Monday, 2008-06-02

[2008/06/02 00:31:28] <DavidS> just started a munin plugin monitoring resource count from my storedconfig database: http://www.edv-bus.at/munin/black.co.at/puppetmaster.black.co.at-puppet_resources.html
[2008/06/02 00:36:42] @ Quit: kenvandine: Read error: 110 (Connection timed out)
[2008/06/02 00:49:41] <DavidS> wtf?? collectd's list of dependencies is longer than ... than ... err, well, _very_ long
[2008/06/02 01:01:03] <Pyretic> maybe for all the plugins ?
[2008/06/02 01:02:10] <DavidS> libfreetype6?
[2008/06/02 01:02:18] <DavidS> ttf-dejavu?
[2008/06/02 01:03:20] <Pyretic> that's probably for rrdtool to use truetype fonts
[2008/06/02 01:11:21] @ kenvandine joined channel #puppet
[2008/06/02 01:20:01] @ Quit: Demosthenex: Read error: 110 (Connection timed out)
[2008/06/02 01:29:29] @ Quit: andrewcshafer:
[2008/06/02 01:36:22] @ Quit: a-priori_: Read error: 110 (Connection timed out)
[2008/06/02 01:50:39] @ lak joined channel #puppet
[2008/06/02 01:52:20] <DavidS> good sunday to you, lak!
[2008/06/02 01:53:08] @ Quit: DavidS: "Leaving."
[2008/06/02 01:55:57] @ andrewcshafer joined channel #puppet
[2008/06/02 02:05:15] @ dysinger joined channel #puppet
[2008/06/02 02:19:14] @ jvanzyl joined channel #puppet
[2008/06/02 02:31:08] @ jvanzyl_ joined channel #puppet
[2008/06/02 02:44:20] @ Quit: jvanzyl: Read error: 110 (Connection timed out)
[2008/06/02 02:52:55] @ Quit: lak:
[2008/06/02 03:01:49] @ lak joined channel #puppet
[2008/06/02 03:02:10] @ Quit: dysinger:
[2008/06/02 03:04:01] @ Quit: lak: Client Quit
[2008/06/02 03:13:36] <e^ipi> i don't think puppet is running jobs in parallel
[2008/06/02 03:13:49] <e^ipi> that's retarded
[2008/06/02 03:14:00] <martha> e^ipi: it isn't supposed to
[2008/06/02 03:14:22] <e^ipi> no, i don't think it's a bug... it's a mis-design
[2008/06/02 03:14:41] <e^ipi> apt & gem can run in parallel... you can copy files while apt is doing it's thing
[2008/06/02 03:15:00] <e^ipi> make things faster so that this ec2 instance doesn't take a half hour to bootstrap
[2008/06/02 03:15:28] <martha> e^ipi: there would have to be a whole separate set of logic for noticing when things finish then
[2008/06/02 03:15:37] <martha> and what things can be parallelized
[2008/06/02 03:16:27] <e^ipi> user-set parallelism works fine... if things collide that's your ( as the author of the puppet manifests ) problem/fault
[2008/06/02 03:33:40] @ dysinger joined channel #puppet
[2008/06/02 03:36:00] @ Ol_ joined channel #puppet
[2008/06/02 03:38:31] <Volcane> at the very least that will require ruby to have proper threading abilities
[2008/06/02 03:38:54] <gepetto> ::puppet:: Ticket #1274 (defect created): class names cannot begin with a digit @ http://reductivelabs.com/trac/puppet/ticket/1274 (by marthag@mit.edu)
[2008/06/02 03:38:54] <gepetto> ::puppet:: Ticket #1275 (defect created): class names cannot begin with a digit @ http://reductivelabs.com/trac/puppet/ticket/1275 (by marthag@mit.edu)
[2008/06/02 03:39:51] @ Ol__ joined channel #puppet
[2008/06/02 03:41:00] <e^ipi> i like ruby less and less the more i have to deal with it
[2008/06/02 03:41:02] <e^ipi> ...
[2008/06/02 03:41:27] <Volcane> its got threading, but green threads only
[2008/06/02 03:41:40] <Volcane> 1 OS thread = 1 ruby thread can screw up the whole lot
[2008/06/02 03:42:18] <e^ipi> esp. on an operating system that loves threads like solaris
[2008/06/02 03:42:36] <Volcane> nods
[2008/06/02 03:42:43] <e^ipi> if it threads, solaris can give you damned near linear scalability
[2008/06/02 03:43:04] <Volcane> if it had proper threads the whole puppetmaster+mongrel+apache collosal hack wouldnt be needed
[2008/06/02 03:43:28] @ Quit: dysinger:
[2008/06/02 03:44:32] @ Quit: jvanzyl_:
[2008/06/02 03:45:31] @ jvanzyl joined channel #puppet
[2008/06/02 03:46:16] <gepetto> ::puppet:: Ticket #1275 (defect closed): class names cannot begin with a digit @ http://reductivelabs.com/trac/puppet/ticket/1275#comment:1 (by marthag@mit.edu)
[2008/06/02 03:49:37] @ dysinger joined channel #puppet
[2008/06/02 03:55:22] @ jvanzyl_ joined channel #puppet
[2008/06/02 03:55:24] @ Quit: jvanzyl: Read error: 104 (Connection reset by peer)
[2008/06/02 03:55:57] @ Quit: jvanzyl_: Read error: 104 (Connection reset by peer)
[2008/06/02 03:56:57] @ jvanzyl_ joined channel #puppet
[2008/06/02 03:57:16] @ Quit: Ol_: Read error: 110 (Connection timed out)
[2008/06/02 03:58:13] <e^ipi> hmm... that's odd
[2008/06/02 03:58:29] <e^ipi> warning: //Node[default]/File[monitrc]/ensure: No specified sources exist
[2008/06/02 03:59:15] <e^ipi> yet: source => "puppet://<myserver>/files/monitrc",
[2008/06/02 03:59:32] <e^ipi> and i have a [files] section in my fileserver.conf
[2008/06/02 04:00:28] <e^ipi> thoughts?
[2008/06/02 04:00:50] <martha> e^ipi: are you sure that the file is really there on the server
[2008/06/02 04:00:54] <martha> in the right place
[2008/06/02 04:00:56] <e^ipi> yes
[2008/06/02 04:02:07] @ Quit: andrewcshafer:
[2008/06/02 04:02:20] <Volcane> permissions ok?
[2008/06/02 04:02:31] <e^ipi> no, i just checked that
[2008/06/02 04:02:33] <e^ipi> ;)
[2008/06/02 04:02:37] <Volcane> :)
[2008/06/02 04:15:54] @ Quit: jvanzyl_:
[2008/06/02 04:21:15] @ jvanzyl joined channel #puppet
[2008/06/02 04:39:56] @ Quit: dysinger: Connection reset by peer
[2008/06/02 04:47:00] @ ^authentic joined channel #puppet
[2008/06/02 04:47:24] @ andrewcshafer joined channel #puppet
[2008/06/02 04:55:06] <e^ipi> here's an interesting problem to solve...
[2008/06/02 04:55:44] <e^ipi> i want to set up haproxy to load balance two mongrel hosts
[2008/06/02 04:55:54] <e^ipi> all 3 are managed by puppet
[2008/06/02 04:56:06] <e^ipi> except... they're on ec2 so i don't know their ip address
[2008/06/02 04:57:01] @ dysinger joined channel #puppet
[2008/06/02 05:00:05] @ Quit: authentic: Read error: 110 (Connection timed out)
[2008/06/02 05:00:12] @ ^authentic is now known as authentic
[2008/06/02 05:05:47] <Volcane> no facts?
[2008/06/02 05:05:58] <Volcane> ah but you need the external ip
[2008/06/02 05:06:10] <Volcane> and ec2 has the shitty nat thing going
[2008/06/02 05:07:20] @ oxtail joined channel #puppet
[2008/06/02 05:07:21] <Volcane> make a fact that calls out to whatsmyip.org :P
[2008/06/02 05:07:43] <e^ipi> i do not know how to use facter
[2008/06/02 05:07:57] <Volcane> $ facter
[2008/06/02 05:08:03] <Volcane> see all the variables? more whe you're root?
[2008/06/02 05:08:19] <Volcane> just use $fqdn or $ipaddress or whatever in your manifests / templates etc
[2008/06/02 05:08:42] <e^ipi> but how do i use facter in puppet configs?
[2008/06/02 05:08:48] <Volcane> its there
[2008/06/02 05:08:50] <Volcane> just use it
[2008/06/02 05:08:58] <Volcane> use $fqdn in a maifest or template
[2008/06/02 05:09:04] <Volcane> and that $fqdn will have come from facter
[2008/06/02 05:09:41] <Volcane> so facts are delivered by bits of ruby
[2008/06/02 05:09:50] <Volcane> and u can easily write your own facts
[2008/06/02 05:09:56] <Volcane> if u knew ruby that is
[2008/06/02 05:10:38] <e^ipi> which i do not
[2008/06/02 05:11:41] <Volcane> :)
[2008/06/02 05:14:03] <Volcane> well then u can write a script, shell or anything, and exec that from puppet to produce the config
[2008/06/02 05:14:37] <e^ipi> i'm already rolling out the instances via perl
[2008/06/02 05:14:44] <Volcane> use puppet to put a template of the haproxy config somewhere, say /etc/haproxy/haproxy.templ then a small script that you ue to build the final haproxy.cfg
[2008/06/02 05:14:57] <Volcane> ofcourse the best way is to write a fact
[2008/06/02 05:15:27] <Volcane> puppet puts the template down, notifies an exe to produce the final file, which notifies the haproxy service to boot up
[2008/06/02 05:15:36] <Volcane> set the exec to notifyonly
[2008/06/02 05:15:38] <e^ipi> how would i use facts from one host to build a config file for another?
[2008/06/02 05:15:51] <Volcane> facts are executed on the actual host
[2008/06/02 05:15:52] @ Quit: f--z: Read error: 110 (Connection timed out)
[2008/06/02 05:16:43] <Volcane> if u need to gather info from other hosts then apply it on the 3rd host, check out exported/collected resources in the wiki
[2008/06/02 05:17:05] <mfournier> e^ipi: it really easy to write new facts. example: http://pastie.org/206858
[2008/06/02 05:17:36] <mfournier> juste paste the code in a file in /usr/lib/ruby/1.8/facter/ and your fact is available in puppet
[2008/06/02 05:17:44] <Volcane> mfournier: nasty
[2008/06/02 05:17:54] <e^ipi> available to whom?
[2008/06/02 05:17:58] <Volcane> mfournier: get hte master to publish the facts to your client using the built in methods
[2008/06/02 05:18:26] <Volcane> mfournier: http://reductivelabs.com/trac/puppet/wiki/AddingFacts
[2008/06/02 05:19:26] <mfournier> Volcane: thanks :-)
[2008/06/02 05:20:06] @ Quit: andrewcshafer:
[2008/06/02 05:22:07] <mfournier> e^ipi: you'll find an example of facts being used there: http://reductivelabs.com/trac/puppet/wiki/LanguageTutorial#case
[2008/06/02 05:25:38] <e^ipi> i think i'll just exploit DNS
[2008/06/02 05:35:17] @ Quit: dysinger: Read error: 104 (Connection reset by peer)
[2008/06/02 05:58:39] @ f--z joined channel #puppet
[2008/06/02 06:00:09] <madduck> so i regenerated my ssl certs and checked that CN == DNS name in the TLS connection
[2008/06/02 06:00:20] <madduck> # The hostname in the certificate matches 'puppetmaster.madduck.net'.
[2008/06/02 06:00:31] <madduck> but when i start a client, I still am told:
[2008/06/02 06:00:45] <madduck> http://rafb.net/p/lHoCvl65.txt
[2008/06/02 06:20:48] @ lak joined channel #puppet
[2008/06/02 06:30:22] @ dysinger joined channel #puppet
[2008/06/02 06:39:39] @ Demosthenex joined channel #puppet
[2008/06/02 06:46:01] @ jvanzyl_ joined channel #puppet
[2008/06/02 06:46:04] @ Quit: jvanzyl: Read error: 104 (Connection reset by peer)
[2008/06/02 06:49:58] <madduck> recreating all certs fixed it...
[2008/06/02 06:52:28] @ Quit: mfournier: "leaving"
[2008/06/02 06:53:54] @ Quit: f--z: "KVIrc 3.2.5 Anomalies http://www.kvirc.net/"
[2008/06/02 06:54:07] @ martha left channel #puppet ()
[2008/06/02 07:00:48] @ Quit: jvanzyl_: Read error: 104 (Connection reset by peer)
[2008/06/02 07:01:35] @ jvanzyl joined channel #puppet
[2008/06/02 07:05:11] @ jvanzyl_ joined channel #puppet
[2008/06/02 07:05:15] @ Quit: jvanzyl: Read error: 104 (Connection reset by peer)
[2008/06/02 07:06:53] @ jvanzyl joined channel #puppet
[2008/06/02 07:07:12] @ Quit: jvanzyl_: Read error: 104 (Connection reset by peer)
[2008/06/02 07:31:49] <madduck> what is this trying to tell me:
[2008/06/02 07:31:49] <madduck> puppetmasterd[14492]: Permission denied: Cannot access
[2008/06/02 07:31:50] <madduck> mount[plugins]
[2008/06/02 07:32:00] <madduck> also, on the client:
[2008/06/02 07:32:00] <madduck> puppetd[18664]: (/File[/var/lib/puppet/lib]/source) Could not describe /plugins: Cannot access mount[plugins]
[2008/06/02 07:32:17] <madduck> and
[2008/06/02 07:32:17] <madduck> puppetd[18664]: (/File[/var/lib/puppet/lib]/ensure) No specified sources exist
[2008/06/02 07:35:17] <Volcane> you need to make a plugins section in the fileserver
[2008/06/02 07:35:43] <madduck> ah, with an appropriate allow?
[2008/06/02 07:35:48] <Volcane> yes
[2008/06/02 07:35:52] <madduck> if I say
[2008/06/02 07:35:53] <madduck> allow *.example.com
[2008/06/02 07:36:02] <madduck> does that match against the certificate CN?
[2008/06/02 07:36:07] <Volcane> it will automagically moun the right plugin, but you need to put it there so you can do acl's
[2008/06/02 07:37:20] <madduck> i still get the same error
[2008/06/02 07:37:25] <madduck> err: /File[/var/lib/puppet/lib]/source: Could not describe /plugins: can't convert nil into String
[2008/06/02 07:37:30] <madduck> or wait, it's another one...
[2008/06/02 07:37:54] <madduck> i suppose i need a path?
[2008/06/02 07:38:52] <madduck> yeah, that seems to have fixd it.
[2008/06/02 07:39:09] @ Quit: dysinger:
[2008/06/02 07:40:10] <Volcane> sweet
[2008/06/02 07:43:24] <madduck> thanks!
[2008/06/02 07:54:43] @ dysinger joined channel #puppet
[2008/06/02 08:06:29] @ Quit: kolla: Read error: 104 (Connection reset by peer)
[2008/06/02 08:07:42] @ kolla joined channel #puppet
[2008/06/02 08:08:02] @ Quit: dysinger:
[2008/06/02 08:08:31] @ dysinger joined channel #puppet
[2008/06/02 08:30:33] @ johnf joined channel #puppet
[2008/06/02 08:34:47] @ Quit: dysinger:
[2008/06/02 08:53:28] @ M- joined channel #puppet
[2008/06/02 08:54:56] @ andrewcshafer joined channel #puppet
[2008/06/02 08:58:05] @ Quit: andrewcshafer: Client Quit
[2008/06/02 09:13:49] @ Quit: oxtail: Read error: 113 (No route to host)
[2008/06/02 09:14:29] @ andrewcshafer joined channel #puppet
[2008/06/02 09:29:35] @ Quit: andrewcshafer:
[2008/06/02 09:30:41] @ andrewcshafer joined channel #puppet
[2008/06/02 09:31:07] @ Quit: andrewcshafer: Client Quit
[2008/06/02 09:32:25] @ andrewcshafer joined channel #puppet
[2008/06/02 09:44:53] @ Quit: andrewcshafer:
[2008/06/02 09:51:23] @ Quit: lak:
[2008/06/02 10:04:26] <MrProper_> morning all
[2008/06/02 10:22:41] @ jvanzyl_ joined channel #puppet
[2008/06/02 10:22:42] @ Quit: jvanzyl: Read error: 104 (Connection reset by peer)
[2008/06/02 10:34:10] <jamesturnbull> holaway: ping - how's your ActiveRecord?
[2008/06/02 10:42:37] @ Quit: jvanzyl_:
[2008/06/02 10:43:41] @ jvanzyl joined channel #puppet
[2008/06/02 00:00:41] @ Quit: fux: Remote closed the connection
[2008/06/02 00:02:17] @ fux joined channel #puppet
[2008/06/02 00:02:18] <jamesturnbull> shadoi: running it now - seems to be working
[2008/06/02 00:02:21] * jamesturnbull fingers crossed
[2008/06/02 00:03:40] <shadoi> cool
[2008/06/02 00:05:10] @ Quit: a-priori:
[2008/06/02 00:05:26] @ Ned joined channel #puppet
[2008/06/02 00:05:32] <Ned> is it possible to do a "dry run" with puppetd ?
[2008/06/02 00:05:38] <Ned> --help doesn't seem to have a switch for it :-(
[2008/06/02 00:06:25] <shadoi> --noop
[2008/06/02 00:08:46] @ Quit: lassizci: Read error: 110 (Connection timed out)
[2008/06/02 00:08:57] <Ned> shadoi: thanks :-)
[2008/06/02 00:10:11] @ markl__ joined channel #puppet
[2008/06/02 00:15:40] @ jvanzyl_ joined channel #puppet
[2008/06/02 00:15:42] @ Quit: jvanzyl: Read error: 104 (Connection reset by peer)
[2008/06/02 00:21:29] @ Gwayne joined channel #puppet
[2008/06/02 00:25:13] @ jvanzyl joined channel #puppet
[2008/06/02 00:25:52] @ Quit: jvanzyl_: Read error: 104 (Connection reset by peer)
[2008/06/02 00:31:14] <jamesturnbull> shadoi: no joy - hasn't populated the new users
[2008/06/02 00:31:22] <jamesturnbull> shadoi: but no errors
[2008/06/02 00:32:02] <shadoi> weird, it must be using the User.find(:first) then
[2008/06/02 00:32:25] <shadoi> because the save still fails
[2008/06/02 00:34:00] <jamesturnbull> shadoi: just adding some debug now
[2008/06/02 00:34:32] <jamesturnbull> shadoi: so the values from the select are : #<TracMigrate::TracAttribute:0x2aaaae6abc28>
[2008/06/02 00:34:43] <jamesturnbull> shadoi: which can't be good
[2008/06/02 00:35:13] <shadoi> yeah it's returning the instance instead of the values
[2008/06/02 00:36:23] <shadoi> according to your code that's right
[2008/06/02 00:36:33] <shadoi> because all you want is the @mail field
[2008/06/02 00:37:44] <jamesturnbull> shadoi: yeah I just want it to take the username field and pull out the associated first name, last name and email from session_attribute
[2008/06/02 00:37:47] * jamesturnbull looks confused
[2008/06/02 00:38:06] <shadoi> find_by_sql maps the results to the model
[2008/06/02 00:38:10] <shadoi> it's the whole ORM thingy
[2008/06/02 00:38:29] <shadoi> I see
[2008/06/02 00:39:07] <shadoi> @mail = field should be something like @mail = attrib.email
[2008/06/02 00:39:15] <shadoi> or whatever the column is in the table
[2008/06/02 00:39:29] <shadoi> and change the do \|field\| to do \|attrib\|
[2008/06/02 00:39:34] @ Quit: jvanzyl:
[2008/06/02 00:39:43] <jamesturnbull> shadoi: ah okay
[2008/06/02 00:40:20] <shadoi> jamesturnbull: I recommend loading up script/console in the redmine rails_root
[2008/06/02 00:40:31] @ jvanzyl joined channel #puppet
[2008/06/02 00:40:41] <shadoi> It makes a lot more sense when you can see the objects, etc.
[2008/06/02 00:40:51] <jamesturnbull> shadoi: sure - thanks - new to Rails also :)
[2008/06/02 00:41:39] @ Quit: jvanzyl: Read error: 104 (Connection reset by peer)
[2008/06/02 00:41:45] <shadoi> no worries
[2008/06/02 00:42:10] @ jvanzyl joined channel #puppet
[2008/06/02 00:42:13] <jamesturnbull> shadoi: undefined method `email'?
[2008/06/02 00:43:08] <shadoi> jamesturnbull: yeah, what's the column that has the email address in that table?
[2008/06/02 00:43:09] @ Quit: jvanzyl: Read error: 104 (Connection reset by peer)
[2008/06/02 00:43:14] <shadoi> I was just guessing
[2008/06/02 00:43:35] @ jvanzyl joined channel #puppet
[2008/06/02 00:43:36] <shadoi> name?
[2008/06/02 00:43:50] <shadoi> looks like it's heavily normalized
[2008/06/02 00:45:43] @ jvanzyl_ joined channel #puppet
[2008/06/02 00:45:48] <jamesturnbull> shadoi: ah I see okay
[2008/06/02 00:47:01] @ jvanzyl__ joined channel #puppet
[2008/06/02 00:47:33] @ Quit: jvanzyl_: Read error: 104 (Connection reset by peer)
[2008/06/02 00:47:53] @ Quit: jvanzyl__: Client Quit
[2008/06/02 00:48:11] @ Quit: jvanzyl: Read error: 104 (Connection reset by peer)
[2008/06/02 00:49:12] <jamesturnbull> shadoi: attrib.value seems to be working but I've been reassured before :P
[2008/06/02 00:50:48] <shadoi> hehe
[2008/06/02 01:02:46] <jamesturnbull> shadoi: tarnation - the right data in the variables now but still table not populated
[2008/06/02 01:03:22] <shadoi> try using u.save! and fail if it doesn't save instead of the unless you have there
[2008/06/02 01:04:16] @ dysinger joined channel #puppet
[2008/06/02 01:05:38] <jamesturnbull> shadoi: so a begin/rescue with u.save! inside it?
[2008/06/02 01:06:49] <shadoi> yeah
[2008/06/02 01:11:46] @ Quit: dysinger: Read error: 104 (Connection reset by peer)
[2008/06/02 01:12:21] @ dysinger joined channel #puppet
[2008/06/02 01:15:47] @ Quit: dysinger: Read error: 104 (Connection reset by peer)
[2008/06/02 01:16:27] @ dysinger joined channel #puppet
[2008/06/02 01:19:26] @ Quit: dysinger: Read error: 104 (Connection reset by peer)
[2008/06/02 01:20:07] @ dysinger joined channel #puppet
[2008/06/02 01:23:55] @ Quit: dysinger: Read error: 104 (Connection reset by peer)
[2008/06/02 01:24:33] @ dysinger joined channel #puppet
[2008/06/02 01:29:00] @ Quit: dysinger: Read error: 104 (Connection reset by peer)
[2008/06/02 01:29:17] @ dysinger joined channel #puppet
[2008/06/02 01:40:38] @ dysinger_ joined channel #puppet
[2008/06/02 01:43:20] @ jvanzyl joined channel #puppet
[2008/06/02 01:47:05] @ Quit: dysinger_: Read error: 104 (Connection reset by peer)
[2008/06/02 01:47:42] @ dysinger_ joined channel #puppet
[2008/06/02 01:51:03] @ Quit: dysinger_: Read error: 104 (Connection reset by peer)
[2008/06/02 01:51:33] @ Quit: dysinger: Read error: 110 (Connection timed out)
[2008/06/02 01:51:34] @ dysinger_ joined channel #puppet
[2008/06/02 01:52:51] @ Quit: pastie: Remote closed the connection
[2008/06/02 01:53:27] @ pastie joined channel #puppet
[2008/06/02 01:57:04] @ Quit: pastie: Remote closed the connection
[2008/06/02 01:57:43] @ pastie joined channel #puppet
[2008/06/02 01:58:40] @ Quit: dysinger_:
[2008/06/02 02:03:47] @ DavidS joined channel #puppet
[2008/06/02 02:04:09] <DavidS> g'morning!
[2008/06/02 02:05:29] @ lak joined channel #puppet
[2008/06/02 02:13:41] @ Quit: silent: "Chatzilla 0.9.75.1 [SeaMonkey 1.1.9/2008031300]"
[2008/06/02 02:16:05] @ Quit: jvanzyl: Read error: 104 (Connection reset by peer)
[2008/06/02 02:16:08] @ Quit: roald: Remote closed the connection
[2008/06/02 02:25:45] @ Quit: pastie: Remote closed the connection
[2008/06/02 02:26:39] @ pastie joined channel #puppet
[2008/06/02 02:27:13] @ Quit: lak:
[2008/06/02 02:30:49] @ andrewcshafer joined channel #puppet
[2008/06/02 02:37:44] @ silent joined channel #puppet
[2008/06/02 02:45:19] <madduck> i am trying to make sure that cron is running...
[2008/06/02 02:45:23] <madduck> http://rafb.net/p/6n9kdq28.txt
[2008/06/02 02:46:04] <madduck> however, even though the client downloads and applies all the other manifests, and /var/lib/puppet/state/localconfig.yaml includes the cron stuff
[2008/06/02 02:46:12] <madduck> the daemon is not started (on Debian)
[2008/06/02 02:46:26] <madduck> what's the (obvious?) error I am making?
[2008/06/02 02:48:55] <DavidS> madduck: you need to tell puppet how to diagnose cron (either wit hasstatus or pattern)
[2008/06/02 02:49:12] <DavidS> madduck: see wiki:TypeReference#cron
[2008/06/02 02:49:34] <gepetto> DavidS: madduck: wiki:TypeReference#cron is http://reductivelabs.com/trac/puppet/wiki/TypeReference#cron
[2008/06/02 02:49:34] <madduck> ah, and here is I thinking this sort of basic stuff was already integrated.
[2008/06/02 02:49:34] <DavidS> welcome to #puppet, martin
[2008/06/02 02:49:48] <madduck> DavidS: thanks, and hi!
[2008/06/02 02:50:57] <madduck> DavidS: actually, I want #service
[2008/06/02 02:50:59] <madduck> but thanks for the tip!
[2008/06/02 02:51:34] <DavidS> sorry, my caffeine levels are still low, but the error was only in the url, the parameters were right
[2008/06/02 02:52:21] <madduck> yeah
[2008/06/02 02:52:33] <madduck> i still would have wished puppet just worked out of the box
[2008/06/02 02:53:18] <DavidS> i still would have wished every init script in debian brought a working "status" parameter
[2008/06/02 02:53:36] <madduck> ++
[2008/06/02 02:53:45] <DavidS> (then the debian provider for the Service type coulda have a different default for hasstatus)
[2008/06/02 02:54:03] <madduck> DavidS: make a case for it on debian-devel and it might actually become a lenny+1 release goal!
[2008/06/02 02:55:20] <DavidS> . o O { not like I don't have enough other troubles }
[2008/06/02 02:55:33] <DavidS> where were thse debian-improvement-thingies?
[2008/06/02 02:55:53] <madduck> DEP, sec...
[2008/06/02 02:56:24] <madduck> http://dep.debian.net/, but it's down
[2008/06/02 02:56:28] <madduck> let me ask around for you
[2008/06/02 02:56:40] <DavidS> would that be the right venue/format?
[2008/06/02 02:57:07] <DavidS> http://wiki.debian.org/LSBInitScripts -- provide, at least, the following actions: start, stop, restart, force-reload, and status
[2008/06/02 02:57:13] <DavidS> my emphasis
[2008/06/02 02:57:26] <madduck> yeah, it's an LSB standard...
[2008/06/02 02:58:23] <madduck> a person to talk to would be petter reinholdsen
[2008/06/02 02:58:46] <madduck> DavidS: #291148...
[2008/06/02 02:58:54] <DavidS> my problem is rather that I really don't have the resources to track something like that
[2008/06/02 02:59:24] <DavidS> I'm already struggling to keep up with puppet
[2008/06/02 02:59:40] <madduck> i sympathise
[2008/06/02 03:00:04] <madduck> my problem is that I don't unerstand why Debian's puppet package doesn't just make service cron work with the minimal stuff
[2008/06/02 03:00:16] <madduck> e.g. use pattern = /$name/ until hasstatus can be enabled
[2008/06/02 03:01:34] <DavidS> from the docs it seems as if this should be the case :"hasstatus: If you do not specify anything, then the service name will be looked for in the process table. "
[2008/06/02 03:02:07] <DavidS> and pattern: "If this is left unspecified and is needed to check the status of a service, then the service name will be used instead."
[2008/06/02 03:02:29] <DavidS> which version are you running?
[2008/06/02 03:03:06] <madduck> 0.24.4
[2008/06/02 03:03:25] <madduck> i start puppet on the client, cron isn't running
[2008/06/02 03:03:34] <madduck> it adjusts e.g. sudoers permission and adds a cron job
[2008/06/02 03:03:40] <madduck> but the cron service is not started
[2008/06/02 03:03:48] <madduck> it might be because i have /cronolog/ running
[2008/06/02 03:04:01] <madduck> so maybe it's looking up /cron/ instead of /\bcron\b/
[2008/06/02 03:04:05] <DavidS> that might be a reason, yes :)
[2008/06/02 03:04:14] * madduck stops cronolog to see
[2008/06/02 03:04:39] <madduck> yup
[2008/06/02 03:04:40] <DavidS> that sounds like a good bugreport, with an easy patch hinthint*
[2008/06/02 03:04:49] <madduck> :)
[2008/06/02 03:04:56] <madduck> sounds like a git patch to me. :)
[2008/06/02 03:05:19] <DavidS> exactly
[2008/06/02 03:05:33] <madduck> is there a standard address to send git patches to
[2008/06/02 03:05:39] <madduck> or should i go via debian bts?
[2008/06/02 03:06:14] <DavidS> sec...
[2008/06/02 03:06:36] <DavidS> see wiki:DevelopmentLifecycle
[2008/06/02 03:06:40] <gepetto> DavidS: wiki:DevelopmentLifecycle is http://reductivelabs.com/trac/puppet/wiki/DevelopmentLifecycle
[2008/06/02 03:07:07] <DavidS> git://reductivelabs.com/puppet
[2008/06/02 03:07:25] <DavidS> contrary to the docs though, you should code against 0.24.x probably
[2008/06/02 03:07:47] <madduck> why?
[2008/06/02 03:08:04] <shadoi> 0.24.4 is the current stable version.
[2008/06/02 03:08:08] <madduck> what's the format of pattrn? "/\bcron\b/" ?
[2008/06/02 03:08:13] <madduck> or without the / ?
[2008/06/02 03:08:36] <DavidS> the docs -- being newer than git-reality -- talk a bit about "this is what we'd like to have" and switching the repo over will only happen on the release of 0.25
[2008/06/02 03:09:23] <madduck> pattern => "/\bcron\b/",
[2008/06/02 03:09:24] <madduck> seems to work
[2008/06/02 03:09:52] <DavidS> there you go ...
[2008/06/02 03:10:14] <DavidS> you might want to add 'd?' at the end too?
[2008/06/02 03:10:20] @ glaw joined channel #puppet
[2008/06/02 03:10:39] <DavidS> or is initscriptname == nameofbinary?
[2008/06/02 03:11:34] <madduck> d? sounds like a good addition
[2008/06/02 03:13:17] @ Quit: kolla: Remote closed the connection
[2008/06/02 03:13:38] @ Quit: Ol__:
[2008/06/02 03:15:52] <madduck> http://rafb.net/p/FkSSTA29.txt
[2008/06/02 03:15:56] <madduck> ruby by trial and error. :)
[2008/06/02 03:16:18] <madduck> DavidS: fwiw: http://dep.alioth.debian.org/
[2008/06/02 03:16:26] <madduck> not much there yet
[2008/06/02 03:18:00] <DavidS> your patch won't work as expected
[2008/06/02 03:18:27] <DavidS> 1) "/\b%sd?\n/" %[@resource[:binary]] will never be nil
[2008/06/02 03:18:55] <DavidS> 2) if any of the values contains / the regex probably will die
[2008/06/02 03:19:23] <DavidS> hint: you can replace the {} with do/end and put more code there
[2008/06/02 03:19:41] <DavidS> just leave the value you want to return on the last statement, mostly like perl does
[2008/06/02 03:20:29] @ lassizci_ is now known as lassizci
[2008/06/02 03:22:58] @ Quit: andrewcshafer:
[2008/06/02 03:28:21] @ f--z joined channel #puppet
[2008/06/02 03:29:39] <madduck> hm, i don't know perl at all... nor ruby... :/
[2008/06/02 03:29:56] <madduck> but what you say makes sense
[2008/06/02 03:30:11] <DavidS> good
[2008/06/02 03:32:12] @ oxtail joined channel #puppet
[2008/06/02 03:38:59] <madduck> DavidS: defaultto { "/\b%sd?\b/" % [@resource[:binary] \|\| @resource[:name]] }
[2008/06/02 03:39:03] <madduck> that seems to work... :)
[2008/06/02 03:40:26] <DavidS> good idea :)
[2008/06/02 03:40:46] <madduck> http://scratch.madduck.net/code__puppet__0001-Default-service-pattern-match-with-word-boundaries.patch
[2008/06/02 03:40:57] <madduck> if you'd let me know that this looks okay, i'll end it off
[2008/06/02 03:41:01] <madduck> my first ruby patch ever
[2008/06/02 03:41:06] <madduck> and my first puppet patch :)
[2008/06/02 03:41:54] <shadoi> I wish everyone who found issues would do that. Including me. :)
[2008/06/02 03:42:45] <madduck> hm... Unrecognised escape sequence '\b' in
[2008/06/02 03:42:46] <madduck> file /etc/puppet/manifests/classes/cron.pp at line 6
[2008/06/02 03:43:00] <DavidS> madduck: gratulations, looks good to me. It might make sense though to create a ticket in track and reference it in the commit message and then add the patch with the bug# included
[2008/06/02 03:43:11] <DavidS> oops
[2008/06/02 03:43:19] <madduck> yet, it works...
[2008/06/02 03:43:31] <shadoi> that's the puppet parser complaining, not ruby
[2008/06/02 03:43:52] @ roald joined channel #puppet
[2008/06/02 03:43:53] <madduck> yeah...
[2008/06/02 03:44:00] <madduck> it was from when i tried the regexp
[2008/06/02 03:44:05] <shadoi> just a warning, I'm not sure how to make it stop
[2008/06/02 03:44:31] <DavidS> use \\
[2008/06/02 03:44:42] @ Quit: roald: Remote closed the connection
[2008/06/02 03:44:57] <shadoi> that broke other stuff for me, but maybe in this case it'll work.
[2008/06/02 03:45:07] <DavidS> http://www.ruby-doc.org/docs/UsersGuide/rg/regexp.html say \b is 'word boundary (if not in a range specification)'
[2008/06/02 03:45:38] <madduck> yes
[2008/06/02 03:45:43] <DavidS> shadoi: IIRC that was considered a bug and fixed some time ago already in the 0.24.0 timeframe or so...
[2008/06/02 03:46:28] <shadoi> DavidS: ah ok
[2008/06/02 03:46:40] <shadoi> yeah I'm still on 0.23.2 where it's an issue for me.
[2008/06/02 03:46:55] <madduck> sent
[2008/06/02 03:47:09] <madduck> of course, googlegroups will actually refuse it.
[2008/06/02 03:47:12] <madduck> pieceof shit
[2008/06/02 03:47:16] <shadoi> lol
[2008/06/02 03:48:12] <DavidS> shit.piece_of
[2008/06/02 03:48:37] <DavidS> this is a ruby channel after all ;)
[2008/06/02 03:48:41] <f3ew> piece.of(shit)
[2008/06/02 03:49:54] <shadoi> as long as piece takes to args
[2008/06/02 03:49:56] <shadoi> piece of shit
[2008/06/02 03:49:57] <shadoi> is fine
[2008/06/02 03:50:03] <shadoi> s/to/two/
[2008/06/02 03:50:09] <shadoi> ;)
[2008/06/02 03:50:16] @ roald joined channel #puppet
[2008/06/02 03:52:12] <gepetto> ::puppet:: Ticket #1276 (enhancement created): service type pattern match does not include word boundaries @ http://reductivelabs.com/trac/puppet/ticket/1276 (by reductivelabs.com@pobox.madduck.net)
[2008/06/02 03:56:23] <madduck> gosh, a mailing list that doesn't accept git-send-email mail from accounts that have no google accounts, and trac... how the heck will i ever work on puppet?
[2008/06/02 03:57:17] @ Quit: M-: "Leaving"
[2008/06/02 04:11:20] <duritong> madduck: you don't have to have a google account
[2008/06/02 04:11:37] <madduck> duritong: so did my mail go through?
[2008/06/02 04:12:44] <duritong> well you have to be registered with this address on the list
[2008/06/02 04:19:21] <madduck> duritong: i can't figure out how to do that without a google account
[2008/06/02 04:19:31] <duritong> -subscribe
[2008/06/02 04:20:35] <madduck> ok.
[2008/06/02 04:20:48] <madduck> and can i set it to receive no mail?
[2008/06/02 04:21:02] <duritong> hmm dunno
[2008/06/02 04:21:27] @ kolla joined channel #puppet
[2008/06/02 04:25:13] <duritong> ashp: ping
[2008/06/02 04:26:22] <madduck> trying it out now
[2008/06/02 04:31:44] @ johnf joined channel #puppet
[2008/06/02 04:36:53] @ Innocenti joined channel #puppet
[2008/06/02 04:37:28] <madduck> nope. fortunately, my procmail knows how to deal with this broken crap
[2008/06/02 04:37:31] <madduck> (majordomo is the same)
[2008/06/02 04:38:02] @ Quit: zoeloelip: Read error: 104 (Connection reset by peer)
[2008/06/02 04:38:20] <DavidS> madduck: that's what i really like about the free software world: strong opinions and quick fixes
[2008/06/02 04:39:54] <jamesturnbull> DavidS: word
[2008/06/02 04:39:57] @ DerekW joined channel #puppet
[2008/06/02 04:40:07] <jamesturnbull> madduck: will take a look at your ticket shortly
[2008/06/02 04:40:28] <DavidS> good morning, jamesturnbull! :))
[2008/06/02 04:40:55] <jamesturnbull> DavidS: well good evening for me
[2008/06/02 04:41:01] <jamesturnbull> DavidS: it's 6.40pm here
[2008/06/02 04:41:46] * madduck is going to go and play outside
[2008/06/02 04:41:53] <madduck> will return to puppet later though
[2008/06/02 04:42:03] <DavidS> madduck: palying with puppets is fun ;)
[2008/06/02 04:42:07] <DavidS> playin, even
[2008/06/02 04:42:10] <DavidS> playing, even
[2008/06/02 04:42:13] <madduck> jamesturnbull: thanks! feel free to whack me with the clue bat if it's appropriate. :)
[2008/06/02 04:42:47] <DavidS> jamesturnbull: yeah, give it good to him. publically if possible, I'd like to learn as well, since I advised him ;)
[2008/06/02 04:43:29] @ Quit: Demosthenex: Read error: 110 (Connection timed out)
[2008/06/02 04:43:32] <jamesturnbull> DavidS: I am fairly impressed Martin has already submitted a patch! :)
[2008/06/02 04:43:37] @ zoeloelip joined channel #puppet
[2008/06/02 04:44:08] <DavidS> jamesturnbull: you can read the hisroty of the patch in the last few hours channel log
[2008/06/02 04:44:12] <DavidS> history
[2008/06/02 04:44:18] <DavidS> my keyboard must be broken ;)
[2008/06/02 04:44:54] <jamesturnbull> DavidS: yeah had to duck away from the channel after shadoi kindly helped with me my trac-to-redmine conversion issues (mostly user self-inflicted except the damn broken gem...)
[2008/06/02 04:45:16] * DavidS too should program instead of chat
[2008/06/02 04:53:29] @ Quit: johnf: Read error: 110 (Connection timed out)
[2008/06/02 04:53:52] <madduck> 02 10:43 < jamesturnbull> DavidS: I am fairly impressed Martin has already submitted a patch! :)
[2008/06/02 04:53:55] <madduck> are you now? :)
[2008/06/02 04:54:41] @ johnf joined channel #puppet
[2008/06/02 04:54:54] <madduck> i think i have held the claim to no. 1 debian bug poster for about 4 years now, and every second of my bugs has a patch! at least i try!
[2008/06/02 04:55:13] * madduck is trying to be a good floss-itizen
[2008/06/02 04:57:20] @ JarleB joined channel #puppet
[2008/06/02 05:03:46] <jamesturnbull> madduck: I had no doubts about that - of course not hard to look good in the Debian community
[2008/06/02 05:03:50] * jamesturnbull ducks and moves to Iceland
[2008/06/02 05:04:10] <jamesturnbull> shadoi: issue resolved - helps if you clear the old values from global variables.
[2008/06/02 05:04:49] * Volcane cheers jamesturnbull on
[2008/06/02 05:07:11] <DavidS> Volcane, jamesturnbull: you're so mean ....
[2008/06/02 05:08:18] <jamesturnbull> DavidS: I know - I am trying to be a better person. :P
[2008/06/02 05:09:08] @ exodos joined channel #puppet
[2008/06/02 05:09:12] <jamesturnbull> DavidS: I think I already owe Martin a beer so I'll make it two and go from there
[2008/06/02 05:12:39] <shadoi> jamesturnbull: :) cool
[2008/06/02 05:14:42] @ Quit: oxtail: Read error: 113 (No route to host)
[2008/06/02 05:36:51] * thom whacks jamesturnbull
[2008/06/02 05:36:52] <thom> :P
[2008/06/02 05:39:15] <thom> madduck: 484014 -> patches gratefully received ;)
[2008/06/02 05:39:59] <DavidS> thom: you're mean too :)
[2008/06/02 05:40:57] <DavidS> and managing cron.d with debian's cron provider is probably a real PITA, because you have to manage purging and everything and remember what goes into which file :-/
[2008/06/02 05:42:07] <thom> DavidS: yeah, hence asking for a patch ;)
[2008/06/02 05:42:49] <thom> and creating files with useful names would probably end up conflicting with run-parts(5) in the end
[2008/06/02 05:43:51] <jamesturnbull> thom: and could he do something about init at the same time
[2008/06/02 05:44:18] * jamesturnbull decide Iceland isn't far enough and considers Lappland
[2008/06/02 05:45:09] <DavidS> jamesturnbull: why do you come to europe, if you're already in the states?
[2008/06/02 05:49:28] <thom> jamesturnbull: surely the entire world is moving to upstart, no?
[2008/06/02 05:49:30] * thom ducks and runs
[2008/06/02 05:50:32] <DavidS> thom: well, "upstart is the canonical init replacement"
[2008/06/02 05:50:35] <DavidS> ;)
[2008/06/02 05:50:45] @ Quit: markl__: Connection timed out
[2008/06/02 05:51:01] <thom> heh :)
[2008/06/02 05:51:08] @ Quit: markl_: Connection timed out
[2008/06/02 05:58:15] @ oxtail joined channel #puppet
[2008/06/02 06:00:57] <DavidS> thom, hacim: I just read the changelog for -8 and am wondering what "Fixing transaction support for prefetching generated resources." means
[2008/06/02 06:01:13] <DavidS> do you have any pointers, like a git hash or seomething?
[2008/06/02 06:08:59] <thom> DavidS: a02f051d4dd3a90b41ac62c0b961b4f88efecd6b ought to be it
[2008/06/02 06:13:43] <thom> DavidS: http://is.gd/pjl
[2008/06/02 06:29:56] @ gileswork joined channel #puppet
[2008/06/02 06:36:11] @ Quit: shadoi: "leaving"
[2008/06/02 06:43:02] @ Quit: oxtail: Read error: 110 (Connection timed out)
[2008/06/02 06:51:07] <thom> http://www.slideshare.net/ezmobius/vertebra
[2008/06/02 06:57:34] <tim\|imac> really nice slideshow, very interesting
[2008/06/02 07:01:16] <DavidS> that would be something for spike
[2008/06/02 07:09:47] <jamesturnbull> DavidS: I am in Australia
[2008/06/02 07:10:35] <jamesturnbull> gepetto: seen lak
[2008/06/02 07:10:36] <gepetto> jamesturnbull: lak was last seen 4 hours, 43 minutes and 22 seconds ago, quitting IRC ()
[2008/06/02 07:11:25] <DavidS> jamesturnbull: damn, and I'm not .. life sucks sometimes ...
[2008/06/02 07:12:03] <DavidS> jamesturnbull: how long will you stay?
[2008/06/02 07:16:33] @ londo_ joined channel #puppet
[2008/06/02 07:16:35] @ Quit: londo: Read error: 104 (Connection reset by peer)
[2008/06/02 07:16:49] @ Quit: kenvandine: "Ex-Chat"
[2008/06/02 07:17:42] <jamesturnbull> DavidS: I was kidding about Iceland
[2008/06/02 07:18:04] <jamesturnbull> DavidS: I live in Melbourne and am quite happy here
[2008/06/02 07:18:22] <jamesturnbull> DavidS: but I'd like to visit Iceland and potentially hide from Debian core team members chasing me down
[2008/06/02 07:18:33] * DavidS really needs more caffeine
[2008/06/02 07:18:51] <jamesturnbull> DavidS: me too
[2008/06/02 07:19:05] <DavidS> and we asutrians always laugh about US citizens mixing up austria and australia ...
[2008/06/02 07:19:16] <DavidS> damn
[2008/06/02 07:26:28] <DavidS> so, to make it totally clear, I'd like to be in austria, europe, not australia. (although I'd both like to visit austrialia at a point in the future and meet you, james)
[2008/06/02 07:35:06] <nevyn> jamesturnbull: why are they hunting you down?
[2008/06/02 07:35:31] <nevyn> jamesturnbull: it's not like you're responcible for DSA1571
[2008/06/02 07:35:40] <DavidS> nevyn: he said Bad Things about Debian ;)
[2008/06/02 07:35:48] @ Quit: DerekW: Read error: 113 (No route to host)
[2008/06/02 07:36:00] <nevyn> DavidS: it seems to be the thing this month.
[2008/06/02 07:45:40] @ DerekW joined channel #puppet
[2008/06/02 07:55:55] @ Zothar_Work joined channel #puppet
[2008/06/02 08:11:18] <jamesturnbull> DavidS: well you'd be most welcome in Melbourne - I am easily bribed with beer
[2008/06/02 08:12:44] <DavidS> is alcohol for bribery duty-free? :)
[2008/06/02 08:20:58] <jamesturnbull> DavidS: certainly is
[2008/06/02 08:21:31] @ oxtail joined channel #puppet
[2008/06/02 08:36:19] <tim\|imac> DavidS: not for spike, he's not a big fan of ruby ;-)
[2008/06/02 08:42:43] <DavidS> tim\|imac: but he's searching for some cool messaging fabric
[2008/06/02 08:43:23] <DavidS> jamesturnbull: so bribery is considered "personal usage"? good to know :)
[2008/06/02 08:43:53] @ mccune joined channel #puppet
[2008/06/02 08:48:32] @ kenvandine joined channel #puppet
[2008/06/02 08:51:19] @ kambiz joined channel #puppet
[2008/06/02 08:55:13] @ tmz_ joined channel #puppet
[2008/06/02 09:04:30] @ Quit: tmz: Read error: 110 (Connection timed out)
[2008/06/02 09:04:31] <ashp> duritong: pong
[2008/06/02 09:05:25] <duritong> did you do something else than here? http://watzmann.net/blog/index.php?cat=21
[2008/06/02 09:05:30] <duritong> i missed your ks snippet
[2008/06/02 09:05:34] <duritong> eh lost
[2008/06/02 09:06:09] <ashp> oh, let me cut and paste it again, what I have (I realized), might not work as well as I had hoped
[2008/06/02 09:06:29] <ashp> i don't think it's doing the first puppet run during the install
[2008/06/02 09:06:41] <duritong> hmm why not?
[2008/06/02 09:06:54] <ashp> http://pastebin.com/dd437031
[2008/06/02 09:07:17] <ashp> I'm not sure, I may have the options wrong or I may be mistaken, but I realised I had to wait until puppet ran on the first boot to get the cert request
[2008/06/02 09:07:38] <ashp> It might be something to do with needing it run it very last, after the $yum_config_stanza, I hadn't done a lot of testing
[2008/06/02 09:07:48] <ashp> i tend to just build, sign the cert by the time it's at the login prompt
[2008/06/02 09:07:58] <ashp> and then just manually run puppetd -tv while I watch it to make sure nothing breaks
[2008/06/02 09:08:24] <duritong> ok
[2008/06/02 09:09:02] <duritong> hmm but: rhnreg_ks is run?
[2008/06/02 09:09:15] <ashp> that bit works ok
[2008/06/02 09:09:20] <ashp> what I should do, and haven't added yet
[2008/06/02 09:09:25] <ashp> is a rhn-profile-sync after a sleep of 10
[2008/06/02 09:09:37] <ashp> because sometimes it seems like something doesn't associate right
[2008/06/02 09:09:45] <ashp> and then after rebooting i have to profile-sync anyway to get it to realize it's registered
[2008/06/02 09:09:54] <ashp> It's SUPPOSED to work.. but rhn...
[2008/06/02 09:10:31] <duritong> i don't have to care about rhn :)
[2008/06/02 09:10:38] <duritong> but i was just curious if it works
[2008/06/02 09:10:47] <duritong> well let's see if I find something out
[2008/06/02 09:11:54] @ Quit: oxtail: "Ex-Chat"
[2008/06/02 09:17:48] <duritong> ashp: $yum_config_stanza -- this is replaced with the code neccessary to configure the installed system to use the yum repos set up during install time for regular operation. In other words, it sets up /etc/yum.repos.d on the provisioned system. This works for all machines that can have yum installed. If the value in /var/lib/cobbler/settings for "yum_core_repos_from_server" is set, in addition, the provisioned system will be pointed to the boot se
[2008/06/02 09:18:12] <duritong> this make ne sense if it should run afterwards
[2008/06/02 09:18:39] <ashp> Yeah, I don't think for the initial puppet run that should matter
[2008/06/02 09:18:55] <ashp> Maybe I should just throw in -d and see what the logs show
[2008/06/02 09:19:08] @ muerr joined channel #puppet
[2008/06/02 09:19:27] @ Quit: muerr: Read error: 104 (Connection reset by peer)
[2008/06/02 09:21:02] @ Quit: DavidS: "Leaving."
[2008/06/02 09:23:43] @ a-priori_ joined channel #puppet
[2008/06/02 09:29:19] @ muerr joined channel #puppet
[2008/06/02 09:30:14] @ DavidS joined channel #puppet
[2008/06/02 09:36:25] @ shenson_not_here is now known as shenson
[2008/06/02 09:36:58] <duritong> win 16
[2008/06/02 09:37:01] <duritong> argh
[2008/06/02 09:37:35] <DavidS> win 32!
[2008/06/02 09:37:45] * DavidS ducks'n'runs ...
[2008/06/02 09:39:55] <duritong> hehe
[2008/06/02 09:40:36] @ Quit: mizzy: "SIGTERM received; exit"
[2008/06/02 09:43:08] @ mizzy joined channel #puppet
[2008/06/02 09:49:22] <madduck> thom: #484014 is a bit above my head right now, but i'll keep it on the top of my head.
[2008/06/02 09:49:54] @ Quit: kolla: Remote closed the connection
[2008/06/02 09:50:38] <ashp> I wonder what terrible thing I've broken in my iclassify module :/
[2008/06/02 09:52:46] <ashp> Argh, I need lak, I found something that triggers a bug that we talked about before
[2008/06/02 09:53:02] <ashp> If a file fails to parse puppetd just starts to ignore it afterwards
[2008/06/02 09:53:27] <ashp> Maybe it's supposed to do that, but it seems a bad plan - here's run one:
[2008/06/02 09:53:29] <ashp> err: Could not retrieve catalog: Syntax error at '+>'; expected '}' at /etc/puppet/modules/development/iclassify/manifests/install.pp:38 on node hlslinutil02.law.harvard.edu
[2008/06/02 09:53:34] <ashp> Then I ran it IMMEDIATELY again and:
[2008/06/02 09:53:38] <ashp> err: Could not retrieve catalog: Could not find class iclassify::install in namespaces iclassify at /etc/puppet/modules/development/iclassify/manifests/init.pp:21 on node hlslinutil02.law.harvard.edu
[2008/06/02 09:54:14] <ashp> I end up having to restart puppetmaster to get it seen again
[2008/06/02 09:55:35] @ fsweetser joined channel #puppet
[2008/06/02 09:58:36] @ jvanzyl joined channel #puppet
[2008/06/02 09:59:49] <thom> madduck: i'm kinda ambivalent
[2008/06/02 10:00:45] <thom> madduck: i think user expectation in general will be that puppet uses the user crontab, but experienced debianistas will look in cron.d
[2008/06/02 10:01:43] <duritong> cron.d is imho the right place for it
[2008/06/02 10:03:12] <DavidS> according to debian's own bibl^Wpolicy, /etc is for manually edited administrative content, I'm not sure whether puppet should default to fiddling there ...
[2008/06/02 10:06:50] <ashp> Those of you who disable passwords and only use ssh keys: do you still use sudo, and if so, how do you secure it?
[2008/06/02 10:08:08] <duritong> hmm I would disable password-logins but not passwords itself
[2008/06/02 10:08:27] <thom> ashp: same as duritong
[2008/06/02 10:10:29] <ashp> I was thinking of not having passwords altogether, just because ruby-shadow seems terrible and puppet constantly sets the password over and over
[2008/06/02 10:10:35] <ashp> i considered just stripping it out and relying on keys :)
[2008/06/02 10:10:44] <ashp> but then I realised we used sudo, and that's the only place we need ap assword
[2008/06/02 10:11:24] <duritong> use ldap for passwords
[2008/06/02 10:12:39] <DavidS> lefant would say that the password doesn't bring additional security, because when one has your ssh-key, he can easily replace your sudo command in the shell and get you password...
[2008/06/02 10:12:46] <DavidS> I tend to agree with him there
[2008/06/02 10:13:09] <kajtzu> it's hard to use ldap at very remote sites though
[2008/06/02 10:14:15] <muerr> ashp: we set sudo to nopasswd
[2008/06/02 10:14:54] <ashp> I actually just removed my ldap module
[2008/06/02 10:14:57] <ashp> because it's been a pain
[2008/06/02 10:15:24] <ashp> muerr: I must admit that was my initial plan :)
[2008/06/02 10:15:34] <muerr> i don't see anything wrong with it.
[2008/06/02 10:15:36] <ashp> It will probably fail to get past our security guys
[2008/06/02 10:15:42] <ashp> but I figure by the time they have your account and are logged on
[2008/06/02 10:15:45] <ashp> you're in enough trouble already
[2008/06/02 10:15:47] @ markl_ joined channel #puppet
[2008/06/02 10:15:51] <muerr> Yup.
[2008/06/02 10:16:30] <muerr> You can set sudo to require the root password, or the target uid password if you use sudo to run things as other users.
[2008/06/02 10:17:16] <ashp> That's true, at first I wanted to use ldap
[2008/06/02 10:17:19] <ashp> because that's an easy one
[2008/06/02 10:17:27] <ashp> but not all networks and ranges can access our ldap server
[2008/06/02 10:17:27] <muerr> haha
[2008/06/02 10:17:32] <ashp> and that's proving to be a real pain in the ass
[2008/06/02 10:17:47] <muerr> i've never heard anyone say "ldap" and "easy" in the same sentence, except holoway because he's an ldap ninja.
[2008/06/02 10:20:22] <DavidS> muerr: "ldap is not easy"
[2008/06/02 10:20:29] <muerr> DavidS: :P
[2008/06/02 10:20:40] <kajtzu> ldap is easy once you get it going
[2008/06/02 10:20:57] <ashp> Most of my trouble was just making sure that I could distinguish between servers that can and can't access it
[2008/06/02 10:21:07] <muerr> kajtzu: thats probably fair. i didn't have much trouble working with ldap at ibm, since they had three million ldap ninjas configuring it.
[2008/06/02 10:21:24] <kajtzu> muerr: more likely 2 bad dudes somewhere :)
[2008/06/02 10:22:26] <muerr> kajtzu: actually, three million project managers, and two actual ninjas.
[2008/06/02 10:23:42] <kajtzu> authentication and authorization infra is trivial really if your organisation is able to use ldap for everything. problem with ldap is servers at customers, etc. that cannot access your infra (or need to be shared with someone else but still your responsibility) so you end up eitehr creating generic role accounts (which sucks, mmmkay) or figuring a way or running useradd/userdel, groupadd/groupdel etc on the fly either scripted through puppet or by ins
[2008/06/02 10:26:36] <ashp> My biggest issue is we've built this 'developer sandbox' where we put all these vm's for the developers to use
[2008/06/02 10:26:45] <ashp> but we don't let them through into the real network, and we don't have a copy of ldap in there
[2008/06/02 10:26:59] <ashp> so I can't use ldap uniformly and that drives me crazy
[2008/06/02 10:27:22] <ashp> We're working on upgrading/cleaning up both ldap/mysql and replacing all our existing tools with some awful sun identity manager thing
[2008/06/02 10:27:22] <kajtzu> assuming all the ids would still be in ldap you could limit access by host or so
[2008/06/02 10:27:49] <ashp> so after that, hopefully we can build a replicate ldap server in the dev network and sync them up so they can break that and I can go back to ldap
[2008/06/02 10:28:01] <ashp> we have hard rules blocking the dev network, otherwise they'll find ways to ruin production gear
[2008/06/02 10:28:26] <kajtzu> I don't know how your environment is but for all company devels I provide the same level of AAA as for production services. same login/guid/uid/etc.
[2008/06/02 10:28:47] <kajtzu> I don't see a reason why there would be a need for another authentication infrastructure
[2008/06/02 10:28:57] <ashp> our environment is randomly scrambled together from junk
[2008/06/02 10:29:14] <ashp> I do want to eventually transition to using ldap for all user passwords
[2008/06/02 10:29:30] <ashp> At first I wanted to get groups and other information out of LDAP too, but because of our roles system that's not as nice as it sounds
[2008/06/02 10:29:34] <kajtzu> I store ssh pub keys in ldap too although that is not yet used
[2008/06/02 10:29:38] <ashp> I think I just want to use ldap for authentication, not any other stuff
[2008/06/02 10:29:52] @ DavidS left channel #puppet ()
[2008/06/02 10:30:03] <ashp> At first when I found our LDAP server I got excited and started wanting to restructure the environment aroudn it
[2008/06/02 10:30:07] <ashp> but I don't think we're ready for that
[2008/06/02 10:31:02] <kajtzu> at some point pub keys will be collected from ldap and distributed to servers needing them
[2008/06/02 10:33:54] <ashp> the other frustrating thing with our environment
[2008/06/02 10:34:06] <ashp> is every server has a 10. and also a 140. external address
[2008/06/02 10:34:12] <ashp> and some networks have to talk over 10, some over 140
[2008/06/02 10:34:23] <ashp> and so writing modules is a pain in the ass because we don't have any kind of coherent working DNS
[2008/06/02 10:34:32] <ashp> we absolutely definitely don't have split dns like i'd prefer
[2008/06/02 10:34:46] <ashp> so I have to add logic into every module to say 'if $internal: do this, if $external: this
[2008/06/02 10:34:54] <ashp> which makes supporting stuff like ldap more of a hassle
[2008/06/02 10:35:09] <ashp> A 3rd party does our dns so I'll never get split dns, the idea would break their mind
[2008/06/02 10:35:28] @ kolla joined channel #puppet
[2008/06/02 10:36:05] <kajtzu> you can override dns with hosts if your nsswitch.conf is setup that way ;)
[2008/06/02 10:36:52] <kajtzu> also you could have the int-servername.company.com and ext-servername.company com or servername.ext.company.com or something like that to differentiate between things you consider inside or outside
[2008/06/02 10:37:18] <ashp> Well, we're SUPPOSED to have something like that
[2008/06/02 10:37:27] <ashp> hostname01 and hlshostname01 (with hlshostname01 being external)
[2008/06/02 10:37:40] <ashp> But sadly because everything is run by the third party from what I can see it's a terrible mess that doesn't work properly
[2008/06/02 10:37:53] <kajtzu> how many servers do you have? 10? 100? 1000? :)
[2008/06/02 10:37:56] <ashp> If we had split dns I could just put a single hostname in all my modules, then serve the right address from dns
[2008/06/02 10:38:03] <ashp> we don't even have many! that's the worst bit, we have like 30 servers
[2008/06/02 10:38:25] <ashp> I need to get the central guys to send me a dns list, because it's embarrassing they let it get this bad with only a handful
[2008/06/02 10:38:35] <kajtzu> it takes about 10 minutes to iterate through 30 servers, check their ip addresses and make a list to send to the service provider ;)
[2008/06/02 10:38:45] <ashp> The problem was I wanted a single hostname with the dns server giving different results based on location of request
[2008/06/02 10:39:07] <kajtzu> just my opinion but it sounds like you have a lot of complexity for 30 servers
[2008/06/02 10:39:24] <ashp> I ended up just adding a variable to our node defs (they come from ldap) showing internal or external, so I can add the logic into the modules to do the right thing
[2008/06/02 10:39:35] <ashp> As far as I can tell they started with 1 big sun server, split things out to linux
[2008/06/02 10:39:45] <ashp> but have all these insane requirements to not really change anything
[2008/06/02 10:39:50] <ashp> so it became a terrible mess I'm slowly unravelling
[2008/06/02 10:41:05] <muerr> it doesn't take 10 minutes :)
[2008/06/02 10:41:13] <ashp> Well the issue is, as I said
[2008/06/02 10:41:15] <ashp> even if I have int and ext
[2008/06/02 10:41:23] <ashp> I still have to add all kinds of puppet logic to point things at the right place
[2008/06/02 10:41:28] <muerr> i manually administered 20-40 systems at IBM over 7 years.
[2008/06/02 10:41:30] <ashp> because we're a university we have like a /16
[2008/06/02 10:41:36] <ashp> so they have the worlds most wasteful ip addressing
[2008/06/02 10:41:51] <muerr> i had for loops for automating all kinds of stupid crap like that :-)
[2008/06/02 10:42:10] <ashp> There's things I can do with puppet easily, but I resent them as the 'wrong way' to do it :)
[2008/06/02 10:42:17] <ashp> so i grumble a lot because it feels like a hack
[2008/06/02 10:42:33] <ashp> If the DNS was ran by me, I'd run split dns and we'd have no additional logic in puppet
[2008/06/02 10:42:56] <kajtzu> muerr: sure it does :) ssh server /sbin/ip addr \|grep .. and some scripting around that
[2008/06/02 10:43:05] @ DavidS joined channel #puppet
[2008/06/02 10:44:36] <kajtzu> split dns feels like (and is ;-)) a hack ;-)
[2008/06/02 10:45:48] <ashp> it feels, some days, that everything we do is a horrible hack
[2008/06/02 10:46:04] <ashp> Ideally we should have structured things so all servers talk internally and are accessed externally
[2008/06/02 10:46:09] <ashp> but I guess due to network requirements that's not the case
[2008/06/02 10:46:19] <ashp> a lot of my servers talk to each other over vips, while some do so privately
[2008/06/02 10:46:39] * Volcane loves his pix firewalls for dns rewriting
[2008/06/02 10:46:40] <ashp> maybe I should stop fighting, set everything up to talk externally and just demand they make the firewalls do what I want :)
[2008/06/02 10:48:46] @ DavidS left channel #puppet ()
[2008/06/02 10:49:15] <jamesturnbull> gepetto: seen lak
[2008/06/02 10:49:16] <gepetto> jamesturnbull: lak was last seen 8 hours, 22 minutes and 2 seconds ago, quitting IRC ()
[2008/06/02 10:49:51] <kajtzu> ashp: using just frontend networks is very easy
[2008/06/02 10:50:18] <ashp> It would be if I could control things myself :)
[2008/06/02 10:50:23] <ashp> but I work for a university so everything takes a committee
[2008/06/02 10:50:27] <kajtzu> ah
[2008/06/02 10:50:47] <ashp> I'm surprised they even tolerate puppet considering how conservative we can be
[2008/06/02 10:51:17] <ashp> I just ram things in forcibly because it's really the only choice I have, there's a sense of desperate desire to change things here, but a lot of conservatism for 'how things have always been done' too
[2008/06/02 10:51:24] <ashp> that and this weird fear of faculty
[2008/06/02 10:55:52] <muerr> getting puppet in here was pretty easy. they were looking at cfengine since its the most well known config mgmt
[2008/06/02 10:57:01] <ashp> They hired me in and I guess part of the reason was to bring fresh eyes and ways of working
[2008/06/02 10:57:11] <ashp> from someone who isn't steeped in years of academica
[2008/06/02 10:57:15] <ashp> so I can do whatever I want, within reason
[2008/06/02 10:58:56] <muerr> :)
[2008/06/02 11:19:02] @ brscott joined channel #puppet
[2008/06/02 11:27:15] @ lak joined channel #puppet
[2008/06/02 11:27:25] @ brscott left channel #puppet ()
[2008/06/02 11:29:52] @ martha joined channel #puppet
[2008/06/02 11:31:12] @ pluesch0r joined channel #puppet
[2008/06/02 11:31:26] <pluesch0r> evening!
[2008/06/02 11:31:37] <pluesch0r> i'd like to define a default host config that gets applied to all hosts.
[2008/06/02 11:31:37] <ashp> morning :)
[2008/06/02 11:31:56] <pluesch0r> plus, is it possible to define a certain version of a gem to be installed?
[2008/06/02 11:32:27] <pluesch0r> i'd like to have the latest version of gettext installed, but since there are packages for both ruby and mswin32, gem spits out a dialog (that puppet doesn't answer)
[2008/06/02 11:34:51] <ashp> Well, You can make a module
[2008/06/02 11:34:52] <ashp> call it 'default'
[2008/06/02 11:35:04] <ashp> what I did was make a class called 'baseclass'
[2008/06/02 11:35:10] <ashp> and in there I include all my default modules
[2008/06/02 11:35:17] <ashp> so you can then put in all your statements you always want in there
[2008/06/02 11:35:36] <ashp> I don't think you can define specific gem versions, I use gem2rpm and convert all of mine and put them in my private yum repo and install from there
[2008/06/02 11:35:40] <martha> you can also have each of your hosts inheirit from a parent node
[2008/06/02 11:35:41] <ashp> So I get the specific versions I want.
[2008/06/02 11:35:51] @ strerror_work joined channel #puppet
[2008/06/02 11:36:05] <pluesch0r> martha: ah yes, i think i want that inheritace thing.
[2008/06/02 11:36:14] <pluesch0r> s/inheritace/inheritance
[2008/06/02 11:36:24] <pluesch0r> /
[2008/06/02 11:36:42] @ Quit: strerror_work: Client Quit
[2008/06/02 11:36:56] <ashp> in your case I would have say, a ruby/ module with a class ruby::defaults
[2008/06/02 11:37:02] <ashp> and then in my baseclass do include ruby::defaults
[2008/06/02 11:37:10] @ Quit: Innocenti: Client Quit
[2008/06/02 11:37:43] <pluesch0r> okay. i've got that working with classes right now. gotta look into modules.
[2008/06/02 11:37:56] <martha> also, you can specify a version number for gems
[2008/06/02 11:38:06] <martha> you can see that by looking at http://reductivelabs.com/trac/puppet/wiki/TypeReference#package
[2008/06/02 11:38:12] <martha> and gem is versionable
[2008/06/02 11:40:26] @ Quit: f--z: "KVIrc 3.2.5 Anomalies http://www.kvirc.net/"
[2008/06/02 11:41:52] @ andrewcshafer joined channel #puppet
[2008/06/02 11:43:42] <pluesch0r> oh, great. thanks. :)
[2008/06/02 11:44:23] @ nevele joined channel #puppet
[2008/06/02 11:45:23] @ jvanzyl_ joined channel #puppet
[2008/06/02 11:45:25] @ Quit: jvanzyl: Read error: 104 (Connection reset by peer)
[2008/06/02 11:45:49] <pluesch0r> nevele: heya.
[2008/06/02 11:46:11] <nevele> pluesch0r: hey, funny seeing you here
[2008/06/02 11:46:41] <pluesch0r> nevele: no, actually not .. i finally had time to give puppet a testrun. and i like it.
[2008/06/02 11:46:42] <pluesch0r> a lot. :)
[2008/06/02 11:46:59] <nevele> actually sitting in the puppet schoolin thats happening up in portland
[2008/06/02 11:47:05] <nevele> yea, pretty cool stuff
[2008/06/02 11:47:06] <pluesch0r> ah
[2008/06/02 11:47:06] <nevele> :)
[2008/06/02 11:47:21] <nevele> getting a one week intensive on it
[2008/06/02 11:47:25] <nevele> should be good stuff
[2008/06/02 11:47:33] <ashp> I wish I'd had the ability to do that :)
[2008/06/02 11:47:56] <nevele> just met Luke in the lobby
[2008/06/02 11:48:29] @ Quit: pastie: Remote closed the connection
[2008/06/02 11:48:37] <ashp> ask luke
[2008/06/02 11:48:47] <ashp> if puppetd detects an error in a .pp file
[2008/06/02 11:48:47] <gepetto> ::puppet:: Code Names edited by jamtur01 @ http://reductivelabs.com/trac/puppet/wiki/CodeNames (by james@lovedthanlost.net)
[2008/06/02 11:48:52] <ashp> and you rerun puppet again, is it supposed to ignore it
[2008/06/02 11:48:54] <stick> anyone have a good activerecord script for cleaning up the storeconfigs db? I found a reference to on on the mailing list but it looks a little old and crufty (pre 24.x)
[2008/06/02 11:48:57] <ashp> until you restart puppetmasterd or did i really find a bug?
[2008/06/02 11:49:36] @ pastie joined channel #puppet
[2008/06/02 11:49:46] <nevele> ashp: will do
[2008/06/02 11:49:59] <nevele> he isnt here atm, but, school starts in 11 minutes
[2008/06/02 11:50:12] <nevele> so.. im sure he'll be in shortly
[2008/06/02 11:51:02] <nevele> pretty stoked that my company is actually paying me to contribute
[2008/06/02 11:51:15] <nevele> nice when it works out like that
[2008/06/02 11:51:28] <ashp> I can't fly as my wife is about to pop, but I wanted to :)
[2008/06/02 11:51:56] <jamesturnbull> ashp: I'd have liked to at least hover during it but it's a little too far for me. :)
[2008/06/02 11:51:58] <nevele> oh, congrats..
[2008/06/02 11:52:11] <ashp> if he asks for details, just say I have mysql.pp and in there I had some incorrect syntax (+>), when I ran puppetd -tv it complained, and when I accidently ran it immediately again it said it couldn't find the class contained in the file
[2008/06/02 11:52:15] <ashp> jamesturnbull: Yeah, I'm up in boston :)
[2008/06/02 11:52:22] <ashp> A _little_ bit further for you ;)
[2008/06/02 11:52:34] <jamesturnbull> ashp: just another 12,000 miles odd
[2008/06/02 11:54:22] @ Quit: lak:
[2008/06/02 11:54:42] @ flakrat joined channel #puppet
[2008/06/02 11:56:07] @ Quit: roald: Remote closed the connection
[2008/06/02 11:58:16] <mccune> Hi. I'm writing an autofs module, and I'm using the fragment pattern to generate maps. I have a virtual type called "map" which I'd like to reference from site.pp.
[2008/06/02 11:59:57] <mccune> If I instantiate the type with autofs::map { "logs": options => '-fstype=cifs,ro,guest,sec=none,file_mode=0644,uid=nobody,gid=nogroup'; } and have define map () {} inside class autofs { } inside the autofs module, is this the best way to leverage autoloading, namespaces, and modules?
[2008/06/02 11:59:58] @ Quit: DerekW: "Leaving"
[2008/06/02 12:00:44] @ plathrop joined channel #puppet
[2008/06/02 12:00:50] @ Quit: jvanzyl_: Read error: 104 (Connection reset by peer)
[2008/06/02 12:01:19] @ jvanzyl joined channel #puppet
[2008/06/02 12:04:51] @ Quit: johnf: Read error: 110 (Connection timed out)
[2008/06/02 12:09:38] @ muer1 joined channel #puppet
[2008/06/02 12:19:15] @ ezralini joined channel #puppet
[2008/06/02 12:19:29] @ lutter joined channel #puppet
[2008/06/02 12:21:26] @ tmz_ is now known as tmz
[2008/06/02 12:22:38] @ Quit: muerr: Read error: 110 (Connection timed out)
[2008/06/02 12:28:21] <pluesch0r> hmm .. how do i define the platform when installing gems?
[2008/06/02 12:32:02] @ greenmoss joined channel #puppet
[2008/06/02 12:33:22] @ Quit: exodos: "leaving"
[2008/06/02 12:35:33] <greenmoss> so, anyone tried installing packages where the package wants to ask questions?
[2008/06/02 12:36:45] <benp-> yeah, it led to switching operating systems
[2008/06/02 12:36:52] <pluesch0r> lol.
[2008/06/02 12:36:56] <benp-> well, that and a lot of other things
[2008/06/02 12:37:07] <pluesch0r> what OS to what OS?
[2008/06/02 12:37:14] <pluesch0r> linux to solaris/bsd?
[2008/06/02 12:37:32] <muer1> there's a responsefile option for solaris and debian's package providers
[2008/06/02 12:37:37] <benp-> freebsd to centos
[2008/06/02 12:37:42] <pluesch0r> ok
[2008/06/02 12:38:02] <benp-> but 90% of the reason i ditched freebsd was shitty package management
[2008/06/02 12:38:07] <pluesch0r> i can already picture myself setting up a custom gem server ..
[2008/06/02 12:38:27] <benp-> thats a good idea
[2008/06/02 12:39:16] <Volcane> benp-: yeah, the many many buildworlds i had to do for the last ssh update pretty much put the nail in the bsd coffin for me too.
[2008/06/02 12:39:21] @ pleemans joined channel #puppet
[2008/06/02 12:39:22] <Volcane> better things to do with my life than that!
[2008/06/02 12:39:34] <benp-> i still like openbsd a lot
[2008/06/02 12:39:50] <benp-> but i dont really need to install a lot of packages on it to get it to do what i want
[2008/06/02 12:40:10] <Volcane> nods, its a nice system, all the bsd's i had uber stable bsd systems like 5 year+ uptimes, but cant be spending that much time building worlds for silly things
[2008/06/02 12:40:23] <benp-> right
[2008/06/02 12:41:09] * Volcane installed a pair of bsd firewalls 2nd day he arrived in the UK, only turned them off/rebooted for the first time after i became a citizen 5 years later heh
[2008/06/02 12:41:25] <benp-> its good and all, but every freebsd machine is kind of a one-off.. it's frustrating trying to have any kind of consistency across multiple machines, even with puppet.
[2008/06/02 12:41:40] <Volcane> yeah totally
[2008/06/02 12:41:53] <Volcane> lack of proper virtualisation also did it for me
[2008/06/02 12:42:16] <pluesch0r> i really like xen ..
[2008/06/02 12:42:30] <benp-> where are you from Volcane ?
[2008/06/02 12:42:44] <muer1> benp-: isn't the reason of switching freebsd to centos due to shitty package management kind of ironic? since rpm is much maligned :)
[2008/06/02 12:43:00] <muer1> we use centos here too :-x
[2008/06/02 12:43:04] @ muer1 is now known as muerr
[2008/06/02 12:43:24] <Volcane> benp-: south africa originally, london now
[2008/06/02 12:43:48] @ Quit: kolla: Remote closed the connection
[2008/06/02 12:43:53] <ashp> I really think someone needs to design a BSD
[2008/06/02 12:43:57] <ashp> with puppeting in mind
[2008/06/02 12:44:04] <ashp> so that it's much easier to get the clustering/consistancy
[2008/06/02 12:44:09] * Volcane doesnt mind rpm, just with yum could work without a net connection sometimes
[2008/06/02 12:44:15] <Volcane> ashp: nods :(
[2008/06/02 12:44:16] <ashp> a whole distribution designed with ease of replication/ensuring sync status would be interesting
[2008/06/02 12:45:02] <Volcane> i had like 15 pairs of freebsd firewall deployed all over the world
[2008/06/02 12:45:04] <Volcane> was a pain
[2008/06/02 12:45:15] <ashp> We used about 450 servers at yahoo
[2008/06/02 12:45:22] <ashp> and the inability to keep them in sync drove me insane
[2008/06/02 12:45:29] <benp-> muerr: <shrug> works fine for me.. i've built rpms and i'd say the whole RPM thing is a reasonably intelligent way to do it. but i haven't had experience building apt/debs are anything else so i dont have anything to compare it to.
[2008/06/02 12:45:39] <ashp> I just think we need a distribution designed from scratch with the basic idea
[2008/06/02 12:45:39] <Volcane> ah yeah, met some of the yahoo bsd guys, they came to south africa for some conf, lots of bsd ppl in sa
[2008/06/02 12:45:45] <ashp> that it's not going to be a standalone machine
[2008/06/02 12:45:55] @ shake-n-bake joined channel #puppet
[2008/06/02 12:46:07] <benp-> ashp i've thought that for a while. freebsd with rpm
[2008/06/02 12:46:07] <muerr> i think the last thing the open source world needs is more distributions :)
[2008/06/02 12:46:10] <benp-> would be great
[2008/06/02 12:46:11] * Volcane has built deps, freebsd ports and rpms. prefer rpm over the lot
[2008/06/02 12:46:12] @ Quit: shake-n-bake: Client Quit
[2008/06/02 12:46:31] <ashp> there was a freebsd/debian
[2008/06/02 12:46:36] <benp-> really
[2008/06/02 12:46:38] <benp-> ?
[2008/06/02 12:46:42] <Volcane> yeah
[2008/06/02 12:46:43] <ashp> http://www.debian.org/ports/kfreebsd-gnu/
[2008/06/02 12:46:44] <ashp> there it is
[2008/06/02 12:46:48] <benp-> cool
[2008/06/02 12:46:58] <ashp> It's probably terrible as they didn't just make 'freebsd into packages with apt'
[2008/06/02 12:47:04] <ashp> but tried to build debian on a bsd kernel
[2008/06/02 12:47:06] <muerr> Does (Free\|Open)BSD have volume management?
[2008/06/02 12:47:12] <ashp> it does
[2008/06/02 12:47:18] <Volcane> freebsd has zfs now
[2008/06/02 12:47:20] <ashp> it has geom and also an older thing called vinum
[2008/06/02 12:47:25] <ashp> and yeah, zfs for testing
[2008/06/02 12:47:36] <e^ipi> ashp: +1... the GNUserland kinna sucks
[2008/06/02 12:47:48] <ashp> e^ipi: As a REALLY intresting project
[2008/06/02 12:47:55] <ashp> i would love to see a userland written in perl, python or ruby
[2008/06/02 12:48:04] <Volcane> ashp: lol
[2008/06/02 12:48:23] <ashp> I'm just curious as to how much a/ useful the userland could be b/ how much code reduction it would result in
[2008/06/02 12:48:36] <e^ipi> a lot of opensolaris userland is getting replaced with ksh93 builtins
[2008/06/02 12:48:47] <ashp> that's an interesting idea, do they have a project page?
[2008/06/02 12:48:52] <e^ipi> ( ksh93 is about as full featured as perl/python/ruby )
[2008/06/02 12:48:57] <ashp> i just think that for 95% of the userland there is NO need to write it in c anymore
[2008/06/02 12:48:58] <e^ipi> no, just a bunch of ARC cases
[2008/06/02 12:49:12] <ashp> and that if you weren't focused on the micro implementation details you could really improve some tools like grep etc
[2008/06/02 12:49:12] <benp-> ashp: i
[2008/06/02 12:49:22] <e^ipi> and these ones are actually standards compliant, they come straight from at&t labs
[2008/06/02 12:50:00] <ashp> It's not that c is a bad language or a wrong choice, but userland work in unix seems to be focused on just cleaning up and tidying bugs these days
[2008/06/02 12:50:10] <ashp> and not any real development or work on improving the design choices
[2008/06/02 12:50:51] <e^ipi> more or less yeah
[2008/06/02 12:51:01] <e^ipi> GNU keeps adding flags (bugs) for no good reason
[2008/06/02 12:51:01] <ashp> maybe linux is better, but bsd userland mostly just seems to be tweaking and minor refactoring
[2008/06/02 12:51:02] <benp-> isn't it supposed to be the crappiest software capable of doing the required tasks? thats what i think when i think UNIX
[2008/06/02 12:51:12] <ashp> Ahaha, that's pretty accurate at times
[2008/06/02 12:51:18] <e^ipi> but the BSD and sysv userland are all pretty stable
[2008/06/02 12:51:26] <ashp> That's the reason nobody wants to change things
[2008/06/02 12:51:48] <ashp> at the same time, I'd love to see a supplemental attempt at say, rewriting /usr/bin on a stock freebsd box into a higher level language
[2008/06/02 12:51:52] <ashp> to see how well it worked
[2008/06/02 12:52:06] <e^ipi> what i'd find more interesting is an effort to port either the freebsd or sysv ( opensolaris ) userland to linux
[2008/06/02 12:52:21] <e^ipi> no longer GNU/Linux... SysV/Linux :D
[2008/06/02 12:52:30] <e^ipi> just for funsies
[2008/06/02 12:52:32] @ shake-n-bake joined channel #puppet
[2008/06/02 12:52:38] <ashp> freebsd has a nice /etc/rc.d system, that's for sure
[2008/06/02 12:52:41] * Volcane gets annoyed when GNU ppl do things like break commandlines thats worked for year, like 'ps -auxw' just cos of them having some philosophical isue with it
[2008/06/02 12:52:42] <ashp> I'd like that on linux.
[2008/06/02 12:52:50] <benp-> e^ipi: ha-ha! take that open source hippies!
[2008/06/02 12:52:59] <e^ipi> benp-: they'd still be open source
[2008/06/02 12:53:05] <e^ipi> not GPL, but open source
[2008/06/02 12:53:33] <ashp> I just think that unless you're writing some sort of performance critical application
[2008/06/02 12:53:42] <ashp> c is now no longer the right choice and i'd like to see a unix reflect that
[2008/06/02 12:53:56] <muerr> i much prefer sysv rc scripts to bsd's single file approach.
[2008/06/02 12:54:03] <ashp> muerr: they don't do that anymore
[2008/06/02 12:54:17] <e^ipi> muerr: solaris and aix have both moved off sysv rc scripts
[2008/06/02 12:54:20] <ashp> muerr: You have /etc/rc.d/blah, and in there it has dependencies on other stuff required for startup, and then the start/stop stuff
[2008/06/02 12:54:22] <e^ipi> solaris uses SMF
[2008/06/02 12:54:22] <Volcane> muerr: they much more sysvish now
[2008/06/02 12:54:28] <e^ipi> don't remember what aix does
[2008/06/02 12:54:32] <Volcane> e^ipi: smf
[2008/06/02 12:54:39] <Volcane> oh
[2008/06/02 12:54:40] <e^ipi> service management facility
[2008/06/02 12:54:42] <Volcane> i missread
[2008/06/02 12:54:44] <ashp> they have PROVIDE:/REQUIRE:/BEFORE: in the rc files now
[2008/06/02 12:54:48] <Volcane> thought u said SHF, old age :P
[2008/06/02 12:55:03] <e^ipi> rc.d/sysv init are both quite ancient and obsolete
[2008/06/02 12:55:08] <Volcane> i hate smf.
[2008/06/02 12:55:13] <Volcane> god awfull xml files
[2008/06/02 12:56:01] <e^ipi> times change
[2008/06/02 12:56:19] <ashp> i sort of agree with volcane
[2008/06/02 12:56:21] <ashp> i really hate xml files :/
[2008/06/02 12:56:22] <Volcane> xml wasnt designed to be typed up, or read, thats never changed
[2008/06/02 12:56:27] <muerr> e^ipi: aix uses /etc/inittab preferably, and aix is a special breed entirely.
[2008/06/02 12:56:35] <Volcane> if someone uses it in a environment where either of those are a requirement, they made the wrong choice
[2008/06/02 12:56:53] <muerr> so aix really shouldn't be included in any unix conversations.
[2008/06/02 12:57:04] <e^ipi> Volcane: the xml files are just a machine-readable way of getting information in to it's database
[2008/06/02 12:57:06] <ashp> aix is a crime against nature
[2008/06/02 12:57:08] <muerr> and i haven't touched solaris since version 8 (and prefer to keep it that way, never really cared for solaris)
[2008/06/02 12:57:18] <ashp> solaris 10, i have to admit, is a million miles better
[2008/06/02 12:57:25] <ashp> and dtrace is probably the coolest shit written in 10 years
[2008/06/02 12:57:34] <muerr> ashp: nah, aix is a great OS, it just requires a completely corporate enterprise point of view.
[2008/06/02 12:57:37] <ashp> If all developers used dtrace the world would be a better place
[2008/06/02 12:57:51] <e^ipi> the best thing apple ever did was steal dtrace & zfs
[2008/06/02 12:58:07] <muerr> trying to approach aix with an open source system administration methodology is asking for serious trouble :)
[2008/06/02 12:58:11] @ Quit: pleemans: Connection reset by peer
[2008/06/02 12:58:29] * Volcane hates his IBM H70s
[2008/06/02 12:58:35] <muerr> wow those are ancient.
[2008/06/02 12:58:42] @ pleemans joined channel #puppet
[2008/06/02 12:58:57] <Volcane> not really, got them new 2000ish
[2008/06/02 12:59:03] <Volcane> that not that long ago
[2008/06/02 12:59:11] <e^ipi> my only ibm machine is a 44p-170
[2008/06/02 12:59:12] <greenmoss> so, the deal with the packages: I have to get Ubuntu to install a Sun package, which seems to want you to confirm that you accept the Sun license
[2008/06/02 12:59:16] <e^ipi> it's pretty decent
[2008/06/02 12:59:23] <greenmoss> anyone else handled this before?
[2008/06/02 12:59:23] <muerr> e^ipi: that is ancient as well. :P
[2008/06/02 12:59:24] @ pluesch0r left channel #puppet ()
[2008/06/02 12:59:30] <e^ipi> greenmoss: sun license = CDDL
[2008/06/02 12:59:35] <greenmoss> I'm looking at this: https://lists.uni-koeln.de/pipermail/linux-fai/2007-May/004960.html
[2008/06/02 12:59:35] <ashp> i wish linux wasn't so broken
[2008/06/02 12:59:37] <muerr> required firmware upgrades to be able to run AIX 5L
[2008/06/02 12:59:39] <ashp> so we could have zfs and dtrace
[2008/06/02 12:59:40] <e^ipi> it's identical to the apache license
[2008/06/02 12:59:54] <greenmoss> so I can probably figure it out myself... just wondering if someone else has done it already
[2008/06/02 12:59:59] <greenmoss> to save me some pain :)
[2008/06/02 13:00:09] <e^ipi> ashp: you could just use opensolaris shrug
[2008/06/02 13:00:19] <e^ipi> it's faster anyways
[2008/06/02 13:00:48] <greenmoss> sorry, I guess I mean "install Java" not "install a Sun package"
[2008/06/02 13:01:09] <ashp> I really like opensolaris.
[2008/06/02 13:01:12] <e^ipi> java's GPL + classpath exception ( you can link to the classpath without being affected by the viral clause )
[2008/06/02 13:01:22] <ashp> But sadly we just moved to RHEL at work and there's zero chance I can move to anything else.
[2008/06/02 13:01:54] <Volcane> greenmoss: afaik u only really need to click to download, you are in your rights to host it locally in a package that doesnt ask if you clicked throug the first download. thats how most rpm based distros does it, you build your own RPM and put it in your own repos thats totally fine - and tht rpm doesnt need to ask the licence stuff
[2008/06/02 13:02:19] <ashp> i just install openjdk and that seems to work for java
[2008/06/02 13:02:29] <ashp> but java is confusing so i don't know if it'll break on somethimng
[2008/06/02 13:02:30] <greenmoss> hmm... don't wanna build my own ;)
[2008/06/02 13:02:39] <greenmoss> I may just use the "config file" work-around
[2008/06/02 13:02:43] * Volcane is really++ glad rpm doesnt support any form of interaction
[2008/06/02 13:08:33] @ f--z joined channel #puppet
[2008/06/02 13:12:08] <greenmoss> I actually like the interaction in Debian packages... this is the first time it's bit me
[2008/06/02 13:12:57] <muerr> I'm so glad we don't need crazy java packages.
[2008/06/02 13:13:13] <muerr> the only java apps we use include the JRE they need (dell server tools mainly)
[2008/06/02 13:14:38] @ Quit: gileswork: "ChatZilla 0.9.82.1 [Firefox 2.0.0.14/2008040413]"
[2008/06/02 13:15:31] <Volcane> greenmoss: it just breeds inconsistancy, the idea is ok, but the debian maintainers just cant get their act right, i have seen tons of machines where for example the sendmail hostname is set to ';; connection timed out; no servers could be reached' for example. its just shody, unrepeatable and mostly unneeded automtion
[2008/06/02 13:20:59] <e^ipi> muerr: oracle does that too
[2008/06/02 13:21:10] <plathrop> Volcane: My biggest problem is that the Debian packagers seem to depend on that interaction, so if you install a debian package from an automated tool, you often have to clean up things you shouldn't have to clean up.
[2008/06/02 13:21:16] <e^ipi> it's annoying, if they use the system JDK i can run oracle and SGD and use less ram
[2008/06/02 13:21:30] <e^ipi> well, i dunno if linux does that
[2008/06/02 13:22:01] <e^ipi> but solaris pegs one instance to ram and everybody gets it mapped in their address space
[2008/06/02 13:22:02] <muerr> e^ipi: supposedly websphere does as well, but it rarely worked properly on linux.
[2008/06/02 13:22:48] <Volcane> plathrop: well they shouldnt even need all that interaction, if they left the daemons alone to work as they were designed instead of bastardising the configs into something that only debian people know none of that would be needed, instead they've created one huge inconsistant bug trap
[2008/06/02 13:23:16] <e^ipi> Volcane: which, linux?
[2008/06/02 13:23:21] <Volcane> debian
[2008/06/02 13:23:29] <e^ipi> it was a joke
[2008/06/02 13:24:00] <Volcane> i am working on a site atm with maybe 40 debian machines, some quite old 3.0 machines that were upgraded through the year
[2008/06/02 13:24:04] <Volcane> wow what a total mess
[2008/06/02 13:24:25] @ Quit: Xteven: Remote closed the connection
[2008/06/02 13:24:28] <Volcane> and its not down to operator error, cos when you investigate the causes of the emsses, its down to outright shoddy packages, or just fatally flawed design
[2008/06/02 13:24:35] @ Xteven joined channel #puppet
[2008/06/02 13:26:02] <e^ipi> that's why i'm worried about work's migration from solaris to linux... i think it's a stupidass plan, but i'm just the jr "do stuff" monkey
[2008/06/02 13:26:08] <Volcane> like idiotic things where upgrading snmpd will overwrite what you put in /etc/defaults/snmpd - making all post upgrade snmpd's listen on 127.0.0.1
[2008/06/02 13:26:32] <Volcane> e^ipi: there are plenty good linuxen out there that are consistant, repeatable and predictable
[2008/06/02 13:26:53] <e^ipi> not to someone used to solaris there isn't
[2008/06/02 13:27:20] <Volcane> e^ipi: hehe, its not like you can upgrade a solaris machine even with point level patches and expect things to work the same afterward :P
[2008/06/02 13:27:53] <e^ipi> you can actually
[2008/06/02 13:27:58] <e^ipi> sun offers a guarantee to that effect
[2008/06/02 13:28:28] <e^ipi> 2 minor versions ( solaris 8 -> solaris 10 ) and things are guaranteed to work except for the GNU tools in /usr/gnu and /usr/sfw