04/09 10:28:21] @ Quit: jeckersb: Client Quit
[2008/04/09 10:35:16] @ martha left channel #puppet ()
[2008/04/09 10:44:18] @ Quit: jvanzyl:
[2008/04/09 10:47:11] [msg(#puppet)] ::puppet:: Ticket #1164 (defect closed): sshkey type is creating invalid ssh_known_hosts file @ http://reductivelabs.com/trac/puppet/ticket/1164#comment:4
[2008/04/09 10:58:10] @ jvanzyl joined channel #puppet
[2008/04/09 11:21:06] [msg(#puppet)] ::puppet:: Ticket #1038 (defect closed): puppet 0.24.1 locking rpm database @ http://reductivelabs.com/trac/puppet/ticket/1038#comment:8
[2008/04/09 11:22:41] @ rd joined channel #puppet
[2008/04/09 11:23:43] @ Quit: rd: Client Quit
[2008/04/09 11:25:01] @ Quit: shake-n-bake:
[2008/04/09 11:32:01] @ machpo_ is now known as machpo
[2008/04/09 11:35:38] @ Quit: johnf: Read error: 113 (No route to host)
[2008/04/09 11:37:14] @ Quit: shadoi: Read error: 110 (Connection timed out)
[2008/04/09 11:47:39] @ Quit: mikearr: "I am Joe's quit message."
[2008/04/09 11:47:55] @ mikearr joined channel #puppet
[2008/04/09 11:56:21] @ randybias joined channel #puppet
[2008/04/09 12:11:30] @ Quit: markl_: "Lost terminal"
[2008/04/09 12:11:36] @ Quit: markl__: Remote closed the connection
[2008/04/09 12:22:35] @ f--z joined channel #puppet
[2008/04/09 12:25:26] @ johnf joined channel #puppet
[2008/04/09 12:32:11] @ minaural joined channel #puppet
[2008/04/09 12:33:06] <minaural> can anyone tell me how i can get the value of a parsed config variable for a node?
[2008/04/09 12:33:25] <minaural> a variable that is assigned earlier in the config
[2008/04/09 12:35:42] @ shadoi joined channel #puppet
[2008/04/09 12:41:39] @ Quit: shadoi: Remote closed the connection
[2008/04/09 12:42:07] @ shadoi joined channel #puppet
[2008/04/09 12:44:18] @ dysinger joined channel #puppet
[2008/04/09 12:51:20] <fujin> minaural: $variable
[2008/04/09 12:51:30] <fujin> (lol)
[2008/04/09 12:51:37] <fujin> if that's not what you meant, please clarify
[2008/04/09 12:51:52] <minaural> figured it out :) exec { "/bin/echo $test" }
[2008/04/09 12:52:12] <minaural> having trouble with scoping i think
[2008/04/09 12:52:31] <fujin> notify { $test: } is probably safer
[2008/04/09 12:52:32] <fujin> :>
[2008/04/09 12:53:46] <minaural> does that output to log by default?
[2008/04/09 12:54:33] <fujin> It'll log at the 'info' level.
[2008/04/09 12:54:34] <minaural> nm found it in wiki
[2008/04/09 12:54:37] <minaural> thanks
[2008/04/09 12:55:19] <fujin> err, the notice level
[2008/04/09 13:03:16] @ Quit: f--z: Read error: 110 (Connection timed out)
[2008/04/09 13:10:35] @ Quit: shadoi: Read error: 104 (Connection reset by peer)
[2008/04/09 13:11:25] @ Quit: randybias:
[2008/04/09 13:14:31] @ randybias joined channel #puppet
[2008/04/09 13:15:00] @ Quit: randybias: Client Quit
[2008/04/09 13:15:16] @ randybias joined channel #puppet
[2008/04/09 13:15:56] @ f--z joined channel #puppet
[2008/04/09 13:16:17] @ zobbo joined channel #puppet
[2008/04/09 13:16:58] @ Quit: randybias: Client Quit
[2008/04/09 13:31:11] @ pdt joined channel #puppet
[2008/04/09 13:35:50] @ stick joined channel #puppet
[2008/04/09 13:48:47] @ zoeloeli1 joined channel #puppet
[2008/04/09 14:00:44] @ Quit: zoeloelip: Read error: 110 (Connection timed out)
[2008/04/09 14:03:23] @ Quit: f--z: "KVIrc 3.2.5 Anomalies http://www.kvirc.net/"
[2008/04/09 14:19:40] @ Quit: pdt: Read error: 104 (Connection reset by peer)
[2008/04/09 14:21:43] @ Quit: raphink: Read error: 113 (No route to host)
[2008/04/09 14:31:10] @ cmoates joined channel #puppet
[2008/04/09 14:38:54] @ lak joined channel #puppet
[2008/04/09 14:42:34] @ Quit: jvanzyl:
[2008/04/09 14:58:11] [msg(#puppet)] ::puppet:: Ticket #1147 (defect closed): facts gets unset @ http://reductivelabs.com/trac/puppet/ticket/1147#comment:11
[2008/04/09 14:58:52] @ jvanzyl joined channel #puppet
[2008/04/09 14:58:57] @ markl_ joined channel #puppet
[2008/04/09 15:01:23] @ Quit: cmoates: "Leaving..."
[2008/04/09 15:03:00] @ cmoates joined channel #puppet
[2008/04/09 15:15:55] @ a-priori joined channel #puppet
[2008/04/09 15:22:11] @ Quit: zobbo: Read error: 110 (Connection timed out)
[2008/04/09 15:32:38] @ Quit: a-priori:
[2008/04/09 15:35:16] @ Quit: lak:
[2008/04/09 16:10:03] @ zobbo joined channel #puppet
[2008/04/09 16:11:52] @ Quit: stick: Read error: 110 (Connection timed out)
[2008/04/09 16:19:49] @ Quit: dysinger:
[2008/04/09 16:51:01] @ dysinger joined channel #puppet
[2008/04/09 17:25:03] @ Quit: lefant: "leaving"
[2008/04/09 17:25:14] @ lefant joined channel #puppet
[2008/04/09 17:36:35] @ DerekW joined channel #puppet
[2008/04/09 17:42:55] @ f--z joined channel #puppet
[2008/04/09 17:54:10] @ Quit: f--z: "KVIrc 3.2.5 Anomalies http://www.kvirc.net/"
[2008/04/09 17:54:54] <mellen> If a resource subscribes to an object, does that object automatically become a requirement? I find myself often adding the same objects to both subscribe and require for i.e. a service.
[2008/04/09 17:55:35] <DerekW> mellen: Damn good question. Try putting a require in the other direction and see if Puppet complains of a circular dependency
[2008/04/09 18:03:29] @ Quit: kolla: Remote closed the connection
[2008/04/09 18:04:11] @ Quit: johnf: Read error: 110 (Connection timed out)
[2008/04/09 18:05:42] @ raphink joined channel #puppet
[2008/04/09 18:05:59] <f3ew> Apr 8 07:19:43 qmail-f puppetd[13726]: (/Main[top]/Node[qmail-f.directi.com]/Node[syslog]/File[/etc/logrotate.d/syslog]/source) Could not describe /etc/logrotate_syslog: Cannot currently copy links
[2008/04/09 18:05:59] <f3ew> Hmmm, any suggestions on what could cause this?
[2008/04/09 18:06:08] <f3ew> This is RHEL3, BTW
[2008/04/09 18:06:33] <f3ew> Ruby 1.8,1
[2008/04/09 18:09:24] @ Quit: dysinger:
[2008/04/09 18:11:24] <mellen> DerekW: seems like subscribe becomes a requirement. Thanks.
[2008/04/09 18:20:08] <DerekW> mellen: I owe you for the testing ;-)
[2008/04/09 18:20:27] <mellen> hehe
[2008/04/09 18:25:24] @ roald joined channel #puppet
[2008/04/09 18:28:15] @ mikepea left channel #puppet ()
[2008/04/09 18:28:18] @ mikepea joined channel #puppet
[2008/04/09 18:28:50] @ Quit: mikepea:
[2008/04/09 18:36:25] @ fdz_ joined channel #puppet
[2008/04/09 18:36:58] @ Quit: fdz_: Client Quit
[2008/04/09 18:37:48] @ Quit: andrewcshafer:
[2008/04/09 18:49:41] @ Quit: oxtail: Read error: 113 (No route to host)
[2008/04/09 18:56:44] @ mikepea joined channel #puppet
[2008/04/09 18:57:13] @ tim|macbook joined channel #puppet
[2008/04/09 19:22:38] @ tazz joined channel #puppet
[2008/04/09 19:34:27] <tazz> how do i get puppet to create a directory?
[2008/04/09 19:35:12] <tazz> i mean i keep getting errors like Cannot create /opt/bla/blabla/ does not exist
[2008/04/09 19:36:24] @ sparanjape joined channel #puppet
[2008/04/09 19:36:26] @ Quit: roald: Remote closed the connection
[2008/04/09 19:37:14] @ Quit: chadh: Read error: 113 (No route to host)
[2008/04/09 19:37:15] <sparanjape> msg nickserv register suchu2007
[2008/04/09 19:39:30] @ chadh joined channel #puppet
[2008/04/09 19:41:54] <tazz> lol sparanjape better change your password...
[2008/04/09 19:43:53] @ roald joined channel #puppet
[2008/04/09 19:47:44] @ f--z joined channel #puppet
[2008/04/09 19:53:35] @ kolla joined channel #puppet
[2008/04/09 19:54:52] @ Quit: chadh: Read error: 104 (Connection reset by peer)
[2008/04/09 19:58:30] @ Quit: roald: Remote closed the connection
[2008/04/09 20:01:39] @ roald joined channel #puppet
[2008/04/09 20:04:40] <mellen> tazz: file { "/your/path": ensure => directory, ... } - if that doesn't work try adding recurse => inf ... if that also fails, you just have to create the directory from the top.
[2008/04/09 20:05:23] <tazz> ok will try that mellen
[2008/04/09 20:05:24] <tazz> :)
[2008/04/09 20:05:56] @ oxtail joined channel #puppet
[2008/04/09 20:08:05] <fujin> -/msg nickserv ghost sparanjape suchu2007
[2008/04/09 20:08:07] @ Quit: sparanjape: Nick collision from services.
[2008/04/09 20:08:11] <fujin> lawl, so bad
[2008/04/09 20:08:27] @ sparanjape joined channel #puppet
[2008/04/09 20:08:31] <fujin> can't believe you didn't change it :\
[2008/04/09 20:08:41] <fujin> sparanjape: go change your nickserv password *now*
[2008/04/09 20:08:45] <fujin> this channnel is loggedon the tubes
[2008/04/09 20:10:50] <Demosthe1ex> mmm, coffee.
[2008/04/09 20:12:23] <tazz> well recurse => inf didnt work...
[2008/04/09 20:14:45] @ Quit: f--z: Read error: 110 (Connection timed out)
[2008/04/09 20:25:20] @ Innocenti joined channel #puppet
[2008/04/09 20:38:03] [msg(#puppet)] ::puppet:: Ticket #1182 (enhancement created): More facts for manufacturer.rb @ http://reductivelabs.com/trac/puppet/ticket/1182
[2008/04/09 20:38:13] <kolla> feh.. puppet cannot do what I want :P
[2008/04/09 20:38:27] @ Quit: raphink: Remote closed the connection
[2008/04/09 20:42:57] * kolla ponders on what to do now.. with cfengine versions in conflict and puppet demanding that go back to "semantic organization" (which is nice but not practical in my case)...
[2008/04/09 20:43:52] @ raphink joined channel #puppet
[2008/04/09 20:46:12] @ Quit: Demosthe1ex: Read error: 110 (Connection timed out)
[2008/04/09 20:46:15] @ Quit: raphink: Read error: 104 (Connection reset by peer)
[2008/04/09 20:46:54] [msg(#puppet)] ::puppet:: Whos Using Puppet edited by dogStar @ http://reductivelabs.com/trac/puppet/wiki/WhosUsingPuppet
[2008/04/09 20:46:54] [msg(#puppet)] ::puppet:: Whos Using Puppet edited by dogStar @ http://reductivelabs.com/trac/puppet/wiki/WhosUsingPuppet
[2008/04/09 20:46:54] [msg(#puppet)] ::puppet:: Whos Using Puppet edited by dogStar @ http://reductivelabs.com/trac/puppet/wiki/WhosUsingPuppet
[2008/04/09 20:50:41] <mikepea> kolla: how is puppet failing you?
[2008/04/09 20:51:05] <kolla> I havent found a way to check if a file exists on the server
[2008/04/09 20:51:33] <mikepea> on the puppet master? or the target node?
[2008/04/09 20:51:39] <kolla> on the puppet master
[2008/04/09 20:51:53] <mikepea> use generate()
[2008/04/09 20:52:17] <kolla> and in my search for help I found an old mail from Luke where he goes against all that I want to do :)
[2008/04/09 20:52:46] <kolla> hm, generate() - ok
[2008/04/09 20:53:06] @ oxtail_ joined channel #puppet
[2008/04/09 20:53:42] <mikepea> yeah - basically just $exists = generate("/bin/sh", "-c", "[ -f $file ] && echo -n true") or something.
[2008/04/09 20:54:14] <mikepea> ... or write yourself a custom function...
[2008/04/09 20:54:15] <kolla> hm
[2008/04/09 20:54:34] <mikepea> not pretty i know, but it will work.
[2008/04/09 20:54:38] <kolla> I just want to reimplement the old singlecopy from cfengine
[2008/04/09 20:55:21] <mikepea> not really familiar with cfengine. What did that do?
[2008/04/09 20:55:27] <mikepea> (singlecopy i mean)
[2008/04/09 20:55:35] <kolla> wher there's a prioritized list of possible source candidates
[2008/04/09 20:55:41] <thom> hey, does anyone have a trivial example of a parsedfile provider?
[2008/04/09 20:56:33] <mikepea> koila: source in the 'file' resource provides that - just specify an array of files and it picks the first one it finds, iirc.
[2008/04/09 20:57:03] <kolla> aha
[2008/04/09 20:57:14] <kolla> I tried multiple sources, that didnt work...
[2008/04/09 20:58:58] <kolla> *testing*
[2008/04/09 20:59:52] <mikepea> koila: can you post the link to that discussion? I think it'd be an interesting read.
[2008/04/09 21:00:28] <kolla> I got message-Id :)
[2008/04/09 21:00:41] <kolla> I searche my own mail-list archive
[2008/04/09 21:00:44] <kolla> CEC4F7A1-4B71-4EE5-9A73-53933B86A2FB@madstop.com
[2008/04/09 21:03:45] <mikepea> can't find it. can you pls forward to mike AT semantico DOT com please... ta
[2008/04/09 21:03:51] @ Quit: tazz: "Leaving"
[2008/04/09 21:08:06] <kolla> ok, sent
[2008/04/09 21:11:27] <kolla> but - file and arry worked excellent :)
[2008/04/09 21:11:30] <kolla> awway
[2008/04/09 21:11:33] <kolla> geh.. array
[2008/04/09 21:12:54] @ Demosthenex joined channel #puppet
[2008/04/09 21:21:09] @ chadh joined channel #puppet
[2008/04/09 21:30:29] @ Quit: oxtail_: "Bye for now..."
[2008/04/09 21:30:30] @ Quit: mikepea: Read error: 104 (Connection reset by peer)
[2008/04/09 21:31:08] @ mikepea joined channel #puppet
[2008/04/09 21:32:15] @ Quit: roald: Remote closed the connection
[2008/04/09 21:38:49] @ roald joined channel #puppet
[2008/04/09 21:45:12] @ johnf joined channel #puppet
[2008/04/09 21:45:14] @ mikepea_ joined channel #puppet
[2008/04/09 21:51:57] <kolla> mikepea: I think I'll make it with puppet somehow regardless :)
[2008/04/09 21:53:16] <kolla> but now.. lunch
[2008/04/09 22:01:15] @ Quit: mikepea: Read error: 110 (Connection timed out)
[2008/04/09 22:08:59] @ Quit: oxtail: Read error: 110 (Connection timed out)
[2008/04/09 22:10:48] @ Quit: johnf: Read error: 110 (Connection timed out)
[2008/04/09 22:13:27] @ Zothar_Work joined channel #puppet
[2008/04/09 22:17:44] <Demosthenex> puppet doesn't allow home directories, ala "~user/whatever" right? its all full pathnames...
[2008/04/09 22:24:14] @ Quit: Innocenti: Client Quit
[2008/04/09 22:30:33] @ tim|mb joined channel #puppet
[2008/04/09 22:33:41] @ oxtail joined channel #puppet
[2008/04/09 22:39:07] <Demosthenex> anyone care to touch on #1154?
[2008/04/09 22:39:08] <gepetto_> Demosthenex: #1154 is http://reductivelabs.com/trac/puppet/ticket/1154 "Allow signed manifests to eliminate single point of compromise"
[2008/04/09 22:39:26] <Demosthenex> i'm been fighting that one for a while...
[2008/04/09 22:41:15] @ Quit: tim|macbook: Read error: 110 (Connection timed out)
[2008/04/09 22:52:53] <kolla> heh.. I need to change casing of a variable :)
[2008/04/09 22:53:05] <kolla> of the first char in a variable
[2008/04/09 22:53:09] @ morfoh joined channel #puppet
[2008/04/09 22:53:28] <morfoh> hi folks
[2008/04/09 22:57:02] <kolla> all example I find use "node blabla" where blabla is hostname, but I would really much more like to use fqdn there
[2008/04/09 22:57:04] @ Darkarnium joined channel #puppet
[2008/04/09 22:57:42] <kolla> if I just try "node blabla.mydomain.com" it complains about the dots
[2008/04/09 22:58:26] <morfoh> kolla: what about using this: node "blabla.mydomain.com" ?
[2008/04/09 22:58:31] <kolla> hm
[2008/04/09 22:58:56] <kolla> Syntax error
[2008/04/09 22:59:09] @ Innocenti joined channel #puppet
[2008/04/09 22:59:50] <morfoh> kolla: I use fqdn notation for my test installation and it works so far
[2008/04/09 23:00:03] <morfoh> seems you have some other issues
[2008/04/09 23:00:20] <kolla> maybe it's just that I'm using debian-etch :P
[2008/04/09 23:00:28] <kolla> meaning slightly aging puppetmaster
[2008/04/09 23:00:52] <morfoh> well ... I won't start a distro war :p
[2008/04/09 23:01:04] <kolla> hehe :)
[2008/04/09 23:01:18] <tim|mb> kolla: wiki:DebianUnstablePackages
[2008/04/09 23:01:20] <gepetto_> tim|mb: kolla: wiki:DebianUnstablePackages is http://reductivelabs.com/trac/puppet/wiki/DebianUnstablePackages
[2008/04/09 23:01:34] <kolla> ah, great!
[2008/04/09 23:01:34] <morfoh> but you might be right as I am not using etch
[2008/04/09 23:02:37] <morfoh> what I am currently wondering is, what kind of trick there is to also run puppetd on the host the puppetmasterd is running on
[2008/04/09 23:03:26] <morfoh> if I start pupped it complains: Certificates were not trusted: hostname was not match with the server certificate
[2008/04/09 23:04:03] <morfoh> shouldn't it use the same as it is using for the masterd ?
[2008/04/09 23:04:12] @ jeckersb joined channel #puppet
[2008/04/09 23:05:47] @ Demosthe1ex joined channel #puppet
[2008/04/09 23:05:47] <tim|mb> morfoh: i get that in my vm too, but i haven't found a solution yet :S
[2008/04/09 23:06:25] <kolla> my puppetmaster is configured with cfengine, hehe
[2008/04/09 23:06:37] <tim|mb> kolla: fugly!! :P
[2008/04/09 23:07:08] <kolla> temporarly, I hope.. but it would be highly amusing to have the cfengine server configured with puppet and vice versa :)
[2008/04/09 23:07:26] <tim|mb> lol
[2008/04/09 23:08:25] @ greenmoss joined channel #puppet
[2008/04/09 23:09:46] <greenmoss> What is the best way to handle security updates?
[2008/04/09 23:09:54] @ f--z joined channel #puppet
[2008/04/09 23:10:04] <greenmoss> I can do ensure => latest on a package, but then it gets installed everywhere, which is not what I want
[2008/04/09 23:10:20] <greenmoss> I only want a package to be upgraded if it's already installed
[2008/04/09 23:10:37] <tim|mb> greenmoss: how do you install the package?
[2008/04/09 23:10:39] <tim|mb> form puppet?
[2008/04/09 23:10:43] <tim|mb> *from puppet?
[2008/04/09 23:10:59] <greenmoss> some from puppet, but most were installed manually or during the installation of the os
[2008/04/09 23:11:19] <tim|mb> you can use ensure => latest for those installed through puppet
[2008/04/09 23:11:23] <fujin> that's unfortunate; ensure latest does exactly what it says it does
[2008/04/09 23:11:27] <fujin> ensures the latest version is installed
[2008/04/09 23:11:32] <fujin> (regardless of prior versions)
[2008/04/09 23:11:47] <tim|mb> but puppet isn't really suited for further package management then that
[2008/04/09 23:11:48] <fujin> greenmoss: You could write a custom fact which detects the version of a package or packages
[2008/04/09 23:11:58] <fujin> and then case $fact_packagename
[2008/04/09 23:12:08] <fujin> (if I really had to do what you're doing, that's how I'd do it.)
[2008/04/09 23:12:26] <fujin> hrm.. wildcard facts, now there's an idea
[2008/04/09 23:12:34] <greenmoss> fujin: yes I could, but there are potentially security updates for every single package, which would mean thousands of facts
[2008/04/09 23:12:47] <tim|mb> depending on your os, a common way to ensure your packages are up to date is having your own repository and doing a complete update from that repository every day
[2008/04/09 23:13:06] <tim|mb> only copy the packages you want updated to that repository
[2008/04/09 23:13:11] <fujin> greenmoss: you hit a nerve; I'm going to talk to people about wildcard facts tomorrow. That's a cool idea
[2008/04/09 23:13:15] <fujin> like wc plugins in Munin
[2008/04/09 23:13:31] <fujin> $packageversion_<packagename> automatically parses itself out
[2008/04/09 23:13:42] * fujin nods
[2008/04/09 23:13:44] <fujin> <3 1am ideas
[2008/04/09 23:13:48] <fujin> right, sleep, night
[2008/04/09 23:13:52] <tim|mb> bye fujin :)
[2008/04/09 23:14:26] <greenmoss> hmm... so nobody is using puppet to install security updates?
[2008/04/09 23:14:39] <greenmoss> or maybe it's all manual at this point?
[2008/04/09 23:14:41] <Demosthe1ex> i'd second the idea of a local mirror
[2008/04/09 23:15:17] <kolla> geh.. typical, cant get the pinning crap to work right
[2008/04/09 23:15:31] <greenmoss> hrm... we have four or five separate distributions of ubuntu, which means a rather large local mirror
[2008/04/09 23:15:33] <Demosthe1ex> pinning could also work
[2008/04/09 23:15:45] <kolla> would be nice
[2008/04/09 23:15:56] <Demosthe1ex> well, you can use puppet to manage your pins too...
[2008/04/09 23:16:50] <Demosthe1ex> pinning's always been kinda picky
[2008/04/09 23:17:03] <kolla> indeed
[2008/04/09 23:17:06] <greenmoss> ugh... wish there were an "onlyifinstalled => true" option for the package resource
[2008/04/09 23:17:27] <greenmoss> or more generally an "only_if", like there is for exec
[2008/04/09 23:18:44] <Demosthe1ex> you could hinge off a return code.
[2008/04/09 23:18:47] <Demosthe1ex> potentially
[2008/04/09 23:18:53] <greenmoss> pinning probably wouldn't work for me, since we have developer machines which may use backports and are only partially managed
[2008/04/09 23:19:18] @ Quit: Demosthenex: Read error: 110 (Connection timed out)
[2008/04/09 23:19:31] <greenmoss> you mean like an "if_installed(package_x) { package... }"?
[2008/04/09 23:20:06] <greenmoss> yeah, maybe that would work, if I make a definition
[2008/04/09 23:20:49] <Demosthe1ex> dpkg -l packagename >/dev/null, exit code 0 if installed, exit code 1 if missing
[2008/04/09 23:22:09] <greenmoss> ok, let me see if I can figure out how to use custom functions in conditionals... thanks
[2008/04/09 23:22:12] <Demosthe1ex> urg! generate is preserving linefeeds.
[2008/04/09 23:22:33] <mikepea_> greenmoss: what kind of packages are you talking about here? I'm of the impression that issues like this shouldn't appear if you have designed your manifest tree well. (though am happy to be corrected)...
[2008/04/09 23:23:37] <Demosthe1ex> i think he wants to autoapply security updates, without having to specify every package on every system manually
[2008/04/09 23:23:45] <kolla> huh
[2008/04/09 23:23:46] <greenmoss> mikepea_: Security updates across a diverse mixture of machines; some packages like "vi" can have an "ensure => latest", since every machine should have them. But for other packages like "apache", we don't want all machines to have the package installed, but we *do* want security updates to be applied.
[2008/04/09 23:23:59] <kolla> upgraded puppetmaster, and now the node keys are gone?
[2008/04/09 23:24:04] <Demosthe1ex> diff topic, how to detect user that puppet is running as, and information on that user (group, home, etc)?
[2008/04/09 23:24:51] <Darkarnium> Has anyone used puppet with yast before on an OpenSuSE platform?
[2008/04/09 23:26:30] <tim|mb> Demosthe1ex: not sure if you can... puppetd is designed to run as root, afaik
[2008/04/09 23:27:01] <ashp> I rally haven't considered how to handle package upgrades yet, the whole idea makes me tired just thinking about it
[2008/04/09 23:27:13] <mikepea_> greenmoss: personally, i would create an apache module, containing a definition for the package => latest, and assign that to all nodes that you know should have apache on them. To be honest though, I'm not a fan of using puppet for security updates, as it doesn't handle service bouncing particularly well imho.
[2008/04/09 23:27:19] <ashp> I'm tempted just to add a cronjob that does yum upgrade on every server every night and hope nothing breaks
[2008/04/09 23:27:23] <tim|mb> we're still looking for a better solution that managing your own repositories, too
[2008/04/09 23:27:35] <tim|mb> package management is still a lot of work, atm
[2008/04/09 23:27:41] <ashp> tim|mb: We're in the same situation, trying to work out how to handle the package management.
[2008/04/09 23:27:52] <kolla> sigh.. why the heck did the package upgrade do that for.. the entire ssl directory got wiped, and new certs installed :P
[2008/04/09 23:27:56] <ashp> I have a repo for custom rpms, we rely on stock rhel5 packages where possible
[2008/04/09 23:28:24] <ashp> I figure redhat do a lot of testing within specific dot releases so I can always safely upgrade those, and all other upgrades will be done by rekickstarting the machine with a newer profile
[2008/04/09 23:28:39] <ashp> I figure a rebuild with puppet layering the rest of the content back
[2008/04/09 23:28:42] <ashp> is a better policy than trying to upgrade
[2008/04/09 23:28:47] @ martha joined channel #puppet
[2008/04/09 23:30:21] <tim|mb> ashp: yeah, i'm hoping to find something that allows me to simply approve an upgrade for a certain machine set (like "testing", "staging", "production")
[2008/04/09 23:30:39] <tim|mb> if i ever get time, i might create it myself
[2008/04/09 23:30:48] <tim|mb> the "if" being a major factor
[2008/04/09 23:30:49] <ashp> the only simple way I know to do that is to have three repos, use puppet to put the right repo on the right machine
[2008/04/09 23:30:56] <ashp> and then move packages into the right repo when you want them to upgrade
[2008/04/09 23:30:58] <tim|mb> indeed
[2008/04/09 23:31:01] <tim|mb> but it's not optimal
[2008/04/09 23:31:06] <ashp> it's kind of messy, I agree
[2008/04/09 23:31:25] <ashp> the only other thing I could think of is to extend puppet to take ensure => version.number
[2008/04/09 23:31:47] <kolla> great.. now nothing works :(
[2008/04/09 23:31:59] <morfoh> is there a specific reason why certs created while using "--mkusers" option include "X509v3 Subject Alternative Name: ..."
[2008/04/09 23:32:06] <ashp> there's no real flexible solution sadly
[2008/04/09 23:32:49] <kolla> morfoh: just there to piss off debian users, with their archaic libldap2.1 :)
[2008/04/09 23:33:02] <kolla> oh, and ubuntu too (pre-hardy)
[2008/04/09 23:33:32] <kolla> (never mind... totally OT)
[2008/04/09 23:33:39] <morfoh> man ...
[2008/04/09 23:34:06] <morfoh> is nobody running puppetd and puppetmasterd on the same host ?
[2008/04/09 23:34:41] <morfoh> I have no clue where to look further regarding the certification issue
[2008/04/09 23:34:49] <mikepea_> morfoh: not here... same problem. i've just learned to live with it :/
[2008/04/09 23:35:18] <morfoh> I also tried node_names option
[2008/04/09 23:35:21] <morfoh> but no luck
[2008/04/09 23:36:31] <morfoh> mikepea_: do you use a proxy in front ?
[2008/04/09 23:36:31] <tim|mb> morfoh: have you tried
[2008/04/09 23:36:31] <tim|mb> [puppetmasterd]
[2008/04/09 23:36:31] <tim|mb> certname=puppet
[2008/04/09 23:36:31] <Demosthe1ex> tim|mb: yes, puppetd runs as root. puppet doesn't _have_ to. ;]
[2008/04/09 23:36:34] <Demosthe1ex> tim|mb: i have several places where i have manifests run as nonroot users, just because i can ;]
[2008/04/09 23:36:37] <mikepea_> morfoh: yeah, apache/mongrel combo. I think the problem came into being on one of the 23.x updates (debian etch pm btw)
[2008/04/09 23:37:11] <tim|mb> Demosthe1ex: true that... never used puppet really... only puppetmasterd puppetd :)
[2008/04/09 23:38:27] <Demosthe1ex> now how to call ruby directly...
[2008/04/09 23:38:45] <mikepea_> Demosthe1ex: isn't there a fact for it? it would be very easy to write if not...
[2008/04/09 23:39:13] <Demosthe1ex> mikepea_: there's $id, and thats it
[2008/04/09 23:39:33] <Demosthe1ex> mikepea_: i need username, group, uid, gid, shell, and home dir of current user.
[2008/04/09 23:39:45] <morfoh> tim|mb: I tried --certname=puppet ... no luck though
[2008/04/09 23:40:04] <Demosthe1ex> as i recall, isn't there a way to assign a var a ruby expr?
[2008/04/09 23:42:15] <kolla> upgrading to unstable packages didnt work a tad, instead I got something that doesnt work at all, and all host keys etc wiped out :P
[2008/04/09 23:42:22] <tim|mb> then i don't know :( that's how it runs for us, behind mongrel, though
[2008/04/09 23:43:35] <morfoh> tim|mb: but didn't you told me before that you have problems too while trying to use puppetd on the host the masterd is runnning on ?
[2008/04/09 23:43:59] <tim|mb> morfoh: in my VM yeah, but we got it running on some servers, my vm is without mongrel, though...
[2008/04/09 23:44:02] <mikepea_> Demosthe1ex: only way i know of getting external stuff into variables is using generate(), which gets ugly quickly.
[2008/04/09 23:44:35] <morfoh> tim|mb: it becomes even better :p
[2008/04/09 23:44:48] <Demosthe1ex> mikepea_: yeah, i called out to /usr/bin/id, but it kept LF...
[2008/04/09 23:45:09] <Demosthe1ex> mikepea_: i'd like to use ruby's Etc.getlogin, but i'm still looking thru the docs on how to call ruby directly
[2008/04/09 23:55:33] <Demosthe1ex> urg, i don't want to make a custom function just to query the user...
« Tuesday, 2008-04-08 Index Thursday, 2008-04-10 »

Generated by irclog2html.py 2.6 by Marius Gedminas - find it at mg.pov.lt!