Saturday, 2008-04-26

« Friday, 2008-04-25 Index Sunday, 2008-04-27 »
[2008/04/26 00:01:43] @ Quit: genehack: Remote closed the connection
[2008/04/26 00:03:29] @ lak joined channel #puppet
[2008/04/26 00:05:25] <ashp> hmm I guess I'm going to have to modify puppet.schema
[2008/04/26 00:05:37] <ashp> as I realised there's no way to define anything but iphostnumber, so I can't shove the gateway into there
[2008/04/26 00:05:57] <ashp> lak: If I extend the default puppet.schema to include ip/network/netmask/broadcast/gateway, do you think that would be useful?
[2008/04/26 00:06:12] <ashp> that way you can include all the variables to do the network from ldap, and then call whatever to build the interfaces
[2008/04/26 00:08:26] @ Quit: jvanzyl_:
[2008/04/26 00:11:39] @ shenson_not_here is now known as shenson
[2008/04/26 00:14:18] <gepetto> ::puppet:: Ticket #1206 (defect created): aptitude provider does not recognize recovery efforts @ http://reductivelabs.com/trac/puppet/ticket/1206 (by rnhurt@gmail.com)
[2008/04/26 00:17:45] @ Zothar_Work joined channel #puppet
[2008/04/26 00:18:20] <alden> help...I'm getting the dreaded "Certificate retrieval failed: Certificates were not trusted"...I've checked and there isn't an existing cert...the clocks are synced...all of my existing clients are working fine...help?
[2008/04/26 00:28:31] @ Quit: lak:
[2008/04/26 00:32:41] @ brscott joined channel #puppet
[2008/04/26 00:35:07] @ andyhold joined channel #puppet
[2008/04/26 00:36:45] @ flakrat joined channel #puppet
[2008/04/26 00:44:06] @ Quit: zipkid: "Lost terminal"
[2008/04/26 00:48:21] @ nigelk joined channel #puppet
[2008/04/26 00:49:25] <kyrh> http://paste.org.ru/?9xh0pt <-- where is I wrong?
[2008/04/26 00:50:49] @ jvanzyl joined channel #puppet
[2008/04/26 00:52:24] <chillitom> kyrh, move the case out of the file
[2008/04/26 00:52:44] <ashp> argghhhhh
[2008/04/26 00:52:55] <ashp> If I have a bunch of variables filled by LDAP, and then I want to use them
[2008/04/26 00:52:58] <chillitom> ashp, you okay?
[2008/04/26 00:53:06] <ashp> can I just go network::ip { ip => ip}
[2008/04/26 00:53:17] <ashp> and have the second ip be the variable filled from ldap?
[2008/04/26 00:53:26] <chillitom> $ip, perhaps
[2008/04/26 00:53:30] <ashp> i tried that
[2008/04/26 00:53:36] <ashp> and now my network scripts consist of NETMASK=netmask
[2008/04/26 00:53:40] <ashp> so I guess that was wrong
[2008/04/26 00:54:36] <chillitom> kyrh, ... or use this construct http://reductivelabs.com/trac/puppet/wiki/LanguageTutorial#id17
[2008/04/26 00:55:11] <kyrh> chillitom: ... and in both parts of case I need include file section? Is this my only chance?
[2008/04/26 00:56:26] <chillitom> kyrh, if you want the variable to be available in the template you need to use case. put the case statement in the class
[2008/04/26 00:56:31] <chillitom> not in the file resource
[2008/04/26 00:58:03] <ashp> it's odd, it seems like the variables it supposedly sets
[2008/04/26 00:58:04] <ashp> aren't available
[2008/04/26 00:58:10] <chillitom> kyrh, you'd be better off making two classes by the way ntpserver and ntpclient, put the common stuff in one called ntp and have them both extend it.
[2008/04/26 00:58:14] @ Quit: jvanzyl: Read error: 104 (Connection reset by peer)
[2008/04/26 00:58:32] <ashp> oh maybe it only defines it in the namespace of node, and wouldn't let me use it under a different class
[2008/04/26 00:58:45] @ jvanzyl joined channel #puppet
[2008/04/26 00:58:48] <chillitom> ashp, yeah i think that's right
[2008/04/26 00:59:14] <ashp> I need to be able to call a define in my network module with the variables I get from LDAP, somehow
[2008/04/26 00:59:32] <ashp> I don't have node definitions as they are in ldap, so I sure can't do it in there
[2008/04/26 00:59:36] <chillitom> ashp, afraid I've got no experience with LDAP
[2008/04/26 00:59:45] <ashp> unless I can define a parentclass of basenode and then manually configure that :/
[2008/04/26 00:59:54] <ashp> yeah, I need shadoi or someone more experienced with ldap to turn up
[2008/04/26 01:00:00] <ashp> the documentation is real lightweight on doing this
[2008/04/26 01:00:08] @ Quit: kolla: Remote closed the connection
[2008/04/26 01:03:04] @ alden left channel #puppet ()
[2008/04/26 01:03:55] @ brscott left channel #puppet ()
[2008/04/26 01:06:09] <chillitom> ashp, i'd like to integrate with ldap at some point..
[2008/04/26 01:08:45] <ashp> I find the most frustrating thing is that I need to be able to pass network variables out of ldap into my network module
[2008/04/26 01:08:49] <ashp> because I need to set up the network
[2008/04/26 01:08:54] <ashp> and it's not really confused to do that, annoyingly
[2008/04/26 01:09:14] <ashp> It's odd as generally, most nodes have some unique data they need to set and pass to puppet, so I don't know why this is so hard
[2008/04/26 01:27:32] <kyrh> chillitom: I experimenting. But without result. http://paste.org.ru/?11yx2t . Error is: err: Could not parse for environment development: Syntax error at ','; expected '}' at /var/puppet/environments/development/modules/ntp/manifests/init.pp:20
[2008/04/26 01:27:58] <duritong> anybody knows if I can overwrite params of an exported resouce?
[2008/04/26 01:29:02] <chillitom> kyrh, one second i'll refactor for you
[2008/04/26 01:30:04] @ lak joined channel #puppet
[2008/04/26 01:31:44] <chillitom> kyrh, http://paste.org.ru/?y5om55
[2008/04/26 01:31:50] <chillitom> that might be simpler
[2008/04/26 01:32:20] <chillitom> generally i've found that if and case statements are sign of code smell
[2008/04/26 01:36:05] <kyrh> chillitom: I understand your idea. I would like some other. If node configuration have defined $ntp_servers variable -- it's master. If not -- client.
[2008/04/26 01:36:32] <ashp> lak: When puppet exports variables from LDAP, what is the scope of those? I tried to use them inside baseclass, called by puppetclass: baseclass, but they don't seem to exist.
[2008/04/26 01:36:35] <kyrh> in this case, I can use only one class.
[2008/04/26 01:36:50] @ DavidS joined channel #puppet
[2008/04/26 01:36:53] <lak> they're available throughout the config, just like facts
[2008/04/26 01:36:53] <chillitom> why? just include the appropriate class
[2008/04/26 01:36:57] <chillitom> it reads better
[2008/04/26 01:37:01] <ashp> Hmm, weird. I wonder what I'm doing wrong
[2008/04/26 01:37:11] <ashp> so I should be able to use my network::ip define in baseclass
[2008/04/26 01:37:27] <ashp> I have network::ip { eth0: ip => "$ip", trying to get the data from the ldap variable
[2008/04/26 01:37:40] <ashp> but they all expand into nothing when I run it
[2008/04/26 01:38:08] <ashp> oh, I just saw your reply
[2008/04/26 01:38:32] <ashp> I am on puppet-server-0.24.4-1.el5
[2008/04/26 01:38:35] <ashp> so this should work fine.
[2008/04/26 01:39:41] <chillitom> kyrh, http://paste.org.ru/?3f9mav
[2008/04/26 01:39:53] <ashp> Hmm, ok, so $netmask is definitely unset for some reason.
[2008/04/26 01:40:14] <chillitom> kyrh, i'd suggest reading through the language guide, there are a dozen ways to do everything
[2008/04/26 01:42:07] <ashp> dn: cn=hlsbuild01.law.harvard.edu,ou=Hosts,dc=law,dc=harvard,dc=edu
[2008/04/26 01:42:09] <ashp> netmask: 255.255.255.0
[2008/04/26 01:42:18] <ashp> So it's definitely returned by the LDAP server.
[2008/04/26 01:42:40] <ashp> Maybe puppet requests only certain attributes from LDAP?
[2008/04/26 01:45:07] @ ezralini joined channel #puppet
[2008/04/26 01:46:29] <Volcane> tcpdump :P
[2008/04/26 01:46:58] <lak> ashp: as long as you haven't overridden ldapattrs, you should be getting all attributes
[2008/04/26 01:47:04] <lak> you should be able to test it
[2008/04/26 01:47:09] <lak> in a small ruby script
[2008/04/26 01:47:15] <lak> pastie: url me
[2008/04/26 01:48:11] <ashp> Yeah, I was just dragging through the logs, I can see it's just a filter="(objectClass)" so it should be everything
[2008/04/26 01:48:37] <pastie> http://pastie.org/186827 by lak.
[2008/04/26 01:48:47] <lak> it'll be something like that
[2008/04/26 01:49:56] <ashp> ok, I'll have a fiddle and try to get it to run
[2008/04/26 01:50:06] <ashp> parse_config failed so I guess I probably have to set some paths or something
[2008/04/26 01:53:19] <lak> sorry, it's Puppet.parse_config
[2008/04/26 01:54:19] @ Quit: ezralini: Remote closed the connection
[2008/04/26 01:56:04] @ ezralini joined channel #puppet
[2008/04/26 01:56:29] <ashp> /usr/lib/ruby/site_ruby/1.8/puppet/indirector/ldap.rb:55:in `ldapsearch': LDAP Search failed: No such object (Puppet::Error)
[2008/04/26 01:56:32] <ashp> I'm definitely closer. :)
[2008/04/26 01:57:21] <kyrh> chillitom: big thanks. http://paste.org.ru/?vmfnqb <- it's work. "case" doesn't like commas.
[2008/04/26 01:57:55] <Volcane> kyrh: ah bummer we had a discussion about that recently here
[2008/04/26 01:58:13] <Volcane> i had a similar problem
[2008/04/26 01:58:31] * Volcane doesnt see the sense in not having ,'s in the case blocks
[2008/04/26 01:58:53] <chillitom> kyrh, cool
[2008/04/26 01:59:26] * chillitom wonders why it's case and not switch
[2008/04/26 01:59:56] @ Quit: f--z: "KVIrc 3.2.5 Anomalies http://www.kvirc.net/"
[2008/04/26 02:00:47] <ezralini> Crazy off topic, but is anyone, possibly in the northeast having ISP issues?
[2008/04/26 02:00:57] <ashp> I think the issue is this script doesn't pick up ldapserver from the conf somehow, so it fails to connet
[2008/04/26 02:01:40] <ashp> actually no, as I added Puppet::Ldapserver = "dev1.law.harvard.edu"
[2008/04/26 02:02:49] <Volcane> ashp: tcpdump it
[2008/04/26 02:02:54] <Volcane> see what it asks etc
[2008/04/26 02:03:25] <stick> so with plugins in modules does puppetmaster always have to bounce to see changes to plugins?
[2008/04/26 02:03:38] <ashp> It doesn't have a SRCH base so that probably makes it fail
[2008/04/26 02:03:40] @ Quit: Innocenti: Client Quit
[2008/04/26 02:03:41] <lak> ashp: that's, ah, not how you configure the ldap server
[2008/04/26 02:03:43] <ashp> i'll mess with that later
[2008/04/26 02:03:49] <ashp> lak: I was just trying in that script to get it to do the right search
[2008/04/26 02:03:52] <lak> if it's still failing at parse_config, it's definitely not picking up your info
[2008/04/26 02:04:18] <lak> do 'p Puppet[:ldapserver]' to get info on your current ldap server
[2008/04/26 02:04:49] <lak> you can just set all of the ldap stuff manually, too; Puppet[:ldapserver] = "blah" and so on
[2008/04/26 02:04:57] <ashp> yeah it sets it to ldap
[2008/04/26 02:05:08] <ashp> so that script you pasted doesn't add a searchbase and it fails :)
[2008/04/26 02:05:10] <ashp> brb, lunch
[2008/04/26 02:11:45] @ shake-n-bake joined channel #puppet
[2008/04/26 02:12:25] @ Quit: jvanzyl: Read error: 104 (Connection reset by peer)
[2008/04/26 02:12:47] @ jvanzyl joined channel #puppet
[2008/04/26 02:30:42] @ lavaman joined channel #puppet
[2008/04/26 02:40:46] @ fbe__ joined channel #puppet
[2008/04/26 02:41:42] @ Quit: fbe_: Read error: 104 (Connection reset by peer)
[2008/04/26 02:50:14] @ andrewcshafer joined channel #puppet
[2008/04/26 02:50:17] @ Quit: DerekW: "Leaving"
[2008/04/26 02:55:17] @ jacqui joined channel #puppet
[2008/04/26 02:55:21] <riddley> lak, know anyone who needs a talented sysadmin and pays well? :P
[2008/04/26 02:55:44] <lak> maybe
[2008/04/26 02:55:52] <lak> i know people in SFO
[2008/04/26 02:55:57] <jacqui> is there a way to test out what puppet is going to do without running it?
[2008/04/26 02:56:01] <lak> not so much in athens
[2008/04/26 02:56:43] * lak &
[2008/04/26 02:57:03] <riddley> jacqui, --noop
[2008/04/26 02:57:28] * riddley doesn't know what SFO is
[2008/04/26 02:57:58] <jacqui> sfo is san francisco i would think
[2008/04/26 02:58:01] <jacqui> thanks riddley
[2008/04/26 02:58:06] <RainDoctor> hey
[2008/04/26 02:58:12] <RainDoctor> http://mail.opensolaris.org/pipermail/sysadmin-discuss/2007-October/001952.html
[2008/04/26 02:58:31] <RainDoctor> Here a guy is saying that he removed puppet from teh infrasturcture
[2008/04/26 02:58:40] <RainDoctor> and that puppet is okay for small infrastucture
[2008/04/26 02:58:47] <RainDoctor> is that criticissm well-justified?
[2008/04/26 02:59:56] <lak> RainDoctor: before listening to a thing that anyone at Joyent says, go look up customer feedback on their uptimes and response rates
[2008/04/26 03:00:45] <lak> "your going to run into problems unless you sit down and invest a week in really getting to know Puppet inside and out really well and honestly, who has that kind of time"
[2008/04/26 03:00:50] <nigelk> yeah. I've heard some horror stories about Joyent
[2008/04/26 03:01:03] <lak> because really, who *does* have a week to learn a tool that could save them hours every day? honestly!
[2008/04/26 03:01:04] <nigelk> lak: that's the line I was going to point out.
[2008/04/26 03:01:07] <nigelk> bah
[2008/04/26 03:01:21] <lak> this guy is awesome
[2008/04/26 03:01:40] <riddley> yea his last paragraph says it all
[2008/04/26 03:01:58] <riddley> he's basically saying that he'd rather do things manually .. um ok.
[2008/04/26 03:02:16] @ spheromak_ joined channel #puppet
[2008/04/26 03:03:15] <RainDoctor> http://mail.opensolaris.org/pipermail/sysadmin-discuss/2007-October/001959.html
[2008/04/26 03:03:19] <RainDoctor> further response
[2008/04/26 03:03:19] <riddley> he also back-pedals a lot in his later reply
[2008/04/26 03:03:26] <riddley> yea that one
[2008/04/26 03:03:26] <nigelk> I'd rather have the ability to *FIX* all my machines at one time :)
[2008/04/26 03:04:09] <RainDoctor> btw, has any one used puppet in large shop, like 1000 boxes?
[2008/04/26 03:05:23] <nigelk> RainDoctor: yes
[2008/04/26 03:05:26] <nigelk> we have many more than that
[2008/04/26 03:05:30] <riddley> in july, we'll have it on over 600
[2008/04/26 03:05:32] <nigelk> but mainly clients
[2008/04/26 03:05:38] <nigelk> only a few servers at this stage
[2008/04/26 03:06:04] <RainDoctor> well, i am looking at hpc clusters
[2008/04/26 03:06:18] <nigelk> sure. We're managing a small one of those, under 50
[2008/04/26 03:06:34] <nigelk> last thing I had approved to say was that we had well over 5,000 clients
[2008/04/26 03:06:44] <lak> :)
[2008/04/26 03:06:45] <nigelk> waiting on the approval to publish more details on the wiki
[2008/04/26 03:06:51] <lak> cool
[2008/04/26 03:07:24] <nigelk> lak: I realized I didn't do the branch thing with the github commit I linked to
[2008/04/26 03:07:29] <nigelk> github is absolutely awesome
[2008/04/26 03:07:33] <nigelk> it's really revolutionary
[2008/04/26 03:07:43] * lak *hearts* ralsh: ralsh package openldap-servers ensure=absent
[2008/04/26 03:07:48] <lak> you linked to a commit?
[2008/04/26 03:07:51] <nigelk> yep
[2008/04/26 03:07:55] <lak> is this in a ticket i didn't notice or something?
[2008/04/26 03:08:09] <nigelk> http://reductivelabs.com/trac/puppet/ticket/1205
[2008/04/26 03:08:12] <nigelk> just did last night
[2008/04/26 03:08:41] <nigelk> kind of a test patch, have a whole bunch of install based ones coming
[2008/04/26 03:08:51] <nigelk> so you can just make a Mac OS X pkg from the source checkout
[2008/04/26 03:08:56] @ shadoi joined channel #puppet
[2008/04/26 03:09:05] @ jacqui left channel #puppet ()
[2008/04/26 03:10:13] @ Quit: spheromak: Read error: 110 (Connection timed out)
[2008/04/26 03:10:31] <lak> cool
[2008/04/26 03:13:03] * stick doesn't quite see the point of ralsh tbh, I guess if you aren't familiar with what the types are
[2008/04/26 03:13:20] <stick> but then again I don't use it much so...
[2008/04/26 03:13:57] <lak> stick: i use it all the time for simple queries, and i now use it pretty much exclusively for package install and removal when i'm not using central configs
[2008/04/26 03:14:14] <lak> e.g., in this case, i wanted to remove the ldap server package so i could test initializing the db
[2008/04/26 03:14:26] <lak> and is it rpm -e? -r? uninstall? remove? screw it; ensure=absent
[2008/04/26 03:14:36] <lak> done
[2008/04/26 03:14:43] <stick> hmm true
[2008/04/26 03:15:11] <stick> so your using it like:
[2008/04/26 03:15:24] <stick> ralsh package openldap-server ensure=absent | puppet -v # or something?
[2008/04/26 03:15:38] <lak> yeah, something like that
[2008/04/26 03:15:49] <lak> i'm building up my openldap module, which is iterative, as always
[2008/04/26 03:15:59] <lak> so this gets me back to a clean slate, basically
[2008/04/26 03:17:03] <stick> *nod*
[2008/04/26 03:18:34] <lak> but i also use it all the time to look at users, or see if parts of puppet are working (e.g., a new provider), or getting data for a new config, or whatever
[2008/04/26 03:19:45] @ probablycorey joined channel #puppet
[2008/04/26 03:20:28] @ Quit: randybias:
[2008/04/26 03:32:03] @ shadoi_ joined channel #puppet
[2008/04/26 03:34:04] @ Quit: andrewcshafer: Read error: 110 (Connection timed out)
[2008/04/26 03:38:04] <ashp> Wow, that was forever away to get thai
[2008/04/26 03:38:10] <ashp> Now back to testing openldap/puppet
[2008/04/26 03:40:20] @ Quit: fbe__: Read error: 110 (Connection timed out)
[2008/04/26 03:41:47] @ abraga joined channel #puppet
[2008/04/26 03:42:25] <abraga> Is Luke Knies here?
[2008/04/26 03:42:29] <abraga> Kanies?
[2008/04/26 03:42:45] <lak> yes, i am
[2008/04/26 03:42:49] <abraga> hi
[2008/04/26 03:43:04] <abraga> I have read about your work with postfix and openldap
[2008/04/26 03:43:11] <abraga> it is very important for me
[2008/04/26 03:43:22] <abraga> can I have a chat with you? about that?
[2008/04/26 03:45:46] <lak> um, sure, but... i don't actually remember it
[2008/04/26 03:45:49] * lak googles real quick
[2008/04/26 03:46:20] <abraga> yes, but you have tried to use a ldap postfix mapping to return OK for senders check in postfix
[2008/04/26 03:46:33] <abraga> do you remember that? http://archives.neohapsis.com/archives/postfix/2003-04/0259.html
[2008/04/26 03:46:59] <abraga> this is very much what I intend to do
[2008/04/26 03:47:05] <abraga> did it work for you?
[2008/04/26 03:47:24] <lak> abraga: unfortunately, i don't remember this *at all* :(
[2008/04/26 03:47:32] <abraga> in that artcicle you wre saying that it didn't work as expected
[2008/04/26 03:47:35] <lak> i'm having trouble even remember who i did that work for
[2008/04/26 03:47:40] <lak> much less how it turned out
[2008/04/26 03:47:43] <abraga> ok
[2008/04/26 03:47:51] <abraga> I can understand
[2008/04/26 03:48:07] <abraga> it is 2003-04
[2008/04/26 03:48:22] <abraga> lak: thanls anyway
[2008/04/26 03:48:29] <lak> sorry i couldn't be more help
[2008/04/26 03:48:38] <abraga> lak: it is great thanks
[2008/04/26 03:49:01] <abraga> lak: it seems very ingenuos anyway :)
[2008/04/26 03:49:19] <lak> "desperate" is probably more like it :)
[2008/04/26 03:49:26] <abraga> :)
[2008/04/26 03:49:34] * lak lunch &
[2008/04/26 03:49:41] <abraga> bye :)
[2008/04/26 03:49:56] @ Quit: abraga: "Leaving"
[2008/04/26 04:06:17] <ashp> lak: http://pastebin.com/d27730b04 <-- any idea why this ldap search would fail?
[2008/04/26 04:12:12] @ Quit: \ask:
[2008/04/26 04:12:21] <shadoi_> ashp: "No such object" is a clue. :)
[2008/04/26 04:13:14] <ashp> Well, the kind of search it does has no srcbase=
[2008/04/26 04:13:22] <ashp> but I don't know how to tell puppet to check ou=hosts, it doesn't seem to pay attention to that
[2008/04/26 04:13:52] <shadoi_> /usr/sbin/puppetd --genconfig | grep -i ldap
[2008/04/26 04:14:15] <shadoi_> ldapbase it looks like
[2008/04/26 04:14:54] <ashp> ldapbase = ou=hosts,dc=law,dc=harvard,dc=edu
[2008/04/26 04:15:44] <ashp> but on the search
[2008/04/26 04:15:48] <shadoi_> ashp: maybe specify the ldapstring used to search?
[2008/04/26 04:15:50] <ashp> it still has no srchbase=
[2008/04/26 04:16:01] <ashp> shadoi: I'm just not sure how to do that :)
[2008/04/26 04:16:22] <shadoi_> hmm.. maybe the indirector stuff has a bug, is this 0.24.4 or git head?
[2008/04/26 04:17:01] <ashp> 24.4
[2008/04/26 04:17:35] <shadoi_> ashp: how are you seeing the search? slapd side?
[2008/04/26 04:18:22] <ashp> yeah, in the slapd logs
[2008/04/26 04:18:49] <shadoi_> do you get the results you expect with ldapsearch?
[2008/04/26 04:18:53] <ashp> http://pastebin.com/d64ebda7a
[2008/04/26 04:18:54] <shadoi_> on the cli
[2008/04/26 04:18:58] <ashp> yes
[2008/04/26 04:19:03] <ashp> and puppet, when not using this script
[2008/04/26 04:19:07] <ashp> gets the hostname OK I believe
[2008/04/26 04:19:32] <shadoi_> lemme look at the code
[2008/04/26 04:20:12] <shadoi_> ah
[2008/04/26 04:20:18] <shadoi_> that's why, the config param changed names
[2008/04/26 04:20:21] <shadoi_> ldapbase =
[2008/04/26 04:20:26] <shadoi_> wait, no that's right
[2008/04/26 04:20:27] <shadoi_> hmm
[2008/04/26 04:20:45] <shadoi_> ah, I bet you're not running your script as root
[2008/04/26 04:20:51] <shadoi_> so it's not parsing puppet.conf
[2008/04/26 04:20:59] <ashp> i ran it as root :/
[2008/04/26 04:21:08] <shadoi_> do this: sudo irb
[2008/04/26 04:21:11] <shadoi_> require 'puppet'
[2008/04/26 04:21:17] <shadoi_> Puppet[:config]
[2008/04/26 04:23:14] <ashp> hmm i don't see to have the irb, how odd
[2008/04/26 04:23:20] <ashp> oh it's installing now, stupid redhat
[2008/04/26 04:23:22] <shadoi_> hang on, trying to remember how to retrieve a config key
[2008/04/26 04:23:32] <ashp> irb(main):002:0> Puppet[:config]
[2008/04/26 04:23:32] <ashp> => "/etc/puppet/puppet.conf"
[2008/04/26 04:23:50] <shadoi_> Puppet[:ldapbase]
[2008/04/26 04:23:56] @ ricky_ is now known as ricky
[2008/04/26 04:23:58] <shadoi_> and then do Puppet.parse_config
[2008/04/26 04:24:03] <shadoi_> and Puppet[:ldapbase again
[2008/04/26 04:24:11] <shadoi_> Puppet[:ldapbase]*
[2008/04/26 04:24:24] <ashp> irb(main):004:0> Puppet.parse_config
[2008/04/26 04:24:24] <ashp> => [:main, :name, :memory, :cli]
[2008/04/26 04:24:24] <ashp> irb(main):005:0> Puppet[:ldapbase]
[2008/04/26 04:24:24] <ashp> => ""
[2008/04/26 04:24:33] <shadoi_> yeah that's why.. hmm
[2008/04/26 04:24:39] <shadoi_> is that config key in the [main] section?
[2008/04/26 04:24:48] <shadoi_> it's not supposed to matter...
[2008/04/26 04:25:45] <ashp> it's under [puppetd]
[2008/04/26 04:26:51] <shadoi_> probably should be under puppetmasterd
[2008/04/26 04:26:55] <shadoi_> but try this: Puppet.settings.instance_variable_get(:@values)[:puppetd]
[2008/04/26 04:28:13] <ashp> irb(main):003:0> Puppet.settings.instance_variable_get(:@values)[:puppetd]
[2008/04/26 04:28:13] <ashp> => {}
[2008/04/26 04:29:27] <shadoi_> this is after a Puppet.parse_config
[2008/04/26 04:29:30] <shadoi_> run as root?
[2008/04/26 04:30:40] <ashp> whoops
[2008/04/26 04:30:44] <ashp> sorry, multitasking, missed that step
[2008/04/26 04:30:48] <ashp> => {:node_terminus=>"ldap", :ldapserver=>"dev1.law.harvard.edu", :ldapbase=>"ou=hosts,dc=law,dc=harvard,dc=edu", :localconfig=>"$vardir/localconfig", :_meta=>{:node_terminus=>{}, :ldapserver=>{}, :ldapbase=>{}, :localconfig=>{}, :templatedir=>{}, :classfile=>{}}, :templatedir=>"/etc/puppet/templates", :classfile=>"$vardir/classes.txt"}
[2008/04/26 04:32:06] <shadoi_> hmm.. ok, for some reason it _has_ to be in [main]
[2008/04/26 04:32:11] <shadoi_> works for me.
[2008/04/26 04:32:11] <ashp> Odd, I'll move it up
[2008/04/26 04:32:39] <shadoi_> after moving it, Puppet[:ldapbase] should work after a parse_config
[2008/04/26 04:33:44] <ashp> it ried just running the script again to see what happens
[2008/04/26 04:34:43] <ashp> it's just kind of stalling, but i'll give it some time
[2008/04/26 04:35:10] @ fbe__ joined channel #puppet
[2008/04/26 04:38:57] <ashp> ok it just stalled forever, odd
[2008/04/26 04:40:21] <shadoi_> how about in irb?
[2008/04/26 04:40:32] <shadoi_> Puppet[:ldapbase] return correctly?
[2008/04/26 04:41:08] <ashp> irb(main):005:0> Puppet[:ldapbase]
[2008/04/26 04:41:08] <ashp> => "ou=hosts,dc=law,dc=harvard,dc=edu"
[2008/04/26 04:41:21] <shadoi_> cool, ... well it should work now. :)
[2008/04/26 04:41:22] <shadoi_> heh
[2008/04/26 04:41:26] <ashp> it.. doesn't :)
[2008/04/26 04:41:27] @ Zothar_Work left channel #puppet ()
[2008/04/26 04:41:35] <ashp> Apr 25 14:39:58 hlslinutil02 puppetmasterd[12194]: (Scope(Class[baseclass])) Netmask is ''
[2008/04/26 04:41:45] <ashp> I have netmask: 255.255.255.0 in the entry in ldap
[2008/04/26 04:41:50] <ashp> but for some reason it doesn't seem to pass it
[2008/04/26 04:42:13] <shadoi_> does it get anything back?
[2008/04/26 04:42:44] <shadoi_> how about on slapd, is the query going in correctly now at least?
[2008/04/26 04:42:55] <ashp> oh hmm, it's triggerign an err32 now
[2008/04/26 04:43:02] <ashp> err=32,nentries=0
[2008/04/26 04:43:05] <ashp> the search it's doing is
[2008/04/26 04:43:17] <ashp> (&(objectClass=puppetClient)(cn=hlsbuild01.law.harvard.edu))
[2008/04/26 04:43:19] <ashp> so that should be fine
[2008/04/26 04:43:34] <shadoi_> does that dn: have a puppetClient objectClass?
[2008/04/26 04:43:43] <ashp> yep
[2008/04/26 04:43:56] <shadoi_> ehhmm.
[2008/04/26 04:43:56] <ashp> it has puppetClient and the cn= is right
[2008/04/26 04:44:04] <shadoi_> *shrug*
[2008/04/26 04:44:05] <ashp> ldapsearch -h localhost cn=hlsbuild01.law.harvard.edu -b 'ou=Hosts,dc=law,dc=harvard,dc=edu' -x
[2008/04/26 04:44:17] <ashp> dn: cn=hlsbuild01.law.harvard.edu,ou=Hosts,dc=law,dc=harvard,dc=edu
[2008/04/26 04:44:18] <ashp> puppetclass: baseclass
[2008/04/26 04:44:20] <ashp> etc etc
[2008/04/26 04:44:51] <ashp> oh hmm, that doesn't return the objectclasses
[2008/04/26 04:44:59] <ashp> i bet that's the trouble, it's binding anonymously
[2008/04/26 04:45:34] <ashp> i bet i can't pick a user to bind as either
[2008/04/26 04:45:52] <shadoi_> yeah you can
[2008/04/26 04:45:57] <shadoi_> ldapuser and ldappassword
[2008/04/26 04:46:08] <shadoi_> in [main]
[2008/04/26 04:47:30] @ Quit: tim|imac: "Leaving"
[2008/04/26 04:52:29] @ Quit: jvanzyl: Read error: 104 (Connection reset by peer)
[2008/04/26 04:52:36] @ jvanzyl joined channel #puppet
[2008/04/26 04:54:16] <ashp> ahhh ok, that might help
[2008/04/26 04:56:28] @ Quit: jvanzyl: Client Quit
[2008/04/26 05:06:15] @ spheromak joined channel #puppet
[2008/04/26 05:06:20] @ Quit: spheromak_: Read error: 104 (Connection reset by peer)
[2008/04/26 05:08:27] @ probablycorey left channel #puppet ()
[2008/04/26 05:13:31] @ tim|imac joined channel #puppet
[2008/04/26 05:20:23] * lak needs coffee
[2008/04/26 05:20:31] @ Quit: lak:
[2008/04/26 05:24:58] @ wibbit joined channel #puppet
[2008/04/26 05:27:17] * chillitom has pizza
[2008/04/26 05:29:36] @ jvanzyl joined channel #puppet
[2008/04/26 05:30:39] @ Quit: jeckersb: "Leaving"
[2008/04/26 05:31:54] @ Quit: Xteven: Remote closed the connection
[2008/04/26 05:32:04] @ Xteven joined channel #puppet
[2008/04/26 05:33:34] @ Quit: jvanzyl: Client Quit
[2008/04/26 05:36:14] @ tim|imac_ joined channel #puppet
[2008/04/26 05:36:19] @ Quit: tim|imac: Read error: 104 (Connection reset by peer)
[2008/04/26 05:38:03] @ Quit: wibbit_: Read error: 110 (Connection timed out)
[2008/04/26 05:39:25] @ lak joined channel #puppet
[2008/04/26 05:41:40] @ Quit: fbe__: Remote closed the connection
[2008/04/26 05:43:14] <gepetto> ::puppet:: Simple Text Recipes edited by ehisey @ http://reductivelabs.com/trac/puppet/wiki/SimpleTextRecipes (by ehisey@gmail.com)
[2008/04/26 05:47:57] <ashp> uh oh shadoi, now I broke ldap by adding a username in :)
[2008/04/26 05:48:48] <shadoi_> sweet
[2008/04/26 05:49:28] <ashp> LDAP Search failed: Could not connect to LDAP: undefined local variable or method `parent' for #<Puppet::Util::Settings:0xb7dd5e5c>
[2008/04/26 05:49:32] <ashp> i guess i really bust something
[2008/04/26 05:51:50] <shadoi_> weird
[2008/04/26 05:51:56] <shadoi_> maybe try setting ldapparentattr = parentnode
[2008/04/26 05:52:20] <shadoi_> where parentnode is your baseclass?
[2008/04/26 05:52:23] <shadoi_> I'm not sure
[2008/04/26 05:53:55] @ shenson is now known as shenson_not_here
[2008/04/26 05:56:35] @ markl_ joined channel #puppet
[2008/04/26 06:00:03] <ashp> I'll givei t a shot, I got dragged into nagios briefly
[2008/04/26 06:00:13] @ dysinger joined channel #puppet
[2008/04/26 06:00:40] @ Quit: lak:
[2008/04/26 06:01:33] <gepetto> ::puppet:: Whos Using Puppet edited by chadh @ http://reductivelabs.com/trac/puppet/wiki/WhosUsingPuppet (by chad.huneycutt@gatech.edu)
[2008/04/26 06:06:27] @ gh joined channel #puppet
[2008/04/26 06:07:29] <ashp> i'd go faster if i didn't have to email my lawyer all day
[2008/04/26 06:07:40] @ cryptzero joined channel #puppet
[2008/04/26 06:13:17] @ euth joined channel #puppet
[2008/04/26 06:16:06] <ashp> Interesting, even without the password it suddenly started working properly and now it picks up the variables.
[2008/04/26 06:16:20] @ shenson_not_here is now known as shenson
[2008/04/26 06:21:34] @ Quit: glaw: Remote closed the connection
[2008/04/26 06:22:12] <ashp> hmm is there an easy way to a case on an array in puppet
[2008/04/26 06:22:21] <ashp> so I can check environment for any match for a keyword?
[2008/04/26 06:25:45] <euth> I'm trying to do some tests using my laptop as both client and server. As a mobile machine, I think the lack of resolvable reverse-mapping consistent host names (it uses DHCP on a corporate LAN) is getting in the way of the SSL. any suggestions for configuring puppetd/puppetmaster to be more relaxed about this for testing, or other suggestions?
[2008/04/26 06:26:32] <euth> specifically, the error I am getting that makes me thing that is:
[2008/04/26 06:26:33] <euth> err: /File[/var/lib/puppet/lib]: Failed to generate additional resources during transaction: Certificates were not trusted: hostname was not match with the server certificate
[2008/04/26 06:26:50] <euth> and I'm calling puppetd like:
[2008/04/26 06:26:52] <euth> sudo puppetd --server 127.0.0.1 --waitforcert 60 --test
[2008/04/26 06:29:08] @ thecat joined channel #puppet
[2008/04/26 06:29:34] <ashp> yeah, you need the hostname to match the cert hostname
[2008/04/26 06:29:37] <ashp> there's no way around that
[2008/04/26 06:29:49] <nigelk> euth: just don't use your hostname as the certname?
[2008/04/26 06:29:53] <ashp> (damn, you can't case on an array as suspected, and I think the ordering isn't definite)
[2008/04/26 06:30:08] <nigelk> we use UUIDs as certnames
[2008/04/26 06:30:12] <nigelk> due to having lots of laptops
[2008/04/26 06:30:28] <thecat> is there a way to bypass defaults in site.pp? ie make a node test { include only }, and not pickup any of the default node includes?
[2008/04/26 06:31:03] <euth> so the error I got was in relation to the server not matching 127.0.0.1, right?
[2008/04/26 06:31:08] <ashp> I wonder if the array you get from LDAP is always ordered the way the entry is in ldap, I'd hope so
[2008/04/26 06:34:48] <pietros> euth: you can set node_name = cert in your config to work around this
[2008/04/26 06:34:49] <pietros> http://inodes.org/blog/2008/03/13/puppet-facts-and-certificates/
[2008/04/26 06:34:53] @ Quit: lavaman: "http://www.mibbit.com ajax IRC Client"
[2008/04/26 06:35:27] @ andrewcshafer joined channel #puppet
[2008/04/26 06:37:04] @ Quit: ianm: Remote closed the connection
[2008/04/26 06:39:47] <euth> thanks
[2008/04/26 06:44:04] @ jeckersb joined channel #puppet
[2008/04/26 06:46:47] <euth> I don't think the problem is that the hostname fact is not being set though
[2008/04/26 06:47:01] <euth> as described in that link
[2008/04/26 06:52:48] @ jvanzyl joined channel #puppet
[2008/04/26 07:03:27] @ chadh_mib joined channel #puppet
[2008/04/26 07:03:30] @ lak joined channel #puppet
[2008/04/26 07:05:41] @ shenson is now known as shenson_not_here
[2008/04/26 07:30:41] @ kolla joined channel #puppet
[2008/04/26 07:32:11] @ Quit: flakrat: "Leaving"
[2008/04/26 07:52:52] @ Toby500 joined channel #puppet
[2008/04/26 07:53:25] <Toby500> Hi
[2008/04/26 07:53:35] <benp-> HI toby
[2008/04/26 07:55:14] @ Toby500 left channel #puppet ()
[2008/04/26 07:55:29] @ Quit: _lunix_: "_lunix_ has no reason"
[2008/04/26 07:56:37] @ Quit: lak:
[2008/04/26 07:57:47] @ ezralini left channel #puppet ()
[2008/04/26 08:08:10] @ Quit: cryptzero: "[BX] Chester Cheeta uses BitchX. Ayeuhayueuhayueuh!"
[2008/04/26 08:12:19] @ gh left channel #puppet ()
[2008/04/26 08:40:36] @ jvanzyl left channel #puppet ()
[2008/04/26 08:48:14] @ jvanzyl joined channel #puppet
[2008/04/26 08:57:14] @ wwalker is now known as wwalker_away
[2008/04/26 09:05:47] @ Quit: markl_: "Lost terminal"
[2008/04/26 09:17:56] @ Quit: andrewcshafer:
[2008/04/26 09:27:06] @ andrewcshafer joined channel #puppet
[2008/04/26 09:36:23] @ Quit: nigelk:
[2008/04/26 09:49:01] @ Quit: asa:
[2008/04/26 09:57:26] @ Quit: mcbride: Remote closed the connection
[2008/04/26 09:57:33] @ mcbride joined channel #puppet
[2008/04/26 10:00:00] @ asa joined channel #puppet
[2008/04/26 10:15:58] @ Quit: asa: Read error: 110 (Connection timed out)
[2008/04/26 10:23:58] @ Quit: shake-n-bake:
[2008/04/26 10:24:51] @ shake-n-bake joined channel #puppet
[2008/04/26 10:27:04] @ Quit: shake-n-bake: Client Quit
[2008/04/26 10:27:11] @ wibbit_ joined channel #puppet
[2008/04/26 10:32:07] @ Quit: shadoi_: Read error: 110 (Connection timed out)
[2008/04/26 10:33:31] @ Quit: shadoi: Read error: 110 (Connection timed out)
[2008/04/26 10:35:07] @ Quit: wibbit: Read error: 113 (No route to host)
[2008/04/26 10:41:20] @ patobrien joined channel #puppet
[2008/04/26 11:12:39] @ Quit: patobrien: "This computer has gone to sleep"
[2008/04/26 11:17:04] @ patobrien joined channel #puppet
[2008/04/26 11:35:58] @ Quit: patobrien: "This computer has gone to sleep"
[2008/04/26 11:41:02] @ patobrien joined channel #puppet
[2008/04/26 12:04:03] <benp-> vacation time
[2008/04/26 12:05:22] @ Quit: patobrien: "Leaving"
[2008/04/26 12:17:35] @ Quit: wibbit_: Read error: 110 (Connection timed out)
[2008/04/26 12:17:45] @ wibbit_ joined channel #puppet
[2008/04/26 12:25:39] @ spheromak_ joined channel #puppet
[2008/04/26 12:25:44] @ Quit: spheromak: Read error: 104 (Connection reset by peer)
[2008/04/26 13:47:19] @ Quit: jeckersb: "Leaving"
[2008/04/26 14:14:06] @ lak joined channel #puppet
[2008/04/26 14:33:35] @ shadoi joined channel #puppet
[2008/04/26 14:33:37] @ shadoi_ joined channel #puppet
[2008/04/26 14:55:35] @ jvanzyl_ joined channel #puppet
[2008/04/26 14:56:08] @ jvanzyl_ left channel #puppet ()
[2008/04/26 15:00:12] @ Quit: lak:
[2008/04/26 15:03:05] @ Quit: shadoi_: "leaving"
[2008/04/26 15:03:20] @ Quit: shadoi: Remote closed the connection
[2008/04/26 15:03:32] @ shadoi joined channel #puppet
[2008/04/26 15:05:22] @ Quit: andrewcshafer:
[2008/04/26 15:05:25] @ shake-n-bake joined channel #puppet
[2008/04/26 15:08:56] @ jvanzyl_ joined channel #puppet
[2008/04/26 15:10:00] @ jvanzyl__ joined channel #puppet
[2008/04/26 15:10:19] @ Quit: DavidS: Nick collision from services.
[2008/04/26 15:10:23] @ David1 joined channel #puppet
[2008/04/26 15:10:45] @ jvanzyl__ left channel #puppet ()
[2008/04/26 15:18:53] @ randybias joined channel #puppet
[2008/04/26 15:26:19] @ Quit: jvanzyl_: Read error: 110 (Connection timed out)
[2008/04/26 15:38:08] @ \ask joined channel #puppet
[2008/04/26 15:58:35] @ Quit: zobbo_: Read error: 113 (No route to host)
[2008/04/26 16:07:36] @ spheromak joined channel #puppet
[2008/04/26 16:07:40] @ Quit: spheromak_: Read error: 104 (Connection reset by peer)
[2008/04/26 16:09:18] @ Demosthenes joined channel #puppet
[2008/04/26 16:20:04] @ spheromak_ joined channel #puppet
[2008/04/26 16:20:11] @ Quit: spheromak: Read error: 104 (Connection reset by peer)
[2008/04/26 16:22:54] @ Quit: ricky: Client Quit
[2008/04/26 16:33:07] @ ricky joined channel #puppet
[2008/04/26 16:39:09] @ Quit: spheromak_: Read error: 113 (No route to host)
[2008/04/26 17:09:30] @ Quit: shadoi: "leaving"
[2008/04/26 17:27:26] @ Quit: shake-n-bake:
[2008/04/26 17:29:27] @ spheromak joined channel #puppet
[2008/04/26 17:32:29] @ Quit: randybias:
[2008/04/26 17:39:52] @ randybias joined channel #puppet
[2008/04/26 17:40:15] @ Quit: randybias: Client Quit
[2008/04/26 17:40:25] @ randybias joined channel #puppet
[2008/04/26 17:44:07] @ Quit: dysinger:
[2008/04/26 17:51:56] @ Quit: \ask:
[2008/04/26 17:57:47] @ Quit: ricky: "Reboot :-("
[2008/04/26 18:09:22] @ ricky joined channel #puppet
[2008/04/26 18:56:44] @ Quit: evil_steve: Read error: 113 (No route to host)
[2008/04/26 19:06:23] @ evil_steve joined channel #puppet
[2008/04/26 19:21:42] @ zobbo_ joined channel #puppet
[2008/04/26 19:22:15] @ andrewcshafer joined channel #puppet
[2008/04/26 20:17:42] @ johnf joined channel #puppet
[2008/04/26 20:28:31] @ yasuhito joined channel #puppet
[2008/04/26 20:30:21] @ yasuhito left channel #puppet ()
[2008/04/26 20:30:51] @ yasuhito joined channel #puppet
[2008/04/26 20:38:32] @ yure joined channel #puppet
[2008/04/26 20:40:43] <RainDoctor> hey
[2008/04/26 20:41:00] <RainDoctor> are all puppet programs run under setuid?
[2008/04/26 20:49:12] @ Quit: yasuhito: "Riece/4.0.0 Emacs/22.1 (gnu/linux)"
[2008/04/26 20:53:47] @ Quit: andrewcshafer:
[2008/04/26 20:53:52] <waawaamilk> RainDoctor: peterb is that you???
[2008/04/26 20:55:54] <RainDoctor> waawaamilk, no
[2008/04/26 20:56:59] <waawaamilk> heh, confusing you with a RainDr I think
[2008/04/26 20:57:11] <RainDoctor> hehe
[2008/04/26 21:13:55] <duritong> RainDoctor: puppetmaster can run as user puppet, however puppetd has to run as root or most stuff will fail
[2008/04/26 21:16:27] <RainDoctor> duritong, thanks, you cleared my doubt
[2008/04/26 21:28:23] <duritong> normally puppetmaster run as user puppet
[2008/04/26 21:28:41] <duritong> so the "can" is more the best and default practise ;)
[2008/04/26 21:42:54] <duritong> hmm
[2008/04/26 21:42:58] <duritong> Invalid parameter 'contact_groups' for type 'Nagios_host' at /srv/puppet/development/modules/nagios/manifests/init.pp:218 on node foobar
[2008/04/26 21:43:02] <duritong> strange
[2008/04/26 22:05:53] <duritong> damn the wiki-doku doesn't correspondend with version 0.24.4
[2008/04/26 22:37:37] @ asa joined channel #puppet
[2008/04/26 22:51:21] @ docelic joined channel #puppet
[2008/04/26 22:53:41] <docelic> Hey folks.. how would I generally take care of module dependencies? Let's say that I want to declare that module "stats" implies (automatically adds) module "database"... How would I do that?
[2008/04/26 23:16:19] @ Quit: asa:
[2008/04/26 23:39:53] @ Quit: johnf: Read error: 110 (Connection timed out)
[2008/04/26 23:48:30] @ Quit: kolla: Remote closed the connection
[2008/04/26 23:48:37] @ kolla joined channel #puppet
[2008/04/26 23:50:26] @ nigelk joined channel #puppet
[2008/04/26 23:51:54] @ roald joined channel #puppet
[2008/04/26 23:53:13] @ Quit: roald: Client Quit
[2008/04/26 23:54:51] @ wibbit_ left channel #puppet ("Ex-Chat")
« Friday, 2008-04-25 Index Sunday, 2008-04-27 »

Generated by irclog2html.py 2.6 by Marius Gedminas - find it at mg.pov.lt!