Monday, 2009-06-01

[2009/06/01 00:00:09] @ Log started by gepetto
[2009/06/01 00:00:09] <MrHeavy> Coding standards, best practices, etc.
[2009/06/01 00:01:17] <ohadlevy> lak:thanks
[2009/06/01 00:01:47] <lak> MrHeavy: wiki:DevelopmentLifecycle
[2009/06/01 00:01:48] <gepetto> lak: MrHeavy: wiki:DevelopmentLifecycle is http://reductivelabs.com/trac/puppet/wiki/DevelopmentLifecycle
[2009/06/01 00:01:53] <lak> that's about it
[2009/06/01 00:02:51] <MrHeavy> Perfect, thanks
[2009/06/01 00:03:30] @ nasrat joined channel #puppet
[2009/06/01 00:03:55] @ hessmll joined channel #puppet
[2009/06/01 00:12:12] <joe-mac> i think i might try to write a provider for the posix draft facls... did anyone else start this?
[2009/06/01 00:20:51] <nasrat> MrHeavy: you probably want to look at the spec directory for rspec style tests
[2009/06/01 00:28:23] <nasrat> joe-mac: you might want to look at the selinux implementation, also you'd want to conditionalize the support
[2009/06/01 00:29:18] <joe-mac> yea, i know linux and fbsd support them with the same syntax... you have to also make sure however the file is on a mount point with the option enabled... is that what you're getting at nasrat?
[2009/06/01 00:29:43] <joe-mac> i'm not particularly handy with ruby yet, but i;ve been hacking at it trying to pick it up
[2009/06/01 00:30:44] <nasrat> I was more thinking it is probably additional stuff on the file provider
[2009/06/01 00:32:37] @ Quit: d3vilb0x:
[2009/06/01 00:34:33] <joe-mac> nasrat: hmmm, it's kind of got enough of its own properties that i would think it merits its own type. if you want to have a look, http://www.suse.de/~agruen/acl/linux-acls/online/
[2009/06/01 00:35:16] <joe-mac> sweet i've got a skeleton of a ruby-ncurses app to look at node yaml's like the facts, and reports come after i get this formatted properly heh
[2009/06/01 00:36:02] @ Quit: ivan: "Coyote finally caught me"
[2009/06/01 00:36:21] @ ivan joined channel #puppet
[2009/06/01 00:36:43] @ Quit: hessmll: "Leaving..."
[2009/06/01 00:38:41] <nasrat> joe-mac: yeah maybe it makes sense as a seperate type, although that's got me thinking a bit now
[2009/06/01 00:39:14] <joe-mac> feel free to let your consciousness stream, i am on vacation so i am just going to be around hacking most of the night
[2009/06/01 00:40:46] <joe-mac> well, most of the morning for you i think
[2009/06/01 00:42:50] <CaptainCupcake> is it possible to have a class that only gets executed on a set of nodes if you pass in a tag?
[2009/06/01 00:43:10] <CaptainCupcake> or are tags always used to get at a subset?
[2009/06/01 00:44:04] <joe-mac> anyone know if there is a method in the puppet libraries that will load all facts from a yaml into variables in a ruby script?
[2009/06/01 00:46:18] @ Quit: drmikecrowe_: " HydraIRC -> http://www.hydrairc.com <- Would you like to know more?"
[2009/06/01 00:49:12] <joe-mac> looks like yaml.rb in the indirector dir will do it
[2009/06/01 00:49:54] <PaulWay> Djelibeybi: now do I have to do anything special with facter to get it to recognise that custom fact on the client?
[2009/06/01 00:51:00] <PaulWay> Because I just checked and it has copied the fact down to /var/lib/puppet/lib/facts but running facter from the command line doesn't show the fact.
[2009/06/01 00:51:14] <PaulWay> When I set the FACTERLIB env var to that directory it does...
[2009/06/01 00:51:36] @ Quit: lak:
[2009/06/01 00:52:03] <PaulWay> Sorry, /var/lib/puppet/lib/facter
[2009/06/01 00:52:04] <Djelibeybi> PaulWay: Facter that runs via Puppet should see the fact.
[2009/06/01 00:52:10] <PaulWay> Ah, right.
[2009/06/01 00:52:25] <PaulWay> Any way of checking that without too much pain?
[2009/06/01 00:52:35] <Djelibeybi> There is another bug that means that facter --puppet doesn't show the custom fact either
[2009/06/01 00:52:47] <PaulWay> Heh.
[2009/06/01 00:54:42] @ Quit: lutter: "Leaving."
[2009/06/01 00:55:37] <Djelibeybi> if $custom_fact { notify { "log": message => "$custom_fact", } }
[2009/06/01 00:55:57] <Djelibeybi> Should output the value of $custom_fact to your log
[2009/06/01 00:55:58] <PaulWay> But I can't do something on the command line with puppet on a client to check it?
[2009/06/01 00:56:25] <Djelibeybi> Put that in a .pp file and run it with puppet?
[2009/06/01 00:56:36] <PaulWay> nods yeah, just thought of something like that.
[2009/06/01 00:56:43] <CaptainCupcake> Djelibeybi: thanks! Will it work in 0.24.5?
[2009/06/01 00:56:56] <Djelibeybi> CaptainCupcake: will what work? :)
[2009/06/01 00:57:06] <MrHeavy> lak: Question if you're still around
[2009/06/01 00:57:11] <CaptainCupcake> if $custom_fact { notify { "log": message => "$custom_fact", } }
[2009/06/01 00:57:19] <Djelibeybi> CaptainCupcake: that was for PaulWay
[2009/06/01 00:57:25] <CaptainCupcake> was what I was referring to =)
[2009/06/01 00:57:27] <MrHeavy> OpenSolaris makes it very easy to tell if there's updates available for a package, and very difficult to tell what the new package version is
[2009/06/01 00:57:35] <MrHeavy> How should I implement :ensure => 'latest'?
[2009/06/01 00:57:50] <CaptainCupcake> Djelibeybi: ahh =p
[2009/06/01 00:57:58] <Djelibeybi> CaptainCupcake: but yeah, that should work for you too, now that I read your question. :)
[2009/06/01 00:58:04] <CaptainCupcake> eheheh =)
[2009/06/01 01:09:22] @ shake-n-bake joined channel #puppet
[2009/06/01 01:09:23] <Djelibeybi> CaptainCupcake: http://reductivelabs.com/trac/puppet/wiki/LanguageTutorial#conditionals
[2009/06/01 01:12:27] @ Quit: madduck: verne.freenode.net irc.freenode.net
[2009/06/01 01:12:27] @ Quit: Berge: verne.freenode.net irc.freenode.net
[2009/06/01 01:12:27] @ Quit: webx: verne.freenode.net irc.freenode.net
[2009/06/01 01:12:27] @ Quit: thijso: verne.freenode.net irc.freenode.net
[2009/06/01 01:12:28] @ Quit: astinus: verne.freenode.net irc.freenode.net
[2009/06/01 01:12:29] @ Quit: CaptainCupcake: verne.freenode.net irc.freenode.net
[2009/06/01 01:12:29] @ Quit: bartc: verne.freenode.net irc.freenode.net
[2009/06/01 01:12:30] @ Quit: mmcgrath: verne.freenode.net irc.freenode.net
[2009/06/01 01:12:44] @ webx joined channel #puppet
[2009/06/01 01:12:44] @ thijso joined channel #puppet
[2009/06/01 01:12:44] @ astinus joined channel #puppet
[2009/06/01 01:12:44] @ CaptainCupcake joined channel #puppet
[2009/06/01 01:12:44] @ bartc joined channel #puppet
[2009/06/01 01:12:44] @ madduck joined channel #puppet
[2009/06/01 01:12:44] @ Berge joined channel #puppet
[2009/06/01 01:12:44] @ mmcgrath joined channel #puppet
[2009/06/01 01:18:55] @ saurabhverma joined channel #puppet
[2009/06/01 01:19:25] @ Quit: edwardam: Remote closed the connection
[2009/06/01 01:19:32] @ Quit: nasrat:
[2009/06/01 01:31:22] @ nasrat joined channel #puppet
[2009/06/01 01:39:50] @ Quit: f3ew: Remote closed the connection
[2009/06/01 01:46:13] * joe-mac wonders why processor facts aren't available on obsd
[2009/06/01 01:46:35] <joe-mac> oh it's called hardwareisa on obsd, odd
[2009/06/01 01:53:52] @ mattock joined channel #puppet
[2009/06/01 01:56:35] @ Quit: nasrat: Read error: 110 (Connection timed out)
[2009/06/01 02:00:54] @ f3ew joined channel #puppet
[2009/06/01 02:11:11] @ jmarki joined channel #puppet
[2009/06/01 02:12:20] @ edwardam joined channel #puppet
[2009/06/01 02:14:07] @ Quit: yure: Remote closed the connection
[2009/06/01 02:19:52] @ Quit: claymation:
[2009/06/01 02:39:59] @ Quit: saurabhverma: Read error: 104 (Connection reset by peer)
[2009/06/01 02:44:50] @ Quit: shake-n-bake:
[2009/06/01 02:46:50] @ shimith joined channel #puppet
[2009/06/01 02:47:45] @ shake-n-bake joined channel #puppet
[2009/06/01 02:48:56] @ Quit: jmarki: Read error: 60 (Operation timed out)
[2009/06/01 02:48:58] @ shimith left channel #puppet ()
[2009/06/01 02:53:45] @ Quit: shake-n-bake:
[2009/06/01 02:54:50] @ shake-n-bake joined channel #puppet
[2009/06/01 02:59:35] @ Quit: edwardam: Remote closed the connection
[2009/06/01 03:06:12] @ PaulWay left channel #puppet ()
[2009/06/01 03:07:05] @ fujin joined channel #puppet
[2009/06/01 03:08:14] @ mvn072 joined channel #puppet
[2009/06/01 03:17:47] @ MattyM joined channel #puppet
[2009/06/01 03:18:06] @ nasrat joined channel #puppet
[2009/06/01 03:19:59] @ DerekW joined channel #puppet
[2009/06/01 03:34:48] @ joe-mac left channel #puppet ()
[2009/06/01 03:35:47] @ madrescher joined channel #puppet
[2009/06/01 03:41:52] @ Quit: nasrat:
[2009/06/01 03:47:06] @ glaw joined channel #puppet
[2009/06/01 03:48:07] @ glaw is now known as glaw-bfb
[2009/06/01 03:48:34] @ glaw-bfb is now known as glaw
[2009/06/01 03:54:13] @ madrescher1 joined channel #puppet
[2009/06/01 03:55:25] @ Quit: madrescher: Read error: 110 (Connection timed out)
[2009/06/01 04:02:29] @ zeroXten joined channel #puppet
[2009/06/01 04:27:48] @ Quit: glaw: Remote closed the connection
[2009/06/01 04:29:57] @ Quit: bgupta: SendQ exceeded
[2009/06/01 04:31:41] @ omry\|work joined channel #puppet
[2009/06/01 04:32:17] @ Quit: madrescher1: "Leaving."
[2009/06/01 04:32:22] @ madrescher joined channel #puppet
[2009/06/01 04:33:02] <omry\|work> how do I call a define without any parameters?
[2009/06/01 04:33:30] <omry\|work> just doing blah{} failed, had to do something silly like blah{"dummy":}
[2009/06/01 04:33:50] @ Quit: Djelibeybi: "Leaving"
[2009/06/01 04:37:33] @ justindossey1 joined channel #puppet
[2009/06/01 04:43:35] @ Welsh_Dwarf joined channel #puppet
[2009/06/01 04:46:27] @ Quit: justindossey: Read error: 104 (Connection reset by peer)
[2009/06/01 04:46:59] @ DavidS joined channel #puppet
[2009/06/01 04:49:44] <Volcane> omry\|work: resources all need names, so blah{} would be a nameless resource
[2009/06/01 04:50:46] <omry\|work> Volcane, in this case blah is actually ensuring a user exists in mysql. it's not really a resource
[2009/06/01 04:51:16] <Volcane> so by that logic exec{} would also not be resources?
[2009/06/01 04:51:34] <omry\|work> yes
[2009/06/01 04:51:39] <DavidS> omry\|work: have you looked at my mysql module? it's not very polished, but it has a native mysql_user type which can be used to manage mysql users
[2009/06/01 04:51:43] <Volcane> but they are, and so are defines
[2009/06/01 04:51:51] <omry\|work> davelj, I am using the mysql module
[2009/06/01 04:51:56] <omry\|work> blah{} is calling it.
[2009/06/01 04:52:18] <omry\|work> Volcane, in my opinion, execs are sort of an abomination in puppet.
[2009/06/01 04:52:26] <omry\|work> not to say they have no uses, but they are out of place.
[2009/06/01 04:52:27] <DavidS> omry\|work: so what's the problem, then? (I've missed the beginning of the conversation)
[2009/06/01 04:53:06] <omry\|work> DavidS, I have many mysql servers, and I want to ensure a particular user+password+grants is defined on all of them
[2009/06/01 04:53:31] <omry\|work> I noticed that I have that defined in many classes
[2009/06/01 04:53:33] <DavidS> so that's a class, no?
[2009/06/01 04:53:51] <omry\|work> so I figured I`d make it a define and call it from each such class
[2009/06/01 04:54:09] <DavidS> class custom_mysql_users { mysql_user {..:...} ... }
[2009/06/01 04:54:14] <Volcane> just move what u have already into a class and then include it in all your other classes that need it
[2009/06/01 04:54:27] <DavidS> Volcane++
[2009/06/01 04:54:38] <omry\|work> will do, thanks.
[2009/06/01 04:57:27] <omry\|work> when calling puppetrun to run on multiple machines at once, is there a way to get error notifications?
[2009/06/01 05:04:19] @ nasrat joined channel #puppet
[2009/06/01 05:08:29] <DavidS> omry\|work: use the "report" feature
[2009/06/01 05:08:29] <DavidS> it causes puppetd to send the results of a run to the server
[2009/06/01 05:08:35] @ glaw joined channel #puppet
[2009/06/01 05:08:43] <omry\|work> is that related to pupperrun or a generic pupped option?
[2009/06/01 05:12:43] <omry\|work> DavidS, okay - saw the docs. it sounds more verbose than what I want. I basically want to know if puppet failed on one of the nodes, and why - and I want to get that info straight back to puppetrun.
[2009/06/01 05:12:48] <omry\|work> that would be ideal.
[2009/06/01 05:13:28] <omry\|work> puppetrun could collect results from failing nodes and print the failures when it's done.
[2009/06/01 05:19:23] @ nakano_ is now known as nakano
[2009/06/01 05:30:19] @ Quit: Kindred: Read error: 60 (Operation timed out)
[2009/06/01 05:30:24] @ Kindred joined channel #puppet
[2009/06/01 05:30:55] @ Quit: hamish: Read error: 104 (Connection reset by peer)
[2009/06/01 05:31:00] @ hamish joined channel #puppet
[2009/06/01 05:42:16] @ Quit: mvn072: "Leaving"
[2009/06/01 05:46:44] @ Quit: ohadlevy: "Leaving."
[2009/06/01 05:54:03] @ poison joined channel #puppet
[2009/06/01 05:54:12] @ chillitom joined channel #puppet
[2009/06/01 05:55:10] @ Quit: madrescher: Read error: 110 (Connection timed out)
[2009/06/01 05:57:32] @ madrescher joined channel #puppet
[2009/06/01 06:11:56] @ Quit: glaw: Remote closed the connection
[2009/06/01 06:12:20] <Volcane> omry\|work: sounds like you want a cap job infront of ssh+puppetd --test :
[2009/06/01 06:12:21] <Volcane> :P
[2009/06/01 06:22:58] <DavidS> Volcane++
[2009/06/01 06:23:02] @ bajan joined channel #puppet
[2009/06/01 06:27:20] @ friendly12345 joined channel #puppet
[2009/06/01 06:33:15] @ Quit: draytm01: "Leaving"
[2009/06/01 06:37:08] @ jmarki joined channel #puppet
[2009/06/01 06:38:12] @ Quit: garin_: Read error: 110 (Connection timed out)
[2009/06/01 06:42:32] @ d3vilb0x joined channel #puppet
[2009/06/01 06:44:10] @ Quit: poison: Remote closed the connection
[2009/06/01 06:58:44] @ Quit: aymerick: "kit mais sage"
[2009/06/01 06:58:52] @ poison joined channel #puppet
[2009/06/01 07:01:21] @ nico joined channel #puppet
[2009/06/01 07:02:45] @ aymerick joined channel #puppet
[2009/06/01 07:03:50] @ aymerick is now known as aym_out
[2009/06/01 07:07:37] @ Quit: jmarki: Read error: 104 (Connection reset by peer)
[2009/06/01 07:13:16] @ Quit: madrescher: "Leaving."
[2009/06/01 07:14:12] @ justindossey joined channel #puppet
[2009/06/01 07:15:49] @ Quit: justindossey1: Read error: 104 (Connection reset by peer)
[2009/06/01 07:20:42] @ madrescher joined channel #puppet
[2009/06/01 07:23:13] @ Quit: DavidS: Read error: 104 (Connection reset by peer)
[2009/06/01 07:29:50] @ lludwig left channel #puppet ()
[2009/06/01 07:35:42] <thijso> test
[2009/06/01 07:37:21] @ Quit: webx: "..(cyp): xxx"
[2009/06/01 07:38:58] @ Quit: thijso: "leaving"
[2009/06/01 07:39:32] @ thijso joined channel #puppet
[2009/06/01 07:40:18] <thijso> ..
[2009/06/01 07:41:43] <f3ew> ?
[2009/06/01 07:41:46] @ Quit: thijso: Client Quit
[2009/06/01 07:42:00] @ thijso joined channel #puppet
[2009/06/01 07:46:51] @ Quit: thijso: Client Quit
[2009/06/01 07:47:07] @ thijso joined channel #puppet
[2009/06/01 07:47:17] @ glaw joined channel #puppet
[2009/06/01 07:50:17] @ Quit: friendly12345: "Leaving."
[2009/06/01 07:52:33] @ Quit: thijso: "leaving"
[2009/06/01 07:52:49] @ thijso joined channel #puppet
[2009/06/01 07:53:37] @ Quit: thijso: Client Quit
[2009/06/01 07:53:54] @ thijso joined channel #puppet
[2009/06/01 07:56:17] @ Quit: justindossey: Read error: 110 (Connection timed out)
[2009/06/01 08:02:38] @ Quit: thijso: "leaving"
[2009/06/01 08:02:56] @ thijso joined channel #puppet
[2009/06/01 08:03:40] @ justindossey joined channel #puppet
[2009/06/01 08:04:54] @ Quit: thijso: Client Quit
[2009/06/01 08:05:14] @ thijso joined channel #puppet
[2009/06/01 08:06:10] @ poison_ joined channel #puppet
[2009/06/01 08:10:27] @ Quit: thijso: "leaving"
[2009/06/01 08:10:44] @ thijso joined channel #puppet
[2009/06/01 08:11:19] <thijso> ..
[2009/06/01 08:12:13] @ Quit: thijso: Client Quit
[2009/06/01 08:12:30] @ thijso joined channel #puppet
[2009/06/01 08:13:05] <thijso> sorry guys, testing something on my irc client..
[2009/06/01 08:15:34] @ glaw_ joined channel #puppet
[2009/06/01 08:15:54] @ Quit: glaw: Remote closed the connection
[2009/06/01 08:16:45] @ Quit: zeroXten: Remote closed the connection
[2009/06/01 08:20:45] @ glaw_ is now known as glaw
[2009/06/01 08:20:58] @ lak joined channel #puppet
[2009/06/01 08:21:33] @ Quit: poison: Read error: 110 (Connection timed out)
[2009/06/01 08:22:09] @ zeroXten joined channel #puppet
[2009/06/01 08:23:53] @ Quit: madrescher: Read error: 113 (No route to host)
[2009/06/01 08:26:07] @ madrescher joined channel #puppet
[2009/06/01 08:32:38] @ incommon_ike joined channel #puppet
[2009/06/01 08:33:39] @ Quit: lak:
[2009/06/01 08:39:18] <Volcane> thijso: why dont you test on a test channel?
[2009/06/01 08:40:05] <Telmo> am I correct to assume that since there is a site.pp per environment I should also have a nodes.pp per environment?
[2009/06/01 08:40:29] <Volcane> no
[2009/06/01 08:40:54] <Volcane> well you could, but generally nodes are visible in all environments and the client tells the master what environment its in
[2009/06/01 08:41:05] <Telmo> good
[2009/06/01 08:41:11] <Telmo> I was about to go nuts :D
[2009/06/01 08:41:47] <Telmo> so in the site.pp an import "*" would import all your nodes without having to specify each one individually
[2009/06/01 08:42:04] <Telmo> sorry, I am trying to wrap my head about how the modules get imported
[2009/06/01 08:42:09] <Volcane> yeh though best to only include .pp or something rather htan
[2009/06/01 08:42:23] <Volcane> and be sure not to put your site.pp in the same dir and then doing import * importing itself
[2009/06/01 08:43:19] <Telmo> would that also include subclasses? or if I have modules/manifest/module.pp and module/manifest/extra/extra.pp I need /.pp ?
[2009/06/01 08:43:33] <Volcane> modules auto import
[2009/06/01 08:43:38] <Telmo> I know that modules get imported by default I am unsure of recursion
[2009/06/01 08:43:51] <Volcane> if you use modules only and no arbitrary classes, you just need to import your nodes
[2009/06/01 08:44:00] <Telmo> ok thanks :)
[2009/06/01 08:44:18] <Volcane> if you have classes in many directories, you'd probably need to import each dir individually, not tried, been ages since i had just vanilla classes
[2009/06/01 08:44:19] <Telmo> so a site.pp with just import "*.pp" is all I need
[2009/06/01 08:58:28] @ mccune joined channel #puppet
[2009/06/01 08:58:46] @ mfoster left channel #puppet ()
[2009/06/01 09:00:27] @ JM joined channel #puppet
[2009/06/01 09:01:42] @ kngus joined channel #puppet
[2009/06/01 09:01:48] @ kngus left channel #puppet ("Leaving.")
[2009/06/01 09:10:17] @ Quit: glaw: Remote closed the connection
[2009/06/01 09:27:03] <gepetto> ::trac:: Development Lifecycle edited by jamtur01 @ http://reductivelabs.com/trac/puppet/wiki/DevelopmentLifecycle (by james@lovedthanlost.net)
[2009/06/01 09:44:06] @ kambiz_away is now known as kambiz
[2009/06/01 09:46:19] @ cwebber joined channel #puppet
[2009/06/01 09:46:27] @ law__ joined channel #puppet
[2009/06/01 09:46:42] <law__> hey all
[2009/06/01 09:47:06] <law__> so, I'm at a new job, and trying to introduce Puppet to the environment here
[2009/06/01 09:47:41] @ Quit: MattyM: Remote closed the connection
[2009/06/01 09:47:48] <law__> there's another sysadmin (more of a developer) at a different geographic location who is trying to impelment this thing called "Spacewalk", which appears to be an Open Sourced RedHat Satellite system
[2009/06/01 09:48:07] <law__> on the surface, it appears to do the same stuff as Puppet, but in a more redhat-centric way
[2009/06/01 09:48:51] <law__> how can I argue that puppet is better?
[2009/06/01 09:49:01] <law__> (besides having a snazzier project name :-D )
[2009/06/01 09:49:16] <Volcane> spacewalk manages packages and updates, not much more afaik?
[2009/06/01 09:49:30] <f3ew> Spacewalk is a RHN replacement
[2009/06/01 09:49:37] <f3ew> not a Puppet thing
[2009/06/01 09:49:51] <law__> f3hw: right. but it also appears to do config management as well
[2009/06/01 09:50:05] @ MattyM joined channel #puppet
[2009/06/01 09:50:10] @ MrHeavy_ joined channel #puppet
[2009/06/01 09:50:30] <Volcane> i think the 2 compliments each other
[2009/06/01 09:50:47] <Volcane> spacewalk for provisioning, update management, puppet for config management
[2009/06/01 09:50:47] <law__> how so?
[2009/06/01 09:50:52] <law__> ahh ok
[2009/06/01 09:51:03] <Volcane> cos spacewalk can just push config files out really, fractional of what puppet can do
[2009/06/01 09:51:19] <Volcane> puppet however isnt hot at package management and has little to do with kickstart stage of things
[2009/06/01 09:51:28] <law__> werd
[2009/06/01 09:52:13] <law__> I threw a Systemimager server up last week because we didn't have one before, but this UK developer guy seems to think that Satellite is the Next Big Thing(tm)
[2009/06/01 09:52:45] <machpo> it's the next Big Expensive Thing(tm)
[2009/06/01 09:53:00] <Volcane> its ok, does good package managmenet and stuff, but theres much more to config management than just files and packages
[2009/06/01 09:53:13] <law__> volcane - I concur
[2009/06/01 09:53:43] @ phantez_ joined channel #puppet
[2009/06/01 09:56:02] <Volcane> i mean puppets for creating users, doing file mounts, setting up apache vhosts complete with all directories etc, and keeping things that way and so forth
[2009/06/01 09:56:09] <Volcane> well past what satelite does, u need both
[2009/06/01 09:57:46] @ Quit: phantez: Read error: 110 (Connection timed out)
[2009/06/01 09:58:23] <law__> werd
[2009/06/01 09:58:32] <law__> well, this new place is pretty much all email archiving, all the time
[2009/06/01 09:58:33] <TREllis> spacewalk doesn't cost anything
[2009/06/01 09:58:50] <law__> we have our own special MTA software running on Tomcat and Jbos
[2009/06/01 09:58:51] <law__> *jobss
[2009/06/01 09:58:57] <law__> bah, JBOSS
[2009/06/01 10:00:05] <Volcane> puppet basically lets you boot the box once kickstart is done with it, and then do everything that u need to the point of taking production traffic
[2009/06/01 10:00:22] <Volcane> my tomcat machines are like baremetal to taking traffic in under 20 minutes
[2009/06/01 10:00:36] <Volcane> users, ssh keys, tomcats, webapps, nfs mounts, everything
[2009/06/01 10:00:41] <nico> this spacewalk thingy looks sexy
[2009/06/01 10:00:55] <TREllis> it's open source RHN Satellite, minus the RHN syncing
[2009/06/01 10:00:58] <Volcane> nico: if only they got rid of the oracle requirement :(
[2009/06/01 10:01:08] <TREllis> Volcane: soon
[2009/06/01 10:01:09] <nico> oracle requirement ? WTF ?!?
[2009/06/01 10:01:13] <Volcane> its on the roadmap to go to postgres
[2009/06/01 10:01:18] <Volcane> nico: yeah the freebie oracle is fine
[2009/06/01 10:01:19] * nico clicks [x] close
[2009/06/01 10:01:23] <Volcane> but still, grim.
[2009/06/01 10:01:30] @ hessmll joined channel #puppet
[2009/06/01 10:01:35] <law__> wait, ORACLE?
[2009/06/01 10:01:37] <nico> the UI is nifty
[2009/06/01 10:01:48] <TREllis> if you just want kickstart management, use cobbler... it's what spacewalk now uses under the tin
[2009/06/01 10:01:59] <law__> cobbler?
[2009/06/01 10:02:08] <TREllis> http://cobbler.et.redhat.com
[2009/06/01 10:02:25] <nico> law__: the RH "bootstrapper"
[2009/06/01 10:02:30] <law__> ahhh
[2009/06/01 10:03:03] <TREllis> there is a postgres tree in the spacewalk GIT repos, not sure how stable it is though
[2009/06/01 10:03:04] <law__> I personally would prefer something distro-agnostic, just because fucking with Redhat/CentOS as a Debian guy makes me want to stab hot needles in my eyes and light myself on fire
[2009/06/01 10:03:04] <nico> FAI like, if you're from the debian side of the force
[2009/06/01 10:03:19] @ glaw joined channel #puppet
[2009/06/01 10:03:28] <TREllis> law__: yup, cobbler can preseed debian & ubuntu and sles too
[2009/06/01 10:03:34] <law__> o rly?
[2009/06/01 10:03:36] <TREllis> and even a bit of windows
[2009/06/01 10:03:39] <nico> ya rly
[2009/06/01 10:03:40] <law__> cool!
[2009/06/01 10:04:08] <law__> does Puppet have a sexy web interface yet?
[2009/06/01 10:04:57] <nico> not officialy, there's iclassify and probably some other homegrown (I do have mine)
[2009/06/01 10:04:58] <TREllis> would be interested if it does, I've seen an ENC web interface for puppet developed by a customer but not too pretty yet
[2009/06/01 10:05:10] <law__> ENC?
[2009/06/01 10:05:12] <nico> ENC ?
[2009/06/01 10:05:23] <law__> nico: what's your web interface look like?
[2009/06/01 10:05:37] <nico> Gonna make a screenshot
[2009/06/01 10:06:04] <maek> http://github.com/adamhjk/iclassify/tree/master iClassify
[2009/06/01 10:06:12] <maek> doh, nico got it. im slow
[2009/06/01 10:06:25] <TREllis> enc - external node classifer.... node definitions on sterioids
[2009/06/01 10:06:31] <TREllis> -i
[2009/06/01 10:06:42] <nico> TREllis: that's waht I use
[2009/06/01 10:06:45] <nico> what*
[2009/06/01 10:07:19] <TREllis> I'd like to try using ldap for that, the interface I've seen someone use was mysql+php, node defnitions stored in db
[2009/06/01 10:07:20] <maek> what is this?
[2009/06/01 10:08:06] <maek> I read something about cobbler+puppet, I thought it was talking about having cobbler create your puppet nodes but im not 100% sure.
[2009/06/01 10:08:28] <Volcane> cobbler can do puppet nodes yeah
[2009/06/01 10:08:30] <MrHeavy_> Okay, more crap about providers
[2009/06/01 10:08:31] <Volcane> its not awesome thoguh
[2009/06/01 10:08:34] <nico> law__: http://celeborn.rottenbytes.info/puppet-screen.png
[2009/06/01 10:08:48] <MrHeavy_> I'm trying to call a static method from a provider instance
[2009/06/01 10:08:50] <nico> quite simple, even my windows sysadmin can use it
[2009/06/01 10:08:53] <MrHeavy_> It keeps insisting the method doesn't exist
[2009/06/01 10:08:54] <MrHeavy_> Any ideas?
[2009/06/01 10:08:54] <law__> neat!
[2009/06/01 10:08:56] <maek> Volcane: thanks for that. awesome is a requirement :)
[2009/06/01 10:09:11] <Volcane> there are no awesome puppet web ui's today
[2009/06/01 10:09:18] <maek> nico: way cool.
[2009/06/01 10:09:38] <maek> is it just info or can you modify things?
[2009/06/01 10:09:42] <nico> just gives the node the classes & var
[2009/06/01 10:09:45] <law__> yeah, I think management at this new company is greatly impressed by the next Big Shiny(tm), and not necessarily Most Powerful(tm)
[2009/06/01 10:09:48] <nico> you can/modify/delete
[2009/06/01 10:10:00] <nico> (the UI is in french indeed)
[2009/06/01 10:10:01] <maek> nico: OSS?
[2009/06/01 10:10:24] <Volcane> law__: manageent shouldnt decide tech :P
[2009/06/01 10:10:42] <nico> maek: could be, some parts are too much integrated with the whole corporate thing
[2009/06/01 10:11:09] <maek> ah. how do you parse that info out? using puppet it self?
[2009/06/01 10:11:35] <nico> Storage is in the database
[2009/06/01 10:11:53] <Volcane> nico: http://reductivelabs.com/trac/puppet/wiki/ExternalNodes
[2009/06/01 10:12:04] <nico> Informations are passed to puppet through an external node script, in ruby
[2009/06/01 10:12:22] <nico> Volcane: using it :D
[2009/06/01 10:12:25] <maek> the problem im having is I have all my info in several places right now, no DRY. I have the inventory db, cobbler and puppet. it would be nice to feed them all from once source. preferable the inventory db.
[2009/06/01 10:12:36] <Volcane> nico: ah i ment the url for maek :)
[2009/06/01 10:12:46] <maek> Volcane: thanks, reading.
[2009/06/01 10:12:49] <nico> maek: that's what I try to do :)
[2009/06/01 10:12:55] <nico> Volcane: np
[2009/06/01 10:13:27] <maek> and cobbler has that xmlrpc so It shouldn't be so hard. except for the fact that I cant really code so well :)
[2009/06/01 10:13:44] <realist> maek, nico: that's what I'm trying to do, but quite difficult with 3x inventory databases, all inconsistent with each other, and none reflecting reality
[2009/06/01 10:14:49] <nico> yeah, much time to get information in the right place, without breaking anything :)
[2009/06/01 10:14:57] @ Quit: incommon_ike: Read error: 110 (Connection timed out)
[2009/06/01 10:15:25] <maek> some people I know use this inventory db http://nventory.wiki.sourceforge.net/ along with facter but they wrote there own config manager, kind of like cfengine, just a frame work to run scripts, no resources
[2009/06/01 10:15:32] <maek> the inventory db is hot stuff though
[2009/06/01 10:15:52] @ flakrat joined channel #puppet
[2009/06/01 10:19:59] @ incommon_ike joined channel #puppet
[2009/06/01 10:20:23] @ Quit: shake-n-bake:
[2009/06/01 10:21:06] <TREllis> ooh nventory looks pretty nifty
[2009/06/01 10:21:28] @ Quit: incommon_ike: Client Quit
[2009/06/01 10:21:34] @ geoffr joined channel #puppet
[2009/06/01 10:22:30] <maek> TREllis: it pairs up with http://www.aput.biz/ this stuff. etch is the config tool but nVentory can be changed easily. its from overture before they became yahoo
[2009/06/01 10:23:25] <TREllis> interesting project
[2009/06/01 10:23:30] <geoffr> hi everybody, we've recently installed puppet throughout our Debian network. We've hit the question do you have puppet run 'aptitude upgrade' OR do you rather 'ensure => latest' on each package individually. The problem we see with the second route is the amount of packges being in the thousands
[2009/06/01 10:23:58] <geoffr> OR does someone have a far better solution? :)
[2009/06/01 10:24:05] * Volcane doesnt really trust automated distupdates
[2009/06/01 10:24:36] <nico> neither do I
[2009/06/01 10:25:24] <geoffr> ok, do you have a prefered route to keep packages up to date?
[2009/06/01 10:25:30] @ lak joined channel #puppet
[2009/06/01 10:25:50] <Volcane> geoffr: with debian? i dont know a single client of mine who bothers cos its just too risky
[2009/06/01 10:26:13] <TREllis> geoffr: I'd prefer to just let puppet manage state of those packages and use a mass upgrade tool (some sort of distributed remote tool.. func/spacewalk or just a wrapper around ssh) after a shed load of testing to make sure it doesn't screw your UAT/prod
[2009/06/01 10:26:18] <Volcane> geoffr: with redhat I've something to aggregate yum check-update data and then i just ssh loop update what i want, yuk
[2009/06/01 10:26:31] @ rgsteele\|\|work joined channel #puppet
[2009/06/01 10:26:33] @ bajan left channel #puppet ()
[2009/06/01 10:26:34] <Volcane> TREllis: yeah, thats about the sanest way to go
[2009/06/01 10:27:38] <TREllis> although I'd only do that for critical security patches
[2009/06/01 10:27:42] @ phantez joined channel #puppet
[2009/06/01 10:27:51] <TREllis> anything else can be completely re-staged / reinstalled
[2009/06/01 10:28:31] <geoffr> ok thanks, UAT/prod would be handled beforehand so that should be ok. We would want an automated system to handle updated specified by DSA's /CVE's
[2009/06/01 10:28:33] <Volcane> yeah once puppet is totally managing your entire box, unless u really have a solid updates source tht only updates critical things without changing behaviour mid stable release - ie. not like debian - then just reinstalling is safer
[2009/06/01 10:29:31] <TREllis> I guess for debian stable that'll just be the security repos
[2009/06/01 10:29:42] <TREllis> for RHEL/CentOS its a slightly different story
[2009/06/01 10:29:44] <geoffr> yep, that's them
[2009/06/01 10:30:33] @ Quit: phantez_: Read error: 110 (Connection timed out)
[2009/06/01 10:34:22] <geoffr> so just to re-iterate (to make sure I'm understanding) the prefered route is to use a specific instruction for each specific package installed (note that this is just for security/bug patching not for full dist-upgrades)
[2009/06/01 10:34:50] <Volcane> i have a little external data lookup thing
[2009/06/01 10:34:52] <Volcane> so i do
[2009/06/01 10:35:12] <Volcane> package{"foo": ensure => extlookup("foo", "present", "packages") }
[2009/06/01 10:35:14] <Volcane> which translates to
[2009/06/01 10:35:30] <Volcane> look up data for the key 'foo' in my 'packages' data source and if you dont find it there use 'present'
[2009/06/01 10:35:44] <Volcane> so if i wanted to set package foo to latest, or something else, or even absent, i just update my data
[2009/06/01 10:36:31] @ mfoster joined channel #puppet
[2009/06/01 10:36:35] <geoffr> ah Volcane that looks like exactly what I'm looking for. Will try it out
[2009/06/01 10:36:40] <maek> so Volcane you dont run "yum upgrade" ? or you do but its pointed to custom repos with only the pkgs you want?
[2009/06/01 10:37:04] <Volcane> maek: not via puppet no
[2009/06/01 10:37:13] <Volcane> geoffr: http://nephilim.ml.org/~rip/puppet/extlookup.rb thats the extlookup thing
[2009/06/01 10:37:37] <Volcane> maek: i get a report like this built daily: http://nephilim.ml.org/~rip/updatecentral/sample/tabbed/#uc-Yum
[2009/06/01 10:37:49] <Volcane> maek: and i decide based on that whats gonna be the best approach to update boxes
[2009/06/01 10:37:56] <Volcane> liek i wouldnt want to just auto update httpd
[2009/06/01 10:37:57] <Volcane> or php
[2009/06/01 10:38:10] <Volcane> but updating say net-snmp, whatever whenever puppet feels like it, or maybe just a ssh loop
[2009/06/01 10:38:35] <maek> what do you mean by ssh loop?
[2009/06/01 10:38:48] <maek> so this then generates the data file telling it what pkgs it can update
[2009/06/01 10:39:07] <Volcane> maek: no i generally avoid all automated unattended package updates
[2009/06/01 10:39:12] <f3ew> for i in host1 host2 host3 ...; do ssh $host "command"; done
[2009/06/01 10:39:20] <Volcane> maek: but i guess it could if that was your thing, i just dont trust it
[2009/06/01 10:39:36] <maek> oh oh, literally an ssh loop to update
[2009/06/01 10:39:52] <Volcane> yeah, i just copy the host list for whatever package from that report
[2009/06/01 10:40:07] <maek> Volcane: I trust it as far as "it works on updating" but I have the same problem with updating oracle sensitive pkgs
[2009/06/01 10:40:09] <Volcane> its lame, but it beats waking up at 4am cos i foo'd up all my machines with a broken update :P
[2009/06/01 10:40:52] <Volcane> maek: yeah so i'm just over cautious about this kind of thing, it would be too hard to say code a white/blacklist of things to update automatically
[2009/06/01 10:41:03] <Volcane> maek: like this morning i saw there was an update for 'file' seems harmless right?
[2009/06/01 10:41:19] <Volcane> except it had depedencies that then made it so httpd also update, which is a very bad thing
[2009/06/01 10:41:29] <TREllis> yeah that's annoying
[2009/06/01 10:41:40] <TREllis> I tend to just use excludes in yum.conf for that kinda thing
[2009/06/01 10:41:50] <maek> some of the updates are insane with what they call a dependancy
[2009/06/01 10:41:57] <Volcane> and I'd most certainly never have told my auto update system to not go update file? i mean who would think it would update httpd? so the whole package update thing is just crap and even worse than user management
[2009/06/01 10:43:01] @ phantez_ joined channel #puppet
[2009/06/01 10:43:02] <maek> put puppet it self doesnt really care about the version right? if I say package { http: ensure => present } and it gets updated from 2.0 to 2.0.1 puppet can still control it right? I dont have to make new puppet configs for each version update right?
[2009/06/01 10:43:13] <maek> Volcane: is updatecentral OSS?
[2009/06/01 10:43:45] <Volcane> http://nephilim.ml.org/~rip/updatecentral/updatecentral-0.9.tgz
[2009/06/01 10:43:57] <maek> thanks!
[2009/06/01 10:45:14] @ Quit: phantez: Read error: 110 (Connection timed out)
[2009/06/01 10:46:04] <TREllis> Volcane: how does that work out the updates?
[2009/06/01 10:46:12] <Volcane> it has a simple plugin architecture so you can make it look for deb, gem, whatever with simple plugins
[2009/06/01 10:46:24] <TREllis> Volcane: checks repos based on your systems package lists?
[2009/06/01 10:46:25] @ edwardam joined channel #puppet
[2009/06/01 10:46:35] <Volcane> TREllis: for yum it takes yum check-update on the client and mails it off to the server, server receives it and ake a report
[2009/06/01 10:46:55] <Volcane> and u can say: parser.yum.enablerepo = centos-base,centos-updates
[2009/06/01 10:46:56] <TREllis> Volcane: interesting
[2009/06/01 10:47:02] <Volcane> that says for the yum update, only look at those repos
[2009/06/01 10:47:14] <Volcane> so if you only wanted a report for your own repo, you can just tell it to do that
[2009/06/01 10:47:39] <TREllis> yeah just uses --enablerepo option in yum, gotcha
[2009/06/01 10:47:41] <Volcane> the config has a passphrase and at the end of the mail that gets submitted is just a little md5(pasphrase+mailbody) style crypto signature that the server will authenticate
[2009/06/01 10:47:47] @ Quit: alex2: Read error: 54 (Connection reset by peer)
[2009/06/01 10:47:59] <Volcane> and only 1 report per box per day will be accepted, so its at least not trivial for someone to inject fake reports etc
[2009/06/01 10:48:45] @ lazzurs_ joined channel #puppet
[2009/06/01 10:49:15] @ Quit: lazzurs: Read error: 104 (Connection reset by peer)
[2009/06/01 10:49:47] <Volcane> it was the first largish ruby thing i wrote, so perhaps the plugins can be a bit better, but they're simple to understand as they are
[2009/06/01 10:50:51] <TREllis> i'd prefer something a little more hands off on the client side, a bit like the way spacewalk does things, but not so heavy
[2009/06/01 10:51:26] <Volcane> yeah for sure, well it wouldnt be hard to write a simple data file that the extlookup tool for example can understand
[2009/06/01 10:51:29] <Volcane> the output is just templates
[2009/06/01 10:51:32] <TREllis> although running yum check-update isn't too heavy... how'd you randomise the running of that in your app?
[2009/06/01 10:51:39] <Volcane> and its not dynamic, cron builds it once a day
[2009/06/01 10:51:46] <TREllis> for every server?
[2009/06/01 10:51:55] <Volcane> no the final report is once a day
[2009/06/01 10:52:17] <Volcane> every server crons and the client has a random sleep
[2009/06/01 10:53:07] @ matty joined channel #puppet
[2009/06/01 10:53:18] <TREllis> understood
[2009/06/01 10:53:39] <Volcane> i made the central server cron the update with a view on building some data file in future, so a dynamic view wouldnt be awesome unless i wanted to go overboard with REST calls and stuff
[2009/06/01 10:53:42] <Volcane> but thats not great
[2009/06/01 10:58:06] @ Quit: justindossey: Read error: 110 (Connection timed out)
[2009/06/01 10:59:18] * nico needs to enable the reports on his puppets
[2009/06/01 11:04:26] @ Quit: chillitom: verne.freenode.net irc.freenode.net
[2009/06/01 11:04:27] @ Quit: gebi_: verne.freenode.net irc.freenode.net
[2009/06/01 11:05:03] @ gebi joined channel #puppet
[2009/06/01 11:05:06] @ chillitom joined channel #puppet
[2009/06/01 11:06:51] @ nmalik joined channel #puppet
[2009/06/01 11:09:50] @ lutter joined channel #puppet
[2009/06/01 11:09:57] @ Quit: hessmll: "Leaving..."
[2009/06/01 11:11:17] @ Quit: law__: Read error: 113 (No route to host)
[2009/06/01 11:12:00] @ martha joined channel #puppet
[2009/06/01 11:20:19] @ justindossey joined channel #puppet
[2009/06/01 11:20:20] <maek> Volcane: sorry to be dense. I would like to understand your update process better. basically you create a report with yum check-update and that feeds that info to updatecentral, you then manually decide what packages to update and then you update your data source and your external node will update the package? is that somewhat correct?
[2009/06/01 11:20:57] @ alfism joined channel #puppet
[2009/06/01 11:21:26] @ Quit: philip__: Remote closed the connection
[2009/06/01 11:21:37] @ philip joined channel #puppet
[2009/06/01 11:26:28] @ Quit: fujin: Read error: 110 (Connection timed out)
[2009/06/01 11:27:03] @ phantez joined channel #puppet
[2009/06/01 11:27:04] @ Quit: phantez_: Read error: 104 (Connection reset by peer)
[2009/06/01 11:29:18] @ Quit: mattock: "Leaving."
[2009/06/01 11:30:23] <Volcane> maek: yes, though i am not at the point of updating my data source yet due to the issues with unexpected side effects as described with the file + httpd example
[2009/06/01 11:30:31] @ fujin joined channel #puppet
[2009/06/01 11:30:49] <maek> Volcane: thanks. how did you know file dep'ed httpd? from the check-update output?
[2009/06/01 11:31:02] <Volcane> maek: updated dev server first, went "wtf?"
[2009/06/01 11:31:10] <maek> ah :)
[2009/06/01 11:31:34] @ incommon_ike joined channel #puppet
[2009/06/01 11:31:56] <maek> ive just been waiting for minor releases then testing the entire update in dev, then moving the dvd install source to a repo. so we dont update until say rhel 5.4 comes out
[2009/06/01 11:32:16] <Volcane> ah, i like keeping my machines up to date as far as possible
[2009/06/01 11:32:27] <sigmonsays> what's the largest scale anyone has ever deployed puppet?
[2009/06/01 11:32:29] <incommon_ike> anyone use puppet to push out .htaccess files instead of vhosts?
[2009/06/01 11:32:30] <Volcane> depends on environment though, one client i dont update at all
[2009/06/01 11:32:31] <maek> we dont have internet so security is less of an issue
[2009/06/01 11:32:38] <sigmonsays> if you had 1k machines, how many masters would u need?
[2009/06/01 11:32:46] <Volcane> others like my own are machines sat all over the place in many countries with no firewalls, those i update often
[2009/06/01 11:33:05] <Volcane> others i go for somewhere inbetween, i update them say 2 months after the major distro upgrade and only apply things i consider critical
[2009/06/01 11:33:28] <maek> I even had oracle claim once that because I had updated 4.1 inbetween 4.2 coming out that my configuration was not certified thus unsupported
[2009/06/01 11:33:34] <Volcane> so automating package update management is very complex for me due to all these different scenarios
[2009/06/01 11:34:14] <Volcane> sigmonsays: been up to ~700 on one master, you probably want 2 at the least but there are various options to say just move file serving off etc
[2009/06/01 11:34:34] <sigmonsays> Yah. well 1k is not even close to the upper limit. I had growing pains on 400-500
[2009/06/01 11:34:43] <sigmonsays> going from 1k -> 5k is gonna be just as hard
[2009/06/01 11:34:50] <sigmonsays> but i guess it's all the same.
[2009/06/01 11:34:52] <Volcane> yeah, it depends on your manifest complexity etc
[2009/06/01 11:35:02] <sigmonsays> file server farm, more masters, etc
[2009/06/01 11:35:17] <Volcane> 0.25.x should be a lot better for this kind of thing, but i think once you have that many clients it would be important to make your puppet infra quite resiliant etc
[2009/06/01 11:35:28] <Volcane> I have regional masters, one in europe, one in the states etc
[2009/06/01 11:35:35] <sigmonsays> Yah, makes sense
[2009/06/01 11:35:57] <Volcane> if one goes bellyup i can point the clients at the other one (i use geo dns to move clients to near masters)
[2009/06/01 11:37:05] @ Quit: geoffr: Remote closed the connection
[2009/06/01 11:48:30] @ claymation joined channel #puppet
[2009/06/01 11:57:05] @ Quit: incommon_ike: Read error: 104 (Connection reset by peer)
[2009/06/01 11:58:11] @ Quit: fujin:
[2009/06/01 12:00:55] @ Quit: madrescher: Read error: 110 (Connection timed out)
[2009/06/01 12:01:52] @ madrescher joined channel #puppet
[2009/06/01 12:04:03] @ Quit: MattyM: "ta ta"
[2009/06/01 12:11:53] @ Quit: edwardam: "So much for a vacation...."
[2009/06/01 12:16:38] @ Quit: omry\|work: Read error: 104 (Connection reset by peer)
[2009/06/01 12:25:00] @ Quit: alfism: "Connection reset by beer"
[2009/06/01 12:25:33] <MrHeavy_> I've got an OpenSolaris host running 0.24.8 that keeps spitting "Certificates were not trusted: certificate verify failed" at me for no discernible reason
[2009/06/01 12:25:45] <Volcane> time ok?
[2009/06/01 12:25:55] <MrHeavy_> Jesus, nice catch
[2009/06/01 12:26:12] <Volcane> common problem :(
[2009/06/01 12:26:21] <MrHeavy_> I keep getting burned by this VMware bug that sets the system install time to like 1980
[2009/06/01 12:26:27] <Volcane> hehe
[2009/06/01 12:27:06] <sigmonsays> that is a damn good catch :)
[2009/06/01 12:27:14] <sigmonsays> ntp is damn good too :)
[2009/06/01 12:27:44] <MrHeavy_> VMware Tools is a better answer in VMware
[2009/06/01 12:27:52] <MrHeavy_> But I haven't installed it yet since the video driver breaks X
[2009/06/01 12:27:56] <MrHeavy_> And it's a pain in the ass
[2009/06/01 12:28:11] <Volcane> as long as your time doesnt go forward, cos vmware timesync wont fix that
[2009/06/01 12:28:12] <Volcane> lame
[2009/06/01 12:29:27] <MrHeavy_> My timekeeping with VT-x seems to be pretty good
[2009/06/01 12:29:40] <MrHeavy_> But the bug clobbers the system date at install time
[2009/06/01 12:30:57] <nico> is there a doc about multi puppetmasters ? (sharing certificates etc)
[2009/06/01 12:32:08] @ Quit: artista_frustrad: "Leaving"
[2009/06/01 12:35:33] @ joe-mac joined channel #puppet
[2009/06/01 12:39:21] <MrHeavy_> I'd imagine it's pretty much the same as running multiple Mongrels behind one Apache instance, except you would need to share out the SSL directory over NFS or something
[2009/06/01 12:39:50] <Volcane> i just generate the CA once and then put the same CA everywhere
[2009/06/01 12:39:52] <Volcane> and it just works
[2009/06/01 12:40:33] @ kngus joined channel #puppet
[2009/06/01 12:40:38] @ kngus left channel #puppet ("Leaving.")
[2009/06/01 12:43:48] <nico> Volcane: autosigning ?
[2009/06/01 12:44:17] <Volcane> doesnt matter, once one box with the CA signed the cert the others will trust it
[2009/06/01 12:44:22] <Volcane> as long as all of them have the same CA
[2009/06/01 12:44:25] <nico> yeah right
[2009/06/01 12:44:41] <Volcane> like my master in the US signs clients there, but they send their reports to my master in germany without problem
[2009/06/01 12:44:48] <nico> You use NFS so ?
[2009/06/01 12:45:08] <Volcane> nah machines are all over, my puppet recipe for setting up a new master copies the CA on to it
[2009/06/01 12:45:18] <nico> ok
[2009/06/01 12:45:45] <nico> mine will be in the rack next of the previous one, I'll use NFS
[2009/06/01 12:48:05] <nico> My company is not worldwide, I don't have the same problems :)
[2009/06/01 12:49:20] <Volcane> i just have lots of machines maybe 1 or 2 per ISP in many places, interesting problems
[2009/06/01 12:49:24] <Volcane> cant do ldap acconts etc
[2009/06/01 12:50:57] <nico> Next steps for me : multiple masters behind nginx, heartbeating nginx, reports, ...
[2009/06/01 12:52:53] @ jmarki joined channel #puppet
[2009/06/01 12:54:54] @ Quit: Welsh_Dwarf: Remote closed the connection
[2009/06/01 12:55:11] @ Welsh_Dwarf joined channel #puppet
[2009/06/01 12:56:02] <tim\|imac> Volcane: why can't you do ldap?
[2009/06/01 12:56:13] @ Quit: Welsh_Dwarf: Read error: 104 (Connection reset by peer)
[2009/06/01 12:56:14] <Volcane> ldap from west coast america to germany?
[2009/06/01 12:56:27] <tim\|imac> ldaps?
[2009/06/01 12:56:32] <Volcane> i could replicate ofcourse to a local ldap there
[2009/06/01 12:56:36] <tim\|imac> yeah
[2009/06/01 12:56:45] <Volcane> but then i end up with too much shared infra to keep machines up
[2009/06/01 12:57:03] <Volcane> on a good day ping times from one to the other is like 200ms
[2009/06/01 12:57:05] <Volcane> its pathetic
[2009/06/01 12:57:11] <tim\|imac> you could work with a replicated datastore
[2009/06/01 12:57:14] <Volcane> not to mention unreliable
[2009/06/01 12:57:38] <tim\|imac> mysql master-master solution could work in that scenario
[2009/06/01 12:57:49] <Volcane> too much shared infra
[2009/06/01 12:58:02] <tim\|imac> hm ok
[2009/06/01 12:58:08] <Volcane> like i dont want to have a local machine to keep another local machine going, and then have to worry about a backup for the ldap box in that country
[2009/06/01 12:58:17] <Volcane> soon I'll have more kit in a country than kit doing actual work :)
[2009/06/01 12:59:08] @ Quit: DerekW: Remote closed the connection
[2009/06/01 12:59:22] <Volcane> i have monitoring and puppet in the states, but they're not mission critical so no biggie if the vm (linode.com machine) goes down
[2009/06/01 12:59:32] <Volcane> ldap would be a different story, I'd need to make serious effort with that
[2009/06/01 13:02:43] @ Quit: justindossey: Read error: 110 (Connection timed out)
[2009/06/01 13:02:49] @ giles_ joined channel #puppet
[2009/06/01 13:07:06] @ Quit: glaw: Remote closed the connection
[2009/06/01 13:09:11] @ erm_ joined channel #puppet
[2009/06/01 13:09:37] @ PhabX joined channel #puppet
[2009/06/01 13:11:16] @ justindossey joined channel #puppet
[2009/06/01 13:12:39] @ Quit: nasrat: "Ex-Chat"
[2009/06/01 13:14:08] @ CaptainCupcake_ joined channel #puppet
[2009/06/01 13:16:17] @ alfism joined channel #puppet
[2009/06/01 13:22:13] @ Quit: CaptainCupcake_: Read error: 60 (Operation timed out)
[2009/06/01 13:22:52] @ plathrop-away is now known as plathrop
[2009/06/01 13:31:09] @ Quit: CaptainCupcake: Read error: 113 (No route to host)
[2009/06/01 13:32:37] @ CaptainCupcake joined channel #puppet
[2009/06/01 13:32:51] @ coofamani joined channel #puppet
[2009/06/01 13:38:38] @ Quit: bobbyz: Read error: 113 (No route to host)
[2009/06/01 13:40:45] <BMDan> You could have another variable $version2 or something, and use the value of $version is $version2 isn't set.
[2009/06/01 13:40:54] <BMDan> Ack, sorry, backscroll.
[2009/06/01 13:45:07] @ Quit: philip: Read error: 113 (No route to host)
[2009/06/01 13:48:18] @ justindossey1 joined channel #puppet
[2009/06/01 13:48:48] @ Quit: justindossey: Read error: 110 (Connection timed out)
[2009/06/01 13:50:19] @ nakano is now known as nakano_
[2009/06/01 13:53:42] <zirpu> is there a way to query the puppetmaster facter db about managed hosts?
[2009/06/01 13:54:12] <nico> "the puppetmaster facter db" ??
[2009/06/01 13:54:48] @ Quit: nmalik: "leaving"
[2009/06/01 13:54:50] <zirpu> all the facter facts from clients are known by the puppetmaster. so i'm wondering if the puppetmaster stores them somewhere accessible.
[2009/06/01 13:55:00] <nico> /var/lib/puppet/facts/*.yaml ?
[2009/06/01 13:55:13] @ nmalik joined channel #puppet
[2009/06/01 13:55:51] <nico> zirpu: take a look at the "puppetlast" script
[2009/06/01 13:55:53] <zirpu> /var/lib/puppet/yaml/nodes on mine i just discovered.
[2009/06/01 13:56:15] <zirpu> erg. yaml/facts i meant.
[2009/06/01 13:57:41] <joe-mac> i'm writing a ruby-ncurses app that displays all the nodes and their facts on the puppet master i'll probably finish the formatting and whatnot ina couple days, but the code is gross and would need an actual ruby person to tell me how to fix lol
[2009/06/01 13:58:02] <Volcane> ncurses is grim yeah
[2009/06/01 14:01:34] @ Quit: lak:
[2009/06/01 14:01:51] @ Quit: madrescher: Read error: 110 (Connection timed out)
[2009/06/01 14:02:05] <zirpu> curses used to be great on vt100 terminals. :-) 24x80 is all you ever needed.
[2009/06/01 14:02:20] <Volcane> i dont mean its bad to look at and use, its bad to code for :)
[2009/06/01 14:03:05] <zirpu> anyone used the puppetmaster rails app? is it worth setting up?
[2009/06/01 14:07:21] @ madrescher joined channel #puppet
[2009/06/01 14:09:57] @ pleemans joined channel #puppet
[2009/06/01 14:35:03] <joe-mac> Volcane: yea, i love curses apps. not writing them though lol
[2009/06/01 14:35:20] <joe-mac> i think the code could be improved by some tips from an actual ruby dev when i am done though
[2009/06/01 14:35:33] <joe-mac> right now though i am trying to get some facts to work on openbsd to submit a diff... then getting back to that
[2009/06/01 14:35:37] @ docelic joined channel #puppet
[2009/06/01 14:35:45] <joe-mac> well, that's after the rmv which could take hours lol
[2009/06/01 14:36:54] <joe-mac> the memory facts are really tied to linux
[2009/06/01 14:37:07] <joe-mac> well, i'm just going to do it the way it works and see if the diff gets accepted...
[2009/06/01 14:37:23] @ lak joined channel #puppet
[2009/06/01 14:39:10] <Volcane> lak: think its worth making a feature request for the +> behavior? is it something you're likely to add/improve?
[2009/06/01 14:39:22] <lak> not at this point
[2009/06/01 14:39:27] <Volcane> k
[2009/06/01 14:39:28] <lak> it's a pretty big change to what an override means
[2009/06/01 14:39:33] <Volcane> ah
[2009/06/01 14:39:49] <lak> not that i'm entirely opposed to such a change, and we've made a couple of small changes recently
[2009/06/01 14:39:59] <lak> but any change needs to retain coherency
[2009/06/01 14:41:54] @ Quit: erm: "leaving"
[2009/06/01 14:42:01] @ erm joined channel #puppet
[2009/06/01 14:46:07] @ gstratton_ joined channel #puppet
[2009/06/01 14:49:11] @ Quit: davelj:
[2009/06/01 14:49:27] @ Quit: nmalik: "leaving"
[2009/06/01 14:49:51] @ nmalik joined channel #puppet
[2009/06/01 14:50:25] <joe-mac> anybody got a link to the proper procedure for submitting patches for facter?
[2009/06/01 14:53:11] <lak> joe-mac: wiki:DevelopmentLifecycle
[2009/06/01 14:53:17] <gepetto> lak: joe-mac: wiki:DevelopmentLifecycle is http://reductivelabs.com/trac/puppet/wiki/DevelopmentLifecycle
[2009/06/01 14:53:34] <joe-mac> thanks lak
[2009/06/01 14:54:15] <joe-mac> ah shit, if i already began working right after a git clone and didn't do a branch, do i have to like re clone or something?
[2009/06/01 14:54:40] @ Quit: gstratton: Read error: 110 (Connection timed out)
[2009/06/01 14:55:23] @ Quit: jmarki: Read error: 110 (Connection timed out)
[2009/06/01 14:57:57] <lak> joe-mac: no, you can make a new branch
[2009/06/01 14:58:06] <lak> if you haven't committed it'll just apply the resulting diff
[2009/06/01 14:58:25] <lak> if you have, then your new branch will have the commits and you can just remove them from the source branch with 'git reset'
[2009/06/01 14:59:21] @ Quit: maek: Read error: 110 (Connection timed out)
[2009/06/01 14:59:31] @ Quit: PhabX: "Leaving..."
[2009/06/01 14:59:44] @ fujin joined channel #puppet
[2009/06/01 14:59:45] @ Quit: zeroXten: Remote closed the connection
[2009/06/01 15:06:44] @ Quit: pleemans: Read error: 60 (Operation timed out)
[2009/06/01 15:07:07] @ fujin_ joined channel #puppet
[2009/06/01 15:08:42] @ gstratton joined channel #puppet
[2009/06/01 15:18:12] @ Quit: gstratton_: Read error: 110 (Connection timed out)
[2009/06/01 15:26:32] @ maek joined channel #puppet
[2009/06/01 15:27:06] @ bgupta joined channel #puppet
[2009/06/01 15:27:21] <maek> ls
[2009/06/01 15:27:27] <maek> sorry, ww
[2009/06/01 15:27:30] @ Quit: fujin: Read error: 113 (No route to host)
[2009/06/01 15:39:27] <maek> I have a "design" questions
[2009/06/01 15:39:33] <maek> I have several things I do to every system
[2009/06/01 15:40:36] <maek> currently I have each thing as a class, like "disable rhn" and "turn off service" and then I have a class called base that includes each other "thing" class. is that legit it seems like loads of files. do you guys just have a class of base and all its resources in that class?
[2009/06/01 15:41:46] <nico> personnaly I do, but I'm not really a good example
[2009/06/01 15:42:14] <maek> nico: you have 1 large file?
[2009/06/01 15:42:32] <nico> I have a class named "common" that sets up every OS agnostic things, it includes many different classes
[2009/06/01 15:42:48] <nico> maek: definitively not
[2009/06/01 15:42:59] <nico> maek: I don't use modules
[2009/06/01 15:43:43] <nico> I have a manifests/classes dir that has my classes definitions
[2009/06/01 15:45:37] <nico> maek: http://pastie.org/496930
[2009/06/01 15:45:43] <maek> nico: thanks
[2009/06/01 15:46:07] <maek> so inside one of your classes
[2009/06/01 15:46:14] <maek> there are several sub classes that are doing a certain thing?
[2009/06/01 15:46:52] <nico> yes, example
[2009/06/01 15:46:59] <coofamani> nico: I do it the way you described. Each "thing" is a module, and I have a base node class that gets inherited in all the other node definitions
[2009/06/01 15:47:03] <maek> if I do class base { class disable_rhn { stuff that disables rhn } } and then include base will that imply the inclusion of disable_rhn as well?
[2009/06/01 15:47:12] <coofamani> nico: though I may not be a good example either :)
[2009/06/01 15:47:20] <nico> maek: pastie updated
[2009/06/01 15:47:26] <maek> nico: thanks
[2009/06/01 15:48:08] @ Quit: erm_: "Lost terminal"
[2009/06/01 15:48:12] @ Quit: lak:
[2009/06/01 15:48:14] <maek> would mine pastie'ing an entire class? assuming know sensitive info?
[2009/06/01 15:48:25] <coofamani> nico: how would handle a situation where webserver::apache2 and webserver::pool had a common 'type' requirement, like a user or service. do they conflict?
[2009/06/01 15:48:25] <nico> I suppose I should make a a folder per "domain", like http://git.black.co.at/
[2009/06/01 15:49:03] @ Quit: aym_out: "kit mais sage"
[2009/06/01 15:49:27] <Bradipo> maek: Use a pastebin maybe?
[2009/06/01 15:49:46] <nico> coofamani: I don't have conflicts :)
[2009/06/01 15:56:12] <maek> http://pastie.org/496941 so now in a node if I include base do I need to also include disable_rhn and local_repo ?
[2009/06/01 15:57:52] <nico> I'd include class disable_rhn in class base
[2009/06/01 15:58:01] <nico> but I would not define it inside
[2009/06/01 15:58:21] <nico> And I would not create a class per action, but per subject
[2009/06/01 15:58:26] <coofamani> 'the tubes'
[2009/06/01 16:00:22] <maek> nico, how do you mean class per subject?
[2009/06/01 16:00:40] <maek> should I just get rid of the class disable_rhn and class local_repo and let those actions make up class base ?
[2009/06/01 16:00:55] @ mfournier joined channel #puppet
[2009/06/01 16:02:29] * Volcane makes a module for each type of thing with sub classes and include where needed
[2009/06/01 16:02:34] <maek> coofamani: we have a stanch ted stevens support in our group so I only refer to the internet as the tubes so that he can be reminded of how ridiculous his home state senator is.
[2009/06/01 16:02:36] <Volcane> no module pulls in weird unrelated stuff
[2009/06/01 16:02:54] <maek> Volcane: can you paste me an example?
[2009/06/01 16:03:06] @ shake-n-bake joined channel #puppet
[2009/06/01 16:03:13] <coofamani> maek: I work in a NOC and we hung up a portrait of him on the wall
[2009/06/01 16:03:21] <maek> I'm realizing that my single file, single class for each "thing" is the wrong way of doing it, know that I have 18 files in my oracle dir
[2009/06/01 16:03:43] <maek> coofamani: brilliant. just in case someone needs to be reminded, its not a flat bed truck
[2009/06/01 16:04:42] <coofamani> maek: http://reductivelabs.com/trac/puppet/wiki/PuppetBestPractice
[2009/06/01 16:04:51] <Volcane> maek: hmmm, well all my machines include this for example http://pastie.org/496953
[2009/06/01 16:04:57] <maek> coofamani: thanks
[2009/06/01 16:05:12] <Volcane> maek: and each thing, like say snmpd has snmpd::install snmpd::config snmpd::service and snmp includes those
[2009/06/01 16:05:39] <Volcane> maek: resources inside snmpd::config requires Class["snmpd::install"] and service requires config etc to ensure sane ordering
[2009/06/01 16:05:42] <coofamani> mine is like Volcane's. one module per "role" or "thing"
[2009/06/01 16:06:00] <coofamani> Volcane: wow. I was JUST searching for that syntax
[2009/06/01 16:06:06] <maek> Volcane: thanks, im looking at the apache stuff you have in your ~rip/puppet dir. so init.pp to define the base class and then create the apache::thing for the other classes. does the init.pp have any magic about being auto included or anything?
[2009/06/01 16:06:36] <Volcane> maek, coofamani: yeah see wiki:ModuleOrganisation
[2009/06/01 16:06:37] <gepetto> Volcane: maek: wiki:ModuleOrganisation is http://reductivelabs.com/trac/puppet/wiki/ModuleOrganisation
[2009/06/01 16:10:08] <nico> maek: http://pastie.org/496962
[2009/06/01 16:10:21] <Volcane> maek: you do need to include anything you want included though, for example i have bind::master and bind::slave you would want some fancy auto include to include all subclasses for that kind of thing
[2009/06/01 16:11:00] <maek> thank you both.
[2009/06/01 16:11:25] <maek> nico: in this example then staff and sudo, etc etc are there own files defining said class?
[2009/06/01 16:12:03] <nico> yes
[2009/06/01 16:12:23] <giles_> evenin all
[2009/06/01 16:12:33] <Volcane> modules all of them as per wiki:ModuleOrganisation
[2009/06/01 16:12:34] <gepetto> Volcane: wiki:ModuleOrganisation is http://reductivelabs.com/trac/puppet/wiki/ModuleOrganisation
[2009/06/01 16:13:02] <coofamani> I got one for you. I want to define a variable at the node{} level, I have to include the class that uses that variable within the node definition. I cant include the class in my base and inherit it. It doesnt see the variable. Smells like a scope issue. Is this a job for a Definition instead of a module class?
[2009/06/01 16:13:08] <giles_> i'm struggling a bit with my module, probably doing something fundamentally wrong design wise..
[2009/06/01 16:13:10] <nico> Volcane: I should reorganize it, really :)
[2009/06/01 16:13:56] <nico> coofamani: this is done by external node config here
[2009/06/01 16:13:57] <Volcane> coofamani: node inheritance is best avoided
[2009/06/01 16:13:59] <giles_> got a postrgres define that creates a postgres instance and I've got it to put in a nrpe config into /etc/nagios/nrpe.conf.d/pg-port.cfg
[2009/06/01 16:14:11] <Volcane> coofamani: see wiki:CommonMisconceptions
[2009/06/01 16:14:12] <gepetto> Volcane: coofamani: wiki:CommonMisconceptions is http://reductivelabs.com/trac/puppet/wiki/CommonMisconceptions
[2009/06/01 16:14:30] <giles_> but I don't know the best thing to do to reload nrpe
[2009/06/01 16:14:35] <giles_> after adding this file
[2009/06/01 16:14:44] <giles_> as I'm outside of my nrpe class
[2009/06/01 16:14:50] <Volcane> giles_: do you configure the nrpe service with puppet right?
[2009/06/01 16:14:58] <giles_> ya
[2009/06/01 16:14:59] <nico> coofamani: http://pastie.org/496969
[2009/06/01 16:15:12] <Volcane> giles_: then any resources can just do : notify => Service["nrpe"]
[2009/06/01 16:15:25] <nico> I don't know if I do it the right way
[2009/06/01 16:15:29] <Volcane> giles_: the class that created the service resource doesnt matter then
[2009/06/01 16:16:15] <giles_> cool i thought it was going to be a lot more tricky somehow
[2009/06/01 16:17:28] <Volcane> giles_: i have a define in my nagios module - nagios::nrpe_command - and i call that to make all my nrpe command files and it would restart the service so it seems more obvious that way, delegate the work of making the config files for nagios/nrpe to the right module
[2009/06/01 16:18:13] <Volcane> rather than sprinkle loads of file{} resource that put files into /etc/nagios/nrpe.d, this way shold i ever need to make a change to how i do my nrpe - like not using xinetd anymore for example, i only need to look at one place
[2009/06/01 16:19:34] <giles_> okay I could create a nagios::command define I suppose, if I put it inside my postgres define would things like the port be passed down?
[2009/06/01 16:21:51] <zirpu> can someone point me to the puppetmaster rails app and/or docs?
[2009/06/01 16:22:14] @ yure joined channel #puppet
[2009/06/01 16:25:35] <Volcane> giles_:http://pastie.org/496981
[2009/06/01 16:27:44] <Volcane> i run nrpe under xinetd so no need for restarts
[2009/06/01 16:27:45] @ yure_ joined channel #puppet
[2009/06/01 16:28:02] <Volcane> but you'd just notify in there in the 2 file resources
[2009/06/01 16:30:45] <giles_> I see what you're going for tx for your help I'll try a few things
[2009/06/01 16:30:56] @ Quit: schwagala: Remote closed the connection
[2009/06/01 16:31:21] @ schwagala joined channel #puppet
[2009/06/01 16:31:30] @ mattw joined channel #puppet
[2009/06/01 16:32:31] @ BobbyBee joined channel #puppet
[2009/06/01 16:33:26] @ devicenull joined channel #puppet
[2009/06/01 16:38:59] * coofamani moved from node inheritence to class inheritence. better.
[2009/06/01 16:41:04] <zirpu> does anyone use the rails app w/ 0.24.8 ?
[2009/06/01 16:41:24] <coofamani> sorry, what is "the rails app"?
[2009/06/01 16:41:42] <zirpu> puppetshow i think.
[2009/06/01 16:42:21] @ nakano_ is now known as nakano
[2009/06/01 16:42:45] @ Quit: yure: Connection timed out
[2009/06/01 16:44:43] @ drmikecrowe_ joined channel #puppet
[2009/06/01 16:46:35] @ kngus joined channel #puppet
[2009/06/01 16:47:44] @ Cope joined channel #puppet
[2009/06/01 16:47:48] <Cope> Hello...
[2009/06/01 16:48:11] <Cope> Is it possible to set a variable inside a node definition, eg $servergroup = 'staging'
[2009/06/01 16:48:20] <Cope> and then access that within a template?
[2009/06/01 16:48:30] <Volcane> yes
[2009/06/01 16:48:38] <Volcane> set it just like that and access it like any other variable
[2009/06/01 16:48:52] <Cope> Right - so how do I access the variable?
[2009/06/01 16:49:20] <Cope> I want to be able to set ServerName hostname.$servergroup.domain.com
[2009/06/01 16:49:37] <Cope> in an apache config
[2009/06/01 16:50:03] <joe-mac> <%= variable %> in the template
[2009/06/01 16:50:11] <Volcane> ServerName <%= servergroup -%>.domain.com
[2009/06/01 16:50:22] <Cope> of course if $servergorup is empty I dont want .. - is there a ternary operator?
[2009/06/01 16:50:35] <Cope> Can we see if it its unset?
[2009/06/01 16:50:58] <coofamani> You can use the puppet terniary operator
[2009/06/01 16:51:00] <Volcane> yeah well easiest is to do it in puppet with a simple case or select
[2009/06/01 16:51:15] <Volcane> setting $servername in puppet and just popping that into the template
[2009/06/01 16:51:15] <coofamani> heh
[2009/06/01 16:51:17] <coofamani> ruby I mean
[2009/06/01 16:51:17] <joe-mac> if you're on a newer version you want to use has_variable? to test for existance and .nil? to test for empty
[2009/06/01 16:51:26] @ kngus left channel #puppet ("Leaving.")
[2009/06/01 16:51:49] <joe-mac> anybody around th at can tell me how to test the changes i made to facter for openbsd facts? when i type rake in the repo it fails saying some variables are already set
[2009/06/01 16:52:04] <joe-mac> i installed mocha rspect cucumber and hoe
[2009/06/01 16:52:35] <Volcane> never did get the tests running either
[2009/06/01 16:52:46] <Volcane> to test it i just set RUBYLIB and run facter
[2009/06/01 16:53:27] <Cope> Thanks - trying this!
[2009/06/01 16:53:37] <joe-mac> thanks Volcane
[2009/06/01 16:53:37] <Volcane> its on the wiki page for facter
[2009/06/01 16:54:01] <joe-mac> Volcane: i am on the developmentcycle page that lak showed me earlier, you mean a diff wiki page?
[2009/06/01 16:54:19] <Volcane> wiki:AddingFacts
[2009/06/01 16:54:21] <gepetto> Volcane: wiki: wiki:AddingFacts is http://reductivelabs.com/trac/puppet/wiki/AddingFacts
[2009/06/01 16:54:41] <Volcane> theres a section on just testing the individual fact, not about all the rspec stuff
[2009/06/01 16:55:19] <coofamani> Cope: <%= (has_variable?("permitRootLogin") && permitRootLogin=="yes") ? "yes" : "no" %>
[2009/06/01 16:55:33] <Cope> wicked - thanks coofamani
[2009/06/01 16:57:29] * joe-mac sighs
[2009/06/01 16:57:35] <coofamani> heh
[2009/06/01 16:57:39] <joe-mac> i think i wiped out the change si made by sucking with git
[2009/06/01 16:57:44] <coofamani> for permitroot or my ugly logic
[2009/06/01 16:57:45] <coofamani> oh
[2009/06/01 16:57:51] <Volcane> joe-mac: i hate git.
[2009/06/01 16:57:57] <Volcane> joe-mac: i cant face up to using it at all
[2009/06/01 16:58:02] <coofamani> I was thinking of trying it out vs svn. no go eh?
[2009/06/01 16:58:03] <ricky> Take a look at git reflog
[2009/06/01 16:58:10] <ricky> You might be able to recover the commit from there
[2009/06/01 16:58:23] <joe-mac> i read a technical paper on it and it seemed pretty cool but since i don;'t know how to use it effectively, i suck
[2009/06/01 16:58:40] @ Quit: rgsteele\|\|work: Remote closed the connection
[2009/06/01 16:58:40] <Volcane> like, its great and i can see the logic and all, but i wont use for evry day SCM and for the now and then i need it for puppet i really cant be bothered
[2009/06/01 16:59:13] <joe-mac> hmm my changes are here but git diff isn't showing any changes
[2009/06/01 16:59:24] <joe-mac> how can i re clone the master without over writing my working branch?
[2009/06/01 16:59:36] <ricky> Did you already commit it, perhaps?
[2009/06/01 16:59:49] @ hessmll joined channel #puppet
[2009/06/01 17:00:06] <joe-mac> Volcane: i am so not a developer lol, i just basically only ever use svn update and commit. everything else i need to read a freaking how-to on.
[2009/06/01 17:00:19] @ hacim joined channel #puppet
[2009/06/01 17:00:25] <joe-mac> ricky: i don't have rights to commit to git... though i guess a git commit is local only since it's distributed?
[2009/06/01 17:00:30] <joe-mac> <--- total git n00b
[2009/06/01 17:00:33] <hacim> has anyone seen a reprepro module around?
[2009/06/01 17:00:35] <Volcane> i code often but use svn, cant see myself bothering to learn git really
[2009/06/01 17:00:39] <joe-mac> hacim: i tried to write one
[2009/06/01 17:00:39] <ricky> It's local only
[2009/06/01 17:00:48] <joe-mac> it kinda sorta works but not really
[2009/06/01 17:00:53] <joe-mac> haven't had the chance to dive back in
[2009/06/01 17:00:53] <ricky> You wouldn't be able to push
[2009/06/01 17:01:03] <hacim> joe-mac: is it published anywhere?
[2009/06/01 17:01:16] <Volcane> anyway, night, my hands aching enough for today
[2009/06/01 17:01:44] <joe-mac> ricky: this is what i did. i cloned the facter master branch then started coding in there without branching then lak pointed me to the dev life cycle page and i said crap and made a branch. now i don't know how to get the master to be the real master to diff against my branch...
[2009/06/01 17:01:47] <joe-mac> see ya Volcane
[2009/06/01 17:02:16] <ricky> joe-mac: Have you made any commits at any point?
[2009/06/01 17:02:18] <joe-mac> nah hacim, it's really a bag of suck and should be done by a bash script that i push out. it's a little complicated to do it strictly in puppet. ended up with lots of ugly execs that would look better in a bash script...
[2009/06/01 17:02:28] <ricky> And does git branch say that you are still currently in the master branch?
[2009/06/01 17:02:30] <joe-mac> ricky: no i never did a git commit
[2009/06/01 17:02:51] <hacim> joe-mac: oh yeah? i'm curious what didn't work out, because I would like to avoid that if possible
[2009/06/01 17:03:06] <joe-mac> http://www.pastie.org/497040
[2009/06/01 17:03:35] @ Quit: giles_: "ChatZilla 0.9.84 [Firefox 3.0.10/2009042316]"
[2009/06/01 17:03:46] <joe-mac> ricky: ^^ that ppastie's in repsonse to you
[2009/06/01 17:04:44] @ lludwig joined channel #puppet
[2009/06/01 17:06:08] <ricky> Hmm. Can you put up your clone somewhere?
[2009/06/01 17:06:22] <ricky> You shouldn't have lost changes by just branching.
[2009/06/01 17:06:33] <joe-mac> hacim: for instanmce if i throw new deb's in the file serving portion, and i run include deb on a for loop for things in the directory i serve out, reprepro returns 251, because some files are already there. can't figure out how to get around that. also it creates a bunch of .new files for the repo. after that you have to move all those, cut off the .new extension, which i do with an exec that is pure suck. then still, you ha
[2009/06/01 17:07:09] <hacim> joe-mac: you got cut off at 'then still, you hav'
[2009/06/01 17:07:25] <joe-mac> to move all those, cut off the .new extension, which i do with an exec that is pure suck. then still, you have to sign the new release file, which i haven't goteten around to automating
[2009/06/01 17:07:36] <hacim> joe-mac: well mainly I am just making sure it sets up the directories and conf files right
[2009/06/01 17:07:39] <joe-mac> i wish pidgin would tell me when that happens. my tv is 32 inches so, that was only a couple lines lol
[2009/06/01 17:08:46] <joe-mac> hacim alright let me sanitize this class andi will; paste it for you to look at. i'm warning, it doesn't really work i whipped it up after i made my first in-house repo the otehr day
[2009/06/01 17:09:20] <joe-mac> ricky my changes are still in the files, just a diff shows nothing... and by "put my clone up somewhere" i'm not sure what exactly you mean... sorry
[2009/06/01 17:09:31] <ricky> Oh, the changes are still there
[2009/06/01 17:09:41] <joe-mac> yea, just diff doesn't output anything...
[2009/06/01 17:09:46] <ricky> It's strange that a git diff shows nothing then. I assume that git status is blank?
[2009/06/01 17:10:36] <joe-mac> ricky http://www.pastie.org/497048
[2009/06/01 17:11:25] <ricky> OK, so first, I'd commit those changes with git commit -a
[2009/06/01 17:11:54] <joe-mac> ricky, i haven't tested them yet... should i complete testing first, or commit then test?
[2009/06/01 17:12:18] <ricky> You can always amend your commit if you made a mistake, or you're free to finish testing first - your choice
[2009/06/01 17:13:35] <joe-mac> k
[2009/06/01 17:13:38] <joe-mac> thanks for the help
[2009/06/01 17:18:07] <Cope> OK..
[2009/06/01 17:19:26] @ Quit: shake-n-bake:
[2009/06/01 17:20:59] <Cope> ServerAlias www.freekeywords.<%= has_variable?("servergroup") ? $servergroup + "." : "" %>wordtracker.com
[2009/06/01 17:21:06] <Cope> didn't work...
[2009/06/01 17:21:13] <Cope> appears I can't use +
[2009/06/01 17:22:52] <joe-mac> i never got ternary operator in ruby to work on strings
[2009/06/01 17:23:02] <joe-mac> i struggled with it, but IANARP
[2009/06/01 17:24:11] @ Quit: MrHeavy_: "Ex-Chat"
[2009/06/01 17:24:14] @ Robbie_ joined channel #puppet
[2009/06/01 17:24:21] <Cope> think I've a sytanx error - no need for a $
[2009/06/01 17:25:10] @ kambiz is now known as kambiz_away
[2009/06/01 17:27:19] <Bradipo> Is it supposed to work with strings?
[2009/06/01 17:32:09] @ grey- joined channel #puppet
[2009/06/01 17:32:22] <Cope> Seems to work
[2009/06/01 17:34:35] @ nakano is now known as nakano_
[2009/06/01 17:35:26] <jamesturnbull> ricky: and rebase is your friend if you want to squash commits... :P
[2009/06/01 17:35:40] <ricky> Yup
[2009/06/01 17:36:14] @ lak joined channel #puppet
[2009/06/01 17:36:21] @ Quit: Robbie_: Remote closed the connection
[2009/06/01 17:39:41] @ Quit: goozbach: Read error: 104 (Connection reset by peer)
[2009/06/01 17:39:58] <joe-mac> so, how do i get git diff to not output to a pager?
[2009/06/01 17:41:13] <ricky> You can git diff \| cat to do it once
[2009/06/01 17:41:59] <ricky> Actually, git --no-pager diff is probably better.
[2009/06/01 17:42:04] @ madrescher left channel #puppet ("Leaving.")
[2009/06/01 17:42:34] <ricky> You can use git config to set it more permanently too, but I find it pretty handy most of the time
[2009/06/01 17:43:47] @ shake-n-bake joined channel #puppet
[2009/06/01 17:44:21] <joe-mac> thanks ricky
[2009/06/01 17:44:35] @ goozbach joined channel #puppet
[2009/06/01 17:50:03] <lutter> Is there a specific reason why the mail_patches rake task sends the emails non-threaded for a patch series ? (it passes --no-thread explicitly)
[2009/06/01 17:53:59] <joe-mac> submitted my first patch to facter, hopefully it's not too shitty to get accepted heh
[2009/06/01 17:55:04] <lak> lutter: erm, because i'm a dumbass?
[2009/06/01 17:55:20] <lak> or maybe jamesturnbull is?
[2009/06/01 17:55:40] <lak> that's just the command that got determined to be the "right" one, and I just copied it, IIRC
[2009/06/01 17:55:46] <lak> so it's pretty reasonable to change it
[2009/06/01 17:55:52] <lutter> lak: heh .. I think if you change --no-thread to --thread in the Rakefile, the patches will be nicely threaded
[2009/06/01 17:56:01] <lutter> (and I'll have an easier time reading hte mailing list)
[2009/06/01 17:56:02] <lak> that makes sense
[2009/06/01 17:57:15] @ Quit: hessmll: "Leaving..."
[2009/06/01 18:02:31] @ Quit: mccune: "Leaving."
[2009/06/01 18:06:03] <bda> Does a zone{} create an implicit node{} ?
[2009/06/01 18:06:30] <bda> No, I broke something else. sigh.
[2009/06/01 18:25:57] @ Quit: shake-n-bake:
[2009/06/01 18:27:27] @ Djelibeybi joined channel #puppet
[2009/06/01 18:32:14] @ SplasPood joined channel #puppet
[2009/06/01 18:33:11] <SplasPood> 'lo all, got a quick question (I think :) ) about how I can configure an Exec to run only once on a given system (specifically I'm using 'authconfig' to setup/enable ldap auth on an RHEL host and I'd only like the commands called once initially and not during every run)
[2009/06/01 18:33:43] <Djelibeybi> SplasPood: use the onlyif => or unless => parameters
[2009/06/01 18:33:58] <Djelibeybi> Work out how to (programatically) determine if the command has run successfully
[2009/06/01 18:34:22] @ PhabX joined channel #puppet
[2009/06/01 18:34:34] @ Quit: Whoop: "Lost terminal"
[2009/06/01 18:35:06] <SplasPood> Djelibeybi: ahh... there's no way to just say 'run once but never again'? (onlyif/unless will work if thats the way)
[2009/06/01 18:35:18] <SplasPood> what does 'refreshonly' do?
[2009/06/01 18:35:21] <PhabX> do i need to add something to the puppet clients to allow the puppetrun to connect?
[2009/06/01 18:35:23] <Djelibeybi> SplasPood: not that I know of.
[2009/06/01 18:35:32] @ d33d joined channel #puppet
[2009/06/01 18:35:38] <PhabX> i keep getting a cannot connect on port 8139
[2009/06/01 18:36:52] <d33d> anyone from Reductive around?
[2009/06/01 18:36:56] @ davelj joined channel #puppet
[2009/06/01 18:37:45] <PhabX> i think i found something on google
[2009/06/01 18:39:47] @ fujin_ is now known as fujin
[2009/06/01 18:42:18] @ Quit: BobbyBee: "ChatZilla 0.9.84 [Firefox 3.0.10/2009042316]"
[2009/06/01 18:49:10] @ drmikecrowe_ is now known as drmikecrowe
[2009/06/01 18:58:35] @ mfoster left channel #puppet ()
[2009/06/01 19:00:49] @ Quit: ssm: Read error: 61 (Connection refused)
[2009/06/01 19:02:38] @ ssm joined channel #puppet
[2009/06/01 19:14:31] @ CaptainCupcake_ joined channel #puppet
[2009/06/01 19:14:31] @ Quit: CaptainCupcake: Read error: 104 (Connection reset by peer)
[2009/06/01 19:16:18] @ Quit: PhabX: "Leaving..."
[2009/06/01 19:18:02] @ CaptainCupcake joined channel #puppet
[2009/06/01 19:18:03] @ Quit: CaptainCupcake_: Read error: 104 (Connection reset by peer)
[2009/06/01 19:18:58] @ Quit: Djelibeybi: "Leaving"
[2009/06/01 19:22:02] @ patch-tag joined channel #puppet
[2009/06/01 19:22:42] @ CaptainCupcake_ joined channel #puppet
[2009/06/01 19:22:49] @ Quit: CaptainCupcake: Read error: 104 (Connection reset by peer)
[2009/06/01 19:23:07] <patch-tag> hey I just spoke with someone answering the phones at puppet named andrew and I wanted to email him something but I couldn't find him at http://reductivelabs.com/home/community/
[2009/06/01 19:23:21] <patch-tag> can somebody give me his full name / email?
[2009/06/01 19:23:35] <patch-tag> my cell battery just died ;)
[2009/06/01 19:23:45] <patch-tag> andrewcshafer?
[2009/06/01 19:24:01] <andrewcshafer> you rang?
[2009/06/01 19:24:09] <patch-tag> there ya are
[2009/06/01 19:24:14] <andrewcshafer> andrew@reductivelabs.com
[2009/06/01 19:24:19] <patch-tag> thanks ;)
[2009/06/01 19:24:28] <andrewcshafer> I just work here :)
[2009/06/01 19:25:35] @ Quit: lak:
[2009/06/01 19:26:06] <andrewcshafer> d33d: What you need? (Re: Reductive)
[2009/06/01 19:28:57] <gepetto> ::trac:: Stable Platforms edited by stahnma @ http://reductivelabs.com/trac/puppet/wiki/StablePlatforms (by mastahnke@gmail.com)
[2009/06/01 19:28:57] <gepetto> ::trac:: Stable Platforms edited by stahnma @ http://reductivelabs.com/trac/puppet/wiki/StablePlatforms (by mastahnke@gmail.com)
[2009/06/01 19:29:05] @ Quit: mfournier: Read error: 113 (No route to host)
[2009/06/01 19:34:16] @ law__ joined channel #puppet
[2009/06/01 19:41:10] <d33d> andrewcshafer: HellO!
[2009/06/01 19:41:50] <d33d> andrewcshafer: Are you "littleidea" on twitter?
[2009/06/01 19:45:22] <plathrop> d33d: yes he is
[2009/06/01 19:46:23] @ Djelibeybi joined channel #puppet
[2009/06/01 19:47:50] <andrewcshafer> d33d: I am @littleidea
[2009/06/01 19:48:10] <andrewcshafer> sometimes I am littleidea on IRC, but not very often lately
[2009/06/01 19:49:54] @ Quit: cwebber:
[2009/06/01 19:50:04] <d33d> andrewcshafer: I'm @lutez :D
[2009/06/01 19:50:16] <andrewcshafer> right on
[2009/06/01 19:51:04] <d33d> So i don't like twitter much because of the 140 character limitation.
[2009/06/01 19:51:16] <d33d> At least for having a full conversation with someone.
[2009/06/01 19:55:02] @ hessmll joined channel #puppet
[2009/06/01 19:55:35] * sdodson looks at the StablePlatforms wiki and wonders if he's the only person running puppet on ia64
[2009/06/01 19:57:00] @ lludwig left channel #puppet ()
[2009/06/01 19:57:40] @ Quit: Telmo: Read error: 104 (Connection reset by peer)
[2009/06/01 19:59:46] <Volcane> sdodson: you might be the only person running ia64 period :P
[2009/06/01 20:01:16] @ Quit: alfism: "http://opensolaris.com/"
[2009/06/01 20:02:04] <sdodson> If I run puppetd as a service ruby dumps core, but running it as a cron job is ok so I'm going to use that as a work around for now.
[2009/06/01 20:09:23] @ Quit: hessmll:
[2009/06/01 20:13:00] @ alagoon joined channel #puppet
[2009/06/01 20:14:34] @ Quit: alagoon: Client Quit
[2009/06/01 20:17:41] @ alagoon joined channel #puppet
[2009/06/01 20:19:42] @ alagoon left channel #puppet ()
[2009/06/01 20:21:24] @ Quit: JM: Read error: 110 (Connection timed out)
[2009/06/01 20:21:41] @ alagoon joined channel #puppet
[2009/06/01 20:22:48] @ alagoon left channel #puppet ()
[2009/06/01 20:29:47] @ Quit: andrewcshafer:
[2009/06/01 20:35:46] @ martha left channel #puppet ()
[2009/06/01 20:36:48] @ CaptainCupcake joined channel #puppet
[2009/06/01 20:39:17] @ plathrop is now known as plathrop-away
[2009/06/01 20:39:40] @ CaptainCupcake__ joined channel #puppet
[2009/06/01 20:40:06] @ Quit: sigmonsays: "Leaving"
[2009/06/01 20:44:44] @ Quit: CaptainCupcake: Read error: 60 (Operation timed out)
[2009/06/01 20:52:33] @ garin_ joined channel #puppet
[2009/06/01 20:57:48] @ Quit: nmalik: Read error: 104 (Connection reset by peer)
[2009/06/01 20:58:37] @ Quit: patch-tag: Remote closed the connection
[2009/06/01 20:59:10] <justindossey1> anyone here use Puppet to control Nagios NRPE config?
[2009/06/01 21:03:09] @ Quit: CaptainCupcake_: Read error: 113 (No route to host)
[2009/06/01 21:03:24] <justindossey1> ah, found http://reductivelabs.com/trac/puppet/wiki/Recipes/Nagios . The only tricky bit is correlating nrpe.cfg with the server side
[2009/06/01 21:03:45] @ Quit: justindossey1: "Leaving."
[2009/06/01 21:04:01] @ alagoon joined channel #puppet
[2009/06/01 21:12:40] @ ohadlevy joined channel #puppet
[2009/06/01 21:25:41] @ Quit: alagoon: verne.freenode.net irc.freenode.net
[2009/06/01 21:25:42] @ Quit: flakrat: verne.freenode.net irc.freenode.net
[2009/06/01 21:25:42] @ Quit: Maliuta: verne.freenode.net irc.freenode.net
[2009/06/01 21:25:43] @ Quit: bje: verne.freenode.net irc.freenode.net
[2009/06/01 21:25:43] @ Quit: tuf: verne.freenode.net irc.freenode.net
[2009/06/01 21:25:44] @ Quit: G: verne.freenode.net irc.freenode.net
[2009/06/01 21:25:44] @ Quit: msf: verne.freenode.net irc.freenode.net
[2009/06/01 21:25:44] @ Quit: LapTop006: verne.freenode.net irc.freenode.net
[2009/06/01 21:25:45] @ Quit: stick: verne.freenode.net irc.freenode.net
[2009/06/01 21:25:45] @ Quit: SplasPood: verne.freenode.net irc.freenode.net
[2009/06/01 21:25:46] @ Quit: maek: verne.freenode.net irc.freenode.net
[2009/06/01 21:25:46] @ Quit: docelic: verne.freenode.net irc.freenode.net
[2009/06/01 21:25:47] @ Quit: phantez: verne.freenode.net irc.freenode.net
[2009/06/01 21:25:47] @ Quit: nevyn: verne.freenode.net irc.freenode.net
[2009/06/01 21:25:48] @ Quit: glut: verne.freenode.net irc.freenode.net
[2009/06/01 21:25:48] @ Quit: omry: verne.freenode.net irc.freenode.net
[2009/06/01 21:25:48] @ Quit: jmeeuwen: verne.freenode.net irc.freenode.net
[2009/06/01 21:25:49] @ Quit: wilturn: verne.freenode.net irc.freenode.net
[2009/06/01 21:25:49] @ Quit: joe: verne.freenode.net irc.freenode.net
[2009/06/01 21:25:49] @ Quit: chrysn: verne.freenode.net irc.freenode.net
[2009/06/01 21:25:50] @ Quit: pietro: verne.freenode.net irc.freenode.net
[2009/06/01 21:25:50] @ Quit: eryc: verne.freenode.net irc.freenode.net
[2009/06/01 21:25:50] @ Quit: flashn: verne.freenode.net irc.freenode.net
[2009/06/01 21:25:51] @ Quit: meltemi: verne.freenode.net irc.freenode.net
[2009/06/01 21:25:51] @ Quit: plathrop-away: verne.freenode.net irc.freenode.net
[2009/06/01 21:25:51] @ Quit: johnf1911: verne.freenode.net irc.freenode.net
[2009/06/01 21:25:52] @ Quit: pjjw: verne.freenode.net irc.freenode.net
[2009/06/01 21:25:52] @ Quit: tessier_: verne.freenode.net irc.freenode.net
[2009/06/01 21:25:53] @ Quit: dan_chen: verne.freenode.net irc.freenode.net
[2009/06/01 21:25:53] @ Quit: rsquared: verne.freenode.net irc.freenode.net
[2009/06/01 21:25:54] @ Quit: macbar: verne.freenode.net irc.freenode.net
[2009/06/01 21:25:54] @ Quit: gwar9999: verne.freenode.net irc.freenode.net
[2009/06/01 21:25:55] @ Quit: bevans5446: verne.freenode.net irc.freenode.net
[2009/06/01 21:25:55] @ Quit: mellen: verne.freenode.net irc.freenode.net
[2009/06/01 21:25:55] @ Quit: tim\|imac: verne.freenode.net irc.freenode.net
[2009/06/01 21:25:56] @ Quit: youam: verne.freenode.net irc.freenode.net
[2009/06/01 21:25:56] @ Quit: barnoid: verne.freenode.net irc.freenode.net
[2009/06/01 21:25:56] @ Quit: ryanduff\|away: verne.freenode.net irc.freenode.net
[2009/06/01 21:25:57] @ Quit: wrobel: verne.freenode.net irc.freenode.net
[2009/06/01 21:25:57] @ Quit: bda: verne.freenode.net irc.freenode.net
[2009/06/01 21:25:57] @ Quit: fjay: verne.freenode.net irc.freenode.net
[2009/06/01 21:25:58] @ Quit: jbk: verne.freenode.net irc.freenode.net
[2009/06/01 21:25:58] @ Quit: catay: verne.freenode.net irc.freenode.net
[2009/06/01 21:26:03] @ Quit: schwagala: verne.freenode.net irc.freenode.net
[2009/06/01 21:26:04] @ Quit: devicenull: verne.freenode.net irc.freenode.net
[2009/06/01 21:26:04] @ Quit: coofamani: verne.freenode.net irc.freenode.net
[2009/06/01 21:26:04] @ Quit: fsweetser: verne.freenode.net irc.freenode.net
[2009/06/01 21:26:05] @ Quit: Sakarias: verne.freenode.net irc.freenode.net
[2009/06/01 21:26:09] @ gwar9999 joined channel #puppet
[2009/06/01 21:26:09] @ tessier_ joined channel #puppet
[2009/06/01 21:26:09] @ dan_chen joined channel #puppet
[2009/06/01 21:26:09] @ rsquared joined channel #puppet
[2009/06/01 21:26:09] @ macbar joined channel #puppet
[2009/06/01 21:26:10] @ bevans5446 joined channel #puppet
[2009/06/01 21:26:10] @ mellen joined channel #puppet
[2009/06/01 21:26:10] @ tim\|imac joined channel #puppet
[2009/06/01 21:26:10] @ bda joined channel #puppet
[2009/06/01 21:26:10] @ wrobel joined channel #puppet
[2009/06/01 21:26:10] @ barnoid joined channel #puppet
[2009/06/01 21:26:10] @ youam joined channel #puppet
[2009/06/01 21:26:10] @ catay joined channel #puppet
[2009/06/01 21:26:10] @ ryanduff\|away joined channel #puppet
[2009/06/01 21:26:10] @ fjay joined channel #puppet
[2009/06/01 21:26:10] @ jbk joined channel #puppet
[2009/06/01 21:26:18] @ maek joined channel #puppet
[2009/06/01 21:26:18] @ docelic joined channel #puppet
[2009/06/01 21:26:19] @ phantez joined channel #puppet
[2009/06/01 21:26:19] @ nevyn joined channel #puppet
[2009/06/01 21:26:19] @ glut joined channel #puppet
[2009/06/01 21:26:19] @ omry joined channel #puppet
[2009/06/01 21:26:19] @ jmeeuwen joined channel #puppet
[2009/06/01 21:26:19] @ wilturn joined channel #puppet
[2009/06/01 21:26:19] @ joe joined channel #puppet
[2009/06/01 21:26:19] @ chrysn joined channel #puppet
[2009/06/01 21:26:19] @ eryc joined channel #puppet
[2009/06/01 21:26:19] @ pietro joined channel #puppet
[2009/06/01 21:26:19] @ pjjw joined channel #puppet
[2009/06/01 21:26:19] @ plathrop-away joined channel #puppet
[2009/06/01 21:26:19] @ meltemi joined channel #puppet
[2009/06/01 21:26:20] @ flashn joined channel #puppet
[2009/06/01 21:26:20] @ johnf1911 joined channel #puppet
[2009/06/01 21:26:21] @ alagoon joined channel #puppet
[2009/06/01 21:26:21] @ SplasPood joined channel #puppet
[2009/06/01 21:26:21] @ flakrat joined channel #puppet
[2009/06/01 21:26:21] @ Maliuta joined channel #puppet
[2009/06/01 21:26:21] @ bje joined channel #puppet
[2009/06/01 21:26:21] @ tuf joined channel #puppet
[2009/06/01 21:26:21] @ G joined channel #puppet
[2009/06/01 21:26:21] @ msf joined channel #puppet
[2009/06/01 21:26:21] @ stick joined channel #puppet
[2009/06/01 21:26:22] @ LapTop006 joined channel #puppet
[2009/06/01 21:26:26] @ Quit: yure_: verne.freenode.net irc.freenode.net
[2009/06/01 21:26:26] @ Quit: lazzurs_: verne.freenode.net irc.freenode.net
[2009/06/01 21:26:33] @ devicenull joined channel #puppet
[2009/06/01 21:26:33] @ schwagala joined channel #puppet
[2009/06/01 21:26:33] @ coofamani joined channel #puppet
[2009/06/01 21:26:33] @ fsweetser joined channel #puppet
[2009/06/01 21:26:33] @ Sakarias joined channel #puppet
[2009/06/01 21:26:38] @ yure_ joined channel #puppet
[2009/06/01 21:26:38] @ lazzurs_ joined channel #puppet
[2009/06/01 21:28:18] @ nakano_ is now known as nakano
[2009/06/01 21:52:17] @ Quit: maxagaz: Remote closed the connection
[2009/06/01 21:58:34] @ lak joined channel #puppet
[2009/06/01 22:02:19] @ maxagaz joined channel #puppet
[2009/06/01 22:05:26] @ schwagal1 joined channel #puppet
[2009/06/01 22:08:58] @ Quit: schwagala: Read error: 60 (Operation timed out)
[2009/06/01 22:17:03] @ matty is now known as matty91
[2009/06/01 22:19:07] @ matty91 is now known as _matty91
[2009/06/01 22:34:31] @ Quit: lak:
[2009/06/01 22:35:25] @ Quit: phips: Read error: 60 (Operation timed out)
[2009/06/01 22:42:43] @ cwebber joined channel #puppet
[2009/06/01 22:58:21] @ _matty91 is now known as mattyafk
[2009/06/01 23:05:03] @ Quit: grey-: Remote closed the connection
[2009/06/01 23:14:48] @ andrewcshafer joined channel #puppet
[2009/06/01 23:31:59] @ nakano is now known as nakano_
[2009/06/01 23:34:06] @ PhabX joined channel #puppet
[2009/06/01 23:40:08] @ notbrien joined channel #puppet
[2009/06/01 23:40:13] @ imeyer joined channel #puppet
[2009/06/01 23:44:21] <imeyer> is there an easy way to have the checksum of a file after all actions taken against it?
[2009/06/01 23:44:56] <imeyer> so you start with a base file from source, maybe run augeas against it to add a couple of lines, and have that be what is verified each time puppet runs?
[2009/06/01 23:45:31] <imeyer> but be able to do it from different classes
[2009/06/01 23:46:05] <joe-mac> sounds pretty vague
[2009/06/01 23:46:07] <joe-mac> what's the use case
[2009/06/01 23:46:34] <imeyer> thought it was vague :)
[2009/06/01 23:46:43] <imeyer> i have a base sudoers file for every machine
[2009/06/01 23:47:04] <imeyer> some machines have the dba group added to it using augeas
[2009/06/01 23:47:13] <imeyer> via another class
[2009/06/01 23:47:19] <imeyer> base class: sudo
[2009/06/01 23:47:31] <imeyer> db class: dbsudo
[2009/06/01 23:48:32] @ claymation_ joined channel #puppet
[2009/06/01 23:48:32] @ Quit: claymation: Read error: 104 (Connection reset by peer)
[2009/06/01 23:49:40] <imeyer> but this happens each time: http://puppet.pastebin.com/m7e4ee1ad
[2009/06/01 23:50:09] <imeyer> i understand that source is always going to replace the file
[2009/06/01 23:50:22] <Djelibeybi> imeyer: you can't have Augeas work against a File type. That will always happen.
[2009/06/01 23:50:32] <Djelibeybi> You either need to use just Augeas or just the File type
[2009/06/01 23:50:34] <imeyer> Djelibeybi: recommendations?
[2009/06/01 23:50:35] <imeyer> ah
[2009/06/01 23:50:40] <joe-mac> idk, i use a big monolithic sudoers cause that's what it's designed for...
[2009/06/01 23:50:41] <imeyer> that was my next step
[2009/06/01 23:50:48] <joe-mac> serve out the same file to all machines
[2009/06/01 23:50:51] <Djelibeybi> For sudoers, I use a File type
[2009/06/01 23:50:57] <Djelibeybi> (personally)
[2009/06/01 23:51:18] <Djelibeybi> But I have a few sudoers.$tag as well, also some sudoers.$fqdn for some specific hosts
[2009/06/01 23:51:25] <imeyer> joe-mac: i assume then you use access.conf to control access to the machine or whatever ?
[2009/06/01 23:51:37] <Djelibeybi> So the source => has most specific to least specific, ending with the generic/default one
[2009/06/01 23:51:49] <joe-mac> i use access.conf to control log in of a maintenance account- but i'm not sure what you mean imeyer
[2009/06/01 23:52:46] <joe-mac> i onl;y push out ssh keys of the people in my team to every machine, if anybody else is gonna be on a machine, i explicitly realize their user either in a class that the user is always going to be in. we don't have kerberos or anything, since some of the machines sit on pretty untrusted nets
[2009/06/01 23:52:59] <joe-mac> i mean, we don't have really any services that reach back in on some of them
[2009/06/01 23:53:01] <imeyer> ah ha
[2009/06/01 23:53:16] <imeyer> yeah that's sort of what i was getting at, how you control access to the hosts
[2009/06/01 23:54:01] <imeyer> i use access.conf and if that's somehow circumvented to where they can get a shell, i don't want them to have sudo, but i guess if they can get around access.conf, i probably have bigger issues to worry about :)
[2009/06/01 23:54:06] <joe-mac> yea, only people in my group get on every machine, and we have an oshittheworldisending account on all the machines that is only allowed local access... and anyone else i do like i said above. then i have the monolithic sudoers
[2009/06/01 23:54:25] <imeyer> that makes sense
[2009/06/01 23:54:41] <joe-mac> imeyer: doesn't matter - you use the hostname field in sudoers to spcify what machines people have sudo access on...
[2009/06/01 23:56:02] <joe-mac> even if they did get a shell on machineb but sudoers says they have sudo access on machinea- they get nowhere
[2009/06/01 23:56:22] <joe-mac> and they can't look at the sudoers file to determine what they have access to anyways since it's mod 440 or 400, otehrwise sudo won't work anyways
[2009/06/01 23:56:33] <imeyer> yep
[2009/06/01 23:57:58] <imeyer> at prior employers we used cfengine and this is my first time using puppet, so i was trying to get a better understanding of how things actually operate before i made some overly complex solution

Generated by irclog2html.py 2.6 by Marius Gedminas - find it at mg.pov.lt!