Friday, 2008-10-10

[2008/10/10 00:01:58] @ Log started by gepetto
[2008/10/10 00:01:58] @ andrewcshafer joined channel #puppet
[2008/10/10 00:18:47] @ ___foobar joined channel #puppet
[2008/10/10 00:20:12] <___foobar> this thing is driving me nuts.. who writes a program that the "verbose" flags are absolutely useless
[2008/10/10 00:21:05] <___foobar> [root@sea-pixel02 puppet]# puppetd -o -v -v -v --server=puppet
[2008/10/10 00:21:06] <___foobar> [root@sea-pixel02 puppet]#
[2008/10/10 00:21:17] <___foobar> ??? what did it do? did it even try to do anything? who knows?
[2008/10/10 00:23:07] @ Quit: lak:
[2008/10/10 00:27:51] <jamesturnbull> ___foobar: try --debug
[2008/10/10 00:30:11] * jamesturnbull also probably thinks its never a good idea to suggest the developers of a tool you need help with are idiots...
[2008/10/10 00:31:14] @ Demosthenes joined channel #puppet
[2008/10/10 00:31:15] <justjay> evenin
[2008/10/10 00:32:51] <justjay> anyone running multiple puppet servers (hardware not just puppetmasterd?)
[2008/10/10 00:37:51] @ kyrus1 joined channel #puppet
[2008/10/10 00:55:38] @ ski98033 joined channel #puppet
[2008/10/10 00:56:53] @ Quit: rutski:
[2008/10/10 01:09:38] @ plathrop joined channel #puppet
[2008/10/10 01:09:46] @ Quit: plathrop: Client Quit
[2008/10/10 01:13:34] <fujin> jamesturnbull: lmao
[2008/10/10 01:13:36] <fujin> that was awesome
[2008/10/10 01:13:53] <fujin> ___foobar: uh, you haven't specified --no-daemonize there, or --test
[2008/10/10 01:14:00] <fujin> so that'll be forking
[2008/10/10 01:20:50] * andrewcshafer thinks all developers are idiots
[2008/10/10 01:21:25] <andrewcshafer> justjay: I'm not sure I understand that question, what do you mean exactly?
[2008/10/10 01:22:19] <fujin> andrewcshafer: you're an idiot!
[2008/10/10 01:22:27] <andrewcshafer> definitely
[2008/10/10 01:22:58] <andrewcshafer> it's the only consistent and complete explanation
[2008/10/10 01:23:07] <fujin> hahha :)
[2008/10/10 01:23:40] <andrewcshafer> If I was smart, I'd be an investment banker... doh!
[2008/10/10 01:24:11] @ Quit: ski98033: "Leaving."
[2008/10/10 01:25:21] <andrewcshafer> http://shop.cafepress.com/design/19778725
[2008/10/10 01:27:08] <fujin> heh
[2008/10/10 01:27:09] <fujin> :P
[2008/10/10 01:27:12] <fujin> wesome
[2008/10/10 01:39:06] <justjay> andrewcshafer: sooo we added a bunch of the stuffs to puppet.. and our pupetmaster now has a load of 14 or so ... and is always 100% busy :)
[2008/10/10 01:39:20] <justjay> so its the time to toss more hardware at it time :)
[2008/10/10 01:39:46] <andrewcshafer> are you running mongrel
[2008/10/10 01:39:51] <justjay> yes
[2008/10/10 01:40:09] <justjay> we have about 900 boxes that poll every 5 min
[2008/10/10 01:40:21] <andrewcshafer> damn
[2008/10/10 01:40:25] <andrewcshafer> why so often?
[2008/10/10 01:40:37] <andrewcshafer> how many mongrels are you running?
[2008/10/10 01:40:39] <justjay> we roll config changes.. and need a quick turnaround
[2008/10/10 01:41:10] <justjay> puppetrun is broken for us.. no one (and many have tried) seems to know why (my guess is the main cert for the box is not for the fqdn... just 'puppet'
[2008/10/10 01:41:43] <justjay> umm.. i think there is 16 master's running
[2008/10/10 01:42:02] <justjay> when we lose a cache boxe we have to roll out a new config to all our servers .. so we need the low run time
[2008/10/10 01:42:08] <justjay> s/boxe/box/
[2008/10/10 01:42:26] <justjay> well actually.. only like 16 servers need the new config. plus we manage dns and we do an entire website rollout with puppet :)
[2008/10/10 01:43:09] <justjay> we just added 1024 File resources into puppet the other day and that is what is hurting us (yeah its gorss.. but.. its something we have to maintain and not by choice.. )
[2008/10/10 01:43:15] <justjay> and that seems to have tipped everything over the edge
[2008/10/10 01:43:19] @ exothermc_ joined channel #puppet
[2008/10/10 01:43:37] <exothermc_> I'm looking for some docs on the configuration parameters for puppet
[2008/10/10 01:43:55] <justjay> exothermc_: have you tried the wiki? or are you loking for something a little more specific?
[2008/10/10 01:43:58] <exothermc_> like how often it checks with puppetmaster etc.
[2008/10/10 01:44:10] <exothermc_> ya I have looked, haven't found anything yet.
[2008/10/10 01:44:16] <justjay> oh.... thats configueable via the puppet.conf
[2008/10/10 01:44:36] <andrewcshafer> File serving is a going to be painful at that number. The preliminary testing on 0.25 shows the file serving to be 3 times faster with about 1/3 the memory, but that won't help today.
[2008/10/10 01:45:01] <exothermc_> justjay: Yup that is what I thought, but that is about all I can find.
[2008/10/10 01:45:17] <andrewcshafer> exothermc_: the default runinterval is every 30 minutes, but you can change it
[2008/10/10 01:45:38] <exothermc_> ok and how about the "etc" ?
[2008/10/10 01:45:52] <justjay> andrewcshafer: well the File stuff we added is just to maintain symlinks.. (please dont ask.. we all are not very happy with it but... its a mess we inhearited)
[2008/10/10 01:46:51] <justjay> the stuff that kills us long term is the website w/ push w/ it and a recursive dir... going to fix that in the future but.. right now trying to find the best way to make our puppet infrastructure live on 4 servers instead of 1
[2008/10/10 01:46:52] @ Quit: WALoeIII:
[2008/10/10 01:47:16] <andrewcshafer> justjay: I know nigel and some other people who are managing 6000 hosts had to scale the puppetmaster servers. Not sure how many they have, but more than one for sure.
[2008/10/10 01:47:35] <justjay> yeah... i have a hardware load balancer (layer4) i can toss in front of it as well.
[2008/10/10 01:47:38] <andrewcshafer> recursion in the current stable branch is painful
[2008/10/10 01:47:56] <justjay> yup.. that it is.. its not that bad for our DNS stuff but anything else hurts :)
[2008/10/10 01:48:25] <justjay> has anyone published anything on puppet and multiple servers.. other than the wiki's 'PuppetScalability' ?
[2008/10/10 01:49:01] <justjay> right now our pupetrun stuff is broke as all heck so turning our runinterval to 60 min or so wont help us.
[2008/10/10 01:49:11] <andrewcshafer> because it models each level individually, it takes a long time because it is a lot of requests for each file, in 0.25 that is going to be a lot better because it will get the whole fileset at once.
[2008/10/10 01:49:13] <justjay> otherwise that would be perfect.
[2008/10/10 01:49:21] @ WALoeIII joined channel #puppet
[2008/10/10 01:49:27] <justjay> nice
[2008/10/10 01:49:30] <justjay> that will help alot :)
[2008/10/10 01:50:22] <andrewcshafer> I don't think there is anything better published yet.
[2008/10/10 01:50:41] <andrewcshafer> You can ask people on the list or in here.
[2008/10/10 01:51:10] <justjay> cool.. yeah i will post something.. the scalability thing isnt so bad... i think it means we might need to start from scratch.. (which i am okay with
[2008/10/10 01:51:12] <andrewcshafer> Or Reductive Labs can help you.
[2008/10/10 01:51:13] <justjay> )
[2008/10/10 01:51:19] @ Quit: cmoates: Read error: 110 (Connection timed out)
[2008/10/10 01:51:49] <justjay> actually i might run that by the bossman... i do owe luke a chance to drive my car :)
[2008/10/10 01:51:57] <andrewcshafer> people are generally helpful, except when they aren't :/
[2008/10/10 01:52:05] @ Quit: Demosthenes: "leaving"
[2008/10/10 01:52:14] <andrewcshafer> he would like that
[2008/10/10 01:52:18] <justjay> we tend to like to be self supportive
[2008/10/10 01:52:24] <andrewcshafer> of course
[2008/10/10 01:52:36] <justjay> and we did just buy a bunch of MAID and clustered storage ;)
[2008/10/10 01:52:38] @ meandtheshell joined channel #puppet
[2008/10/10 01:52:41] <justjay> but.. i'll ask bry tomorrow to see what he says
[2008/10/10 01:53:16] <justjay> and not that bad of an idea either.. as e do run into a handful of show stopper bugs we tend to kludge around.
[2008/10/10 01:53:40] <justjay> (rpm lib bug.. not you guys but redhat, the dangling symlink issue.. etc)
[2008/10/10 01:53:54] <andrewcshafer> The goal is always to get people to the point where they can manage, not parasitic consulting into the horizon :/
[2008/10/10 01:54:11] <justjay> yeah... i mean we have been running by ourselves for almsot a year now
[2008/10/10 01:54:38] <justjay> its just.... it might be nice to have a safty net for the 'show stoppers'
[2008/10/10 01:55:03] <andrewcshafer> We're planning to start having a monthly council with everyone who has support to prioritize bugs and roadmap
[2008/10/10 01:55:08] <justjay> we rock the old style classes/* stuff..
[2008/10/10 01:55:21] <andrewcshafer> nice
[2008/10/10 01:55:23] <justjay> not the modules.. so thats a big step i am trying to take
[2008/10/10 01:55:38] <justjay> its just time right now ;)
[2008/10/10 01:55:59] <justjay> prob going to just take my laptop and lock myself in a conf room for a week and be done with it
[2008/10/10 01:56:02] <andrewcshafer> Every place I've seen puppet code, they have developed their own style and idioms
[2008/10/10 01:56:23] <justjay> yeah.. we have this kinda crazy fact that glues our inventory sytem into puppet to get node definitons
[2008/10/10 01:56:32] <andrewcshafer> sometimes it amazes me what people have done
[2008/10/10 01:56:46] <justjay> i would rather not talk about what we have.. but.. its an interative step :)
[2008/10/10 01:56:55] <andrewcshafer> do you use external nodes then?
[2008/10/10 01:57:03] <justjay> no
[2008/10/10 01:57:09] <justjay> well
[2008/10/10 01:57:10] <justjay> no
[2008/10/10 01:57:11] <justjay> kinda
[2008/10/10 01:57:11] <justjay> no
[2008/10/10 01:57:20] <justjay> we havea a nodes.pp that gets generates every 60 seconds
[2008/10/10 01:57:21] <andrewcshafer> you have a lot of logic based on the facts
[2008/10/10 01:57:26] <justjay> from our inventory sytem
[2008/10/10 01:57:34] <andrewcshafer> ahh, interesting solution
[2008/10/10 01:57:36] <justjay> and we have this fact that generates thigns like...
[2008/10/10 01:57:46] <justjay> thats not as good as it could/should be...
[2008/10/10 01:57:50] <justjay> our site.pp has alot of
[2008/10/10 01:58:01] <justjay> if $mysql_master { include mysql::master }
[2008/10/10 01:58:02] <justjay> sort of logic
[2008/10/10 01:58:08] <andrewcshafer> right
[2008/10/10 01:58:29] <justjay> that one day will be moved to the stuff that generates the nodes.pp
[2008/10/10 01:58:37] <andrewcshafer> modules and external nodes will pay off in the long run
[2008/10/10 01:59:32] <justjay> so.. when we install a box.. the facs for like $mysql_master get populated
[2008/10/10 01:59:35] <andrewcshafer> you could have the external nodes script sync with the inventory system each request instead of generating that file, forcing a reparse
[2008/10/10 01:59:57] <justjay> we could prob hack something together to expose that via ldap
[2008/10/10 02:00:07] <justjay> its just a mysql db on the back end
[2008/10/10 02:00:16] <justjay> and a bunch of django
[2008/10/10 02:00:19] <justjay> bleck ;)
[2008/10/10 02:00:28] <andrewcshafer> 'cause all that reparsing is also expensive
[2008/10/10 02:00:44] <justjay> i could also get away with a nodes.pp tht just has a single default entry
[2008/10/10 02:01:24] <justjay> until the facts are replaced with external nodes that link into the inventory :)
[2008/10/10 02:02:00] <andrewcshafer> that's the double edged sword of flexibility
[2008/10/10 02:02:06] <justjay> yup
[2008/10/10 02:02:32] <justjay> right now.. when i need to add sometign to a node i have to ssh in.. and modify the means the facts are loaded...
[2008/10/10 02:02:45] <justjay> its how the old inventory/provisioning system worked.. so we just glued puppet on top of that..
[2008/10/10 02:02:57] <andrewcshafer> nice
[2008/10/10 02:03:02] <justjay> as puppet is actually called from the redhat kickstart stuff.. so its runs before the system ever really boots a first time
[2008/10/10 02:03:44] <andrewcshafer> I wonder if there is someway to do that with factsynccing?
[2008/10/10 02:04:01] <justjay> oh we do that on first run.
[2008/10/10 02:04:28] <justjay> the basic premis is there is a /var/xmlks/<class>
[2008/10/10 02:04:38] <justjay> and <class> gets turned into $<class> in puppet
[2008/10/10 02:04:45] <justjay> so.. touch /var/xmlks/squid
[2008/10/10 02:04:52] <justjay> next puppet run squid is installed and running sort of thing :)
[2008/10/10 02:05:05] <andrewcshafer> gotcha
[2008/10/10 02:05:09] <justjay> when really it should be put into the inventory system so on reinstall... the box is solid
[2008/10/10 02:05:36] <andrewcshafer> I think it is begging for external nodes
[2008/10/10 02:05:41] <justjay> oh i agree
[2008/10/10 02:06:08] <justjay> its just.. we replaced all the shell scripts from the post install provisioning system with puppet... and never took it where it should go :)
[2008/10/10 02:06:31] <justjay> sooo.. with the mess i have to deal with for the 'hmm one box is not cutting it' i think alot (if not all) his will fall into a .. okay.. lts fix how we do this stuff.
[2008/10/10 02:06:51] <justjay> but.. who has time?
[2008/10/10 02:06:55] <andrewcshafer> pay down the principle
[2008/10/10 02:07:10] @ DavidS joined channel #puppet
[2008/10/10 02:07:27] @ Quit: DavidS: Read error: 54 (Connection reset by peer)
[2008/10/10 02:07:42] <justjay> very true
[2008/10/10 02:08:09] <andrewcshafer> Time is always at a premium, but investing can pay off, as long as it isn't in the stock market :/
[2008/10/10 02:08:17] <justjay> true true
[2008/10/10 02:08:41] <justjay> yeah.. right now its crazy.. we just got a MAID box delivered.. building another isilon cluster out... and moving a bunch of assets and resources into 'our' current infrastructure
[2008/10/10 02:09:06] <justjay> nothing redbull or some crack cant solve
[2008/10/10 02:09:52] <andrewcshafer> I'm partial to the Pomegranate Rockstar
[2008/10/10 02:10:04] <justjay> we dont stock that at the office.. :(
[2008/10/10 02:10:21] <andrewcshafer> it's pretty good :)
[2008/10/10 02:13:04] <justjay> i must head to bed.. have to be up and a reasonable hour... i guess
[2008/10/10 02:13:14] <justjay> thanks for the input.. i'll run the support contract by the bossman
[2008/10/10 02:13:18] <justjay> he might just say yes :)
[2008/10/10 02:13:34] <justjay> but i am okay with starting from scratch on a bunch of this stuff :)
[2008/10/10 02:17:25] @ aymerick joined channel #puppet
[2008/10/10 02:25:54] @ Quit: tim\|imac: "Leaving"
[2008/10/10 02:33:21] @ Demosthenes joined channel #puppet
[2008/10/10 02:34:10] <exothermc_> what do I do with "err: Could not find object type ssh_authorized_key"
[2008/10/10 02:34:21] <exothermc_> that is an error I get from a client.
[2008/10/10 02:34:48] @ shake-n-bake joined channel #puppet
[2008/10/10 02:38:18] @ shake-n-bake_ joined channel #puppet
[2008/10/10 02:41:01] @ raphink joined channel #puppet
[2008/10/10 02:42:32] <stasheck> has anybody here tried to serve files from SVN instead of puppet? I mean instead of source => "puppet://blahblahblah"?
[2008/10/10 02:47:05] <stasheck> OK, then maybe someone can give me a hint, how to effectively serve a whole website?
[2008/10/10 02:47:38] <stasheck> I was planning to use SVN to store a website, using puppet to deploy it
[2008/10/10 02:48:16] <stasheck> but I'm not quite sure how to do it, and I'm reluctant to checkout from SVN to puppet server and then use puppet logic to send it to webserver
[2008/10/10 02:50:48] <fujin> capistrano
[2008/10/10 02:50:51] <fujin> use it.
[2008/10/10 02:51:10] <fujin> puppet = configuration management
[2008/10/10 02:52:00] <stasheck> a bit more hint on capistrano?
[2008/10/10 02:52:12] <stasheck> not quite sure how to use it w/ puppet?
[2008/10/10 02:53:14] <realist> Right that's the second time I've seen capistrano mentioned here... /me googles
[2008/10/10 02:54:58] <stasheck> maybe example of puppet module, which uses capistrano?
[2008/10/10 02:57:08] @ Quit: shake-n-bake: Read error: 110 (Connection timed out)
[2008/10/10 03:00:11] <justjay> i use puppet to push a website... it works..
[2008/10/10 03:00:18] <justjay> i dont suggest it directly
[2008/10/10 03:00:20] <justjay> but it works
[2008/10/10 03:00:21] <justjay> :)
[2008/10/10 03:00:47] @ Innocenti joined channel #puppet
[2008/10/10 03:03:37] <stasheck> I was thinking about it, but to do this, I'd first need to co from svn to puppet sever
[2008/10/10 03:04:00] <idimmu> stasheck: why not just use svn to check the website out to the last server?
[2008/10/10 03:05:32] <justjay> yup
[2008/10/10 03:05:39] <justjay> i do that from p4
[2008/10/10 03:05:54] <stasheck> from what?
[2008/10/10 03:06:00] <justjay> perforce
[2008/10/10 03:06:01] <justjay> p4
[2008/10/10 03:06:15] * stasheck google
[2008/10/10 03:06:18] <justjay> check it out.. put it into puppet's file server path.. then.. next run puppet will sync it out for me
[2008/10/10 03:06:25] <justjay> we dont use svn.. its too slow
[2008/10/10 03:06:42] * ndim contemplates setng up a special partition containing git repos of puppet config, and then having all systems in a multiboot configuration pull from there and configure themselves.
[2008/10/10 03:10:45] <stasheck> for other reasons I'll stick to svn, but thx :-)
[2008/10/10 03:11:01] <justjay> stasheck: its the sam but diff
[2008/10/10 03:11:06] <justjay> i do the same thing.. just not from svn..
[2008/10/10 03:11:18] <justjay> check out website.. put it into puppet file server.. push it out to servers
[2008/10/10 03:17:09] @ tim\|macbook joined channel #puppet
[2008/10/10 03:17:45] @ masterzen joined channel #puppet
[2008/10/10 03:19:16] @ descala joined channel #puppet
[2008/10/10 03:23:14] <idimmu> have you considered packaging the website
[2008/10/10 03:23:22] <idimmu> and making puppet push out the package?
[2008/10/10 03:23:39] <idimmu> thatd be a shit load better
[2008/10/10 03:23:53] <stasheck> I guess
[2008/10/10 03:24:21] <stasheck> still, fileserving in puppet is pain
[2008/10/10 03:24:45] <stasheck> that's why I was thinking about svn
[2008/10/10 03:25:09] <stasheck> which is also pain
[2008/10/10 03:25:11] <stasheck> ;-)
[2008/10/10 03:25:17] <stasheck> but doesn't kill my puppetmaster
[2008/10/10 03:25:20] <realist> It'd be nice if puppet had rsync support
[2008/10/10 03:25:30] <idimmu> heh
[2008/10/10 03:25:34] <realist> If it doesn't already.
[2008/10/10 03:31:59] <fujin> stasheck: capistrano is a tool used for deployment, running commands on remote systems. ties heavily into RCS.
[2008/10/10 03:32:18] <fujin> the rest should be self explanatory, there are some good tuts kicking around
[2008/10/10 03:32:20] <fujin> capify . for your rails/merb apps
[2008/10/10 03:32:48] <stasheck> maybe it'll sound strange, but I don't have any rails apps ;-)
[2008/10/10 03:33:05] <stasheck> and I've gotten pretty good idea how capistrano works
[2008/10/10 03:33:24] <stasheck> just don't have idea how to put it nicely into puppet
[2008/10/10 03:33:39] <stasheck> and I'm kinda short on time to figure it out myself
[2008/10/10 03:33:44] <stasheck> hence, call for help
[2008/10/10 03:40:36] @ edwardam_ joined channel #puppet
[2008/10/10 03:43:22] @ edwardam_ is now known as edwardam\|away
[2008/10/10 03:43:38] @ Quit: edwardam: Read error: 110 (Connection timed out)
[2008/10/10 03:50:07] @ Quit: tim\|macbook: Read error: 110 (Connection timed out)
[2008/10/10 04:05:01] @ tim\|macbook joined channel #puppet
[2008/10/10 04:15:50] <Volcane> stasheck: it doesnt go in puppet, its for once offs etc. just use exec to fetch the files using rsync
[2008/10/10 04:16:16] <Volcane> stasheck: and you can use schedule to only do it every x hours perhaps, while puppet runs every 30 mins if you're concerned about doing it every 30 mins
[2008/10/10 04:17:45] <stasheck> Volcane: maybe I'll do just that, but I was wondering how other people use capistrano w/ puppet
[2008/10/10 04:19:31] <Volcane> stasheck: puppet puts down configs, and enabling packages/configs etc, and then by hand they run cap to deploy new version of apps for example.
[2008/10/10 04:19:50] <Volcane> stasheck: new versions of web apps i mean
[2008/10/10 04:20:17] <Volcane> stasheck: or perhaps do yum updates over their servers, or perhaps do the initial install of puppet with cap and then let puppet do the rest
[2008/10/10 04:21:22] <stasheck> Volcane: ok, now that gives me overall idea :-)
[2008/10/10 04:22:35] @ Quit: andrewcshafer: Read error: 60 (Operation timed out)
[2008/10/10 04:25:34] <Volcane> stasheck: theres also this tool called iclassify that lets you tell puppet what to put on machines via a web ui - it has a search engine built in to find/select nodes - and cap can query that so you can run cap tasks against all hosts with a certain puppet class on them. or thats how the docs and general chat here suggest, I've not used it
[2008/10/10 04:28:20] @ Quit: shake-n-bake_:
[2008/10/10 04:28:26] <stasheck> Volcane: that's interesting
[2008/10/10 04:28:43] @ shake-n-bake joined channel #puppet
[2008/10/10 04:28:58] <Volcane> stasheck: afaik fujin's quite the iclassify fanboy :P
[2008/10/10 04:29:05] @ Quit: shake-n-bake: Client Quit
[2008/10/10 04:29:39] @ Quit: ralfgro: Read error: 104 (Connection reset by peer)
[2008/10/10 04:29:43] @ ralfgro joined channel #puppet
[2008/10/10 04:30:00] <stasheck> Volcane: then I know who to ask for help ;-)
[2008/10/10 04:39:06] <fujin> I work for the company that develops it. I'm more than familiar with it.
[2008/10/10 04:39:58] @ bajan joined channel #puppet
[2008/10/10 04:41:00] <fujin> one of the perks, you could say
[2008/10/10 04:43:49] @ DerekW joined channel #puppet
[2008/10/10 04:46:39] <draytm01_> hey
[2008/10/10 04:46:53] <draytm01_> i realise i asked this yesterday, but i can't find a definite answer
[2008/10/10 04:46:54] <fujin> Hello
[2008/10/10 04:47:57] <draytm01_> how do environments and external nodes connect? as far as i can see external nodes are defined globally (that is, the 'external_nodes' param is not per-environment) and the external_nodes script doesn't take an argument for environment
[2008/10/10 04:48:40] <draytm01_> is the long and short of it that a node can't be defined in more than one environment when using external nodes?
[2008/10/10 04:48:55] <fujin> Not something I've tried to do.
[2008/10/10 04:48:57] <fujin> Try it and see?
[2008/10/10 04:49:04] <Volcane> draytm01_: environment is defined client side
[2008/10/10 04:49:05] @ descala left channel #puppet ()
[2008/10/10 04:49:29] <draytm01_> volcane: yeah, i know
[2008/10/10 04:50:03] <draytm01_> volcane: but say i set node foo's environment to bootstrap
[2008/10/10 04:50:11] <Volcane> on the client.
[2008/10/10 04:50:34] <draytm01_> and, as part of the bootstrap it downloads a new puppet.conf, putting itself into production
[2008/10/10 04:50:40] <Volcane> yeah
[2008/10/10 04:51:11] <Volcane> so that all just works then
[2008/10/10 04:51:16] <draytm01_> how can i define a node for foo#bootstrap and foo#production
[2008/10/10 04:51:22] <Volcane> you dont
[2008/10/10 04:51:31] <Volcane> but
[2008/10/10 04:51:37] * draytm01_ strokes chin
[2008/10/10 04:51:39] <Volcane> you can use case $environment { }
[2008/10/10 04:51:46] <Volcane> or
[2008/10/10 04:52:03] <Volcane> you use modules, and in production the apache module does different things to the one in development
[2008/10/10 04:52:07] <Volcane> or
[2008/10/10 04:52:18] <Volcane> you use different site.pp's per environment that includes different classes and such
[2008/10/10 04:52:21] <Volcane> or
[2008/10/10 04:52:37] <Volcane> your modules automagically serve up the files based on environment
[2008/10/10 04:52:41] <draytm01_> heh heh ok
[2008/10/10 04:52:48] <draytm01_> i see there are many solutions
[2008/10/10 04:52:51] <fujin> draytm01_: for this particular scenario, we have an iClassify icagent recipe which sets '$puppet_env' based on the FQDN.
[2008/10/10 04:53:00] <draytm01_> i think i was thinking about it back-to-front
[2008/10/10 04:53:32] <Volcane> fujin: and your remotefile{} type define is aware of that? etc?
[2008/10/10 04:53:32] <fujin> http://gist.github.com/16018
[2008/10/10 04:53:40] <fujin> Volcane: /everything/ is aware of that.
[2008/10/10 04:53:59] <Volcane> nods,
[2008/10/10 04:54:12] <draytm01_> thanks chaps
[2008/10/10 04:54:12] <gepetto> ::puppet:: Downloading Puppet edited by immerda @ http://reductivelabs.com/trac/puppet/wiki/DownloadingPuppet (by puppet@immerda.ch)
[2008/10/10 04:54:15] <fujin> So our fqdn format is nameNUMBERenvironemnt.domain
[2008/10/10 04:54:23] <fujin> KISS
[2008/10/10 04:54:27] <jenza> oooh .6rc1
[2008/10/10 04:54:31] <Volcane> fujin: yeah before using proper environments i defined a $role for the same
[2008/10/10 04:54:51] <Volcane> well "proper" as in the multi env feature
[2008/10/10 04:54:56] <fujin> Volcane: the few issues regarding modulepath and whatnot for environments are why we not use them, I believe
[2008/10/10 04:55:05] <fujin> and it's simple enough to abstract out at a manifest level.
[2008/10/10 04:55:06] <Volcane> issues with module path?
[2008/10/10 04:55:12] <fujin> Aye, unless that's been fixed.
[2008/10/10 04:55:28] * fujin doesn't recall
[2008/10/10 04:55:33] <Volcane> not had issues, but i might not have tripped over the specific use case that would trigger it
[2008/10/10 04:55:41] <fujin> It was one of those "oh well, write that off" things.
[2008/10/10 04:55:53] <Volcane> heh
[2008/10/10 04:58:52] <Volcane> been quite happy with it, devs have their own environments, nice brnaching between environments etc
[2008/10/10 04:59:18] <Volcane> need to learn a better SCN than svn though cos its branching/merging is seriously pissing me off
[2008/10/10 05:00:00] <Volcane> anyway, time for work, chat later
[2008/10/10 05:00:34] @ Quit: dysinger:
[2008/10/10 05:04:11] @ Quit: thijso: Remote closed the connection
[2008/10/10 05:04:47] <realist> Is there a documented practice for maintaining new package/distro releases?
[2008/10/10 05:05:49] <realist> Nevermind, I think I answered my own question :-)
[2008/10/10 05:08:51] @ thegcat joined channel #puppet
[2008/10/10 05:09:37] <exothermc_> If I create users and install keys for them, is there anyway they can set their own passwords>?
[2008/10/10 05:10:16] @ thijso joined channel #puppet
[2008/10/10 05:14:10] <bajan> If you don't enforce the password in the User object, then they can do what they like
[2008/10/10 05:14:15] <bajan> if you enforce the password, no.
[2008/10/10 05:14:56] @ roald joined channel #puppet
[2008/10/10 05:16:04] <exothermc_> bajan: where is that controlled?
[2008/10/10 05:16:45] <bajan> exothermc_: Simply a matter of whether you put password => 'something' in the User definition.
[2008/10/10 05:18:05] <exothermc_> bajan: Ok ya so if I put it then I need to communicate it to each user and they need to go change it on each and every host. if I don't set that passwd still askes for a current password which hasn't been set so it fails.
[2008/10/10 05:19:34] <bajan> exothermc_: Yes. Catch-22. We use LDAP auth on our servers, so our users automatically have passwords
[2008/10/10 05:20:04] <exothermc_> hmm that sucks
[2008/10/10 05:20:43] <bajan> Someone else might have a bright idea
[2008/10/10 05:23:18] <exothermc_> I guess I can make a random password for each user and put it in a file only readable by them in their home dir
[2008/10/10 05:23:37] <exothermc_> not the best, but I guess it will have to do.
[2008/10/10 05:34:36] @ Quit: Demosthenes: Read error: 110 (Connection timed out)
[2008/10/10 05:36:02] <exothermc_> hmm on a default install of centos how should the password be generated to be passed with password => 'something'
[2008/10/10 05:40:07] * bajan usually cheats, sets the password on an account, then copies it from /etc/shadow.
[2008/10/10 05:40:12] <steven_> exothermc_: what os ?
[2008/10/10 05:40:32] <exothermc_> steven_: centos
[2008/10/10 05:40:42] <steven_> exothermc_: there is a method to set no passwd and have the user set it the first time they log in but it's not terribley secure
[2008/10/10 05:41:05] <exothermc_> steven_: ya that won't work, they already have keys to get in.
[2008/10/10 05:41:15] <steven_> ah ic
[2008/10/10 05:42:08] <steven_> exothermc_: what happens if no passwd is set ?
[2008/10/10 05:42:14] <fujin> HALT, HAMMERZEIT
[2008/10/10 05:42:16] * fujin breaks it down
[2008/10/10 05:42:43] <exothermc_> steven_: when they go to set the pass via passwd it asks for current and fails.
[2008/10/10 05:43:02] <steven_> failing that im pretty sure it can be done but will involve a fair amount of tinkering in pam config
[2008/10/10 05:43:34] <steven_> via pan you set what is required to be able to change the password etc etc how often to change, on first login etc
[2008/10/10 05:43:38] <steven_> pam *
[2008/10/10 05:43:48] <exothermc_> steven_: ahh ok
[2008/10/10 05:44:10] <steven_> exothermc_: pam is quite involved though and tricky to get right :)
[2008/10/10 05:45:20] <steven_> tip* always have a root window open somewhere when tinkering with pam ;)
[2008/10/10 05:46:40] <exothermc_> bajan: shadow doesn't seem to contain any useful info? No encrypted passwords in there.
[2008/10/10 05:51:11] <fujin> not sure where else they'd be :P
[2008/10/10 05:58:04] @ MNKl joined channel #puppet
[2008/10/10 05:59:20] <MNKl> Hi folks. Had a dumb question. I've been waffling on this for weeks. If you were going to use Puppet to bootstrap EC2 instances where would you locate the Puppetmaster?
[2008/10/10 05:59:55] <MNKl> My natural instinct is to put it at EC2 and make sure that all of the nodes that would be managed were in some access control group.
[2008/10/10 06:01:04] <MNKl> But I also have a server I could easily use possibly open up at our perimiter at work and use it as the puppet master but something doesn't feel right about locating the Puppetmaster too far from the nodes it will manage.
[2008/10/10 06:07:21] <Volcane> MNKl: put it where its secure
[2008/10/10 06:07:58] <Volcane> MNKl: the comms between clients and server is crypted and authorized with ssl, and its nott oo bad at coping with latency
[2008/10/10 06:10:06] <MNKl> Good point. For some reason I was still skittish about the connection even though it was going over SSL. Thanks for the advice!
[2008/10/10 06:20:58] <Volcane> MNKl: but if possible firewall the master to only talk to your ranges and I'd avoid autosign if you allow the whole ec2 to talk to it
[2008/10/10 06:23:10] @ Quit: thegcat:
[2008/10/10 06:31:52] <henk> http://modules.reductivelabs.com/ where did the modules go?
[2008/10/10 06:31:55] @ babysimon joined channel #puppet
[2008/10/10 06:36:20] <babysimon> I've imported our DNS (BIND 9) config into puppet in a simple-minded way. I want to start making it more generated and less static, and I want to auto-generate the serial number. But if I just stick a timestamp in an ERB template, the template will change all the time. Any ideas?
[2008/10/10 06:49:10] @ Quit: ralfgro: Read error: 104 (Connection reset by peer)
[2008/10/10 06:49:14] @ ralfgro joined channel #puppet
[2008/10/10 06:50:06] @ ruth- joined channel #puppet
[2008/10/10 06:53:15] <ruth-> Hi, i've got question about puppet and RHEL 5. Every time puppet is running on machine (in my case interval was 15 minutes) it's doing yum update. After some time i've noticed redhat had blacklisted my servers ( http://www.pastie.org/289341 ). I've added schedule daily to puppet on package and yumrepo resources but still it's trying to update yum. Is there any way to limit only that resource which is causing problem and and keep 15 minutes intervals ?
[2008/10/10 06:55:35] <bajan> Do you have any packages defined as ensure => 'latest' ?
[2008/10/10 06:55:36] <duritong> ruth-: actually there is hopefully a patch released in the next version about that see #1443
[2008/10/10 06:55:54] <ruth-> bajan: nope
[2008/10/10 06:55:56] <duritong> (if packages latest this won't work for sure)
[2008/10/10 06:56:04] <ruth-> duritong: thanks - looking
[2008/10/10 06:56:20] <duritong> if gepetto would paste the url you could jump directly
[2008/10/10 06:56:22] <duritong> :P
[2008/10/10 06:56:35] <duritong> gepetto: you are asked!
[2008/10/10 06:57:10] @ huggie joined channel #puppet
[2008/10/10 06:57:32] <huggie> Does the yum provider really not allow you to ensure => 'version' where version is less than the latest in that repo?
[2008/10/10 06:57:48] <duritong> huggie: it does
[2008/10/10 06:57:56] <duritong> why shouldn't it?
[2008/10/10 06:58:14] <huggie> duritong: It does allow you to ensure less than the latest version?
[2008/10/10 06:58:20] <duritong> yes
[2008/10/10 06:58:34] <huggie> Mmmkay. It appears to be failing here.
[2008/10/10 06:58:44] <huggie> I'll have to dig deeper then.
[2008/10/10 06:58:55] <squirrelpimp> i have a couple of classes to be included in each host. If inheritance preferred then or should i aggregate them in an base-class i include in each host?
[2008/10/10 06:58:56] <duritong> huggie: it can be a problem related to yum autoupdating the versions :-/
[2008/10/10 06:58:58] <Jaded> hmmm so, any idea why running aptitude update from puppet returns sucessful, but it hasn't actually updated ?
[2008/10/10 06:58:59] * bajan has trouble with specifiying older versions when newer ones are installed. " Could not update: Failed to update to version 2.0.0.12-1.fc6.remi, got version 3.0.1-1.fc6.remi instead"
[2008/10/10 06:59:12] <duritong> you need to exclude the packages in yum.conf
[2008/10/10 06:59:35] <bajan> Yay for yum quirks
[2008/10/10 06:59:44] <squirrelpimp> generally spoken there's the two concepts: include classes in other classes included in other classes and so on... versus: inherit from a host inherited from another host ans so on
[2008/10/10 06:59:51] <squirrelpimp> which one should i prefer?
[2008/10/10 06:59:55] <squirrelpimp> are there differences?
[2008/10/10 06:59:57] <huggie> bajan: yeah that's what we get. I've had to switch to provider => rpm, source => 'some_url'.
[2008/10/10 07:00:24] <bajan> Local repo ftw
[2008/10/10 07:00:26] <duritong> bajan, huggie : yeah that's a problem of yum
[2008/10/10 07:00:40] <duritong> and not puppet
[2008/10/10 07:00:49] * bajan figure as much
[2008/10/10 07:01:33] <huggie> Oh for a Debian environment at work.
[2008/10/10 07:04:34] <jenza> Any ides what's causing this? err: Could not retrieve catalog: Puppet::Parser::Compiler failed with error NameError: uninitialized constant ParamValue on node puppetserver
[2008/10/10 07:06:47] @ ruth- left channel #puppet ()
[2008/10/10 07:07:54] @ Quit: lefant: "leaving"
[2008/10/10 07:15:31] <fujin> jenza: wrong version of activerecord, iirc
[2008/10/10 07:15:37] <fujin> chuck --trace on your master
[2008/10/10 07:22:43] <steven_> my puppet config is growing now :) or there any tips to make debugging easier ?
[2008/10/10 07:23:52] <porridge> steven_: --debug
[2008/10/10 07:24:08] <jenza> ah
[2008/10/10 07:25:38] <steven_> squirrelpimp: im currently using a mix of both i tend to use inheritance only when im overriding something in the base class and it's a small change, but my config is organically growing and i haven't settled on a methedology yet...
[2008/10/10 07:26:49] <steven_> porridge: can i limit it to outputting data on one class ?
[2008/10/10 07:27:55] <porridge> steven_: I don't think so, but you can always grep the output for the class name :)
[2008/10/10 07:40:42] <squirrelpimp> steven_: thanks for the advice
[2008/10/10 07:40:42] <squirrelpimp> :)
[2008/10/10 08:04:08] @ Quit: jcape:
[2008/10/10 08:06:31] <jenza> fujin: chur bro that fixed it
[2008/10/10 08:08:18] @ jcape joined channel #puppet
[2008/10/10 08:09:05] @ Quit: kyrus1:
[2008/10/10 08:09:46] @ ralfgro_ joined channel #puppet
[2008/10/10 08:25:36] @ Quit: ralfgro: Read error: 110 (Connection timed out)
[2008/10/10 08:25:38] @ Quit: rgsteele\|\|work: Read error: 113 (No route to host)
[2008/10/10 08:30:27] <Disconnect> grr stupid vmware
[2008/10/10 08:30:46] <Disconnect> my life would be easier if i could actually deploy more capacity. but vdiskmanager hates me again.
[2008/10/10 08:31:33] @ teyo joined channel #puppet
[2008/10/10 08:33:19] <jenza> my life would be a billion times harder without vmware :x
[2008/10/10 08:37:47] <Disconnect> mine would be a ton easier if i had xen instead
[2008/10/10 08:38:07] <Disconnect> but we're 10-20% over cap already so room to demo xen is lacking
[2008/10/10 08:38:16] <jenza> fun times
[2008/10/10 08:38:28] @ Tengu joined channel #puppet
[2008/10/10 08:38:31] <Tengu> hello !
[2008/10/10 08:38:40] <Disconnect> (soon, soon.. "we'll be a little less hesitant to spend money on servers in the future".. no, really? we're losing a servers worth of money every day or 2.. :( ..)
[2008/10/10 08:39:00] <jenza> heh
[2008/10/10 08:39:10] <jenza> that's opex, not capex tho
[2008/10/10 08:39:46] <Tengu> just one question about "cron" type : is it really useful to notice when we put * for hour ??
[2008/10/10 08:39:56] <Disconnect> but in the meantime.. http://communities.vmware.com/thread/173453?tstart=0 :( convert a sparse image to a prealloc .. (ubuntu-vm-builder uses the qemu disk tools, which only know how to make sparse vmware images)
[2008/10/10 08:40:07] <Tengu> we use mail reporting, and.. well. it generates an email only for this thing, and it's really annoying
[2008/10/10 08:40:48] <jenza> sparse vmware images, meaning you're not actually allocating all the disk when you create it?
[2008/10/10 08:41:10] <Disconnect> yah
[2008/10/10 08:41:29] <jenza> Right, bit of a performance hit using them?
[2008/10/10 08:41:57] <Disconnect> eventually yah
[2008/10/10 08:42:14] <Disconnect> fragmentation and it goes to hell when 3-4 vms all start expanding at once
[2008/10/10 08:42:41] <Disconnect> plus, all these servers are seriously under-sized in the disk .. so the only way to check if there's room for a vm is to look at how much disk is free.
[2008/10/10 08:43:24] <jenza> ah right
[2008/10/10 08:43:54] <Disconnect> (that'll be a lot better once i get puppet rolled out all the way but for now there are 4 classes of boxes, 2 of which are puppetized and 2 aren't. plus a bunch of one-off legacy disasters..er, vms.)
[2008/10/10 08:46:00] <Disconnect> and each vmhost is at least a little different from most of its peers (anything that wasn't purchased together)
[2008/10/10 08:46:26] <jenza> Yeah I'm taking over 150 or so vm's here shortly, all centos or redhat with no puppet :/
[2008/10/10 08:46:31] @ Quit: seanmil: Remote closed the connection
[2008/10/10 08:46:34] <jenza> fun times.
[2008/10/10 08:47:01] @ Quit: kenvandine: Read error: 110 (Connection timed out)
[2008/10/10 08:48:31] @ Quit: stasheck: Remote closed the connection
[2008/10/10 08:49:33] <Disconnect> wheeee
[2008/10/10 08:49:57] <Disconnect> the huge advantage of vms is the ability to just run up a new one and turn off the old. without crossing your fingers and hoping pxeboot works :)
[2008/10/10 08:53:27] @ Quit: jcape: Read error: 110 (Connection timed out)
[2008/10/10 08:54:54] * Disconnect is in a rock/hard place with upgrading the vm hosts tho
[2008/10/10 08:55:50] <henk> how does puppet cope with debconf? mysql-server asks for the mysql-root password for example.
[2008/10/10 08:56:36] <bajan> henk: I -think- the answer that's been discussed is a seed/answer file.
[2008/10/10 08:57:00] <henk> bajan: on the ML?
[2008/10/10 08:57:10] <bajan> Just vague memory, sorry.
[2008/10/10 08:57:31] * bajan is a CentOS user, so the Debian discussions don't get much priority in terms of remembering :>
[2008/10/10 08:58:01] <Disconnect> henk: you can use preseed
[2008/10/10 08:58:20] <henk> bajan: hehe, naturally... speaking of centos: installing packages with yum is never interactive is it? no such thing as debconf, right?
[2008/10/10 08:59:15] <henk> Disconnect: preseed? i only know preseeding from the debian-installer. do you mean something like debconf-get-selections?
[2008/10/10 09:00:19] <Disconnect> http://reductivelabs.com/trac/puppet/wiki/TypeReference#package check 'responsefile'
[2008/10/10 09:00:47] <Disconnect> its a -get-selections file, yah
[2008/10/10 09:01:02] <Disconnect> there's an example somewhere in the wiki (ldap auth maybe?)
[2008/10/10 09:01:35] <henk> Disconnect: perfect! thank you :)
[2008/10/10 09:03:21] @ Quit: bajan: "Leaving."
[2008/10/10 09:05:10] @ Quit: Kindred: Read error: 104 (Connection reset by peer)
[2008/10/10 09:05:23] @ Kindred joined channel #puppet
[2008/10/10 09:08:35] @ Quit: masterzen: Read error: 104 (Connection reset by peer)
[2008/10/10 09:10:49] @ rsquared joined channel #puppet
[2008/10/10 09:14:52] @ drmikecrowe joined channel #puppet
[2008/10/10 09:18:21] <ashp> wow, .26 has a serious amount of fixes
[2008/10/10 09:20:53] @ babysimon left channel #puppet ("Ex-Chat")
[2008/10/10 09:21:14] @ masterzen joined channel #puppet
[2008/10/10 09:24:13] @ yarihm joined channel #puppet
[2008/10/10 09:27:02] @ happymcp` joined channel #puppet
[2008/10/10 09:29:38] <lazzurs> Hello, does anyone here have a way of installing yum package groups through puppet
[2008/10/10 09:30:09] @ Quit: yarihm: "Leaving"
[2008/10/10 09:30:10] <lazzurs> currently I have auto generated classes with the class name of the group and all of the packages listed in the class however I know there will be a better way of doing thisd
[2008/10/10 09:32:43] @ jbrothers joined channel #puppet
[2008/10/10 09:33:35] @ bajan joined channel #puppet
[2008/10/10 09:33:48] <mmcgrath> lazzurs: I'm not sure puppet can do that. You could create a meta package and require it.
[2008/10/10 09:34:13] <lazzurs> mmcgrath: already planning on doing that to ensure I don't have any rpms I don't want
[2008/10/10 09:35:16] <lazzurs> mmcgrath: I was looking for a quick fix until I have some code to autogenerate that rpm
[2008/10/10 09:35:50] <mmcgrath> <nod>
[2008/10/10 09:37:32] @ seanmil joined channel #puppet
[2008/10/10 09:46:19] @ flakrat joined channel #puppet
[2008/10/10 09:48:59] @ rgsteele\|\|work joined channel #puppet
[2008/10/10 09:50:06] <rgsteele\|\|work> Hey lak, do you think my comment on http://projects.reductivelabs.com/issues/show/1531 makes sense in comparison to http://projects.reductivelabs.com/issues/show/1621 ? It might simplify ctrlaltdel's task quite significantly.
[2008/10/10 09:50:13] @ jcape joined channel #puppet
[2008/10/10 09:50:59] <rgsteele\|\|work> Oh, phooey, he's not in the channel.
[2008/10/10 10:00:04] @ rutski joined channel #puppet
[2008/10/10 10:01:30] @ Quit: rutski: Client Quit
[2008/10/10 10:04:17] @ andrewcshafer joined channel #puppet
[2008/10/10 10:17:16] @ calbers joined channel #puppet
[2008/10/10 10:18:51] <calbers> Hi, Is it possible to get a service to subscribe=> to changes in a directory's contents, without specifying each file in the directory?
[2008/10/10 10:20:19] <rgsteele\|\|work> calbers: Yep.
[2008/10/10 10:20:37] <rgsteele\|\|work> Just declare that directory as a file resource, and have the service subscribe to it.
[2008/10/10 10:21:40] <rgsteele\|\|work> calbers: The one caveat is that if you specify other files underneath that directory as separate resources, they will either need to notify the service separately, or you'll have to add it to the array of FIle's the service subscribes to.
[2008/10/10 10:22:58] <calbers> Okay, I wasn't sure if puppetd considered the contents of a directory, rather than the directory's presence or absence in a subscribe =>.
[2008/10/10 10:23:31] <calbers> But you caveat is import. The issue is using monit. Appararently it need to be restarted everytime we add something to /etc/monit.d
[2008/10/10 10:23:54] <calbers> But those files in monit.d will also be file resources.
[2008/10/10 10:25:40] <calbers> In this case, how do I get a file resource to "notify" (as you say above) a service? I'd rather not use the array approach.
[2008/10/10 10:26:53] <Disconnect> go to where they are added and put a notify => in
[2008/10/10 10:27:36] <calbers> sweet.
[2008/10/10 10:32:55] @ brscott joined channel #puppet
[2008/10/10 10:33:00] @ brscott left channel #puppet ()
[2008/10/10 10:40:42] <lazzurs> Hello, is there any way I can get yum to accept duplicate package entries?
[2008/10/10 10:42:18] <Disconnect> virtualize the resource :( so you need a class that defines each and every possible package/config combo, then just realize them in the various modules :(
[2008/10/10 10:42:26] <riddley> lazzurs, I'm not sure what you mean
[2008/10/10 10:42:56] <calbers> Does puppet get along with upstart? It looks like service stop and starts depend upon the /etc/init.d stuff?
[2008/10/10 10:43:54] <lazzurs> Disconnect: errrrrrrr. that sounds well verbose
[2008/10/10 10:44:15] <Disconnect> its the only way to have 2 identical package lines in a manifest
[2008/10/10 10:44:34] <Disconnect> (by 'possible combo' i mean used in your config of course..)
[2008/10/10 10:44:44] <lazzurs> riddley: I have a class for each yum group in fedora with each package listed in the class that is in the group. I then call those classes from another class to ensure I have the up-to-date packages from that yum group
[2008/10/10 10:45:29] <Disconnect> so if you have 3 independent modules that might need xbase-clients, you need to define xbase-clients as a virtual resource and realize it 3 times. (cuz puppet won't look at 3 identical package { xbase-clients: ensure=>installed} entries without crying in the corner)
[2008/10/10 10:46:15] <lazzurs> Disconnect: when you say virtual resource what do you mean?
[2008/10/10 10:46:30] <riddley> @package
[2008/10/10 10:46:48] <riddley> the wiki has docs on virtual resources... I think it mostly covers users
[2008/10/10 10:47:20] <Disconnect> http://reductivelabs.com/trac/puppet/wiki/VirtualResources
[2008/10/10 10:50:13] <lazzurs> yea, just read that...nuts that is going to mean a whole lot of more lines :(
[2008/10/10 10:50:27] <lazzurs> seems messy but I guess I understand why it is required
[2008/10/10 10:51:13] <lazzurs> if anyone has a suggestion on how I can do this in a cleaner way I am all ears but this seems the best way to ensure these classes are reusable by other system types here
[2008/10/10 10:52:09] * Disconnect thinks the cleaner way is to let puppet go "oh no, 2 resources...wait.. they are 100% absolutely identical. so i'll just skip the 'new' one and keep going" but...
[2008/10/10 10:52:45] <lazzurs> Disconnect: well indeed, but that would just be crazy...right ;)
[2008/10/10 10:53:05] <Disconnect> ..try advocating that here for a while. it gets really ugly pretty fast. :)
[2008/10/10 10:53:27] @ ski98033 joined channel #puppet
[2008/10/10 10:54:01] <lazzurs> Disconnect: not to start the flame or anything but why is that at all a bad thing, as long as they are identical
[2008/10/10 10:54:34] <Disconnect> you're asking the wrong guy. i think that so long as they are identical its at worst a warning, but..
[2008/10/10 10:54:50] <Disconnect> hang out a bit, let the west coasters wake up and get coffee, then ask again :)
[2008/10/10 10:57:16] <lazzurs> lol
[2008/10/10 10:58:53] <lazzurs> Disconnect: so if you don't mind me asking you advice on this, I guess one way to do this is have yum::groups::fedora::printing with all the virtual defines and then have desktop::yum::groups::printing with all of the resources in that group realised?
[2008/10/10 10:59:34] <Disconnect> better is to just do yum::packages .. they get added there. then desktop::printing gets the realizations
[2008/10/10 10:59:45] <Disconnect> cuz you can add the virtual packages everywhere. and you want to.
[2008/10/10 11:00:29] <Disconnect> otherwise yum::..etc..::x11desktop can't create the (eg) cups virtualized package for desktop::..::x11desktop to realize
[2008/10/10 11:00:42] @ slj39 joined channel #puppet
[2008/10/10 11:00:44] <Disconnect> because its in printing, and if you want x11 and printing you get the same duplicate resource problem
[2008/10/10 11:01:05] <lazzurs> so you still can only realise a resource once then
[2008/10/10 11:01:05] <Disconnect> so you want a master list of virtual packages to be realized in bits and pieces (potentially overlapping) by the various modules and classes.
[2008/10/10 11:01:14] <Disconnect> you can only -virtualize- it once. you can realize it 100 times.
[2008/10/10 11:02:21] @ kyrus1 joined channel #puppet
[2008/10/10 11:02:46] @ slj39 left channel #puppet ()
[2008/10/10 11:02:55] <lazzurs> so say we have yum::packages with the list of master packages with @packages (virtual) could we then have autofs::desktop and desktop::packages realize Package[autofs}
[2008/10/10 11:03:06] <lazzurs> Package[autofs] even
[2008/10/10 11:03:38] <lazzurs> from what I understand that is still going to be a duplication?
[2008/10/10 11:04:15] <bajan> nope
[2008/10/10 11:04:26] <bajan> You pull in the virtual class once.
[2008/10/10 11:04:36] <bajan> Urr, the class/file with the virtual packages
[2008/10/10 11:04:46] <lazzurs> I guess what I do there is have autofs::desktop use virtual (eg @package) and then just have desktopsys::packages realize Package
[2008/10/10 11:05:00] <bajan> Multiple manifest files can realize the virtual package
[2008/10/10 11:05:25] <bajan> and Puppet works out that they're all references to a single package, no matter how many times they may appear
[2008/10/10 11:06:04] <lazzurs> bajan: ah, ok so I can have two @package {"autofs": ensure => latest}
[2008/10/10 11:06:14] <lazzurs> and two Package[autofs]
[2008/10/10 11:06:19] <bajan> Nope
[2008/10/10 11:06:22] <bajan> One @pacakge
[2008/10/10 11:06:51] <bajan> and multiple realize (Package[autofs])
[2008/10/10 11:07:25] @ lak joined channel #puppet
[2008/10/10 11:07:26] <lazzurs> ok, I guess I can make sense of that
[2008/10/10 11:08:06] * lazzurs wishes I had tried lcfg2 for this project first
[2008/10/10 11:08:20] <lazzurs> however puppet is by far the most popular so it is going to win I guess :)
[2008/10/10 11:09:19] <lazzurs> I guess this does give a nice level control I was not considering previously
[2008/10/10 11:09:38] <rgsteele\|\|work> Hm. Is it possible to pass multiple args to a virtual define? Something like: http://pastie.org/289471
[2008/10/10 11:10:51] <rgsteele\|\|work> Even if not that syntax, theoretically is it possible?
[2008/10/10 11:11:35] <rgsteele\|\|work> Hey lak - Mentioned this earlier, but realized you weren't in the channel. Do you think my comment on http://projects.reductivelabs.com/issues/show/1531 makes sense in comparison to http://projects.reductivelabs.com/issues/show/1621 ? It might simplify ctrlaltdel's task quite significantly.
[2008/10/10 11:11:47] <bajan> well, defines accept multiple parameters
[2008/10/10 11:12:26] <lak> rgsteele\|\|work: i'll look in a few, i'm just waking up from a long night of baby feeding
[2008/10/10 11:12:45] <rgsteele\|\|work> lak: Heh, well in that case good morning, and I hope the baby is well ;)
[2008/10/10 11:12:55] <lak> babies
[2008/10/10 11:13:02] * lak has six week old twins
[2008/10/10 11:13:06] <ashp> god
[2008/10/10 11:13:07] <ashp> six weeks
[2008/10/10 11:13:19] <ashp> i discovered you have a time bomb waiting in your future
[2008/10/10 11:13:23] <ashp> i didn't know about the teething thing
[2008/10/10 11:13:46] <ashp> turns out they suddenly stop sleeping and start screaming a lot for no reason around 4-7 months :/
[2008/10/10 11:13:52] <rgsteele\|\|work> Twins, no less!
[2008/10/10 11:14:14] <rgsteele\|\|work> I'd say you have your hands full (figuratively and probably literally :) )
[2008/10/10 11:16:51] <rgsteele\|\|work> Hm, I think my pastie doesn't quite convey what I want to do. Ideally, I'd like to realize a virtual resource, and pass args to it. So, for example, I could realize a user, and pass in some user-specific attributes as well for the define to work with.
[2008/10/10 11:19:40] @ Quit: markl_: "Lost terminal"
[2008/10/10 11:22:16] @ Quit: edwardam\|away: Read error: 110 (Connection timed out)
[2008/10/10 11:25:47] <Disconnect> rgsteele\|\|work: that sounds bad, because what if 2 modules realize it differently?
[2008/10/10 11:26:43] <Disconnect> i think the whole point of virtualized resources is that you can make what amounts to a definition (not macro-style but complete 'object'/resource), and then just have multiple classes say "i want that fully-defined thing"
[2008/10/10 11:27:16] <calbers> Is there a way to force a reinstall of a package?
[2008/10/10 11:28:47] <rgsteele\|\|work> Yeah. My specific scenario is wanting to realize a user via a virtual define, and have it automagically set up their ssh keys via ssh_authorized_key. I think I'm going to have to think up a creative way of getting that data based on the 'name' passed via realize to the virtual definition.
[2008/10/10 11:29:55] @ Quit: exothermc_:
[2008/10/10 11:29:57] <rgsteele\|\|work> Cut it down to one step, instead of "realize User["foo"])" followed by "config_sshkey { "foo": ... }"
[2008/10/10 11:30:21] <bajan> create a whole define called account. In account, realize the virtual based on the arg, then call the sshkey?
[2008/10/10 11:32:06] <rgsteele\|\|work> bajan: That's essentially what I'm doing - I've got a define that accepts a username as 'name', and does the work from there. But, ssh_authorized_key needs a lot more information than just 'name' to do it's thing.
[2008/10/10 11:32:23] <rgsteele\|\|work> Trying to figure out what the best way to get that information to the define (or in the define) is.
[2008/10/10 11:34:38] <rgsteele\|\|work> Because, the users are created with virtual defines, I have to realize them first, and then call that account definition on them. I was hoping to just be able to realize them and have that be that.
[2008/10/10 11:45:23] @ Quit: tim\|macbook: "This computer has gone to sleep"
[2008/10/10 11:47:04] @ exothermc_ joined channel #puppet
[2008/10/10 11:47:09] @ Quit: exothermc_: Remote closed the connection
[2008/10/10 11:53:16] @ Quit: raphink: "Ichthux - Linux for Christians - http://www.ichthux.com"
[2008/10/10 11:56:16] @ Quit: WALoeIII:
[2008/10/10 12:06:54] @ hacim joined channel #puppet
[2008/10/10 12:06:59] <hacim> i keep getting yaml corruption
[2008/10/10 12:08:08] @ Quit: wakko666: Remote closed the connection
[2008/10/10 12:08:44] @ tim\|macbook joined channel #puppet
[2008/10/10 12:09:43] @ wakko666 joined channel #puppet
[2008/10/10 12:15:51] @ flagg0204 joined channel #puppet
[2008/10/10 12:16:18] @ Quit: masterzen: "Leaving"
[2008/10/10 12:22:34] @ WALoeIII joined channel #puppet
[2008/10/10 12:25:35] @ Quit: DerekW: "Leaving"
[2008/10/10 12:28:33] @ Quit: bajan: "Leaving."
[2008/10/10 12:34:36] @ Quit: bkohler42: "Leaving"
[2008/10/10 12:35:06] @ Quit: meandtheshell: "Leaving."
[2008/10/10 12:56:22] @ Quit: saurabhb: "Leaving"
[2008/10/10 12:59:16] @ kolla joined channel #puppet
[2008/10/10 13:06:32] @ hypoluxa joined channel #puppet
[2008/10/10 13:06:39] @ hypoluxa left channel #puppet ()
[2008/10/10 13:10:19] @ holoway joined channel #puppet
[2008/10/10 13:10:47] @ Quit: tim\|macbook: Read error: 110 (Connection timed out)
[2008/10/10 13:29:38] @ ijcd joined channel #puppet
[2008/10/10 13:33:37] @ Quit: ijcd: Client Quit
[2008/10/10 13:36:47] <thom> i do wish i had puppetrun working
[2008/10/10 13:37:26] <sigmonsays> thom, why?
[2008/10/10 13:38:41] @ ijcd joined channel #puppet
[2008/10/10 13:39:11] @ Quit: ijcd: Client Quit
[2008/10/10 13:39:21] @ ijcd joined channel #puppet
[2008/10/10 13:39:21] <thom> it'd make what i'm doing currently an assload easier :)
[2008/10/10 13:44:48] <Volcane> do you just need to run a single class or something?
[2008/10/10 13:53:35] <justjay> okay.. now thats its a decent hour.. who here is running their puppetmasterd infrastructure on more than one box?
[2008/10/10 13:55:32] @ masterzen joined channel #puppet
[2008/10/10 13:58:12] @ Quit: emerose:
[2008/10/10 14:03:43] @ Quit: mattf: Read error: 110 (Connection timed out)
[2008/10/10 14:06:41] <thom> Volcane: no, push configs to 18 boxes urgently
[2008/10/10 14:08:58] <rgsteele\|\|work> Hm, ctrlaltdel ever pop in this channel?
[2008/10/10 14:15:41] @ tim\|macbook joined channel #puppet
[2008/10/10 14:17:22] @ Quit: Innocenti: Read error: 110 (Connection timed out)
[2008/10/10 14:21:46] @ tim\|mb joined channel #puppet
[2008/10/10 14:23:41] @ emerose joined channel #puppet
[2008/10/10 14:24:31] @ plathrop joined channel #puppet
[2008/10/10 14:25:41] @ Quit: tim\|mb: Client Quit
[2008/10/10 14:28:18] @ holoway is now known as holoway-lunch
[2008/10/10 14:28:24] @ holoway-lunch is now known as holoway\|away
[2008/10/10 14:34:30] @ jerico joined channel #puppet
[2008/10/10 14:35:01] <sigmonsays> can I have multiple node statements?
[2008/10/10 14:35:04] <sigmonsays> (for the same node)
[2008/10/10 14:35:36] <sigmonsays> I have a script which could potentially generate portions of site.pp -- however node 'somehost' { } would occur twice
[2008/10/10 14:36:28] <plathrop> sigmonsays: Nope. nodes need to be unique
[2008/10/10 14:36:53] <sigmonsays> Hrm. guess i'll wait till I can automate it all then ;)
[2008/10/10 14:37:11] <jerico> Hi all! How do I read a resource's attribute into a variable (e.g. the resource type's platform attribute)? I have looked through Language Guide (where I'd expected the info), FAQ, Type Reference. Didn't find it...
[2008/10/10 14:38:22] <sigmonsays> i'm not sure what platform is. what resource is this for?
[2008/10/10 14:39:14] <jerico> sigmonsays: platform is an attribute of the package type.
[2008/10/10 14:39:49] @ Quit: emerose: Read error: 110 (Connection timed out)
[2008/10/10 14:39:53] <jerico> This was just an example. I guess that it should be possible to read any of the attributes somehow. It wouldn't make sense to provide read-only attributes otherwise...
[2008/10/10 14:40:05] @ mattf joined channel #puppet
[2008/10/10 14:40:57] * sigmonsays isn't that complex ;)
[2008/10/10 14:41:04] <Disconnect> damnit. "oh btw i turned off the new appservers because the host was slow" "the host was slow cuz i was configuring the appserver" "oh, well maybe we should just turn off he other appservers" .. (remmeber from earlier how we're totally oversubscribed?)
[2008/10/10 14:41:06] @ cote joined channel #puppet
[2008/10/10 14:41:57] <jerico> palathrop in respone to sigmonsays: Wouldn't it be possible to say case$nodetype { type1: node{...} type2: node{...} }? Why else would you like to have two node definitions?
[2008/10/10 14:44:21] <justjay> can anyone answer a CA questoin for me?
[2008/10/10 14:44:21] <justjay> question
[2008/10/10 14:44:24] <jerico> Just ask ;-)
[2008/10/10 14:45:39] @ Quit: roald: Remote closed the connection
[2008/10/10 14:46:12] @ Quit: tim\|macbook: Read error: 110 (Connection timed out)
[2008/10/10 14:47:10] @ Quit: calbers: Remote closed the connection
[2008/10/10 14:48:56] <justjay> okay.... so.. i am going to have 2 puppetmasterd's .. identical.. if one signs a cert.. will the other be happy with that?
[2008/10/10 14:49:05] <justjay> going to put a load balancer in front of that
[2008/10/10 14:49:33] <jerico> Hi all! How do I read a resource's attribute into a variable? $myvar = Package[xyz]::ensure ...?
[2008/10/10 14:50:16] <jerico> justjay: I guess no as the other wouldn't have the signed certificate ready.
[2008/10/10 14:51:09] <justjay> but its trusted and its signed with its key
[2008/10/10 14:51:20] <justjay> as they both have the same key.. i mean i can setup a box that runs a CA only and thats fine..
[2008/10/10 14:51:33] <justjay> just trying to weigh my options here before i go crazy setting this all up
[2008/10/10 14:52:07] <jerico> justjay: The signed certificates are stored in /var/lib/puppet/ssl. So if the signed cert is not present on both servers it won't work on both.
[2008/10/10 14:52:41] <jerico> justjay: You can however transport the signed certificate manually from one server to the other and the other puppetmasterd should then accept the same client.
[2008/10/10 14:53:46] <jerico> justjay: the signed certs are stored in /var/lib/puppet/ssl/ca/signed to be more specific.
[2008/10/10 14:54:04] <justjay> i could just setup a puppetmaster to be a CA and do the whole pki trust /chain b/s
[2008/10/10 14:54:06] <jerico> justjay: It's ease to identify them there because they are named after the client host.
[2008/10/10 14:54:45] <justjay> ideally i dont want o have to slepp files between servers
[2008/10/10 14:55:11] <jerico> justjay: Then you'd have to sign the request twice, once for each puppetmaster
[2008/10/10 14:55:24] <justjay> why?
[2008/10/10 14:55:33] <justjay> isnt that the point of pki?
[2008/10/10 14:55:45] <justjay> if each puppetmaster gets its cert from the ca?
[2008/10/10 14:55:51] <justjay> gets it signed
[2008/10/10 14:55:52] <justjay> that is
[2008/10/10 14:56:08] @ Quit: masterzen: "This computer has gone to sleep"
[2008/10/10 14:56:56] <jerico> justjay: even if both puppetmaster instances use exactly the same private root key and root certificate (which would make the signed certificates of both CAs interchangeable) you still have to have the client certificate present on both puppetmasterd servers.
[2008/10/10 14:57:37] <justjay> but what if they dont
[2008/10/10 14:57:55] <justjay> what if they just have certs from a ca
[2008/10/10 14:58:03] <justjay> err signed from a ca.. like.. our current internal ca
[2008/10/10 14:58:26] <jerico> justjay: I am doing exactly that: I am using internally signed certificates.
[2008/10/10 14:58:50] <jerico> justjay: Maybe I am wrong on the presence of client keys in /var/lib/puppet/ssl/ca/signed.
[2008/10/10 14:59:03] <jerico> justjay: Let me do a quick test.
[2008/10/10 14:59:19] <justjay> i want to move the chain up..
[2008/10/10 14:59:36] <justjay> i can manually split load like the current wiki article suggests.... but i would rather load balance and be able to deal with a puppetmasterd blowing up
[2008/10/10 15:01:10] <jerico> justjay: I am sorry, you're right. It's not necessary that they are present on the server, it's enough for them to be signed by the root ca. :-o
[2008/10/10 15:01:47] <jerico> justjay: This means that it is ok as long as you use the same trusted root ca for both servers.
[2008/10/10 15:02:06] <Volcane> look on the wiki, you can seperate the CA
[2008/10/10 15:02:57] <jerico> Volcane: I wrote this part of the wiki, so if I am telling bullshit here, I told there as well. :-D But it's ok. I am using an external CA here so I can confirm that this works.
[2008/10/10 15:03:40] <Volcane> jerico: ok :)
[2008/10/10 15:03:41] <jerico> Volcane: We had a security discussion about the CA recently with luke that's why we included the external CA thing.
[2008/10/10 15:04:07] <lak> what kind of security discussiona round the ca is necessary?
[2008/10/10 15:04:09] <jerico> Volcane: Implementing a separate CA in puppet as a configuration option would be too much work.
[2008/10/10 15:04:44] @ WALoeIII_ joined channel #puppet
[2008/10/10 15:04:48] <jerico> lak: You can read the bug description that is attached with the wiki entry. We have discussed the CA thing at some length there.
[2008/10/10 15:05:03] <jerico> lak: I'll post you the link, just a second.
[2008/10/10 15:05:59] <lak> ok
[2008/10/10 15:06:03] <jerico> lak: http://projects.reductivelabs.com/issues/show/1590
[2008/10/10 15:06:21] <jerico> And see this entry: Manual CA Configuration (optional) on http://reductivelabs.com/trac/puppet/wiki/CertificatesAndSecurity#Certificates
[2008/10/10 15:06:36] <lak> jerico: i'm on the phone, but i'll read through the irc conversation
[2008/10/10 15:06:43] <lak> is that ticket the only problem, though?
[2008/10/10 15:06:48] <lak> is there something new?
[2008/10/10 15:07:00] <jerico> lak: no more problem there as we have the manual configuration option.
[2008/10/10 15:07:21] <jerico> lak: The ticket contains the whole discussion. No mails or something aside.
[2008/10/10 15:07:26] <lak> ok
[2008/10/10 15:07:27] <jerico> lak: No need to panic ;-) You'll see that the discussion is quite balanced.
[2008/10/10 15:09:23] <jerico> With the CA discussion this couldn't be answered yet... How do I read a resource's attribute into a variable? $myvar = Package[xyz]::ensure ...? Can anybody help?
[2008/10/10 15:09:48] * Volcane had tons of these today: puppetd[19935]: Could not load cached catalog: syntax error on line 2, col 0: `Class:#016@children[#006o;
[2008/10/10 15:09:58] <Volcane> delete localconfig.yaml everywhere and it went away
[2008/10/10 15:10:19] @ Quit: jbooth_: "Lost terminal"
[2008/10/10 15:22:07] @ Quit: WALoeIII: Read error: 113 (No route to host)
[2008/10/10 15:23:14] @ holoway\|away is now known as holoway
[2008/10/10 15:27:36] @ tim\|macbook joined channel #puppet
[2008/10/10 15:34:54] @ emerose joined channel #puppet
[2008/10/10 15:35:54] @ mashmore joined channel #puppet
[2008/10/10 15:37:08] @ Quit: holoway:
[2008/10/10 15:37:57] @ Quit: tim\|macbook: "This computer has gone to sleep"
[2008/10/10 15:38:55] @ edwardam joined channel #puppet
[2008/10/10 15:44:54] @ Quit: Kindred: Read error: 54 (Connection reset by peer)
[2008/10/10 15:45:03] @ Kindred joined channel #puppet
[2008/10/10 15:45:11] <squirrelpimp> how do i reboot a machine using puppet after installation of a package?
[2008/10/10 15:45:13] @ Quit: seanmil: Remote closed the connection
[2008/10/10 15:45:27] <squirrelpimp> is there something like reboot => true, ?
[2008/10/10 15:45:46] <Volcane> use an exec that you notify from the package
[2008/10/10 15:45:55] <squirrelpimp> Volcane: thanks
[2008/10/10 15:46:05] <Volcane> make the exec refreshonly
[2008/10/10 15:47:57] @ masterzen joined channel #puppet
[2008/10/10 15:48:51] @ Quit: masterzen: Client Quit
[2008/10/10 15:50:31] <squirrelpimp> Volcane: can i declare that exec outside of any class?
[2008/10/10 15:50:47] <squirrelpimp> and notify it from inside the package from inside a class?
[2008/10/10 15:51:06] <squirrelpimp> or do i have to declare it virtual and realize it inside my class first?
[2008/10/10 15:51:55] <Volcane> not sure if you can do it virtually and realise it, you can define somewhere where common things get defined i guess
[2008/10/10 15:52:02] <Volcane> as long as its in scope
[2008/10/10 15:52:52] <squirrelpimp> it's all about a kernel-package being installed
[2008/10/10 15:53:01] <squirrelpimp> maybe i should just put that into the kickstart-config
[2008/10/10 15:53:02] <squirrelpimp> :)
[2008/10/10 15:53:36] <Volcane> possibly :)
[2008/10/10 15:57:56] @ omry_ joined channel #puppet
[2008/10/10 15:58:29] <omry_> heya, how do I remove clients from the puppetca --list output? I got some bogus entires there.
[2008/10/10 15:59:02] <Volcane> delete them from /var/lib/puppet/ssl/ca/requests
[2008/10/10 15:59:45] <omry_> thanks
[2008/10/10 16:00:13] @ Quit: edwardam: Connection timed out
[2008/10/10 16:01:54] @ holoway joined channel #puppet
[2008/10/10 16:03:38] <rgsteele\|\|work> lak: Don't suppose you've had a chance to take a gander at http://projects.reductivelabs.com/issues/show/1531 at all today? If not, no worries.
[2008/10/10 16:04:09] <lak> what would the name of the key be if it's not the comment?
[2008/10/10 16:05:29] <ashp> urgh i need to write a bunch of defines and clever stuff but i'm way too damn tired
[2008/10/10 16:05:35] <ashp> lak: did they ever sort out your payment btw?
[2008/10/10 16:05:44] <lak> i assume so?
[2008/10/10 16:05:52] <lak> i haven't heard anything, but it usually takes a month+
[2008/10/10 16:06:01] <ashp> oh ok, i just assumed it was going to magically automatically happen
[2008/10/10 16:06:15] <ashp> i dunno why i check, carrie, the woman who does this, is the most competent person here
[2008/10/10 16:06:21] <rgsteele\|\|work> lak: The key hash itself.
[2008/10/10 16:06:32] <lak> ashp: heh
[2008/10/10 16:06:35] <lak> always a feature
[2008/10/10 16:06:41] <rgsteele\|\|work> The comment is way too likely to cause collisions.
[2008/10/10 16:06:52] <rgsteele\|\|work> The key itself will almost always be unique.
[2008/10/10 16:06:52] <ashp> i hate this, i need to write my ldap module so that I can have multiple copies of ldap running at the same time
[2008/10/10 16:06:55] <lak> usually the competent people are in charge of retrieving money, an the incompetent ones in charge of sending it out :)
[2008/10/10 16:06:56] <ashp> which is horrible
[2008/10/10 16:07:08] <lak> rgsteele\|\|work: why would the comment have collisions?
[2008/10/10 16:07:18] <lak> and if so, why not just use a comment w/out them?
[2008/10/10 16:07:28] <rgsteele\|\|work> For example, if you create a dsa and rsa key at the same time, they'll both have the same comment.
[2008/10/10 16:09:25] <rgsteele\|\|work> It seems to me that the easy way around this is to have the key be the unique name, instead of trying to dream up comment naming schemes like "dan_rootkey_somebox", "dan_dankey_somebox", "dan_dankey_someotherbox".
[2008/10/10 16:09:43] <rgsteele\|\|work> And just provide an array of 'target' files.
[2008/10/10 16:10:02] <rgsteele\|\|work> This way, you can have multiple files for one key, without elaborate naming schemes.
[2008/10/10 16:10:10] <rgsteele\|\|work> And, you don't have to worry about a composite key.
[2008/10/10 16:12:06] <rgsteele\|\|work> lak: It seems the advantages here over composite keys is that it's simpler to implement, still allows you to have multiple key files per key, and does so using a single resource instead of many.
[2008/10/10 16:12:48] <lak> if you have multiple keys per comment, then the solution should be to refactor the type to support that, i would that
[2008/10/10 16:12:53] <lak> but maybe not
[2008/10/10 16:13:07] <lak> i would think, not "that"
[2008/10/10 16:14:13] <omry_> is it possible to use syntax like file {["/etc/exports","/etc/hosts.allow"]: ? my problem is with the source property, how do I specify that the source is puppet://puppet/files/$FILE ,where file is one of the files in the array ?
[2008/10/10 16:15:47] <rgsteele\|\|work> lak: Well, this solution does allow multiple keys per comment, without a huge code overhaul. All that really needs to happen is for the 'target' attribute to support arrays, and behind the scenes, the ssh_authorized_key type could assign the comment to a 'comment' attribute, instead of the current (admittedly poorly) method of assigning it to 'name'.
[2008/10/10 16:16:28] <Volcane> omry_: u need to write a define
[2008/10/10 16:16:33] <lak> omry_: you can use that syntax only if all of the attributes are exactly the same
[2008/10/10 16:16:40] <lak> otherwise, as volcane says, you need to use a define
[2008/10/10 16:16:54] <lak> i've considered adding some kind of % syntax that would allow late-binding evaluation in parameters
[2008/10/10 16:17:02] <omry_> lak, so it never applicable for files.
[2008/10/10 16:17:03] <Volcane> lak: that would be kewl
[2008/10/10 16:17:34] <Volcane> lak: would it be possible to add a variable reflecting the current class/module?
[2008/10/10 16:17:55] <lak> omry_: i use it for files all the time
[2008/10/10 16:18:01] <lak> Volcane: dunno, haven't really thought about it
[2008/10/10 16:18:15] <omry_> lak, but the file source is never the same
[2008/10/10 16:18:19] <Volcane> lak: would be nice to write a remotefile type thing that automagically aware of what module you're in
[2008/10/10 16:18:19] <omry_> otherwise it's the same file
[2008/10/10 16:18:32] <rgsteele\|\|work> Maybe it's just me, but if the user's key belongs in 50 authorized_keys files, it makes way more sense to have one resource with an array of 50 targets, than 50 wholly separate resources.
[2008/10/10 16:18:39] <lak> but it seems unnecessary -- we've already got bugs open to make class and module names available as variables
[2008/10/10 16:18:39] <rgsteele\|\|work> Especially if they accomplish the same thing.
[2008/10/10 16:18:47] <Volcane> lak: ah
[2008/10/10 16:18:48] <lak> rgsteele\|\|work: i agree that target should support arrays
[2008/10/10 16:18:57] <lak> omry_: i often manage files w/out sources
[2008/10/10 16:19:10] <lak> saying something is useless with files that have sources != useless with files
[2008/10/10 16:19:25] <lak> but i agree with your basic sentiment -- this doesn't work if you specify file sources, generally
[2008/10/10 16:20:39] <rgsteele\|\|work> lak: Then, in that case, can we remove the blocking on #1521 by the ticket assigned to composite keys?
[2008/10/10 16:20:59] <rgsteele\|\|work> This way, we can hopefully get it out sooner, since the implementation is simpler.
[2008/10/10 16:21:43] <lak> you mean 1531?
[2008/10/10 16:22:02] <rgsteele\|\|work> Er, yes, #1531, sorry.
[2008/10/10 16:22:31] <lak> can you open a different ticket for the target being an array?
[2008/10/10 16:22:42] <lak> that's essentially orthogonal to what the namevar is
[2008/10/10 16:23:20] @ Quit: jerico: Read error: 104 (Connection reset by peer)
[2008/10/10 16:25:16] <rgsteele\|\|work> lak: Yeah, can do.
[2008/10/10 16:30:06] <rgsteele\|\|work> lak: Although, I'm still not sure we really need composite keys to solve #1531. The key alone is all we really need if target supports arrays.
[2008/10/10 16:30:16] <rgsteele\|\|work> It really makes the big chunk of that ticket moot.
[2008/10/10 16:31:16] <lak> i guess you're right
[2008/10/10 16:31:35] <lak> the key still really feels like an attribute rather than the namevar, but i guess, generally, it's unique in a given file
[2008/10/10 16:33:31] <rgsteele\|\|work> lak: I argued that point too, but got shot down. The reason I didn't fight it harder is that given the declarative nature of Puppet, you really need a unique identifier. It's not really practical to have the username be the identifier and have arrays of keys, comments, types, because then you have to deal with mapping them properly and it'd get really ugly.
[2008/10/10 16:34:22] @ Quit: jcape: Read error: 110 (Connection timed out)
[2008/10/10 16:35:10] @ masterzen joined channel #puppet
[2008/10/10 16:35:47] <rgsteele\|\|work> It is ugly to have such a long hex string be the resource title, but I think it's probably the best option. It sucks in that you have to have multiple blocks for each user (one for each key they have), but I can't really find a good implementation in my mind where the user is the resource title, and that single resource contains all the keys, comments, etc. (even though that may be a more...
[2008/10/10 16:35:50] <rgsteele\|\|work> ...logical grouping)
[2008/10/10 16:41:41] @ Quit: rsquared: "Leaving"
[2008/10/10 16:51:12] @ edwardam joined channel #puppet
[2008/10/10 16:52:12] @ Quit: lak:
[2008/10/10 16:53:37] <omry_> in mount, when specifying the options, should I use quotes? mount options contains commas and it will confuse the parser.
[2008/10/10 16:55:29] @ Quit: kyrus1:
[2008/10/10 16:59:04] @ Quit: masterzen: "Exploring other worlds"
[2008/10/10 17:00:55] @ Quit: jbrothers: "Leaving."
[2008/10/10 17:02:31] <Volcane> use quotes for most things
[2008/10/10 17:04:15] <Volcane> even if not needed, i find it makes this more readable
[2008/10/10 17:06:24] @ Quit: rgsteele\|\|work: Remote closed the connection
[2008/10/10 17:11:26] @ lak joined channel #puppet
[2008/10/10 17:11:57] <omry_> I have a strange problem with mount, trying to mount an nfs dir. http://pastebin.ca/1224915
[2008/10/10 17:12:13] <omry_> everything looks okay, but nothing gets mounted.
[2008/10/10 17:16:59] @ flakrat_ joined channel #puppet
[2008/10/10 17:18:21] @ Quit: WALoeIII_: Remote closed the connection
[2008/10/10 17:18:52] @ WALoeIII joined channel #puppet
[2008/10/10 17:23:31] @ Quit: mattf: Read error: 110 (Connection timed out)
[2008/10/10 17:25:23] @ Quit: lak:
[2008/10/10 17:28:35] @ Quit: flakrat: Read error: 110 (Connection timed out)
[2008/10/10 17:35:41] @ jcape joined channel #puppet
[2008/10/10 17:36:07] <squirrelpimp> if a exec is omitted, will a required exec still be executed?
[2008/10/10 17:36:14] @ kambiz is now known as zombiz
[2008/10/10 17:36:26] @ zombiz is now known as kambiz
[2008/10/10 17:37:13] <Volcane> if its not included anywhere you mean?
[2008/10/10 17:37:27] <squirrelpimp> yes
[2008/10/10 17:37:46] <Volcane> then its as good as non existing
[2008/10/10 17:37:58] <squirrelpimp> but i think i can answer this myself: it should be executed anyways, because it might be used by only-if
[2008/10/10 17:38:22] <squirrelpimp> by omitted i meant "only-if fails"
[2008/10/10 17:38:27] @ Quit: kambiz: "Coyote finally caught me"
[2008/10/10 17:38:29] <Volcane> oh
[2008/10/10 17:38:51] <squirrelpimp> i need a best-practice way to execute a script which will create a directory if it is not present yet
[2008/10/10 17:38:54] <Volcane> think it does, but easy to test :)
[2008/10/10 17:38:56] @ kambiz joined channel #puppet
[2008/10/10 17:39:14] <squirrelpimp> i currently move the script there using file{... but i'd like to remove it after it's finished
[2008/10/10 17:39:26] <squirrelpimp> so i'd need some only-if for file i guess
[2008/10/10 17:39:42] <squirrelpimp> of course the script can delete itself, but puppet will recreate it next time
[2008/10/10 17:40:54] <Volcane> http://pastie.org/289723
[2008/10/10 17:40:54] <Volcane> its nasty
[2008/10/10 17:41:05] <squirrelpimp> thanks
[2008/10/10 17:41:09] <Volcane> but that allows a developer to replace /www with a symlink to his own svn checkout
[2008/10/10 17:41:17] <Volcane> and puppet will not freak out and break the symlink
[2008/10/10 17:41:23] <Volcane> but if nothings there, it'll make a dir
[2008/10/10 17:42:27] <omry_> Volcane, no idea on my mount problem?
[2008/10/10 17:43:05] @ omry_ is now known as omry
[2008/10/10 17:43:44] <squirrelpimp> omry: try ensure => mounted,
[2008/10/10 17:45:36] <omry> squirrelpimp, thanks. now it looks like it's trying to mount and fail. should be easy to fix.
[2008/10/10 17:49:06] @ seanmil joined channel #puppet
[2008/10/10 18:03:03] @ Quit: flagg0204: "Leaving"
[2008/10/10 18:16:56] @ Quit: kolla: Remote closed the connection
[2008/10/10 18:18:59] @ auser joined channel #puppet
[2008/10/10 18:23:21] @ Quit: flakrat_: "Leaving"
[2008/10/10 18:28:56] @ kolla joined channel #puppet
[2008/10/10 18:31:50] @ Quit: tbone-atl: "Leaving"
[2008/10/10 18:39:13] @ elijahwright1 joined channel #puppet
[2008/10/10 18:39:53] @ Quit: elijahwright: Read error: 110 (Connection timed out)
[2008/10/10 18:40:58] @ mattf joined channel #puppet
[2008/10/10 18:41:07] @ dragonball_ joined channel #puppet
[2008/10/10 18:57:18] @ nasrat joined channel #puppet
[2008/10/10 18:57:41] <nasrat> jamesturnbull: ping
[2008/10/10 19:00:39] @ Quit: dragonball_: "Leaving"
[2008/10/10 19:02:23] @ Quit: aymerick:
[2008/10/10 19:10:20] @ Quit: nasrat:
[2008/10/10 19:16:58] @ lak joined channel #puppet
[2008/10/10 19:26:46] @ jerico joined channel #puppet
[2008/10/10 19:27:08] @ Quit: freiheit:
[2008/10/10 19:28:17] <jerico> Hi! I've asked earlier today on this channel but nobody could give an answer: Is it possible to read attributes of a type instance into a variable? S.th. like $myvar = Package[xyz]::ensure. I guess this should somehow be possible as there are some read-only attributes in several types...
[2008/10/10 19:30:07] @ Quit: jcape: Read error: 110 (Connection timed out)
[2008/10/10 19:39:22] @ Quit: paha001: Remote closed the connection
[2008/10/10 19:49:27] <holoway> jerico: I do not believe so
[2008/10/10 19:51:07] <jerico> holoway: ok, than I should better stop searching. ;-) Just wondering what these read-only params are about then... Thanks anyway.
[2008/10/10 20:01:09] @ jcape joined channel #puppet
[2008/10/10 20:02:02] @ Quit: auser:
[2008/10/10 20:09:28] @ Quit: plathrop: "ERC Version 5.2 (IRC client for Emacs)"
[2008/10/10 20:10:59] @ Quit: lak:
[2008/10/10 20:13:42] @ Quit: sigmonsays: Read error: 110 (Connection timed out)
[2008/10/10 20:16:12] @ ski98033 left channel #puppet ()
[2008/10/10 20:16:18] @ sigmonsays joined channel #puppet
[2008/10/10 20:34:40] <josb> Q: are external node parameters supposed to be availabe inside erb templates?
[2008/10/10 20:35:08] <holoway> josb: yes
[2008/10/10 20:36:02] <josb> holoway: I have a parameter `foo' set to "true", and I would expect it to be available inside the the template as `foo' but it is not
[2008/10/10 20:36:38] <josb> holoway: it's only set for a single host so in the template I have to do: <% foo \|\|= false %>
[2008/10/10 20:37:19] <holoway> hrm.. so, the variables in the template aren't actually variables, they are method_missing catches that check for the existence of the parameter
[2008/10/10 20:37:37] <josb> holoway: but even on that host the value ends up being `false' as a result of the assignment. I would expect it to have the value "true" for that singel host.
[2008/10/10 20:37:48] <holoway> my guess is that by defining foo, you never reach method_missing
[2008/10/10 20:38:03] <josb> holoway: ah. The assignment breaks it
[2008/10/10 20:38:18] <holoway> right
[2008/10/10 20:38:24] <josb> holoway: whoch means I should use defined? ?
[2008/10/10 20:38:33] <holoway> what version of puppet?
[2008/10/10 20:38:35] <holoway> 0.24.5?
[2008/10/10 20:38:38] <josb> 0.24.5
[2008/10/10 20:38:57] <holoway> you might try 0.24.6rc1, which makes things available as variables
[2008/10/10 20:39:03] <holoway> otherwise, you need to do some deep magic
[2008/10/10 20:39:38] <josb> Hm
[2008/10/10 20:39:46] <josb> defined? doesn't work?
[2008/10/10 20:40:37] <holoway> http://projects.reductivelabs.com/issues/show/1177
[2008/10/10 20:40:41] <holoway> has the details
[2008/10/10 20:41:44] <josb> Thanks holoway. Does @scope.lookupvar("variable"), false) still work in 0.24.5? (I plan on upgrading to 0.24.6 when it is out, but not now.)
[2008/10/10 20:43:50] <holoway> it should, yes
[2008/10/10 20:43:55] <josb> testing now...
[2008/10/10 20:44:12] <holoway> ahh
[2008/10/10 20:44:14] <holoway> 0.24.5 might have
[2008/10/10 20:44:19] <holoway> has_variable?("foo")
[2008/10/10 20:45:28] <josb> Okay, I'll try that
[2008/10/10 20:47:22] <josb> Seems to work!
[2008/10/10 20:48:02] <holoway> awesome
[2008/10/10 20:48:14] <holoway> sorry I forgot my own patch had been merged
[2008/10/10 20:48:14] <holoway> :)
[2008/10/10 20:48:44] @ WALoeIII_ joined channel #puppet
[2008/10/10 20:50:57] @ Quit: jcape: Read error: 110 (Connection timed out)
[2008/10/10 20:55:06] @ lak joined channel #puppet
[2008/10/10 20:55:57] @ Quit: holoway:
[2008/10/10 20:57:57] @ Quit: lak: Client Quit
[2008/10/10 21:04:17] @ Quit: WALoeIII: Read error: 113 (No route to host)
[2008/10/10 21:06:32] @ Quit: WALoeIII_: Read error: 113 (No route to host)
[2008/10/10 21:30:14] @ jonj joined channel #puppet
[2008/10/10 21:34:08] @ ijcd_ joined channel #puppet
[2008/10/10 21:36:13] @ ijcd__ joined channel #puppet
[2008/10/10 21:36:13] @ Quit: ijcd_: Read error: 104 (Connection reset by peer)
[2008/10/10 21:37:39] @ Quit: mashmore: "[bamfout]"
[2008/10/10 21:43:50] @ WALoeIII joined channel #puppet
[2008/10/10 21:48:30] @ Quit: WALoeIII: Client Quit
[2008/10/10 21:50:21] @ Quit: ijcd: Read error: 110 (Connection timed out)
[2008/10/10 21:51:04] @ Quit: elijahwright1: Read error: 110 (Connection timed out)
[2008/10/10 21:51:37] @ elijahwright joined channel #puppet
[2008/10/10 22:04:38] @ Quit: andrewcshafer:
[2008/10/10 22:13:14] @ mashmore joined channel #puppet
[2008/10/10 22:19:14] <jerico> Why is there a distinction between definitions and classes? I find this quite couter-intuitive...
[2008/10/10 22:19:45] <jerico> {singleton\|prototype} class <classname> [($par1, [$par2, [...]])] {
[2008/10/10 22:19:45] <jerico> ...
[2008/10/10 22:19:45] <jerico> $instance-var = ...