Monday, 2009-05-11

[2009/05/11 00:11:26] @ Log started by gepetto
[2009/05/11 00:11:26] @ n0ts____ joined channel #puppet
[2009/05/11 00:13:38] @ edwardam joined channel #puppet
[2009/05/11 00:18:16] @ Quit: gaveen: Read error: 110 (Connection timed out)
[2009/05/11 00:19:10] @ Quit: shake-n-bake:
[2009/05/11 00:20:51] @ gaveen joined channel #puppet
[2009/05/11 00:24:05] @ Quit: n0ts___: Read error: 110 (Connection timed out)
[2009/05/11 00:34:21] @ nasrat joined channel #puppet
[2009/05/11 00:52:34] <nasrat> wiki:DevelopmentLifecycle
[2009/05/11 00:52:35] <gepetto> nasrat: wiki: wiki:DevelopmentLifecycle is http://reductivelabs.com/trac/puppet/wiki/DevelopmentLifecycle
[2009/05/11 00:58:37] <nasrat> #2060
[2009/05/11 00:58:38] <gepetto> nasrat: #2060 is http://projects.reductivelabs.com/issues/show/2060 "Facter - Bug #2060: Inconsistent output in operatingsystemrelease between RedHat and CentOS - ReductiveLabs.com"
[2009/05/11 01:07:53] <jamesturnbull> nasrat: that typo is my mea culpa
[2009/05/11 01:08:19] <nasrat> jamesturnbull: np, as you said you'd have picked it up with more tests around that area
[2009/05/11 01:08:26] <Djelibeybi> jamesturnbull: I'd offer you a ritual flogging followed by drinks, but you're not drinking atm.
[2009/05/11 01:08:43] <nasrat> also got another one in the same vein from the 1.9 fixup patch
[2009/05/11 01:08:54] <nasrat> will file shortly
[2009/05/11 01:13:40] <jamesturnbull> nasrat: oh excellent - more flogging
[2009/05/11 01:13:52] <nasrat> no blame :)
[2009/05/11 01:13:59] <nasrat> just bug fixes
[2009/05/11 01:14:11] * Djelibeybi flogs jamesturnbull anyway.
[2009/05/11 01:14:27] * Djelibeybi is in a sadistic mood today and needs to beat someone.
[2009/05/11 01:15:57] @ LittleIdea joined channel #puppet
[2009/05/11 01:15:58] @ andrewcshafer joined channel #puppet
[2009/05/11 01:22:06] <nasrat> jamesturnbull: #2236
[2009/05/11 01:22:06] <gepetto> nasrat: jamesturnbull: #2236 is http://projects.reductivelabs.com/issues/show/2236 "Facter - Bug #2236: macaddress fact uses each_line on arrays - ReductiveLabs.com"
[2009/05/11 01:22:07] <nasrat> http://gist.github.com/109874
[2009/05/11 01:22:19] <nasrat> is it worth trying to figure out a test for that?
[2009/05/11 01:23:02] @ joe-mac joined channel #puppet
[2009/05/11 01:28:02] <jamesturnbull> nasrat: probably not
[2009/05/11 01:28:13] <nasrat> ok I'll mail patches
[2009/05/11 01:28:32] <nasrat> we need to revisit that all anyway but it's sufficient for 1.5.5
[2009/05/11 01:28:54] <jamesturnbull> nasrat: yeah my example confines thing btw was wild arse straw man
[2009/05/11 01:29:16] <nasrat> it's good to have something to think about
[2009/05/11 01:33:42] <jamesturnbull> what limited benefit my thinking offers :P
[2009/05/11 01:43:57] @ degr8hunt joined channel #puppet
[2009/05/11 01:51:50] @ pleemans joined channel #puppet
[2009/05/11 01:53:57] <nasrat> meh as a whole bunch of bugs are in the same file it might make merging funner
[2009/05/11 01:54:39] <jamesturnbull> nasrat: which file?
[2009/05/11 01:54:59] <nasrat> well adding tests to spec/unit/util/ip.rb
[2009/05/11 01:54:59] <jamesturnbull> nasrat: maybe we should just deprecate macaddress, ipaddress et al
[2009/05/11 01:55:43] <jamesturnbull> nasrat: well if you want to rebase into one branch I will pull all of the "Ready For Testing" tickets tonight sometime
[2009/05/11 01:55:51] <nasrat> 1.6 deprecate, 2.0 remove
[2009/05/11 01:56:03] <nasrat> I'll see how bad it ends up
[2009/05/11 01:56:15] <jamesturnbull> well hopefully 2.0 it'll be moot as it'll be namespaced
[2009/05/11 01:57:19] <jamesturnbull> gepetto: seen lak
[2009/05/11 01:57:19] <gepetto> jamesturnbull: lak was last seen 16 hours, 56 minutes and 36 seconds ago, quitting IRC ()
[2009/05/11 02:12:14] @ f3ew joined channel #puppet
[2009/05/11 02:18:07] <nasrat> #1846
[2009/05/11 02:18:08] <gepetto> nasrat: #1846 is http://projects.reductivelabs.com/issues/show/1846 "Facter - Feature #1846: ipmess.rb: Change interfaces to match the names used for the variables - ReductiveLabs.com"
[2009/05/11 02:19:50] @ Quit: kolla: Remote closed the connection
[2009/05/11 02:21:08] @ Quit: fbe_: Read error: 110 (Connection timed out)
[2009/05/11 02:22:17] @ rberger joined channel #puppet
[2009/05/11 02:22:24] @ Quit: johan-s: "Leaving..."
[2009/05/11 02:36:10] @ edwardam is now known as edwardam\|zZZz
[2009/05/11 02:36:46] * monachus is in limbo.
[2009/05/11 02:36:57] @ Quit: gaveen: "Enough lurking for now"
[2009/05/11 02:38:31] @ Quit: LittleIdea:
[2009/05/11 02:43:17] @ kolla joined channel #puppet
[2009/05/11 02:48:54] @ Quit: yarihm: "This computer has gone to sleep"
[2009/05/11 02:50:21] @ mattock joined channel #puppet
[2009/05/11 02:50:41] @ n0ts_____ joined channel #puppet
[2009/05/11 02:51:05] @ monzie joined channel #puppet
[2009/05/11 02:55:15] @ Quit: alban2: Read error: 113 (No route to host)
[2009/05/11 02:59:05] @ johan-s joined channel #puppet
[2009/05/11 03:00:35] @ Quit: andrewcshafer:
[2009/05/11 03:01:36] @ aymerick joined channel #puppet
[2009/05/11 03:01:52] @ Quit: n0ts____: Read error: 110 (Connection timed out)
[2009/05/11 03:02:29] @ Quit: nasrat:
[2009/05/11 03:04:46] <FiXion> morning (in CEST land :)
[2009/05/11 03:05:53] <Djelibeybi> Afternoon in AEST.
[2009/05/11 03:07:41] @ Quit: Djelibeybi: "Leaving"
[2009/05/11 03:16:55] @ Quit: monzie: "http://www.mibbit.com ajax IRC Client"
[2009/05/11 03:17:00] @ francois joined channel #puppet
[2009/05/11 03:32:31] @ DerekW joined channel #puppet
[2009/05/11 03:33:35] @ mfournier joined channel #puppet
[2009/05/11 03:37:10] @ MarlondB joined channel #puppet
[2009/05/11 03:42:28] @ Quit: ohadlevy: "Leaving."
[2009/05/11 03:46:36] @ Innocenti joined channel #puppet
[2009/05/11 03:47:06] @ Quit: maxagaz: "Leaving"
[2009/05/11 03:47:47] @ tim\|mb joined channel #puppet
[2009/05/11 03:48:39] @ verwilst joined channel #puppet
[2009/05/11 03:50:05] @ Filbert_ joined channel #puppet
[2009/05/11 03:50:22] @ neh_ joined channel #puppet
[2009/05/11 03:53:30] @ shenson_` joined channel #puppet
[2009/05/11 03:55:59] @ Quit: fujin: Read error: 104 (Connection reset by peer)
[2009/05/11 03:56:44] @ fujin joined channel #puppet
[2009/05/11 03:58:16] @ erm_ joined channel #puppet
[2009/05/11 04:00:49] @ Quit: chillitom: Read error: 110 (Connection timed out)
[2009/05/11 04:01:03] @ Quit: ssm: Read error: 110 (Connection timed out)
[2009/05/11 04:01:21] @ Quit: shenson_not_here: Read error: 110 (Connection timed out)
[2009/05/11 04:01:44] @ chillitom joined channel #puppet
[2009/05/11 04:01:50] @ Quit: neh: Read error: 110 (Connection timed out)
[2009/05/11 04:02:48] @ Quit: Filbert: Read error: 110 (Connection timed out)
[2009/05/11 04:03:09] @ Quit: erm: Read error: 110 (Connection timed out)
[2009/05/11 04:05:27] * monachus is in limbo.
[2009/05/11 04:07:41] * tim\|mb is limbo zojuist verlaten
[2009/05/11 04:07:47] <tim\|mb> geloof ik
[2009/05/11 04:07:49] @ ghenry joined channel #puppet
[2009/05/11 04:08:07] <tim\|mb> ow nee, ben tussen roermond en weert...
[2009/05/11 04:08:34] * Volcane wonders if there's a who-can-have-the-most-annoying-auto-away competition he was unaware about :P
[2009/05/11 04:10:04] <tim\|mb> argh
[2009/05/11 04:10:31] * tim\|mb didn't look at the channel name and presumed it was one of the dutch ones
[2009/05/11 04:10:37] <Volcane> hehe
[2009/05/11 04:10:39] <tim\|mb> sorry for the foreign stuff (for most of you)
[2009/05/11 04:10:50] @ briandquinn joined channel #puppet
[2009/05/11 04:11:00] <DerekW> Is that like being stuck somewhere like on the Isle of Sheppey?
[2009/05/11 04:12:18] <DerekW> Or has Google maps sent you the wrong way?
[2009/05/11 04:12:25] @ rberger_ joined channel #puppet
[2009/05/11 04:13:12] <tim\|mb> DerekW: over here, it's slang for Limburg :P
[2009/05/11 04:13:36] <DerekW> I never ha
[2009/05/11 04:13:41] <DerekW> hung out that far south ;-)
[2009/05/11 04:14:07] * tim\|mb lived there his whole life :P
[2009/05/11 04:14:25] <tim\|mb> well, except for one year, when I lived in Eindhoven
[2009/05/11 04:15:53] <tim\|mb> you know, it's the best part of NL, the south, so you really missed something :P
[2009/05/11 04:16:45] @ mattock left channel #puppet ()
[2009/05/11 04:17:07] @ mattock joined channel #puppet
[2009/05/11 04:21:47] @ Quit: rberger: Success
[2009/05/11 04:23:32] @ ssm_ joined channel #puppet
[2009/05/11 04:34:29] @ maxagaz joined channel #puppet
[2009/05/11 04:36:48] @ tim\|macbook joined channel #puppet
[2009/05/11 04:45:08] @ Quit: barn: "Lost terminal"
[2009/05/11 04:45:54] @ phantez joined channel #puppet
[2009/05/11 04:46:28] @ MattyM joined channel #puppet
[2009/05/11 04:48:59] @ MaGicKanGaRoo joined channel #puppet
[2009/05/11 04:51:39] @ barn joined channel #puppet
[2009/05/11 04:53:19] @ docelic joined channel #puppet
[2009/05/11 04:53:21] @ Quit: tim\|mb: Read error: 110 (Connection timed out)
[2009/05/11 05:04:30] @ ssm_ is now known as ssm
[2009/05/11 05:06:22] @ nasrat joined channel #puppet
[2009/05/11 05:06:23] @ Quit: dene: Read error: 104 (Connection reset by peer)
[2009/05/11 05:13:56] <nasrat> sigmonsays: is it still an issue in 0.25.x?
[2009/05/11 05:14:14] <nasrat> sigmonsays: have you filed a issue in redmine?
[2009/05/11 05:14:24] @ alban2 joined channel #puppet
[2009/05/11 05:16:13] @ Llama left channel #puppet ("÷ÙÈÏÄÖÕ")
[2009/05/11 05:18:58] @ Quit: madrescher: Read error: 110 (Connection timed out)
[2009/05/11 05:22:05] @ zeroXten joined channel #puppet
[2009/05/11 05:32:54] @ mattock left channel #puppet ()
[2009/05/11 05:45:00] @ Quit: nicZar`: Remote closed the connection
[2009/05/11 05:47:28] @ niczar1 joined channel #puppet
[2009/05/11 05:50:21] <MaGicKanGaRoo> is there a way to get puppet to execute an external script ? Im trying to automatically roll out an updated version, i can get the file to the machine etc, but puppet doesnt seem to want to ensure its the new version
[2009/05/11 05:51:23] <f3ew> exec
[2009/05/11 05:51:42] <f3ew> exec with a Notify?
[2009/05/11 05:52:33] <MaGicKanGaRoo> great, thanks that looks like what i need
[2009/05/11 05:57:39] @ nakano is now known as nakano_
[2009/05/11 06:01:27] <eythian> Hi, is there a good way to manage the /etc/sudoers file? I now need to have different entries on different machines.
[2009/05/11 06:02:52] <FiXion> eythian: lots of hits on google search: puppet module sudoers
[2009/05/11 06:03:10] <FiXion> what is best for you, depends on your needs ofcourse
[2009/05/11 06:03:21] <eythian> FiXion: yeah, i was using the puppet wiki search function which isn't terribly good :)
[2009/05/11 06:03:59] <FiXion> eythian: hint ;) (google search: site:reductivelabs.com sudoers )
[2009/05/11 06:04:08] <FiXion> then google only searches that site for those words
[2009/05/11 06:08:30] @ mikepea joined channel #puppet
[2009/05/11 06:16:32] @ rasputnik joined channel #puppet
[2009/05/11 06:24:29] @ Quit: n0ts_____: "Tiarra 0.1+svn-30026: SIGTERM received; exit"
[2009/05/11 06:24:41] @ n0ts joined channel #puppet
[2009/05/11 06:35:42] @ Quit: docelic: "http://www.spinlocksolutions.com/"
[2009/05/11 06:42:48] <gepetto> ::trac:: Using Passenger edited by zeha @ http://reductivelabs.com/trac/puppet/wiki/UsingPassenger (by hofstaedtler@inqnet.at)
[2009/05/11 06:45:37] @ madrescher joined channel #puppet
[2009/05/11 06:46:54] @ Quit: n0ts: "Tiarra 0.1+svn-30026: SIGTERM received; exit"
[2009/05/11 06:47:05] @ n0ts joined channel #puppet
[2009/05/11 06:52:31] @ jedi4ever joined channel #puppet
[2009/05/11 06:56:41] @ Quit: jedi4ever: Client Quit
[2009/05/11 06:59:09] @ Quit: Cuchulain: Read error: 60 (Operation timed out)
[2009/05/11 06:59:13] @ Cuchulain joined channel #puppet
[2009/05/11 07:00:58] <rasputnik> Am I right in thinking if I put senstive data in my puppet config ( a username/password say), that will be readable by all nodes?
[2009/05/11 07:03:52] @ DerekW_ joined channel #puppet
[2009/05/11 07:05:25] <f3ew> Not unless you make it so
[2009/05/11 07:07:32] <rasputnik> f3ew, really? I thought every node got a full copy of the compiled manifest?
[2009/05/11 07:10:48] <Volcane> it wouldn't be great to put sensitive info in it no
[2009/05/11 07:11:27] <Volcane> like, its not insecure or anything, but its also not massively secure
[2009/05/11 07:11:46] <f3ew> rasputnik, it gets a copy of the manifest for that node
[2009/05/11 07:12:16] <rasputnik> f3ew, ok, so only variables that are in scope should be visible? Cool.
[2009/05/11 07:12:29] @ ethan_rowe joined channel #puppet
[2009/05/11 07:12:49] @ Quit: punkcut: Read error: 60 (Operation timed out)
[2009/05/11 07:15:26] @ DerekW__ joined channel #puppet
[2009/05/11 07:16:26] <rasputnik> its' not like I work for a bank or anything; but I'm wondering if it'll be safe to provision dedicated servers using puppet (where each node has a different root account).
[2009/05/11 07:16:41] <Volcane> you'd store the password hash then wouldnt you?
[2009/05/11 07:17:39] <rasputnik> Volcane, I'd probably do nss_ldap and have done to be honest. Kickstart a default root password and make them change it at first boot.
[2009/05/11 07:17:55] <rasputnik> but it's useful to know what might 'leak'
[2009/05/11 07:18:00] <Volcane> yeah
[2009/05/11 07:18:21] <Volcane> just saying for user passwords in puppet you'd store hashes, they're harmless esp if you configure your machines to use strong ones
[2009/05/11 07:18:29] @ Quit: DerekW: Read error: 110 (Connection timed out)
[2009/05/11 07:18:35] @ dene joined channel #puppet
[2009/05/11 07:18:55] <rasputnik> thanks, saw a good thread on the mailing list the other day about that.
[2009/05/11 07:32:50] @ Quit: DerekW_: Read error: 110 (Connection timed out)
[2009/05/11 07:51:33] @ degr8hun1 joined channel #puppet
[2009/05/11 07:58:27] @ Disconnect_ joined channel #puppet
[2009/05/11 07:58:44] @ Quit: Disconnect: Read error: 113 (No route to host)
[2009/05/11 07:59:19] @ Disconnect_ is now known as Disconnect
[2009/05/11 08:00:35] @ nakano_ is now known as nakano
[2009/05/11 08:01:45] @ d3vilb0x joined channel #puppet
[2009/05/11 08:03:05] @ Quit: eythian: Read error: 104 (Connection reset by peer)
[2009/05/11 08:08:09] @ Quit: degr8hunt: Read error: 110 (Connection timed out)
[2009/05/11 08:08:34] @ eythian joined channel #puppet
[2009/05/11 08:09:48] @ Quit: maxagaz: "Leaving"
[2009/05/11 08:13:34] <flashn> oh, 0.24 and 0.28 differs quite alot
[2009/05/11 08:14:11] <tim\|macbook> lol
[2009/05/11 08:14:15] @ HarryCalahan joined channel #puppet
[2009/05/11 08:14:16] <tim\|macbook> yeah, quite
[2009/05/11 08:14:37] <tim\|macbook> 0.24 and 0.25 you mean, i guess?
[2009/05/11 08:15:00] <tim\|macbook> those great developers are doing very much work building all kinds of neat stuff into each version :)
[2009/05/11 08:15:38] <HarryCalahan> . o O ( so windows 7 will have more then double the features from 3.11)
[2009/05/11 08:15:50] <flashn> yeah Ive been working with 0.24 for a while
[2009/05/11 08:16:00] <flashn> and now I grabbed the latest package
[2009/05/11 08:19:44] @ Quit: jamesturnbull: Remote closed the connection
[2009/05/11 08:19:47] @ jamesturnbull joined channel #puppet
[2009/05/11 08:19:55] @ Quit: saloxin: Remote closed the connection
[2009/05/11 08:19:58] @ saloxin joined channel #puppet
[2009/05/11 08:22:24] <flashn> how do people generally do master-master puppetmaster setups?
[2009/05/11 08:23:06] * monachus is in limbo.
[2009/05/11 08:23:46] <flashn> Im thinking of having puppetmasterd and editing configs on puppetmaster01 and putting the fileserver and a puppetmasterd slave on puppetmaster02
[2009/05/11 08:24:09] <flashn> also keeping a local copy of the fileserver-area on puppetmaster01
[2009/05/11 08:24:27] * monachus is in limbo.
[2009/05/11 08:25:57] <agaffney> flashn: I currently use a SVN repo for my /etc/puppet
[2009/05/11 08:26:19] <agaffney> with that, you can just have a cronjob that periodically runs 'svn up /etc/puppet' on both puppetmaster boxes
[2009/05/11 08:28:08] <HarryCalahan> it should be possible to use a shared filesystem (NFS or DRBD with master-readonly)
[2009/05/11 08:28:14] * monachus is in limbo.
[2009/05/11 08:32:13] * FiXion kicks monachus out of limbo
[2009/05/11 08:32:24] <flashn> yeah
[2009/05/11 08:32:39] <FiXion> sounds like a bot that wants @
[2009/05/11 08:35:47] <HarryCalahan> /nick mon@chus
[2009/05/11 08:37:41] <tim\|macbook> HarryCalahan: i don't think drbd can do master-readonly... but you can do master-master with OCFS2 or GFS or something like it
[2009/05/11 08:37:49] <tim\|macbook> just a side note there
[2009/05/11 08:38:03] * tim\|macbook thinks the svn solution (or darcs, which is what we use) has more benefits
[2009/05/11 08:38:48] <SyTonnerre> There is a way to get multi-master operation with drbd
[2009/05/11 08:39:16] <flashn> I will have a master-master setup, but only use certain services on each host with failover capabilities
[2009/05/11 08:39:36] <SyTonnerre> (Without ocfs or gfs)
[2009/05/11 08:40:30] <SyTonnerre> Use heartbeat, export the file system via NFS+cachefs, or even better, AFS over a shared IP and mount it on both nodes
[2009/05/11 08:40:47] <flashn> meh, debian 5.0.1 ships with 0.24
[2009/05/11 08:40:53] @ joe-mac1 joined channel #puppet
[2009/05/11 08:41:06] <flashn> is it neccessery to upgrade to > 0.25?
[2009/05/11 08:42:14] <tim\|macbook> do you need anything from 0.25?
[2009/05/11 08:42:28] <agaffney> flashn: necessary by what metric?
[2009/05/11 08:42:38] <agaffney> if 0.24.x works, no reason to upgrade
[2009/05/11 08:43:05] <flashn> Im slowly implementing.. not sure I need fancy(?) stuff to begin with..
[2009/05/11 08:46:56] <Volcane> 0.25 isnt released yet, so no point in upgrading now
[2009/05/11 08:47:11] <Volcane> 0.25 is also not a release full of new features, its mostly internal
[2009/05/11 08:47:32] <SyTonnerre> Is it faster? ;)
[2009/05/11 08:47:39] <Volcane> apparently
[2009/05/11 08:47:44] <SyTonnerre> That would be really great
[2009/05/11 08:47:57] <Volcane> fileserving especially
[2009/05/11 08:48:05] <SyTonnerre> Currently, a catalog run takes 3200 seconds on my web server
[2009/05/11 08:48:19] <Volcane> whats taking the longest (--report)
[2009/05/11 08:48:26] <SyTonnerre> (As opposed to 46 seconds on my database server)
[2009/05/11 08:48:47] <SyTonnerre> Volcane, fileserver.describe or what it was called
[2009/05/11 08:49:09] <Volcane> nods should be much better, do you copy the actual sites and content out or just config and manage sites some other way?
[2009/05/11 08:49:20] <SyTonnerre> Only config
[2009/05/11 08:49:31] <SyTonnerre> Ah, and the DNS zone files
[2009/05/11 08:49:42] <Volcane> nods, so thousands of files?
[2009/05/11 08:49:56] <SyTonnerre> Nah, more like 100 or so
[2009/05/11 08:50:09] <Volcane> thats odd, shouldnt be that slow then
[2009/05/11 08:50:25] <SyTonnerre> Thing is, the first files go really quickly and it appears to go downhill from there
[2009/05/11 08:50:51] <SyTonnerre> People told me it might as well be a Ruby 1.8 problem
[2009/05/11 08:50:57] <Volcane> yeah pretty odd, I've seen increases in speed by just adding the puppet server host in to /etc/hosts, and make sure clients are in hosts on the master, lame
[2009/05/11 08:51:12] <SyTonnerre> Volcane, I have a puppet class which does that :>
[2009/05/11 08:51:21] <SyTonnerre> (In case I manage to mess up /etc/resolv.conf)
[2009/05/11 08:51:23] <agaffney> SyTonnerre: that's why I delivery my ~400 DNS zone files via SVN instead of puppet
[2009/05/11 08:51:52] <Volcane> May 11 13:13:44 web1 puppetd[2234]: Finished catalog run in 95.51 seconds
[2009/05/11 08:51:55] <Volcane> 340 file copies
[2009/05/11 08:51:56] <agaffney> but I deliver the script to do the syncing and setup the cron job via puppet
[2009/05/11 08:51:57] <SyTonnerre> agaffney, on DNS-and-backup-MX-only nodes the puppet delivery also goes pretty quickly
[2009/05/11 08:51:57] <Volcane> mostly templates
[2009/05/11 08:51:58] @ joe-mac2 joined channel #puppet
[2009/05/11 08:52:03] <Volcane> master in a different country
[2009/05/11 08:52:14] <SyTonnerre> Volcane, Ruby 1.8.x or 1.9.x?
[2009/05/11 08:52:22] <Volcane> ruby-1.8.5-5.el5_2.6
[2009/05/11 08:52:31] <SyTonnerre> Oh, so even very old
[2009/05/11 08:52:39] @ nakano is now known as nakano_
[2009/05/11 08:52:59] <Volcane> probably add like 40 or 50 files to that count, that is just my nameserver really
[2009/05/11 08:53:06] <Volcane> cos theres other stuff on the box too file based
[2009/05/11 08:54:08] <Volcane> and the client is even a shitty under powered vmware server 1.x VM
[2009/05/11 08:54:34] @ Quit: joe-mac: Read error: 110 (Connection timed out)
[2009/05/11 08:57:18] @ nakano_ is now known as nakano
[2009/05/11 09:03:35] @ Quit: d3vilb0x:
[2009/05/11 09:05:09] @ Quit: joe-mac1: Read error: 110 (Connection timed out)
[2009/05/11 09:06:44] @ nakano is now known as nakano_
[2009/05/11 09:10:55] @ kngus joined channel #puppet
[2009/05/11 09:11:59] @ kngus left channel #puppet ()
[2009/05/11 09:17:46] @ erm joined channel #puppet
[2009/05/11 09:21:59] @ glaw joined channel #puppet
[2009/05/11 09:23:45] @ mconigliaro joined channel #puppet
[2009/05/11 09:29:15] @ joe-mac joined channel #puppet
[2009/05/11 09:29:56] @ pluesch0r joined channel #puppet
[2009/05/11 09:34:01] @ artista_frustrad joined channel #puppet
[2009/05/11 09:34:23] @ joe-mac1 joined channel #puppet
[2009/05/11 09:39:48] @ Bass10 joined channel #puppet
[2009/05/11 09:43:15] @ Quit: teratoma: "leaving"
[2009/05/11 09:43:16] @ Quit: degr8hun1: Read error: 104 (Connection reset by peer)
[2009/05/11 09:43:36] @ degr8hunt joined channel #puppet
[2009/05/11 09:44:51] @ firxen joined channel #puppet
[2009/05/11 09:45:13] <firxen> Good day.
[2009/05/11 09:45:28] @ Quit: glaw: Remote closed the connection
[2009/05/11 09:45:59] <firxen> I'm struggling to get a mysql plugin working right.
[2009/05/11 09:46:36] <firxen> I have a recipe to install mysql with the right packages and everything.
[2009/05/11 09:46:48] @ degr8hunt left channel #puppet ()
[2009/05/11 09:46:54] <firxen> I also have a plugin that uses that to set up databases and users.
[2009/05/11 09:47:50] <firxen> However, when I try to use them together I get an error saying that no appropriate providers are available for the mysql plugins stuff.
[2009/05/11 09:48:04] <firxen> And it doesn't install the packages.
[2009/05/11 09:48:18] @ Quit: slap_stick: Read error: 113 (No route to host)
[2009/05/11 09:48:27] <tim\|macbook> firxen: use pastie to paste your code, that'll probable get you more help :)
[2009/05/11 09:48:44] <firxen> Ah, right. Good point.
[2009/05/11 09:49:13] @ Quit: joe-mac2: Read error: 110 (Connection timed out)
[2009/05/11 09:51:09] @ Quit: joe-mac: Read error: 110 (Connection timed out)
[2009/05/11 09:52:49] @ glaw joined channel #puppet
[2009/05/11 09:53:03] <firxen> http://pastie.org/474438
[2009/05/11 09:53:17] @ glaw left channel #puppet ()
[2009/05/11 09:54:06] <firxen> When I include that, it doesn't install mysql at all, but it complains that it can't find a provider.
[2009/05/11 09:54:35] <firxen> I thought adding the requires might force installation, but that appears not to be the case.
[2009/05/11 09:54:54] <firxen> Also, I really don't want to have to add requires to all my db operations.
[2009/05/11 09:55:11] <pluesch0r> how does the provide-syntax work? i.e. something requires a webserver to be installed, both nginx and apache 'provide' the webserver capability ..
[2009/05/11 09:56:20] <firxen> As far as I can tell, the provider decides if it's available or not. In this case, it looks for the presence of mysql commands.
[2009/05/11 09:56:56] @ cwebber joined channel #puppet
[2009/05/11 09:57:47] <pluesch0r> does this work with aliases or something?
[2009/05/11 09:58:46] <firxen> Aliases?
[2009/05/11 09:59:02] @ shake-n-bake joined channel #puppet
[2009/05/11 10:00:04] @ lak joined channel #puppet
[2009/05/11 10:00:29] <pluesch0r> firxen: i am not answering your question, if that's what you thinking. :)
[2009/05/11 10:01:27] <firxen> Oh, right. Sorry.
[2009/05/11 10:02:01] * firxen is trying to do way too many things at once, all unsuccessfully. :-(
[2009/05/11 10:03:44] <tim\|macbook> firxen: what's the exact error you're getting?
[2009/05/11 10:08:44] <tim\|macbook> oh and the exec you're running is scary in my eyes, since it'll probably print the password in your logs (and in the ps list, but only for a very short time, presumebly)
[2009/05/11 10:09:05] <pluesch0r> i like the level of evil that's involved.
[2009/05/11 10:11:02] <firxen> err: Could not create mogilefs@localhost/mogilefs: Could not find a default provider for mysql_grant
[2009/05/11 10:11:36] <firxen> It seems to randomly choose one of the mysql functions to complain about.
[2009/05/11 10:11:48] <Volcane> you probably installed some weird mysql module on your master but not on the clients?
[2009/05/11 10:12:06] <Volcane> s/module/type+provider
[2009/05/11 10:12:32] <firxen> I have, but it's a plugin that gets distributed.
[2009/05/11 10:12:49] <firxen> As far as I can tell, it's trying to configure mysql before installing it.
[2009/05/11 10:12:55] <Volcane> i suspect you'll have a chicken and egg then
[2009/05/11 10:13:07] @ Quit: shake-n-bake:
[2009/05/11 10:13:12] <firxen> The same thing works fine on other machines which already have mysql installed.
[2009/05/11 10:13:14] <Volcane> you'd probably need to restart the puppetd before it knows about those plugins
[2009/05/11 10:14:13] <firxen> I think the reason the plugin is failing is that mysql isn't installed and therefor the commands it depends on are missing.
[2009/05/11 10:14:43] <firxen> I've bounced both the puppetmaster and the client.
[2009/05/11 10:15:27] <Volcane> "Could not find a default provider for mysql_grant" suggests the provider isnt on the machine yet - or puppets not aware of it yet as it would be in the first run
[2009/05/11 10:16:14] <firxen> debug: Puppet::Type::Mysql_user::ProviderMysql: Not suitable: missing /usr/bin/mysql
[2009/05/11 10:16:43] <Volcane> ah, you didnt show us that before
[2009/05/11 10:16:47] @ Quit: pleemans: Read error: 110 (Connection timed out)
[2009/05/11 10:16:50] <firxen> Yeah, sorry.
[2009/05/11 10:17:07] <firxen> There's a lot of stuff in the logs that shouldn't be made public.
[2009/05/11 10:17:12] <Volcane> so when puppetd starts it tries to figure out which providers are usable on this machine and activate the
[2009/05/11 10:17:16] <firxen> Otherwise I'd just paste the lot.
[2009/05/11 10:17:28] <Volcane> so obviously that one wants mysql client, which it cant find so it disables it
[2009/05/11 10:17:50] <firxen> At that point, it dies with an error instead of installing mysql.
[2009/05/11 10:18:17] @ JD joined channel #puppet
[2009/05/11 10:19:06] <firxen> I think what I need is a way of telling puppet that installing mysql will make the provider available.
[2009/05/11 10:20:25] <firxen> I'd be satisfied with that only happening on the next run (as long as the first run actually installed it), but first prize would be to have it happen properly the first time.
[2009/05/11 10:22:42] <HarryCalahan> split install and configuration. First run install mysql and sync plugins. then restart puppet (is it possible to tell puppet to restart itself?). Second run install mysql::config
[2009/05/11 10:22:49] @ Quit: kolla: Remote closed the connection
[2009/05/11 10:22:55] @ mfoster joined channel #puppet
[2009/05/11 10:23:16] <firxen> HarryCalahan: That would require me to switch configs, though.
[2009/05/11 10:23:21] @ Quit: axisys: Success
[2009/05/11 10:23:57] <firxen> At which point I may as well drop puppet and do all this stuff by hand.
[2009/05/11 10:24:02] <HarryCalahan> firxen: no. you could define a custom fact that is checking for mysql. if where_is_mysql = /usr/bin/mysql then mysql::config else mysql::install
[2009/05/11 10:24:07] <firxen> (Well, not quite. But still.)
[2009/05/11 10:24:23] <firxen> Hmm...
[2009/05/11 10:24:43] <firxen> HarryCalahan: Is there a way to localise that to the mysql module, though?
[2009/05/11 10:24:44] <HarryCalahan> or you could stop using the plugin and do it with an exec ;)
[2009/05/11 10:25:00] <firxen> I don't want to have to have conditionals everywhere I have db configs.
[2009/05/11 10:25:26] <firxen> I'm only using the plugin because there isn't really a sane way to do it with execs.
[2009/05/11 10:26:52] <firxen> (I hope I'm not coming across as hostile. I'm just a little frustrated here.)
[2009/05/11 10:30:35] <HarryCalahan> firxen? adding users with an exec is pretty easy. You can create a define that does it and reuse it.
[2009/05/11 10:30:42] @ kngus joined channel #puppet
[2009/05/11 10:30:46] @ kngus left channel #puppet ()
[2009/05/11 10:31:05] @ Quit: rasputnik: Read error: 110 (Connection timed out)
[2009/05/11 10:32:51] <firxen> Grants and permissions are somewhat more complicated.
[2009/05/11 10:33:55] <HarryCalahan> mysql -u root -psecret mysql < "grant select on db.* to user@host identified by secret; flush privileges"
[2009/05/11 10:34:40] <firxen> Yes, but then I have to check that they're right or run that every puppet run.
[2009/05/11 10:36:13] <HarryCalahan> onlyif select bla from db where user = '' and host= '' and select_priv = 'yes'
[2009/05/11 10:36:50] <firxen> Puppet's supposed to make my life easier by letting that stuff all live in a well-tested plugin or something.
[2009/05/11 10:37:02] <HarryCalahan> well then don't use it ;)
[2009/05/11 10:37:17] @ Quit: zeroXten: "leaving"
[2009/05/11 10:37:31] @ zeroXten joined channel #puppet
[2009/05/11 10:38:31] <firxen> Yeah, that's one solution. Except it leaves me with the same problem I started with. :-/
[2009/05/11 10:42:44] <pluesch0r> firxen: you can always write it yourself.
[2009/05/11 10:44:55] <firxen> pluesch0r: I can, and I will if it's the best solution.
[2009/05/11 10:45:21] <pluesch0r> great then. :)
[2009/05/11 10:45:32] @ bajan joined channel #puppet
[2009/05/11 10:45:35] @ bajan left channel #puppet ()
[2009/05/11 10:45:49] <firxen> I don't see a way around the fact that I can't have configuration statements that require a package installed present when I'm installing that package.
[2009/05/11 10:46:24] <pluesch0r> i fail to understand.
[2009/05/11 10:46:34] @ jli_ joined channel #puppet
[2009/05/11 10:46:40] <firxen> If mysql is installed, the plugin works fine.
[2009/05/11 10:46:51] <firxen> If I'm not calling the plugin, I can install mysql.
[2009/05/11 10:46:53] <HarryCalahan> so add the if.
[2009/05/11 10:47:10] <firxen> When both are present, the plugin fails before the installation.
[2009/05/11 10:47:34] <firxen> HarryCalahan: That means I need ifs wherever I call the plugin, which I really don't want.
[2009/05/11 10:47:41] @ flakrat joined channel #puppet
[2009/05/11 10:48:03] <HarryCalahan> add a wrapper in your own definition that includes the if
[2009/05/11 10:48:07] <firxen> Unless I wrap everything the plugin provides in another module that does the checks.
[2009/05/11 10:49:26] <firxen> That's still only a second-best solution, though, because I'll have to run puppet twice to get everything set up.
[2009/05/11 10:50:40] @ axisys joined channel #puppet
[2009/05/11 10:57:38] @ joe-mac joined channel #puppet
[2009/05/11 10:58:22] @ rasputnik joined channel #puppet
[2009/05/11 11:00:44] @ andrewcshafer joined channel #puppet
[2009/05/11 11:06:00] <Volcane> HarryCalahan: his problem is like user{} that cant manage passwords unless ruby shadow is there, and that the presence of ruby shadow only gets picked up on the next run
[2009/05/11 11:06:14] <Volcane> HarryCalahan: except unlike user{} these mysql* types dont fail gracefully
[2009/05/11 11:06:40] <barn> does the vim syntax support for puppet make it colored?
[2009/05/11 11:07:04] <HarryCalahan> Volcane: yes i got it. to work around this i would run a two pass setup. it's not so often that you install mysql. more common that you configure users.
[2009/05/11 11:07:32] <Volcane> yeah, i run mine in 2 stages using a small initial setup environment
[2009/05/11 11:07:41] <Volcane> sets up custom facts etc that my other manifests require
[2009/05/11 11:07:58] <firxen> I can't find a way to check if /usr/bin/mysql exists in my wrapper.
[2009/05/11 11:08:07] @ Quit: cwebber:
[2009/05/11 11:08:15] <firxen> Do I need to write a fact for that?
[2009/05/11 11:09:17] <firxen> I suppose the alternative is to somehow not require the commands to exists in the provider and then silently fail (or something) if they aren't.
[2009/05/11 11:09:26] @ descala joined channel #puppet
[2009/05/11 11:10:28] @ Quit: verwilst: "Ex-Chat"
[2009/05/11 11:11:53] <jbooth> firxen: you're writing real providers here right? Don't you just need an autorequire and to specify the provider yourself?
[2009/05/11 11:12:38] <firxen> I'm using someone else's provider, because it was there.
[2009/05/11 11:13:30] <firxen> There doesn't seem to be a good mysql provider available anywhere.
[2009/05/11 11:14:02] <firxen> I'm not really all that hot on the details of writing plugins and providers and such.
[2009/05/11 11:15:53] <firxen> Especially since writing providers seems to require a somewhat different dialect of Ruby than I am used to.
[2009/05/11 11:16:14] @ Quit: tim\|macbook:
[2009/05/11 11:24:02] <DerekW__> Anyone tried out 0.25beta with Mongrel/Apache?
[2009/05/11 11:25:39] <Volcane> works fine
[2009/05/11 11:26:31] <DerekW__> I'm getting 502 proxy error
[2009/05/11 11:26:47] <Volcane> whats in apache's logs?
[2009/05/11 11:27:00] <DerekW__> End of file found: proxy: error reading status line from remote server 127.0.0.1
[2009/05/11 11:27:24] <Volcane> so sounds like the puppetmasterd isnt talking proper http to it
[2009/05/11 11:27:56] <DerekW__> Or the balancer is completely t!ts
[2009/05/11 11:28:26] <Volcane> if you've just upgraded then mod_proxy sometimes doesnt realize the master is back yet
[2009/05/11 11:28:31] <lak> DerekW__: hmm, now that you mention it i don't think i've actually tried 0.25 with mongrel recently
[2009/05/11 11:28:34] <Volcane> but what you're getting seems to be diff
[2009/05/11 11:28:42] * Volcane ran the beta under mongrel
[2009/05/11 11:28:57] <DerekW__> Still reading logs now...
[2009/05/11 11:29:43] <DerekW__> Hmm, seems related to recursion
[2009/05/11 11:31:31] <DerekW__> ...then again maybe not...
[2009/05/11 11:32:55] <DerekW__> lak, works pretty well. Only bug I've found so far is that $clientyamldir isn't created automatically upon puppetmasterd startup
[2009/05/11 11:33:04] <DerekW__> Will log tix later
[2009/05/11 11:34:51] @ Quit: rasputnik: Read error: 110 (Connection timed out)
[2009/05/11 11:35:33] @ Quit: MarlondB:
[2009/05/11 11:38:24] @ jedi4ever joined channel #puppet
[2009/05/11 11:38:32] @ jedi4ever left channel #puppet ()
[2009/05/11 11:39:04] <DerekW__> So it's recursive files served up by the fileserver modules, and puppet.conf
[2009/05/11 11:44:14] <DerekW__> OK, puppet.conf was user error, it's all about the recursion
[2009/05/11 11:45:31] <DerekW__> Volcane, do you have recursive dirs put in by via the fileserver?
[2009/05/11 11:45:33] @ alfism joined channel #puppet
[2009/05/11 11:45:42] <Volcane> only empty ones
[2009/05/11 11:46:21] <DerekW__> Thx, looks like something to log...
[2009/05/11 11:46:32] @ Quit: lak:
[2009/05/11 11:46:38] <DerekW__> Scared him off ;-)
[2009/05/11 11:46:41] @ bevans5446 joined channel #puppet
[2009/05/11 11:48:15] @ edwardam\|zZZz is now known as edwardam
[2009/05/11 11:48:31] @ Quit: firxen: "hometime"
[2009/05/11 11:49:25] @ jedi4ever joined channel #puppet
[2009/05/11 11:53:10] @ eric0 left channel #puppet ()
[2009/05/11 11:53:58] @ lak joined channel #puppet
[2009/05/11 11:56:23] <DerekW__> What we really need to do is beat up Red Hat to produce EPEL RPMs of the newer gems you need for storeconfigs with 0.25 ;-)
[2009/05/11 11:56:48] <jenza> We've got a redhat guy here at the moment
[2009/05/11 11:57:01] <jenza> He's exactly how I pictured a Redhat engineeer would be
[2009/05/11 11:57:20] <TREllis> what's his name?
[2009/05/11 11:57:34] <DerekW__> What, he wears the Red Hat polo shirt?
[2009/05/11 11:57:35] <Filbert_> DerekW__: EPEL is open for anyone to maintain packages for ;)
[2009/05/11 11:57:41] @ Quit: Innocenti: Client Quit
[2009/05/11 11:58:02] <Volcane> DerekW__: gem2rpm works a charm
[2009/05/11 11:58:38] <DerekW__> I used it's predecessor which was reasonable enough
[2009/05/11 11:59:28] @ Quit: madrescher: "Leaving."
[2009/05/11 12:03:41] @ punkcut joined channel #puppet
[2009/05/11 12:04:12] <lak> DerekW__: that bug you filed is for the 0.25.0 beta, right?
[2009/05/11 12:04:20] <DerekW__> Dammit, did I forget to select 0.25b?
[2009/05/11 12:05:16] <DerekW__> lak, updated
[2009/05/11 12:05:19] <lak> thanks :)
[2009/05/11 12:05:44] <DerekW__> lak, how come the prefix modules/ is now recommended for files but not templates?
[2009/05/11 12:06:18] <Volcane> or why at all :(
[2009/05/11 12:07:05] <lak> if you saw the logic necessary to find files in modules, then you'd see why we're moving to it
[2009/05/11 12:07:15] <Volcane> hehe
[2009/05/11 12:07:15] <lak> i'm willing to rescind that change if there's a huge community backlash
[2009/05/11 12:07:25] <lak> but it's pretty ugly code to make the existing stuff work
[2009/05/11 12:07:31] <DerekW__> AFAIC, it's just a quick sed change to the manifest.
[2009/05/11 12:07:44] <DerekW__> Clearly it's related to the REST stuff, but I'm just curious as to why templates isn't following the convention
[2009/05/11 12:07:51] <lak> hmm
[2009/05/11 12:07:59] <Volcane> templates arent fetched over REST?
[2009/05/11 12:08:15] <lak> yeah, mostly because i didn't have to touch templates at all
[2009/05/11 12:08:16] <Volcane> but yeah, it would be less confusing
[2009/05/11 12:08:22] <lak> but you're right that they should follow the convention, too
[2009/05/11 12:08:33] <lak> but also, the templates code is much easier - there's only one templates directory
[2009/05/11 12:08:43] <lak> whereas files have mounts and multiple directories and lots of code
[2009/05/11 12:08:47] <lak> and recursion
[2009/05/11 12:08:51] <lak> and also, dragson
[2009/05/11 12:08:55] <lak> dragons, rather
[2009/05/11 12:08:58] <DerekW__> I'm not hugely bothered
[2009/05/11 12:10:14] @ bobbyz joined channel #puppet
[2009/05/11 12:12:49] @ erlingre joined channel #puppet
[2009/05/11 12:13:25] <joe-mac> i can't even figure out what REST is
[2009/05/11 12:13:33] <joe-mac> i read the wikipedia and i am still like '?'
[2009/05/11 12:14:13] <DerekW__> Just going to try to whizz off an end-to-end build
[2009/05/11 12:14:13] <Volcane> instead of making complex XML stractures and posting the request - with the parameters of the request inside the XML - to a specific url
[2009/05/11 12:14:17] <DerekW__> I like this release already
[2009/05/11 12:14:33] <Volcane> you now do GET /fileserver/module/foo
[2009/05/11 12:14:39] <Volcane> or whatever url
[2009/05/11 12:14:44] <Volcane> but parameters etc is in the URL
[2009/05/11 12:15:10] <joe-mac> so instead of a whole xml file getting transferred, it's just the results of a transaction with parameters in the URL?
[2009/05/11 12:15:11] <Volcane> the result can also be many things, where with XML-RPC it had to be XML
[2009/05/11 12:15:30] <lak> joe-mac: for the purposes of puppet, here are the key features:
[2009/05/11 12:15:32] <Volcane> so with XML-RPC to transfer a file, you'd XML encode the file, put it in a xml result document and reply
[2009/05/11 12:15:41] <lak> (I'll be blogging about this soon, hopefully)
[2009/05/11 12:15:50] <lak> 1) a consistent api for interacting with all network resources
[2009/05/11 12:16:12] <lak> 2) a data-based network api, focused on the things (e.g., catalogs, reports, ssl certs) being transferred
[2009/05/11 12:16:44] <lak> 3) relying as much as possible on existing http infrastructure (e.g., http get/put/delete, content-type encoding) rather than inventing our own crap
[2009/05/11 12:17:02] @ Quit: alban2: Read error: 145 (Connection timed out)
[2009/05/11 12:17:14] <lak> it's all slightly esoteric, yet awesome
[2009/05/11 12:18:10] <joe-mac> i c
[2009/05/11 12:21:07] @ Quit: rberger_:
[2009/05/11 12:21:09] <mikepea> lak/Volcane: at the london meet we talked about the problem with having an open autosign.conf - that it permits nodes to pretend to be any other node - but I forget the exact reason why. Specifically, if a node has already connected as 'node_a' (and has a signed key for it), then is it possible for another node to connect as 'node_a'?
[2009/05/11 12:21:24] <DerekW__> lak, and anyone else interested, I'll get back, probably post to Puppet-Users, but it's actually been a pretty easy release so far.
[2009/05/11 12:21:29] @ Quit: DerekW__: "Leaving"
[2009/05/11 12:21:38] @ zahna joined channel #puppet
[2009/05/11 12:21:41] <Volcane> mikepea: the allow/deny list is based on SSL cert name, not on ip
[2009/05/11 12:21:52] <zahna> hey, is "::" official syntax?
[2009/05/11 12:22:09] <zahna> i've been using "-" and it seems to work fine.
[2009/05/11 12:22:10] <Volcane> mikepea: so if the master already has a signed cert there, it will complain about a change in cert and needing a clean yes
[2009/05/11 12:22:42] <Volcane> zahna: class foo { class bar { } } that gives you foo::bar
[2009/05/11 12:23:16] <Volcane> but you can also just do class foo::bar { }
[2009/05/11 12:23:28] <zahna> oh, ok
[2009/05/11 12:23:48] <zahna> i'm looking into switching to using modules
[2009/05/11 12:24:02] <Volcane> yes, then you should use :: for different parts of your module
[2009/05/11 12:24:03] <zahna> the site i was looking as was using foo::bar {}
[2009/05/11 12:24:04] <mikepea> Volcane: but if node entry was 'node node_a { }', and node_a.domain1.net was the valid host, the spoofer could still connect as node_a.domain2.net?
[2009/05/11 12:24:15] <Volcane> modules/apache/manifests/foo.pp would be apache::foo
[2009/05/11 12:24:33] @ plathrop-away is now known as plathrop
[2009/05/11 12:24:40] <Volcane> mikepea: I think so. provided autosign is open enough yes
[2009/05/11 12:24:54] <zahna> oh, ok. what is the default location of modules?
[2009/05/11 12:25:02] <zahna> /etc/puppet or /var/lib/puppet?
[2009/05/11 12:25:07] <Volcane> puppetmasterd --genconfig\|grep modulesdir
[2009/05/11 12:25:10] <duritong> there is also some autoloading magic with ::
[2009/05/11 12:25:29] <joe-mac> Volcane: so the maltron is a bit much for me to commit to right now in $, you know anyone who's used a kinesis advantage with similar issues?
[2009/05/11 12:25:43] <zahna> Volcane: i was wondering in general, not my instanced of puppetmaster
[2009/05/11 12:25:52] <mikepea> Volcane: cool, thanks - i'll make some updates to the autosign wiki page to elaborate on why opening it is a bad idea.
[2009/05/11 12:25:56] <Volcane> joe-mac: no but hte kinesis should be equally good, I have read reviews about it in the past
[2009/05/11 12:26:26] <Volcane> zahna: it depends on other settings and their defaults etc :) i just put the stuff in a subdir in /etc/puppet
[2009/05/11 12:26:40] <erlingre> I want to execute Puppet from kickstart, I'm working with a setup using /proc/cmdline to customize the kickstart install. I add a kernel boot parameter that specifies the kind of server that is to be installed. Preferably I would like a setup where the Puppet manifest for the newly installed node will be generated based on the type of server specified in the kickstart install. The problem is how to initiate the creation of a new n
[2009/05/11 12:26:40] <erlingre> ode manifest from the node that is about to be provisioned. Do you have any suggestions?
[2009/05/11 12:27:06] <Volcane> joe-mac: also the kinesis is much more of a decent keyboard with programmable keys and all, the maltron though is awesomly nostalgic feeling proper clackity-clack type keys
[2009/05/11 12:27:22] @ d3vilb0x joined channel #puppet
[2009/05/11 12:27:52] <Volcane> erlingre: how do you decide on the kernel command line? what drives the decision if its a web/db/whatever node?
[2009/05/11 12:29:44] <erlingre> Volcane: a isolinux boot-menu, I define different "append=" lines for each choice for example "pc=WEB" (pc=product code), "pc=APP", pc="DB", etc. pxelinux could also be used if dhcp is available.
[2009/05/11 12:30:11] <Volcane> erlingre: i see, well its basically the wrong place to make the choice, but still not impossible to do.
[2009/05/11 12:30:40] <Volcane> erlingre: your kickstart could capture the choice to a file in /etc/machinetype or something like that. and you then write a fact that will let the master know what type of machine it is
[2009/05/11 12:31:10] <Volcane> erlingre: but really, the way things are designed the master shoudl know what a machine it, the master gives it its config, the clients do not ask for specific config.
[2009/05/11 12:31:28] @ Quit: rsquared: "Leaving"
[2009/05/11 12:31:33] @ plathrop is now known as plathrop-away
[2009/05/11 12:31:43] <joe-mac> Volcane: i am a big, big fan of clickity clak. i like tactile feedback when i am hacking
[2009/05/11 12:31:51] <joe-mac> but the price isj ust ridiculous...
[2009/05/11 12:32:04] <Volcane> yeah, my employer got it for me :)
[2009/05/11 12:32:09] <joe-mac> i can get the kinesis advantage off of ebay for 269, the maltron is like 695 from ergo guys website
[2009/05/11 12:32:16] <joe-mac> aren't you self-employed? lol
[2009/05/11 12:32:26] <Volcane> before i was self employed :)
[2009/05/11 12:32:37] <joe-mac> oooo i c
[2009/05/11 12:32:47] <Volcane> contact maltron in the uk though, they do sell refurbs and they're super helpful
[2009/05/11 12:32:49] <joe-mac> i'd probably have to gwet a serious RSI first lol
[2009/05/11 12:33:04] <joe-mac> really? i thought you can't do maltron direc you need to go to a supplier?
[2009/05/11 12:33:16] <Volcane> might have changed since i used them then
[2009/05/11 12:33:34] <joe-mac> it's worth a shot since i even love how crappy it looks
[2009/05/11 12:33:38] <erlingre> Volcane, I have also been thinking about the possibility that the client (The system about to be installed) creates the new node manifest on the master via SSH, maybe by executing a script on the master that creates the new node definition based on the decided server type. Do you think such an approach is possible
[2009/05/11 12:34:11] <zahna> if you guys are looking for the old IBM style keyboards, there's a company in texas that's making them again.
[2009/05/11 12:34:53] <joe-mac> zahna: i have two das keyboards. problem is i have carpal tunnel i think and i get really bad flare ups where my wrists are noticeably swollen
[2009/05/11 12:35:04] <zahna> oh dang
[2009/05/11 12:35:07] <joe-mac> so i am looking to move ergo
[2009/05/11 12:35:13] <Volcane> erlingre: a bit elaborate but it could, typically people define the type of machine in a tool like their CMDB or maybe even LDAP and puppet asks that using something like http://reductivelabs.com/trac/puppet/wiki/ExternalNodes
[2009/05/11 12:36:55] <zahna> joe-mac: gotcha. i love my microsoft elite pro keyboard
[2009/05/11 12:37:26] @ pleemans joined channel #puppet
[2009/05/11 12:37:26] @ Quit: alfism: "Connection reset by beer"
[2009/05/11 12:37:32] <joe-mac> my boss uses one, not as extreme as i'd like
[2009/05/11 12:37:51] <Volcane> MS keybs arent good for hte top of your hands
[2009/05/11 12:38:10] <Volcane> cos you have to lift your finger too much to travel over the bump they tend to have towards the middle
[2009/05/11 12:38:29] <Volcane> they've been getting better at it, but prolonged use will mess with the muscles in the top of your hands
[2009/05/11 12:38:44] <erlingre> Volcane, Interesting, still it will require actions besides starting the kickstart install, I would prefer that all choices about the node could be done during the install, but it may not be possible to implement in a way that is acceptable.
[2009/05/11 12:39:23] <Volcane> erlingre: you can write a fact http://reductivelabs.com/trac/puppet/wiki/AddingFacts that reads a file, if your kickstart makes the file
[2009/05/11 12:39:57] <zahna> oh, mine is the old style: white, corded, and the best IMO.
[2009/05/11 12:39:59] <Volcane> erlingre: this will define a new variable that is available on the master - and this various could contain the type of machine so you can then choose that iwth a simple case statement in your default node
[2009/05/11 12:40:40] @ Quit: johan-s: Connection timed out
[2009/05/11 12:40:41] <Volcane> zahna: the really old ones thats shaped like ( tilted 90 degrees clockwise or more flat like a \| ?
[2009/05/11 12:41:05] <erlingre> Volcane, thanks for the input, I will check it out.
[2009/05/11 12:41:51] @ alfism joined channel #puppet
[2009/05/11 12:43:39] <zahna> http://cgi.ebay.com/MICROSOFT-ERGONOMIC-KEYBOARD-X03-51763-NICE_W0QQitemZ390049420620QQcmdZViewItemQQptZPCA_Mice_Trackballs?hash=item5ad0c1d54c&_trksid=p3286.c0.m14&_trkparms=72%3A1234\|66%3A2\|65%3A12\|39%3A1\|240%3A1318\|301%3A1\|293%3A1\|294%3A50
[2009/05/11 12:43:46] <zahna> that's my keyboard
[2009/05/11 12:44:35] <Volcane> hated++ that arrow key layout
[2009/05/11 12:44:45] <Volcane> but yeah, thats like the 2nd or 3rd gen, they're not too bad
[2009/05/11 12:45:38] <joe-mac> i am not so sure that would really relieve much of my strain- resting your hands so your wrist tils upwards i thinkw as the main cause of keyboarding RSI
[2009/05/11 12:45:57] <joe-mac> so i basically have like t rex looking hands
[2009/05/11 12:46:01] <zahna> well that keyboard had a tilter on the front so your wrists would be straight
[2009/05/11 12:46:02] @ justindossey joined channel #puppet
[2009/05/11 12:46:07] <joe-mac> o i c
[2009/05/11 12:46:25] <zahna> or wait. it didn't.
[2009/05/11 12:46:29] <zahna> the 1st gen did
[2009/05/11 12:46:51] @ Quit: mikepea: Read error: 60 (Operation timed out)
[2009/05/11 12:47:06] <Volcane> those came with attachable lifters
[2009/05/11 12:47:08] <Volcane> not integrated
[2009/05/11 12:47:13] <zahna> oh, ok
[2009/05/11 12:47:23] * Volcane knows too much about MS keybs
[2009/05/11 12:47:31] <zahna> i got mine off of ebay, so i never got those attachable lifters
[2009/05/11 12:47:51] @ claymation joined channel #puppet
[2009/05/11 12:48:01] <Volcane> should have 2 or 3 keyhole shaped holes underneath the space bar area for it iirc
[2009/05/11 12:48:16] <zahna> interesting
[2009/05/11 12:51:21] @ kibahop joined channel #puppet
[2009/05/11 12:52:41] @ Quit: mfournier: Read error: 60 (Operation timed out)
[2009/05/11 12:55:46] @ Quit: tim\|imac: "Leaving"
[2009/05/11 12:57:08] @ Quit: MattyM: "ta ta"
[2009/05/11 12:58:00] @ Quit: jedi4ever: Read error: 113 (No route to host)
[2009/05/11 12:58:02] <pluesch0r> if puppetd --test gives e line 3: syntax error at '' after notice: Starting catalog run .. how do i fix this?
[2009/05/11 12:58:20] <Volcane> who the whole error on pastie.org pls
[2009/05/11 12:59:02] <pluesch0r> Volcane: http://pastie.org/474608
[2009/05/11 12:59:24] <pluesch0r> using exported resources.
[2009/05/11 12:59:42] <pluesch0r> some hosts don't seem to report a hostname . could that be the reason?
[2009/05/11 12:59:42] <Volcane> run it with --verbose and --debug see what it says near the time it prints the error
[2009/05/11 12:59:48] <pluesch0r> ok
[2009/05/11 12:59:48] <Volcane> could be
[2009/05/11 13:00:35] <pluesch0r> please reload.
[2009/05/11 13:00:47] <Volcane> ah
[2009/05/11 13:01:25] <Volcane> suggests theres something odd with your nagios configs, but i might be wrongt
[2009/05/11 13:02:31] <pluesch0r> please reload
[2009/05/11 13:02:38] @ Quit: lak:
[2009/05/11 13:02:47] <pluesch0r> all i'm doing is include nagios_host on the host on which puppet is dying.
[2009/05/11 13:02:59] <Volcane> i mean whats on your machine already
[2009/05/11 13:03:04] <Volcane> like the actual nagios configs
[2009/05/11 13:03:11] <pluesch0r> nothing
[2009/05/11 13:03:14] <pluesch0r> this is a test setup.
[2009/05/11 13:03:15] <Volcane> naginator will parse them to try and get an idea of what u have now
[2009/05/11 13:03:20] <Volcane> so it knows what to add
[2009/05/11 13:03:27] <pluesch0r> there's absolutely nothing there.
[2009/05/11 13:03:30] <pluesch0r> it's an empty directory
[2009/05/11 13:03:32] <Volcane> ok, so then hosts without hostnames would probably cause hassles
[2009/05/11 13:04:04] <pluesch0r> since naginator is trying to parse crap, i'm rather assuming that it's not able to find jack 'cause /etc/nagios3 is an empty directory.
[2009/05/11 13:04:09] <pluesch0r> and that's why it's choking.
[2009/05/11 13:04:11] <Volcane> but donno hey, I've never been able to make the nagios types behave in any sane way
[2009/05/11 13:05:12] @ Quit: nasrat: "Ex-Chat"
[2009/05/11 13:05:53] <pluesch0r> great.
[2009/05/11 13:05:55] <pluesch0r> thanks.
[2009/05/11 13:06:45] @ Quit: londo_: Remote closed the connection
[2009/05/11 13:08:40] @ Quit: pluesch0r: "leaving"
[2009/05/11 13:08:51] @ Quit: zeroXten: Remote closed the connection
[2009/05/11 13:10:22] @ tim\|imac joined channel #puppet
[2009/05/11 13:17:25] @ londo_ joined channel #puppet
[2009/05/11 13:20:11] <descala> hello
[2009/05/11 13:20:33] <descala> I am working on a node classifier ...
[2009/05/11 13:21:04] <descala> it interacts with puppet through external nodes
[2009/05/11 13:21:43] <descala> and allows the user to assign a list of classes to a node and to add parameters to that classes, with a basic user interface
[2009/05/11 13:22:38] <descala> it has some rudimentary visualization, in the line of puppetshow
[2009/05/11 13:23:21] <descala> well ... my question is if someone is developing pupptshow or something similar
[2009/05/11 13:23:32] <Volcane> what language did you write it in?
[2009/05/11 13:23:59] <descala> ruby. and it has become a redmine plugin
[2009/05/11 13:24:43] <descala> a project has hosts
[2009/05/11 13:25:36] @ mindless joined channel #puppet
[2009/05/11 13:26:03] <Volcane> ah, no i have some php stuff but might start toying with rails or something
[2009/05/11 13:27:02] <descala> volcane: i think i've checked out your stuff. is it about reporting?
[2009/05/11 13:27:28] <Volcane> yeah, just logs etc, nothing fancy, not overly useful, mostly it compliments other things i have
[2009/05/11 13:27:33] <mindless> hi all.. so far i haven't found this in the wiki: when an exec resource fails, can the stdout/stderr from the exec be found in any logs for troubleshooting?
[2009/05/11 13:27:49] <Volcane> which i dont opensource, so since hte puppet stuff was seperate objects i figured I'd opensoruce those
[2009/05/11 13:28:04] <Volcane> mindless: on the client, also the exec has options for what to log
[2009/05/11 13:28:42] <mindless> ah, i see logoutput attr
[2009/05/11 13:29:17] @ rberger joined channel #puppet
[2009/05/11 13:29:38] @ Quit: briandquinn:
[2009/05/11 13:31:04] <descala> volcane: my plan to is to open source the project, but it is difficult to split our private stuff (which would be useless to anyone else) from something that might have general interest
[2009/05/11 13:31:14] <Volcane> yeah
[2009/05/11 13:31:36] <Volcane> i pulled those few objects out and wrote a thin container for them in the puppetview thing
[2009/05/11 13:32:00] <Volcane> but not the rest, doing that kind of thing is always a pain
[2009/05/11 13:34:19] <descala> I have a "webserver A" module, and a user interface that lets you add virtualhosts to apache, configures mysql, ftp, and so on
[2009/05/11 13:35:01] <descala> nothing special about the puppet module part, but I think it is special in the sense that it has a user interface to configure that module
[2009/05/11 13:35:01] @ ezmob joined channel #puppet
[2009/05/11 13:35:33] <Volcane> yeah, i have a way to group arbitrary modules together into a named group in the web ui too
[2009/05/11 13:35:42] <Volcane> then assign the name that only exist in the web ui to a node
[2009/05/11 13:35:52] <Volcane> with vars and all for the module
[2009/05/11 13:38:17] @ Quit: francois: "Leaving."
[2009/05/11 13:45:18] @ kngus joined channel #puppet
[2009/05/11 13:45:57] @ erlingre left channel #puppet ("Leaving")
[2009/05/11 13:47:42] @ Quit: rberger: Connection timed out
[2009/05/11 13:49:13] @ Quit: bobbyz: Operation timed out
[2009/05/11 13:49:34] @ bobbyz joined channel #puppet
[2009/05/11 13:49:42] @ Quit: pleemans: Read error: 113 (No route to host)
[2009/05/11 13:50:24] @ plathrop-away is now known as plathrop
[2009/05/11 14:00:52] @ Quit: descala:
[2009/05/11 14:03:43] @ alfism_ joined channel #puppet
[2009/05/11 14:04:10] @ cwebber joined channel #puppet
[2009/05/11 14:06:43] @ Quit: alfism: Read error: 60 (Operation timed out)
[2009/05/11 14:15:47] @ johan-s joined channel #puppet
[2009/05/11 14:19:34] @ martha1 joined channel #puppet
[2009/05/11 14:20:37] @ martha1 is now known as martha
[2009/05/11 14:22:49] <martha> anyone know where is the csv lookup function that someone wrote for puppet?
[2009/05/11 14:25:30] @ descala joined channel #puppet
[2009/05/11 14:27:37] <martha> never mind, I found it
[2009/05/11 14:30:49] @ Quit: bobbyz: Read error: 60 (Operation timed out)
[2009/05/11 14:33:03] @ Quit: claymation: Read error: 104 (Connection reset by peer)
[2009/05/11 14:33:03] @ bobbyz joined channel #puppet
[2009/05/11 14:34:42] @ alban2 joined channel #puppet
[2009/05/11 14:35:56] @ claymation joined channel #puppet
[2009/05/11 14:37:25] @ Quit: claymation: Read error: 104 (Connection reset by peer)
[2009/05/11 14:37:36] @ claymation joined channel #puppet
[2009/05/11 14:41:13] @ Quit: claymation: Read error: 104 (Connection reset by peer)
[2009/05/11 14:41:15] @ claymation_ joined channel #puppet
[2009/05/11 14:44:12] @ Quit: aymerick: "kit mais sage"
[2009/05/11 14:46:29] @ Quit: mikearr_: Read error: 110 (Connection timed out)
[2009/05/11 14:49:39] @ fbe joined channel #puppet
[2009/05/11 14:54:52] @ lak joined channel #puppet
[2009/05/11 15:11:47] @ Quit: descala:
[2009/05/11 15:14:44] @ Quit: cwebber:
[2009/05/11 15:18:57] @ nasrat joined channel #puppet
[2009/05/11 15:20:29] @ Innocenti joined channel #puppet
[2009/05/11 15:22:02] @ pleemans joined channel #puppet
[2009/05/11 15:31:43] @ Eghie joined channel #puppet
[2009/05/11 15:32:06] @ Quit: Eghie: SendQ exceeded
[2009/05/11 15:32:34] @ Eghie joined channel #puppet
[2009/05/11 15:32:47] @ briandquinn joined channel #puppet
[2009/05/11 15:32:53] @ Quit: Eghie: SendQ exceeded
[2009/05/11 15:33:15] @ Eghie joined channel #puppet
[2009/05/11 15:33:43] @ Quit: Eghie: SendQ exceeded
[2009/05/11 15:34:07] @ Eghie joined channel #puppet
[2009/05/11 15:34:31] @ Quit: Eghie: SendQ exceeded
[2009/05/11 15:36:26] @ Eghie joined channel #puppet
[2009/05/11 15:36:39] @ Quit: Eghie: SendQ exceeded
[2009/05/11 15:37:26] @ gaveen joined channel #puppet
[2009/05/11 15:45:24] @ kngus left channel #puppet ("Leaving.")
[2009/05/11 16:01:10] <ibt> hi
[2009/05/11 16:01:16] <jrojas> herro
[2009/05/11 16:01:18] <plathrop> ibt: hola
[2009/05/11 16:02:45] <ibt> is there a way to do nagios_host templates?
[2009/05/11 16:02:46] @ mikepea joined channel #puppet
[2009/05/11 16:03:07] <ibt> in the resulting config file, i don't want host_name, but instead, just name
[2009/05/11 16:03:54] <chadh> Does anyone know the magic for installing puppet in preseed file? newbie to ubuntu here
[2009/05/11 16:04:06] <joe-mac> chadh: i might be able to help
[2009/05/11 16:04:21] <joe-mac> 'a preseed file' do you mean a preseed for the debian-installer?
[2009/05/11 16:04:25] <chadh> joe-mac: yes
[2009/05/11 16:04:28] <joe-mac> h/o
[2009/05/11 16:04:55] <wilturn> ibt, have you seen http://reductivelabs.com/trac/puppet/wiki/Recipes/Nagios
[2009/05/11 16:05:15] <wilturn> it might come down to writing a little fact to get it all setup right for your use
[2009/05/11 16:07:09] @ Quit: d3vilb0x:
[2009/05/11 16:07:53] <ibt> wilturn: i'm talking about nagios template hosts, not template(). nagios_host {"stuff": } results in "define host {\nhost_name stuff\n}" in the nagios configs which isn't what i want since i'm trying to do a template host. in my case, i don't want "host_name", but instead just "name". seems like i wouldn't need a fact, but a different type
[2009/05/11 16:08:13] <joe-mac> chadh: the line you want is
[2009/05/11 16:08:14] <joe-mac> d-i pkgsel/include string puppet
[2009/05/11 16:09:28] <chadh> joe-mac: ahh. There is an example in the example preseed file that has a "build-essential" at the end of the line, and I thought that might be some kind of repo specification
[2009/05/11 16:09:39] <chadh> oh, is that a package?
[2009/05/11 16:09:43] <joe-mac> no, build-essential is gcc and some iother shit
[2009/05/11 16:10:02] * joe-mac loathes ubuntu
[2009/05/11 16:10:06] <joe-mac> but will be gladt o help
[2009/05/11 16:10:16] <joe-mac> since i inherited an ubnuntu infrastructure and had to pick it up
[2009/05/11 16:10:23] <chadh> ahh, I'm an idiot. That makes sense. There are just two packages on that line
[2009/05/11 16:10:40] <chadh> joe-mac: I'm with you, but our users are begging for it, and I'm just nice like that :)
[2009/05/11 16:10:42] <joe-mac> yea, i normally separate them with \ like a shell script and line them up so it's easy to read
[2009/05/11 16:11:09] <joe-mac> i wish our users would switch to ubuntu i would instantly free up like 50% of my boss' workload and i would probably get a raise
[2009/05/11 16:11:36] <joe-mac> i already have a nice puppet setup around it, wouldn't be too much to adapt that to a workstation setup
[2009/05/11 16:12:04] <joe-mac> and we have a license for crossover, which works for mostly all end user ms office 2007 tasks
[2009/05/11 16:12:45] @ edwardam is now known as edwardam\|food
[2009/05/11 16:12:53] @ cwebber joined channel #puppet
[2009/05/11 16:13:34] @ taylorj joined channel #puppet
[2009/05/11 16:14:50] @ roald joined channel #puppet
[2009/05/11 16:15:26] @ pheezy joined channel #puppet
[2009/05/11 16:16:23] <taylorj> Newbie question: I'm getting the following warning and not seeing my sudoers file transfered. I assume this is a problem with my fileserver config? warning: //Node[basenode]/sudo/File[/etc/sudoers]/ensure: No specified sources exist
[2009/05/11 16:17:46] <wilturn> ibt, I think I get what you are trying to do, but I've not gotten there myself.. we use the host_name in hosts.conf (one define per entity), but in templates.conf there multiple definitions for host {} that have different host templates using the 'name' field
[2009/05/11 16:18:46] <plathrop> taylorj: That one is often a permissions issue. Check to be sure the puppet user on the puppetmaster can read the source file.
[2009/05/11 16:19:50] @ rsquared joined channel #puppet
[2009/05/11 16:20:46] <taylorj> Thanks plathrop. Tis my stupidity.
[2009/05/11 16:20:55] <wilturn> ibt, not sure it's helpful, but this is how our hosts/templates get defined: http://pastie.org/474845
[2009/05/11 16:21:17] @ madrescher joined channel #puppet
[2009/05/11 16:21:33] <ibt> wilturn: yeah, i was just trying to generate those templates using the nagios types
[2009/05/11 16:21:59] <ibt> wilturn: i'm using a file now, but it seems like you should be able to do that in puppet
[2009/05/11 16:22:30] @ Quit: nasrat:
[2009/05/11 16:22:42] <wilturn> ibt, I agree, our nagios setup is a bit of a kludge... things tend to go way smoother using munin but it's not exactly apples/oranges
[2009/05/11 16:22:47] @ rasputnik joined channel #puppet
[2009/05/11 16:22:48] <wilturn> apples to apples rather
[2009/05/11 16:23:03] <ibt> wilturn: is munin even comparable to nagios?
[2009/05/11 16:23:23] <ibt> wilturn: i thought munin was a replacement for nagiosgrapher or something
[2009/05/11 16:24:04] @ shake-n-bake joined channel #puppet
[2009/05/11 16:24:26] <wilturn> definitely not a drop in replacement, they different methodologies in how they work.. its more like running nrpe
[2009/05/11 16:26:35] @ Quit: rasputnik: Client Quit
[2009/05/11 16:31:45] @ _3rdman joined channel #puppet
[2009/05/11 16:34:59] @ Quit: Innocenti: Client Quit
[2009/05/11 16:53:40] @ Quit: madrescher: "Leaving."
[2009/05/11 16:53:52] @ madrescher joined channel #puppet
[2009/05/11 16:58:36] @ kibahop left channel #puppet ()
[2009/05/11 16:59:07] @ kolla joined channel #puppet
[2009/05/11 17:01:39] @ mikearr joined channel #puppet
[2009/05/11 17:04:51] <MrHeavy> I have Puppet 0.24.8 telling me "file paths must be qualified" on a fully-qualified path
[2009/05/11 17:05:08] <MrHeavy> err: Could not create /usr/local/sbin/rebuild-sudoers: Parameter path failed: File paths must be fully qualified
[2009/05/11 17:05:10] <MrHeavy> Any ideas?
[2009/05/11 17:05:40] @ Quit: pleemans: Read error: 113 (No route to host)
[2009/05/11 17:08:12] @ Quit: briandquinn:
[2009/05/11 17:10:40] @ mib_oc2it0 joined channel #puppet
[2009/05/11 17:11:12] <_3rdman> MrHeavy: need to start with File::SEPARATOR (e.g. '/' or /path/foo/bar)
[2009/05/11 17:11:25] <MrHeavy> Which it does
[2009/05/11 17:11:57] <mib_oc2it0> Is it possible to have puppet clients communicate info to the puppetmaster that it then includes in manifests?
[2009/05/11 17:12:35] <MrHeavy> mib_oc2it0: http://reductivelabs.com/trac/puppet/wiki/AddingFacts
[2009/05/11 17:13:42] <mib_oc2it0> Sorry, not adding fact - we do that. I mean e.g. a client has a role_webserver = true set; puppetmaster uses that to add/remove the host to proxy.conf that it then pushes out to the load balancersr.
[2009/05/11 17:14:02] @ sebas891 joined channel #puppet
[2009/05/11 17:14:27] <_3rdman> MrHeavy: not sure, can you show the snippet for that file?
[2009/05/11 17:17:04] @ Quit: mikepea: Read error: 104 (Connection reset by peer)
[2009/05/11 17:17:07] <mib_oc2it0> Or an immediate example - we use puppet to push out ntp.conf - but want to change ntp.conf so that their is a "restrict x.x.x.x" line that allows host with IP address X.X.X.X to query ntp process on all hosts. But the monitoring host, whose address X.X.X.X must be, will have a dynamic IP address. It knows its the monitoring host, and has a
[2009/05/11 17:17:11] @ mikepea joined channel #puppet
[2009/05/11 17:17:24] <mib_oc2it0> role_monitoring - true variable set by facter, so is built as a monitoring host by puppetmaster.
[2009/05/11 17:17:47] <mib_oc2it0> But we then need to push out the new X.X.X.X to all hosts ntp.conf - which I'd like to automate somehow.
[2009/05/11 17:18:28] <mib_oc2it0> And it can't be by DNS name using a cname - ntp.conf requires restrict clauses to be IP address only.
[2009/05/11 17:18:32] <MrHeavy> Never mind, it was a retarded copy/paste error in another node
[2009/05/11 17:18:45] <MrHeavy> I really wish Puppet would just freak out when you try to use an undefined variable in a manifest
[2009/05/11 17:19:01] <MrHeavy> err, not another node, another class
[2009/05/11 17:25:51] @ edwardam\|food is now known as edwardam
[2009/05/11 17:29:25] <mib_oc2it0> Hmm, looks like Exported Resources do what I want...
[2009/05/11 17:31:41] @ WALoeIII joined channel #puppet
[2009/05/11 17:32:54] @ Quit: pheezy: Remote closed the connection
[2009/05/11 17:32:57] @ plathrop is now known as plathrop-away
[2009/05/11 17:33:07] @ plathrop-away is now known as plathrop
[2009/05/11 17:34:00] @ d3vilb0x joined channel #puppet
[2009/05/11 17:38:07] <MrHeavy> mib_oc2it0: Keep in mind that Puppet will not clean up exported resources by itself when you decomm a host
[2009/05/11 17:40:11] <adoom42> guys, can you have a template which is entirely ruby code? i.e. instead of <% if blah %>some text<% end %>, I'd like to have <% if blah puts "some text" end %>
[2009/05/11 17:40:36] <adoom42> I tried it out, but it echoes the text out on the puppetmaster, not to the file on the client like I assumed it would
[2009/05/11 17:41:08] <lak> adoom42: use 'generate' if you want that
[2009/05/11 17:42:29] <adoom42> 'generate'... is that puppet-specific or some generic ruby function
[2009/05/11 17:43:02] @ Quit: rlpowell: Read error: 110 (Connection timed out)
[2009/05/11 17:43:18] <lak> it's a puppet function
[2009/05/11 17:44:15] <taylorj> second newb question. I've got my puppetmasterd server up and running and communicating with the localhost puppetd. However I can't get the cert verification to work on a second host. Any thoughts? here is my error: warning: peer certificate won't be verified in this SSL session
[2009/05/11 17:44:17] @ edwardam is now known as edwardam\|phn
[2009/05/11 17:44:55] <lak> taylorj: have you signed the second host's cert on the master?
[2009/05/11 17:45:02] <wilturn> taylorj, i seem to get that error before I've signed the cert on the puppetmaster side, puppetca --sign X
[2009/05/11 17:45:15] @ edwardam\|phn is now known as edwardam
[2009/05/11 17:45:32] <taylorj> I've run puppetca -l --all and I do not see the second host
[2009/05/11 17:45:46] <cwebber> is anyone else seeing issues connecting to Trac
[2009/05/11 17:46:02] <adoom42> yep, it says 'oops'
[2009/05/11 17:46:08] @ Quit: alfism_: Read error: 110 (Connection timed out)
[2009/05/11 17:46:20] <wilturn> taylorj, the first time you run puppetd -tv on a node on my setup, it places a key to sign
[2009/05/11 17:46:24] @ Quit: mib_oc2it0: "http://www.mibbit.com ajax IRC Client"
[2009/05/11 17:46:45] @ alfism joined channel #puppet
[2009/05/11 17:47:07] <lak> works for me
[2009/05/11 17:47:15] <lak> it was slow, tho, so i restarted tracd
[2009/05/11 17:47:22] <cwebber> lak: thanks
[2009/05/11 17:47:41] <adoom42> aha - worksforme (after I fixed it) :-)
[2009/05/11 17:48:11] @ Quit: erm: Read error: 110 (Connection timed out)
[2009/05/11 17:48:57] <cwebber> is there a way to turn checksum-ing on directory off?
[2009/05/11 17:49:41] @ rsquared_ joined channel #puppet
[2009/05/11 17:49:46] <cwebber> we are using krb for user info but have local home dirs and I keep getting burried by /checksum (notice): checksum changed '{mtime}Fri May 01 08:33:59 -0700 2009' to '{mtime}Mon May 11 14:08:36 -0700 2009'
[2009/05/11 17:50:19] <taylorj> thanks for the advice wilturn and lak; however when I look at puppetca it never shows a host to sign. I've also tried doign puppetca --sign x. the message I get running any puppetca command for signing is: no certificats to sign.
[2009/05/11 17:51:06] <lak> taylorj: do you get any cert-related logs on client or server, other than the warning, when you run puppetd on the client?
[2009/05/11 17:51:12] <lak> and are you running puppetca on the server, or on the client?
[2009/05/11 17:51:22] @ rlpowell joined channel #puppet
[2009/05/11 17:52:30] @ Djelibeybi joined channel #puppet
[2009/05/11 17:53:15] <adoom42> lak: generate() is run on the puppetmaster, which won't work for my template as it uses client-side vars
[2009/05/11 17:53:30] <lak> adoom42: the templates run on the master, too
[2009/05/11 17:53:55] <lak> but yeah, the generate scripts don't have access to all client info like the templates do
[2009/05/11 17:54:18] <Djelibeybi> andrewcshafer: ping?
[2009/05/11 17:54:29] <andrewcshafer> Djelibeybi: ack
[2009/05/11 17:54:39] <Djelibeybi> andrewcshafer: got time for a quick pm?
[2009/05/11 17:55:27] <andrewcshafer> Djelibeybi: I jump on a conference call in 5 minutes... but I can usually still type
[2009/05/11 17:55:27] <taylorj> lak, running it on the server.
[2009/05/11 17:56:04] <taylorj> I just noticed my two clocks are off by more than 3 hours though I can't find any SSL releated errors in either puppet or otherwise. I've known this to mess up that. going to try resolving that next.
[2009/05/11 17:56:16] <wilturn> taylorj, see if maybe you can get more debugging info out of the client side with puppetd -td, and sometimes I get lazy and just have puppet sign all the cets: puppetca -sa , however if they are not ending up on the puppetmaster to be signed, it almost sounds like a permissions issue
[2009/05/11 17:56:47] @ thegcat joined channel #puppet
[2009/05/11 17:56:51] @ Quit: thegcat: Remote closed the connection
[2009/05/11 17:58:11] @ alfism_ joined channel #puppet
[2009/05/11 18:01:02] @ Quit: rsquared: Read error: 113 (No route to host)
[2009/05/11 18:01:16] <lak> taylorj: we create certs that are valid starting 1 day ago, because we had so many issues with time differences
[2009/05/11 18:05:59] <taylorj> hi wilturn and lak; fixed time issue and did not resolve. Also ran with debug and does not appear to cause the issue. here are the last lines of the debug:
[2009/05/11 18:06:02] <taylorj> warning: peer certificate won't be verified in this SSL session
[2009/05/11 18:06:19] <taylorj> debug: /Settings[/etc/puppet/puppet.conf]/Settings[main]/File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet]
[2009/05/11 18:06:19] <taylorj> debug: /Settings[/etc/puppet/puppet.conf]/Settings[ssl]/File[/var/lib/puppet/ssl/private_keys/mysqlmgm.atlab.sfsu.edu.pem]: Autorequiring File[/var/lib/puppet/ssl/private_keys]
[2009/05/11 18:06:20] <taylorj> debug: Finishing transaction -607726468 with 0 changes
[2009/05/11 18:06:20] <taylorj> debug: Calling puppetca.getcert
[2009/05/11 18:06:20] <taylorj> warning: peer certificate won't be verified in this SSL session
[2009/05/11 18:06:22] <taylorj> from /usr/sbin/puppetd:360
[2009/05/11 18:06:28] <taylorj> sorry for the scroll everyone
[2009/05/11 18:06:34] <lak> taylorj: run the client in debug mode and pastie the whole log
[2009/05/11 18:06:50] @ nakano_ is now known as nakano
[2009/05/11 18:08:23] <pastie> lak: http://pastie.org/475002 by taylorj.
[2009/05/11 18:11:16] @ Quit: axisys: "leaving"
[2009/05/11 18:11:34] @ Quit: alfism: Read error: 113 (No route to host)
[2009/05/11 18:12:03] <lak> taylorj: it looks like you're running mongrel but talking directly to mongrel instead of through an ssl-speaking proxy
[2009/05/11 18:12:15] <lak> that's an ssl error, not a puppet error
[2009/05/11 18:14:59] <taylorj> hmmm, i just did the apt-get install for both on ubuntu. From my reading this isn't the most supported package but its what I have handy. Any suggestions on working with/around mongrel?
[2009/05/11 18:15:14] <taylorj> *both meaning both client and server
[2009/05/11 18:20:04] @ Quit: rsquared_: Read error: 113 (No route to host)
[2009/05/11 18:23:40] <lak> taylorj: hmm, so you're running the default config?
[2009/05/11 18:23:50] <lak> in that case, you're using webrick, which speaks ssl
[2009/05/11 18:23:52] <lak> so you should be fine
[2009/05/11 18:24:07] <taylorj> I've changed a few items in the site.pp and other settings but nothing to do with SSL or Mongrel.
[2009/05/11 18:24:33] <taylorj> The one varriable I've thrown in is I'm running these as openvz containers for testing. but I can telnet between teh two systems on the port specififed.
[2009/05/11 18:24:44] <taylorj> 8140
[2009/05/11 18:25:23] <lak> something in your networking or your setup is breaking it
[2009/05/11 18:25:33] <lak> this is really default stuff, works great for essentially everyone
[2009/05/11 18:25:40] <lak> firewall? dunno
[2009/05/11 18:25:50] <lak> i know you said you can telnet, but you sure you're talking to puppet?
[2009/05/11 18:26:20] <taylorj> thanks. I'll bang around on it bit more and come back if I can find somethign specific. Thanks again for working with me on it.
[2009/05/11 18:26:56] <lak> np, sorry it's giving you trouble
[2009/05/11 18:28:17] <wilturn> taylorj, the only time Ive seen something like that is when the client was somehow unhappy about the names matching up, so the puppet master was fine with being 'puppet' but not 'puppet.FQDN', and my only fix to get it working in that circumstance was to hardcode puppet to the IP that I wanted, and then not specify it as just 'puppet' on the cli. Im not sure it's the same issue, but it's very close to one I deal with on remote installs
[2009/05/11 18:28:37] @ Quit: mikepea:
[2009/05/11 18:28:51] <wilturn> taylorj, to get around that, i'd put an entry in /etc/hosts defining puppet and then it would run.. good luck
[2009/05/11 18:29:08] @ Quit: Djelibeybi: "Leaving"
[2009/05/11 18:33:57] <lak> wilturn: that should only happen once the client has a cert, tho
[2009/05/11 18:34:06] <lak> right?
[2009/05/11 18:34:18] <wilturn> I need to do that the first time and every time unfortunately lak
[2009/05/11 18:34:28] <lak> really? crazy
[2009/05/11 18:34:42] <lak> you have an old server cert?
[2009/05/11 18:34:50] <wilturn> for my remote installs that want it based on fqdn.. on my internal network, everything knows the machine as 'puppet' so all is well
[2009/05/11 18:35:00] <lak> if you run puppetca --print <serverfqdn>, do you get e.g., puppet.FQDN in the list of dns aliases?
[2009/05/11 18:35:57] @ pheezy joined channel #puppet
[2009/05/11 18:36:44] <wilturn> lak, puppetca just dumps an error for me on that.. if I give it a --list --all I get a dump out o fall of them as expected
[2009/05/11 18:37:39] <lak> what version are you running?
[2009/05/11 18:38:22] <wilturn> its likely our configuration error, or one that was inherited over time, at some point it was easier for the master to just be 'puppet'
[2009/05/11 18:38:35] <wilturn> lak, puppetca reports version 0.24.8
[2009/05/11 18:38:45] <lak> erm
[2009/05/11 18:39:21] <taylorj> hi wilturn; when you define puppet are you talkign on the client or server hosts file?
[2009/05/11 18:39:41] <lak> wilturn: what error does puppetca throw? i know 0.24.8 supports puppetca --print
[2009/05/11 18:41:55] <wilturn> lak, without any arg after --print, I get back nothing, but if I define my fqdn I get this error: http://pastie.org/475052
[2009/05/11 18:43:03] <wilturn> lak, my mistake
[2009/05/11 18:45:16] <wilturn> I believe my issues with the remote certs being signed have to do with the certname being defined as puppet everywhere in the puppetmaster's config, if I used a fqdn and re-issued all the certificates it would likely resolve itself
[2009/05/11 18:45:25] @ sebas891 left channel #puppet ("Leaving.")
[2009/05/11 18:47:27] @ Quit: jmeeuwen: Read error: 113 (No route to host)
[2009/05/11 18:48:14] <lak> wilturn: ah, yeah, that would cause some strangenesses
[2009/05/11 18:54:39] @ nakano is now known as nakano_
[2009/05/11 18:54:39] @ martha left channel #puppet ()
[2009/05/11 18:54:50] @ mfoster left channel #puppet ()
[2009/05/11 18:56:02] @ Quit: andrewcshafer:
[2009/05/11 18:59:07] @ nakano_ is now known as nakano
[2009/05/11 19:02:29] @ Quit: _3rdman: Remote closed the connection
[2009/05/11 19:18:35] @ Quit: lak:
[2009/05/11 19:18:55] @ Quit: justindossey: "Leaving."
[2009/05/11 19:21:36] @ Quit: bobbyz: Read error: 110 (Connection timed out)
[2009/05/11 19:27:13] @ taylorj left channel #puppet ()
[2009/05/11 19:28:07] @ mikepea joined channel #puppet
[2009/05/11 19:28:15] <dixond> hi all - I am having some trouble with the basics - I've followed http://reductivelabs.com/trac/puppet/wiki/AdvancedPuppetRecipe -- pretty much copy+paste, but when I start puppetd on one of my nodes, I get this:
[2009/05/11 19:28:25] <dixond> err: Could not retrieve catalog: Could not find default node or by name with 'is.dev.internal, is.dev, is' on node is.dev.internal
[2009/05/11 19:29:49] <dixond> n/m, I'm an idiot.. I defined it in nodes.pp as is.prd.internal.... duh.
[2009/05/11 19:30:35] @ axisys joined channel #puppet
[2009/05/11 19:31:50] <dixond> hrm, ok, how do I tell puppet to use rpm or yum for package management on redhat systems? does it know about yum?
[2009/05/11 19:33:52] <dixond> ...apparently it does. sweet.
[2009/05/11 19:38:15] @ bobbyz joined channel #puppet
[2009/05/11 19:40:08] @ Quit: Bass10: Read error: 110 (Connection timed out)
[2009/05/11 19:45:59] @ Quit: pheezy: Remote closed the connection
[2009/05/11 19:46:23] @ Quit: gaveen: Read error: 113 (No route to host)
[2009/05/11 19:47:08] @ gaveen joined channel #puppet
[2009/05/11 19:48:22] @ nakano is now known as nakano_
[2009/05/11 19:48:57] @ nakano_ is now known as nakano
[2009/05/11 19:49:33] @ Quit: claymation_:
[2009/05/11 19:52:39] @ Quit: mikepea:
[2009/05/11 19:55:35] @ nakano is now known as nakano_
[2009/05/11 19:57:51] @ aku joined channel #puppet
[2009/05/11 19:59:28] @ aku left channel #puppet ("Ex-Chat")
[2009/05/11 20:03:06] @ Quit: bobbyz: Read error: 110 (Connection timed out)
[2009/05/11 20:07:47] @ Quit: cwebber:
[2009/05/11 20:08:20] @ cwebber joined channel #puppet
[2009/05/11 20:08:49] @ Quit: cwebber: Client Quit
[2009/05/11 20:14:59] @ Quit: mindless: "kthxbye"
[2009/05/11 20:28:52] @ bobbyz joined channel #puppet
[2009/05/11 20:34:09] @ erm joined channel #puppet
[2009/05/11 20:34:30] @ claymation joined channel #puppet
[2009/05/11 20:36:34] @ Quit: kolla: Remote closed the connection
[2009/05/11 20:42:29] @ plathrop is now known as plathrop-away
[2009/05/11 20:42:39] @ plathrop-away is now known as plathrop
[2009/05/11 20:52:39] @ plathrop is now known as plathrop-away
[2009/05/11 20:54:05] @ Quit: bobbyz: Read error: 60 (Operation timed out)
[2009/05/11 21:05:17] @ Quit: alfism_: "Connection reset by beer"
[2009/05/11 21:21:03] @ ohadlevy joined channel #puppet
[2009/05/11 21:21:10] @ nakano_ is now known as nakano
[2009/05/11 21:33:24] @ Quit: gaveen: Read error: 60 (Operation timed out)
[2009/05/11 21:34:41] <dixond> can anyone give me some guidance on getting plugins auto-distributed in a module?
[2009/05/11 21:35:14] <dixond> I've read http://reductivelabs.com/trac/puppet/wiki/PluginsInModules but it doesn't really explain what I need.
[2009/05/11 21:35:23] <dixond> for example, what goes in fileserver.conf?
[2009/05/11 21:36:07] @ joe-mac1 left channel #puppet ()
[2009/05/11 21:37:34] <dixond> eg, running puppetd --test gives me errors like: err: /File[/var/puppet/lib]: Failed to generate additional resources during transaction: Cannot access mount[plugins]
[2009/05/11 21:41:14] <proton> dixond: make sure you've got pluginsync = true and pluginsource = puppet:///plugins
[2009/05/11 21:41:24] <proton> for the client puppetd (i just have it in main)
[2009/05/11 21:41:54] <jrojas> ive never had to specify a pluginsource
[2009/05/11 21:42:13] <proton> then as long as they're in the right directories (module/plugins/puppet/...) they should sync
[2009/05/11 21:42:19] <proton> yeah, that's probably the default setting actually
[2009/05/11 21:44:18] <jrojas> dixond: unless you are restricting access to the fileserver mounts implicitly you shouldnt need to create a mount in the filserver.conf
[2009/05/11 21:45:10] @ gaveen joined channel #puppet
[2009/05/11 21:59:47] @ ezmob is now known as ezmob\|away
[2009/05/11 22:03:01] @ ezmob\|away is now known as ezmob
[2009/05/11 22:08:27] @ Quit: WALoeIII: Read error: 113 (No route to host)
[2009/05/11 22:10:11] @ Quit: ezmob: "Leaving..."
[2009/05/11 22:13:19] @ cwebber joined channel #puppet
[2009/05/11 22:13:52] @ atlan_ joined channel #puppet
[2009/05/11 22:13:57] @ Quit: axisys: Read error: 104 (Connection reset by peer)
[2009/05/11 22:14:01] @ axisys_ joined channel #puppet
[2009/05/11 22:14:22] @ WALoeIII joined channel #puppet
[2009/05/11 22:21:19] @ lak joined channel #puppet
[2009/05/11 22:29:34] @ Quit: chip__: Read error: 110 (Connection timed out)
[2009/05/11 22:30:32] @ Quit: claymation:
[2009/05/11 22:36:11] @ maxagaz joined channel #puppet
[2009/05/11 22:44:43] <dixond> jrojas: proton: hrm.
[2009/05/11 22:45:57] <dixond> perhaps there's some other thing I'm doing wrong, like maybe I need to specify module directory differently or something? I have only the most basic puppet.conf
[2009/05/11 22:46:50] <proton> my puppet.conf is 3 lines so I doubt it :-)
[2009/05/11 22:46:53] <dixond> my /etc/puppet/puppet.conf looks like: http://pastebin.com/m1a9709ec
[2009/05/11 22:47:03] <proton> are the plugins in the right spots to be served?
[2009/05/11 22:47:31] <dixond> fileserver.conf is: http://pastebin.com/m5cce94fd
[2009/05/11 22:47:39] <dixond> proton: I'll paste the dir structure too...
[2009/05/11 22:47:52] @ PhabX joined channel #puppet
[2009/05/11 22:47:54] <proton> for example I have types stored in: /etc/puppet/modules/custom/plugins/puppet/type and they're happily synced
[2009/05/11 22:48:37] <dixond> http://pastebin.com/m323565a2
[2009/05/11 22:49:15] <dixond> proton: is there some line you also add to get the 'custom' module enabled or copied or something?
[2009/05/11 22:49:45] <dixond> I'm just really perplexed by the error :-/
[2009/05/11 22:49:46] <proton> nope, that's just a module I have to keep my custom plugins in
[2009/05/11 22:50:27] * dixond decides to put them into custom instead to test...
[2009/05/11 22:52:16] <dixond> AHA!
[2009/05/11 22:53:21] <dixond> if I didn't have pluginsource = puppet:///plugins it would fail. If I had that and also had a [plugins] in fileserver.conf it also failed, but with no fileserver.conf, and the pluginsource = ... present, now it works! Weeee :)
[2009/05/11 22:53:33] <proton> heh, cool :)
[2009/05/11 22:55:00] <dixond> SWEET! :) (sorry for the shouting, but this has baffled me on and off for days....)
[2009/05/11 22:55:05] <dixond> now I'm in business.
[2009/05/11 22:55:09] @ Quit: cwebber:
[2009/05/11 22:55:20] <dixond> sysctl is getting updated correctly woohoo...
[2009/05/11 22:55:52] <proton> heheh
[2009/05/11 22:56:07] <proton> don't worry it did take me a little bit to work out why it wasn't working originally
[2009/05/11 22:56:14] <proton> but that was a while ago now so I couldn't remember all the details :)
[2009/05/11 22:56:20] <dixond> ;)
[2009/05/11 22:56:31] <dixond> proton: jrojas: thx for help and pointers.
[2009/05/11 22:56:53] @ cwebber joined channel #puppet
[2009/05/11 23:00:45] @ Quit: cwebber: Client Quit
[2009/05/11 23:03:23] <dixond> under what circumstances do I need to restart the puppetmasterd? eg, if I change a manifest file (.pp) will puppetmasterd automatically realise this and send it next time puppetd talks to it?
[2009/05/11 23:03:53] <lak> yep
[2009/05/11 23:07:19] @ Quit: lak:
[2009/05/11 23:17:14] @ ezmob joined channel #puppet
[2009/05/11 23:23:41] @ Quit: edwardam: Remote closed the connection
[2009/05/11 23:27:53] @ KB1JWQ left channel #puppet ()
[2009/05/11 23:42:37] <ohadlevy> could it be that I see worse performance with marshal than yaml?
[2009/05/11 23:42:46] <ohadlevy> (--catalog_format)
[2009/05/11 23:56:21] <ohadlevy> when using puppet-test I also see a big different between the amount of time the server reported as compiled vs what the client says the server compile time was

Generated by irclog2html.py 2.6 by Marius Gedminas - find it at mg.pov.lt!