Sunday, 2008-09-21

« Saturday, 2008-09-20 Index Monday, 2008-09-22 »
[2008/09/21 00:04:31] @ Log started by gepetto
[2008/09/21 00:04:31] @ lak joined channel #puppet
[2008/09/21 00:05:44] @ oskapt joined channel #puppet
[2008/09/21 00:06:17] @ Quit: oskapt: Client Quit
[2008/09/21 00:22:30] @ Quit: Sakarias: kubrick.freenode.net irc.freenode.net
[2008/09/21 00:23:22] @ Quit: dysinger: kubrick.freenode.net irc.freenode.net
[2008/09/21 00:23:27] @ Quit: yure: kubrick.freenode.net irc.freenode.net
[2008/09/21 00:23:30] @ Quit: tyler79: kubrick.freenode.net irc.freenode.net
[2008/09/21 00:23:32] @ Quit: hMz: kubrick.freenode.net irc.freenode.net
[2008/09/21 00:23:35] @ Quit: Legooolas: kubrick.freenode.net irc.freenode.net
[2008/09/21 00:23:37] @ Quit: phips: kubrick.freenode.net irc.freenode.net
[2008/09/21 00:23:38] @ Quit: jonj: kubrick.freenode.net irc.freenode.net
[2008/09/21 00:23:41] @ Quit: duritong: kubrick.freenode.net irc.freenode.net
[2008/09/21 00:23:42] @ Quit: andreid21: kubrick.freenode.net irc.freenode.net
[2008/09/21 00:23:42] @ Quit: kajtzu: kubrick.freenode.net irc.freenode.net
[2008/09/21 00:23:42] @ Quit: randybias: kubrick.freenode.net irc.freenode.net
[2008/09/21 00:23:42] @ Quit: Volcane: kubrick.freenode.net irc.freenode.net
[2008/09/21 00:23:42] @ Quit: forsberg: kubrick.freenode.net irc.freenode.net
[2008/09/21 00:23:42] @ Quit: mellen: kubrick.freenode.net irc.freenode.net
[2008/09/21 00:23:42] @ Quit: ralfgro: kubrick.freenode.net irc.freenode.net
[2008/09/21 00:23:42] @ Quit: charlieS: kubrick.freenode.net irc.freenode.net
[2008/09/21 00:23:42] @ Quit: lazzurs: kubrick.freenode.net irc.freenode.net
[2008/09/21 00:23:42] @ Quit: londo_onholidays: kubrick.freenode.net irc.freenode.net
[2008/09/21 00:23:42] @ Quit: Omahn: kubrick.freenode.net irc.freenode.net
[2008/09/21 00:23:42] @ Quit: barn: kubrick.freenode.net irc.freenode.net
[2008/09/21 00:23:42] @ Quit: sisley: kubrick.freenode.net irc.freenode.net
[2008/09/21 00:23:42] @ Quit: henk: kubrick.freenode.net irc.freenode.net
[2008/09/21 00:23:42] @ Quit: MrProper_: kubrick.freenode.net irc.freenode.net
[2008/09/21 00:23:42] @ Quit: saloxin: kubrick.freenode.net irc.freenode.net
[2008/09/21 00:23:42] @ Quit: btm: kubrick.freenode.net irc.freenode.net
[2008/09/21 00:23:42] @ Quit: growler: kubrick.freenode.net irc.freenode.net
[2008/09/21 00:23:42] @ Quit: youam: kubrick.freenode.net irc.freenode.net
[2008/09/21 00:23:42] @ Quit: nico: kubrick.freenode.net irc.freenode.net
[2008/09/21 00:23:42] @ Quit: _NiC: kubrick.freenode.net irc.freenode.net
[2008/09/21 00:23:42] @ Quit: wrobel: kubrick.freenode.net irc.freenode.net
[2008/09/21 00:23:42] @ Quit: falsch: kubrick.freenode.net irc.freenode.net
[2008/09/21 00:27:45] @ forsberg joined channel #puppet
[2008/09/21 00:27:46] @ randybias joined channel #puppet
[2008/09/21 00:27:46] @ Volcane joined channel #puppet
[2008/09/21 00:27:46] @ mellen joined channel #puppet
[2008/09/21 00:27:47] @ ralfgro joined channel #puppet
[2008/09/21 00:27:47] @ charlieS joined channel #puppet
[2008/09/21 00:27:47] @ lazzurs joined channel #puppet
[2008/09/21 00:27:47] @ londo_onholidays joined channel #puppet
[2008/09/21 00:27:47] @ Omahn joined channel #puppet
[2008/09/21 00:27:47] @ barn joined channel #puppet
[2008/09/21 00:27:47] @ henk joined channel #puppet
[2008/09/21 00:27:47] @ sisley joined channel #puppet
[2008/09/21 00:27:47] @ MrProper_ joined channel #puppet
[2008/09/21 00:27:47] @ btm joined channel #puppet
[2008/09/21 00:27:47] @ nico joined channel #puppet
[2008/09/21 00:27:47] @ wrobel joined channel #puppet
[2008/09/21 00:27:47] @ saloxin joined channel #puppet
[2008/09/21 00:27:47] @ youam joined channel #puppet
[2008/09/21 00:27:47] @ growler joined channel #puppet
[2008/09/21 00:27:47] @ falsch joined channel #puppet
[2008/09/21 00:27:47] @ _NiC joined channel #puppet
[2008/09/21 00:27:57] @ andreid21 joined channel #puppet
[2008/09/21 00:27:57] @ kajtzu joined channel #puppet
[2008/09/21 00:28:10] @ Sakarias joined channel #puppet
[2008/09/21 00:28:10] @ dysinger joined channel #puppet
[2008/09/21 00:28:11] @ yure joined channel #puppet
[2008/09/21 00:28:11] @ tyler79 joined channel #puppet
[2008/09/21 00:28:11] @ Legooolas joined channel #puppet
[2008/09/21 00:28:11] @ jonj joined channel #puppet
[2008/09/21 00:28:11] @ duritong joined channel #puppet
[2008/09/21 00:28:11] @ hMz joined channel #puppet
[2008/09/21 00:28:11] @ phips joined channel #puppet
[2008/09/21 00:40:05] @ Quit: ski98033: Read error: 113 (No route to host)
[2008/09/21 00:41:11] @ Quit: lak:
[2008/09/21 00:48:11] @ Quit: jonj: "leaving"
[2008/09/21 01:09:03] @ Quit: randybias:
[2008/09/21 01:36:26] @ asa joined channel #puppet
[2008/09/21 02:19:49] @ Log started by gepetto
[2008/09/21 02:19:49] @ Joined channel #puppet
[2008/09/21 02:19:54] @ Topic is "Redmine has moved to http://tinyurl.com/46ryk7! | Please see http://snurl.com/1udr1 for channel guidelines"
[2008/09/21 02:19:57] @ Topic set by jamesturnbull on Fri Sep 12 03:58:12 -0400 2008
[2008/09/21 02:19:58] @ Mode +tnc by kubrick.freenode.net
[2008/09/21 02:20:31] @ jamestur1bull joined channel #puppet
[2008/09/21 02:22:20] @ Quit: jamesturnbull: Read error: 113 (No route to host)
[2008/09/21 02:24:43] @ Quit: jamestur1bull: Client Quit
[2008/09/21 02:25:16] @ jamesturnbull joined channel #puppet
[2008/09/21 02:25:31] @ Quit: squirrelpimp: Read error: 104 (Connection reset by peer)
[2008/09/21 02:26:09] @ squirrelpimp joined channel #puppet
[2008/09/21 02:26:40] <jamesturnbull> gepetto: #1550
[2008/09/21 02:43:38] @ meandtheshell joined channel #puppet
[2008/09/21 03:04:27] @ teyo joined channel #puppet
[2008/09/21 03:08:13] @ Quit: andrewcshafer:
[2008/09/21 03:08:14] @ Quit: LittleIdea_:
[2008/09/21 03:41:35] @ syb-away joined channel #puppet
[2008/09/21 03:50:46] @ Quit: forsberg: "Leaving"
[2008/09/21 03:54:20] @ aymerick joined channel #puppet
[2008/09/21 04:08:48] @ eliasp joined channel #puppet
[2008/09/21 04:15:38] <n0ts___> Hi, I have a quiestion about file resource type.
[2008/09/21 04:16:04] <n0ts___> How to make a parent directory ? like 'mkdir -p'
[2008/09/21 04:17:11] <fujin> You can't.
[2008/09/21 04:17:48] <fujin> although, something like file { [ "/srv", "/srv/git", "/srv/git/gitrepo1", "/srv/git/gitrepo2" ]: ensure => directory }
[2008/09/21 04:17:52] <fujin> will work.
[2008/09/21 04:18:21] <n0ts___> Thank you @fujin. I'll try it.
[2008/09/21 04:50:18] @ alex_john joined channel #puppet
[2008/09/21 04:50:26] <alex_john> hello
[2008/09/21 04:50:59] <alex_john> when I start puppet,, I am geting an error message
[2008/09/21 04:51:07] <alex_john> Could not load confine test 'operatingsystem': No such file to load -- puppet/provider/confine/operatingsystem
[2008/09/21 04:51:08] <alex_john> Could not load confine test 'operatingsystem': No such file to load -- puppet/provider/confine/operatingsystem
[2008/09/21 04:51:09] <alex_john> Could not load confine test 'operatingsystem': No such file to load -- puppet/provider/confine/operatingsystem
[2008/09/21 04:51:09] <alex_john> Could not start WEBrick: undefined method `session_id_context' for #<OpenSSL::SSL::SSLContext:0x403ace78>
[2008/09/21 04:51:17] <alex_john> any idea?
[2008/09/21 05:11:55] @ Quit: alex_john: "Leaving"
[2008/09/21 06:05:21] @ roald joined channel #puppet
[2008/09/21 06:17:41] @ martha joined channel #puppet
[2008/09/21 06:35:49] @ simmerz joined channel #puppet
[2008/09/21 06:37:08] <simmerz> Hi. I'm trying to install puppetmaster on a debian server, and I've followed the style guide as to the hierarchy of files. I've also set manifestdir=$config/master/manifests in /etc/puppet.conf. When I start puppetmaster though, it asks for /etc/puppet/manifests/site.pp and creates /etc/manifests as a dir. what am I doing wrong?
[2008/09/21 06:41:48] <simmerz> anyone about at all?
[2008/09/21 06:52:45] <martha> simmerz: I don't know if $config is a valid var
[2008/09/21 06:53:08] <martha> can you pastie your puppet.conf and the error?
[2008/09/21 06:56:00] <simmerz> ok, I've got it working now, and I get a different error. it now says: "err: /File[/var/lib/puppet/lib]/source: Could not describe /plugins: can't convert nil into String" on the client
[2008/09/21 06:56:09] <simmerz> do you want the server puppet.conf or the client one?
[2008/09/21 06:57:08] <simmerz> and using 0.24.4 from debian backports
[2008/09/21 06:58:39] <martha> the /plugins is a known bug: #947
[2008/09/21 06:59:15] <martha> I think it happens when you don't have the modules in the normal place
[2008/09/21 06:59:30] <martha> not everything is 100% environment aware
[2008/09/21 07:02:13] <simmerz> so can i fix the configuration to stop that?
[2008/09/21 07:02:48] <martha> I'm not sure
[2008/09/21 07:02:59] <martha> trying moving your modules to /etc/puppet/modules
[2008/09/21 07:03:51] <simmerz> martha: so what of the style guide file hierarchy?
[2008/09/21 07:04:07] <simmerz> I also get an error saying: err: Rails is missing; cannot store configurations
[2008/09/21 07:04:22] <simmerz> puppet uses Rails?!
[2008/09/21 07:06:16] <simmerz> ok, i also have another issue - i have created a "sudo" module that ensures /etc/sudoers is mode => 440. site.pp loads nodes.pp which has a default node which includes sudo
[2008/09/21 07:06:46] <simmerz> and i changed /etc/sudoers to be 640 just to see if it works
[2008/09/21 07:06:52] <simmerz> it doesn't appear to have changed anything. any ideas?
[2008/09/21 07:10:05] <martha> simmerz: rails is used if you turned storeconfigs on
[2008/09/21 07:10:24] <martha> I'd need to see your manifest and the output from the client
[2008/09/21 07:11:09] <simmerz> i copied a puppet.conf file from David Schmitt's git repo
[2008/09/21 07:12:52] <simmerz> ah. removing some config made it continue and change the file to 440
[2008/09/21 07:13:06] <martha> davids' repo is very good, but very complicated for a beginner
[2008/09/21 07:13:20] <simmerz> I still get the plugins error though
[2008/09/21 07:13:34] <simmerz> should I add a pluginpath declaration to [puppermasterd] ?
[2008/09/21 07:14:07] <simmerz> I just copied the puppet.conf file. I'm trying to follow the style guide regarding the structure. it's just annoying that the style guide doesn't match the default configuration
[2008/09/21 07:14:28] <simmerz> "warning: //Node[default]/sudo/File[/etc/sudoers]/ensure: No specified sources exist" ermmm, what?!
[2008/09/21 07:14:34] <martha> the style guide is out of date, ignore it
[2008/09/21 07:14:49] <simmerz> grr! so how should I be laying out my setup?
[2008/09/21 07:14:58] <martha> your path that you are trying to take sudoers from is not right
[2008/09/21 07:15:00] <simmerz> trying to learn puppet if the docs are wildly out is painful!
[2008/09/21 07:15:15] @ Quit: teyo:
[2008/09/21 07:15:22] <simmerz> so why do I then get "notice: //Node[default]/sudo/File[/etc/sudoers]/mode: mode changed '640' to '440'" ?
[2008/09/21 07:16:26] <simmerz> i'm trying to create a configuration that I can store in svn, and just svn up on my puppetmaster server for now. what is the best practise for doing that structure-wise?
[2008/09/21 07:17:57] <simmerz> i found cfengine too complex to work out, but at least its documentation doesn't change every 5 mins, so a newbie with enough patience can pick it up. puppet seems to need me to be able to mindread too
[2008/09/21 07:18:06] <martha> if you don't use environments, just put thing in /etc/puppet/manifests and /etc/puppet/modules
[2008/09/21 07:18:41] <simmerz> and if i do use environments?
[2008/09/21 07:18:45] <martha> start with the debian defaults
[2008/09/21 07:19:03] <martha> that's advanced puppet, worry about that when you get the basics down
[2008/09/21 07:19:21] <martha> it is really easy to go back and refactor/improve things in puppet
[2008/09/21 07:19:34] <simmerz> http://reductivelabs.com/trac/puppet/wiki/PuppetBestPractice#file-hierarchy is wrong then and i shouldn't pay any attention to it?
[2008/09/21 07:20:03] <martha> yes
[2008/09/21 07:20:07] <simmerz> actually, it has changed since I last read it anyway
[2008/09/21 07:20:18] <simmerz> grrr
[2008/09/21 07:20:33] <martha> well, that's overly complex for a beginner
[2008/09/21 07:20:49] <martha> start with a simple class, under manifests
[2008/09/21 07:20:54] <martha> then add in modules
[2008/09/21 07:21:15] * simmerz goes and bins his current structure and purges puppetmaster and puppet and reinstalls them with debian defaults
[2008/09/21 07:21:50] <martha> people are doing very complicated things with puppet, but they are hard to understand if you don't start with something simpler
[2008/09/21 07:22:13] <martha> don't turn anything on until you understand what it does
[2008/09/21 07:23:03] <simmerz> ok. so by default, I have files/, fileserver.conf, manifests, and puppet.conf
[2008/09/21 07:23:46] <martha> ok
[2008/09/21 07:25:04] <simmerz> hmm, a client is now reporting "err: Could not retrieve catalog: Certificates were not trusted: certificate verify failed"
[2008/09/21 07:25:14] <simmerz> and puppetca -l shows no servers to sign certs for
[2008/09/21 07:25:30] <simmerz> should I purge the list of clients somewhere?
[2008/09/21 07:26:41] <martha> you need to delete the server cert on the client
[2008/09/21 07:26:51] <martha> in /var/lib/puppet/ssl on the client
[2008/09/21 07:27:44] <simmerz> csr_server.pem?
[2008/09/21 07:28:40] <simmerz> ah, got it
[2008/09/21 07:30:02] <simmerz> it says autosign is enabled by default by use of autosign.conf. i can't find a reference to the format of that file.
[2008/09/21 07:30:17] <martha> *.domain.com
[2008/09/21 07:30:37] <martha> that's all you need in that file
[2008/09/21 07:30:49] <simmerz> ah ok.
[2008/09/21 07:32:28] <simmerz> right. I'm going off to redo my sudo config
[2008/09/21 07:34:42] <simmerz> out of interest, the default is pluginsync=true (in /etc/puppet/puppet.conf), and the server gives: "err: Permission denied: Cannot access mount[plugins]"
[2008/09/21 07:34:49] <simmerz> something missing?
[2008/09/21 07:36:17] <martha> you don't have any plugins yet
[2008/09/21 07:37:03] <simmerz> so nothing to worry about then for now
[2008/09/21 07:37:30] <simmerz> should I create a module for sudo?
[2008/09/21 07:37:38] <martha> if you want
[2008/09/21 07:38:30] <simmerz> lol. would you consider that "best practice" ?
[2008/09/21 07:38:49] <martha> you can start with a plain class, or even just a file object in you node definition
[2008/09/21 07:39:26] <simmerz> ok
[2008/09/21 07:40:18] <simmerz> the quick start suggests a class
[2008/09/21 07:40:23] <martha> fyi, I think james turnbull's book is supposed to be the best place for beginners to start. you can buy it as an ebook, even
[2008/09/21 07:41:13] <martha> it doesn't make a huge difference to start with.
[2008/09/21 07:41:19] <simmerz> pulling strings with puppet?
[2008/09/21 07:41:30] <martha> you have to move to classes next anyway
[2008/09/21 07:41:31] <jamesturnbull> simmerz: that's the one
[2008/09/21 07:41:41] <simmerz> jamesturnbull: thanks :)
[2008/09/21 07:41:46] @ DavidS joined channel #puppet
[2008/09/21 07:41:46] <jamesturnbull> simmerz: the e-book is quite reasonably priced too :P
[2008/09/21 07:41:54] * simmerz goes to fetch
[2008/09/21 07:42:05] @ DavidS left channel #puppet ()
[2008/09/21 07:42:58] <simmerz> grrr @ apress not allowing "+" in my email address
[2008/09/21 07:43:45] <jamesturnbull> simmerz: ah nothing I can do about that I am afraid...
[2008/09/21 07:43:57] <simmerz> lol. I know. just griping
[2008/09/21 07:54:54] @ marth1 joined channel #puppet
[2008/09/21 07:54:54] @ Quit: martha: Read error: 104 (Connection reset by peer)
[2008/09/21 07:55:04] @ marth1 is now known as martha
[2008/09/21 07:56:25] <simmerz> anyway, I now have the ebook. :)(
[2008/09/21 08:25:59] <simmerz> jamesturnbull: spelling error ;-) "depricated" should be "deprecated" on p25
[2008/09/21 08:26:31] <jamesturnbull> simmerz: thanks
[2008/09/21 08:26:47] <simmerz> and possibly wants a global replace on that. not read past p25 or seen it before though
[2008/09/21 08:27:08] <simmerz> npo
[2008/09/21 08:27:10] <simmerz> np*
[2008/09/21 08:27:22] <jamesturnbull> simmerz: that'll be layout - I don't make spilling mistokes
[2008/09/21 08:27:34] <simmerz> heh
[2008/09/21 08:34:55] <simmerz> jamesturnbull: you suggest not using autosign. is that because it relies on the hostname provided by the client rather than having a valid dns record?
[2008/09/21 08:35:19] <simmerz> so in theory any machine could pretend to be part of the relevant domain and get signed?
[2008/09/21 08:35:59] <jamesturnbull> simmerz: correct
[2008/09/21 08:36:06] <jamesturnbull> simmerz: it's a bit ad hoc for my tastes
[2008/09/21 08:36:32] <simmerz> with you. so you'd rather sign as needed by logging in to the master server and signing the relevant cert, and then leaving it to it?
[2008/09/21 08:36:32] <jamesturnbull> simmerz: also even with the valid DNS name - well that's easy to spoof
[2008/09/21 08:36:50] <simmerz> jamesturnbull: less easy if you rely on two way verification - DNS and rDNS
[2008/09/21 08:36:57] <jamesturnbull> simmerz: yeah - it means you actually manage the addition of clients
[2008/09/21 08:37:08] <simmerz> but yes, I am with you there
[2008/09/21 08:37:30] <jamesturnbull> simmerz: still easy to spoof :)
[2008/09/21 08:38:08] <simmerz> i guess if you can get hold of a block from an AS before they notice and change the DNS records
[2008/09/21 08:40:17] <jamesturnbull> simmerz: well that and all the other DNS vulns, cache poisonin etc etc
[2008/09/21 08:41:04] <simmerz> good point
[2008/09/21 08:41:18] * jamesturnbull takes off bank security architect hat :)
[2008/09/21 08:42:04] <simmerz> permanently? given they've all nearly gone to the grave? :P
[2008/09/21 08:42:05] @ Quit: martha: Read error: 104 (Connection reset by peer)
[2008/09/21 08:42:53] @ martha joined channel #puppet
[2008/09/21 08:44:21] <jamesturnbull> simmerz: oh we've still got a few open
[2008/09/21 08:44:27] <jamesturnbull> simmerz: UK I assume?
[2008/09/21 08:44:42] <simmerz> jamesturnbull: yes
[2008/09/21 08:44:56] <jamesturnbull> simmerz: ah not a good week for UK banks
[2008/09/21 08:45:25] <simmerz> no, indeed. less city bonuses this year ;-)
[2008/09/21 08:45:37] <jamesturnbull> simmerz: less wine bar wankers too :P
[2008/09/21 08:45:59] <simmerz> heh
[2008/09/21 09:15:00] <evil_steve> simmerz: it's trivial to duplicate an AS via BGP
[2008/09/21 09:15:40] <jamesturnbull> evil_steve: BGP security is a joke
[2008/09/21 09:16:09] <evil_steve> jamesturnbull: oh, I've never said it was secure
[2008/09/21 09:16:31] <jamesturnbull> evil_steve: yeah I was agreeing with you I think
[2008/09/21 09:16:33] <evil_steve> like most ways to manage the way the internet works, the authors chose to ignore that there are people like me out there
[2008/09/21 09:16:33] <jamesturnbull> evil_steve: :P
[2008/09/21 09:16:49] <jenza> back when BGP was designed, people like you weren't around
[2008/09/21 09:18:19] <jamesturnbull> jenza: well the threat model wasn't properly fleshed out
[2008/09/21 09:19:19] <jenza> For sure.
[2008/09/21 09:21:16] <jamesturnbull> evil_steve: you in town?
[2008/09/21 09:26:09] @ Quit: roald: Remote closed the connection
[2008/09/21 09:43:44] @ Quit: simmerz: Read error: 110 (Connection timed out)
[2008/09/21 10:10:24] @ nasrat joined channel #puppet
[2008/09/21 10:35:26] @ Quit: meandtheshell: Read error: 104 (Connection reset by peer)
[2008/09/21 10:41:21] @ meandtheshell joined channel #puppet
[2008/09/21 11:01:32] @ simmerz joined channel #puppet
[2008/09/21 11:01:57] @ Quit: yure: Read error: 110 (Connection timed out)
[2008/09/21 11:02:51] @ yure joined channel #puppet
[2008/09/21 11:16:06] @ roald joined channel #puppet
[2008/09/21 11:25:45] @ Quit: nasrat:
[2008/09/21 11:54:01] @ Quit: Maliuta: Remote closed the connection
[2008/09/21 11:55:06] @ Maliuta joined channel #puppet
[2008/09/21 12:01:59] @ Quit: roald: Read error: 104 (Connection reset by peer)
[2008/09/21 12:05:41] @ ski98033 joined channel #puppet
[2008/09/21 12:26:31] @ martha left channel #puppet ()
[2008/09/21 13:04:58] @ Quit: dysinger:
[2008/09/21 13:40:55] @ teyo joined channel #puppet
[2008/09/21 13:45:41] @ LittleIdea_ joined channel #puppet
[2008/09/21 13:45:42] @ andrewcshafer joined channel #puppet
[2008/09/21 13:58:40] @ andrewcshafer_ joined channel #puppet
[2008/09/21 14:11:01] @ Quit: ski98033: Read error: 113 (No route to host)
[2008/09/21 14:11:12] <simmerz> jamesturnbull: if you're about. I'm going through the book slowly but surely. it looks like the sensible option is to be aware that there is probably a better way of doing it, but to start with just declare anything needed first (and in one place?), and deal with options later as they become relevant, such as conditions, includes, modules, classes etc. that sound right?
[2008/09/21 14:13:05] <Volcane> yes, start simple and refactor as you learn more
[2008/09/21 14:13:24] @ Quit: andrewcshafer: Read error: 110 (Connection timed out)
[2008/09/21 14:14:02] <simmerz> james's book is starting to make some sense of puppet.
[2008/09/21 14:14:12] <simmerz> in my mind at least
[2008/09/21 14:15:04] @ Quit: kolla_: Remote closed the connection
[2008/09/21 14:16:46] <simmerz> at some stage when i've got it configured and working, would you say it makes sense to have puppet do literally everything, including creating Xen guests, and resizing disc images etc etc?
[2008/09/21 14:18:01] <Volcane> yip
[2008/09/21 14:18:27] <Volcane> but remember puppet will do whatever you tell it every 30 minutes or whatever u set interval too
[2008/09/21 14:18:36] <Volcane> so you need to be careful that whatever you do is repeatable
[2008/09/21 14:18:47] <Volcane> so for example dont kick off a re-install of the VM every 30 minutes :)
[2008/09/21 14:20:49] <simmerz> heh. of course. I'd probably just check for existence of configuration files and disc images and if they're there not do anything more
[2008/09/21 14:21:17] <simmerz> mostly because then i'd have puppet configure the vm's themselves
[2008/09/21 14:21:59] <Volcane> thats more or less how I do xen vms http://nephilim.ml.org/~rip/vm.txt
[2008/09/21 14:22:33] <Volcane> the 'volumes' bit can be improved to take an array, but I've not had time/inclination
[2008/09/21 14:22:55] <simmerz> so if you had for instance an lv that didn't match the required size, would it resize it assuming the vm was down?
[2008/09/21 14:23:03] <simmerz> that would be quite nice
[2008/09/21 14:23:03] <Volcane> that little puppet class sets up volume groups, xen config files for booting/installing and running, kickstart files etc
[2008/09/21 14:23:41] <Volcane> you could, in my case i just make it if its not there already, I'll rahter do resizing/deleting by hand
[2008/09/21 14:23:48] <simmerz> thinking it shouldn't be that hard to do in reality
[2008/09/21 14:24:36] <simmerz> Volcane: thanks :)
[2008/09/21 14:24:53] <simmerz> p65 of the book at the moment. just learning about inheritance of nodes
[2008/09/21 14:27:20] <simmerz> out of curiosity, how does puppet deal with the situation where something from a previous run is still running. lets take the resize of a disc image as an example - it could in theory take a while to resize the fs. what happens when $interval happens to come round again?
[2008/09/21 14:27:39] <simmerz> i wouldn't want it to try to resize the image that it's already resizing...
[2008/09/21 14:28:20] <simmerz> this is probably somewhere in the book. just not got that far yet lol
[2008/09/21 14:29:21] <Volcane> it doesnt run things in teh background
[2008/09/21 14:29:39] <Volcane> unless for example you make it run some script that will kick off the job in the background
[2008/09/21 14:29:44] <Volcane> but then dealing with it is up to you
[2008/09/21 14:30:16] <Volcane> generally also, theres a max execution time for stuff it runs, so running long running jobs with puppet isnt the way to go, its not a general command runner
[2008/09/21 14:30:24] <simmerz> ok
[2008/09/21 14:30:41] <Volcane> put config, dependencies etc down with puppet, use another tool - perhaps capistrano - to do one off tasks
[2008/09/21 14:30:53] <simmerz> what about when you come to things like OS upgrades - eg. debian etch -> lenny
[2008/09/21 14:31:09] <Volcane> thats not really within puppets remit
[2008/09/21 14:31:31] <simmerz> so you'd use puppet + something like capistrano to do that?
[2008/09/21 14:31:59] <Volcane> yeah, puppet for stuff that has to be run/checked over and over and over
[2008/09/21 14:32:16] <Volcane> shell scripts, for loops with ssh, capistrano, etc for one offs like dist upgrades
[2008/09/21 14:32:28] <simmerz> ok. so maybe you'd have puppet update some configuration files for cap to go and deal with when it realises there's something to do?
[2008/09/21 14:32:51] * simmerz doesn't really know capistrano that well either, so not sure how it works exactly
[2008/09/21 14:32:52] <Volcane> not really how cap works, but yeah something like that
[2008/09/21 14:32:53] @ lak joined channel #puppet
[2008/09/21 14:34:03] <simmerz> general rule then -> system configuration with puppet, application setup/configuration with capistrano, with exceptions to the former being one off runs like system upgrades and disc image resizes
[2008/09/21 14:34:26] <Volcane> well you would still configure your apps with puppet
[2008/09/21 14:34:32] <simmerz> true
[2008/09/21 14:34:35] @ Quit: meandtheshell: "Leaving."
[2008/09/21 14:34:41] <Volcane> like putting down /etc/app/app.conf
[2008/09/21 14:34:59] <Volcane> and in some cases where its safe you can just let puppet keep the app to latest with package{}
[2008/09/21 14:35:04] <Volcane> but as soon as you have a complex app
[2008/09/21 14:35:07] <simmerz> and then have cap doing things like upgrading db schemas and restarting servers where needed
[2008/09/21 14:35:21] <simmerz> custom apps rarely have packages ;-)
[2008/09/21 14:35:26] <Volcane> that perhaps require to turn it off on your cluster, then do software updates, then do some data update, then start and perhaps re-enable in the cluster
[2008/09/21 14:35:29] <Volcane> and once off
[2008/09/21 14:35:33] <Volcane> then you wouldnt do that with puppet
[2008/09/21 14:35:49] <simmerz> ok. I see
[2008/09/21 14:35:53] <simmerz> thanks :)
[2008/09/21 14:35:57] <simmerz> I'd have tried...
[2008/09/21 14:36:04] <simmerz> and probably got frustrated
[2008/09/21 14:45:14] @ docelic joined channel #puppet
[2008/09/21 14:56:11] <simmerz> one thing that is interesting here (on page 77 of jamesturnbull's ebook) is that of managing the hosts file. It says you can define IPv4 or IPv6 addresses here. is it possible to define both in one stanza or some other fashion, without creating multiple resources for it?
[2008/09/21 14:56:28] @ Quit: zoeloelip: Read error: 113 (No route to host)
[2008/09/21 14:56:47] <simmerz> for instance, can you specify two ip addresses in an array?
[2008/09/21 15:15:05] <Volcane> doubt it
[2008/09/21 15:16:16] <simmerz> ok
[2008/09/21 15:29:46] @ mndoci joined channel #puppet
[2008/09/21 15:30:02] @ mndoci left channel #puppet ()
[2008/09/21 15:34:00] @ Quit: lak:
[2008/09/21 15:48:53] @ zoeloelip joined channel #puppet
[2008/09/21 15:53:16] @ Quit: docelic: "Leaving"
[2008/09/21 15:57:42] @ Quit: youam: "leaving"
[2008/09/21 16:01:28] @ Quit: kenvandine: Remote closed the connection
[2008/09/21 16:20:09] @ Quit: aymerick:
[2008/09/21 16:23:11] @ kenvandine joined channel #puppet
[2008/09/21 16:30:38] @ randybias joined channel #puppet
[2008/09/21 16:32:06] @ randybias_ joined channel #puppet
[2008/09/21 16:32:06] @ Quit: randybias: Read error: 104 (Connection reset by peer)
[2008/09/21 16:33:21] @ Quit: andrewcshafer_:
[2008/09/21 16:33:21] @ Quit: LittleIdea_:
[2008/09/21 16:38:42] @ Quit: randybias_:
[2008/09/21 16:39:09] @ Quit: simmerz: "Leaving."
[2008/09/21 17:00:44] @ Quit: f3ew: No route to host
[2008/09/21 17:11:56] @ Quit: Volcane: "leaving"
[2008/09/21 17:12:16] @ dysinger joined channel #puppet
[2008/09/21 17:12:56] @ Volcane joined channel #puppet
[2008/09/21 17:27:43] @ icltlfatppl joined channel #puppet
[2008/09/21 17:34:42] @ simmerz joined channel #puppet
[2008/09/21 17:54:11] <jamesturnbull> simmerz: re hosts file - habve ten seconds so this is not a considered response - but test it and see what happens
[2008/09/21 17:56:47] <simmerz> i will do shortly
[2008/09/21 17:56:53] <simmerz> jamesturnbull: thanks. book is proving very good :)
[2008/09/21 17:57:54] @ Quit: zoeloelip: "leaving"
[2008/09/21 17:58:02] @ zoeloelip joined channel #puppet
[2008/09/21 18:01:03] @ Quit: kolla: Remote closed the connection
[2008/09/21 18:09:08] @ Gh0sty_ joined channel #puppet
[2008/09/21 18:09:30] <simmerz> quick question about structure. i have a load of nodes that have postfix installed on them configured to send through a smarthost, and one node that *is* the smarthost, and also the main mail server. how would you distinguish those? create a module called postfix and then put some conditional stuff in there based on tags?
[2008/09/21 18:11:02] <simmerz> and then include postfix on all the relevant nodes?
[2008/09/21 18:18:22] <Volcane> use modules, postfix and postfix::central or just distribute a specific config to the central server and the same to all the rest
[2008/09/21 18:18:59] <Volcane> using file{"/etc/whatever": source => ["puppet://puppet/postfix/whatever.${fqdn}", "puppet://puppet/postfix/whatever"] }
[2008/09/21 18:19:19] <Volcane> in that IF a whatever.centralpostfix.your.com exist it will go to that box, otherwise it will get whatever
[2008/09/21 18:21:08] <simmerz> Volcane: right
[2008/09/21 18:21:13] <simmerz> thanks
[2008/09/21 18:21:22] @ Quit: Gh0sty: Read error: 110 (Connection timed out)
[2008/09/21 18:21:22] @ Gh0sty_ is now known as Gh0sty
[2008/09/21 18:21:52] @ Quit: kenvandine: Read error: 104 (Connection reset by peer)
[2008/09/21 18:22:16] <gebi> nice, didn't know that implizit if
[2008/09/21 18:22:52] @ kolla joined channel #puppet
[2008/09/21 18:22:56] @ kenvandine joined channel #puppet
[2008/09/21 18:24:34] * simmerz wonders who went over jamesturnbull's book and checked it for continuity errors...
[2008/09/21 18:24:47] @ andrewcshafer joined channel #puppet
[2008/09/21 18:24:56] <Volcane> theres an errata on the wiki
[2008/09/21 18:25:15] @ LittleIdea_ joined channel #puppet
[2008/09/21 18:25:21] <simmerz> surely that would have been fixed in the ebook version though?
[2008/09/21 18:25:33] <Volcane> i doubt its in his hands as such
[2008/09/21 18:25:36] <Volcane> publishers
[2008/09/21 18:26:46] <simmerz> Volcane: yeah - would still make sense to fix the ebook and mark errata as being for the printed version with a link to download the new fixed ebook if that's what you bought :)
[2008/09/21 18:26:57] <simmerz> again, a publisher issue, not james'
[2008/09/21 18:29:04] <simmerz> where is the wiki?
[2008/09/21 18:30:19] <simmerz> ah. sorry. *that* wiki
[2008/09/21 18:30:20] <simmerz> duh
[2008/09/21 18:59:22] @ Quit: dysinger:
[2008/09/21 19:27:27] @ simmerz left channel #puppet ("Leaving.")
[2008/09/21 19:32:54] @ Quit: LittleIdea_: Read error: 60 (Operation timed out)
[2008/09/21 19:35:19] @ Quit: andrewcshafer: Read error: 60 (Operation timed out)
[2008/09/21 19:41:17] <gepetto> ::puppet:: Whos Using Puppet edited by kbsingh @ http://reductivelabs.com/trac/puppet/wiki/WhosUsingPuppet (by z00dax@gmail.com)
[2008/09/21 20:01:55] @ andrewcshafer joined channel #puppet
[2008/09/21 20:01:55] @ LittleIdea joined channel #puppet
[2008/09/21 21:14:47] @ ckm joined channel #puppet
[2008/09/21 21:43:42] @ edwardam joined channel #puppet
[2008/09/21 21:48:57] @ Quit: edwardam: Remote closed the connection
[2008/09/21 21:49:18] @ edwardam joined channel #puppet
[2008/09/21 22:14:46] @ lak joined channel #puppet
[2008/09/21 22:14:50] @ sazma joined channel #puppet
[2008/09/21 22:25:41] @ Quit: lak:
[2008/09/21 22:52:30] @ pjw joined channel #puppet
[2008/09/21 23:32:07] @ ski98033 joined channel #puppet
[2008/09/21 23:36:07] @ lak joined channel #puppet
« Saturday, 2008-09-20 Index Monday, 2008-09-22 »

Generated by irclog2html.py 2.6 by Marius Gedminas - find it at mg.pov.lt!