Tuesday, 2009-03-31

[2009/03/31 00:00:09] @ Log started by gepetto
[2009/03/31 00:00:09] <lak> but now it's my bedtime
[2009/03/31 00:00:42] @ Quit: lak:
[2009/03/31 00:05:27] <eythian> hmm, I think it may have been a problem elsewhere in the config that was showing up as an error here.
[2009/03/31 00:07:41] <joe-mac> ugh as usualy, #ubuntu is nearlyt useless sorry to go OT guys but does anyone here know anything about blu ray? if so PM me
[2009/03/31 00:07:43] <joe-mac> thanks
[2009/03/31 00:26:26] @ Quit: eythian: Read error: 54 (Connection reset by peer)
[2009/03/31 00:26:29] @ eythian_ joined channel #puppet
[2009/03/31 00:27:12] @ joe-mac1 joined channel #puppet
[2009/03/31 00:27:18] @ Quit: joe-mac: "Leaving."
[2009/03/31 00:28:21] @ Quit: claymation_:
[2009/03/31 00:28:30] @ Quit: joe-mac1: Remote closed the connection
[2009/03/31 00:29:18] @ joe-mac joined channel #puppet
[2009/03/31 00:29:33] <joe-mac> join #ubuntu
[2009/03/31 00:41:23] @ andrewcshafer joined channel #puppet
[2009/03/31 00:48:46] @ claymation joined channel #puppet
[2009/03/31 00:55:50] @ shake-n-bake joined channel #puppet
[2009/03/31 01:16:14] @ jhelwig joined channel #puppet
[2009/03/31 01:18:38] @ Quit: jhelwig_: Read error: 110 (Connection timed out)
[2009/03/31 01:20:05] @ Quit: justdave: Read error: 101 (Network is unreachable)
[2009/03/31 01:22:38] @ justdave joined channel #puppet
[2009/03/31 01:24:30] @ Quit: yure: "Odhajam"
[2009/03/31 01:35:14] <FiXion> eythian_: I made custom facts work by creating a module, which included the facts.
[2009/03/31 01:35:26] <FiXion> eythian_: using the puppet version from ubuntu 8.04
[2009/03/31 01:35:37] <FiXion> 0.24.3 I believe
[2009/03/31 01:35:58] <FiXion> I only had problems with the distribution to clients though.
[2009/03/31 01:47:31] <eythian_> FiXion: I got it working fine after a while. Turned out I was doing something else wrong that had similar symptoms. With puppet distributing the fact script, they're the same across all machines, which is handy.
[2009/03/31 01:47:35] @ eythian_ is now known as eythian
[2009/03/31 01:47:46] <eythian> FiXion: it turns out it's pretty simple to get it going.
[2009/03/31 01:48:17] @ Quit: alfism: "Connection reset by beer"
[2009/03/31 01:59:14] <joe-mac> yea cept pupet is missing some useful features in the ubuntu pkg
[2009/03/31 01:59:28] <joe-mac> another one i found today was the has_variable function
[2009/03/31 01:59:49] <joe-mac> still haevn;t figured a nice way around that one
[2009/03/31 02:01:52] <FiXion> joe-mac: has_variable?
[2009/03/31 02:02:11] <FiXion> I could just compile a new deb from the latest puppet version if it was necessary.
[2009/03/31 02:02:15] <FiXion> I did that with Nagios.
[2009/03/31 02:02:23] <FiXion> Ubuntu-8.04 includes Nagios2..
[2009/03/31 02:02:25] <FiXion> :)
[2009/03/31 02:03:58] <joe-mac> FiXion: volcane pointed that one out to me i think. say you;'re in an erb template
[2009/03/31 02:04:07] <joe-mac> you can't just do if variable
[2009/03/31 02:04:09] <joe-mac> like a bool
[2009/03/31 02:04:26] <joe-mac> cause if it hasn't been defined, the template won't compile, due to some kind of scoping problem
[2009/03/31 02:04:39] <joe-mac> so there is a function called has_variable? that works properly
[2009/03/31 02:04:49] <joe-mac> but the ubuntu lts package doesn't include it
[2009/03/31 02:04:54] @ toi joined channel #puppet
[2009/03/31 02:05:18] <joe-mac> and tyes i am aware of no nagios3 heh, i compile it along with nsca from source, i actually made a pretty sweet source definition
[2009/03/31 02:05:26] <joe-mac> well, source_package
[2009/03/31 02:05:39] <joe-mac> only problem is that there is no onlyif metaparam
[2009/03/31 02:06:00] <joe-mac> so it always tries to copy over all those small source code files
[2009/03/31 02:06:08] <joe-mac> other than that IIRC it worked like a dream
[2009/03/31 02:06:37] <joe-mac> i could easily update my boxen by putting a new source folder on there and pointing the manifest at the new version
[2009/03/31 02:06:46] <FiXion> joe-mac: what variables is it that you only define in some cases?
[2009/03/31 02:06:51] @ Quit: bgupta: Read error: 110 (Connection timed out)
[2009/03/31 02:07:08] <FiXion> I haven't had the need for that yet. I've used case extensively instead :)
[2009/03/31 02:07:21] <joe-mac> in this specific case the ip address of the virtual host and the ports it shoul dhacve access to
[2009/03/31 02:07:31] @ Quit: Djelibeybi: "Leaving"
[2009/03/31 02:07:37] <joe-mac> (this machine is a guest, and the host requires access to one specific port)
[2009/03/31 02:08:00] <joe-mac> a bunch of my firewall rules would benefit from the has_variable? function
[2009/03/31 02:08:24] <FiXion> so you control local firewall rules with puppet. neat
[2009/03/31 02:08:30] @ Quit: alban2: "A bientot"
[2009/03/31 02:09:36] <joe-mac> yep
[2009/03/31 02:09:45] <joe-mac> i have a relatively simple network environment though
[2009/03/31 02:09:50] <joe-mac> i can paste it for you, hold on
[2009/03/31 02:10:42] <joe-mac> god this barracuda ssl vpn we are piloting eats shit
[2009/03/31 02:10:55] <joe-mac> we are supposed to finally be getting a cisco, thank god
[2009/03/31 02:13:52] @ kibahop joined channel #puppet
[2009/03/31 02:15:01] @ kibahop left channel #puppet ()
[2009/03/31 02:15:38] <joe-mac> FiXion: http://www.pastie.org/432290
[2009/03/31 02:15:48] @ Quit: kolla: Read error: 113 (No route to host)
[2009/03/31 02:16:04] <joe-mac> trustednets is an array that gets filled in via the manifests that contains like our office addresses
[2009/03/31 02:16:06] <joe-mac> so we can ssh in
[2009/03/31 02:16:14] <joe-mac> or go to whatever sensuitive port
[2009/03/31 02:16:27] <joe-mac> and the restricted_tcp_ports and that jazz is defined in the node def
[2009/03/31 02:16:53] <joe-mac> the nodenets is also an array, what that is, is local nodes that connect to a specific network service, such as puppet, aptproxy, or nsca
[2009/03/31 02:17:59] <joe-mac> this template actually works freaking wonders for a simple network setup, if i could use the has_variable function i could add some more complex virtual machine stuff
[2009/03/31 02:19:00] * joe-mac still has no clue how to manage PF with this though
[2009/03/31 02:19:12] @ raphink joined channel #puppet
[2009/03/31 02:19:16] <joe-mac> i'm starting to get my OBSD vm ready hopefully i will write a kick ass module i can contribute
[2009/03/31 02:20:21] <joe-mac> my thing with OBSD is, I would use it a lot more if I had a way of automating mostly everything, and in comes puppet
[2009/03/31 02:21:01] <joe-mac> i've been a linux user for over 10 years, support or admin for like 6,so naturally it's easier for me. hoping to get to that level with OBSD.
[2009/03/31 02:21:41] @ kolla joined channel #puppet
[2009/03/31 02:23:24] <joe-mac> anyways, bed time , see ya
[2009/03/31 02:30:32] @ Quit: yure_: "Odhajam"
[2009/03/31 02:30:53] @ yure joined channel #puppet
[2009/03/31 02:32:06] @ Quit: shake-n-bake:
[2009/03/31 02:41:57] @ Quit: f3ew: Read error: 104 (Connection reset by peer)
[2009/03/31 02:46:36] @ stijnbe joined channel #puppet
[2009/03/31 02:48:43] @ Quit: MarlondB:
[2009/03/31 02:53:44] @ Djelibeybi joined channel #puppet
[2009/03/31 02:53:45] @ Quit: Djelibeybi: Remote closed the connection
[2009/03/31 02:55:58] @ Quit: claymation:
[2009/03/31 03:00:45] @ benblack is now known as benblack\|away
[2009/03/31 03:01:48] @ shake-n-bake joined channel #puppet
[2009/03/31 03:07:59] @ aymerick joined channel #puppet
[2009/03/31 03:08:08] @ Innocenti joined channel #puppet
[2009/03/31 03:15:03] @ madrescher joined channel #puppet
[2009/03/31 03:17:22] @ bgupta joined channel #puppet
[2009/03/31 03:21:42] @ f3ew joined channel #puppet
[2009/03/31 03:32:07] @ DerekW joined channel #puppet
[2009/03/31 03:36:29] @ Quit: jizquierdo: Read error: 110 (Connection timed out)
[2009/03/31 03:36:43] @ MattyM joined channel #puppet
[2009/03/31 03:40:23] @ keithlard joined channel #puppet
[2009/03/31 03:51:11] @ yarihm joined channel #puppet
[2009/03/31 03:53:27] @ friendly12345 joined channel #puppet
[2009/03/31 03:59:24] @ Quit: andrewcshafer:
[2009/03/31 04:05:30] @ tim\|mb joined channel #puppet
[2009/03/31 04:13:30] @ Quit: shake-n-bake:
[2009/03/31 04:17:22] @ Djelibeybi joined channel #puppet
[2009/03/31 04:34:29] @ Quit: Djelibeybi: "Leaving"
[2009/03/31 04:40:27] @ verwilst joined channel #puppet
[2009/03/31 04:40:32] @ mfladischer joined channel #puppet
[2009/03/31 04:49:33] @ snerd joined channel #puppet
[2009/03/31 04:59:09] @ pneff joined channel #puppet
[2009/03/31 05:09:22] @ Quit: Innocenti: Client Quit
[2009/03/31 05:17:50] <duritong> anybody knows how you can expand the bucket timeout?
[2009/03/31 05:17:55] @ Quit: keithlard:
[2009/03/31 05:18:35] @ Quit: markl_: Read error: 104 (Connection reset by peer)
[2009/03/31 05:18:57] @ Quit: markl___: Read error: 104 (Connection reset by peer)
[2009/03/31 05:18:58] @ Quit: snerd: Remote closed the connection
[2009/03/31 05:19:46] @ Quit: markl__: Read error: 104 (Connection reset by peer)
[2009/03/31 05:25:18] @ ethan_rowe joined channel #puppet
[2009/03/31 05:26:16] @ masterzen joined channel #puppet
[2009/03/31 05:35:27] @ Quit: friendly12345: Read error: 101 (Network is unreachable)
[2009/03/31 05:39:02] @ friendly12345 joined channel #puppet
[2009/03/31 05:41:34] @ tarjei joined channel #puppet
[2009/03/31 05:41:59] <tarjei> Hi, stupid question: Is it possible to move a puppetmaster w/o having to resign all the nodes?
[2009/03/31 05:42:41] <tarjei> if I have to resign all the nodes, is it just to run puppet --waitforcert again on the client or do I have to delete the old certs?
[2009/03/31 05:43:16] <tim\|mb> tarjei: if you copy the puppet ssl directory over, you shouldn't have to resign again
[2009/03/31 05:43:25] <tim\|mb> and that's not a stupid question, imho :P
[2009/03/31 05:45:08] <tarjei> hmm, but I get: Certificates were not trusted: hostname not match with the server certificate
[2009/03/31 05:45:19] <tarjei> when I try to run puppet
[2009/03/31 05:45:34] <tarjei> on the same host as the new puppetmaster
[2009/03/31 05:47:37] @ mikepea joined channel #puppet
[2009/03/31 05:48:54] <mikepea> masterzen: just discovered your blog - great work, thanks!
[2009/03/31 05:49:31] <masterzen> mikepea: thanks... I need to produce a new post, don't know the topic yet :-)
[2009/03/31 05:52:14] <Volcane> tarjei: this is why the advice from the many best practise guides - and the default settings - is to use a cname to puppet then you can move the cnames and your certnames wont need to change.
[2009/03/31 05:53:13] @ keithlard joined channel #puppet
[2009/03/31 05:55:21] <tarjei> ah rights. So then I need to recreate the ca then.
[2009/03/31 05:55:33] <tarjei> better get started :)
[2009/03/31 05:55:55] <Llama> Hom much connections puppetmasterd process in parallel ?
[2009/03/31 05:56:21] <Volcane> tarjei: but make the cname now and save yourself future hassle
[2009/03/31 05:56:50] <Volcane> Llama: on its default configuration, around 20 to 30 nodes, after that look into mongrel
[2009/03/31 05:58:28] <Volcane> Llama: http://reductivelabs.com/trac/puppet/wiki/UsingMongrel
[2009/03/31 05:58:50] @ Quit: friendly12345: Read error: 110 (Connection timed out)
[2009/03/31 06:00:22] <Llama> I run puppetd -v --no-daemonize -v --debug
[2009/03/31 06:00:35] <Llama> After: debug: Retrieving catalog
[2009/03/31 06:00:35] <Llama> debug: Calling puppetmaster.getconfig
[2009/03/31 06:01:23] <Llama> I wait for more than one minute with no news
[2009/03/31 06:01:23] <Volcane> and just sits there?
[2009/03/31 06:01:41] <Volcane> what does netstat show? ESTABLISHED or SYN_SENT to your master?
[2009/03/31 06:02:55] @ Quit: brothers: Read error: 60 (Operation timed out)
[2009/03/31 06:03:00] <tarjei> Volcane: If I understand you correctly, the cname you are talking about is a DNS cname. Is there a way(in puppet.conf) to set the subject of the ca certificate to point to that cname?
[2009/03/31 06:04:09] <Volcane> tarjei: if you remove server= from the client and certname= from the server, it will all default back to puppet - so your machines must be able to resolve 'puppet' be it via hosts or dns
[2009/03/31 06:07:44] @ brothers joined channel #puppet
[2009/03/31 06:15:26] <tarjei> Volcane: thanks
[2009/03/31 06:17:37] @ tostado joined channel #puppet
[2009/03/31 06:23:19] <tostado> hi i have a problem: puppetd is running a local puppetrun and have become really slow. half an hour ago it ran at normal speed, but now it take minutes for a local(!) run
[2009/03/31 06:23:35] <tostado> ]/nagios-server/File[/etc/nagios3] (info): Evaluated in 923.74 seconds
[2009/03/31 06:23:46] <tostado> i.e.
[2009/03/31 06:24:33] <tostado> i noticed this after installing rsyslog, but i dont think this is the problem
[2009/03/31 06:27:42] <tostado> puppetd and puppetmaster are 0.24.7-1
[2009/03/31 06:32:16] <tostado> anyone has a clue
[2009/03/31 06:41:12] <Volcane> doing lots of recursive copies or exported resources?
[2009/03/31 06:41:34] <tostado> no i didnt changed the modules
[2009/03/31 06:42:02] <tostado> Tue Mar 31 12:31:25 +0200 2009 /File[/var/lib/puppet/lib] (err): Failed to generate additional resources during transaction: Cannot access mount[plugins]
[2009/03/31 06:42:02] <tostado> Tue Mar 31 12:31:45 +0200 2009 /File[/var/lib/puppet/lib] (err): Failed to retrieve current state of resource: Cannot access mount[plugins] Could not describe /plugins: Cannot access mount[plugins]
[2009/03/31 06:42:25] <tostado> between these steps 20 secs ...
[2009/03/31 06:42:30] @ Innocenti joined channel #puppet
[2009/03/31 06:42:38] <Llama> Volcane, connection is ESTABLISHED
[2009/03/31 06:43:11] <tostado> 1h ago: between these steps not a second
[2009/03/31 06:43:19] <Volcane> Llama: how many clients?
[2009/03/31 06:43:23] <Volcane> tostado: thats very weird
[2009/03/31 06:43:31] <tostado> jip
[2009/03/31 06:45:03] <Llama> Volcane, possible 20 or 30, clients run every minute.
[2009/03/31 06:45:33] <Llama> Volcane, at hte end, puppet say: err: Configuration retrieval timed out
[2009/03/31 06:45:44] <Volcane> Llama: every minute? wtf
[2009/03/31 06:46:09] <Volcane> why so frequent?
[2009/03/31 06:46:34] <Llama> runinterval = 60
[2009/03/31 06:46:59] <Volcane> yes, obviously, but why set it to that high a frequency?
[2009/03/31 06:47:10] <Llama> Volcane, beacuse we want changes on our boxes.
[2009/03/31 06:47:51] <Volcane> right well, whatever, its a terrible idea for many reasons - puppet is very cpu intensive for one. regardless, with that many clients and that frequency you need to run the master in mongrel
[2009/03/31 06:47:54] <Llama> Generally, we commit changes to svn and puppet bring them on boxes. This take upto 2 minutes
[2009/03/31 06:48:03] <Volcane> http://reductivelabs.com/trac/puppet/wiki/UsingMongrel
[2009/03/31 06:48:14] <Llama> Volcane, Ok.
[2009/03/31 06:48:18] <Volcane> standard/default puppetmaster will not cope with that load
[2009/03/31 06:48:43] <Llama> ok
[2009/03/31 06:56:08] @ Quit: punkcut: Read error: 60 (Operation timed out)
[2009/03/31 06:58:07] <Llama> How to remove server cert on puppet client ?
[2009/03/31 06:58:19] <ssm> Llama: if you need to push changes fast, look to puppetrun
[2009/03/31 07:07:41] @ Quit: yarihm: "This computer has gone to sleep"
[2009/03/31 07:15:41] @ d3vilb0x joined channel #puppet
[2009/03/31 07:19:46] @ Quit: joe-mac: "Leaving."
[2009/03/31 07:22:43] <Llama> Should puppetmaster and apache in mongrel setup use same certs ?
[2009/03/31 07:28:42] <Volcane> yeah as per the docs
[2009/03/31 07:29:09] @ giles_ joined channel #puppet
[2009/03/31 07:30:05] <giles_> heya puppetiers
[2009/03/31 07:30:17] <giles_> bit puzzled by this bug fixed in 0.24.8
[2009/03/31 07:30:21] <giles_> http://projects.reductivelabs.com/issues/460
[2009/03/31 07:30:25] @ Quit: Innocenti: Client Quit
[2009/03/31 07:30:41] <giles_> does this mean that all our modules that use :: in the class names will stop working?
[2009/03/31 07:30:50] <giles_> we use :: in pretty much every module
[2009/03/31 07:31:41] @ yarihm joined channel #puppet
[2009/03/31 07:34:23] <giles_> sorry my bad I hadn't jumped to the 24.8 anchor
[2009/03/31 07:34:57] @ martha joined channel #puppet
[2009/03/31 07:36:02] @ Quit: d3vilb0x:
[2009/03/31 07:39:48] @ glaw joined channel #puppet
[2009/03/31 07:47:49] @ nakano_ is now known as nakano
[2009/03/31 07:50:42] @ G is now known as PeterFile
[2009/03/31 07:55:37] @ hexasoft joined channel #puppet
[2009/03/31 07:55:42] <hexasoft> hello
[2009/03/31 07:56:20] @ threetee joined channel #puppet
[2009/03/31 07:56:30] @ alban2 joined channel #puppet
[2009/03/31 07:56:32] @ threetee left channel #puppet ()
[2009/03/31 08:00:04] <hexasoft> I have a little problem:
[2009/03/31 08:00:53] <hexasoft> I have a class (let say A) in a file that is imported (if I change the name of the file puppetd claims an error).
[2009/03/31 08:01:26] <hexasoft> In the profile of a node, a class B uses "notify => Class[A]"
[2009/03/31 08:02:22] <hexasoft> and I get the message: warning: Configuration could not be instantiated: Could not find dependent Class[A] for <something inside class B> at /etc/puppet/manifests/classes/<my profile>
[2009/03/31 08:02:43] <Volcane> do you 'include a' anywhere?
[2009/03/31 08:02:52] <Volcane> not just import a
[2009/03/31 08:02:55] <hexasoft> nop, just "import"
[2009/03/31 08:03:02] <Volcane> import != include
[2009/03/31 08:03:05] <Volcane> they're 2 different things
[2009/03/31 08:03:19] <Volcane> import puts it in the scope, so it could potentially be found when needed
[2009/03/31 08:03:23] <hexasoft> if I include it, will it be executed?
[2009/03/31 08:03:27] <Volcane> include says actually put it on the box
[2009/03/31 08:03:33] <Volcane> include satisfies the dependency
[2009/03/31 08:03:58] <hexasoft> because class A should not be executed if not "notified"
[2009/03/31 08:04:15] <Volcane> include doesnt execute it
[2009/03/31 08:04:23] <Volcane> well, generally
[2009/03/31 08:04:33] <hexasoft> :)
[2009/03/31 08:04:36] <Volcane> only exec and maybe a few others supports the run only if notified construct
[2009/03/31 08:04:52] <Volcane> other classes run when included thats just how puppets designed
[2009/03/31 08:05:14] <hexasoft> ok. btw this class just contains a "exec".
[2009/03/31 08:06:00] <Volcane> then set the exec to refreshonly => true
[2009/03/31 08:06:01] @ Quit: eythian: Read error: 104 (Connection reset by peer)
[2009/03/31 08:06:16] <hexasoft> in fact I created this because I have a conditionnal execution that is duplicated, so I want to factorize the code.
[2009/03/31 08:06:29] @ eythian joined channel #puppet
[2009/03/31 08:06:30] <hexasoft> Volcane: thks. I try this.
[2009/03/31 08:06:43] @ bajan joined channel #puppet
[2009/03/31 08:06:47] <Volcane> refreshonly execs will only run when notified or when something it requires changes
[2009/03/31 08:07:41] @ jmslagle joined channel #puppet
[2009/03/31 08:14:13] @ threetee_ joined channel #puppet
[2009/03/31 08:16:48] <Llama> thanx a lot, mongrell works very well!
[2009/03/31 08:17:37] @ threetee joined channel #puppet
[2009/03/31 08:17:42] @ threetee left channel #puppet ()
[2009/03/31 08:29:25] @ rgsteele\|\|work joined channel #puppet
[2009/03/31 08:30:06] <rgsteele\|\|work> I have two puppets that are making calls out to a database across the internet, over a VPN tunnel. These boxes always seem to grind to a halt with OOM's due to puppetd.
[2009/03/31 08:30:12] <rgsteele\|\|work> I have timeouts on all the execs that reach out to outside resources, and they do get tripped, but it doesn't seem to make a difference.
[2009/03/31 08:30:37] <rgsteele\|\|work> Puppet runs at 99% on at least one core all the time on all my boxes, but these are the only ones who can't seem to handle it.
[2009/03/31 08:31:35] <rgsteele\|\|work> I don't know if it's because the VPN connection hiccups and Puppet can't recover from that gracefully, or if the timeouts aren't really doing what I intend, or what. Any thoughts? Running debug and trace don't seem to yield anything - puppetd never crashes, it just hangs forever, and locks up the box.
[2009/03/31 08:31:58] <rgsteele\|\|work> I'm using 0.24.8 btw, but this seemed to happen with 0.24.6 as well.
[2009/03/31 08:33:03] <rgsteele\|\|work> These boxes aren't wimpy either - 4GB of RAM. And this is happening during the middle of the night, when there's very little activity on them.
[2009/03/31 08:33:14] <rgsteele\|\|work> Both 64bit quad-core Xeon's.
[2009/03/31 08:34:37] @ Quit: f3ew: Read error: 113 (No route to host)
[2009/03/31 08:34:44] @ Quit: threetee_: Read error: 110 (Connection timed out)
[2009/03/31 08:35:16] @ f3ew joined channel #puppet
[2009/03/31 08:49:09] @ d3vilb0x joined channel #puppet
[2009/03/31 08:50:06] @ bajan left channel #puppet ()
[2009/03/31 08:55:17] @ MarlondB joined channel #puppet
[2009/03/31 08:58:18] @ kibahop joined channel #puppet
[2009/03/31 09:02:53] @ kibahop left channel #puppet ()
[2009/03/31 09:09:19] @ tostado left channel #puppet ()
[2009/03/31 09:09:20] @ joe-mac joined channel #puppet
[2009/03/31 09:10:48] @ jharmo2 joined channel #puppet
[2009/03/31 09:11:14] @ Quit: kolla: Remote closed the connection
[2009/03/31 09:17:04] @ PeterFile is now known as G
[2009/03/31 09:17:50] <hexasoft> an other question: I'm on a RHEL5 64bit, and I trigger a service autofs with "ensure => running"
[2009/03/31 09:18:24] <hexasoft> if it is still running, I get err: //Node[ccwl1024.in2p3.fr]/select_config_sl/automount/Service[autofs]/ensure: change from stopped to running failed: Execution of '/sbin/service autofs start' returned 1: Starting automount: automount: program is already running.
[2009/03/31 09:18:49] @ erm_ joined channel #puppet
[2009/03/31 09:19:19] <hexasoft> is there any way to prevent this? I think it was supposed to check before trying to run "start", no?
[2009/03/31 09:19:45] <fsweetser> do you have 'hasstatus => true'?
[2009/03/31 09:20:06] <hexasoft> oh! I guess no.
[2009/03/31 09:20:14] @ jizquierdo joined channel #puppet
[2009/03/31 09:20:16] <hexasoft> I check that, thanks.
[2009/03/31 09:20:21] <fsweetser> no prob
[2009/03/31 09:22:19] @ threetee_ joined channel #puppet
[2009/03/31 09:24:23] @ Quit: madrescher: Read error: 110 (Connection timed out)
[2009/03/31 09:25:32] @ madrescher joined channel #puppet
[2009/03/31 09:28:19] @ Quit: chillitom: Remote closed the connection
[2009/03/31 09:31:18] <hexasoft> fsweetser: it was that. corrected.
[2009/03/31 09:32:14] @ lak joined channel #puppet
[2009/03/31 09:34:01] <lludwig> hey all is there a way to get the module folder location via a variable in puppet?
[2009/03/31 09:35:12] @ Quit: threetee_: Read error: 60 (Operation timed out)
[2009/03/31 09:42:15] <Volcane> lludwig: using environments is the only way
[2009/03/31 09:42:21] <Volcane> http://reductivelabs.com/trac/puppet/wiki/UsingMultipleEnvironments
[2009/03/31 09:42:26] <Volcane> afaik
[2009/03/31 09:49:47] @ andrewcshafer joined channel #puppet
[2009/03/31 09:51:38] @ andrewcshafer_ joined channel #puppet
[2009/03/31 09:51:39] @ Quit: andrewcshafer: Read error: 104 (Connection reset by peer)
[2009/03/31 09:54:02] @ Bass10 joined channel #puppet
[2009/03/31 09:55:28] @ cwebber joined channel #puppet
[2009/03/31 10:01:14] @ fcrippa joined channel #puppet
[2009/03/31 10:02:03] <lludwig> Volcane: yea that does not help me
[2009/03/31 10:02:10] <lludwig> I need the path for a generate function
[2009/03/31 10:03:19] @ markl_ joined channel #puppet
[2009/03/31 10:08:42] @ mfoster1 joined channel #puppet
[2009/03/31 10:08:48] @ Quit: glaw: ""Remember, information is not knowledge, knowledge is not wisdom, wisdom is not truth, truth is not beauty, beauty is not lov
[2009/03/31 10:10:14] <Volcane> lludwig: ah i see, i miss-read your question sorry
[2009/03/31 10:10:28] @ Quit: exit237: "ZNC - http://znc.sourceforge.net"
[2009/03/31 10:17:48] @ mib_kic5hp joined channel #puppet
[2009/03/31 10:18:52] @ Quit: mib_kic5hp: Client Quit
[2009/03/31 10:18:59] @ nakano is now known as nakano_
[2009/03/31 10:26:05] @ Quit: jharmo2:
[2009/03/31 10:27:06] @ jharmo2 joined channel #puppet
[2009/03/31 10:28:19] @ Quit: jharmo2: Client Quit
[2009/03/31 10:28:55] @ Quit: Bass10: Read error: 104 (Connection reset by peer)
[2009/03/31 10:29:10] @ Bass10 joined channel #puppet
[2009/03/31 10:30:00] @ Quit: Bass10: SendQ exceeded
[2009/03/31 10:30:26] @ Bass10 joined channel #puppet
[2009/03/31 10:33:11] @ jharmo2 joined channel #puppet
[2009/03/31 10:34:50] @ Quit: aZaFred:
[2009/03/31 10:39:24] @ jief- joined channel #puppet
[2009/03/31 10:40:33] <jief-> ive activated reports on my clients. but I keep getting this error: err: Reporting failed: wrong header line format
[2009/03/31 10:40:37] @ nakano_ is now known as nakano
[2009/03/31 10:40:39] <jief-> im running 0.24.8
[2009/03/31 10:41:07] <jief-> is this a configuration error?
[2009/03/31 10:43:41] <jamesturnbull> jief-: what's in your puppet.conf?
[2009/03/31 10:44:13] <jief-> on the clients, in the [puppetd] section, i have report = true
[2009/03/31 10:44:16] <jief-> it sends to $server
[2009/03/31 10:44:30] <jief-> ill pastebin puppet.conf from the server
[2009/03/31 10:45:27] <jief-> http://pastebin.ca/1377939
[2009/03/31 10:46:15] <jamesturnbull> jief-: by defualt there are no reports called daily and security
[2009/03/31 10:46:26] <jamesturnbull> jief-: only the ones at wiki:ReportReference
[2009/03/31 10:46:26] <gepetto> jamesturnbull: jief-: wiki:ReportReference is http://reductivelabs.com/trac/puppet/wiki/ReportReference
[2009/03/31 10:46:34] <jamesturnbull> jief-: the doco us poor there - I will fix now
[2009/03/31 10:46:46] <jief-> ya it is
[2009/03/31 10:46:58] <jief-> in fact, i find most documentation stored in wikis is
[2009/03/31 10:47:08] <jief-> by the way, we just ordered your book
[2009/03/31 10:47:20] <jief-> since we're 15 about to start using it, it will come in handy
[2009/03/31 10:47:43] <jamesturnbull> jief-: okay I fixed that page
[2009/03/31 10:48:11] <jamesturnbull> gepetto: seen nasrat
[2009/03/31 10:48:11] <gepetto> jamesturnbull: nasrat was last seen 4 days, 20 hours, 47 minutes and 45 seconds ago, quitting IRC ()
[2009/03/31 10:48:22] @ Quit: maxagaz: No route to host
[2009/03/31 10:49:05] <jief-> jamesturnbull: ok so ive got those 4 standard ones defined under reports in [puppetmasterd]
[2009/03/31 10:49:10] <jief-> but im still getting that error
[2009/03/31 10:51:32] <jamesturnbull> jief-: you restarted the master?
[2009/03/31 10:52:02] <jief-> yup
[2009/03/31 10:52:04] <gepetto> ::trac:: Reports And Reporting edited by jamtur01 @ http://reductivelabs.com/trac/puppet/wiki/ReportsAndReporting (by james@lovedthanlost.net)
[2009/03/31 10:52:59] @ kambiz_away is now known as kambiz
[2009/03/31 10:53:37] <jamesturnbull> jief-: okay that's weird - I've never seen that error - wrong header line format feels like some kind of HTTP error
[2009/03/31 10:54:07] @ Quit: tim\|mb:
[2009/03/31 10:54:16] <jief-> jamesturnbull: np. ill investigate this further later
[2009/03/31 10:54:25] <jief-> jamesturnbull: does your book talk about the operational side of Puppet?
[2009/03/31 10:54:36] <jamesturnbull> jief-: define operational?
[2009/03/31 10:54:45] <jief-> how you move a config set from one environment to another?
[2009/03/31 10:54:52] <jief-> i.e. dev -> staging -> prod
[2009/03/31 10:54:58] <jamesturnbull> jief-: it's a very broad introduction - and no not specifically that
[2009/03/31 10:55:01] <jamesturnbull> 2nd edition will
[2009/03/31 10:55:05] <jief-> kk
[2009/03/31 10:55:16] <jief-> ok, ill be back later. got one of them meeting hehe.
[2009/03/31 10:55:20] <jamesturnbull> jief-: ping lak
[2009/03/31 10:55:24] <jamesturnbull> jief-: or andrewshafer
[2009/03/31 10:55:29] <jamesturnbull> if you need help
[2009/03/31 10:55:35] * jamesturnbull is off to sleep
[2009/03/31 11:00:29] @ hessml\|away joined channel #puppet
[2009/03/31 11:14:23] @ hexasoft left channel #puppet ()
[2009/03/31 11:15:07] @ hessml\|away is now known as hessml\|away\|away
[2009/03/31 11:15:51] @ benblack\|away is now known as benblack
[2009/03/31 11:21:02] @ glaw joined channel #puppet
[2009/03/31 11:23:26] @ tim\|mb joined channel #puppet
[2009/03/31 11:27:30] @ Quit: mikepea: Read error: 104 (Connection reset by peer)
[2009/03/31 11:27:32] @ mikepea_ joined channel #puppet
[2009/03/31 11:31:31] @ Quit: toi: Read error: 110 (Connection timed out)
[2009/03/31 11:33:04] @ alfism joined channel #puppet
[2009/03/31 11:35:04] @ Quit: verwilst: "Ex-Chat"
[2009/03/31 11:37:00] @ Agrajag^ joined channel #puppet
[2009/03/31 11:37:52] @ Quit: lak:
[2009/03/31 11:38:14] @ claymation joined channel #puppet
[2009/03/31 11:38:52] @ Quit: stijnbe: Remote closed the connection
[2009/03/31 11:39:14] @ stijnbe joined channel #puppet
[2009/03/31 11:40:16] @ Quit: mfladischer: "Ex-Chat"
[2009/03/31 11:42:43] @ tuf8 joined channel #puppet
[2009/03/31 11:43:31] @ hessml\|away\|away is now known as hessml\|away
[2009/03/31 11:48:14] @ shake-n-bake_ joined channel #puppet
[2009/03/31 11:49:12] @ Quit: pneff:
[2009/03/31 11:50:37] @ axisys joined channel #puppet
[2009/03/31 11:51:00] @ Quit: londo_: Remote closed the connection
[2009/03/31 11:51:33] @ Quit: fcrippa: "Leaving"
[2009/03/31 11:52:21] <masterzen> gepetto: seen lak
[2009/03/31 11:52:21] <gepetto> masterzen: lak was last seen 14 minutes and 28 seconds ago, quitting IRC ()
[2009/03/31 11:53:52] @ Quit: Agrajag`: Read error: 110 (Connection timed out)
[2009/03/31 11:54:10] @ londo_ joined channel #puppet
[2009/03/31 11:57:08] @ stijnbe_ joined channel #puppet
[2009/03/31 11:57:56] @ Quit: stijnbe: Read error: 113 (No route to host)
[2009/03/31 11:58:01] @ punkcut joined channel #puppet
[2009/03/31 11:58:32] @ aZaFred joined channel #puppet
[2009/03/31 12:00:51] @ benblack is now known as benblack\|away
[2009/03/31 12:00:58] @ lak joined channel #puppet
[2009/03/31 12:03:32] @ benblack\|away is now known as benblack
[2009/03/31 12:03:41] @ Quit: punkcut: Read error: 104 (Connection reset by peer)
[2009/03/31 12:04:31] @ Quit: aZaFred:
[2009/03/31 12:08:17] @ Quit: benblack: "Leaving..."
[2009/03/31 12:16:51] @ kambiz is now known as kambiz_away
[2009/03/31 12:21:59] @ Quit: DerekW: Read error: 104 (Connection reset by peer)
[2009/03/31 12:22:43] @ aZaFred joined channel #puppet
[2009/03/31 12:24:50] @ nevele joined channel #puppet
[2009/03/31 12:26:35] @ Quit: axisys: Read error: 110 (Connection timed out)
[2009/03/31 12:30:33] @ MarlondB left channel #puppet ()
[2009/03/31 12:32:15] @ Quit: masterzen: "Leaving"
[2009/03/31 12:35:30] @ Quit: tim\|mb: Read error: 110 (Connection timed out)
[2009/03/31 12:35:32] @ nigelk joined channel #puppet
[2009/03/31 12:39:24] <MrHeavy> puppetdoc keeps trying to bomb out when I try to generate RDoc documentation, giving me "can't convert nil into String"
[2009/03/31 12:39:32] <MrHeavy> --debug is zero help
[2009/03/31 12:39:34] <MrHeavy> Any ideas?
[2009/03/31 12:40:38] <MrHeavy> D'oh, got the --trace option
[2009/03/31 12:42:13] @ Quit: glaw:
[2009/03/31 12:44:28] @ stevenjenkins joined channel #puppet
[2009/03/31 12:45:06] <nigelk> the deb maintainers don't happen to be around at the moment?
[2009/03/31 12:45:15] * nigelk starts stalking
[2009/03/31 12:49:39] @ Quit: alfism: "Connection reset by beer"
[2009/03/31 12:50:52] @ unxfrek joined channel #puppet
[2009/03/31 12:55:14] @ benblack joined channel #puppet
[2009/03/31 12:55:28] @ chillitom joined channel #puppet
[2009/03/31 12:56:12] @ Quit: shake-n-bake_: Read error: 110 (Connection timed out)
[2009/03/31 12:56:29] @ Quit: andrewcshafer_:
[2009/03/31 12:57:18] @ Quit: mikepea_: Read error: 60 (Operation timed out)
[2009/03/31 12:57:38] @ shake-n-bake_ joined channel #puppet
[2009/03/31 12:58:15] @ d3vilb0x_ joined channel #puppet
[2009/03/31 13:11:47] @ ezmob joined channel #puppet
[2009/03/31 13:12:30] @ Quit: ijcd_:
[2009/03/31 13:14:29] @ ijcd joined channel #puppet
[2009/03/31 13:14:54] @ Quit: d3vilb0x: Read error: 110 (Connection timed out)
[2009/03/31 13:15:38] @ Quit: shake-n-bake_: Read error: 110 (Connection timed out)
[2009/03/31 13:20:44] @ Quit: lak:
[2009/03/31 13:23:49] @ Quit: alban2: Read error: 110 (Connection timed out)
[2009/03/31 13:25:49] @ shake-n-bake joined channel #puppet
[2009/03/31 13:27:31] @ hessml\|away is now known as hessml\|away\|away
[2009/03/31 13:33:15] @ toi joined channel #puppet
[2009/03/31 13:37:21] @ alfism joined channel #puppet
[2009/03/31 13:45:02] @ Quit: shake-n-bake: Read error: 110 (Connection timed out)
[2009/03/31 13:45:13] @ shake-n-bake joined channel #puppet
[2009/03/31 13:46:23] @ hessml\|away\|away is now known as hessml\|away
[2009/03/31 13:47:48] @ Quit: benblack: Excess Flood
[2009/03/31 13:48:06] @ benblack joined channel #puppet
[2009/03/31 13:53:28] @ Quit: MattyM: "ta ta"
[2009/03/31 13:53:43] @ lak joined channel #puppet
[2009/03/31 13:57:52] @ shake-n-bake_ joined channel #puppet
[2009/03/31 13:58:42] @ kibahop joined channel #puppet
[2009/03/31 13:58:47] @ kibahop left channel #puppet ()
[2009/03/31 14:00:13] @ Quit: jief-: "Lost terminal"
[2009/03/31 14:03:25] @ Quit: stijnbe_: "Leaving..."
[2009/03/31 14:04:34] @ benblack is now known as benblack\|away
[2009/03/31 14:06:31] @ stijnbe joined channel #puppet
[2009/03/31 14:06:52] @ Quit: shake-n-bake: Read error: 110 (Connection timed out)
[2009/03/31 14:17:56] @ Quit: ijcd: Read error: 110 (Connection timed out)
[2009/03/31 14:20:44] @ Quit: unxfrek: Read error: 60 (Operation timed out)
[2009/03/31 14:21:07] @ Quit: shake-n-bake_:
[2009/03/31 14:23:43] @ Quit: sunoano: "Leaving."
[2009/03/31 14:28:02] @ unxfrek joined channel #puppet
[2009/03/31 14:28:06] @ hacim joined channel #puppet
[2009/03/31 14:29:15] <hacim> i'm trying to set some directory permissions, can I do these recursively? like file { "/var/www": mode => 0755, owner => www-data, group www-data, recurse => true } and all directories and files beneath will have them?
[2009/03/31 14:29:53] @ hessml\|away is now known as hessml\|away\|away
[2009/03/31 14:39:35] @ Quit: giles_: Read error: 60 (Operation timed out)
[2009/03/31 14:39:49] @ benblack\|away is now known as benblack
[2009/03/31 14:43:20] @ Quit: unxfrek: "Leaving"
[2009/03/31 14:43:38] @ andrewcshafer joined channel #puppet
[2009/03/31 14:59:19] @ maxagaz joined channel #puppet
[2009/03/31 15:00:36] <lak> hacim: yes
[2009/03/31 15:00:45] <lak> and if you leave off the x bits, puppet will add them for directories
[2009/03/31 15:01:50] <tim\|imac> lak: is the x added for user, group and other?
[2009/03/31 15:02:02] <lak> anywhere there's a read bit
[2009/03/31 15:02:08] <tim\|imac> ah cool
[2009/03/31 15:02:09] <Volcane> lak: i know you dont read -users generally, but I thought I'd point to a post i posted some time ago about how i handle external data might be of some interest http://groups.google.com/group/puppet-users/browse_thread/thread/6d1d15029b085c7d/995c34073003d9e3?lnk=gst&q=pienaar#995c34073003d9e3
[2009/03/31 15:02:10] @ Quit: nevele: "Wow! A bug?"
[2009/03/31 15:02:26] <lak> i generally do read it, just not frequently :)
[2009/03/31 15:02:30] <Volcane> heh
[2009/03/31 15:03:23] <lak> cool, so it's pretty similar to what i was proposing, but it sounds like you've just got a single file for data?
[2009/03/31 15:03:36] <Volcane> i use csv's just cos its easy
[2009/03/31 15:03:42] <Volcane> but could ofcourse be whatever u want
[2009/03/31 15:03:46] <lak> right
[2009/03/31 15:03:56] <Volcane> i just like that i can define a search list per site to whatever that site needs
[2009/03/31 15:04:10] <lak> yeah, the search list seems pretty important
[2009/03/31 15:04:13] @ Quit: TedC: "Leaving"
[2009/03/31 15:04:18] <lak> have a good default, but allow it to be tuned per module, i'd think
[2009/03/31 15:04:22] <Volcane> so i have: common.csv,domain_nephilim.ml.org.csv, location_hetzner.csv
[2009/03/31 15:04:30] <Volcane> and $extlookup_precedence = ["%{fqdn}", "location_%{location}", "domain_%{domain}", "common"]
[2009/03/31 15:04:38] <lak> ok, so those point to different files
[2009/03/31 15:04:43] <lak> but the files are all cross-module?
[2009/03/31 15:04:44] <Volcane> yes
[2009/03/31 15:04:47] @ mikepea joined channel #puppet
[2009/03/31 15:05:03] @ Quit: maxagaz: "Leaving"
[2009/03/31 15:05:05] <Volcane> extlookup("foo") literally just searches through them in the order of the $extlookup_precedence
[2009/03/31 15:05:06] <lak> that is, you don't have a single file per module, you'd have a file per site, and then modify the file per domain or whatever?
[2009/03/31 15:05:14] @ Quit: keithlard:
[2009/03/31 15:05:17] <Volcane> yup
[2009/03/31 15:05:49] <Volcane> but if there was something like $modulename I could use that to similate what u discuss in extlookup_precedence
[2009/03/31 15:06:20] <lak> is there anything about the solution i proposed that you don't like?
[2009/03/31 15:06:46] <Volcane> its good, but for me its not about a modules data its about a site or locations data
[2009/03/31 15:06:53] <Volcane> so not sure it would map into my needs
[2009/03/31 15:08:05] <Volcane> scenario i wrote it for is a client has std modules but will have kit in 10s or 100s of locations, and i got sick of massive case statements
[2009/03/31 15:08:14] <Volcane> so i hacked that up, and I'm really++ happy with it
[2009/03/31 15:08:26] <Volcane> cut out 100s of lines of junk case statements out of my modules
[2009/03/31 15:08:44] <Volcane> and ultimately made it all a whole lot more configurable rather than hardcoded
[2009/03/31 15:09:56] @ Quit: ezmob: "Bye!"
[2009/03/31 15:19:07] @ markl__ joined channel #puppet
[2009/03/31 15:20:00] <lak> well, in this case you'd have a data directory per location
[2009/03/31 15:20:18] @ siezer joined channel #puppet
[2009/03/31 15:21:24] <Volcane> or per country or per domain etc?
[2009/03/31 15:21:28] @ markl___ joined channel #puppet
[2009/03/31 15:21:35] <Volcane> let me read your mail again
[2009/03/31 15:22:36] <Volcane> yeah, would be equiv if we can have the search path thing
[2009/03/31 15:22:51] <Volcane> though i have some other data lookup jobbies too
[2009/03/31 15:23:11] <lak> if you could reply to the thread with this, i'd appreciate it
[2009/03/31 15:23:15] <Volcane> box.your.com,facter,latest
[2009/03/31 15:23:19] <lak> kinda surprised it's gotten no real reply yet
[2009/03/31 15:23:29] <Volcane> package{"facter": ensure => csvlookup("facter", "present")
[2009/03/31 15:23:34] <Volcane> }
[2009/03/31 15:23:52] <lak> ah
[2009/03/31 15:23:53] <Volcane> so...if i wanted to update facter on a box, i just drop the box name into the csv
[2009/03/31 15:24:00] <Volcane> else it defaults back to "present" :)
[2009/03/31 15:24:49] <Volcane> and i was toying with coding a similar hardcoded default into my extlookup thing as described above
[2009/03/31 15:24:51] @ rmiller4pi8 joined channel #puppet
[2009/03/31 15:24:56] <Volcane> so manifests can hardcode defaults, but the data files can override
[2009/03/31 15:24:56] @ Quit: yarihm: "This computer has gone to sleep"
[2009/03/31 15:26:01] <Volcane> so, something like: $snmp_contact = extlookup("snmp_contact", "root")
[2009/03/31 15:26:13] <Volcane> so if i dont define snmp_contact anywhere it would just say root and move on
[2009/03/31 15:26:17] @ Quit: mikepea:
[2009/03/31 15:26:17] <lak> right
[2009/03/31 15:26:53] <Volcane> this ofcourse will tie in awesomely with a web ui, but thats for one day whne i am very bored :P
[2009/03/31 15:27:35] @ shenson joined channel #puppet
[2009/03/31 15:28:36] <lak> yeah
[2009/03/31 15:28:42] <shenson> what is the proper way to move a puppet client to a new puppet master?
[2009/03/31 15:28:57] <Volcane> coded defaults in the manifest though i think is pretty important if you ever get to the point of sharing modules far and wide, and once theres a standard way to get ext data
[2009/03/31 15:29:28] @ Quit: bolt: Read error: 110 (Connection timed out)
[2009/03/31 15:31:00] <lak> my later email instead pointed to the module shipping with a default data file
[2009/03/31 15:31:09] <lak> which is essentially equivalent, but it's not in the actual manifest
[2009/03/31 15:31:12] @ verwilst joined channel #puppet
[2009/03/31 15:31:30] <Volcane> yeah
[2009/03/31 15:31:32] @ Quit: d3vilb0x_:
[2009/03/31 15:31:48] <Volcane> well I still finding it pretty much impossible to sync even simple modules 100% between my clients
[2009/03/31 15:31:59] <Volcane> so its all a pipe dream, sites are just too different
[2009/03/31 15:32:37] <Volcane> and SCM tools suck too much
[2009/03/31 15:32:47] <Volcane> and clients dont have the dicipline etc :)
[2009/03/31 15:34:29] <Volcane> anyway, external data is a problem that will have to be solved, ideally what you deliver should have a plugin architecture
[2009/03/31 15:34:54] <Volcane> so i can write a simple plugin to retrieve the data from something other than yaml
[2009/03/31 15:35:00] <Volcane> to tie in with existing cmdbs etc
[2009/03/31 15:35:37] <jrojas> \
[2009/03/31 15:38:11] <rmiller4pi8> quick question on the user module if one of you has a sec: so i declare users in uservirtual and then realize them, which seems to execute useradd.....so how do i take them away or override in a subclass? is there some equivalent to ensure => absent ?
[2009/03/31 15:41:08] <Volcane> rmiller4pi8: class user::foo inherits users::virt { User["foo"]: { ensure => absent } }
[2009/03/31 15:41:20] <Volcane> rmiller4pi8: though my syntax is no doubt off, but the wiki isnt responding :P
[2009/03/31 15:41:45] <Volcane> rmiller4pi8: but essentially users::virt makes the virtual users, user::foo is the one you want to be absent
[2009/03/31 15:41:59] <Volcane> rmiller4pi8: when you inherit from the virt one you can override the user
[2009/03/31 15:43:40] @ mikepea joined channel #puppet
[2009/03/31 15:43:46] @ bolt joined channel #puppet
[2009/03/31 15:49:18] <rmiller4pi8> Volcane: ah, got it, i was thinking of some kind of opposite for realize, rather than at the higher level
[2009/03/31 15:50:06] @ Quit: f3ew: Read error: 104 (Connection reset by peer)
[2009/03/31 15:51:05] @ f3ew joined channel #puppet
[2009/03/31 15:53:09] <rmiller4pi8> Volcane: just some general feedback about the user module (and no, I'm not sure offhand what the right way to implement this would be): just doing useradd seems to violate some of the declarative mindset of puppet, e.g. when a user is added, the homedir will be created, but if the homedir is changed, the new one will not be created
[2009/03/31 15:54:30] <Volcane> rmiller4pi8: interesting, you can file feature requests at projects.reductivelabs.com if you want, I'm just a user of puppet not a coder :)
[2009/03/31 15:54:57] <rmiller4pi8> Volcane: you're always so knowledgeable I assumed you were one of the principals
[2009/03/31 15:55:25] @ sc0ttB joined channel #puppet
[2009/03/31 15:55:35] <Volcane> :) nah, dont know enough ruby yet, and dont have time to keep up with the large changes they're currently making to get stuck into coding some internals :(
[2009/03/31 15:57:08] * sc0ttB has a puppet CA problem...
[2009/03/31 15:57:37] <sc0ttB> how can I get rid of a a faulty CA install and start from scratch again?
[2009/03/31 15:57:48] <Volcane> sc0ttB: /var/lib/puppet/ssl/ on the master
[2009/03/31 15:58:02] <sc0ttB> right... can I just remove all files in there?
[2009/03/31 15:58:06] <nico> puppetca --clean ?
[2009/03/31 15:58:29] <Volcane> yeah shut it, and nuke everything there, that'll start both the master and the client on that machine with a clean slate, and break all your clients previously signed by that ca
[2009/03/31 15:59:16] <Volcane> so be sure thats what u want :)
[2009/03/31 15:59:28] <sc0ttB> when I remove all files, restart the master I get the "certificate verify failed" problem
[2009/03/31 15:59:49] <sc0ttB> I actually do want to break all my old clients
[2009/03/31 16:00:10] <Volcane> ok, so then u need to do similar on the client, and reissue certs
[2009/03/31 16:00:40] <sc0ttB> I get that error on the puppetmaster (when I start puppetd)
[2009/03/31 16:00:44] @ Quit: aymerick:
[2009/03/31 16:01:45] <sc0ttB> openssl verify works as expected
[2009/03/31 16:01:52] <Volcane> sc0ttB: hmm, thats from the very first time u run puppetd? it didndt ask u to sign or anything?
[2009/03/31 16:02:09] <sc0ttB> second time
[2009/03/31 16:02:14] <sc0ttB> after I re-sign
[2009/03/31 16:02:32] <Volcane> ok, and are you doing anything funky with certname and server in your configs?
[2009/03/31 16:02:50] <sc0ttB> no... it does suggest that I do that though
[2009/03/31 16:03:00] <sc0ttB> " Certificate validation failed; considering using the certname configuration option"
[2009/03/31 16:03:19] <Volcane> so you're just talking to the machine called 'puppet' etc? you added cnames and all that?
[2009/03/31 16:04:41] <sc0ttB> yes
[2009/03/31 16:05:03] <sc0ttB> the hostname of the puppetmaster is "puppet.my.dom.ain"
[2009/03/31 16:05:19] <Volcane> sc0ttB: hmm, well that error can mean a ton of things though, I've seen it even in cases where i had time skews :(
[2009/03/31 16:05:29] <Volcane> bit of a bitch to track down sometimes
[2009/03/31 16:05:45] <sc0ttB> but it's the same server... so the time is the same
[2009/03/31 16:05:54] <Volcane> yeah, i am just saying there are many causes
[2009/03/31 16:05:55] <sc0ttB> I hope ;)
[2009/03/31 16:05:59] <Volcane> and the error is shit :P
[2009/03/31 16:06:05] <sc0ttB> ok... lemme poke around a bit more
[2009/03/31 16:07:08] <sc0ttB> is there some sort of cache for files hosted by the puppetmaster?
[2009/03/31 16:09:06] @ grey- joined channel #puppet
[2009/03/31 16:10:14] <Volcane> doubt it
[2009/03/31 16:10:20] <jrojas> hmm
[2009/03/31 16:10:24] @ shenson left channel #puppet ("/me taps out")
[2009/03/31 16:14:18] @ Deesl joined channel #puppet
[2009/03/31 16:15:35] @ Quit: Deesl: Client Quit
[2009/03/31 16:18:53] @ Quit: rgsteele\|\|work: Read error: 113 (No route to host)
[2009/03/31 16:19:09] @ Quit: f3ew: Read error: 104 (Connection reset by peer)
[2009/03/31 16:19:10] <jrojas> sc0ttB: no, puppetmaster doesnt cache files afaik
[2009/03/31 16:19:27] <jrojas> actually I dont think puppetmaster does much caching
[2009/03/31 16:20:03] <jrojas> it says it caches node info, but it seems that it re-caches @every run
[2009/03/31 16:20:33] <sc0ttB> really strange...
[2009/03/31 16:21:02] <sc0ttB> I cleaned out the ssldir, all the (state) files in /var/lib/puppet that I could find
[2009/03/31 16:21:15] <sc0ttB> changed the hostname, added a "puppet.dom" cname
[2009/03/31 16:21:34] <sc0ttB> still happens when trying to grab files
[2009/03/31 16:22:12] @ Quit: stijnbe: "Leaving..."
[2009/03/31 16:23:21] @ keithlard joined channel #puppet
[2009/03/31 16:26:02] <sc0ttB> when I add a package to the node's config it actually gets installed !
[2009/03/31 16:26:23] <jrojas> clients are still trying to grab files from the old hostname?
[2009/03/31 16:26:26] <sc0ttB> but when it tries to transfer files from puppet:/// I get that error
[2009/03/31 16:26:39] <sc0ttB> it should default to puppet, no?
[2009/03/31 16:26:44] <jrojas> hm.. puppet.dom probably isnt resolved correctly
[2009/03/31 16:27:15] <sc0ttB> nslookup puppet, ping puppet both work
[2009/03/31 16:27:29] <jrojas> unless you have server specified in the puppet.conf on the client it should work
[2009/03/31 16:27:39] @ Quit: jizquierdo: Read error: 101 (Network is unreachable)
[2009/03/31 16:27:55] @ Quit: jharmo2:
[2009/03/31 16:28:20] <sc0ttB> ya, no server entry... this is very strange
[2009/03/31 16:28:35] <sc0ttB> I've set puppet up before and everything "just worked"
[2009/03/31 16:29:04] <jrojas> is there an entry in etc/hosts that needs to be removed? has the client been restarted?
[2009/03/31 16:29:10] <jrojas> (the puppet process not the host)
[2009/03/31 16:29:37] <lak> sc0ttB: did you clean out the client and server?
[2009/03/31 16:29:42] <lak> nothing is cached
[2009/03/31 16:29:50] <lak> other than the copies that both sides need to talk
[2009/03/31 16:30:54] <sc0ttB> lak: they are the same machine
[2009/03/31 16:31:11] <sc0ttB> point to the same ssldir afaict
[2009/03/31 16:31:23] <jrojas> hm..you may want to change that
[2009/03/31 16:31:27] <jrojas> ive seen problems happen
[2009/03/31 16:32:24] <jrojas> lak: ive been looking at redmine, but I cant seem to find any tickets for puppet to possibly have reporting go from client -> puppetmaster -> DB
[2009/03/31 16:32:33] <jrojas> lak: has anyone brought this up before?
[2009/03/31 16:32:42] <sc0ttB> will a [puppetd] section in /etc/puppet/puppet.conf work
[2009/03/31 16:32:47] <Volcane> jroysdon: fujin wrote some code yonks ago
[2009/03/31 16:33:00] <Volcane> sc0ttB: thats how its supposed to work :P
[2009/03/31 16:33:03] <sc0ttB> ok
[2009/03/31 16:33:13] <Volcane> sc0ttB: no more puppetd.conf files etc, all just puppet.conf
[2009/03/31 16:33:21] <jrojas> jroysdon? thats a new one....
[2009/03/31 16:33:23] <jrojas> :)
[2009/03/31 16:33:42] @ f3ew_ joined channel #puppet
[2009/03/31 16:34:01] <Volcane> jrojas: wow, i was in a different # and tab completed (and sent to the wrong # at first) then just ^w'd to this one and up arrowed
[2009/03/31 16:34:09] <Volcane> jrojas: what a mess :P anyway you got it :P
[2009/03/31 16:34:16] @ hessml\|away\|away is now known as hessml\|away
[2009/03/31 16:34:32] <sc0ttB> btw, any chance the default ca_md will become sha1 anytime soon?
[2009/03/31 16:34:59] <lak> jrojas: i don't think there is such a ticket, at this point
[2009/03/31 16:35:07] <sc0ttB> md5 has been broken for some time
[2009/03/31 16:36:02] <Volcane> you're using the term "broken" rather loosely there
[2009/03/31 16:36:29] <Volcane> I bet there's at least a 100 better ways to 0wn your architecture than faking the puppet ca
[2009/03/31 16:37:21] @ Quit: dene: SendQ exceeded
[2009/03/31 16:37:25] @ dene joined channel #puppet
[2009/03/31 16:37:34] @ Quit: Omahn: Remote closed the connection
[2009/03/31 16:39:30] @ glaw joined channel #puppet
[2009/03/31 16:41:48] @ Quit: f3ew_: Read error: 104 (Connection reset by peer)
[2009/03/31 16:45:45] @ Quit: glaw: ""Remember, information is not knowledge, knowledge is not wisdom, wisdom is not truth, truth is not beauty, beauty is not lov
[2009/03/31 16:47:34] @ silas joined channel #puppet
[2009/03/31 16:47:37] <silas> Hello all.
[2009/03/31 16:47:40] <rmiller4pi8> sc0ttB: the risk in this case would be that one of your puppet clients could forge an intermediate CA to act as a server. Without having a signed cert from the server there's no risk.
[2009/03/31 16:47:59] <rmiller4pi8> sc0ttB: but depending on the environment, I guess that sort of thing might be possible.
[2009/03/31 16:49:54] <silas> I ask a bunch of commands using exec {}. Is it possible to get the output of those commands in stdout or in the log file? --debug nor --verbose don't do that.
[2009/03/31 16:50:08] <silas> s/ask/execute/ :-)
[2009/03/31 16:51:12] <plathrop> silas: logoutput => true
[2009/03/31 16:51:30] <silas> Thank you
[2009/03/31 16:52:16] @ hessml\|away is now known as hessml\|away\|away
[2009/03/31 16:52:52] <jrojas> man, after using vim in a terminal window for so long, it is really awkward to use macvim..
[2009/03/31 16:53:56] @ Djelibeybi joined channel #puppet
[2009/03/31 16:54:47] <silas> plathrop: It seems it only logs the messages after it executed the command? Is it "real-time"?
[2009/03/31 16:54:59] <plathrop> silas: definitely not real-time
[2009/03/31 16:55:31] <silas> So it "buffers" the output.
[2009/03/31 16:56:27] <jrojas> silas: its a rails thing afaict
[2009/03/31 16:56:36] <silas> Hm, ok.
[2009/03/31 16:56:47] <silas> Sorry, I don't know anything about Ruby nor Rails. :-)
[2009/03/31 16:56:55] <silas> Thank you very much for your help.
[2009/03/31 16:56:56] <jrojas> i get the half-outputted log line all the time and i scratch my head..
[2009/03/31 16:57:59] @ Quit: toi: Read error: 110 (Connection timed out)
[2009/03/31 16:58:15] <plathrop> HRm. I don't think it has anything to do with rails
[2009/03/31 16:58:23] <silas> The problem is that I can't detect errors in my manifest in a efficient manner.
[2009/03/31 16:58:28] <plathrop> AFAIK puppet only uses rails for stored configs
[2009/03/31 16:58:29] <silas> jrojas: :-)
[2009/03/31 16:58:51] <jrojas> silas:
[2009/03/31 16:58:51] <jrojas> http://reductivelabs.com/trac/puppet/wiki/VersionControlPuppet
[2009/03/31 16:59:04] <jrojas> the pre-commit script is a life saver for me
[2009/03/31 16:59:46] <silas> I will take a look.
[2009/03/31 16:59:52] <silas> jrojas: Thank you.
[2009/03/31 17:00:39] @ Quit: lak:
[2009/03/31 17:01:15] <jrojas> silas: its straightforward, it parses the files making sure they are syntaxtually correct. on a side note, with pre/post commit hooks I was able to use hudson/cruisecontrol on a set of Xen Vms to reun tests for my manifests.
[2009/03/31 17:01:53] <jrojas> plathrop: thats interesting because it is logging the same exact way that rails apps behind mongrel log to their production.log for me
[2009/03/31 17:02:34] <plathrop> jrojas: I could be wrong. It happens occasionally
[2009/03/31 17:05:16] <silas> Well, I found my problem: it was executing commands in parallel because I didn't specify the "subscribe" option.
[2009/03/31 17:05:39] <silas> Although logs are not realtime, there is timestamp on them :-)
[2009/03/31 17:07:17] <sc0ttB> Volcane: Ron Rivest (the R in RSA) himself stated md5 is broken
[2009/03/31 17:07:33] * sc0ttB searches for the email
[2009/03/31 17:08:36] <sc0ttB> not to mention the intermediate CA problems rmiller4pi8 mentioned
[2009/03/31 17:09:06] <sc0ttB> sha1 is just a better default IMO
[2009/03/31 17:09:43] <Volcane> i agree its technically broken
[2009/03/31 17:10:08] <Volcane> but compare the feasability of breaking it with say WEP crypto
[2009/03/31 17:10:18] <Volcane> which anyone can do with even a small pc
[2009/03/31 17:10:42] <sc0ttB> http://www.win.tue.nl/~bdeweger/CollidingCertificates/
[2009/03/31 17:10:55] <jrojas> @cert.sign(@key, OpenSSL::Digest::SHA1.new) if @selfsign
[2009/03/31 17:10:59] <jrojas> ?
[2009/03/31 17:11:27] <jrojas> line 221 of lib/puppet/sslcertificates/certificate.rb
[2009/03/31 17:11:30] <Volcane> it just seems that if your biggest problem is how secure md5 is for puppets purposes that you're either in some insanely secure company, or more likely read something is "broken" and now want it fixed out of principal
[2009/03/31 17:13:06] <sc0ttB> it was a sidebar... just curious if anyone thought about changing the default
[2009/03/31 17:13:14] <Volcane> cos frankly its easier to just grab your least paid employee and pay them $50k and break you that way then go buy 10s or 100s of playstations to create a cert that collides (remembering the recent playstation thing where ppl used playstations to collide a root cert) :P
[2009/03/31 17:13:15] <jrojas> defaults.rb: :ca_md => ["md5", "The type of hash used in certificates."],
[2009/03/31 17:13:22] <jrojas> seems like it can be fixed easily?
[2009/03/31 17:13:36] <jrojas> sc0ttB: ^^
[2009/03/31 17:13:39] <Volcane> ..recent slashdot thing..
[2009/03/31 17:13:42] <sc0ttB> my real problem is that my damn CA doesn't work
[2009/03/31 17:13:48] <sc0ttB> likely my fault
[2009/03/31 17:14:22] <sc0ttB> jrojas: ya I have that in my puppet.conf
[2009/03/31 17:17:21] @ rellis__ joined channel #puppet
[2009/03/31 17:19:56] @ lak joined channel #puppet
[2009/03/31 17:22:23] <jrojas> sc0ttB: so, why isnt your ca working? are certs not being signed?
[2009/03/31 17:24:26] <sc0ttB> jrojas: getting "Certificate validation failed; considering using the certname configuration option" when it tries to transfer files from the puppetmaster
[2009/03/31 17:24:38] <sc0ttB> it being puppetd on the puppetmaster
[2009/03/31 17:24:43] <jrojas> sc0ttB: this is on the same server right?
[2009/03/31 17:24:47] <sc0ttB> yar
[2009/03/31 17:25:05] <jrojas> wht is the timestamp of the ca's creation time?
[2009/03/31 17:25:08] @ Quit: mikepea:
[2009/03/31 17:25:10] <jrojas> vs the local itme on the machine?
[2009/03/31 17:25:15] @ silas left channel #puppet ()
[2009/03/31 17:25:49] <sc0ttB> one hour before the localtime
[2009/03/31 17:26:09] <jrojas> i think by default it should be creating the CA with a day prior timestamp
[2009/03/31 17:26:59] <jrojas> sslcertificates.rb: # Make the certificate valid as of yesterday
[2009/03/31 17:27:37] @ martha left channel #puppet ()
[2009/03/31 17:27:45] <jrojas> sc0ttB: did you get the creation time from ls or from the openssl command?
[2009/03/31 17:29:17] <sc0ttB> ls
[2009/03/31 17:29:53] <sc0ttB> openssl shows GMT
[2009/03/31 17:30:08] <sc0ttB> but it is yesterday since I am in PST
[2009/03/31 17:30:18] <sc0ttB> err PDT
[2009/03/31 17:31:13] <jrojas> hm..
[2009/03/31 17:31:25] <jrojas> is /etc/hosts correct?
[2009/03/31 17:32:33] <sc0ttB> the hostname is now: puppetmaster.dom and I have a cname for puppet.dom -> puppetmaster.dom
[2009/03/31 17:32:43] <sc0ttB> .dom is in resolv.conf
[2009/03/31 17:33:06] <sc0ttB> puppetmaster.dom and puppetmaster are in /etc/hosts and point to 127.0.0.1
[2009/03/31 17:33:47] <sc0ttB> ping, nslookup for puppetmaster.dom, puppetmaster, puppet.dom and puppet all work
[2009/03/31 17:34:11] <sc0ttB> puppetmaster is listening on the default port on all interfaces (0.0.0.0)
[2009/03/31 17:35:19] <sc0ttB> I just tried changing ssldir (in the [puppetd] section) to a different dir and I get: "Certificate request does not match existing certificate; run 'puppetca --clean puppetmaster.dom"
[2009/03/31 17:35:20] <jrojas> under the [puppet] section, try changing the ca options to point to a different dir than /var/lib/puppet/ssl
[2009/03/31 17:35:26] <jrojas> ha
[2009/03/31 17:35:26] <sc0ttB> heh
[2009/03/31 17:35:40] <jrojas> so run the puppetca command
[2009/03/31 17:35:48] @ philip__1 joined channel #puppet
[2009/03/31 17:35:57] <sc0ttB> that will delete the puppeetmaster's cert I think
[2009/03/31 17:36:04] <sc0ttB> but lemme try
[2009/03/31 17:36:19] <jrojas> no, it should delete the cert req/cert for the client
[2009/03/31 17:36:49] <jrojas> which should be under /var/lib/puppet/ssl/ca/{signed,requests}
[2009/03/31 17:37:10] <sc0ttB> hrm.. ok, lemme check
[2009/03/31 17:38:31] <sc0ttB> I restarted puppetd once
[2009/03/31 17:38:41] <jrojas> so, for a client that is not running on puppetmaster, I have /var/lib/puppet/ssl/{certs,private,private_keys,public_keys}
[2009/03/31 17:38:42] <sc0ttB> there is a csr in both dirs
[2009/03/31 17:39:33] <sc0ttB> well... (puppetmaster ssldir)/ca/requests/puppetmaster.pem
[2009/03/31 17:39:45] <jrojas> thats the request from the client
[2009/03/31 17:39:49] <jrojas> puppetca --list ?
[2009/03/31 17:39:57] <jrojas> or are you autosigning?
[2009/03/31 17:40:02] <sc0ttB> yes... it shows up... lemme sign it
[2009/03/31 17:40:35] <sc0ttB> now it's in ssl/ca/signed/puppetmaster.pem
[2009/03/31 17:40:45] <sc0ttB> restarting puppetd
[2009/03/31 17:40:52] <jrojas> correct. so puppetmaster now signed the cert, puppetd should get it when it restarts
[2009/03/31 17:41:03] @ Quit: erm_: Read error: 110 (Connection timed out)
[2009/03/31 17:41:22] <sc0ttB> same prob
[2009/03/31 17:41:27] <sc0ttB> :(
[2009/03/31 17:41:42] <jrojas> odd.
[2009/03/31 17:41:53] <sc0ttB> uber odd
[2009/03/31 17:41:58] <jrojas> puppetd --vt --debug \|grep -i ssl
[2009/03/31 17:42:03] <jrojas> err -vt not --
[2009/03/31 17:42:10] <sc0ttB> yar
[2009/03/31 17:43:08] <lak> what's the issue here?
[2009/03/31 17:43:15] <jrojas> lak: you broke it.
[2009/03/31 17:43:18] <jrojas> :)
[2009/03/31 17:43:20] <lak> duh
[2009/03/31 17:43:24] <lak> but what did i break?
[2009/03/31 17:43:29] <jrojas> certs arent being signed
[2009/03/31 17:43:31] <jrojas> well
[2009/03/31 17:43:32] <jrojas> they are
[2009/03/31 17:43:33] <sc0ttB> Certificates were not trusted: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
[2009/03/31 17:43:37] <jrojas> but they arent being acceped.
[2009/03/31 17:43:45] <lak> what side of the connection is throwing that error?
[2009/03/31 17:43:51] <jrojas> client
[2009/03/31 17:43:52] <sc0ttB> puppetd
[2009/03/31 17:44:00] <sc0ttB> on the same machine ?!
[2009/03/31 17:44:06] <Volcane> the ssl libraries are crap with reporting errors :(
[2009/03/31 17:44:22] <jrojas> Volcane: agreed.
[2009/03/31 17:44:27] <sc0ttB> it is only when transfering files
[2009/03/31 17:44:41] <jrojas> sc0ttB: it shouldnt be able to do anything unless the certs are truested.
[2009/03/31 17:44:45] <jrojas> err -e
[2009/03/31 17:44:46] <sc0ttB> the signed cert gets installed in the client dir
[2009/03/31 17:45:01] <lak> sc0ttB: wait, that error is only happening when transferring files?
[2009/03/31 17:45:05] <sc0ttB> yes
[2009/03/31 17:45:07] <Volcane> sc0ttB: tcpdump and see if you're not perhaps talking to some other master
[2009/03/31 17:45:09] <lak> critical info
[2009/03/31 17:45:17] <lak> what hostname are you using for fileserving?
[2009/03/31 17:45:26] <sc0ttB> lak: I mentioned that before...
[2009/03/31 17:45:28] <lak> and is that hostname listed as one of the dns aliases in your server side cert?
[2009/03/31 17:45:30] <sc0ttB> default
[2009/03/31 17:45:35] <lak> well, i wasn't paying attention before :P
[2009/03/31 17:45:38] <sc0ttB> err "puppet"
[2009/03/31 17:45:54] <lak> and what host does your client connect to for its catalog?
[2009/03/31 17:45:54] @ walrus joined channel #puppet
[2009/03/31 17:45:57] @ walrus_ joined channel #puppet
[2009/03/31 17:45:58] <jrojas> try puppetmaster now that you cahnged the cerntname
[2009/03/31 17:46:16] <sc0ttB> wait, change what exactly?
[2009/03/31 17:46:28] @ giles joined channel #puppet
[2009/03/31 17:46:32] <jrojas> source => puppet://puppetmaster/blah/blah.file
[2009/03/31 17:46:38] <sc0ttB> ahh
[2009/03/31 17:47:17] @ Quit: philip__: Read error: 110 (Connection timed out)
[2009/03/31 17:48:09] <sc0ttB> ok I changed it from puppet:///modulename/file to puppet://puppetmaster.dom/modulename/file
[2009/03/31 17:48:24] <sc0ttB> restart puppetd... still broken
[2009/03/31 17:48:35] <jrojas> hm...
[2009/03/31 17:48:39] <jrojas> same error?
[2009/03/31 17:48:41] <sc0ttB> ya
[2009/03/31 17:48:55] <Volcane> if your cert is 'puppet' put puppet://puppet/module/file
[2009/03/31 17:50:14] <lak> sc0ttB: just to verify, you're using a different cert for your master than for your client?
[2009/03/31 17:50:20] <lak> even though they're the same host?
[2009/03/31 17:50:39] <lak> what dns aliases do you get when you run 'puppetca --print <host>' where host is the master's cert?
[2009/03/31 17:50:47] <lak> and are those the aliases you're using?
[2009/03/31 17:51:41] <sc0ttB> lak: I don't want to
[2009/03/31 17:51:52] <sc0ttB> I want to use the same cert, since they are the same host
[2009/03/31 17:51:56] <lak> ok
[2009/03/31 17:51:59] @ WALoeIII joined channel #puppet
[2009/03/31 17:52:00] <sc0ttB> but really, I don't care
[2009/03/31 17:52:03] <lak> so you haven't intentionally made them use the same cert
[2009/03/31 17:52:06] <lak> they should
[2009/03/31 17:52:09] <sc0ttB> I just want it to work :)
[2009/03/31 17:52:14] <Volcane> by default, without messing about, you get 2 certs isnt it?
[2009/03/31 17:52:17] <lak> are you setting certname on either? if so, are you setting it on both?
[2009/03/31 17:52:19] <lak> nope
[2009/03/31 17:52:20] <Volcane> master is 'puppet' cert, client is fqdn
[2009/03/31 17:52:23] <lak> nope
[2009/03/31 17:52:25] <Volcane> oh
[2009/03/31 17:52:47] <lak> puppetca is slightly magical when signing a cert for itself - it recognizes its fqdn and adds extra aliases
[2009/03/31 17:52:48] <sc0ttB> originally I hadn't set server or certname
[2009/03/31 17:52:49] <Volcane> donno all that much about the ca to be honest, i just leave it all as defaults and it works :P
[2009/03/31 17:52:59] <jrojas> Volcane: me too
[2009/03/31 17:53:03] <lak> but both sides of every connection always use the fqdn cert
[2009/03/31 17:53:15] <lak> yeah, but apparently the failure modes aren't as great as they could be :/
[2009/03/31 17:53:50] <lak> sc0ttB: well, if you're able to get the catalog but you can't fileserve, then there's some difference in how you're doing those two, and that difference is what's killing you
[2009/03/31 17:53:50] <sc0ttB> ok... I think the ssldir under [puppetd] is a mistake
[2009/03/31 17:53:55] <lak> yes
[2009/03/31 17:54:04] <lak> setting ssldir is nearly always a mistake :)
[2009/03/31 17:54:20] * sc0ttB will revert that
[2009/03/31 17:54:39] <Volcane> heh
[2009/03/31 17:55:39] <sc0ttB> ok... I'm starting with an empty ssl directory (with both client and server pointing to the same dir)
[2009/03/31 17:56:00] <lak> and no certname or server setting?
[2009/03/31 17:56:02] <sc0ttB> I have no certname or server variables set
[2009/03/31 17:56:03] <jrojas> i would remove any config options relating to ssl just for shits and giggles.
[2009/03/31 17:56:11] @ Quit: raphink: Read error: 54 (Connection reset by peer)
[2009/03/31 17:56:28] <sc0ttB> jrojas: fine, I'll remove my ca_md option :P
[2009/03/31 17:57:39] <sc0ttB> what should /etc/hosts look like?
[2009/03/31 17:57:43] @ Quit: eythian: Read error: 104 (Connection reset by peer)
[2009/03/31 17:57:53] @ eythian_ joined channel #puppet
[2009/03/31 17:57:58] <Volcane> nothing puppet related - since you did the cname or resolver order
[2009/03/31 17:58:02] <sc0ttB> nslookup resolves to the public IP but ping hits 127.0.0.1
[2009/03/31 18:00:11] @ Quit: walrus: "Leaving"
[2009/03/31 18:01:07] * sc0ttB stabs
[2009/03/31 18:02:15] <jrojas> still no worky?
[2009/03/31 18:02:20] <sc0ttB> yar
[2009/03/31 18:02:38] <jrojas> hrm
[2009/03/31 18:03:13] <lak> sc0ttB: but it's still failing just on fileserving?
[2009/03/31 18:03:24] <lak> are you using a server-side filebucket?
[2009/03/31 18:03:28] <sc0ttB> yes... it actually retrieves the file and does a diff
[2009/03/31 18:03:50] <lak> if it gets the file, then fileserving is working
[2009/03/31 18:04:00] <lak> you are using a server-side bucket, though?
[2009/03/31 18:04:03] <lak> if so, what's the hostname there?
[2009/03/31 18:05:07] <sc0ttB> not sure about the terminology
[2009/03/31 18:05:23] <jrojas> pastie your manifest where you use file bucketing
[2009/03/31 18:05:44] <sc0ttB> I've tried numerous... typically I use the default
[2009/03/31 18:05:50] <sc0ttB> file:///module/file
[2009/03/31 18:05:56] <Volcane> whats the mac irc client of choice?
[2009/03/31 18:05:57] <jrojas> filebucketing is different
[2009/03/31 18:06:03] <jrojas> irssi
[2009/03/31 18:06:05] <jrojas> :)
[2009/03/31 18:06:13] <sc0ttB> irssi +1
[2009/03/31 18:06:13] <Volcane> :(
[2009/03/31 18:06:16] <jrojas> xchat is nice
[2009/03/31 18:06:18] <jrojas> sometimes
[2009/03/31 18:06:32] <sc0ttB> adium support irc?
[2009/03/31 18:06:36] <lak> nope
[2009/03/31 18:06:37] <lak> teh suck
[2009/03/31 18:06:39] <sc0ttB> doh
[2009/03/31 18:06:44] <Volcane> jrojas: "I am currently looking for cocoa developer(s) to take over this project. Please let me know if you're interested. "
[2009/03/31 18:06:48] <Volcane> doesnt, lame.
[2009/03/31 18:06:56] <Volcane> they dont think IRC is IM
[2009/03/31 18:07:00] <Volcane> adium peeps
[2009/03/31 18:07:04] <Volcane> what freaks
[2009/03/31 18:07:05] <lak> even though it's got group chat
[2009/03/31 18:07:26] <plathrop> Volcane: If you insist on Mac-style, go with Colloquy
[2009/03/31 18:07:38] <plathrop> Volcane: I don't like it, myself, but plenty of people I know are happy with it.
[2009/03/31 18:07:41] <lak> sc0ttB: can you pastie the actual error with a stack trace (gotten with --trace on the client)
[2009/03/31 18:07:46] <Volcane> plathrop: i couldnt stand it :(
[2009/03/31 18:07:47] <plathrop> Volcane: Otherwise, irssi or MacIrssi
[2009/03/31 18:07:50] <lak> plathrop: i'm most tolerant of it
[2009/03/31 18:07:59] <lak> i dislike it least of those mac clients i've tried
[2009/03/31 18:07:59] <Volcane> plathrop: but i am sick of typing into the wrong # with irsii :P
[2009/03/31 18:08:02] <grey-> see; bitlbee gets it right - an IM client implemented as an irc daemon.
[2009/03/31 18:08:13] <grey-> <3 bitlbee.
[2009/03/31 18:08:24] <plathrop> Volcane: Ah, I don't really have that problem for some reason. Maybe not as many channels open
[2009/03/31 18:08:25] <grey-> one ssh + screen + irssi session to rule them all.
[2009/03/31 18:08:37] <jrojas> grey-: +100
[2009/03/31 18:08:46] <Volcane> plathrop: i never generally talk on more than 1 # per network, but when I do, its a complete comedy :)
[2009/03/31 18:08:58] <grey-> jrojas: for added win, use the bitlbee-otr fork. ;)
[2009/03/31 18:09:08] <grey-> jrojas: or if you like irssi; there's an otr plugin for it.
[2009/03/31 18:09:10] <nigelk> I live in around 20 IRC channels at work
[2009/03/31 18:09:15] <nigelk> irssi is the only thing that can manage that
[2009/03/31 18:09:20] <grey-> nod
[2009/03/31 18:09:42] <grey-> irssi + bitlbee-otr + irssi silc plugin gets my needs done.
[2009/03/31 18:09:46] <Volcane> i use irsii in screen, but i suck at multiple windows, mostly cos i tile my windows and not do like screen style seperation
[2009/03/31 18:09:48] <nigelk> so just so people are aware...
[2009/03/31 18:09:49] <plathrop> Yeah, I love irssi and screen
[2009/03/31 18:09:54] <Volcane> so i dont easily see whats the active window
[2009/03/31 18:09:58] <nigelk> the facter debs are being taken over by the puppet deb owners
[2009/03/31 18:10:07] <grey-> Volcane: I'm pretty happy with irssi's window management.
[2009/03/31 18:10:11] <nigelk> and andy here at google is comaintaining both
[2009/03/31 18:10:12] <kjetilho> some people configure irssi to do splitscreens with multiple channels visible at once
[2009/03/31 18:10:12] <grey-> but ymmv.
[2009/03/31 18:10:14] <nigelk> with me as an uploader
[2009/03/31 18:10:18] <Volcane> maybe i should change color of active window or something
[2009/03/31 18:10:21] <kjetilho> they tend to go #wrong
[2009/03/31 18:10:26] <nigelk> so we should be able to get debs out faster now there are more of us
[2009/03/31 18:10:32] <plathrop> nigelk: awesome
[2009/03/31 18:10:37] <Volcane> kjetilho: i am one of those :)
[2009/03/31 18:11:04] <Volcane> kjetilho: just been using this kind of split for like 15 years now, couldnt possibly get used to anything other
[2009/03/31 18:11:07] <nigelk> once we get 0.24.8 into debian experimental, we'll push for it for Karmic Koala for Ubuntu
[2009/03/31 18:11:14] <nigelk> then backport to Hardy as the last LTS release at least
[2009/03/31 18:11:48] <lak> nigelk: good to hear, thanks
[2009/03/31 18:11:57] <nigelk> no worries. pure self-interest :)
[2009/03/31 18:12:30] <pastie> lak: http://pastie.org/433152 by sc0ttB.
[2009/03/31 18:12:58] <lak> sc0ttB: yep, that's a filebucket problem
[2009/03/31 18:13:05] <lak> what does your filebucket code look like?
[2009/03/31 18:13:21] <lak> you've got filebucket { puppet: server => "something.broken.com" } or something, somewhere in your system
[2009/03/31 18:13:41] <sc0ttB> ahhh yes I probably do
[2009/03/31 18:13:51] <sc0ttB> jeez... what a fiasco
[2009/03/31 18:13:58] <lak> heh
[2009/03/31 18:14:20] <lak> it's a usability bug, already filed - filebuckets should throw errors that specify it's a problem backing up, because people apparently don't look there
[2009/03/31 18:14:43] <lak> but yeah, the crappy errors from the ssl libs don't help
[2009/03/31 18:14:54] <sc0ttB> it works...
[2009/03/31 18:14:58] <sc0ttB> THANKS ALL!
[2009/03/31 18:15:15] <Volcane> http://www.babbelirc.com/ <-- that looks almost bearable irc client wise
[2009/03/31 18:15:18] <Volcane> alpha though
[2009/03/31 18:17:25] <lak> sc0ttB: sorry for all the heartache :)
[2009/03/31 18:17:30] <lak> glad to hear it's all working
[2009/03/31 18:17:40] <jrojas> its official, i must smack my girlfriend
[2009/03/31 18:17:49] <jrojas> she busy music with my itunes account
[2009/03/31 18:17:57] <jrojas> and then all of a sudden bam! im listening to crap
[2009/03/31 18:18:00] <sc0ttB> no problem.. it was my misconfig
[2009/03/31 18:18:01] <Volcane> lol
[2009/03/31 18:18:24] <sc0ttB> it's great to see such a responsive community
[2009/03/31 18:18:39] <sc0ttB> reassures me I made the right choice :)
[2009/03/31 18:18:42] <jrojas> sc0ttB: actually none of us know anyhting about puppet.. we just pretend to
[2009/03/31 18:18:48] <sc0ttB> uhh huh
[2009/03/31 18:19:30] <grey-> we are puppets of the puppet master.
[2009/03/31 18:21:07] <jrojas> hm...i should get some lunch
[2009/03/31 18:21:29] * lak is not knowledgeable, it's just a long string of lucky guesses
[2009/03/31 18:21:50] <jrojas> i would have guessed you for more of a hash
[2009/03/31 18:21:53] <plathrop> lies! You wrote this monstrosity!
[2009/03/31 18:22:09] <Volcane> plathrop: i think he just lets the kids bash the keyb till it compiles
[2009/03/31 18:22:10] <plathrop> :-P
[2009/03/31 18:23:03] @ Quit: claymation:
[2009/03/31 18:23:24] <Volcane> oh this looks really nice http://conceitedsoftware.com/products/linkinus
[2009/03/31 18:23:47] <lak> Volcane: compiles? i'm happy if it just parses
[2009/03/31 18:23:51] <jrojas> that does look kinda nice..
[2009/03/31 18:24:10] <jrojas> lak: 'cmon you know you like file names to be good looking too
[2009/03/31 18:24:47] <lak> mmm, attractive file names
[2009/03/31 18:25:28] @ nakano is now known as nakano_
[2009/03/31 18:26:23] <Volcane> oh yeah thats a wicked irc client
[2009/03/31 18:28:38] @ peiriannydd joined channel #puppet
[2009/03/31 18:29:06] @ koojoo joined channel #puppet
[2009/03/31 18:31:17] @ Quit: koojoo: Client Quit
[2009/03/31 18:37:31] @ Quit: benblack: "Leaving..."
[2009/03/31 18:41:39] @ ezmob joined channel #puppet
[2009/03/31 18:41:45] @ Quit: rmiller4pi8: Read error: 110 (Connection timed out)
[2009/03/31 18:41:48] @ d3vilb0x joined channel #puppet
[2009/03/31 18:41:51] @ Quit: lak:
[2009/03/31 18:42:11] @ Quit: d3vilb0x: Client Quit
[2009/03/31 18:43:31] @ Quit: andrewcshafer:
[2009/03/31 18:44:57] @ andrewcshafer joined channel #puppet
[2009/03/31 18:46:11] @ koojoo joined channel #puppet
[2009/03/31 18:48:09] @ f3ew_ joined channel #puppet
[2009/03/31 18:49:40] @ Quit: verwilst: "Ex-Chat"
[2009/03/31 18:53:43] <Djelibeybi> Hmm.. I have a really interesting and rather fatal problem.
[2009/03/31 18:53:54] <Djelibeybi> Puppet is somehow deleting /etc/sudoers instead of ensuring it exists.
[2009/03/31 18:55:02] <sigmonsays> ensure => absent ?
[2009/03/31 18:55:06] <sigmonsays> ;)
[2009/03/31 18:56:16] <Djelibeybi> Sadly not
[2009/03/31 18:56:30] <Djelibeybi> In fact, the debug logs even say ensure: created
[2009/03/31 18:56:32] <Djelibeybi> Except the files are gone.
[2009/03/31 18:57:57] <sigmonsays> does debug say anything? puppetd -dvt
[2009/03/31 18:58:05] @ gebi_ joined channel #puppet
[2009/03/31 18:58:50] <Djelibeybi> sigmonsays: debug says the file is created. That's the truly scary part.
[2009/03/31 19:00:06] <sigmonsays> oh, debug. sorry didn't catch that
[2009/03/31 19:00:21] <sigmonsays> what version of puppet?
[2009/03/31 19:01:32] <Djelibeybi> 0.24.7
[2009/03/31 19:02:01] <sigmonsays> one rev ahead of me. I was gonna test your sanity
[2009/03/31 19:02:04] <sigmonsays> guess not
[2009/03/31 19:02:07] @ Quit: giles: Read error: 104 (Connection reset by peer)
[2009/03/31 19:02:37] <Djelibeybi> Hmmm.
[2009/03/31 19:02:45] <Djelibeybi> Ok, now Puppet has put the file back.
[2009/03/31 19:02:57] * Djelibeybi is questioning his own sanity.
[2009/03/31 19:04:31] <Djelibeybi> Yeah, 0.24.7-4.el5
[2009/03/31 19:08:21] @ Quit: gebi_: Read error: 145 (Connection timed out)
[2009/03/31 19:08:28] @ lak joined channel #puppet
[2009/03/31 19:09:34] <Djelibeybi> Ok, a few more runs and sudoers is still around. This is very weird.
[2009/03/31 19:09:40] <jrojas> omg that burrito was good
[2009/03/31 19:09:41] @ Quit: gebi: Read error: 110 (Connection timed out)
[2009/03/31 19:09:58] <rellis__> Is /etc/puppet/* expected to exist on all nodes in the same state?
[2009/03/31 19:10:09] @ gebi joined channel #puppet
[2009/03/31 19:10:23] <rellis__> i'm on rhel 5.3 using the rpm from rhel
[2009/03/31 19:11:13] <jrojas> rellis__: if you expect the puppetd clients to have the same config I would say yes
[2009/03/31 19:11:26] @ Quit: andrewcshafer: Read error: 104 (Connection reset by peer)
[2009/03/31 19:12:07] <rellis__> jrojas: does puppet provide a facility to keep all of these up to date on all ndoes?
[2009/03/31 19:12:33] <jrojas> yes and no
[2009/03/31 19:12:39] <jrojas> it does through indirect means
[2009/03/31 19:12:54] <jrojas> what I would do, is have a copy of these configs kept in a repo,
[2009/03/31 19:12:56] <rellis__> that's satisfactory.. do you mind if i ask how you deal with that issue?
[2009/03/31 19:13:05] @ Quit: markl_: "Lost terminal"
[2009/03/31 19:13:05] <rellis__> ah right.. svn/etc.?
[2009/03/31 19:13:05] <jrojas> then use the file provider distrbuting them
[2009/03/31 19:13:10] <jrojas> yeah...one sec..
[2009/03/31 19:13:13] <rellis__> okay nifty
[2009/03/31 19:13:20] <rellis__> ya i use svn for all my system ocnfigs now nayway
[2009/03/31 19:13:26] <rellis__> soon to be git i think =/
[2009/03/31 19:13:41] @ andrewcshafer joined channel #puppet
[2009/03/31 19:14:26] <jrojas> http://pastie.org/433217
[2009/03/31 19:14:36] <jrojas> try something like that
[2009/03/31 19:14:51] <jrojas> this way, you update your repo and the changes are pushed to the clients.
[2009/03/31 19:15:05] <rellis__> ya that's slick
[2009/03/31 19:15:06] <Djelibeybi> Why are you updating /etc/puppet on the clients?
[2009/03/31 19:15:14] <rellis__> i assumed i have to..
[2009/03/31 19:15:19] @ Quit: WALoeIII: "Bai."
[2009/03/31 19:15:22] <rellis__> this is my first day with puppet =p
[2009/03/31 19:15:25] <Djelibeybi> No, just on the puppet masters.
[2009/03/31 19:15:30] @ mfoster1 left channel #puppet ()
[2009/03/31 19:15:35] <Djelibeybi> The puppet clients only have puppet.conf in /etc/puppet
[2009/03/31 19:15:42] <Djelibeybi> The rest is stored in /var/lib/puppet and pulled from the master.
[2009/03/31 19:15:50] <rellis__> how do they know who the master is?
[2009/03/31 19:15:55] <rellis__> some auto-discovery stuff?
[2009/03/31 19:16:03] <Djelibeybi> rellis__: you have to tell them. :)
[2009/03/31 19:16:08] <rellis__> oh well ya..
[2009/03/31 19:16:09] <Djelibeybi> rellis__: check /etc/sysconfig/puppet
[2009/03/31 19:16:12] <jrojas> sec.
[2009/03/31 19:16:13] <rellis__> so they need a nodes.pp or something?
[2009/03/31 19:16:14] <Djelibeybi> Or setup a DNS alias for "puppet" which is the default
[2009/03/31 19:16:22] <Djelibeybi> rellis__: again, only on the master.
[2009/03/31 19:16:36] <jrojas> here
[2009/03/31 19:16:37] <Djelibeybi> rellis__: the master needs a site.pp
[2009/03/31 19:16:47] <jrojas> this is my actual puppet client management class http://pastie.org/433221
[2009/03/31 19:16:56] <Djelibeybi> rellis__: that's the base file that is read.
[2009/03/31 19:17:08] <jrojas> i have 3 different locations so I have to template things by situation
[2009/03/31 19:17:16] @ Quit: ezmob: Read error: 110 (Connection timed out)
[2009/03/31 19:17:23] @ Quit: Volcane: "bbiab"
[2009/03/31 19:18:02] <rellis__> okay gotcha
[2009/03/31 19:18:14] <rellis__> so i never need to worry about delivering configs to clients
[2009/03/31 19:18:21] <jrojas> usually no,
[2009/03/31 19:18:31] <jrojas> but sometimes you may want to add options to the puppet daemon
[2009/03/31 19:18:42] <jrojas> so it is always a good idea to have it handy whether used or not.
[2009/03/31 19:18:58] @ Volcane joined channel #puppet
[2009/03/31 19:18:59] <rellis__> okay i'll go take a stab at it
[2009/03/31 19:19:04] <rellis__> thanks to both of you for the help
[2009/03/31 19:19:11] <Djelibeybi> Right, puppet has removed my /etc/sudoers file again
[2009/03/31 19:19:13] <jrojas> i also , have a base::cron which includes a nightly restart of puppet just in case something breaks puppet's config
[2009/03/31 19:19:27] <Djelibeybi> With the useful log entry of: ensure created.
[2009/03/31 19:19:28] <Djelibeybi> sigh
[2009/03/31 19:19:41] @ cwebber_ joined channel #puppet
[2009/03/31 19:19:47] <jrojas> Djelibeybi: can we see the file portion of your manifest?
[2009/03/31 19:20:02] <jrojas> Djelibeybi: also, is this the ONLY place /etc/sudoers is referenced in your manifests?
[2009/03/31 19:20:17] <Djelibeybi> jrojas: I'm 99.9% sure, but I'll check anyway.
[2009/03/31 19:20:27] <Djelibeybi> jrojas: one sec. My puppet system and IRC are not connected, so I can't cut and paste.
[2009/03/31 19:20:35] <jrojas> pastie would work
[2009/03/31 19:21:07] <Djelibeybi> One sec
[2009/03/31 19:21:25] <Djelibeybi> My puppet system is not directly connected to the Internet. I have to do some jiggery-pokery.
[2009/03/31 19:21:52] @ cwebber__ joined channel #puppet
[2009/03/31 19:21:57] @ Quit: cwebber_: Read error: 54 (Connection reset by peer)
[2009/03/31 19:24:16] <Djelibeybi> http://pastie.org/private/aesuglrh6obivgmiegsoq
[2009/03/31 19:24:23] @ Volcane left channel #puppet ()
[2009/03/31 19:24:54] <jrojas> k, so the issue is puppet is removing the file or creating the file?
[2009/03/31 19:26:02] <Djelibeybi> jrojas: depends on the run. Sometimes it is being removed.
[2009/03/31 19:26:10] <Djelibeybi> Other times, the file is created properly
[2009/03/31 19:26:27] <Djelibeybi> But, it's not regular, as far as I can tell, i.e. its not "remove/create/remove/create" on each run
[2009/03/31 19:26:42] <jrojas> there should be no reason it removes the file. especially if that is your only definition of file
[2009/03/31 19:26:57] <Djelibeybi> jrojas: yes, that's what I would've thought. But it definitely is, on multiple servers.
[2009/03/31 19:27:44] <jrojas> sec.
[2009/03/31 19:28:02] @ Volcane joined channel #puppet
[2009/03/31 19:28:08] <Djelibeybi> jrojas: Unfortunately, the debug logs all say created, even on runs where the file is removed.
[2009/03/31 19:29:03] <jrojas> you should be able to add notice or debug in there somewhere.
[2009/03/31 19:29:11] <jrojas> i dont remember the syntax off hand...
[2009/03/31 19:29:24] <Djelibeybi> jrojas: I'm running puppetd manually with the -d option
[2009/03/31 19:30:08] <Djelibeybi> It's doing it to /etc/logrotate.conf as well
[2009/03/31 19:30:18] <Djelibeybi> Identical configuration, just different source file
[2009/03/31 19:30:59] <jrojas> hmm
[2009/03/31 19:31:06] <jrojas> what version 0.24.7 ?
[2009/03/31 19:31:43] <Djelibeybi> Yup
[2009/03/31 19:31:59] <Djelibeybi> However, I have other files that don't seem to be affected. I'm just comparing them now
[2009/03/31 19:32:38] <Djelibeybi> For example, /etc/syslog.conf is also controlled, but is not showing this problem.
[2009/03/31 19:32:41] <Djelibeybi> Same configuration though
[2009/03/31 19:32:48] <jrojas> http://pastie.org/433234
[2009/03/31 19:33:23] <jrojas> try to copy the file out after it removes it, it should error
[2009/03/31 19:33:49] <jrojas> either way this is rally strange
[2009/03/31 19:34:11] <jrojas> where is the fileserver portion of the system getting the files form?
[2009/03/31 19:34:14] <jrojas> form = from
[2009/03/31 19:34:52] <jrojas> and is puppet managing puppetmaster also ?
[2009/03/31 19:35:45] <Djelibeybi> Yes, puppet is managing the puppet master
[2009/03/31 19:35:51] @ Quit: cwebber: Read error: 110 (Connection timed out)
[2009/03/31 19:36:03] <Djelibeybi> Not sure I understand your fileserver question?
[2009/03/31 19:36:25] <Djelibeybi> Right
[2009/03/31 19:36:33] <Djelibeybi> I now have a /tmp/puppet_test.out and no /etc/sudoers
[2009/03/31 19:36:37] <Djelibeybi> On a normal puppet run
[2009/03/31 19:36:38] <jrojas> ok, so, in order to serve up a file, your fileserver (unless using modules) needs to know where to find the file locally to serve.
[2009/03/31 19:36:44] <Djelibeybi> I'm using modules for everything
[2009/03/31 19:36:54] <jrojas> is /tmp/puppet_test.out what the sudoers should be ?
[2009/03/31 19:36:57] <jrojas> or is it blank?
[2009/03/31 19:36:58] <Djelibeybi> Yup
[2009/03/31 19:37:01] <jrojas> weird..
[2009/03/31 19:37:19] <jrojas> so, the exec should be happening after the file is accessed.
[2009/03/31 19:37:34] <jrojas> which means, it is copying a ghost file?
[2009/03/31 19:38:00] <Djelibeybi> I have no idea anymore.
[2009/03/31 19:38:02] <jrojas> is there only one puppetd process running on the host?
[2009/03/31 19:38:06] @ Quit: cwebber__: Read error: 110 (Connection timed out)
[2009/03/31 19:38:07] <Djelibeybi> The /etc/sudoers file is definitely gone, though.
[2009/03/31 19:38:09] <Djelibeybi> Hmmm
[2009/03/31 19:38:19] <Djelibeybi> Yup, only one puppetd process
[2009/03/31 19:38:33] <jrojas> hm...
[2009/03/31 19:38:37] <jrojas> lsof /etc ?
[2009/03/31 19:38:56] <Djelibeybi> Returns nothing
[2009/03/31 19:39:00] <jrojas> hmm
[2009/03/31 19:39:04] <jrojas> brb need a drink
[2009/03/31 19:39:09] <Djelibeybi> :)
[2009/03/31 19:39:55] <Djelibeybi> Wait .. I think it's only happening on my EL4 guests.
[2009/03/31 19:40:17] <Djelibeybi> Except, it happened on the Puppet Master which is EL5. So, perhaps not
[2009/03/31 19:43:15] <lak> Djelibeybi: no errors on your client or server?
[2009/03/31 19:43:34] <Djelibeybi> lak: none that I can see. debug logs even show "ensure created" lines
[2009/03/31 19:43:53] <lak> i think there's a bug in 0.24.7 where in some cases the client thinks there's no source because of an error
[2009/03/31 19:43:58] <lak> thus treating the lack of source as an empty file
[2009/03/31 19:44:04] <lak> you checked the server logs, too?
[2009/03/31 19:44:13] <Djelibeybi> lak: checking now
[2009/03/31 19:46:05] * lak is about 30secs away from having to help make a mess with baby food and twins
[2009/03/31 19:46:34] <Djelibeybi> lak: no errors in master.log for an affected serer.
[2009/03/31 19:46:37] <Djelibeybi> server
[2009/03/31 19:46:44] <Djelibeybi> I do see some weirdness with a Yumrepo though.
[2009/03/31 19:46:50] <lak> what about syslog?
[2009/03/31 19:46:54] <lak> that's where i'd expect the errors to be
[2009/03/31 19:47:13] <Djelibeybi> lak: Puppet Master is logging to /var/log/puppet/master.log
[2009/03/31 19:47:20] <lak> ok
[2009/03/31 19:47:23] <Djelibeybi> lak: To keep in separate from the Puppet client on the same machine
[2009/03/31 19:47:39] <lak> can you email me at luke at madstop.com? this is obviously a significant problem and shouldn't happen
[2009/03/31 19:47:57] <Djelibeybi> lak: what do you want me to email you? :)
[2009/03/31 19:48:03] <lak> more detail?
[2009/03/31 19:48:05] <lak> your manifests?
[2009/03/31 19:48:09] <lak> your bank PIN?
[2009/03/31 19:48:16] <lak> anything you think might help me figure it out
[2009/03/31 19:48:18] <jrojas> i was going to be obscene..
[2009/03/31 19:48:22] <jrojas> but i held back
[2009/03/31 19:48:25] <Djelibeybi> lol
[2009/03/31 19:48:35] <Djelibeybi> lak: I'm waiting for jamesturnbull to get out of a meeting and call me back too, btw.
[2009/03/31 19:48:37] <jrojas> lak: you need his card info too
[2009/03/31 19:48:42] <lak> ruby versions, puppet versions, on both client and server, debug logs from both client and server, --trace logs from client, etc.
[2009/03/31 19:48:48] <lak> jrojas: i've already got that, duh :)
[2009/03/31 19:48:59] <lak> ok, i have to go get a couple of babies completely messy
[2009/03/31 19:49:00] <lak> laters all
[2009/03/31 19:49:02] @ Quit: lak:
[2009/03/31 19:49:02] <Djelibeybi> lak: how do I get --trace info?
[2009/03/31 19:49:10] <jrojas> puppetd -vtd --trace
[2009/03/31 19:49:17] <jrojas> brb
[2009/03/31 19:49:32] <joe-mac> how do you append to an array?
[2009/03/31 19:49:34] <joe-mac> +>?
[2009/03/31 19:49:43] <Djelibeybi> jrojas: ta
[2009/03/31 19:52:26] @ Quit: Bass10: Read error: 110 (Connection timed out)
[2009/03/31 19:54:02] <Djelibeybi> Hmm.. --trace doesn't seem to have any more info than normal --debug
[2009/03/31 19:54:05] @ Quit: keithlard:
[2009/03/31 19:55:32] @ Quit: alfism: "Connection reset by beer"
[2009/03/31 19:55:40] @ kolla joined channel #puppet
[2009/03/31 19:56:14] <Djelibeybi> jrojas: puppetd doesn't seem to have a --trace option according to --help?
[2009/03/31 20:00:00] @ keithlard joined channel #puppet
[2009/03/31 20:00:04] @ shake-n-bake joined channel #puppet
[2009/03/31 20:00:19] <jrojas> hmm
[2009/03/31 20:00:45] <jrojas> --help doesnt show it
[2009/03/31 20:01:38] <Djelibeybi> --trace didn't seem to add any more data to the output
[2009/03/31 20:01:42] <Djelibeybi> one sec -- phone. :(
[2009/03/31 20:01:56] @ d3vilb0x joined channel #puppet
[2009/03/31 20:02:33] @ Volcane left channel #puppet ()
[2009/03/31 20:03:19] <jrojas> --trace only works when there is an error to output
[2009/03/31 20:03:26] <jrojas> try running your puppetmaster on it
[2009/03/31 20:03:31] @ Quit: f3ew_: Read error: 104 (Connection reset by peer)
[2009/03/31 20:04:41] @ f3ew_ joined channel #puppet
[2009/03/31 20:04:53] @ bevans5446 joined channel #puppet
[2009/03/31 20:08:01] @ Volcane joined channel #puppet
[2009/03/31 20:08:07] @ Quit: Superfly_: Read error: 104 (Connection reset by peer)
[2009/03/31 20:10:03] @ Quit: hessml\|away\|away: "Leaving..."
[2009/03/31 20:12:11] @ nakano_ is now known as nakano
[2009/03/31 20:12:45] @ shake-n-bake_ joined channel #puppet
[2009/03/31 20:19:21] @ Quit: shake-n-bake: Read error: 110 (Connection timed out)
[2009/03/31 20:21:19] <Djelibeybi> Hmmmm... service puppet status doesn't seem to work on EL4.
[2009/03/31 20:24:07] @ Quit: kolla: Remote closed the connection
[2009/03/31 20:24:57] <Djelibeybi> Ok, seems to be happening on ntp.conf as well, which is a templated file.
[2009/03/31 20:25:06] @ sc0ttB left channel #puppet ()
[2009/03/31 20:31:58] @ Quit: sigmonsays: "Leaving"
[2009/03/31 20:34:14] <jrojas> Djelibeybi: you definitely seem to be hitting that bug. I would try to get as much info to Luke as possible and then start thinking about upgrading and seeing if the problem exists still
[2009/03/31 20:34:35] <Djelibeybi> jrojas: yes, quite. I'm busy building some log files.
[2009/03/31 20:34:45] <Djelibeybi> jrojas: It's tough, because it's not predictable.
[2009/03/31 20:35:01] <Djelibeybi> jrojas: Essentially, I've enabled debug logging on a few boxes and I'm checking after each run.
[2009/03/31 20:35:07] <Djelibeybi> jrojas: I can then pack up the logs for lak.
[2009/03/31 20:36:35] <joe-mac> FOR THE LOVE OF ALL THAT IS HOLY has anyone ever preseeded sun-java through puppet?
[2009/03/31 20:36:54] @ Quit: shake-n-bake_: Read error: 110 (Connection timed out)
[2009/03/31 20:37:44] @ Quit: fbe: "Konversation terminated!"
[2009/03/31 20:39:23] @ Quit: nigelk:
[2009/03/31 20:40:35] @ Quit: aZaFred:
[2009/03/31 20:41:38] @ Superfly_ joined channel #puppet
[2009/03/31 20:42:52] @ benblack joined channel #puppet
[2009/03/31 20:43:25] <peiriannydd> joe-mac: How so? I've gotten it to install just fine...
[2009/03/31 20:47:07] <jrojas> joe-mac: ?
[2009/03/31 20:47:25] <jrojas> joe-mac: puppet does sort of not like large binary files much
[2009/03/31 20:48:00] <peiriannydd> joe-mac: Are you using a RPM based distro?
[2009/03/31 20:48:24] <peiriannydd> joe-mac: And/or can you use RPMs, if not (alien, whatever)
[2009/03/31 20:48:56] <peiriannydd> Heh....I show myself for the Debian n00b that I am :-P
[2009/03/31 20:49:34] <peiriannydd> If you can use alien, I would recommend grabbing the RPM extracting binary from Sun and ripping off the cover. You're then left with a perfectly installable RPM
[2009/03/31 20:49:51] <peiriannydd> I tend to float between Gentoo and Fedora for various reasons
[2009/03/31 20:51:04] <Djelibeybi> lutter: did you write the /etc/init.d/puppet script for RHEL?
[2009/03/31 20:53:45] <lutter> Djelibeybi: I am afraid I did .. a very long time ago
[2009/03/31 20:53:56] <Djelibeybi> lutter: the "status" option doesn't seem to work on EL4
[2009/03/31 20:54:08] <Djelibeybi> lutter: should I just log a bug on the Puppet tracker?
[2009/03/31 20:54:28] <lutter> Djelibeybi: yeah, that will be best
[2009/03/31 20:54:41] <Djelibeybi> Ok, doing that now.
[2009/03/31 20:55:32] <lutter> Djelibeybi: I think we keep flip-flopping back and forth between using status with and w/o -p option .. -p does not work on RHEL4, but there was some other reason why ppl wanted the -p
[2009/03/31 20:57:26] <Djelibeybi> lutter: logged anyway, just for completeness if nothing else.
[2009/03/31 20:57:49] <Djelibeybi> jrojas: all my servers are behaving themselves and none have lost their /etc/sudoers file for the past two runs.
[2009/03/31 20:58:03] <Djelibeybi> jrojas: this is both lovely and deeply irritating at the same time.
[2009/03/31 20:58:13] @ shake-n-bake__ joined channel #puppet
[2009/03/31 20:58:51] <joe-mac> peiriannydd: it won'ta ccept the preseed
[2009/03/31 20:58:53] <joe-mac> no matter what
[2009/03/31 20:58:57] <joe-mac> it still displays the license
[2009/03/31 20:58:59] <joe-mac> driving me nuts
[2009/03/31 20:59:33] <peiriannydd> Hmm....can you not pre-seed it and pop out the RPM and convert it using something like rpm2deb?
[2009/03/31 20:59:44] <peiriannydd> Then the annoying license message should disappear
[2009/03/31 20:59:54] <peiriannydd> In the RPM version, it's just a wrapper script.
[2009/03/31 21:00:30] @ Quit: keithlard:
[2009/03/31 21:03:34] <joe-mac> peiriannydd: i could also convert it to an rpm, use rpm2cpio to extract all the files, use a homebrew c program to twiddle a few bits, then install it by hand with a bunch of cp commands, however, my shred of sanity is meaningful to me
[2009/03/31 21:03:41] <joe-mac> :-D
[2009/03/31 21:04:01] <joe-mac> since this is teh first server that needs preseeded java it's not a huge deal, but it will become big since we do tend to use tomcat
[2009/03/31 21:04:17] <peiriannydd> joe-mac: Yeah, that's going to kind of suck.
[2009/03/31 21:04:39] <jrojas> Djelibeybi: has anything changed in the manifests?
[2009/03/31 21:04:59] <peiriannydd> joe-mac: Have you tried wrapping it with an Exec instead of using the Package type? Just to see if it works?
[2009/03/31 21:05:14] <Djelibeybi> jrojas: yes, this is unfortunately a very volatile Puppet instance.
[2009/03/31 21:05:44] <peiriannydd> joe-mac: Sounds like you may have possibly hit a bug in the preseed code, perhaps with the handling of 'more' continuations?
[2009/03/31 21:05:58] <jrojas> Djelibeybi: if its version controlled you can get a diff of the last couple commits to figure out what changed and see if it is related.
[2009/03/31 21:06:22] <Djelibeybi> jrojas: I'm thinking it might occur when there is an error in the puppet manifests somewhere and the local catalog is used instead
[2009/03/31 21:06:27] <Djelibeybi> jrojas: I'm about to test that theory
[2009/03/31 21:07:03] <jrojas> Djelibeybi: its worth a shot, but even after a successful run, using the "cached local" catalog would still return a good run
[2009/03/31 21:07:23] <Djelibeybi> jrojas: s/would/should and you're right.
[2009/03/31 21:07:29] <Djelibeybi> The "would" is what I'll be testing
[2009/03/31 21:07:51] <Djelibeybi> Nope, I just had a delete
[2009/03/31 21:07:57] <Djelibeybi> Amd the manifest is fine
[2009/03/31 21:08:11] <Djelibeybi> AND I CAUGHT THE DEBUG TRACE.
[2009/03/31 21:08:14] <jrojas> good
[2009/03/31 21:08:15] <Djelibeybi> HUZZAH./
[2009/03/31 21:08:17] <jrojas> pastie ?
[2009/03/31 21:08:34] <jrojas> im interested in seeing this as I am on the same version in production
[2009/03/31 21:09:15] <Djelibeybi> I need to anonymise it
[2009/03/31 21:10:25] <Djelibeybi> This is what I caught:
[2009/03/31 21:10:35] <Djelibeybi> http://pastie.org/433307
[2009/03/31 21:11:00] <Djelibeybi> You'll see near the end it thinks that /etc/sudoers doesn't exist
[2009/03/31 21:11:04] <Djelibeybi> Then it thinks it creates it
[2009/03/31 21:11:11] <Djelibeybi> However, once it finished, /etc/sudoers was gone
[2009/03/31 21:11:59] <Djelibeybi> And that was a manual run (i.e. I ran "puppetd -t -d -v -o" on the command-line
[2009/03/31 21:12:11] <Djelibeybi> Actually: puppetd --no-daemonize -d -t -v -o
[2009/03/31 21:12:46] <jrojas> i dont see the trace.
[2009/03/31 21:12:55] <Djelibeybi> My logrotate.conf is gone as well
[2009/03/31 21:13:23] <jrojas> no mention of it being created or removed
[2009/03/31 21:13:30] <jrojas> i see nothing wrong in that pastie.
[2009/03/31 21:13:41] <jrojas> its seeing the sudoers as not existing, so it creates it
[2009/03/31 21:14:01] <Djelibeybi> jrojas: except, sudoers did exist and it removed it.
[2009/03/31 21:14:08] <Djelibeybi> Hence the complete weirdness.
[2009/03/31 21:14:16] <Djelibeybi> Same with logrotate.conf
[2009/03/31 21:15:03] <jrojas> Djelibeybi: enable reporting
[2009/03/31 21:15:26] <jrojas> Djelibeybi: this way you can see if resource counts and or changes countsa re happening when the file appears/disappears
[2009/03/31 21:15:26] <Djelibeybi> jrojas: how?
[2009/03/31 21:15:32] <jrojas> puppetd.conf
[2009/03/31 21:15:49] <jrojas> reports = true
[2009/03/31 21:15:52] <jrojas> under [puppet]
[2009/03/31 21:15:57] <jrojas> err.
[2009/03/31 21:16:01] <jrojas> report not reports
[2009/03/31 21:16:08] <Djelibeybi> On the puppet master or client?
[2009/03/31 21:16:23] <jrojas> client
[2009/03/31 21:16:35] <Djelibeybi> I have an /etc/puppet/puppet.conf file
[2009/03/31 21:16:43] <Djelibeybi> Which contains [main] and [puppetd]
[2009/03/31 21:16:48] <jrojas> yes
[2009/03/31 21:16:49] @ shake-n-bake joined channel #puppet
[2009/03/31 21:16:53] <jrojas> under [puppetd]
[2009/03/31 21:16:57] <jrojas> add report = true
[2009/03/31 21:16:58] <Djelibeybi> Ok, one sec
[2009/03/31 21:17:12] <jrojas> it should dump out a few extra lines at the end of the run
[2009/03/31 21:18:11] <Djelibeybi> Ok, running again now
[2009/03/31 21:18:29] <jrojas> so,that pastie looks 100% normal to me. I see nothing out of the ordinary
[2009/03/31 21:18:36] <Djelibeybi> Ok, it just recreated /etc/sudoers and /etc/logrotate.conf
[2009/03/31 21:18:55] <Djelibeybi> Done.
[2009/03/31 21:19:12] <jrojas> did the reporting work?
[2009/03/31 21:19:29] <Djelibeybi> It said it sent the report
[2009/03/31 21:19:44] <jrojas> hm...
[2009/03/31 21:20:02] <Djelibeybi> Ok, I have the .yaml file
[2009/03/31 21:20:10] <jrojas> http://pastie.org/433320
[2009/03/31 21:20:16] <jrojas> thats what my output looks like
[2009/03/31 21:20:42] <Djelibeybi> jrojas: mine doesn't have all that
[2009/03/31 21:20:46] <jrojas> weird....
[2009/03/31 21:20:56] <jrojas> so, since it just re-created the files, are they real?
[2009/03/31 21:21:07] <jrojas> like is the content what is expected ?
[2009/03/31 21:21:12] <Djelibeybi> Yup, both are correct
[2009/03/31 21:21:33] <Djelibeybi> brb, need to go do something else for a sec.
[2009/03/31 21:23:38] @ Quit: shake-n-bake__: Read error: 110 (Connection timed out)
[2009/03/31 21:30:40] @ peiriannydd left channel #puppet ()
[2009/03/31 21:33:48] @ lak joined channel #puppet
[2009/03/31 21:34:43] <jrojas> lak: back already?
[2009/03/31 21:35:43] <lak> maybe?
[2009/03/31 21:35:50] <jrojas> heheh
[2009/03/31 21:36:02] <lak> my munchkins are just about to wake up from their post-bath nap, so i'll be evacuating once again then
[2009/03/31 21:36:14] <jrojas> does facter have the ability to detect the default interface?
[2009/03/31 21:36:23] <jrojas> based on the default route?
[2009/03/31 21:36:35] <jrojas> i understand there could be situations that are different but it would be interesting to have
[2009/03/31 21:37:13] <lak> i don't think it does
[2009/03/31 21:37:21] <lak> it just uses the first interface as the default
[2009/03/31 21:37:35] <jrojas> hm..
[2009/03/31 21:37:38] @ punkcut joined channel #puppet
[2009/03/31 21:38:03] <jrojas> other than the amount of data facter spews out, could you think of a reason why that fact wouldnt be wanted?
[2009/03/31 21:38:12] <lak> no
[2009/03/31 21:38:22] <lak> but then, "want" usually isn't the thing we're short on :)
[2009/03/31 21:38:31] <jrojas> very true
[2009/03/31 21:39:22] <Djelibeybi> Crap, I need to upgrade to 0.24.8 anyway
[2009/03/31 21:39:28] <jrojas> Djelibeybi: ?
[2009/03/31 21:39:38] <Djelibeybi> lak or lutter: Do you know if the Augeas INS bug was fixed in 0.24.8?
[2009/03/31 21:39:41] <lak> and indeed, the babies awake
[2009/03/31 21:39:53] <lak> erm, check the bug? if it's set to 0.24.8, then yes, otherwise no?
[2009/03/31 21:39:56] <lak> bbl
[2009/03/31 21:39:57] @ Quit: lak:
[2009/03/31 21:41:00] <Djelibeybi> Hmm.. doesn't appear to be: http://projects.reductivelabs.com/issues/1948
[2009/03/31 21:41:08] <joe-mac> i really wish the devs would just allow tomcat packages
[2009/03/31 21:41:14] <joe-mac> goiong to have to do a bunch of hacking here
[2009/03/31 21:41:24] <joe-mac> hey lak any idea when onlyif and unless will be true meta params?
[2009/03/31 21:41:27] <jrojas> he left
[2009/03/31 21:41:31] <joe-mac> ah
[2009/03/31 21:41:40] @ nigelk joined channel #puppet
[2009/03/31 21:42:00] @ Quit: koojoo:
[2009/03/31 21:43:10] <Djelibeybi> Buggery bollocks.
[2009/03/31 21:48:53] @ benblack is now known as benblack\|away
[2009/03/31 21:50:02] @ claymation_ joined channel #puppet
[2009/03/31 21:51:01] @ aZaFred joined channel #puppet
[2009/03/31 21:51:10] @ Quit: punkcut: Read error: 104 (Connection reset by peer)
[2009/03/31 21:51:16] @ Quit: andrewcshafer:
[2009/03/31 21:54:16] @ Quit: shake-n-bake:
[2009/03/31 21:56:49] @ benblack\|away is now known as benblack
[2009/03/31 21:58:53] @ rmiller4pi8 joined channel #puppet
[2009/03/31 22:06:53] <Djelibeybi> How often does puppet flush to the logs if you're not using syslog?
[2009/03/31 22:07:10] <Djelibeybi> I've noticed that /var/log/puppet/puppet.log is quite behind actual activity
[2009/03/31 22:07:19] @ ezmob joined channel #puppet
[2009/03/31 22:07:27] @ ohadlevy joined channel #puppet
[2009/03/31 22:09:32] @ lak joined channel #puppet
[2009/03/31 22:14:36] @ fujin joined channel #puppet
[2009/03/31 22:21:33] @ Quit: claymation_:
[2009/03/31 22:21:45] @ Quit: nigelk:
[2009/03/31 22:26:02] <jrojas> lak: i just made a patch for facter to have a default_interface fact, however, its only working and tested on linux right now, I am looking into solaris and darwin
[2009/03/31 22:26:19] @ Quit: grey-: "bbl"
[2009/03/31 22:28:23] @ andrewcshafer joined channel #puppet
[2009/03/31 22:30:49] @ Quit: ezmob: "Bye!"
[2009/03/31 22:43:15] @ Quit: lak:
[2009/03/31 22:49:38] @ axisys joined channel #puppet
[2009/03/31 22:53:56] @ lak joined channel #puppet
[2009/03/31 23:00:26] @ claymation joined channel #puppet
[2009/03/31 23:00:42] @ score left channel #puppet ()
[2009/03/31 23:01:24] @ punkcut joined channel #puppet
[2009/03/31 23:03:29] @ PaulWay joined channel #puppet
[2009/03/31 23:04:14] @ Quit: lak:
[2009/03/31 23:04:43] @ Quit: andrewcshafer:
[2009/03/31 23:05:57] @ Quit: punkcut: Read error: 104 (Connection reset by peer)
[2009/03/31 23:07:37] @ score joined channel #puppet
[2009/03/31 23:10:31] @ punkcut joined channel #puppet
[2009/03/31 23:11:17] @ claymation_ joined channel #puppet
[2009/03/31 23:11:17] @ axisys_ joined channel #puppet
[2009/03/31 23:15:25] @ Quit: mizzy_: Read error: 110 (Connection timed out)
[2009/03/31 23:18:07] @ cwebber joined channel #puppet
[2009/03/31 23:22:52] @ Quit: walrus_: Remote closed the connection
[2009/03/31 23:25:11] @ Quit: axisys: Read error: 110 (Connection timed out)
[2009/03/31 23:26:19] @ Quit: ethan_rowe: "Lack of interest wins out."
[2009/03/31 23:27:09] @ Quit: claymation: Read error: 110 (Connection timed out)
[2009/03/31 23:27:53] <joe-mac> i'm drinking beer and decided that i am going to do something serious with openbsd
[2009/03/31 23:28:06] <joe-mac> mostly because it requires a huge chunk of my life to reach any level of usability
[2009/03/31 23:28:12] <joe-mac> with puppet i meeean
[2009/03/31 23:28:42] <ohadlevy> good luck
[2009/03/31 23:34:31] @ Djeli joined channel #puppet
[2009/03/31 23:35:14] @ Quit: Djelibeybi: Nick collision from services.
[2009/03/31 23:35:19] @ Djeli is now known as Djelibeybi
[2009/03/31 23:37:16] @ Quit: axisys_: Read error: 60 (Operation timed out)
[2009/03/31 23:42:35] <ohadlevy> I have a question about reusing puppet certificates, anyone here understands certificates properly?
[2009/03/31 23:50:59] @ ijcd_ joined channel #puppet
[2009/03/31 23:51:09] @ Quit: ChoHag: Read error: 113 (No route to host)
[2009/03/31 23:55:58] @ Quit: jmslagle: Read error: 104 (Connection reset by peer)
[2009/03/31 23:56:12] @ Quit: d3vilb0x:
[2009/03/31 23:56:43] @ jmslagle joined channel #puppet
[2009/03/31 23:57:31] @ jhelwig_ joined channel #puppet
[2009/03/31 23:57:34] <rmiller4pi8> ohadlevy: probably, what do you need?
[2009/03/31 23:57:48] <ohadlevy> rmiller4pi8: O

Generated by irclog2html.py 2.6 by Marius Gedminas - find it at mg.pov.lt!