Tuesday, 2008-04-15

« Monday, 2008-04-14 Index Wednesday, 2008-04-16 »
[2008/04/15 00:01:35] @ Quit: f--z: Read error: 110 (Connection timed out)
[2008/04/15 00:01:36] @ Maliuta joined channel #puppet
[2008/04/15 00:01:54] @ Zothar_Work left channel #puppet ()
[2008/04/15 00:03:55] <spike> keithlard: too busy , but in a good way, altho not managing to do much at all with puppet :/. have you changed job or what?
[2008/04/15 00:04:23] <keithlard> no still doing the same
[2008/04/15 00:04:48] <keithlard> but consulting for another client, of course i'm setting them up with puppet :)
[2008/04/15 00:04:59] <spike> good lad :)
[2008/04/15 00:05:01] <keithlard> now they need a permanent sysadmin ideally with some puppet skillz
[2008/04/15 00:08:04] @ Quit: steinmb:
[2008/04/15 00:16:29] @ Quit: \ask:
[2008/04/15 00:18:36] @ Quit: bch__: Read error: 104 (Connection reset by peer)
[2008/04/15 00:23:28] <hX8> why is it that runinterval only works when specified on the command line instead of in puppet.conf ?
[2008/04/15 00:27:48] @ Quit: lak:
[2008/04/15 00:28:38] <hX8> anyone a clue ? I see this on freebsd here; when specified in rc.conf as puppetd_flags="--server localhost --runinterval 10" puppetd nicely reports every 10 seconds however if its specified in puppet.conf puppetd will report every 30 minutes (default).
[2008/04/15 00:30:20] @ rlivsey joined channel #puppet
[2008/04/15 00:30:33] * keithlard fears running puppet every 10 seconds
[2008/04/15 00:30:41] @ martinbtt joined channel #puppet
[2008/04/15 00:32:33] @ f--z joined channel #puppet
[2008/04/15 00:32:50] <hX8> just to give an example; i wouldn't do it either ;)
[2008/04/15 00:33:24] <hX8> doesn't matter which interval I put into the config file it doesn't take it and defaults to 1800 seconds.
[2008/04/15 00:37:36] <keithlard> is it taking the other settings from rc.conf ok
[2008/04/15 00:37:58] @ martinbtt left channel #puppet ()
[2008/04/15 00:38:12] <hX8> it does
[2008/04/15 00:40:07] <hX8> I see ;) the port/puppet comes with a default config only specifying [puppetmasterd], so it was missing a [puppetd].
[2008/04/15 00:40:14] <duritong> hx8: i think this is already filed as a bug
[2008/04/15 00:40:40] <duritong> hx8: #1176
[2008/04/15 00:40:42] <gepetto> duritong: hx8: #1176 is http://reductivelabs.com/trac/puppet/ticket/1176 "configtimeout option not being honored"
[2008/04/15 00:42:45] @ muerr joined channel #puppet
[2008/04/15 00:42:48] <hX8> duritong: no mine is different; the runinterval works if specified under [puppetd], just didn't see it before cause I though it was already declared.
[2008/04/15 00:43:32] <muerr> Luke: ping
[2008/04/15 00:45:10] <duritong> hx8: ahh ok
[2008/04/15 00:55:37] <hX8> are there any handy and useful resources (tips, tricks, recipes repo, etc.) on running Puppet on freebsd except for the wiki etc. ? There doesn't seem much out there covering FreeBSD specific stuff.
[2008/04/15 00:56:20] @ Quit: roald: "KVIrc 3.2.6 Anomalies http://www.kvirc.net/"
[2008/04/15 00:57:08] @ Quit: f--z: Read error: 110 (Connection timed out)
[2008/04/15 00:57:17] <muerr> hX8: we're using it on openbsd, and i've found similar lack of information..
[2008/04/15 00:57:55] <hX8> hmm too bad; could really need some extra standarized stuff for BSD.
[2008/04/15 00:58:27] <hX8> so that means you had to write most of the recipes and manifest specific for openbsd.
[2008/04/15 00:58:48] <muerr> hX8: yeah but we're not using a whole lot of recipes from the site anyway.
[2008/04/15 00:59:23] @ ballpointpenthie joined channel #puppet
[2008/04/15 00:59:59] @ Quit: jeckersb: Read error: 113 (No route to host)
[2008/04/15 01:00:03] @ jeckersb joined channel #puppet
[2008/04/15 01:00:06] @ Quit: tim|macbook: Read error: 104 (Connection reset by peer)
[2008/04/15 01:00:24] <hX8> damn; that just made a dent in my planning :)
[2008/04/15 01:00:26] <martha> hX8: we mix debian and freebsd here, and I haven't had to do much special, aside from name/path changes
[2008/04/15 01:00:56] <hX8> ah same here so I we would be more or less ok..
[2008/04/15 01:01:15] <hX8> except for some customization here and there; ok sweet..
[2008/04/15 01:01:47] <martha> one of my co-workers is working on some addition bsd stuff, but I don't know when he'll get around to it
[2008/04/15 01:02:08] @ tim|macbook joined channel #puppet
[2008/04/15 01:03:11] <hX8> well it woul be great to have some bsd specific stuff out there and tested; anyhoo we just have to see how far we get.
[2008/04/15 01:03:49] <muerr> hX8: well, i'm actually 'allowed' to release our recipes, and i was planning to until i found that the "module" location on the wiki apparently is separate from the recipe section, and requires adding to a git repo. we use svn and i haven't learned enough git to do anything but a checkout.
[2008/04/15 01:04:36] <hX8> muerr: no 'git in a nutshell' document ? ;)
[2008/04/15 01:05:02] <muerr> hX8: too much time reading documentation on shared storage, clustering, heartbeat, ldap and others :)
[2008/04/15 01:05:10] <hX8> haha cool
[2008/04/15 01:05:22] @ gileswork joined channel #puppet
[2008/04/15 01:05:36] @ Quit: kolla: Remote closed the connection
[2008/04/15 01:05:49] <muerr> i've done shared storage and clustering with proprietary technologies - IBM/Sun SAN, not SAS attached, and HACMP/Veritas clustering, not RHEL (Veritas on RHEL tho..)
[2008/04/15 01:06:11] <muerr> hX8: as far as the bsd stuff goes, we're doing a few things different, but for the most part its the same. there's a whole bulk of security stuff we're doing that is completely different on bsd.
[2008/04/15 01:06:31] <muerr> I've got defined resources for trunk and carp interfaces :-)
[2008/04/15 01:06:51] <hX8> well security stuff is one thing for sure different and yes we have carp too and our customized port section so yeah..
[2008/04/15 01:07:06] @ lak joined channel #puppet
[2008/04/15 01:07:14] <hX8> but if it is generally the same then it won't be much of a problem i hope..
[2008/04/15 01:08:01] <muerr> i'm sure theres a lot of duplication of effort going on, not just for bsd but other things as well.
[2008/04/15 01:08:15] <hX8> absolutely; I agree..
[2008/04/15 01:08:28] <muerr> but every time i looked at a recipe on the wiki, there was some method of handling that didn't work for our environment, or was just enough i might as well write it from "scratch".
[2008/04/15 01:09:02] @ Quit: tim|macbook: "This computer has gone to sleep"
[2008/04/15 01:09:15] <hX8> well for now I just start playing with Puppet see if I can get it working like I want. Setup a few simple recipes and go from there.
[2008/04/15 01:09:52] <hX8> anyhoo must get back in traffic jam ;) thanks for the input!
[2008/04/15 01:10:35] <muerr> like, some recipes are doing wget package, then uncompress, compile, install, with puppet execs and whatnot...
[2008/04/15 01:17:53] @ Quit: hacim: Read error: 104 (Connection reset by peer)
[2008/04/15 01:17:56] @ hacim joined channel #puppet
[2008/04/15 01:18:28] @ Quit: hacim: Remote closed the connection
[2008/04/15 01:19:10] @ f--z joined channel #puppet
[2008/04/15 01:32:43] <muerr> lak: ping
[2008/04/15 01:33:03] <lak> eh?
[2008/04/15 01:36:00] @ Quit: jeckersb: Read error: 113 (No route to host)
[2008/04/15 01:36:10] @ jeckersb joined channel #puppet
[2008/04/15 01:38:02] @ Quit: keithlard:
[2008/04/15 01:45:54] @ Quit: stevil: Read error: 110 (Connection timed out)
[2008/04/15 01:47:49] @ Quit: Innocenti: Client Quit
[2008/04/15 01:50:33] @ Quit: londo_: Read error: 104 (Connection reset by peer)
[2008/04/15 01:50:51] @ londo_ joined channel #puppet
[2008/04/15 01:52:49] @ Quit: londo_: Read error: 104 (Connection reset by peer)
[2008/04/15 01:53:19] @ londo_ joined channel #puppet
[2008/04/15 01:54:22] @ Quit: londo_: Read error: 104 (Connection reset by peer)
[2008/04/15 01:54:31] @ londo_ joined channel #puppet
[2008/04/15 01:55:34] @ Quit: londo_: Read error: 104 (Connection reset by peer)
[2008/04/15 01:55:46] @ londo_ joined channel #puppet
[2008/04/15 01:59:56] @ Quit: f--z: "KVIrc 3.2.5 Anomalies http://www.kvirc.net/"
[2008/04/15 02:01:04] @ alephant joined channel #puppet
[2008/04/15 02:01:08] <alephant> Hi all
[2008/04/15 02:01:18] <alephant> Is there a good way to append to a file using Puppet?
[2008/04/15 02:01:31] <alephant> I just want to add a line to the end of a file, and I can't overwrite the whole thing.
[2008/04/15 02:01:45] <alephant> Oh, stupid me
[2008/04/15 02:01:47] <alephant> Exec
[2008/04/15 02:01:48] <alephant> nvm
[2008/04/15 02:02:16] <Volcane> careful that it doesnt execute on each run and you end up with 100s of appends
[2008/04/15 02:02:25] <alephant> Yep
[2008/04/15 02:02:30] <Volcane> need to give it a way to confirm that the appended line is there already
[2008/04/15 02:02:45] <alephant> "refreshonly", or smrat script.
[2008/04/15 02:03:07] <Volcane> yip
[2008/04/15 02:10:06] <muerr> alephant: there's a recipe by David Schmitt we're using, works very well.
[2008/04/15 02:12:47] <muerr> http://git.black.co.at/?p=module-common;a=blob;f=manifests/defines/line.pp;h=2eb8f98e89e0f4c0eb07009980a5e5fdb1ecc4a1;hb=HEAD
[2008/04/15 02:16:43] @ pleemans joined channel #puppet
[2008/04/15 02:27:32] <alephant> Oh wow, thanks!
[2008/04/15 02:30:21] <alephant> Hey... given this class: http://pastebin.ca/984837 execute in the order I want it to?
[2008/04/15 02:30:45] <alephant> 1. package; 2. exec; 3. service ... it seems like it's going 1; 3; 2.
[2008/04/15 02:30:47] <alephant> ?
[2008/04/15 02:32:14] <muerr> You might try require => Exec["InitiatorAlias"] on the service resource instead.
[2008/04/15 02:32:31] <muerr> I tend to use require instead of before.
[2008/04/15 02:36:52] <alephant> Hm...
[2008/04/15 02:37:00] <alephant> I'll give it a shot...
[2008/04/15 02:37:34] @ markl__ joined channel #puppet
[2008/04/15 02:38:10] @ f--z joined channel #puppet
[2008/04/15 02:39:26] @ Quit: jvanzyl:
[2008/04/15 02:41:48] @ plathrop joined channel #puppet
[2008/04/15 02:43:26] <ashp> holoway: why oh why didn't i just listen to you
[2008/04/15 02:43:31] <ashp> holoway: rather than be persuaded to go near ldap
[2008/04/15 02:43:38] @ Quit: lak:
[2008/04/15 02:44:24] @ stevenjenkins joined channel #puppet
[2008/04/15 02:45:25] @ skopii_ joined channel #puppet
[2008/04/15 02:47:26] @ shake-n-bake joined channel #puppet
[2008/04/15 02:47:54] @ Quit: jfluhmann: Remote closed the connection
[2008/04/15 03:03:18] @ shenson_not_here is now known as shenson
[2008/04/15 03:04:34] @ jvanzyl joined channel #puppet
[2008/04/15 03:06:13] @ Quit: jvanzyl: Client Quit
[2008/04/15 03:08:33] @ jvanzyl joined channel #puppet
[2008/04/15 03:18:52] @ brscott joined channel #puppet
[2008/04/15 03:19:11] @ brscott left channel #puppet ()
[2008/04/15 03:20:58] <skopii_> hello I am trying to get puppet up and running on RHEL5. I got it installed using the FC6-Extras packages. I setup a SVN repo as described in the best practices section of the wiki. I am a little lost as to how to use the svn repo as the puppet config
[2008/04/15 03:21:09] <skopii_> I mean...do I just check out the repo into /etc/puppet?
[2008/04/15 03:21:31] <skopii_> trying to start the puppetmasterd leaves me with: undefined method `findclass' for nil:NilClass
[2008/04/15 03:22:06] <Superfly_> line number? the file? try to paste it
[2008/04/15 03:22:22] <skopii_> Superfly_: was that directed at me?
[2008/04/15 03:22:43] <Superfly_> yes, we can dig whats the problem,
[2008/04/15 03:22:49] <skopii_> http://rafb.net/p/B4zRZN84.html
[2008/04/15 03:22:55] <skopii_> unfortunately there is no lineno =[
[2008/04/15 03:23:14] <Superfly_> hm thats nice
[2008/04/15 03:23:22] <Superfly_> 0.23.2 isnt the latest is it?
[2008/04/15 03:23:34] <Superfly_> just guessing but try with a newer version?
[2008/04/15 03:23:40] <skopii_> the latest in the fedora repo?
[2008/04/15 03:23:51] <skopii_> I noticed there is a more recent version in EPEL
[2008/04/15 03:24:11] <skopii_> so I should just use that?
[2008/04/15 03:25:09] <plathrop> skopii_: Puppet is a moving target and I recommend everyone try to stay as current as possible.
[2008/04/15 03:26:52] <Superfly_> skopii_: to be honest, im still using 0.23.2 but my setup is working, so no point(atm) to migrate, however, i would say you should do it, new version, new features
[2008/04/15 03:27:26] <skopii_> plathrop: is there some kind of constant integration server where I can get a daily package?
[2008/04/15 03:27:27] <plathrop> Superfly_: More important than new features: new bugfixes.
[2008/04/15 03:27:37] <Superfly_> ah yes, and sometimes new bugs :P
[2008/04/15 03:27:59] <Superfly_> but really, the reason i kept 0.23.2 because i was lazy to modify my config to apply to the new version
[2008/04/15 03:28:05] <skopii_> the package from EPEL seems to work a bit better
[2008/04/15 03:28:08] <Superfly_> skopii_: check the homepage
[2008/04/15 03:28:09] <plathrop> skopii_: No, but there is no compiling involved (Puppet is Ruby) so it is easy to install from source. Alternately, I know members of the community maintain a variety of up-to-date packages.
[2008/04/15 03:28:30] <skopii_> I personally have no problem building from source but the bossman will laugh if I suggest it...
[2008/04/15 03:28:49] <Superfly_> then create rpm?
[2008/04/15 03:29:07] <skopii_> hehe like I said I would like to avoid rolling my own =\
[2008/04/15 03:29:14] <skopii_> anyway the EPEL package is working
[2008/04/15 03:29:16] <skopii_> =]
[2008/04/15 03:29:29] <plathrop> skopii_: Ask the list where you can grab the latest RPMs, I'm not a red hat guy
[2008/04/15 03:29:34] <skopii_> so how do I make puppetmasterd use the "best practice" directory layout?
[2008/04/15 03:29:53] <skopii_> plathrop: neither am i ;] it's kind of funny though because all of our servers are CentOS/RHEL
[2008/04/15 03:30:47] <plathrop> skopii_: Well, regarding the "Best Practice" page, there isn't actually as much agreement in the community as that page seems to indicate... But you would just create the directory structure and write your manifests accordingly.
[2008/04/15 03:32:02] <plathrop> skopii_: My layout is under /etc/puppet I have a manifests directory which contains site.pp, and a modules directory which contains modules. Then I write modules for everything.
[2008/04/15 03:32:10] <plathrop> I use a "site" module for site-specific stuff.
[2008/04/15 03:32:16] <plathrop> Modules == awesome
[2008/04/15 03:41:10] <skopii_> so no one actually uses the "best practices" config? It seemed like someone somewhere had put some thought into it so I didn't have to ;]
[2008/04/15 03:41:43] <skopii_> I wonder if I can just check out the repo as /etc/puppet and then ln -s /etc/puppet/master/manifests/site.pp /etc/puppet/manifests/site.pp
[2008/04/15 03:41:45] <muerr> skopii_: we're using parts of it... largely the directory structure...
[2008/04/15 03:41:56] <plathrop> skopii_: I didn't say "no one" just that it isn't as prevalent as the page suggests.
[2008/04/15 03:42:43] <muerr> the 'best practices' page was written by the guys at stanford based on the config structure they implemented as one of the first large scale deployments of puppet, iirc.
[2008/04/15 03:43:02] <skopii_> so they probably compiled their packages to reflect their directory structure?
[2008/04/15 03:43:58] <skopii_> it seems if I just drop the "master" directory it will work with a regular package
[2008/04/15 03:45:19] @ stevil joined channel #puppet
[2008/04/15 03:46:16] @ Quit: londo_: Read error: 104 (Connection reset by peer)
[2008/04/15 03:46:24] @ londo_ joined channel #puppet
[2008/04/15 03:47:43] <Wakko666> is there a type to manage symlinks?
[2008/04/15 03:47:43] @ Quit: zobbo: Read error: 113 (No route to host)
[2008/04/15 03:47:54] <plathrop> Wakko666: "File"
[2008/04/15 03:48:00] @ Quit: glaw: ""lost for words...""
[2008/04/15 03:48:38] <Wakko666> hrm... ok... i think i see it mentioned in the docs. thanks for the pointer.
[2008/04/15 03:48:59] @ ezralini joined channel #puppet
[2008/04/15 03:49:48] @ Quit: f--z: "KVIrc 3.2.5 Anomalies http://www.kvirc.net/"
[2008/04/15 03:50:38] @ windowsrefund joined channel #puppet
[2008/04/15 03:50:43] <windowsrefund> hello
[2008/04/15 03:51:53] <windowsrefund> I've got 0.24.3 on a rhel4 box that is not using its $domain fact in the template it is pulling down
[2008/04/15 03:52:05] <windowsrefund> even though facter domain returns the proper string
[2008/04/15 03:53:10] <zoeloelip> windowsrefund: take a look at the node_name config setting
[2008/04/15 03:53:33] <zoeloelip> by default it uses the cn in the certificate
[2008/04/15 03:53:36] <zoeloelip> http://reductivelabs.com/trac/puppet/wiki/ConfigurationReference
[2008/04/15 03:53:52] <zoeloelip> pass --node_name="facter" to the master
[2008/04/15 03:53:56] <zoeloelip> that fixed it for me
[2008/04/15 03:56:30] <Wakko666> does case support glob/regex matching? e.g. case $foo { bar*: { do stuff } }
[2008/04/15 03:56:42] <windowsrefund> zoeloelip, I'll try that
[2008/04/15 03:58:42] @ f--z joined channel #puppet
[2008/04/15 03:59:58] <windowsrefund> zoeloelip, that did it :)
[2008/04/15 04:00:01] <windowsrefund> thanks
[2008/04/15 04:11:16] @ lak joined channel #puppet
[2008/04/15 04:24:32] @ kposs joined channel #puppet
[2008/04/15 04:36:51] @ jfluhmann joined channel #puppet
[2008/04/15 04:37:30] @ jfluhmann left channel #puppet ("Open Source Symposium - http://www.texasoss.org/")
[2008/04/15 04:47:13] @ Quit: rlivsey:
[2008/04/15 04:47:34] <skopii_> does anyone use CentOS?
[2008/04/15 04:48:33] <skopii_> facter is reporting the operatingsystem as CentOS I want to use ${operatingsystem} in a module
[2008/04/15 04:48:53] <muerr> We're using CentOS.
[2008/04/15 04:49:06] <Wakko666> i'm using CentOS
[2008/04/15 04:49:10] <skopii_> do you define modules like apache::CentOS?
[2008/04/15 04:49:16] <muerr> No.
[2008/04/15 04:49:16] <skopii_> I get Syntax error at '::CentOS'
[2008/04/15 04:49:20] <Wakko666> nope
[2008/04/15 04:49:22] <skopii_> what do you do instead?
[2008/04/15 04:49:48] <muerr> 'apache' is the module name (ie, import apache in site.pp).
[2008/04/15 04:50:18] <muerr> for CentOS specific stuff (we don't have any in the apache module, though), we use a case statement, or a selector, where applicable.
[2008/04/15 04:50:40] <skopii_> I just checked out the apache module from that git repo and am using it as a base. I will happily contribute what I write back to the author, if I get it working
[2008/04/15 04:51:00] <skopii_> the way that module works is it starts off class apache { include "apache::${operatingsystem}" }
[2008/04/15 04:51:32] <skopii_> perhaps I am going about this the wrong way -- how can I override $operatingsystem ?
[2008/04/15 04:51:34] <muerr> http://reductivelabs.com/trac/puppet/wiki/LanguageTutorial#case
[2008/04/15 04:51:47] <muerr> the first example is probably what you want.
[2008/04/15 04:52:53] <skopii_> well in site.pp i have 'import "os/*"'
[2008/04/15 04:53:03] <skopii_> so couldn't I just make an os/centos.pp file?
[2008/04/15 04:53:57] <skopii_> instead of that import should I delete that instead replacing it with a case file in site.pp?
[2008/04/15 04:54:08] <skopii_> that imports os/centos.pp?
[2008/04/15 04:54:21] <skopii_> what is the difference between import and include?
[2008/04/15 04:54:46] <skopii_> sorry if I have lots of questions it would be nice if the "shipping" config did all this for me =\
[2008/04/15 04:56:07] <skopii_> is there a sample configuration guide on the wiki?
[2008/04/15 04:56:21] <skopii_> one that I can build off of
[2008/04/15 04:56:35] <skopii_> brb
[2008/04/15 04:57:48] @ Quit: alephant: "BOOM!!"
[2008/04/15 04:59:24] @ Quit: emerose:
[2008/04/15 05:01:53] <muerr> there's several configuration samples out there. David Schmitt's got a "complete configuration" documented on the wiki, though it is probably very complex for new users.
[2008/04/15 05:02:10] <muerr> We followed the structure of the "best practice" document (wiki:BestPracticies iirc)
[2008/04/15 05:15:24] @ Quit: jeckersb: Read error: 113 (No route to host)
[2008/04/15 05:15:36] @ thecat joined channel #puppet
[2008/04/15 05:15:54] <thecat> anyone here using puppet to mange user accounts on linux?
[2008/04/15 05:16:30] <thecat> I'm attempting to do this using the "user" class, but I'm getting an error on my clients.
[2008/04/15 05:16:31] <thecat> Class user does not accept argument(s) password
[2008/04/15 05:16:56] @ Quit: pleemans: "Ex-Chat"
[2008/04/15 05:17:03] <thecat> It's not 100% clear to me if the useradd provider allows you to manage_passwords
[2008/04/15 05:17:10] <thecat> the command line util certianly does
[2008/04/15 05:20:38] <muerr> we're managing user accounts, but we don't use passwords - passwords are set to a random value and we authenticate via ssh key.
[2008/04/15 05:21:11] <stick> thecat: I manage root pw
[2008/04/15 05:21:18] <stick> 's on redhat with puppet
[2008/04/15 05:21:49] <stick> thecat: there's a faq entry you need the ruby-shadow libraries so ruby knows how to set shadow entries
[2008/04/15 05:22:41] <stick> thecat: put managing real users with puppet is probably a bad idea unless users all have the ability to change their pw inside of puppet whenever they want
[2008/04/15 05:22:58] <stick> b/c if they change it with passwd puppet will change it back
[2008/04/15 05:23:59] @ jeckersb joined channel #puppet
[2008/04/15 05:25:10] <skopii_> muerr: actually, thanks for that I had checked it out but didn't really look at it. this seems to make more sense than anything I have seen so far. possibly because I am more visual
[2008/04/15 05:26:19] <muerr> skopii_: case statements in programming languages always throw me for a loop :-)
[2008/04/15 05:26:38] <muerr> everyone may collectively groan at my pun, its okay.
[2008/04/15 05:26:48] <skopii_> that is one concept I am familiar with =]
[2008/04/15 05:27:22] <thecat> I installed the ruby-shadow entries
[2008/04/15 05:27:28] <thecat> rub shadow lib, rather
[2008/04/15 05:27:30] <thecat> ruby
[2008/04/15 05:28:02] <thecat> stick: I'm ok with managing passwords using puppet..
[2008/04/15 05:28:47] <thecat> is the "password" parameter something recent?
[2008/04/15 05:28:47] <stick> thecat: then you should be good, the password attribute to the user type is literal so you want a hash there not a readable string
[2008/04/15 05:29:00] <thecat> using the hash
[2008/04/15 05:29:04] <thecat> and single quotes
[2008/04/15 05:29:08] <stick> not really, been around at least since 23.1 as far as I know
[2008/04/15 05:29:14] <plathrop> skopii_: Some people have found my (sadly neglected) blog helpful: http://plathrop.tertiusfamily.net/blog
[2008/04/15 05:29:18] <thecat> Class user does not accept argument(s) password at
[2008/04/15 05:29:31] <stick> interesting
[2008/04/15 05:29:45] <stick> thecat: pastebin your manifest?
[2008/04/15 05:29:54] <thecat> but it's a 0.22.1 client, and a 0.24 server
[2008/04/15 05:30:48] <stick> thecat: ahh that may be your problem not sure if it's supported in 22.1
[2008/04/15 05:31:57] <thecat> that's one of my beefs with the documentation, it only seems to apply to the newest versions
[2008/04/15 05:32:11] <thecat> how would you back track to find when a feature was added?
[2008/04/15 05:32:11] <thecat> class usertest {
[2008/04/15 05:32:11] <thecat> user { "jkrauska":
[2008/04/15 05:32:11] <thecat> comment => "Joel Krauska",
[2008/04/15 05:32:11] <thecat> name => "jkrauska",
[2008/04/15 05:32:12] <thecat> password => 'HASHHIDDENFROM RC',
[2008/04/15 05:32:22] <thecat> home => "/nail/home/jkrauska",
[2008/04/15 05:32:22] <thecat> uid => "620",
[2008/04/15 05:32:23] <thecat> gid => "users",
[2008/04/15 05:32:23] <thecat> allowdupe => false,
[2008/04/15 05:32:23] <thecat> provider => "useradd",
[2008/04/15 05:32:23] <thecat> ensure => present,
[2008/04/15 05:32:24] <thecat> }
[2008/04/15 05:32:25] <thecat> }
[2008/04/15 05:32:47] <stick> thecat: I'd look at type/user.rb under your rubylib directory
[2008/04/15 05:33:25] <stick> if you don't see newproperty(:password ... then it's probably not in 22.1
[2008/04/15 05:34:27] <thecat> that's it
[2008/04/15 05:34:37] <thecat> bummer
[2008/04/15 05:34:53] <chadh> riddley: there?
[2008/04/15 05:34:57] <thecat> I've been trying to avoid pushing out a non-distro controlled puppet package
[2008/04/15 05:35:00] <thecat> alas
[2008/04/15 05:35:12] <thecat> ok, thanks for playing
[2008/04/15 05:35:25] <muerr> http://s1.gladiatus.us/game/c.php?uid=31043
[2008/04/15 05:35:30] <muerr> oops - wrong window
[2008/04/15 05:36:10] @ Ned_ joined channel #puppet
[2008/04/15 05:41:24] @ Quit: Ned: Connection timed out
[2008/04/15 05:44:42] <stick> thecat: what do you mean non-distro controlled puppet package?
[2008/04/15 05:45:09] <plathrop> thecat: It's usually a good idea to learn how to make packages for your distro.
[2008/04/15 05:45:28] <plathrop> stick: I think he means installing from source vs. having a package.
[2008/04/15 05:45:29] <muerr> stick i assume he means something that isn't in a yum/apt repo
[2008/04/15 05:45:37] <muerr> provided by the distribution
[2008/04/15 05:46:10] <stick> I didn't think any distro actually provided/maintained a puppet package
[2008/04/15 05:46:52] <stick> lutter is the closest to the rhel/fedora maintainer and it just goes in epel (which is a half step up from arbitrary yum repo on the internets)
[2008/04/15 05:47:13] <thom> stick: it's been in debian/ubuntu for quite some time
[2008/04/15 05:47:24] <stick> thom: ah
[2008/04/15 05:49:19] <stick> but (not be be pendantic (ok maybe a little)) but couldn't you say the same thing about the kitchen sink?
[2008/04/15 05:49:22] @ jeckersb_ joined channel #puppet
[2008/04/15 05:50:13] @ Quit: jeckersb: Read error: 113 (No route to host)
[2008/04/15 05:50:38] <stick> but anyway if it's in debian/ubuntu I assume it's something more recent than 22.1 if it's actually maintained
[2008/04/15 05:51:08] * stick thought d/u generally err'ed on the side of cutting edge for most software
[2008/04/15 05:51:59] <Cuchulain> by the time it hits debian stable, not really
[2008/04/15 05:52:22] <Cuchulain> ubuntu can be a bit closer to the front, but it depends on the package maintainers
[2008/04/15 05:52:31] <Cuchulain> same with debian i guess
[2008/04/15 05:52:50] <jshare> the deb for testing used install on stable just fine
[2008/04/15 05:54:08] <jshare> i am pretty sure that that was a deliberate goal of the package maintainer (being able to install the testing package on stable)
[2008/04/15 05:55:20] @ shake-n-bake_ joined channel #puppet
[2008/04/15 06:00:48] @ emerose joined channel #puppet
[2008/04/15 06:01:36] <thom> well, it's not like there are really any dependencies past ruby
[2008/04/15 06:01:56] @ shake-n-bake__ joined channel #puppet
[2008/04/15 06:02:22] @ emerose_ joined channel #puppet
[2008/04/15 06:02:37] @ Quit: shake-n-bake_: Read error: 104 (Connection reset by peer)
[2008/04/15 06:02:38] @ Quit: emerose: Read error: 104 (Connection reset by peer)
[2008/04/15 06:02:43] @ Quit: emerose_: Client Quit
[2008/04/15 06:03:08] @ emerose joined channel #puppet
[2008/04/15 06:03:25] @ Quit: emerose: Client Quit
[2008/04/15 06:06:09] @ emerose joined channel #puppet
[2008/04/15 06:06:44] @ Quit: emerose: Client Quit
[2008/04/15 06:08:46] <skopii_> how frequently does puppetd update from the puppetmaster ?
[2008/04/15 06:09:20] <windowsrefund> every 30 minutes by default
[2008/04/15 06:09:22] <Superfly_> configurable
[2008/04/15 06:09:39] <skopii_> sounds good to me =]
[2008/04/15 06:12:28] @ emerose joined channel #puppet
[2008/04/15 06:14:10] @ Quit: shake-n-bake: Read error: 110 (Connection timed out)
[2008/04/15 06:19:55] <thecat> is there a randomizer on the frequency?
[2008/04/15 06:20:10] <thecat> is it every 30m since the puppetd starts?
[2008/04/15 06:20:34] <thom> unless you have splay enabled,yes
[2008/04/15 06:20:48] <plathrop> Although a lot of splay happens on it's own.
[2008/04/15 06:21:16] @ steinmb joined channel #puppet
[2008/04/15 06:21:18] <thecat> not if you restart puppetd at the same time
[2008/04/15 06:21:47] <plathrop> thecat: Oh? All your systems are under the exact same amount of load? Cool. How did you manage that?
[2008/04/15 06:22:11] <thom> plathrop: virtual machines after a hardware reboot
[2008/04/15 06:22:26] <thecat> and bringing up batches of machines at the same time
[2008/04/15 06:22:38] <plathrop> *shrug* My VMs still have varying amounts of load, so I get splay. YMMV
[2008/04/15 06:22:42] <thecat> I just turned up 32 new servers, and I think they're pounding my master
[2008/04/15 06:23:31] <thecat> anyone got an example config of splaytime?
[2008/04/15 06:23:31] <thecat> http://www.madstop.com/splaytime-and-scheduling.html
[2008/04/15 06:25:41] @ zobbo joined channel #puppet
[2008/04/15 06:28:53] <thecat> or, for example, let's say I need to put in "splay=true" in to all my puppetd.conf files, then I need to restart all my puppetds.. :(
[2008/04/15 06:32:19] @ Quit: f--z: "KVIrc 3.2.5 Anomalies http://www.kvirc.net/"
[2008/04/15 06:40:07] <thom> just update your config, puppet'll re-read it
[2008/04/15 06:43:27] @ emerose_ joined channel #puppet
[2008/04/15 06:51:07] @ Quit: emerose: Read error: 110 (Connection timed out)
[2008/04/15 07:03:03] @ Innocenti joined channel #puppet
[2008/04/15 07:07:39] @ shenson is now known as shenson_not_here
[2008/04/15 07:09:52] @ shake-n-bake joined channel #puppet
[2008/04/15 07:12:42] @ Quit: Innocenti: Client Quit
[2008/04/15 07:26:45] @ Quit: shake-n-bake__: Read error: 110 (Connection timed out)
[2008/04/15 07:30:10] @ Quit: ezralini:
[2008/04/15 07:40:58] @ Innocenti joined channel #puppet
[2008/04/15 07:46:45] @ Quit: shiruken: Read error: 110 (Connection timed out)
[2008/04/15 07:51:41] @ Quit: zobbo: Read error: 110 (Connection timed out)
[2008/04/15 07:52:13] @ ezralini joined channel #puppet
[2008/04/15 07:53:07] @ muerr left channel #puppet ()
[2008/04/15 07:58:19] @ Quit: steinmb:
[2008/04/15 08:11:15] @ dysinger joined channel #puppet
[2008/04/15 08:15:34] @ shiruken joined channel #puppet
[2008/04/15 08:17:50] @ sigmonsays joined channel #puppet
[2008/04/15 08:18:00] <sigmonsays> What is the difference between puppet and cfengine?
[2008/04/15 08:18:34] <lak> sigmonsays: the number of people in the respective IRC channels? :)
[2008/04/15 08:18:41] <thecat> http://reductivelabs.com/trac/puppet/wiki/CfengineVsPuppet
[2008/04/15 08:18:47] <lak> well, and that
[2008/04/15 08:19:40] <thecat> my experience is that puppet is much more volatile, lots of new development all the time... and for that reason, not as "stable".
[2008/04/15 08:19:42] <thom> heh
[2008/04/15 08:19:56] <waawaamilk> then again, using puppet doesn't make you want to kill yourself
[2008/04/15 08:19:59] * waawaamilk runs
[2008/04/15 08:20:16] <plathrop> sigmonsays: On the other hand, my experience is that Puppet is rock-stable.
[2008/04/15 08:21:01] <thecat> plathrop: add "splay=true" to a 0.22.1 puppetd and watch it fail on the parser and then shut down
[2008/04/15 08:21:04] <thecat> that's not very stable
[2008/04/15 08:21:23] <thecat> puppet is great if all your puppet versions are in sync
[2008/04/15 08:21:44] <thecat> shouldn't puppet be updating itself?
[2008/04/15 08:21:51] <Demosthenex> same rule i followed with CfE, test test test.
[2008/04/15 08:22:28] <plathrop> thecat: If you don't use the stable version, don't expect stable behavior.
[2008/04/15 08:22:39] <thecat> 0.22.1 is stable
[2008/04/15 08:22:53] <thecat> but it doesn't support a lot of the useful features in 0.24
[2008/04/15 08:23:19] @ Quit: lak:
[2008/04/15 08:23:28] <plathrop> thecat: You just said it wasn't. Also, on the project website, the stable version is 0.23.2
[2008/04/15 08:23:55] <plathrop> So, sigmonsays, clearly there is a disagreement as to stability.
[2008/04/15 08:23:59] <thecat> I meant to say it "was" a stable version... or as stated by the webpage
[2008/04/15 08:24:06] <plathrop> Guess you'll have to evaluate yourself.
[2008/04/15 08:24:41] <thecat> it's a symantic argument.. but my experience is that puppet is quickly evolving, which has positive and negative effects
[2008/04/15 08:25:53] @ Quit: stevil:
[2008/04/15 08:26:50] <plathrop> thecat: We have no argument there, it's rapidly evolving, and there have been a couple real stinkers of bugs. However, all I said was in *my* experience, Puppet is rock-stable.
[2008/04/15 08:33:36] <jamesturnbull> stable is such a relative term
[2008/04/15 08:34:29] <jamesturnbull> I think though it might be time to bump the stable release to 0.24
[2008/04/15 08:37:01] <plathrop> jamesturnbull: I wouldn't object
[2008/04/15 08:37:20] <Demosthenex> thecat: i'd suggest you pick a version, and test each feature you require. and stay with it until you're ready to manage it as an application upgrade.
[2008/04/15 08:38:09] <jamesturnbull> plathrop: I've pinged lak about it so we'll see
[2008/04/15 08:38:58] @ Quit: stick: Read error: 110 (Connection timed out)
[2008/04/15 08:45:26] <fujin> mm, I'd go so far as to say that 0.24 is more stable than 0.23
[2008/04/15 08:45:27] <fujin> ;[
[2008/04/15 08:45:53] <waawaamilk> I remember there was some discussion before about memory leaks. Did that all get cleared up?
[2008/04/15 08:46:06] <waawaamilk> (not that I have encountered them myself..)
[2008/04/15 08:46:31] <fujin> memory leaks are still apparent, the important one, #1010, is fixed
[2008/04/15 08:46:33] <gepetto> fujin: #1010 is http://reductivelabs.com/trac/puppet/ticket/1010 "puppet/puppetmaster randomly corrupts file{} resources, seemingly after leaking RAM for some time"
[2008/04/15 08:46:46] @ lak joined channel #puppet
[2008/04/15 08:46:50] <fujin> which turned out to be an issue with connection pooling/recycling
[2008/04/15 08:46:56] <fujin> hiya lak
[2008/04/15 08:47:01] <waawaamilk> oarsum :)
[2008/04/15 08:47:03] <lak> hi
[2008/04/15 08:47:53] <Demosthenex> oh hey! i hadn't heard that was fixed. awesome!
[2008/04/15 08:48:14] <fujin> the fix made it into .4, I think
[2008/04/15 08:52:24] @ brenton_ is now known as brenton
[2008/04/15 08:53:58] <martha> weird. for some reason, this new node is not syncing any plugins, even when I explictly run puppetd --pluginsync
[2008/04/15 08:56:09] <fujin> weird :P
[2008/04/15 08:56:26] <fujin> got libdir/factpath etc all set?
[2008/04/15 08:58:01] <martha> ah, there was a puppetd.conf file
[2008/04/15 09:04:28] <plathrop> Here's an odd problem maybe someone can help me with. I'm using puppet to bootstrap nodes into a 'basic node' state. One of the things that we do is install openntpd
[2008/04/15 09:04:36] <plathrop> This is on Debian Etch, by the way
[2008/04/15 09:05:04] <plathrop> We use File resources to bring over /etc/defaults/openntpd and /etc/openntpd/ntpd.conf
[2008/04/15 09:05:34] <plathrop> We also use a service resource (and appropriate dependencies) to make sure the service is running.
[2008/04/15 09:06:09] <plathrop> The problem is this: on that first run, when Puppet installs everything and then attempts to start openntpd, it always fails to start it (says the init script returned 256)
[2008/04/15 09:06:25] <fujin> 256 = no such file, isn't it?
[2008/04/15 09:06:33] <plathrop> A second run works fine, the service gets refreshed.
[2008/04/15 09:06:47] <fujin> ah, no such file is err 127
[2008/04/15 09:06:48] <plathrop> fujin: I'm not sure, but there is more.
[2008/04/15 09:07:10] <plathrop> I just tried a run where I removed the service resource and bootstrapped it.
[2008/04/15 09:07:12] <fujin> plathrop: you're definitely requiring[] the files in the service definition?
[2008/04/15 09:07:28] <windowsrefund> plathrop, you may need to use status =>
[2008/04/15 09:07:34] <plathrop> When *I* ran the command by hand, it worked.
[2008/04/15 09:07:35] <windowsrefund> in the service type
[2008/04/15 09:07:44] <fujin> plathrop: weird, pastie?
[2008/04/15 09:07:55] <plathrop> windowsrefund: I thought so too, but it isn't returning anything odd when done by hand.
[2008/04/15 09:08:01] <plathrop> fujin: Sure, just a sec.
[2008/04/15 09:08:05] <plathrop> pastie: give me a link
[2008/04/15 09:08:39] <windowsrefund> I'd try to add status => anyway
[2008/04/15 09:08:49] <fujin> it's not a status issue, it's starting the service which is failing
[2008/04/15 09:08:52] <fujin> (not much to do with status)
[2008/04/15 09:10:07] <pastie> http://pastie.org/180775 by plathrop.
[2008/04/15 09:10:38] <thecat> does anyone have a good emacs mode for puppet configs?
[2008/04/15 09:10:46] <fujin> learn2vim
[2008/04/15 09:10:56] <thecat> :!no
[2008/04/15 09:11:23] <fujin> plathrop: does Etch ship with a default ntpd.conf?
[2008/04/15 09:11:39] <plathrop> fujin: Yes, it installs something by default.
[2008/04/15 09:11:47] <martha> plathrop: require the package in the service
[2008/04/15 09:12:00] <martha> so you don't try to start before the package is installed
[2008/04/15 09:12:33] <fujin> heh, that's probably it
[2008/04/15 09:12:41] <fujin> you haven't put any dependancy stuff on your service{} define
[2008/04/15 09:13:31] <plathrop> martha: That *could* be it. I certainly will add that anyway since it makes sense...
[2008/04/15 09:13:42] <fujin> It's always better to have dependancies than not
[2008/04/15 09:13:45] <plathrop> But the logs didn't point to that. I'll paste those too
[2008/04/15 09:13:49] <fujin> anywhere you can :>
[2008/04/15 09:14:13] <plathrop> Paste updated. Meanwhile I'll try that
[2008/04/15 09:15:24] <fujin> weird
[2008/04/15 09:15:29] <fujin> those logs look like it actually installs the package
[2008/04/15 09:15:31] <fujin> and the service fails anyway
[2008/04/15 09:16:49] <plathrop> That's what I thought, too. But I'm retrying now.
[2008/04/15 09:17:06] * plathrop has to wait for the machine to be bootstrapped from a clean install to truly test.
[2008/04/15 09:17:57] <fujin> I actually stopped using openntpd here cause it seems alittle funny
[2008/04/15 09:18:04] <fujin> and ended up rolling out DavidS' NTP module
[2008/04/15 09:18:15] <fujin> which uses export/collections to share NTP configurationw here ncessary
[2008/04/15 09:18:27] <plathrop> fujin: Yeah, I don't have the choice at this point.
[2008/04/15 09:18:36] <plathrop> Otherwise, I might.
[2008/04/15 09:18:45] <thom> gah, puppetcon clashes with nanog
[2008/04/15 09:18:48] <plathrop> Although, DavisS' modules don't work like my brain.
[2008/04/15 09:18:59] <plathrop> thom: what's nanog?
[2008/04/15 09:19:01] @ shadoi joined channel #puppet
[2008/04/15 09:19:09] <thom> north american netops group
[2008/04/15 09:19:18] <fujin> I see the same behaviour here, plathrop !
[2008/04/15 09:19:32] <fujin> I just dpkg --purged openntpd
[2008/04/15 09:19:41] <fujin> and puppet installs the service then tries to start it, yet it fails with err 256
[2008/04/15 09:19:56] <fujin> gee, that is weird
[2008/04/15 09:20:54] <plathrop> IIt must be an environment thing.
[2008/04/15 09:21:08] <fujin> mm
[2008/04/15 09:21:20] <fujin> weird, I just purged it and ran the manifest again and it worked that time
[2008/04/15 09:21:21] <plathrop> Or maybe things happen too fast for openntpd to handle?
[2008/04/15 09:21:35] <plathrop> fujin: Yeah, that's why I have to do a clean install to test!
[2008/04/15 09:21:50] <plathrop> The behavior is completely dependent on it being the first time.
[2008/04/15 09:21:59] <plathrop> Drives me crazy.
[2008/04/15 09:22:27] @ Quit: yure: simmons.freenode.net irc.freenode.net
[2008/04/15 09:22:28] @ Quit: londo: simmons.freenode.net irc.freenode.net
[2008/04/15 09:22:30] * plathrop is tempted to throw a 'sleep' exec in there to see if it makes a difference.
[2008/04/15 09:22:32] <thom> make the service require the package?
[2008/04/15 09:22:38] <plathrop> After I test martha's recommendation.
[2008/04/15 09:22:54] <plathrop> thom: That's what I'm trying now, but as I said, the logs seem to suggest that isn't the issue.
[2008/04/15 09:22:56] <thom> ah, martha beat me to it
[2008/04/15 09:23:34] <thom> i have basically an identical class here and it WFM with that require, so :)
[2008/04/15 09:23:44] * thom home
[2008/04/15 09:25:24] [msg(#puppet)] ::puppet:: Downloading Puppet edited by jamtur01 @ http://reductivelabs.com/trac/puppet/wiki/DownloadingPuppet
[2008/04/15 09:26:06] <fujin> plathrop: It's working consistently for me now
[2008/04/15 09:26:09] <fujin> pastie: HIT ME
[2008/04/15 09:26:25] <pastie> http://pastie.org/180784 by fujin.
[2008/04/15 09:27:24] <Wakko666> hrm. i must be doing something wrong. i'm trying to implement a User type, but puppet just errors out with "usermod: $USER not found in /etc/passwd" instead of creating the use THEN adding it to /etc/shadow. suggestions?
[2008/04/15 09:28:07] <plathrop> fujin: I like that. The dependencies make more sense than what I was doing.
[2008/04/15 09:28:10] * plathrop tests it out.
[2008/04/15 09:28:11] <plathrop> Thanks!
[2008/04/15 09:29:59] @ londo joined channel #puppet
[2008/04/15 09:30:02] <fujin> Wakko666: paste
[2008/04/15 09:30:30] <fujin> plathrop: I've found its' always much better to explicitly express relationships where possible
[2008/04/15 09:30:49] <plathrop> fujin: Me too. I must have been sleeping when I wrote that stuff.
[2008/04/15 09:30:57] <fujin> plathrop: noticed you also didn't have the enable parameter for your service
[2008/04/15 09:31:56] <plathrop> fujin: I kinda thought that was explicit in the ensure => running... not so?
[2008/04/15 09:32:59] <Wakko666> fujin: http://pastebin.com/d55a77e64
[2008/04/15 09:33:14] <fujin> plathrop: no, ensure => running just kicks off a status check and starts it if it is stopped
[2008/04/15 09:33:19] <fujin> enable => true does the update-rc.d stuff.
[2008/04/15 09:33:29] <fujin> debug: Puppet::Type::Service::ProviderDebian: Executing '/usr/sbin/update-rc.d -n -f openntpd remove'
[2008/04/15 09:34:14] <fujin> Wakko666: weird, what O/S?
[2008/04/15 09:35:10] <Wakko666> fujin: Fedora 8, puppet-0.24.4-1.fc8 on the client, CentOS 5.1, puppet-server-0.24.4-1.el5 on the server
[2008/04/15 09:35:30] <plathrop> fujin: Thanks, didn't know
[2008/04/15 09:35:38] <fujin> and I trust you've got libshadow-ruby or it's RH equivalent?
[2008/04/15 09:35:53] <Wakko666> fujin: yup. (it's ruby-shadow)
[2008/04/15 09:36:11] <fujin> Wakko666: this is the manifest I use for user creation http://rafb.net/p/3m0SOc74.html
[2008/04/15 09:36:14] <fujin> I don't really see any issue with yours
[2008/04/15 09:36:56] <Wakko666> huh... other than not using membership, mine's basically identical
[2008/04/15 09:36:58] <fujin> can you run with --debug and see what provider your user{} type is using?
[2008/04/15 09:37:07] <Wakko666> sure
[2008/04/15 09:37:46] <Wakko666> (provider=useradd)
[2008/04/15 09:38:29] <fujin> freakin' weird man
[2008/04/15 09:38:44] <Wakko666> now... thinking about it, i can see one possibility
[2008/04/15 09:38:58] <Wakko666> and this could just be me trying to be too clever for my own good
[2008/04/15 09:39:42] <Wakko666> but, my system _does_ use ldap to authenticate. what i'm trying to achieve is also defining certain privileged accounts in /etc/passwd...
[2008/04/15 09:39:56] <plathrop> Well, my brain is fried for the day. Good night folks.
[2008/04/15 09:40:00] @ plathrop left channel #puppet ()
[2008/04/15 09:40:01] <Wakko666> because part of our environment uses ldap, but the other part of it doesn't.
[2008/04/15 09:40:22] <fujin> Wakko666: kind of a weird setup,
[2008/04/15 09:40:24] <fujin> give me a sec
[2008/04/15 09:40:26] <fujin> running your manifest here
[2008/04/15 09:40:32] <Wakko666> fujin: you're telling me. ;-)
[2008/04/15 09:40:48] <fujin> I shifted recently from LDAP authentication to passwd/shadow authentication managed by puppet
[2008/04/15 09:40:57] <fujin> as it can quite happily detect when people change their passwords on each node, and fix them etc
[2008/04/15 09:41:41] <fujin> LDAP auth err, seemed a little flaky
[2008/04/15 09:41:46] <Wakko666> yeah. we've got plans to put ldap in place everywhere, but there are some legacy systems we have to move slowly on, so i'm trying to concoct an interim solution.
[2008/04/15 09:41:47] <fujin> even with libnss-ldap/libpam-ldap etc etc
[2008/04/15 09:42:16] <Wakko666> we're kinda stuck with AD, so i'm trying to make the best of it. :-\
[2008/04/15 09:42:29] @ yure joined channel #puppet
[2008/04/15 09:43:03] @ martha left channel #puppet ()
[2008/04/15 09:43:36] <fujin> Wakko666: for what it's worth: http://rafb.net/p/TpfuCH22.html
[2008/04/15 09:43:41] <fujin> Wakko666: Have you looked at Likewise?
[2008/04/15 09:44:06] <Wakko666> yeah, we were just talking about it earlier this week, in fact.
[2008/04/15 09:44:35] <fujin> likewise looks to be a little nicer for provisioning than the usual messy combination of openLDAP libraries, libpam-ldap & libnss-ldap and so on so forth
[2008/04/15 09:44:44] @ johnf joined channel #puppet
[2008/04/15 09:45:25] <Wakko666> yeah... it's definitely making some impressive claims
[2008/04/15 09:45:26] * nevyn like k5
[2008/04/15 09:48:34] <fujin> I think Likewise sits ontop of k5 somewhere
[2008/04/15 09:48:37] <fujin> does all the magic
[2008/04/15 09:49:20] <Wakko666> it looks like they implement a modified version of winbind
[2008/04/15 09:49:52] <fujin> oh yeah, samba
[2008/04/15 09:54:36] @ steinmb joined channel #puppet
[2008/04/15 09:58:37] <Cuchulain> what is messy about ldap auth, fujin ?
[2008/04/15 10:00:44] @ Quit: jeckersb_: "Leaving"
[2008/04/15 10:02:50] <fujin> hrm, I dunno. I guess
[2008/04/15 10:02:58] <fujin> the caching/system users stuff
[2008/04/15 10:03:14] <fujin> when boxes start up you see massive failures on looking up uid/gid for system accounts
[2008/04/15 10:03:33] <fujin> and at the time when I was using it, puppet w=as still corrupting file{} resources and would regularly corrupt the pam.d/ files
[2008/04/15 10:04:16] <Cuchulain> hrm
[2008/04/15 10:04:25] <Cuchulain> startup issues should be fixable through correct nsswitch.conf settings
[2008/04/15 10:04:38] @ Quit: lak:
[2008/04/15 10:05:10] <fujin> not in the way I wanted it configured, I found
[2008/04/15 10:05:18] @ pdt joined channel #puppet
[2008/04/15 10:06:13] <fujin> I was using 'ldap db files'
[2008/04/15 10:06:19] <fujin> so that the ldap stuff would ovveride any local user configuration
[2008/04/15 10:06:32] <fujin> and the db had the cache in it from nss_updatedb
[2008/04/15 10:11:46] @ Quit: johnf: Read error: 113 (No route to host)
[2008/04/15 10:13:33] <thecat> anyone seen certificate retrieval failures after upgrading from 22 to 24?
[2008/04/15 10:13:54] <fujin> nope, but I tend to purge all certificates on major version bumps
[2008/04/15 10:14:10] <fujin> and nuke each nodes /var/lib/puppet/
[2008/04/15 10:14:17] <fujin> (that's how I roll)
[2008/04/15 10:14:27] <thecat> nodes?
[2008/04/15 10:15:16] <fujin> clients?
[2008/04/15 10:15:17] <fujin> node
[2008/04/15 10:15:28] <fujin> I blow away everything related to SSL :)
[2008/04/15 10:15:51] <thecat> I only knew about /etc/puppet/ssl
[2008/04/15 10:16:06] <thecat> yaml/node info?
[2008/04/15 10:16:22] <fujin> yeah, I dunno, that's how I do it anyway
[2008/04/15 10:16:30] <fujin> nuke all the client cached data and SSL stuff
[2008/04/15 10:16:33] <fujin> nuke the servers ssl certs
[2008/04/15 10:16:39] <fujin> restart puppetmaster so it generates its own cert
[2008/04/15 10:16:43] <fujin> adn then start connecting clients upto it
[2008/04/15 10:22:38] @ Quit: pdt: Read error: 110 (Connection timed out)
[2008/04/15 10:26:58] <jamesturnbull> fujin: it's probably a good plan
[2008/04/15 10:27:17] <thecat> puppetca --upgrade ?
[2008/04/15 10:38:35] <fujin> heh
[2008/04/15 10:38:37] <fujin> not quite
[2008/04/15 10:41:41] <Demosthenex> did runnel's go anywhere other than a basic discussion?
[2008/04/15 10:42:19] <fujin> ?
[2008/04/15 10:43:12] <Demosthenex> the wiki page i read was a list of goals.
[2008/04/15 10:43:52] <fujin> runnel's?
[2008/04/15 10:44:29] <Demosthenex> er, runnels
[2008/04/15 10:44:36] <Demosthenex> http://reductivelabs.com/projects/runnels/
[2008/04/15 10:45:13] @ Quit: a-priori:
[2008/04/15 10:52:45] <Demosthenex> the funny thing is, reading the runnels information, it coincides with MQ information i was reading up on
[2008/04/15 10:53:00] <Demosthenex> whats missing is the utilities interfacing with an MQ transport.
[2008/04/15 10:53:11] <thecat> sounds like dbus
[2008/04/15 10:55:05] <Demosthenex> dbus is a local message passer
[2008/04/15 10:55:36] <thecat> I'm pretty sure there's a TCP layer for dbus
[2008/04/15 10:55:36] <Demosthenex> MQ covers a generic application transport for messages between apps, where the MQ server(s) are responsible for delivery, routing, reliability, etc.
[2008/04/15 10:55:51] <Demosthenex> i've been impressed with my reading on ActiveMQ, RabbitMQ, and STOMP.
[2008/04/15 10:56:09] <Demosthenex> dbus may be reinventing the wheel, considering some of these have been out a long time...
[2008/04/15 10:56:17] <Demosthenex> dbus was replacing internal IPC, wasn't it?
[2008/04/15 10:56:31] <thecat> i/rpcs have been out a long time
[2008/04/15 10:56:37] <thecat> dbus has actual usage though
[2008/04/15 10:56:51] <thecat> just pointing it out
[2008/04/15 10:56:52] <Demosthenex> i have commercial accounts where their proprietary MQ software infrastructure is the most critical system in the enterprise, because every application interoperates through it
[2008/04/15 10:57:12] <Demosthenex> no more file transfers, smtp relaying, upload/download...
[2008/04/15 10:57:51] <fujin> dbus is pretty cool to code around.
[2008/04/15 10:58:05] @ johnf joined channel #puppet
[2008/04/15 10:58:17] <Demosthenex> runnels caught my attention because i can't use the puppet native protocols (puppetmasterd/puppetd) for sharing manifests, and i was already looking at using STOMP to pass data around, and it occurred to me i could use it with puppet too
[2008/04/15 10:58:27] <Demosthenex> runnels is an expression of that idea from a systems perspective
[2008/04/15 11:00:19] <fujin> Why can't you use puppetmaster/puppet?
[2008/04/15 11:02:00] <Demosthenex> intersite, not intrasite
[2008/04/15 11:02:12] <Demosthenex> i don't trust puppetmaster on the internet
[2008/04/15 11:02:13] <fujin> ah
[2008/04/15 11:02:13] <fujin> But it's HTTPS?
[2008/04/15 11:02:13] <Demosthenex> i've been hacking at this off and on for a while.
[2008/04/15 11:02:25] <Demosthenex> ok, say you're managing 100 boxes over the net, back to a central puppetmaster.
[2008/04/15 11:02:45] <Demosthenex> central puppetmaster's compromised, now i've got 100 customers sites at risk
[2008/04/15 11:02:57] <Demosthenex> its really that simple
[2008/04/15 11:03:12] <nevyn> yep.
[2008/04/15 11:03:14] <Demosthenex> see #1154
[2008/04/15 11:03:20] <gepetto> Demosthenex: #1154 is http://reductivelabs.com/trac/puppet/ticket/1154 "Allow signed manifests to eliminate single point of compromise"
[2008/04/15 11:03:24] <Demosthenex> so i'm taking a secure packaging approach
[2008/04/15 11:03:45] <Demosthenex> i'm generated signed encrypted manifests, using a hierarcal trust model.
[2008/04/15 11:03:55] <fujin> heh, I personally use an un-routable private (rfc1819) subnet inside an MPLS cloud
[2008/04/15 11:04:18] <Demosthenex> yeah, i'd thought of just sharing out a vpn only subnet...
[2008/04/15 11:04:27] <Demosthenex> but it is still increased exposure
[2008/04/15 11:04:39] <fujin> I suppose you've still got the same issue.
[2008/04/15 11:04:53] <fujin> With careful network design, access to the puppetmaster can be sufficiently limited (I feel)
[2008/04/15 11:05:03] <Demosthenex> yeah, except then i'd be bridging customer networks.
[2008/04/15 11:05:13] <Demosthenex> i'm all for puppetmaster locally, i wouldn't hesitate
[2008/04/15 11:05:19] <fujin> well you could always put your master in a DMZ for customers to talk to
[2008/04/15 11:05:39] <Demosthenex> well, like i said, i've got the method pretty down pat
[2008/04/15 11:05:48] <Demosthenex> i'm fighting with key distribution atm, but thats ok
[2008/04/15 11:06:20] <Demosthenex> but it had occured to me, instead of scp/ftp/http/whatever with an encrypted and signed packet of manifests, that i could use MQ or the like.
[2008/04/15 11:06:27] <Demosthenex> and then use it for everything, not just manifests
[2008/04/15 11:06:35] <Demosthenex> ie: logging, reports, other messaging.
[2008/04/15 11:06:56] <fujin> what about avahi?
[2008/04/15 11:06:57] <Demosthenex> so the runnels idea sounds great to me... with the right abstraction i'd be fine with using it over the net
[2008/04/15 11:07:08] <Demosthenex> googling.
[2008/04/15 11:07:09] <fujin> nm, that's just discovery
[2008/04/15 11:07:12] <fujin> forget it
[2008/04/15 11:07:15] <Demosthenex> ah
[2008/04/15 11:07:44] <Demosthenex> well, a MQ bus with strong SSL security (packets are encrypted to destination, signed by sender) would be perfect
[2008/04/15 11:07:58] <Demosthenex> given persistent messages and some form of ha
[2008/04/15 11:08:36] <Demosthenex> the other difference here is that puppetmaster makes logical decisions for a client based on facts from facter
[2008/04/15 11:08:43] <Demosthenex> i'm using self-contained configurations
[2008/04/15 11:09:14] <Demosthenex> its hard to sign something that's being served in pieces dynamically
[2008/04/15 11:09:57] <Demosthenex> i'm going to start experimenting with an open MQ app soon to kick the tires and see if it works
[2008/04/15 11:10:29] <Demosthenex> even if i have to front it with a perl or shell script for SSL processing
[2008/04/15 11:10:49] <fujin> puppetmaster really needs some kind of built-in SCM style thing
[2008/04/15 11:10:59] <fujin> where you can push a set of changes into it, signed with GPG
[2008/04/15 11:11:02] <fujin> (similar to a git tag)
[2008/04/15 11:11:07] <fujin> and then it'll start serving them
[2008/04/15 11:11:12] <fujin> and that is the *only* way to make changes
[2008/04/15 11:11:16] <Demosthenex> like the prior conv, puppet's quickly evolving.
[2008/04/15 11:11:35] <Demosthenex> i'm content to use it as a configuration language, because its far superior to CfE and does an excellent job
[2008/04/15 11:12:06] <fujin> mm
[2008/04/15 11:12:20] <fujin> I've always envisioned puppetshow turning into some kind of centralised change management frontend
[2008/04/15 11:12:34] <Demosthenex> i haven't looked at puppetshow
[2008/04/15 11:14:21] <ashp> what's puppetshow?
[2008/04/15 11:14:38] @ pdt joined channel #puppet
[2008/04/15 11:15:11] <fujin> a UI for visualising storeconfigs settings
[2008/04/15 11:21:03] <Demosthenex> i need to do some more reading on SSL, namely how SSL looks up CA/cert trust remotely
[2008/04/15 11:22:47] @ Quit: kposs:
[2008/04/15 11:24:58] <shadoi> fujin: I'm curious, can you elaborate?
[2008/04/15 11:25:14] <fujin> hold up just a moment
[2008/04/15 11:29:54] @ a-priori joined channel #puppet
[2008/04/15 11:30:09] <fujin> shadoi: well, basically, I'm thinking some kind of SCM integration (like I touched on earlier) which can accept GPG signed 'releases', which is a combination of manifests
[2008/04/15 11:30:31] <fujin> and then it needs to be able to run the relevant node config on a node in noop, parse out or understand the changes that would be made
[2008/04/15 11:30:36] <fujin> and then confirm the changes to the web interface
[2008/04/15 11:30:48] <fujin> (this obviously isn't at all feasable until puppet becomes RESTful)
[2008/04/15 11:31:09] <fujin> and if the changes are confirmed in the UI, the changes are pushed live
[2008/04/15 11:31:21] @ Quit: a-priori: Client Quit
[2008/04/15 11:33:23] @ lak joined channel #puppet
[2008/04/15 11:33:59] <jamesturnbull> fujin: that's where I see it too - after REST
[2008/04/15 11:34:16] <jamesturnbull> fujin: you take your change mgt/help desk/insert workflow here system
[2008/04/15 11:34:46] <jamesturnbull> fujin: raise a ticket for a rebuild for example and if approved the ticketing system queries puppet and tells it to rebuild the targeted host accoridng to blad spec
[2008/04/15 11:35:01] <jamesturnbull> s/blad/blah
[2008/04/15 11:35:32] <shadoi> fujin: actually.. it could work now, it would just need a separate instance of the setup, possibly done with environments. but yeah, must better after REST
[2008/04/15 11:35:54] <shadoi> In the year 1 A.R., there shall be much rejoicing.
[2008/04/15 11:35:58] <fujin> !
[2008/04/15 11:35:59] <fujin> :D
[2008/04/15 11:36:54] <fujin> Can't wait :}
[2008/04/15 11:37:06] <fujin> The change control integration would be pretty freakin awesome I feel
[2008/04/15 11:37:13] <fujin> especially if there was some sign-off procedure in it
[2008/04/15 11:37:34] @ Quit: emerose_:
[2008/04/15 11:37:34] @ Quit: jvanzyl:
[2008/04/15 11:37:45] <shadoi> I mean... technically it's pretty trivial... aside from the "show me the differences after applying config" stuff
[2008/04/15 11:37:48] <shadoi> even that's not too bad
[2008/04/15 11:39:38] <shadoi> fujin: what sort of stuff would you want to see in the UI? just a "test release -> show changes -> approve release/revert release" flow kind of thing?
[2008/04/15 11:42:22] <fujin> Yeah.
[2008/04/15 11:42:25] <fujin> I'd prefer, for a start
[2008/04/15 11:42:41] <fujin> to see the noop changes confirmation -> approve flow
[2008/04/15 11:42:57] <fujin> and then eventually to see the signed manifest upload -> noop changes confirmation (change control processs) -> approval
[2008/04/15 11:43:04] <fujin> *that* would be cool.
[2008/04/15 11:43:44] <jamesturnbull> shadoi: talk to lak - he and I chatted about this at LCA - he has quite a few ideas about where this might go
[2008/04/15 11:45:12] <shadoi> jamesturnbull: yeah we've spoken too, not specifically about change management though
[2008/04/15 11:45:39] <fujin> if the change control stuff could all be ITILised that'd be really cool, aswell
[2008/04/15 11:45:43] <fujin> like correct terminology and whatnot
[2008/04/15 11:45:56] <shadoi> *correct* .. haha
[2008/04/15 11:46:03] <shadoi> fujin: I hear ya though
[2008/04/15 11:46:22] <fujin> don't get me wrong, I love what puppet/master can do now
[2008/04/15 11:46:34] <fujin> and have worked around my change control issues by running noop jobs out of cron
[2008/04/15 11:46:35] <jamesturnbull> fujin: please don't use the ITIL word
[2008/04/15 11:46:43] <fujin> jamesturnbull: !
[2008/04/15 11:46:53] <fujin> ITIL is a good way to be, in a business sense
[2008/04/15 11:47:00] @ a-priori joined channel #puppet
[2008/04/15 11:47:03] <jamesturnbull> lak: he didn't mean it - really he didn't mean to mention ITIL
[2008/04/15 11:47:12] <fujin> ;>
[2008/04/15 11:47:18] <jamesturnbull> fujin: overrated - and this is from someone with an ITIL Masters
[2008/04/15 11:47:37] <thecat> what's a good way to copy directory structures from a central repository?
[2008/04/15 11:47:41] @ Quit: a-priori: Client Quit
[2008/04/15 11:47:43] <jamesturnbull> fujin: it's good speak and an interesting framework but it doesn't actually really do more than standardise jargon
[2008/04/15 11:47:53] <fujin> well, that's the idea
[2008/04/15 11:47:57] <fujin> standardise the jargon company wide
[2008/04/15 11:48:05] <fujin> thecat: use source/recurse
[2008/04/15 11:48:07] <shadoi> thecat: recurse => true
[2008/04/15 11:48:08] <thecat> normally I'd use rsync ... file with recurse looks possible, but a little cludgy
[2008/04/15 11:48:21] <thecat> how are perms and ownership handled with recurse?
[2008/04/15 11:48:28] <shadoi> thecat: personaly I'd only use it for empty directory structures or link farms.
[2008/04/15 11:48:29] <fujin> recursivly :)
[2008/04/15 11:48:38] <shadoi> personally*
[2008/04/15 11:48:39] <jamesturnbull> thecat: cludgy? versus rysnc and a scipt :)
[2008/04/15 11:48:55] <thecat> rsync from a readonly "master" dir
[2008/04/15 11:48:55] <jamesturnbull> s/scipt/script/ damn typing
[2008/04/15 11:49:05] <thecat> that's pretty straightforward
[2008/04/15 11:49:22] <thecat> preserves all owners, dates, perms
[2008/04/15 11:49:32] <thecat> I can't find a better way to do it with puppet
[2008/04/15 11:49:51] <thecat> besides perhaps making my dir structure in to a .deb and making it a required package
[2008/04/15 11:50:05] <thecat> but that seems even more convoluted
[2008/04/15 11:50:37] <shadoi> thecat: it's not a part of some other software that could be packaged with it?
[2008/04/15 11:51:06] <thecat> no, it's unfortunately a collection of static binaries we push out to all nodes
[2008/04/15 11:51:12] <thecat> mostly static anyway
[2008/04/15 11:51:21] <shadoi> sounds like a good package case to me.
[2008/04/15 11:51:32] <thecat> yeah, it's an option
[2008/04/15 11:51:55] <shadoi> I'm sort of biased in that though. Packaging is easier than writing manifests to me.
[2008/04/15 11:52:16] <thecat> got a good howto on settiing up apt repos and signing the debs?
[2008/04/15 11:52:38] <thecat> I also have a mix of ubuntu and suse hosts, so I'd need to build rpms too
[2008/04/15 11:52:41] <thecat> it's an udnertaking
[2008/04/15 11:52:42] <Demosthenex> reprepro
[2008/04/15 11:52:43] <shadoi> http://www.debian.org/doc/manuals/repository-howto/repository-howto
[2008/04/15 11:52:54] <shadoi> yeah reprepro is decent
[2008/04/15 11:52:58] <thecat> where rsync does the job now
[2008/04/15 11:54:06] <shadoi> *nod*
[2008/04/15 11:54:20] <shadoi> if you don't need versioning/dependencies it's probably more work than it's worth
[2008/04/15 11:54:33] <fujin> reprepro!
[2008/04/15 11:54:37] <Demosthenex> reprepro!
[2008/04/15 11:54:44] <fujin> reprepro & prevu
[2008/04/15 11:54:45] <fujin> -done
[2008/04/15 11:54:48] <fujin> i heart it
[2008/04/15 11:54:52] <thecat> I know puppet is sort of against this, but is there a good way to automate the rsync?
[2008/04/15 11:54:59] <fujin> yeah
[2008/04/15 11:55:00] <thecat> maybe cron?
[2008/04/15 11:55:03] <fujin> use exec{} and creates=>
[2008/04/15 11:55:12] <thecat> but I've had a nightmare managing cron in puppet.. :)
[2008/04/15 11:55:23] <thecat> ok, reading exec
[2008/04/15 12:01:08] <jamesturnbull> thecat: there is actually something on packaging and repos and Debina on the wiki - let me find it
[2008/04/15 12:02:16] <jamesturnbull> thecat: wiki:BootstrappingWithPuppet
[2008/04/15 12:02:18] <gepetto> jamesturnbull: thecat: wiki:BootstrappingWithPuppet is http://reductivelabs.com/trac/puppet/wiki/BootstrappingWithPuppet
[2008/04/15 12:05:40] <thecat> one horrible irony is that my ubuntu repo is on a suse machine, so installing tools like reprepro isn't so easy...
[2008/04/15 12:05:45] <thecat> time to fix the root problem
[2008/04/15 12:10:31] [msg(#puppet)] ::puppet:: Puppet Debian edited by jamtur01 @ http://reductivelabs.com/trac/puppet/wiki/PuppetDebian
[2008/04/15 12:12:45] @ Quit: andrewcshafer:
[2008/04/15 12:19:20] <thecat> puppetca --clean --all
[2008/04/15 12:19:21] <thecat> https://twiki.corp.slide.com/ITInfo/PublicIPSpace
[2008/04/15 12:19:29] <thecat> or rather
[2008/04/15 12:19:31] <thecat> puppetca --list --all | cut -d " " -f 2 | xargs puppetca --clean $0
[2008/04/15 12:19:36] <thecat> $1
[2008/04/15 12:19:40] <thecat> sigh
[2008/04/15 12:21:07] <fujin> I do for i in `grep ^node -r manifests|awk '{print $2;}'|sort`; do puppetca --clean $i; done
[2008/04/15 12:21:19] <thecat> that's nice too
[2008/04/15 12:21:28] <thecat> --clean --all would be super
[2008/04/15 12:21:50] <fujin> heh, yea
[2008/04/15 12:22:22] @ a-priori joined channel #puppet
[2008/04/15 12:24:16] <jamesturnbull> thecat: doesn't --clean --all work? - oh log a ticket for an enhancement if it doesn't - that'll be an easy fix
[2008/04/15 12:24:28] <thecat> you can't --clean --all
[2008/04/15 12:24:39] <thecat> point me where to log an enhancement?
[2008/04/15 12:25:20] <jamesturnbull> thecat: http://reductivelabs.com/trac/puppet/simpleticket
[2008/04/15 12:25:31] <thecat> TICKET_CREATE_SIMPLE privileges are required to perform this operation
[2008/04/15 12:25:51] <jamesturnbull> thecat: you have to register first
[2008/04/15 12:28:05] @ Quit: a-priori:
[2008/04/15 12:28:11] <thecat> done
[2008/04/15 12:28:13] <thecat> 1189
[2008/04/15 12:28:26] <jamesturnbull> thecat: try #1189 and gepetto links
[2008/04/15 12:28:27] <gepetto> jamesturnbull: thecat: #1189 is http://reductivelabs.com/trac/puppet/ticket/1189 "puppetca --clean --all"
[2008/04/15 12:28:53] @ emerose joined channel #puppet
[2008/04/15 12:30:17] [msg(#puppet)] ::puppet:: Ticket #1189 (enhancement created): puppetca --clean --all @ http://reductivelabs.com/trac/puppet/ticket/1189
[2008/04/15 12:42:03] @ Quit: pdt:
[2008/04/15 12:48:34] @ griznog joined channel #puppet
[2008/04/15 13:01:11] @ Quit: shake-n-bake:
[2008/04/15 13:05:04] @ andrewcshafer joined channel #puppet
[2008/04/15 13:06:00] @ Quit: lak:
[2008/04/15 13:12:11] @ shenson_not_here is now known as shenson
[2008/04/15 13:15:10] @ a-priori joined channel #puppet
[2008/04/15 13:18:23] @ Quit: a-priori: Client Quit
[2008/04/15 13:23:30] @ Quit: andrewcshafer:
[2008/04/15 13:31:25] <griznog> hi, I'm trying to set up a minimal puppet just to get started and I'm having a problem with copying files with source => "puppet://puppetserver/module/testfile".
[2008/04/15 13:31:37] <griznog> puppetmasterd gives this error:
[2008/04/15 13:31:45] <griznog> err: Cannot currently copy links
[2008/04/15 13:31:57] <griznog> but I'm not doing aything with links, just trying to copy a file.
[2008/04/15 13:32:21] <griznog> If I use "source => /path/to/local/copy" it works.
[2008/04/15 13:32:46] <griznog> how can I troubleshoot things using a url like puppet:// ?
[2008/04/15 13:47:10] @ andrewcshafer joined channel #puppet
[2008/04/15 13:54:23] @ shenson is now known as shenson_not_here
[2008/04/15 13:59:49] @ patobrien joined channel #puppet
[2008/04/15 14:14:18] [msg(#puppet)] ::puppet:: Puppet OpenBSD edited by mcbride @ http://reductivelabs.com/trac/puppet/wiki/PuppetOpenBSD
[2008/04/15 14:15:16] <fujin> griznog: upgrade
[2008/04/15 14:15:27] <fujin> copying links was fixed in 0.24.3 iirc
[2008/04/15 14:15:33] @ Quit: shadoi: "leaving"
[2008/04/15 14:18:54] @ jvanzyl joined channel #puppet
[2008/04/15 14:25:32] @ agile joined channel #puppet
[2008/04/15 14:43:53] @ Quit: dysinger:
[2008/04/15 14:47:24] @ f--z joined channel #puppet
[2008/04/15 14:50:15] @ dysinger joined channel #puppet
[2008/04/15 14:55:25] @ emerose_ joined channel #puppet
[2008/04/15 14:55:31] @ Quit: emerose: Read error: 104 (Connection reset by peer)
[2008/04/15 15:27:51] @ shake-n-bake joined channel #puppet
[2008/04/15 15:40:20] @ Quit: f--z: "KVIrc 3.2.5 Anomalies http://www.kvirc.net/"
[2008/04/15 15:53:41] @ zobbo joined channel #puppet
[2008/04/15 15:54:59] @ Quit: patobrien: "Leaving"
[2008/04/15 15:59:00] @ Quit: shake-n-bake:
[2008/04/15 16:10:02] @ shadoi joined channel #puppet
[2008/04/15 16:30:37] @ Quit: dysinger:
[2008/04/15 16:44:28] @ DerekW joined channel #puppet
[2008/04/15 16:54:19] @ Quit: shadoi: "leaving"
[2008/04/15 17:01:55] @ Quit: Innocenti: Client Quit
[2008/04/15 17:11:19] @ Quit: andrewcshafer:
[2008/04/15 17:20:18] @ Quit: yure: simmons.freenode.net irc.freenode.net
[2008/04/15 17:20:18] @ Quit: Volcane: simmons.freenode.net irc.freenode.net
[2008/04/15 17:30:27] @ f--z joined channel #puppet
[2008/04/15 17:32:59] @ Quit: stahnma: Remote closed the connection
[2008/04/15 17:35:08] @ stahnma joined channel #puppet
[2008/04/15 17:37:29] @ Quit: jvanzyl:
[2008/04/15 17:40:11] @ Volcane joined channel #puppet
[2008/04/15 17:41:50] @ yure joined channel #puppet
[2008/04/15 17:43:40] @ andrewcshafer joined channel #puppet
[2008/04/15 17:49:39] <mellen> How can I specify a package version requirement ONLY if the package is installed on the system?
[2008/04/15 17:49:43] @ jgonzalez joined channel #puppet
[2008/04/15 17:54:07] @ roald joined channel #puppet
[2008/04/15 17:54:08] @ Quit: roald: Remote closed the connection
[2008/04/15 17:54:27] @ roald joined channel #puppet
[2008/04/15 18:02:29] @ dysinger joined channel #puppet
[2008/04/15 18:07:44] @ kolla joined channel #puppet
[2008/04/15 18:22:47] @ DavidS joined channel #puppet
[2008/04/15 18:23:22] <DavidS> hi all!
[2008/04/15 18:26:28] <duritong> hi David
[2008/04/15 18:27:14] <duritong> DavidS: are you using environments with 0.24.4?
[2008/04/15 18:27:58] <DavidS> yes
[2008/04/15 18:28:16] <duritong> and the custom functions work?
[2008/04/15 18:29:01] <DavidS> i run the puppetmaster under RUBYLIB=/var/lib/puppet/lib and with a special factpath to workaround a known issue
[2008/04/15 18:29:07] <duritong> i hit #1175 while testing
[2008/04/15 18:29:09] <gepetto> duritong: #1175 is http://reductivelabs.com/trac/puppet/ticket/1175 "Custom function doesn't work when using multiple environments"
[2008/04/15 18:29:22] <duritong> ahh this is enought?
[2008/04/15 18:29:24] <duritong> -t
[2008/04/15 18:37:30] @ Quit: dysinger:
[2008/04/15 18:52:43] <DavidS> duritong: it seems to Work For Me[tm]
[2008/04/15 18:52:59] <duritong> ok I have to give it a try
[2008/04/15 18:53:48] <duritong> btw: We're currently in process of mergin your nagios module with our stuff and porting it to be usable on centos as well
[2008/04/15 18:54:35] <DavidS> duritong: great, please send patches if possible ..
[2008/04/15 18:54:35] <duritong> and it looks like a lot of people are looking for some modules and that the central repo might not a that bad idea
[2008/04/15 18:54:52] <DavidS> have you looked at the nagios native types in recent puppet versions?
[2008/04/15 18:54:59] <duritong> DavidS: it's published in git now :)
[2008/04/15 18:55:10] <duritong> and yeah we try to integrate them as well
[2008/04/15 18:55:28] <duritong> but dunno how stable they are at the moment
[2008/04/15 18:56:38] <duritong> the plan is currently the following: first merging our plain one big nagios.config with your idea and then adding the native support as our config is then more modularized
[2008/04/15 18:58:45] <Volcane> DavidS: needs a lot of work still
[2008/04/15 18:59:09] <Volcane> DavidS: primarily around namevars
[2008/04/15 18:59:10] @ Darkarnium joined channel #puppet
[2008/04/15 19:00:07] <Darkarnium> Hey there, does anyone know whether or not Puppet logs the number of clients that connect to it, such as IP addresses, etc?
[2008/04/15 19:03:53] <duritong> Darkarnium: default to syslog, otherwise you have to set the config-var
[2008/04/15 19:04:09] <Darkarnium> Ah excelent, cheers :)
[2008/04/15 19:12:49] @ Quit: andrewcshafer:
[2008/04/15 19:14:51] @ Quit: ballpointpenthie: "Leaving"
[2008/04/15 19:18:26] <DavidS> Volcane: thx for the info
[2008/04/15 19:20:13] <Volcane> DavidS: I put in several missing config options etc into the code but then noticed that you must have unique service descriptions for example in the services, which just suck
[2008/04/15 19:20:32] <Volcane> DavidS: like in the example in exported resources section on the wiki they have '$fqdn service description'
[2008/04/15 19:20:48] <Volcane> DavidS: cos namevar = service_description, so must be unique
[2008/04/15 19:22:34] <DavidS> yeah, but i don't see any alternatives without reworking all of puppet
[2008/04/15 19:23:19] <Volcane> nods :(
[2008/04/15 19:23:30] <Volcane> lak was saying he put in some code that allows you to concat stuff to make a namevar
[2008/04/15 19:23:46] <Volcane> so internally namevar could be $fqdn + service description
[2008/04/15 19:23:55] <DavidS> duritong: i really have to take a deeper look into your modules ... would you mind/be interested to have your stuff merged into my modules?
[2008/04/15 19:24:28] <Volcane> but i dont really know ruby so cant comment, but he said what he committed last week enables it, just not yet in a usable form for things like the nagios types
[2008/04/15 19:24:33] <Volcane> but till then, i cant see myself adopting them :(
[2008/04/15 19:24:34] <DavidS> even more important: would you be interested into using the merged modules afterwards? I see little point in merging, if there is no testing afterwards
[2008/04/15 19:25:30] <duritong> DavidS: for sure, go ahead
[2008/04/15 19:25:46] <duritong> i just realized that my svn exoporting scripts isn't working correctly
[2008/04/15 19:25:59] <duritong> however it should be uptodate now
[2008/04/15 19:26:09] <DavidS> Volcane: a possible solution would be to wrap the stuff into defines which ensure global unique-ness, so at least it is hidden from the actual configuration
[2008/04/15 19:26:37] <DavidS> duritong: i'll clone it to my laptop and i hope that i can have a look at it in the next days ...
[2008/04/15 19:27:00] <duritong> and about using the merged modules: I just setup a new puppet env @ my paid work and I use git for everything there. However I currently endup putting yours and mine git-repo as remote and merging them there :P
[2008/04/15 19:30:03] <DavidS> duritong: sounds 'interesting'
[2008/04/15 19:30:10] <DavidS> in a bad way
[2008/04/15 19:32:49] <Volcane> DavidS: i doubt that will work (i tried, but maybe you have a better way) cos the you cannot specify name => in them AND service_description for example
[2008/04/15 19:33:27] <DavidS> wtf: /usr/bin/git-clone: line 39: git: command not found
[2008/04/15 19:34:14] <DavidS> Volcane: I haven't looked at all into the native types, therefore I do not understand what you're saying (local problem)
[2008/04/15 19:36:54] <Volcane> DavidS: ok, nagios_service{"host alive": host => host1.com, .....} nagios_service{"host alive": host => host2.com, ....}
[2008/04/15 19:36:56] <Volcane> that would fail
[2008/04/15 19:37:06] <Volcane> cos 'host alive' isnt unique
[2008/04/15 19:40:23] <Volcane> in those examples, service_description would also need to be 'host alive'
[2008/04/15 19:40:42] <DavidS> yeah, so i tried to say, that one'd need a define unique_nagios_service (...) { nagios_service { "${fqdn}: host alive: ${host}": host => $host } }
[2008/04/15 19:40:49] <Volcane> you cant have name and service_description different in the nagios types, so no way to have 2 hosts with the same service_description
[2008/04/15 19:41:10] <Volcane> DavidS: yip, then service_description would also be "${fqdn}: host alive: ${host}"
[2008/04/15 19:41:27] <Volcane> DavidS: and so your nagios web interface would look horrible :P
[2008/04/15 19:41:48] <DavidS> touche
[2008/04/15 19:42:28] <DavidS> duritong: can you pastie me a ls -d from your modules, so i can copy and paste the whole list? O:-)
[2008/04/15 19:42:32] <Volcane> in most types you could do that, like file{} for example, but these nagios ones throw a critical error if you try and have namevar and service_description different
[2008/04/15 19:43:05] <DavidS> hmm .. strange
[2008/04/15 19:43:39] <Volcane> i think its cos naginator needs to parse the nagios configs to verify whats on disk matches the manifest, and naginator needs a unique ident for each service def
[2008/04/15 19:43:52] <Volcane> but like i said, dont really know ruby so thats just a theory
[2008/04/15 19:44:21] <pastie> DavidS: http://pastie.org/180962 by duritong.
[2008/04/15 19:44:35] <DavidS> Volcane: sounds sensible
[2008/04/15 19:44:45] <DavidS> duritong: thanks!
[2008/04/15 19:44:52] <duritong> np
[2008/04/15 19:44:55] <DavidS> Volcane: s/sensible/plausible/
[2008/04/15 19:45:17] <duritong> DavidS: not everything is yet stable nor finished
[2008/04/15 19:50:57] <DavidS> duritong: you know my modules :)
[2008/04/15 19:54:10] <duritong> yeah ;)
[2008/04/15 19:54:18] <duritong> ah btw: we use the shorewall module a lot
[2008/04/15 19:54:24] <duritong> seems to be quite stable now
[2008/04/15 19:55:03] <DavidS> great :)
[2008/04/15 19:55:24] <DavidS> lunch&
[2008/04/15 19:55:42] @ Quit: DavidS: "Leaving."
[2008/04/15 20:04:53] <jamesturnbull> thecat: #1189 I knocked up tonight - if luke likes it then it'll be committed at some point
[2008/04/15 20:04:57] <gepetto> jamesturnbull: thecat: #1189 is http://reductivelabs.com/trac/puppet/ticket/1189 "puppetca --clean --all"
[2008/04/15 20:37:54] @ Quit: johnf: Read error: 110 (Connection timed out)
[2008/04/15 20:52:57] @ Innocenti joined channel #puppet
[2008/04/15 21:31:37] @ silk joined channel #puppet
[2008/04/15 21:50:18] @ ballpointpenthie joined channel #puppet
[2008/04/15 21:55:10] @ strerror_work joined channel #puppet
[2008/04/15 22:05:19] <ballpointpenthie> 'puppetd --test' reports 'err: Could not retrieve catalog: Certificates were not trusted: hostname not match with the server certificate'
[2008/04/15 22:06:07] <duritong> ballpointpenthie: ssl problem
[2008/04/15 22:06:23] <ballpointpenthie> I'm trying to run the server and client locally,
[2008/04/15 22:06:40] <ballpointpenthie> can I just turn off using SSL?!
[2008/04/15 22:06:44] <duritong> nope
[2008/04/15 22:08:19] <evil_steve> ballpointpenthie: have you changed the name on the client since you generated the cert?
[2008/04/15 22:09:35] <ballpointpenthie> I haven't generated a cert
[2008/04/15 22:10:11] <jamesturnbull> ballpointpenthie: http://snurl.com/1udr3
[2008/04/15 22:10:43] <duritong> ballpointpenthie: puppetmaster and client automatically generate one when there isn't one there
[2008/04/15 22:11:20] <ballpointpenthie> OK, right. I'll read up on this RubySSL Security Patch...
[2008/04/15 22:11:28] <duritong> as well you have to connect with the hostname of your master, if you didn't setup something else, which I don't assume
[2008/04/15 22:13:28] <ballpointpenthie> I'm using: puppetd --server localhost --waitforcert 60 --test
[2008/04/15 22:16:27] <duritong> ballpointpenthie: try to use your hostname
[2008/04/15 22:17:11] <ballpointpenthie> duritong: ok
[2008/04/15 22:33:15] @ Quit: steinmb:
[2008/04/15 22:36:13] <riddley> chadh: ?
[2008/04/15 22:49:28] @ andrewcshafer joined channel #puppet
[2008/04/15 22:55:40] @ johnf joined channel #puppet
[2008/04/15 23:00:28] @ jeckersb joined channel #puppet
[2008/04/15 23:02:31] @ mikepea joined channel #puppet
[2008/04/15 23:07:08] @ martha joined channel #puppet
[2008/04/15 23:07:37] @ Quit: johnf: "Leaving."
[2008/04/15 23:11:51] <ballpointpenthie> 'puppetmasterd --verbose --manifest /var/tmp/puppet/manifests/site.pp --debug' reports 'Could not start WEBrick: Address already in use - bind(2)'
[2008/04/15 23:13:10] @ Quit: agile: Read error: 113 (No route to host)
[2008/04/15 23:13:14] <Volcane> so it probably already running
[2008/04/15 23:13:21] @ johnf joined channel #puppet
[2008/04/15 23:14:15] @ Quit: kolla: Remote closed the connection
[2008/04/15 23:16:22] @ agile joined channel #puppet
[2008/04/15 23:16:34] <ballpointpenthie> okay, so the puppetmaster's up, but puppetd is looking for /var/puppet/run/puppetd.pid instead of /var/run/puppet/puppetd.pid
[2008/04/15 23:23:41] @ m1n3s6 joined channel #puppet
[2008/04/15 23:24:13] @ shenson_not_here is now known as shenson
[2008/04/15 23:24:34] @ Quit: f--z: "KVIrc 3.2.5 Anomalies http://www.kvirc.net/"
[2008/04/15 23:35:40] @ lak joined channel #puppet
[2008/04/15 23:36:57] @ Quit: m1n3s6: Read error: 104 (Connection reset by peer)
[2008/04/15 23:38:48] @ m1n3s6 joined channel #puppet
[2008/04/15 23:54:23] @ dysinger joined channel #puppet
« Monday, 2008-04-14 Index Wednesday, 2008-04-16 »

Generated by irclog2html.py 2.6 by Marius Gedminas - find it at mg.pov.lt!