Saturday, 2009-12-19

« Friday, 2009-12-18 Index Sunday, 2009-12-20 »
[2009/12/19 00:01:37] @ Log started by gepetto_
[2009/12/19 00:01:37] @ jfreeman joined channel #puppet
[2009/12/19 00:05:04] @ Quit: littleidea:
[2009/12/19 00:13:21] @ Demosthenes joined channel #puppet
[2009/12/19 00:13:25] @ Quit: jfreeman: Read error: 54 (Connection reset by peer)
[2009/12/19 00:15:26] @ jfreeman joined channel #puppet
[2009/12/19 00:15:49] @ Quit: bug:
[2009/12/19 00:17:18] @ bodepd_ joined channel #puppet
[2009/12/19 00:23:49] @ bodepd__ joined channel #puppet
[2009/12/19 00:24:51] @ littleidea joined channel #puppet
[2009/12/19 00:25:04] @ Quit: bodepd: Read error: 104 (Connection reset by peer)
[2009/12/19 00:25:04] @ bodepd__ is now known as bodepd
[2009/12/19 00:29:44] @ Quit: bodepd:
[2009/12/19 00:36:14] @ Djelibeybi joined channel #puppet
[2009/12/19 00:37:32] @ rmiller4pi8 joined channel #puppet
[2009/12/19 00:39:22] @ Quit: blahdeblah: Read error: 54 (Connection reset by peer)
[2009/12/19 00:39:23] @ blahdeblah1 joined channel #puppet
[2009/12/19 00:41:26] @ Cyis joined channel #puppet
[2009/12/19 00:42:13] @ Quit: bodepd_: Read error: 110 (Connection timed out)
[2009/12/19 00:42:41] @ Quit: blahdeblah1: Client Quit
[2009/12/19 00:43:28] @ Quit: littleidea:
[2009/12/19 01:01:32] @ Quit: Djelibeybi: "Leaving"
[2009/12/19 01:04:12] @ Quit: pheezy: Remote closed the connection
[2009/12/19 01:11:09] @ Bass10 joined channel #puppet
[2009/12/19 01:16:47] @ Quit: vzctl_: Remote closed the connection
[2009/12/19 01:17:21] @ vzctl_ joined channel #puppet
[2009/12/19 01:20:15] @ Quit: vzctl_: Remote closed the connection
[2009/12/19 01:21:38] @ vzctl_ joined channel #puppet
[2009/12/19 01:27:05] @ Quit: jfreeman: Read error: 60 (Operation timed out)
[2009/12/19 01:28:09] @ jfreeman joined channel #puppet
[2009/12/19 01:30:29] @ Quit: Bass10: Read error: 110 (Connection timed out)
[2009/12/19 01:41:20] @ Quit: gaveen: Read error: 113 (No route to host)
[2009/12/19 01:45:39] @ Quit: mikerowehl:
[2009/12/19 01:53:13] @ Quit: jfreeman: Read error: 110 (Connection timed out)
[2009/12/19 02:22:34] @ qwebirc36000 joined channel #puppet
[2009/12/19 02:24:04] @ Quit: qwebirc36000: Client Quit
[2009/12/19 02:28:00] @ toi joined channel #puppet
[2009/12/19 02:46:16] @ ohadlevy left channel #puppet ()
[2009/12/19 02:49:49] @ bodepd joined channel #puppet
[2009/12/19 03:09:29] @ Quit: bodepd:
[2009/12/19 03:23:14] <madduck> no responses to http://groups.google.com/group/puppet-users/browse_thread/thread/a132717f25edabf0# :(
[2009/12/19 03:24:39] <madduck> jamesturnbull: *any* idea? ;)
[2009/12/19 03:32:52] <jamesturnbull> madduck: looks like network issues
[2009/12/19 03:34:50] <jamesturnbull> madduck: ipv6 anywhere?
[2009/12/19 03:36:23] <madduck> jamesturnbull: yes, but the connection is ipv4, and it's "as ipv6" as all other 4x hosts, which work fine
[2009/12/19 03:40:39] @ giskard joined channel #puppet
[2009/12/19 03:40:58] <madduck> jamesturnbull: the two hosts can communicate just fine with ipv4 and ipv6, and puppetmaster.madduck.net serves 4x other hosts just fine, as I just said.
[2009/12/19 03:41:10] <madduck> this is the only host that elicits this weirdness on the server side.
[2009/12/19 03:42:48] @ Quit: giskard: Remote closed the connection
[2009/12/19 03:43:11] <jamesturnbull> madduck: then I'd suggest it's not puppet but not sure what could be happening - DNS resolution? clocks in sync? *clutches at straws*
[2009/12/19 03:44:09] @ Quit: jes5: "Leaving."
[2009/12/19 03:44:39] <madduck> DNS works, forward and reverse, clocks are in sync
[2009/12/19 03:45:24] <jamesturnbull> madduck: remove and reinstall puppet?
[2009/12/19 03:45:56] * jamesturnbull has to go cook dinner - back in a bit
[2009/12/19 03:47:13] <madduck> hm, it seems to have to do with /etc/resolv.conf, which lists an ipv6 dns first
[2009/12/19 03:47:19] <madduck> apparently, ruby cannot deal with that
[2009/12/19 03:48:03] @ hy is now known as _silver
[2009/12/19 03:48:27] @ neek_ joined channel #puppet
[2009/12/19 03:48:38] @ Quit: neek_: Remote closed the connection
[2009/12/19 03:48:49] <madduck> without that server, the warning disappears, but the server still sends RST
[2009/12/19 03:49:03] <madduck> and puppetca doesn't get to see the CSR
[2009/12/19 03:50:03] <madduck> hm
[2009/12/19 03:50:04] <madduck> <title>503 Service Temporarily Unavailable</title>
[2009/12/19 03:53:51] <madduck> libpcap unfortunately *still* has a problem capturing RST/FIN packets, but: http://slexy.org/view/s21AJnmRJ3
[2009/12/19 03:54:27] <madduck> compared to a working puppetd run, however, it seems like everything works.
[2009/12/19 03:54:38] <madduck> i don't know why ruby would send RST after a FIN
[2009/12/19 03:57:16] <madduck> oh man. indeed, reinstalling the puppet client (after removing the v6 DNS) fixed it
[2009/12/19 03:57:29] * madduck reports the DNS problem against puppet
[2009/12/19 04:00:57] @ Quit: neek: Read error: 110 (Connection timed out)
[2009/12/19 04:04:07] @ _silver is now known as hy
[2009/12/19 04:04:43] @ Quit: toi: Read error: 113 (No route to host)
[2009/12/19 04:16:38] @ scylla joined channel #puppet
[2009/12/19 04:19:46] @ p3rror joined channel #puppet
[2009/12/19 04:32:42] @ Quit: joe-mac1: "Leaving."
[2009/12/19 04:53:56] @ suchu joined channel #puppet
[2009/12/19 04:55:38] @ yarihm joined channel #puppet
[2009/12/19 04:57:37] @ alban2 joined channel #puppet
[2009/12/19 05:19:02] @ Quit: suchu: "ChatZilla 0.9.86 [Firefox 3.0.16/2009120208]"
[2009/12/19 05:20:25] @ Mick27 joined channel #puppet
[2009/12/19 05:31:03] @ rickbradley joined channel #puppet
[2009/12/19 05:31:43] @ rickbradley is now known as rickbradley|away
[2009/12/19 05:31:49] @ rickbradley|away is now known as rickbradley
[2009/12/19 05:36:59] @ Quit: stevenjenkins: Read error: 110 (Connection timed out)
[2009/12/19 05:42:55] @ Quit: scylla: "Connection timed out"
[2009/12/19 06:07:18] @ scylla joined channel #puppet
[2009/12/19 06:16:44] @ ohadlevy joined channel #puppet
[2009/12/19 06:17:41] <ohadlevy> joe-mac: everyone can ask for features - even you :)
[2009/12/19 06:21:22] <rickbradley> so, are parameters in an external nodes source specification always per-node, or is there a way to do them per-class?
[2009/12/19 06:23:56] <ohadlevy> rickbradley: sure, but you need to add some logic or use a tool like foreman
[2009/12/19 06:24:17] <ohadlevy> e.g. at the end, the logic would be on the external nodes part
[2009/12/19 06:25:06] <rickbradley> so, the yaml that comes out of the external nodes store can be emitted in such a way as to say "for class X on Node Y these are the parameters, and for class Z on Node Y these other things are the parameters"?
[2009/12/19 06:25:30] <rickbradley> I guess the end of that question is "and puppet will understand what to do with it?"
[2009/12/19 06:25:33] <ohadlevy> no, the output is always per node, the master ask for an output for a node
[2009/12/19 06:25:39] <rickbradley> ok
[2009/12/19 06:25:55] <rickbradley> right, same node, but different parameters for different classes for that same node
[2009/12/19 06:26:37] <ohadlevy> what are you trying to do?
[2009/12/19 06:27:57] <rickbradley> I have a tool which hold data for our customers, which apps they have, which "instances" (for lack of a better term, say, db server, staging server, etc.) for each app, and the puppet classes those instances require; I can map to hosts and I want the hosts to pick up their resulting set of classes with params; currently the params are really per-class
[2009/12/19 06:28:12] <rickbradley> as opposed to per host
[2009/12/19 06:28:41] <rickbradley> because we do hosting and we can have 20 of the same kinds of applications on a host, and the classes are all the same, it's just the parameters that vary (db names, directories, users, etc.)
[2009/12/19 06:28:54] <Volcane> you'd need to probably write a parser fuction that does lookups against the db
[2009/12/19 06:28:59] <Volcane> in a class $name is the class name
[2009/12/19 06:29:02] <Volcane> so you can key on that
[2009/12/19 06:29:10] <ohadlevy> ah, well, in foreman i have created a parameter hierarchy, that you can define them in different levels (say global, domain, host-type and host)
[2009/12/19 06:29:36] <rickbradley> and how does foreman end up sending that information to puppet?
[2009/12/19 06:29:39] <ohadlevy> and at the end you get a merge of all feed as an external nodes to puppet
[2009/12/19 06:30:03] <rickbradley> so there still end up being a set of resultant parameters per each node (and nothing more granular than that)
[2009/12/19 06:30:04] <rickbradley> ?
[2009/12/19 06:30:18] <ohadlevy> what do you mean by resultant?
[2009/12/19 06:30:21] <Volcane> rickbradley: one var only per node, the ordering just defines what gets preference in the var yeah
[2009/12/19 06:30:53] <rickbradley> resultant meaning, when puppet gets the external node data for that node there ends up being one setting for a parameter
[2009/12/19 06:31:06] <ohadlevy> oh yeah, so all of the params which are defined on the domain level will be included unless a higher level (e.g. the host) overrides them
[2009/12/19 06:31:33] <rickbradley> seems like foreman and puppet-dashboard are sort of targeting the same space
[2009/12/19 06:32:03] <ohadlevy> yeah, partly, foreman is targeting a bit wider scope then puppet dashboard
[2009/12/19 06:32:37] <rickbradley> e.g., provisioning
[2009/12/19 06:32:41] <ohadlevy> the unofficial statement of foreman is everything that puppet doesnt do and we still need
[2009/12/19 06:32:53] <Volcane> rickbradley: i think you'd need something like extlookup but that speaks to your db
[2009/12/19 06:33:15] <rickbradley> extlookup is ringing a bell
[2009/12/19 06:33:16] * rickbradley googles
[2009/12/19 06:33:30] <ohadlevy> yeah, extlookup is useful
[2009/12/19 06:34:14] <ohadlevy> volcane, what do you say we finally add the missing bit to query the db?
[2009/12/19 06:34:27] <Volcane> ohadlevy: someones working on making it pluggable
[2009/12/19 06:34:41] <ohadlevy> which properties do you need?
[2009/12/19 06:34:55] <rickbradley> looks useful; I can probably do what I need just with tweaking extlookup
[2009/12/19 06:35:05] <ohadlevy> name,value and "level"?
[2009/12/19 06:35:30] <Volcane> ohadlevy: he's currently extracting the csv stuff into a plugin and writing tests, once thats done we'll think of the rest
[2009/12/19 06:35:49] <Volcane> ohadlevy: but yeah i need just 3 things, key,var,val
[2009/12/19 06:35:58] <ohadlevy> ok, I'm just trying to think on a db structure
[2009/12/19 06:36:50] <Volcane> if its searching fqdn,country,common it'll select val from db where key="your.box.com" and var="ntpserver"
[2009/12/19 06:36:59] <Volcane> and so forth till it finds it
[2009/12/19 06:37:16] <Volcane> well thats simplest, not that any code for db has been written yet so whatever
[2009/12/19 06:37:35] <Volcane> ideal is you'd just drop in a foreman.rb in the right place and configure it to use that
[2009/12/19 06:38:02] <ohadlevy> yeah, but I'm guessing that the names fqdn,country and common are not fixed, and should allow N levels of queries?
[2009/12/19 06:38:14] <Volcane> ohadlevy: not fixed at all
[2009/12/19 06:38:40] <Volcane> if #2953 comes along well we might not even bother though
[2009/12/19 06:38:40] <gepetto_> Volcane: #2953 is http://projects.reductivelabs.com/issues/show/2953 "Puppet - Feature #2953: Puppet should support a data loading system - ReductiveLabs.com"
[2009/12/19 06:38:56] <ohadlevy> so the question is how to define the priority in a sane and efficient way
[2009/12/19 06:39:11] <Volcane> ohadlevy: thats in the manifests
[2009/12/19 06:39:29] <ohadlevy> that wont be that efficent
[2009/12/19 06:39:32] <Volcane> ohadlevy: could be from foreman too, it just needs a an array and a file location
[2009/12/19 06:40:45] <Volcane> or connection parameters, a rest endpoint or whatever the specific backend needs
[2009/12/19 06:41:14] <ohadlevy> i would say that the function will provide the priority as an array, and the key
[2009/12/19 06:41:22] <ohadlevy> that should be simple
[2009/12/19 06:41:32] <Volcane> site.pp has:
[2009/12/19 06:41:33] <Volcane> $extlookup_precedence = ["%{fqdn}", "location_%{location}", "domain_%{domain}", "country_%{country}", "common"]
[2009/12/19 06:41:40] <Volcane> and thats the global priority
[2009/12/19 06:41:46] <ohadlevy> the db will contain priority = text, key, value
[2009/12/19 06:42:07] <Volcane> you can pre-pend to it in the extlookup() function but a global manifest default must exist
[2009/12/19 06:42:11] <ohadlevy> add index to priority and key
[2009/12/19 06:42:34] <ohadlevy> actually, it sounds damn simple... maybe I'm missing something :)
[2009/12/19 06:42:42] <Volcane> it is very simple
[2009/12/19 06:43:05] <ohadlevy> all of the logic will end up in the db (e.g. who can edit etc)
[2009/12/19 06:43:12] <ohadlevy> s/db/web
[2009/12/19 06:43:44] <Volcane> yup, though to make extlookup pluggable on its own the ordering has to be per manifest
[2009/12/19 06:44:03] <Volcane> to make a similar feature in foreman you could just make assumptions that it will be configured in the backend easy enough
[2009/12/19 06:44:05] <ohadlevy> thats not a problem, extlookup in its query will define the lookup order
[2009/12/19 06:44:16] <ohadlevy> this way no configuration is required
[2009/12/19 06:44:42] <Volcane> nods, it'll just do multiple queries till one gets an answer
[2009/12/19 06:45:19] <ohadlevy> e.g. you query over http for foreman/lookup?key=>value&order[]="host.name"&order[]="domain"&order[]="common"
[2009/12/19 06:45:23] <Volcane> though once its pluggable nothing prevents the foreman backend from doing it in one by sending the array over to foreman
[2009/12/19 06:45:37] <Volcane> yes
[2009/12/19 06:45:41] <ohadlevy> this will be one query and foreman will return the result
[2009/12/19 06:45:59] <Volcane> yeah
[2009/12/19 06:45:59] <ohadlevy> after searching for a key with priority "host.name" et
[2009/12/19 06:46:01] <ohadlevy> etc
[2009/12/19 06:46:10] <ohadlevy> cool, i think its 20 minutes work? :)
[2009/12/19 06:46:14] <Volcane> heh
[2009/12/19 06:46:17] <Volcane> its very simple
[2009/12/19 06:46:45] <Volcane> which is why i never got why you dont just do it right :P
[2009/12/19 06:47:00] <Volcane> rather added the forced ordering stuff that probably was more work
[2009/12/19 06:47:03] @ Guest19653 is now known as Filbert
[2009/12/19 06:47:09] <ohadlevy> ok, let me switch from my netbook to a real computer
[2009/12/19 06:47:12] <ohadlevy> brb ;)
[2009/12/19 06:47:14] <Volcane> heh
[2009/12/19 06:47:19] <Volcane> i am going into work to upgrade a nas
[2009/12/19 06:47:33] <ohadlevy> when will you be back?
[2009/12/19 06:47:53] <Volcane> not sure
[2009/12/19 06:47:58] <ohadlevy> leaving now?
[2009/12/19 06:48:03] <Volcane> pretty much
[2009/12/19 06:48:18] <ohadlevy> ok, I'll play with now, lets see in 15 minutes :)
[2009/12/19 06:48:40] <Volcane> drop me a mail, will pass it onto Julian who is doing the backend stuff
[2009/12/19 06:48:49] <Volcane> would be good to give him another workable backend to work on while doing that
[2009/12/19 06:48:58] <ohadlevy> ok
[2009/12/19 06:52:33] <Volcane> 2 more things worth knowing
[2009/12/19 06:52:39] <Volcane> data can have like %{foo} in it
[2009/12/19 06:52:46] <Volcane> tht should be passed backed verbatim
[2009/12/19 06:52:57] <Volcane> extlookup will do a scope lookup for $foo and put it in
[2009/12/19 06:53:04] <ohadlevy> ok
[2009/12/19 06:53:06] <Volcane> and data can be arrays
[2009/12/19 06:53:09] <ohadlevy> 50% is already done ;)
[2009/12/19 06:53:13] <Volcane> ntpservers,1,2,3
[2009/12/19 06:53:16] <Volcane> retrns [1,2,3]
[2009/12/19 06:53:29] <ohadlevy> you convert it from string to an array right?
[2009/12/19 06:53:45] <Volcane> that would be something the backend should do
[2009/12/19 06:54:05] <ohadlevy> so you need to retun it as yaml or json?
[2009/12/19 06:54:36] <Volcane> yaml probably least intrusive
[2009/12/19 06:55:04] <Volcane> ppl on older puppets wont have json/pson libs and i def dont want to add dependencies
[2009/12/19 06:55:06] <ohadlevy> ok, thats not a big deal either way,
[2009/12/19 06:55:19] <ohadlevy> it just means that i have to store it and split it based on a similiar value
[2009/12/19 06:55:28] @ Robbie_ joined channel #puppet
[2009/12/19 06:55:55] <Volcane> yeah, i imagine you'd just have multiple rows of key=fqdn, var=ntpserver and different val=
[2009/12/19 06:56:00] <Volcane> in the db
[2009/12/19 06:56:12] <ohadlevy> hmm
[2009/12/19 06:56:14] <Volcane> rather than have nasty string stuff, that would be a big win, a nice ui to manage those arrays
[2009/12/19 06:56:31] <Volcane> cos i have some with 50 array members and they suck as one long string
[2009/12/19 06:56:31] <ohadlevy> i'll leave it for v2? :)
[2009/12/19 06:57:03] <Volcane> your call but it gets complex if u want to do it as strings
[2009/12/19 06:57:14] <Volcane> 1,2,3,4,"5,6,7",6,7
[2009/12/19 06:57:16] <ohadlevy> ok, I'll do pre array version and then add arrays ;)
[2009/12/19 06:57:27] <Volcane> should return [1,2,3,4,"5,6,7",6,7]
[2009/12/19 06:58:09] <Volcane> many rows would solve that :P
[2009/12/19 06:58:32] <ohadlevy> yeah, i just wonder which kind of validation i need to do for those rows
[2009/12/19 07:00:40] @ mvn071 joined channel #puppet
[2009/12/19 07:00:42] @ jcape joined channel #puppet
[2009/12/19 07:01:14] <Volcane> ok, really gone now, i think that covers all the bit
[2009/12/19 07:01:16] <Volcane> s
[2009/12/19 07:01:25] <ohadlevy> 80% done ;)
[2009/12/19 07:01:37] <Volcane> will be back later but probably workig on mcollective stuff
[2009/12/19 07:02:23] <Volcane> need to do a paid-for 150 node deploy of it next week and still some work needed before then :)
[2009/12/19 07:02:34] <ohadlevy> :)
[2009/12/19 07:02:44] <Volcane> good when opensource earns money
[2009/12/19 07:02:51] <ohadlevy> yeah
[2009/12/19 07:02:59] <ohadlevy> little luck for me so far :)
[2009/12/19 07:03:04] <Volcane> my dev time has already more than been paid for
[2009/12/19 07:05:33] <Volcane> ohadlevy: u can make nice operating system data, i do like: $foo = extlookup("apache_package", "httpd", $operatingsystem)
[2009/12/19 07:05:45] <ohadlevy> volcane: db lookup part is done ;)
[2009/12/19 07:05:53] <Volcane> ohadlevy: which looks up the apache2/httpd/etc stuff in say debian.csv or redhat.csv
[2009/12/19 07:06:09] <Volcane> ohadlevy: hooking that kind of thing in various places of your ui but exposing it via extlookup would be a big win too
[2009/12/19 07:06:23] <ohadlevy> yep
[2009/12/19 07:06:44] <Volcane> c'ya
[2009/12/19 07:06:50] <ohadlevy> i've created a method that you need to provide a key and a array of lookups
[2009/12/19 07:06:58] <ohadlevy> and it returns the right value
[2009/12/19 07:08:03] @ jab_doa joined channel #puppet
[2009/12/19 07:09:25] <ohadlevy> volcane: have a look at http://theforeman.org/issues/show/141 later on :)
[2009/12/19 07:11:29] @ Quit: Robbie_: Remote closed the connection
[2009/12/19 07:23:19] <ohadlevy> ok, web query also works :)
[2009/12/19 07:30:27] <ohadlevy> volcane: ping
[2009/12/19 07:30:50] <ohadlevy> ok, so it took me 30 minutes :)
[2009/12/19 07:34:25] @ Shazburg is now known as sharp-rain-68
[2009/12/19 07:35:23] @ sharp-rain-68 is now known as Shazburg
[2009/12/19 07:36:40] @ Shazburg is now known as sharp-rain-68
[2009/12/19 07:38:44] @ sharp-rain-68 is now known as Shazburg
[2009/12/19 07:40:46] @ Quit: mvn071: "Leaving"
[2009/12/19 07:47:08] @ bug joined channel #puppet
[2009/12/19 07:53:07] @ Quit: ewdafa: Read error: 110 (Connection timed out)
[2009/12/19 07:57:30] @ jab_doa_ joined channel #puppet
[2009/12/19 08:04:47] @ giskard joined channel #puppet
[2009/12/19 08:12:39] @ toi joined channel #puppet
[2009/12/19 08:13:40] @ Quit: jab_doa: Read error: 110 (Connection timed out)
[2009/12/19 08:20:20] @ ewdafa joined channel #puppet
[2009/12/19 08:25:03] @ Quit: giskard: Remote closed the connection
[2009/12/19 08:28:53] @ Quit: jcape: Success
[2009/12/19 09:04:33] @ Quit: bug:
[2009/12/19 09:07:06] @ bug joined channel #puppet
[2009/12/19 09:08:20] @ Quit: bug: Client Quit
[2009/12/19 09:13:41] @ DanF_ is now known as DanF
[2009/12/19 09:18:59] @ whaley joined channel #puppet
[2009/12/19 09:24:56] @ giskard joined channel #puppet
[2009/12/19 09:33:33] <Cyis> anyone else taken a good look at trying to build an aptrepo type that has similar functionality to yumrepo? Otherwise sounds like a good side project for me
[2009/12/19 09:36:01] <Cyis> I guess yumrepo is easier as it's Ini formated... but if it parsed /etc/apt/sources.list if it contained content and then split it out into separate /etc/apt/sources.list.d/ files and then left sources.list empty... would mean future parsing would only need to read the sources.list.d files
[2009/12/19 09:36:26] @ crdant joined channel #puppet
[2009/12/19 09:36:46] @ pheezy joined channel #puppet
[2009/12/19 09:38:53] @ nakano_ is now known as nakano
[2009/12/19 09:40:09] @ Quit: _lunix_: Read error: 60 (Operation timed out)
[2009/12/19 09:42:17] @ sjefen6 joined channel #puppet
[2009/12/19 09:59:07] @ Quit: CoolCold_: Read error: 60 (Operation timed out)
[2009/12/19 09:59:21] @ CoolCold joined channel #puppet
[2009/12/19 10:05:11] @ Bass10 joined channel #puppet
[2009/12/19 10:08:50] @ Quit: erm_: Read error: 110 (Connection timed out)
[2009/12/19 10:10:28] @ jcape joined channel #puppet
[2009/12/19 10:30:18] @ bug joined channel #puppet
[2009/12/19 10:31:24] @ Quit: pheezy: Remote closed the connection
[2009/12/19 10:45:25] @ Quit: bug:
[2009/12/19 10:53:00] <Cyis> trying to write a new provider & type... is there a way to check without having to throw it into puppetmaster and potentiall break things?
[2009/12/19 10:53:02] @ rickbradley is now known as rickbradley|away
[2009/12/19 10:58:37] @ Quit: ewdafa: Read error: 60 (Operation timed out)
[2009/12/19 11:02:09] @ bug joined channel #puppet
[2009/12/19 11:04:30] @ kaptk2 joined channel #puppet
[2009/12/19 11:09:06] @ Quit: eric0: Read error: 113 (No route to host)
[2009/12/19 11:12:40] @ ewdafa joined channel #puppet
[2009/12/19 11:20:04] @ docelic_ joined channel #puppet
[2009/12/19 11:22:48] @ rmiller4pi81 joined channel #puppet
[2009/12/19 11:34:00] @ cynicismic joined channel #puppet
[2009/12/19 11:34:43] @ Quit: docelic: Read error: 110 (Connection timed out)
[2009/12/19 11:35:17] @ grantk joined channel #puppet
[2009/12/19 11:36:14] <grantk> good morning. Anyone have a good method for moving puppetmasters and regenerating all of The certs. I was moving mine and wanted to avoid regenerating certs for every host.
[2009/12/19 11:38:08] @ Quit: rmiller4pi8: Read error: 110 (Connection timed out)
[2009/12/19 11:39:10] @ Quit: jab_doa_: "Verlassend"
[2009/12/19 11:40:18] @ _lunix_ joined channel #puppet
[2009/12/19 11:40:42] <Cyis> grantk, you're wanting to keep your existing certs but move the PM to a new host?
[2009/12/19 11:44:01] <grantk> Cyis: Keeping the certs would be nice, Right now for testing I have just deleted all of the old cert info and run puppetd on the client side to generate new certs, I did not know if there was something I could do to avoid going to each host and deleting old cert info, then going to the puppetmaster and signing all new certs.
[2009/12/19 11:45:00] @ rmiller4pi8 joined channel #puppet
[2009/12/19 11:45:17] <Cyis> if your CA cert changes then you would have to regenerate and sign the client certs obviously...
[2009/12/19 11:45:46] <Cyis> but if the puppetmaster's hostname stayed the same should be able to copy the SSL certificate content from one machine to the next and the client certs still be valid
[2009/12/19 11:45:57] <Cyis> that's just standard x.509 PKI
[2009/12/19 11:47:17] <grantk> Cyis: I figured that would be the case, but thought It would be worthwhile checking. My hostname is changing so I will just have to regenerate.
[2009/12/19 11:48:49] @ Quit: _lunix_: Read error: 60 (Operation timed out)
[2009/12/19 11:49:03] <aitkp_> i haven't tried this, if you did change the name you might be able to do some fu like sign the new CA with the old CA and copy the signed certs to the new server
[2009/12/19 11:49:45] <aitkp_> that would keep the trust chain for the client--depending on how the client trusts, it may or may not work
[2009/12/19 11:51:44] <ohadlevy> volcane: ping
[2009/12/19 11:52:19] @ Quit: lilmatt: Read error: 110 (Connection timed out)
[2009/12/19 11:54:04] <grantk> aitkp would you break that chain when the existing pm goes away?
[2009/12/19 11:54:34] <aitkp_> in theory, no
[2009/12/19 11:55:13] <Volcane> ohadlevy: looks good, will mail julian now
[2009/12/19 11:55:29] <ohadlevy> volcane: ah, just sending you an email
[2009/12/19 11:55:48] <Volcane> ohadlevy: copy "Julian Simpson" <simpsonjulian@gmail.com>; :)
[2009/12/19 11:57:14] @ Quit: rmiller4pi8: "Leaving."
[2009/12/19 11:59:42] @ Quit: crdant: "Leaving."
[2009/12/19 12:00:41] @ Quit: bug:
[2009/12/19 12:05:08] @ Quit: rmiller4pi81: Read error: 110 (Connection timed out)
[2009/12/19 12:05:41] * Volcane 's been wondering how mcollective agents can expose meta data about their inputs etc
[2009/12/19 12:05:55] <Volcane> so tool like foreman can provide a generic interface to calling agents
[2009/12/19 12:06:32] <Volcane> busy implimenting a more tightly defined but optional RPC style system, once thats in any compliant agent should be trivial to call from a generic web / cli ui
[2009/12/19 12:06:49] <Volcane> but would be nice if the web ui's can construct dynamic forms asking for the right questions
[2009/12/19 12:10:57] * Cyis is plugging away trying to setup an aptrepo type/provider
[2009/12/19 12:16:05] @ Quit: scylla: "Connection timed out"
[2009/12/19 12:22:45] @ lilmatt joined channel #puppet
[2009/12/19 12:23:58] <Cyis> arg... getting "Could not find resource type aptrepo at ... on node ..." error but /var/lib/puppet/type/aptrepo.rb exists
[2009/12/19 12:45:53] @ Quit: kaptk2: "Leaving."
[2009/12/19 12:46:43] @ Quit: giskard: "Leaving..."
[2009/12/19 12:47:17] <Cyis> getting closer... now I'm getting a "in 'retrieve': No ability to determine if aptrepo exists" errror
[2009/12/19 12:47:29] @ crdant joined channel #puppet
[2009/12/19 12:52:42] <duritong> masterzen: ping
[2009/12/19 12:59:19] @ Quit: lilmatt: Client Quit
[2009/12/19 13:04:02] @ ghg joined channel #puppet
[2009/12/19 13:04:39] @ mvn071 joined channel #puppet
[2009/12/19 13:10:21] <Cyis> okay... looks like I have it generating the file properly under /etc/apt/sources.list.d when given ensure => "present" but isn't removing it when or the entry inside if set to ensure => "absent"
[2009/12/19 13:10:38] <Cyis> guess I should put this up on github so I can get some assistance and other eyes on it
[2009/12/19 13:13:44] @ Quit: jcape: Connection timed out
[2009/12/19 13:22:16] @ pheezy joined channel #puppet
[2009/12/19 13:23:33] @ Quit: pheezy: Remote closed the connection
[2009/12/19 13:29:49] @ Quit: Mick27: "Leaving"
[2009/12/19 13:43:06] <Cyis> Alrighty... it's a start but I'm missing somethings it seems git://github.com/jbouse/puppet-aptrepo.git
[2009/12/19 13:45:44] @ _lunix_ joined channel #puppet
[2009/12/19 13:46:28] @ bug joined channel #puppet
[2009/12/19 13:55:32] @ LinuxCode joined channel #puppet
[2009/12/19 13:58:14] @ bodepd joined channel #puppet
[2009/12/19 13:58:37] <LinuxCode> hmmm
[2009/12/19 13:58:49] <LinuxCode> I am looking at creating an iptables recipe
[2009/12/19 14:00:18] <agaffney> LinuxCode: there is already a nice one
[2009/12/19 14:00:38] <LinuxCode> it should be very flexible... was ponder to maybe allow multiple defines to set one rule each, however, questions is, a. either make a file each, which aint great, or maybe append an array to another array, which the template would parse
[2009/12/19 14:00:41] <LinuxCode> agaffney, ohh ?
[2009/12/19 14:00:45] <agaffney> http://reductivelabs.com/trac/puppet/wiki/Recipes/ModuleIptables
[2009/12/19 14:00:48] <LinuxCode> tell me more please
[2009/12/19 14:00:57] <agaffney> I modified it a bit for my purposes
[2009/12/19 14:00:59] <LinuxCode> awesome, maybe I can get some more useful ideas there
[2009/12/19 14:01:08] <agaffney> split out the header/footer into files intead of embedded in the script
[2009/12/19 14:01:08] * LinuxCode looks
[2009/12/19 14:01:27] * Volcane builds them up with snippets
[2009/12/19 14:01:40] <LinuxCode> eww perl
[2009/12/19 14:01:40] <agaffney> it's like a simplified concat_file with a built-in firewall restart
[2009/12/19 14:02:02] <agaffney> LinuxCode: the script that puts them together can easily be rewritten in your language of choice
[2009/12/19 14:02:21] <Volcane> LinuxCode: my concat has a similar script in sh code
[2009/12/19 14:02:44] <LinuxCode> Volcane, define snippets for me please
[2009/12/19 14:02:52] <LinuxCode> individual small files ?
[2009/12/19 14:02:54] <Volcane> http://nephilim.ml.org/~rip/puppet/concatfile/
[2009/12/19 14:02:59] <LinuxCode> which then get catted together ?
[2009/12/19 14:03:02] <Volcane> yup
[2009/12/19 14:03:14] <LinuxCode> yeh I was pondering something along the lines
[2009/12/19 14:03:34] <agaffney> I just implemented concatfile in my puppet setup for /etc/security/access.conf
[2009/12/19 14:03:36] <agaffney> and sudoers
[2009/12/19 14:04:12] <Volcane> the code at that url is flexible enough for you to do something like iptables::register{"port_80": proto => "tcp", dport => "80", source => "any"}
[2009/12/19 14:04:55] <LinuxCode> Volcane, your url I take it
[2009/12/19 14:05:02] <KarlHungus> we use concat for filewalls
[2009/12/19 14:05:37] <KarlHungus> our iptables template contains the base rules, and an include that pulls in node specific rules from a file
[2009/12/19 14:05:56] <LinuxCode> Volcane, then each rule makes a file and gets concatted ?
[2009/12/19 14:06:04] <Volcane> yeah
[2009/12/19 14:06:13] <KarlHungus> although that is being factored out into @@ resources so modules can drop in the rules they require
[2009/12/19 14:06:14] <agaffney> that's how the iptables recipe I pointed out works
[2009/12/19 14:06:25] <LinuxCode> k seems like that would be the most efficient way, with puppets capabilities
[2009/12/19 14:06:36] <LinuxCode> agaffney, Im still flying over it
[2009/12/19 14:06:37] <LinuxCode> hehe
[2009/12/19 14:06:38] <Volcane> agaffney: yeah i think i took the concept there and made it just more generic when i wrote my concat stuff
[2009/12/19 14:06:39] <agaffney> I used "fragments" like http, https, ssh, etc.
[2009/12/19 14:06:46] <agaffney> instead of node-specific stuff
[2009/12/19 14:06:57] <KarlHungus> agaffney: yeah, mine is very similar, i just don't use a perl script. i use the puppet tamplates
[2009/12/19 14:07:14] <agaffney> at my current job, I'm not doing firewall management with puppet right now
[2009/12/19 14:07:55] <LinuxCode> Volcane, the key is felxibility here and choice
[2009/12/19 14:08:11] <LinuxCode> FI uses a per system approach
[2009/12/19 14:08:27] <LinuxCode> I want something more flexible and hence more restrictive
[2009/12/19 14:09:48] <LinuxCode> I was pondering to do it in 3-4 sections: general filter (all junk we dont want), log stuff (pesky bastard control), ipv4table, ipv6table
[2009/12/19 14:09:52] <LinuxCode> along those lines
[2009/12/19 14:10:12] <Volcane> LinuxCode: yeah i have a number of chains that goes *everywherE* like monitor accesss, backup access, admin access etc
[2009/12/19 14:10:13] @ Quit: dsch04: "Leaving"
[2009/12/19 14:10:20] <LinuxCode> yeh
[2009/12/19 14:10:37] <Volcane> those get hit first, then in INPUT i drop into a machine_chain for the specific rules for that machine
[2009/12/19 14:10:43] <Volcane> so per machine rules tend to be very small
[2009/12/19 14:10:57] <LinuxCode> I def need a chain to allow dom0s to dump the rules in for the domUs
[2009/12/19 14:11:02] <LinuxCode> stuff like that
[2009/12/19 14:11:12] <Volcane> yeah, i do all my firewalling on dom0's too
[2009/12/19 14:11:29] <Volcane> well the ones that arent bridging
[2009/12/19 14:11:35] <LinuxCode> yeh
[2009/12/19 14:11:53] <Volcane> i build up motd's like this http://pastie.org/509759 with those snippets
[2009/12/19 14:12:22] <Volcane> ah, found this : http://pastie.org/672499 thats the code too
[2009/12/19 14:12:31] <LinuxCode> thats quite neat
[2009/12/19 14:13:21] <LinuxCode> sweet
[2009/12/19 14:13:43] <KarlHungus> LinuxCode: http://pastie.org/750033 that is my iptables template (sanitized somewhat)
[2009/12/19 14:13:49] <LinuxCode> Im not that keen on divulging too much information in the motd, but that could be useful for other stuff
[2009/12/19 14:14:13] <Volcane> LinuxCode: yeah i certainly dont put every module in there, just a couple of ones i would like to be aware of
[2009/12/19 14:14:44] <Volcane> LinuxCode: but also i can just put a var on a node to disable it all and just put a generic 'managed by foo for support contact support@foo.com'
[2009/12/19 14:14:59] <LinuxCode> yeh, that is neat
[2009/12/19 14:15:10] <LinuxCode> KarlHungus, cheers, I will take a look at that too
[2009/12/19 14:16:27] <KarlHungus> LinuxCode: my current problem with module each exporting their own module specifc rules is that i havent found a way to rebuild the snippets in the order i want
[2009/12/19 14:16:43] <KarlHungus> so i have to manage each nodes rules in its fqdn-rules files
[2009/12/19 14:17:04] <Volcane> yeah for iptables i managed the fqdn specific bits in files too
[2009/12/19 14:17:11] <Volcane> often just installing apache doesnt mean i want it open to the world
[2009/12/19 14:17:27] @ dsch04 joined channel #puppet
[2009/12/19 14:17:27] <Volcane> like each dom0 has a apache on it accesible to the nodes on it - serves up kickstart files etc
[2009/12/19 14:17:38] <Volcane> would just be too hard to model that behaviour
[2009/12/19 14:17:57] <LinuxCode> I wouldnt add firewall handling to the modules
[2009/12/19 14:18:07] <LinuxCode> I want it to be a manual process
[2009/12/19 14:18:10] <Volcane> nods, ditto
[2009/12/19 14:18:32] @ bodepd_ joined channel #puppet
[2009/12/19 14:18:35] <LinuxCode> principal of deny all, allow as required
[2009/12/19 14:19:27] <LinuxCode> would be an idea though, to make that possible, but by default have it disabled
[2009/12/19 14:19:51] <LinuxCode> then you could maybe restrict each app and import rules
[2009/12/19 14:19:57] @ Quit: mvn071: Remote closed the connection
[2009/12/19 14:20:17] * LinuxCode makes more notes
[2009/12/19 14:20:45] <LinuxCode> could probably do an if defined for that
[2009/12/19 14:20:58] <LinuxCode> certain apps require certain ports
[2009/12/19 14:21:02] <KarlHungus> LinuxCode: http://pastie.org/750033 more disclosure. i just include s_firewall on the nodes (actually in the basenode)
[2009/12/19 14:21:58] <LinuxCode> ohh wait, I see what you did now
[2009/12/19 14:22:06] <LinuxCode> each module creates its own file ?
[2009/12/19 14:23:02] <KarlHungus> no. the s_firewall/templates/iptables file is included on all nodes that 'include s_firewall'
[2009/12/19 14:23:10] <LinuxCode> ahhh
[2009/12/19 14:23:23] <LinuxCode> so this basically allows for a premade rule set for each node
[2009/12/19 14:23:30] <LinuxCode> dumped into a file
[2009/12/19 14:23:37] <KarlHungus> and if i have a file in s_firewall/templates/nodes.d/ that matches ${fqdn}-rules then that is inserted in the iptables script
[2009/12/19 14:23:45] <LinuxCode> k
[2009/12/19 14:23:58] <KarlHungus> so by default nodes are heavily locked down, then i open things up by creating a rules file for that node
[2009/12/19 14:23:59] @ bodepd__ joined channel #puppet
[2009/12/19 14:24:02] <LinuxCode> I dont think I will go along those lines
[2009/12/19 14:24:16] <LinuxCode> yeh
[2009/12/19 14:25:13] <LinuxCode> IO.foreach <-- may I enquire what the IO does ?
[2009/12/19 14:25:21] * LinuxCode is not a puppet coder
[2009/12/19 14:25:37] @ Quit: bodepd: Read error: 104 (Connection reset by peer)
[2009/12/19 14:25:37] @ bodepd__ is now known as bodepd
[2009/12/19 14:26:08] <KarlHungus> looks in the nodes.d dir for files with the name ${fqdn}-rules and inserts them one by one (although only one can ever be a match)
[2009/12/19 14:26:36] <KarlHungus> for example in nodes.d i have webserver1.domain.com-rules and that holds the node specific fules for that host
[2009/12/19 14:26:55] <KarlHungus> like -A INPUT --dport 80 -j ACCEPT
[2009/12/19 14:27:03] <LinuxCode> ohh so IO opens the file for reading
[2009/12/19 14:27:11] <KarlHungus> yup
[2009/12/19 14:27:14] <LinuxCode> kk
[2009/12/19 14:27:28] <LinuxCode> that might be useful...one day
[2009/12/19 14:28:30] <LinuxCode> I wish that templates could be just modified twice and it would append the content
[2009/12/19 14:28:49] <LinuxCode> but that would bring its own problems, I suppose
[2009/12/19 14:29:43] <KarlHungus> not really. you could modify it so there is a generic iptables-header.erb and iptables-footer.erb and have the iptables.erb template places those in and pull the ${fqdn}}-rules into the middle.
[2009/12/19 14:30:00] <KarlHungus> or if ${fqdn}-header exists, use it instead of the generic
[2009/12/19 14:30:24] <LinuxCode> yeh, I know
[2009/12/19 14:30:35] <KarlHungus> maybe i'm misunderstanding what you mean :P
[2009/12/19 14:30:38] <LinuxCode> not what I meant hehe
[2009/12/19 14:30:46] <LinuxCode> yeh, nevermind, ;-D
[2009/12/19 14:31:09] <KarlHungus> anyhow, i need to clean the house (ugh)
[2009/12/19 14:31:11] <LinuxCode> thanks for now guys
[2009/12/19 14:31:18] <LinuxCode> yeh cheers for all the insights
[2009/12/19 14:31:20] <KarlHungus> good luck, hope i helped maybe just a little
[2009/12/19 14:31:28] <LinuxCode> def, everybody did
[2009/12/19 14:31:43] * LinuxCode goes off to do more brainstorming
[2009/12/19 14:31:46] @ Quit: bug:
[2009/12/19 14:35:09] @ rmiller4pi8 joined channel #puppet
[2009/12/19 14:38:19] <Cyis> got a start on that aptrepo type... but now to try and track down the source of the weird behaviors
[2009/12/19 14:41:14] @ MattyM joined channel #puppet
[2009/12/19 14:48:14] @ Quit: bodepd_: Read error: 110 (Connection timed out)
[2009/12/19 14:59:33] @ jes5 joined channel #puppet
[2009/12/19 15:02:27] @ rmiller4pi81 joined channel #puppet
[2009/12/19 15:04:03] @ rmiller4pi82 joined channel #puppet
[2009/12/19 15:06:29] @ rmiller4pi83 joined channel #puppet
[2009/12/19 15:06:35] @ grantk left channel #puppet ()
[2009/12/19 15:08:09] @ xerophyte joined channel #puppet
[2009/12/19 15:10:57] @ Quit: rmiller4pi81: Read error: 60 (Operation timed out)
[2009/12/19 15:20:55] @ Quit: rmiller4pi8: Read error: 110 (Connection timed out)
[2009/12/19 15:23:41] @ Quit: cynicismic: Remote closed the connection
[2009/12/19 15:25:10] @ Quit: rmiller4pi82: Read error: 110 (Connection timed out)
[2009/12/19 15:25:34] @ henriquev joined channel #puppet
[2009/12/19 15:28:32] @ Quit: bodepd:
[2009/12/19 15:30:41] @ Quit: MattyM: "ta ta"
[2009/12/19 15:30:45] @ blahdeblah joined channel #puppet
[2009/12/19 15:31:53] @ blahdeblah left channel #puppet ()
[2009/12/19 15:45:07] @ Quit: henriquev: Read error: 110 (Connection timed out)
[2009/12/19 15:52:39] @ Quit: alfism: "http://opensolaris.com/"
[2009/12/19 16:18:00] @ rmiller4pi8 joined channel #puppet
[2009/12/19 16:35:29] @ rmiller4pi81 joined channel #puppet
[2009/12/19 16:36:04] @ Quit: rmiller4pi83: Read error: 110 (Connection timed out)
[2009/12/19 16:43:28] @ jcape joined channel #puppet
[2009/12/19 16:43:49] @ jcape left channel #puppet ()
[2009/12/19 16:45:41] <ashp> Hmm, anyone here use puppet or foreman or anything like that to build up and maintain dhcp?
[2009/12/19 16:45:58] <ashp> I want to move our boxes towards static DHCP so I can remove the giant hunk o' crap that handles re-iping stuff in puppet currently
[2009/12/19 16:46:13] @ jaredrhine joined channel #puppet
[2009/12/19 16:48:10] @ Quit: kolla: Remote closed the connection
[2009/12/19 16:48:35] @ kolla joined channel #puppet
[2009/12/19 16:53:44] @ Quit: rmiller4pi8: Read error: 110 (Connection timed out)
[2009/12/19 17:02:54] @ Quit: LinuxCode: "Connection Closed"
[2009/12/19 17:22:55] <jamesturnbull> madduck: ping - I've logged a ticket - #2968 - could you do a run replicating the issue with --debug --trace on please and add to ticket?
[2009/12/19 17:22:56] <gepetto_> jamesturnbull: madduck: #2968 is http://projects.reductivelabs.com/issues/show/2968 "Puppet - Bug #2968: Fails to work with ipv6 resolver - ReductiveLabs.com"
[2009/12/19 17:23:52] <madduck> does redmine allow mail submission, jamesturnbull?
[2009/12/19 17:24:45] <madduck> you want -debug -trace of the puppetmaster?
[2009/12/19 17:26:06] <madduck> kinda hard to do now that i have accepted the machine
[2009/12/19 17:26:40] <madduck> jamesturnbull: i am flying out towards your end of the world tomorrow, and i really ought to pack instead of computers.
[2009/12/19 17:26:56] <madduck> the trace is probably going to be straightforward.
[2009/12/19 17:27:10] <madduck> but if unresolved, I will get back to this in january.
[2009/12/19 17:27:19] <jamesturnbull> madduck: okay
[2009/12/19 17:27:33] <jamesturnbull> madduck: it does allow mail submision but we've not set it up yet - on the TODO list
[2009/12/19 17:27:51] <jamesturnbull> madduck: trace of both master and client would be good and contents of resolv.conf
[2009/12/19 17:27:51] @ Quit: RageLink: Remote closed the connection
[2009/12/19 17:28:09] <jamesturnbull> madduck: would be great but understand if you hgave to pack :)
[2009/12/19 17:29:05] <madduck> i marked it in my calendar 2 weeks from now and will get back to it then
[2009/12/19 17:29:48] <madduck> (i will be offline for most of christmas/new years)
[2009/12/19 17:29:58] @ Quit: toi: Read error: 113 (No route to host)
[2009/12/19 17:30:10] <madduck> thanks for the ticket!
[2009/12/19 17:30:21] <madduck> now bye and see you in 3 weeks.
[2009/12/19 17:31:30] <jamesturnbull> madduck: enjoy NZ
[2009/12/19 17:32:46] <madduck> will do
[2009/12/19 17:32:47] <jamesturnbull> duritong: can you please test #2823?
[2009/12/19 17:32:47] <gepetto_> jamesturnbull: duritong: #2823 is http://projects.reductivelabs.com/issues/show/2823 "Puppet - Bug #2823: fail and unhelpful error message if a remote directory doesn't exist. - ReductiveLabs.com"
[2009/12/19 17:32:49] <madduck> thanks again
[2009/12/19 17:32:53] <jamesturnbull> madduck: and see you in Jan
[2009/12/19 17:32:56] <madduck> now good night.
[2009/12/19 17:33:02] <madduck> i mean, morning to you and stuff
[2009/12/19 17:34:58] <Cyis> anyone got a moment to take a look at a aptrepo type/provider and see what I'm missing... think I'm too close to the code and just not seeing something
[2009/12/19 17:35:46] <jamesturnbull> Cyis: I can but the -dev list is a good place too - lot's of eyes :)
[2009/12/19 17:36:22] <Cyis> jamesturnbull, I threw it up on github http://github.com/jbouse/puppet-aptrepo
[2009/12/19 17:36:51] <Cyis> it appears to be creating fine... but every execution keeps duplicating what it already setup
[2009/12/19 17:37:06] <Cyis> as well setting ensure => "absent" is not removing it
[2009/12/19 17:39:10] <jamesturnbull> Cyis: sure give me a tick - trying to juggle about ten commits right now
[2009/12/19 17:40:04] <Cyis> I know how that is... I'm just waiting for major re-deployment/upgrade maint window to open for work in about 5 hours
[2009/12/19 17:40:26] @ erm_ joined channel #puppet
[2009/12/19 17:50:01] <jamesturnbull> Cyis: looks okay to me
[2009/12/19 17:50:28] <jamesturnbull> Cyis: but something obviously isn't kosher
[2009/12/19 17:50:35] <Cyis> jamesturnbull, yeah it looks right to me as well... but it's not functioning as it should
[2009/12/19 17:51:04] <Cyis> I've been scratching my head, googling and comparing with other puppet providers/types...
[2009/12/19 17:52:41] @ Djelibeybi joined channel #puppet
[2009/12/19 17:53:19] @ Quit: vzctl_: Remote closed the connection
[2009/12/19 17:53:28] <jamesturnbull> Cyis: just looking at your shoulds and something isn't right there
[2009/12/19 17:53:41] @ vzctl_ joined channel #puppet
[2009/12/19 17:53:55] @ MattyM joined channel #puppet
[2009/12/19 17:53:56] <jamesturnbull> Cyis: but its no coffee yet this morning - did you look at the yumrepo type? it's not a parsedfile type but shoudl have the same basic concept
[2009/12/19 17:54:20] <jamesturnbull> Cyis: but models the same general behaviour
[2009/12/19 17:54:24] <Cyis> yeah I looked at yumrepo as well as ssh_authorized_keys
[2009/12/19 17:55:02] <Cyis> seems that what I'm trying to accomplish would kinda model closer to ssh_authorized_keys than yumrepo given flat text file vs ini
[2009/12/19 17:57:10] <jamesturnbull> Cyis: yeah hmmm the insync? method
[2009/12/19 17:57:28] <Cyis> it will create the file just fine the first time... second time it runs it appears prefetch pulls in the original and it's parsed but doesn't get the :name but when it flushes it outputs both... a third execution gets 3 entries and so forth
[2009/12/19 17:58:27] <jamesturnbull> Cyis: shouldn't is == @should be is == should ?
[2009/12/19 17:58:35] <jamesturnbull> ignore the ?
[2009/12/19 17:59:05] * jamesturnbull will bbl after coffee and food
[2009/12/19 17:59:18] <Djelibeybi> jamesturnbull: bring me a coffee too, kthx.
[2009/12/19 17:59:28] <jamesturnbull> Djelibeybi: ummm ... no
[2009/12/19 17:59:32] * Cyis needs to ask the wife to make another pot... we already finished one :)
[2009/12/19 17:59:32] <jamesturnbull> :)
[2009/12/19 17:59:45] <Djelibeybi> jamesturnbull: right, coal for you for Christmas!
[2009/12/19 18:00:03] <jamesturnbull> Djelibeybi: we're Jewish
[2009/12/19 18:00:46] <Djelibeybi> jamesturnbull: then no dreidl for Hannukah next year. And I'm totally not passing you over at Passover.
[2009/12/19 18:00:57] <jamesturnbull> Djelibeybi: ditto
[2009/12/19 18:01:20] <jamesturnbull> Djelibeybi: I'm not going to Yom your kippur either
[2009/12/19 18:01:22] <Djelibeybi> Speaking of which, I should've wished you a chag sameach a few days ago, but I suspect you would not have understood.
[2009/12/19 18:01:45] <jamesturnbull> Djelibeybi: that's on the ones I know
[2009/12/19 18:01:55] <jamesturnbull> Djelibeybi: and it was the 12th
[2009/12/19 18:02:34] <jamesturnbull> Djelibeybi: and does that apply to hannukah?
[2009/12/19 18:02:41] <Djelibeybi> Yes, it does.
[2009/12/19 18:02:48] <Djelibeybi> Just means "happy holiday", really
[2009/12/19 18:03:16] <jamesturnbull> Djelibeybi: should be l'shanah tovah i think :)
[2009/12/19 18:03:25] <Djelibeybi> That's happy new year. :)
[2009/12/19 18:03:34] <Cyis> jamesturnbull, the "is == @should" is same syntax used in sshkey, host & cron
[2009/12/19 18:03:36] <jamesturnbull> Djelibeybi: close enough
[2009/12/19 18:03:58] <Djelibeybi> Which reminds me, I really should put the Jewish calendar back into iCal.
[2009/12/19 18:04:00] <jamesturnbull> Cyis: but interestingly not in ssh_authorized_key
[2009/12/19 18:04:12] <jamesturnbull> wonder if that's a bug
[2009/12/19 18:04:31] <Cyis> yeah i noticed that... let me comment that out and see if it changes the behaviour
[2009/12/19 18:05:17] <jamesturnbull> seems to have been fixed in #2124
[2009/12/19 18:05:18] <gepetto_> jamesturnbull: #2124 is http://projects.reductivelabs.com/issues/show/2124 "Puppet - Bug #2124: ssh_authorized_key always changes target if target is not defined - ReductiveLabs.com"
[2009/12/19 18:06:29] <Cyis> nope... removing that insync? function didn't stop the duplication
[2009/12/19 18:07:04] <jamesturnbull> Cyis: changing it to should?
[2009/12/19 18:07:26] <jamesturnbull> ~seen ctrlaltdel
[2009/12/19 18:07:32] <jamesturnbull> !seen ctrlaltdel
[2009/12/19 18:07:34] <gepetto_> jamesturnbull: nope!
[2009/12/19 18:08:10] <jamesturnbull> hmm what's Francois' IRC
[2009/12/19 18:08:14] <|Mike|> 2009/12/17 20:08:17 -!- francois [n=francois@korn.ctrlaltdel.ch] has left #puppet []
[2009/12/19 18:08:35] <jamesturnbull> |Mike|: that'd be it
[2009/12/19 18:08:37] <jamesturnbull> :P
[2009/12/19 18:08:52] <Cyis> jamesturnbull, nope... same results with is == should
[2009/12/19 18:09:15] <jamesturnbull> Cyis: though that def. a bug in ssh_auth_key ... so thanks for that :P
[2009/12/19 18:09:29] <jamesturnbull> Cyis: can I sugget emailign your code to the -dev list as a unified diff
[2009/12/19 18:11:04] <Cyis> jamesturnbull, for my aptrepo or against ssh_auth_key?
[2009/12/19 18:14:11] <Cyis> guess this is what I get for waking up thinking... "Hey this shouldn't be too hard" :)
[2009/12/19 18:15:51] <jamesturnbull> Cyis: your aptrepo code ... also if you added some tests I'd be ahppy to add the working version to mainline
[2009/12/19 18:17:35] <Cyis> jamesturnbull, yeah I'm not doing much in the way of testing/validating at this point... definitely would need that before going mainline... also wanted to try and see about being able to possibly convert the entire /etc/sources.list over to /etc/sources.list.d/ format
[2009/12/19 18:21:56] @ Quit: crdant: "Leaving."
[2009/12/19 18:21:56] <Cyis> hmm... wonder if I'm fighting against something that's been fixed... just realized I'm running against 0.24 still
[2009/12/19 18:22:28] @ crdant joined channel #puppet
[2009/12/19 18:32:40] @ flibble001 joined channel #puppet
[2009/12/19 18:33:16] @ alfredo joined channel #puppet
[2009/12/19 18:33:33] @ alfredo left channel #puppet ("Leaving")
[2009/12/19 18:35:34] @ Quit: yarihm: "This computer has gone to sleep"
[2009/12/19 18:41:17] @ friendly12345 joined channel #puppet
[2009/12/19 18:46:32] @ Quit: flibble001: Remote closed the connection
[2009/12/19 18:48:31] @ jusfreeman joined channel #puppet
[2009/12/19 19:12:32] @ Quit: jusfreeman: Read error: 110 (Connection timed out)
[2009/12/19 19:17:47] @ bug joined channel #puppet
[2009/12/19 19:29:30] <Cyis> jamesturnbull, okay can confirm it fails in 0.25.1 as well and duplicates... both with and without explicitly specifing the target
[2009/12/19 19:44:41] <jamesturnbull> Cyis: didn't think it'd make a diff but worth a try
[2009/12/19 19:47:17] <Cyis> just blew out a fresh Debian squeeze virtual as it had 0.25.1 instead of 0.24.8 which is in lenny
[2009/12/19 19:47:43] <Berge> Lenny sports 0.24.5.
[2009/12/19 19:47:50] <Berge> Fwiw.
[2009/12/19 19:49:17] @ Quit: Djelibeybi: "Leaving"
[2009/12/19 19:51:48] <Cyis> Berge, ah yes you are right... too many versions when considering I work on Debian, Ubuntu and CentOS :)
[2009/12/19 19:52:07] <Berge> Cyis: rmadison is your friend (-:
[2009/12/19 19:52:33] <Berge> (And you would think there couldn't be much difference between 0.24.5 and 0.24.8, but alas.)
[2009/12/19 19:52:53] @ Quit: bug:
[2009/12/19 19:53:52] <Cyis> true... though I don't usually consider Ubuntu stable given how they cherry pick from stable/testing/unstable distros from Debian and call it a release
[2009/12/19 19:55:28] @ Quit: re__:
[2009/12/19 19:57:11] @ jusfreeman joined channel #puppet
[2009/12/19 20:11:21] @ re_ joined channel #puppet
[2009/12/19 20:18:06] @ Quit: MattyM: "ta ta"
[2009/12/19 20:24:41] @ Quit: re_:
[2009/12/19 20:29:40] @ Quit: jusfreeman: "Konversation terminated!"
[2009/12/19 20:33:34] @ bodepd joined channel #puppet
[2009/12/19 20:33:45] @ jusfreeman joined channel #puppet
[2009/12/19 20:34:14] @ bodepd_ joined channel #puppet
[2009/12/19 20:34:14] @ Quit: bodepd: Read error: 104 (Connection reset by peer)
[2009/12/19 20:34:19] @ bodepd_ is now known as bodepd
[2009/12/19 20:44:05] <Cyis> looks like there's the difference in how yumrepo works as it is all included in the type and has no provider
[2009/12/19 20:46:12] @ bodepd_ joined channel #puppet
[2009/12/19 20:57:38] @ Quit: jusfreeman: Remote closed the connection
[2009/12/19 21:00:53] @ jusfreeman joined channel #puppet
[2009/12/19 21:01:58] @ Quit: bodepd: Read error: 110 (Connection timed out)
[2009/12/19 21:01:58] @ bodepd_ is now known as bodepd
[2009/12/19 21:05:44] @ Quit: jusfreeman: Read error: 104 (Connection reset by peer)
[2009/12/19 21:07:45] @ jusfreeman joined channel #puppet
[2009/12/19 21:25:02] @ Quit: jaredrhine: Read error: 110 (Connection timed out)
[2009/12/19 21:26:27] @ Quit: jusfreeman: Read error: 110 (Connection timed out)
[2009/12/19 21:27:32] <jamesturnbull> !seen johnf
[2009/12/19 21:27:32] <gepetto_> johnf was last seen 21 days, 3 hours, 11 minutes and 43 seconds ago, quitting IRC (Read error: 110 (Connection timed out)) and a while before saying "jamesturnbull: ping"
[2009/12/19 21:29:46] @ MattyM joined channel #puppet
[2009/12/19 21:30:09] @ jaredrhine joined channel #puppet
[2009/12/19 21:33:36] @ Quit: Bass10: Read error: 110 (Connection timed out)
[2009/12/19 21:35:31] @ bodepd left channel #puppet ()
[2009/12/19 21:35:39] @ Quit: MattyM: "ta ta"
[2009/12/19 21:57:13] @ bodepd joined channel #puppet
[2009/12/19 21:59:36] @ rickbradley|away is now known as rickbradley
[2009/12/19 22:01:48] @ Djelibeybi joined channel #puppet
[2009/12/19 22:05:02] @ re_ joined channel #puppet
[2009/12/19 22:07:46] @ bodepd_ joined channel #puppet
[2009/12/19 22:07:47] @ Quit: bodepd: Read error: 54 (Connection reset by peer)
[2009/12/19 22:07:51] @ bodepd_ is now known as bodepd
[2009/12/19 22:14:04] @ bug joined channel #puppet
[2009/12/19 22:24:53] @ joe-mac1 joined channel #puppet
[2009/12/19 22:30:05] @ Quit: bodepd: Read error: 110 (Connection timed out)
[2009/12/19 22:51:49] <Cyis> think I've removed the filetype (:flat) as reason for duplication of file content... has to be some combination of the prefetch and how records are stored that it thinks they're unique
[2009/12/19 22:59:00] @ joe-mac2 joined channel #puppet
[2009/12/19 23:11:25] @ nevyn_ joined channel #puppet
[2009/12/19 23:12:54] @ Quit: whaley: Read error: 110 (Connection timed out)
[2009/12/19 23:13:13] @ bodepd joined channel #puppet
[2009/12/19 23:13:58] @ Quit: Djelibeybi: "Leaving"
[2009/12/19 23:16:19] @ Quit: joe-mac1: Read error: 110 (Connection timed out)
[2009/12/19 23:24:33] @ Quit: nevyn: Read error: 113 (No route to host)
[2009/12/19 23:32:35] @ Quit: joe-mac2: Client Quit
[2009/12/19 23:38:46] <jamesturnbull> Cyis: if you wanted to do Rspec tests - then duplicate the spec/unit/provider/ssh_authorized_key
[2009/12/19 23:38:55] <jamesturnbull> Cyis: parsed.rb in that directory
[2009/12/19 23:39:42] <Cyis> guess I'll have to actually grab the puppet code to get that?
[2009/12/19 23:44:52] <Cyis> sitting in a change control conference call at work... working on puppt/ruby code in between tasks :)
[2009/12/19 23:46:31] <Cyis> I'll go ahead and fork the puppet code on GitHub and work my module code into it so it can be included... so far I've been doing it as a PluginModule
« Friday, 2009-12-18 Index Sunday, 2009-12-20 »

Generated by irclog2html.py 2.6 by Marius Gedminas - find it at mg.pov.lt!