Tuesday, 2010-02-02

[2010/02/02 00:04:06] @ Log started by gepetto
[2010/02/02 00:04:06] @ jellis-real joined channel #puppet
[2010/02/02 00:04:38] @ Quit: themurph: Quit: themurph
[2010/02/02 00:10:47] @ jcape joined channel #puppet
[2010/02/02 00:19:34] @ Quit: notbrien: Quit: notbrien
[2010/02/02 00:30:54] @ qwebirc39771 joined channel #puppet
[2010/02/02 00:31:39] @ tecto joined channel #puppet
[2010/02/02 00:33:26] @ jbu joined channel #puppet
[2010/02/02 00:33:35] @ jbu is now known as tjoe
[2010/02/02 00:34:21] @ Quit: tjoe: Client Quit
[2010/02/02 00:35:35] @ tjoe joined channel #puppet
[2010/02/02 00:35:51] @ Quit: OpenMedia: Quit: Leaving.
[2010/02/02 00:41:16] @ Quit: qwebirc39771: Quit: Page closed
[2010/02/02 00:46:57] @ m1nish joined channel #puppet
[2010/02/02 00:49:05] @ manish__ joined channel #puppet
[2010/02/02 00:50:21] @ Quit: m1nish: Killed (NickServ (GHOST command used by manish__))
[2010/02/02 00:50:33] @ manish__ is now known as m1nish
[2010/02/02 01:01:22] @ Quit: HeyYall: Read error: Connection reset by peer
[2010/02/02 01:06:54] @ HeyYall joined channel #puppet
[2010/02/02 01:16:58] @ slash^ joined channel #puppet
[2010/02/02 01:17:28] <slash^> hi guys, is it possible on a puppet client to execute a command and then use the output that the command returns ?
[2010/02/02 01:17:45] <ohadlevy> slash: what are you trying to do?
[2010/02/02 01:17:57] <slash^> i want to use the solaris banner command to create a motd
[2010/02/02 01:18:21] <slash^> so nice big letters of each server so ppl cant mistake what they are connected to
[2010/02/02 01:18:43] <slash^> would be nice if i could do something at the template level ?
[2010/02/02 01:19:18] <ptman> slash^, so instead of trying to write file .... source => command, you could write exec { script.sh } where script.sh does banner > /etc/motd
[2010/02/02 01:19:46] <slash^> so pull over a script that generates the motd ?
[2010/02/02 01:19:56] <ptman> that is certainly one way to do it
[2010/02/02 01:20:31] <slash^> hmm... that could be the quick fix
[2010/02/02 01:20:33] <ptman> you can probably call external programs from a template also (after all, you can put any ruby code in the <% %> -tags), but I don't see the benefit of templates
[2010/02/02 01:20:44] <ohadlevy> slash: another way is to use custom facts
[2010/02/02 01:20:57] <ptman> unless you want something extra in addition to the banner
[2010/02/02 01:20:59] <ohadlevy> might be an overkill for this case
[2010/02/02 01:21:11] <slash^> we have a standard motd on all systems
[2010/02/02 01:21:25] <slash^> i just need to add to each of them the large banner name
[2010/02/02 01:21:33] <slash^> custom facts eh..
[2010/02/02 01:21:47] <slash^> all so very new to puppet and loving it...
[2010/02/02 01:22:05] <ohadlevy> slash: i do something similar, motd is actually a template, filled in with variables
[2010/02/02 01:22:39] <slash^> thats what i was hoping to achieve... and at the bottom of the motd is where i would run `banner $hostname`
[2010/02/02 01:22:41] <slash^> something lke that
[2010/02/02 01:23:15] <slash^> we have soo many prod hosts here and im finding that the roookies are not checking uname or looking at the PS1 output of bash where it even shows the hostname
[2010/02/02 01:23:22] <slash^> so they run commands on prod thinking its uat...
[2010/02/02 01:23:24] <slash^> driving me nuts
[2010/02/02 01:23:24] <ptman> backticks should work in ruby
[2010/02/02 01:23:47] <slash^> but are templates created on the puppet master or by the puppet client ?
[2010/02/02 01:25:00] <ptman> good question, but there always the $hostname variable available in templates that contains the client hostname (all facter facts should be available)
[2010/02/02 01:25:24] <slash^> the puppet master is bsd.. which uses a diff banner program..
[2010/02/02 01:25:25] <slash^> hmmm
[2010/02/02 01:25:30] <slash^> ill have a play
[2010/02/02 01:25:36] <slash^> perhaps a custom function / fact is the way
[2010/02/02 01:25:38] <ohadlevy> slash: there is no connection to the os running on the master
[2010/02/02 01:25:48] <ohadlevy> slash: try something like this:
[2010/02/02 01:26:02] @ Dante_J joined channel #puppet
[2010/02/02 01:26:17] <ohadlevy> file{"/etc/motd": content =>"Running on $hostname\n"}
[2010/02/02 01:26:44] <ptman> ohadlevy, that doesn't make it big, which seems to be the whole point
[2010/02/02 01:27:04] <ohadlevy> ptman: what do you mean by big?
[2010/02/02 01:27:19] <slash^> yeah i want big ascii chars
[2010/02/02 01:27:27] <slash^> when you run the program banner blah it will output
[2010/02/02 01:27:33] <ohadlevy> ah
[2010/02/02 01:27:35] <slash^> ##### # ## # #
[2010/02/02 01:27:35] <slash^> # # # # # # #
[2010/02/02 01:27:35] <slash^> ##### # # # ######
[2010/02/02 01:27:35] <slash^> # # # ###### # #
[2010/02/02 01:27:36] <slash^> # # # # # # #
[2010/02/02 01:27:36] <slash^> ##### ###### # # # #
[2010/02/02 01:28:03] <slash^> the whole point is so i can smack ppl on the head saying... how did you miss the MOTD with big letters like that of which system your connected to
[2010/02/02 01:28:12] <ohadlevy> :)
[2010/02/02 01:28:19] <ohadlevy> let me see if there is a native ruby way to do it ;)
[2010/02/02 01:28:55] <slash^> oooo
[2010/02/02 01:28:58] <slash^> now that would be cool :D
[2010/02/02 01:29:00] <ohadlevy> do you have the banner program on your master?
[2010/02/02 01:29:08] <slash^> no :(
[2010/02/02 01:29:18] <ptman> slash^, btw, they'll just use ~/.hushlogin or keep long sessions and mix them up or something, else
[2010/02/02 01:29:19] <slash^> the freebsd banner program writes the words vertically
[2010/02/02 01:29:37] <ptman> slash^, you are trying to solve a psychological problem with tech...
[2010/02/02 01:29:43] <slash^> LOL indeed
[2010/02/02 01:30:41] <ohadlevy> hmm.. if you can get it running on your master than you are covered
[2010/02/02 01:31:06] <slash^> ok.. let me see if i can find an equiv
[2010/02/02 01:31:13] <ohadlevy> or install something like FIGlet
[2010/02/02 01:31:13] <slash^> if i do.. what are you suggesting i do ?
[2010/02/02 01:31:21] <slash^> yeah thats what i was about to try.. :)
[2010/02/02 01:31:24] <ohadlevy> then you can use it inside a template
[2010/02/02 01:31:38] <ohadlevy> file {...content => template(motd.erb)}
[2010/02/02 01:32:00] <ohadlevy> and inside the motd.erb you just do something like <%= `my ascii generator #{hostname}` %>
[2010/02/02 01:32:15] <slash^> that simple ?
[2010/02/02 01:33:40] <slash^> let me give that a whirl :D
[2010/02/02 01:35:58] <slash^> HA
[2010/02/02 01:36:02] <slash^> works a charm!!!!!!!
[2010/02/02 01:36:45] @ f3ew joined channel #puppet
[2010/02/02 01:37:44] <noyb> banner dudes... you could try figlet too.
[2010/02/02 01:38:28] <slash^> yep
[2010/02/02 01:38:33] <slash^> thats what im using on the server
[2010/02/02 01:38:42] <slash^> via templates and it works a charm...
[2010/02/02 01:38:55] <slash^> thankyou ohadlevy :D
[2010/02/02 01:39:18] <ohadlevy> :)
[2010/02/02 01:40:29] <ohadlevy> noyb: I think toilet is the new version
[2010/02/02 01:41:16] @ Quit: murkk: Quit: murkk
[2010/02/02 01:46:42] @ Dante_J left channel #puppet ()
[2010/02/02 01:50:07] <noyb> um... no, thanks. I'm trying to cut back on the caca.
[2010/02/02 01:50:35] <ohadlevy> noyb: no seriously, I have a package with that name on my ubuntu machine :)
[2010/02/02 01:51:26] <noyb> I don't doubt it. I was unfamiliar with it entirely. so a bit of google later, and I found caca labs... just a bit of humor there.
[2010/02/02 01:53:40] <slash^> lol - i did a google too and found it at caca ;)
[2010/02/02 01:54:50] @ Quit: kolla: Remote host closed the connection
[2010/02/02 01:55:24] <noyb> it's amazing what folks will do to get a laugh. I like the "free replacement for the figlet utility" huh? I don't remember shelling out $$ for figlet... ;-)
[2010/02/02 01:59:43] @ Quit: jfreeman: Remote host closed the connection
[2010/02/02 02:11:43] @ Quit: tjoe: Quit: leaving
[2010/02/02 02:16:14] @ pacalm joined channel #puppet
[2010/02/02 02:28:24] @ lucky__ joined channel #puppet
[2010/02/02 02:30:14] @ Quit: alban2: Ping timeout: 246 seconds
[2010/02/02 02:31:34] @ Quit: m1nish: Ping timeout: 272 seconds
[2010/02/02 02:36:46] @ poison joined channel #puppet
[2010/02/02 02:38:42] @ Quit: jcape: Ping timeout: 248 seconds
[2010/02/02 02:45:58] @ Robbie joined channel #puppet
[2010/02/02 02:46:28] @ Robbie is now known as Guest5863
[2010/02/02 02:47:33] @ suchu joined channel #puppet
[2010/02/02 02:50:44] @ mikepea joined channel #puppet
[2010/02/02 02:56:44] @ artista_frustrad joined channel #puppet
[2010/02/02 03:01:38] @ Quit: artista_frustrad: Ping timeout: 248 seconds
[2010/02/02 03:07:48] @ heydrick1 joined channel #puppet
[2010/02/02 03:08:46] @ Quit: mikepea: Quit: mikepea
[2010/02/02 03:08:56] @ Quit: heydrick: Ping timeout: 272 seconds
[2010/02/02 03:09:30] @ PsychoSid joined channel #puppet
[2010/02/02 03:09:44] @ tim\|macbook joined channel #puppet
[2010/02/02 03:18:25] @ Quit: Guest5863: Remote host closed the connection
[2010/02/02 03:21:27] @ Ramonster joined channel #puppet
[2010/02/02 03:22:03] @ mikepea joined channel #puppet
[2010/02/02 03:34:09] @ danielbln joined channel #puppet
[2010/02/02 03:34:18] @ Quit: danielbln: Client Quit
[2010/02/02 03:35:41] @ Quit: Chiku: Read error: Connection reset by peer
[2010/02/02 03:35:48] @ Chiku joined channel #puppet
[2010/02/02 03:41:11] @ cynicismic joined channel #puppet
[2010/02/02 03:42:48] @ Quit: RageLink: Ping timeout: 252 seconds
[2010/02/02 03:43:14] @ RageLink joined channel #puppet
[2010/02/02 03:43:54] @ Pirate_Hunter joined channel #puppet
[2010/02/02 03:45:23] @ Pirate_Hunter left channel #puppet ()
[2010/02/02 03:47:41] @ Quit: tim\|macbook: Ping timeout: 245 seconds
[2010/02/02 03:48:26] @ giskard joined channel #puppet
[2010/02/02 03:58:29] @ Djelibeybi joined channel #puppet
[2010/02/02 04:09:00] @ fluxdude joined channel #puppet
[2010/02/02 04:10:45] @ tim\|macbook joined channel #puppet
[2010/02/02 04:10:57] @ Robbie joined channel #puppet
[2010/02/02 04:11:27] @ Robbie is now known as Guest87958
[2010/02/02 04:11:41] @ jfreeman joined channel #puppet
[2010/02/02 04:18:39] @ benlovell joined channel #puppet
[2010/02/02 04:23:57] @ _elmata_ joined channel #puppet
[2010/02/02 04:24:33] @ Quit: jfreeman: Remote host closed the connection
[2010/02/02 04:25:46] @ StuZZZs joined channel #puppet
[2010/02/02 04:26:40] @ jfreeman joined channel #puppet
[2010/02/02 04:26:58] @ Quit: RageLink: Ping timeout: 248 seconds
[2010/02/02 04:28:39] @ Quit: jfreeman: Remote host closed the connection
[2010/02/02 04:30:41] @ jfreeman joined channel #puppet
[2010/02/02 04:30:48] @ Quit: mikepea: Quit: mikepea
[2010/02/02 04:30:48] @ GioGio joined channel #puppet
[2010/02/02 04:31:39] <GioGio> hi there
[2010/02/02 04:31:53] <GioGio> i have a question about external nodes
[2010/02/02 04:33:34] @ alban2 joined channel #puppet
[2010/02/02 04:33:47] @ Quit: Djelibeybi: Quit: Leaving
[2010/02/02 04:34:06] <GioGio> i wrote a script wich output an yaml document. When i try to contact the master with a client, he understand the environment but it doesn't work, i have to precise on the client the puppetd --environment=test to apply the configuration
[2010/02/02 04:34:18] <GioGio> anyone has an idea where is the problem ?
[2010/02/02 04:34:47] <Volcane> is this with 0.25?
[2010/02/02 04:34:53] @ Quit: benlovell: Quit: benlovell
[2010/02/02 04:38:06] @ Quit: alex: Killed (NickServ (GHOST command used by Alex__!alexjs@goatse.co.uk))
[2010/02/02 04:38:20] @ alexine_dsouza joined channel #puppet
[2010/02/02 04:47:04] @ Quit: joe-mac: Quit: Leaving.
[2010/02/02 04:48:17] @ twisla joined channel #puppet
[2010/02/02 04:48:30] @ benlovell joined channel #puppet
[2010/02/02 04:51:22] @ Quit: tessier_: Changing host
[2010/02/02 04:51:22] @ tessier_ joined channel #puppet
[2010/02/02 04:53:27] <fluxdude> is it possible to set a tidy that will only work if the target isn't a puppet managed resource?
[2010/02/02 04:53:34] <fluxdude> similar to a recursive purge...
[2010/02/02 04:53:56] <fluxdude> I want to delete all files from a dir ending in *.conf except for any that are puppet resources...
[2010/02/02 04:54:06] <fluxdude> I guess I could add a manual ignore => ?
[2010/02/02 04:58:01] <GioGio> Volcane: yes, 0.25.3
[2010/02/02 05:02:42] @ Quit: ashp: Ping timeout: 248 seconds
[2010/02/02 05:02:49] <GioGio> if i don't precise the environment name on the puppetd --environment=test command, i have this error : err: Could not retrieve catalog from remote server: Error 400 on SERVER: Can not use a non-existent file for parsing at ...
[2010/02/02 05:03:05] <GioGio> and if i precise, the catalogue is well applied
[2010/02/02 05:06:56] <GioGio> the order of the yaml is important ? because my yaml start with environment: test
[2010/02/02 05:07:06] <Volcane> i think 25 has a bug with setting environment from the external node tool
[2010/02/02 05:07:09] <Volcane> look in the tickets
[2010/02/02 05:07:31] @ Quit: benlovell: Quit: benlovell
[2010/02/02 05:10:49] <GioGio> Volcane: so you think it's a bug for the latest version of puppet ?
[2010/02/02 05:12:27] @ jab_doa joined channel #puppet
[2010/02/02 05:13:13] @ alban21 joined channel #puppet
[2010/02/02 05:14:58] @ Quit: alban2: Ping timeout: 272 seconds
[2010/02/02 05:17:07] <Volcane> GioGio: i think you should search the tickets like i suggested :)
[2010/02/02 05:18:03] @ Quit: jfreeman: Read error: Connection reset by peer
[2010/02/02 05:18:30] @ Quit: ppickfor: Ping timeout: 252 seconds
[2010/02/02 05:20:28] @ jfreeman joined channel #puppet
[2010/02/02 05:21:06] @ Quit: Boney: Ping timeout: 240 seconds
[2010/02/02 05:23:09] @ ppickfor joined channel #puppet
[2010/02/02 05:26:18] @ alban21 is now known as alban2
[2010/02/02 05:29:38] @ benlovell joined channel #puppet
[2010/02/02 05:31:41] <hggh> 5A
[2010/02/02 05:34:32] @ Boney joined channel #puppet
[2010/02/02 05:36:57] @ Quit: jfreeman: Remote host closed the connection
[2010/02/02 05:37:22] @ nigelk joined channel #puppet
[2010/02/02 05:39:05] @ jfreeman joined channel #puppet
[2010/02/02 05:43:01] @ Quit: jellis-real: Ping timeout: 264 seconds
[2010/02/02 05:44:27] @ Quit: nigelk: Quit: nigelk
[2010/02/02 05:44:32] @ Quit: jfreeman: Remote host closed the connection
[2010/02/02 05:44:41] @ ppickfor1 joined channel #puppet
[2010/02/02 05:44:41] @ Quit: ppickfor: Killed (NickServ (GHOST command used by ppickfor1!~ppickfor@76-10-184-216.dsl.teksavvy.com))
[2010/02/02 05:44:44] @ ppickfor1 is now known as ppickfor
[2010/02/02 05:45:52] @ unomi joined channel #puppet
[2010/02/02 05:50:17] <fluxdude> dang there is no ignore parameter for tidy
[2010/02/02 05:50:23] <fluxdude> nor metaparameter
[2010/02/02 05:50:41] <fluxdude> is there any way to clear .conf from a directory and leave only puppet managed .conf files?
[2010/02/02 05:51:20] <fluxdude> my idea of just doing the tidy with matches => "*.conf" and then ignore => "puppetmanaged.conf" isn't going to work since tidy doesn't support the ignore
[2010/02/02 05:52:20] @ mfladischer joined channel #puppet
[2010/02/02 05:55:43] <unomi> Hi, is it possible to update servers 'realtime' with puppet?
[2010/02/02 05:55:58] <SyTonnerre> Have a look at puppetrun
[2010/02/02 05:56:02] <unomi> so if we are upgrading a package that will be disseminated on the fly?
[2010/02/02 05:56:05] <unomi> will do
[2010/02/02 05:59:51] @ tyll joined channel #puppet
[2010/02/02 06:04:40] @ Quit: poison: Remote host closed the connection
[2010/02/02 06:04:56] @ ppickfor1 joined channel #puppet
[2010/02/02 06:04:56] @ Quit: ppickfor: Killed (NickServ (GHOST command used by ppickfor1!~ppickfor@76-10-184-14.dsl.teksavvy.com))
[2010/02/02 06:05:00] @ ppickfor1 is now known as ppickfor
[2010/02/02 06:06:00] @ skiold joined channel #puppet
[2010/02/02 06:28:21] @ TREllis joined channel #puppet
[2010/02/02 06:28:22] <unomi> just fyi http://reductivelabs.com/trac/puppet/wiki/GettingStarted the links to library of Puppet recipes and facter recipes are no longer correct
[2010/02/02 06:31:39] @ Quit: TREllis: Client Quit
[2010/02/02 06:31:52] @ TREllis joined channel #puppet
[2010/02/02 06:35:37] @ jcape joined channel #puppet
[2010/02/02 06:37:40] @ Quit: skiold: Quit: skiold
[2010/02/02 06:52:37] @ Quit: alexine_dsouza: Read error: Connection reset by peer
[2010/02/02 06:55:55] <ohadlevy> fluxdude: you run the directory with recursive against an empty dir, it will remove all non managed files
[2010/02/02 06:56:12] <ohadlevy> fluxdude: you can see an example in my apache module in my github
[2010/02/02 06:56:28] <Volcane> i think he wanted to only delete a certain pattern of files
[2010/02/02 06:56:41] <Volcane> ohadlevy: plus in 0.25 you dont need the empty dir anymore :)
[2010/02/02 06:56:49] <ohadlevy> ah
[2010/02/02 06:56:51] <ohadlevy> cool
[2010/02/02 06:56:58] <Volcane> just set purge
[2010/02/02 06:57:05] <ohadlevy> not so many 0.25 clients around here
[2010/02/02 06:57:22] * Volcane 's busy upgrading one of his clients
[2010/02/02 06:57:26] <Volcane> hopefully get it done before FOSDEM
[2010/02/02 07:00:38] @ PsychoSid1 joined channel #puppet
[2010/02/02 07:03:42] @ Quit: PsychoSid: Ping timeout: 256 seconds
[2010/02/02 07:04:49] @ bug joined channel #puppet
[2010/02/02 07:10:09] @ Quit: PsychoSid1: Ping timeout: 252 seconds
[2010/02/02 07:10:17] @ mikepea joined channel #puppet
[2010/02/02 07:13:24] @ ashp joined channel #puppet
[2010/02/02 07:17:48] @ jab_doa_ joined channel #puppet
[2010/02/02 07:17:49] @ jab_doa__ joined channel #puppet
[2010/02/02 07:17:54] @ Quit: jab_doa_: Read error: Connection reset by peer
[2010/02/02 07:17:55] @ Quit: jab_doa__: Read error: Connection reset by peer
[2010/02/02 07:28:04] @ Quit: benlovell: Quit: benlovell
[2010/02/02 07:29:24] @ Quit: ppickfor: Ping timeout: 252 seconds
[2010/02/02 07:31:31] @ PsychoSid joined channel #puppet
[2010/02/02 07:32:01] @ ppickfor joined channel #puppet
[2010/02/02 07:35:17] @ poison joined channel #puppet
[2010/02/02 07:36:46] @ Quit: mboyd: Quit: Read error: 131 (Connection reset by beer)
[2010/02/02 07:36:51] @ mboyd joined channel #puppet
[2010/02/02 07:37:26] @ Quit: lucky__: Ping timeout: 265 seconds
[2010/02/02 07:37:50] @ artista_frustrad joined channel #puppet
[2010/02/02 07:41:24] @ lucky__ joined channel #puppet
[2010/02/02 07:48:31] @ Quit: erm_: Ping timeout: 245 seconds
[2010/02/02 07:49:50] @ Quit: lucky__: Remote host closed the connection
[2010/02/02 07:50:36] @ lucky__ joined channel #puppet
[2010/02/02 07:55:01] @ PsychoSid1 joined channel #puppet
[2010/02/02 07:57:32] @ Quit: PsychoSid: Ping timeout: 256 seconds
[2010/02/02 08:02:20] @ lilmatt joined channel #puppet
[2010/02/02 08:04:07] @ suso joined channel #puppet
[2010/02/02 08:11:07] <verwilst> will there be a puppet room @ fosdem? :)
[2010/02/02 08:13:12] <Volcane> not afaik, but plenty of puppet users :)
[2010/02/02 08:17:08] <\|Mike\|> indeed :-)
[2010/02/02 08:21:59] <tim\|macbook> I propose that all puppet users at Fosdem should wear a sockpuppet on one of their hands
[2010/02/02 08:22:31] <illsci> i think you should all wear "order matters" tee shirts
[2010/02/02 08:22:53] <\|Mike\|> tim\|macbook: you first :-)
[2010/02/02 08:23:26] <ohadlevy> can I be last?
[2010/02/02 08:23:54] * Volcane 'll wear his puppet tshirt
[2010/02/02 08:24:04] <ohadlevy> volcane: the sfo one?
[2010/02/02 08:24:20] <\|Mike\|> Volcane: You're going 3 days?
[2010/02/02 08:24:26] <Volcane> http://www.flickr.com/photos/ripienaar/tags/puppet/
[2010/02/02 08:26:11] * ohadlevy will bring his Puppet camp tshirt for PuppetVsChef tomorow
[2010/02/02 08:26:38] <Volcane> erm, yah i think i am going friday and back here on monday
[2010/02/02 08:27:46] * Volcane goes to get food
[2010/02/02 08:29:38] @ Quit: jcape: Ping timeout: 248 seconds
[2010/02/02 08:33:35] @ Quit: mikepea: Quit: mikepea
[2010/02/02 08:37:58] @ tim\|macbook_ joined channel #puppet
[2010/02/02 08:38:12] <duritong> ohadlevy: what kind of workshop is that
[2010/02/02 08:38:16] <duritong> ?
[2010/02/02 08:39:46] @ Quit: tim\|macbook_: Remote host closed the connection
[2010/02/02 08:39:57] @ Quit: tim\|macbook: Read error: No route to host
[2010/02/02 08:39:58] <ohadlevy> duritong: its a ruby group
[2010/02/02 08:40:06] @ tim\|macbook joined channel #puppet
[2010/02/02 08:40:15] <ohadlevy> someone said they want to talk about Chef
[2010/02/02 08:40:21] <ohadlevy> so I couldnt just stand there..
[2010/02/02 08:40:22] <ohadlevy> ;)
[2010/02/02 08:41:08] <duritong> :)
[2010/02/02 08:49:11] <masterzen> looks like Chef zealots are way more evangelist than Puppet zealots...
[2010/02/02 08:52:45] @ jcape joined channel #puppet
[2010/02/02 08:58:46] @ Quit: cwebber: Quit: cwebber
[2010/02/02 09:01:13] @ mpdehaan joined channel #puppet
[2010/02/02 09:07:52] <ohadlevy> masterzen: i guess at the end of the day it depends who you are, I would assume that ruby developers (e.g. non sysadmins) would prefer chef
[2010/02/02 09:08:06] <mpdehaan> Unless they want a superior configuration management system :)
[2010/02/02 09:08:23] <ohadlevy> mpdehaan: you passed the test ;)
[2010/02/02 09:08:24] @ Quit: mfladischer: Quit: Ex-Chat
[2010/02/02 09:09:16] * mpdehaan ponders if ohadlevy ever sleeps
[2010/02/02 09:09:26] <ohadlevy> mpdehaan: no
[2010/02/02 09:09:40] <mpdehaan> we should engage the turing test sometime
[2010/02/02 09:09:51] <ohadlevy> mpdehaan: having a baby helps ;)
[2010/02/02 09:09:58] <mpdehaan> I bet
[2010/02/02 09:10:03] @ Quit: rocket: Ping timeout: 252 seconds
[2010/02/02 09:10:16] @ mfladischer joined channel #puppet
[2010/02/02 09:10:35] <masterzen> I think what people like in Chef is that it is shipped with a large cookbook...
[2010/02/02 09:11:13] @ Quit: _elmata_: Quit: up up and away
[2010/02/02 09:11:19] <Volcane> and that developers are more likely to say they'd build an infrastructure just like the other guy
[2010/02/02 09:11:28] <Volcane> so those generic cookbooks are relevant to the chef target audience
[2010/02/02 09:11:35] <Volcane> in our case we have more sysadmns
[2010/02/02 09:11:55] <ohadlevy> masterzen: i guess some people would prefer a non dsl power
[2010/02/02 09:11:55] <Volcane> and we know sysadmins dont agree on anything - so generic cookbook style recipes isnt popular/desired by a lot of target audience
[2010/02/02 09:12:12] @ themurph joined channel #puppet
[2010/02/02 09:12:45] <ohadlevy> Volcane: I guess that the space is big enough to allow a mixture, there are huge difference in requirements between a startup and a large enterprise..
[2010/02/02 09:12:53] <Volcane> yeah
[2010/02/02 09:12:55] <mpdehaan> Part of what I want to be doing /very/ soon is getting all of the chef repos unified
[2010/02/02 09:12:59] <mpdehaan> err, puppet repos :)
[2010/02/02 09:13:08] @ benlovell joined channel #puppet
[2010/02/02 09:13:09] <masterzen> ohadlevy: I don't think there are many. Most dev I know (including myself) are not reluctant to learn a new language.
[2010/02/02 09:13:16] <ohadlevy> mpdehaan: in what way?
[2010/02/02 09:13:17] <mpdehaan> so that we have one logical place to point people to and say "look at this"
[2010/02/02 09:13:18] <masterzen> Volcane: you might be right.
[2010/02/02 09:13:30] <mpdehaan> versus 7 git repos, and also to make it easier for people not on github
[2010/02/02 09:13:47] <masterzen> mpdehaan: I really think this is a good move
[2010/02/02 09:13:56] @ Quit: jcape: Ping timeout: 245 seconds
[2010/02/02 09:14:12] <masterzen> mpdehaan: you're the new RL employee, correct?
[2010/02/02 09:14:17] <mpdehaan> yes.
[2010/02/02 09:14:25] <masterzen> mpdehaan: so, welcome!
[2010/02/02 09:14:38] <mpdehaan> Thanks. Yeah, please pass along any other feedback/suggestions you may have.
[2010/02/02 09:14:44] @ Quit: mboyd: Quit: Read error: 131 (Connection reset by beer)
[2010/02/02 09:14:49] @ mboyd joined channel #puppet
[2010/02/02 09:14:59] <ohadlevy> mpdehaan: the real trick would be to make it os agnostic ;)
[2010/02/02 09:15:04] <mpdehaan> Yes.
[2010/02/02 09:15:09] <mpdehaan> We had this discussion in cobbler land once.
[2010/02/02 09:15:10] <ohadlevy> there are quite a few RH repos and Debian repos
[2010/02/02 09:15:18] <mpdehaan> OS agnostic snippets vs snippets for each OS...
[2010/02/02 09:15:37] <Volcane> puppet needs significant language features to make it realistic
[2010/02/02 09:15:42] <mpdehaan> we have some things to discuss on the list for sure
[2010/02/02 09:15:46] <mpdehaan> such as?
[2010/02/02 09:15:47] <ohadlevy> mpdehaan: and what was the outcome?
[2010/02/02 09:15:50] <masterzen> Volcane: like?
[2010/02/02 09:16:02] * Volcane finds the thread
[2010/02/02 09:16:07] <mpdehaan> ohadlevy, the outcome at the time was I worked for Red Hat and didn't have cycles. We are MUCH more interested in cross platform here (which is good).
[2010/02/02 09:16:07] <duritong> Volcane: awesome: " and we know sysadmins dont agree on anything" :)
[2010/02/02 09:16:20] <mpdehaan> I don't think they have to agree, per se, as be able to work together :)
[2010/02/02 09:16:23] <Volcane> duritong: let me guess, you dont agree? well fuck you :P
[2010/02/02 09:16:29] <duritong> :)
[2010/02/02 09:16:31] <mpdehaan> I think we can arrive at that.
[2010/02/02 09:16:46] <masterzen> I don't feel like I'm a sysadmin. Am I a Chef user then :-)
[2010/02/02 09:17:11] @ jcape joined channel #puppet
[2010/02/02 09:17:17] <GioGio> i always have my environment problem with my external node. i try with the version 0.24.8, 0.25.2 and 0.25.3 and always the following issue : on the client puppetd --test doesn't work, he didn't succeed to take all the files (Error 400 on SERVER: Can not use a non-existent file for parsing at ...) but if i precise the argument --environment=test it works :/
[2010/02/02 09:17:17] <ohadlevy> masterzen: did you give it a try? maybe you'll change sides? ;)
[2010/02/02 09:17:30] <masterzen> ohadlevy: oh no, I hate ruby!
[2010/02/02 09:17:32] <GioGio> and my yaml is correct, with environment: test inside
[2010/02/02 09:17:46] <Volcane> masterzen, mpdehaan: http://groups.google.com/group/puppet-dev/browse_frm/thread/76455902cab56091/
[2010/02/02 09:18:36] <Volcane> masterzen, mpdehaan: basically if you're goint to make a big std apache module, users need to be able to extend/modify/configure it in ways the puppet language doesnt support now
[2010/02/02 09:18:43] <ohadlevy> GioGio: there is a known issue with that
[2010/02/02 09:18:57] <mpdehaan> apache may be configuring at too low a level
[2010/02/02 09:19:11] <mpdehaan> I mean, that's mostly conf.d driven...
[2010/02/02 09:19:29] <Volcane> its a example, replace apache with anythin
[2010/02/02 09:19:58] <Volcane> same holds true in environment of hosts, who have a central puppet infrastrucutre hosting lots of different companies/clients/etc
[2010/02/02 09:20:09] @ Quit: mboyd: Quit: Read error: 131 (Connection reset by beer)
[2010/02/02 09:20:12] @ mboyd joined channel #puppet
[2010/02/02 09:20:46] <Volcane> see #2957
[2010/02/02 09:20:47] <gepetto> Volcane: #2957 is http://projects.reductivelabs.com/issues/show/2957 "Puppet - Feature #2957: Classes should support an 'extends' functionality - ReductiveLabs.com"
[2010/02/02 09:20:59] <mpdehaan> We have some things to discuss yes. I'll post a thread in a bit. Though I'd prefer to start this now than look at it from a language/code perspective.
[2010/02/02 09:21:10] <mpdehaan> Think about how we want to organize that content, what standards need to be in place...
[2010/02/02 09:21:18] <mpdehaan> and the language features to refactor that can come in over time.
[2010/02/02 09:21:41] <ohadlevy> mpdehaan: you should start with module metadata
[2010/02/02 09:21:55] @ Quit: GioGio: Ping timeout: 248 seconds
[2010/02/02 09:22:02] <mpdehaan> metadata == data. Can you be more specific?
[2010/02/02 09:22:12] <mpdehaan> As in mark up what the module works on and doesn't?
[2010/02/02 09:22:19] <mpdehaan> s/mark up/describe/
[2010/02/02 09:22:24] <duritong> yeah
[2010/02/02 09:22:29] <Volcane> author, version, dependencies, all that kind of thing
[2010/02/02 09:22:45] <mpdehaan> dependencies will need to be tackled eventually. For starters, I'm thinking one repo and taking patches to it.
[2010/02/02 09:22:59] <mpdehaan> like puppet_common or something, namespaced?
[2010/02/02 09:23:03] <ohadlevy> inter module dependencies, requirements, version, e.g you average package metadata
[2010/02/02 09:23:15] <mpdehaan> yeah, I know, eventually. But let's start small ...
[2010/02/02 09:23:28] <mpdehaan> The community is more important than the software, at first.
[2010/02/02 09:23:29] @ londo__ is now known as londo_
[2010/02/02 09:23:40] <ohadlevy> mpdehaan: would be cool to integrate it with foreman, to get a whole processes integrated
[2010/02/02 09:23:42] <mpdehaan> otherwise we never get it implemented :)
[2010/02/02 09:23:53] @ PsychoSid joined channel #puppet
[2010/02/02 09:23:54] <mpdehaan> ohadlevy, or any UI that wants to slurp it in, yes
[2010/02/02 09:24:05] <mpdehaan> we should talk about foreman sometime too
[2010/02/02 09:24:12] <ohadlevy> mpdehaan: anytime
[2010/02/02 09:24:17] <mpdehaan> good deal!
[2010/02/02 09:24:33] * mpdehaan => afk for a bit
[2010/02/02 09:24:35] <ohadlevy> just not when I'm sleeping
[2010/02/02 09:24:41] <mpdehaan> :)
[2010/02/02 09:24:48] @ Quit: PsychoSid1: Ping timeout: 256 seconds
[2010/02/02 09:26:01] @ Quit: jcape: Ping timeout: 245 seconds
[2010/02/02 09:30:36] @ Quit: dyresen: Remote host closed the connection
[2010/02/02 09:36:10] @ Quit: mfladischer: Quit: Ex-Chat
[2010/02/02 09:37:48] @ erm_ joined channel #puppet
[2010/02/02 09:37:49] @ Quit: erm_: Changing host
[2010/02/02 09:37:49] @ erm_ joined channel #puppet
[2010/02/02 09:38:43] @ rgsteele joined channel #puppet
[2010/02/02 09:38:53] @ rocket joined channel #puppet
[2010/02/02 09:41:01] @ Quit: TREllis: Quit: leaving
[2010/02/02 09:41:17] @ TREllis joined channel #puppet
[2010/02/02 09:43:10] <fluxdude> when defining packages and using ensure => "version-num" does puppet make sure the package is that version or higher or exactly that version?
[2010/02/02 09:43:18] <fluxdude> ie will it try to downgrade packages?
[2010/02/02 09:43:20] <Volcane> exactly
[2010/02/02 09:43:24] <Volcane> and it wont downgrade
[2010/02/02 09:43:41] <Volcane> cos most package providers doesnt do downgrading witout force etc
[2010/02/02 09:43:43] <fluxdude> ok, so what happens if I have an older version of a package in the repos and I want only that version installed
[2010/02/02 09:44:19] <fluxdude> also, what happens if the package isn't installed at all and the version you've specified is available from the repo as well as a higher version?
[2010/02/02 09:44:22] <Volcane> well it wont downgrade existing packages, it'll happily install an older though if it doesnt involve downgrading
[2010/02/02 09:44:31] <fluxdude> will it install the specified version or the highest available?
[2010/02/02 09:44:35] @ Quit: lilmatt: Quit: lilmatt
[2010/02/02 09:47:31] <duritong> fluxdude: if nothing is installed it will install the specified version
[2010/02/02 09:47:40] <fluxdude> ok thx
[2010/02/02 09:47:43] @ joe-mac joined channel #puppet
[2010/02/02 09:47:43] <duritong> however if a higher version is installed it won't downgrade
[2010/02/02 09:47:52] * Volcane thought thats what he said :P
[2010/02/02 09:48:22] <duritong> Volcane: sometimes repetition is not that bad ;)
[2010/02/02 09:48:26] <Volcane> heh
[2010/02/02 09:48:43] <joe-mac> yea iof a computer is doing the repetition for you lol
[2010/02/02 09:49:09] <duritong> definately
[2010/02/02 09:49:10] * joe-mac builds .25.4 packages
[2010/02/02 09:49:18] <joe-mac> hope this fixes the cron bug, and that pson logspam
[2010/02/02 09:49:54] * Volcane 's just about done upgrading a client from 0.24 to 0.25.4
[2010/02/02 09:49:55] <duritong> cron yes pson logspam no
[2010/02/02 09:50:02] <Volcane> seeing whitespace changes in templates though meh
[2010/02/02 09:50:02] <joe-mac> :-(
[2010/02/02 09:50:11] <joe-mac> Volcane: uhhh what do you mean dude
[2010/02/02 09:50:19] <Volcane> -
[2010/02/02 09:50:20] <Volcane> +
[2010/02/02 09:50:24] <Volcane> output from the diff :)
[2010/02/02 09:50:24] <joe-mac> i rely on some pretty critical as in, won't be able to access my systems, erb templates
[2010/02/02 09:50:27] <nasrat> serialization
[2010/02/02 09:50:31] <Volcane> nods
[2010/02/02 09:50:37] <Volcane> scary though mid xml files and such
[2010/02/02 09:50:39] <Volcane> but seems ok
[2010/02/02 09:50:44] <nasrat> Volcane: diff \| cat -A
[2010/02/02 09:50:51] <joe-mac> so i should skip .25.4 is what you['re saying?
[2010/02/02 09:51:11] <Volcane> i know what it is, filed the original bug when 0.25.0 came out, not fixable - there was a bug in 0.24 essentially
[2010/02/02 09:51:13] @ gebi joined channel #puppet
[2010/02/02 09:51:33] <joe-mac> ok so then i just have to live with it
[2010/02/02 09:51:33] <Volcane> 0.25 behaves properly, but so in some cases you'll see files change
[2010/02/02 09:51:50] <joe-mac> hopefully notyhing that breaks my erb;s that build iptables
[2010/02/02 09:51:52] <joe-mac> i will be ripshit
[2010/02/02 09:51:57] <joe-mac> and my boss might castrate me
[2010/02/02 09:51:58] <Volcane> :)
[2010/02/02 09:52:10] <Volcane> i just stopped puppet everywhere and updated one by one looking at them all
[2010/02/02 09:52:23] <joe-mac> i like your ideas Volcane
[2010/02/02 09:52:26] <Volcane> cos i knew this shit will happen, though we dont notify daemons in question so still a bit of a worry
[2010/02/02 09:52:29] <joe-mac> you have at least one goodf one a day ;-)
[2010/02/02 09:52:49] <Volcane> now just my 2 rhel 4 machines
[2010/02/02 09:53:05] @ incommon_ike joined channel #puppet
[2010/02/02 09:53:40] @ Quit: Cuchulain: Ping timeout: 260 seconds
[2010/02/02 09:53:45] <jb> hrm, i have some random "Failed to retrieve current state of file: end of file reached" on 0.25.3
[2010/02/02 09:53:49] @ Quit: TREllis: Quit: leaving
[2010/02/02 09:53:52] <jb> anyone seen that?
[2010/02/02 09:54:03] @ TREllis joined channel #puppet
[2010/02/02 09:54:06] <joe-mac> jb: i saw some funkiness with .25.3 that i largely try to ignore
[2010/02/02 09:54:17] <jb> yeah, it seems to correct it's self
[2010/02/02 09:54:31] <joe-mac> mostly casue thes peed increases across everything was so phenomenal
[2010/02/02 09:54:34] <jb> and the contents of the file that its complaining about never changed
[2010/02/02 09:55:01] <joe-mac> maybe when it's parsing the file doesn't end with a newline, thus causing some stupid parser to complain?
[2010/02/02 09:55:08] <jb> probably
[2010/02/02 09:55:17] @ notbrien joined channel #puppet
[2010/02/02 09:57:08] @ themurph left channel #puppet ()
[2010/02/02 09:57:19] <joe-mac> i hate when i get a disgusting breakfast sandwich
[2010/02/02 09:57:27] <joe-mac> bunches my panties right up
[2010/02/02 09:57:37] @ pheezy joined channel #puppet
[2010/02/02 09:57:50] <joe-mac> wrote a puppet module last night to handle splunk
[2010/02/02 09:58:01] <joe-mac> think my boss is going to splurge on a license for us, can';t wait
[2010/02/02 09:58:06] @ Quit: gee: Ping timeout: 276 seconds
[2010/02/02 09:58:15] <jb> how much is splunk these days?
[2010/02/02 09:58:28] <joe-mac> 6g for 500 MB index per day and support
[2010/02/02 09:58:34] <jb> anually?
[2010/02/02 09:58:38] <joe-mac> yep
[2010/02/02 09:58:38] <pheezy> ouch
[2010/02/02 09:58:42] <jb> thats not too bad
[2010/02/02 09:58:48] <joe-mac> lol, not bad at all pheezy
[2010/02/02 09:58:51] <joe-mac> try ordering our product
[2010/02/02 09:59:00] <joe-mac> will cost you like 20k to get anything done
[2010/02/02 09:59:05] <joe-mac> not annually though
[2010/02/02 09:59:06] <jb> or any other commercial open source product :)
[2010/02/02 09:59:07] <joe-mac> up front
[2010/02/02 09:59:07] @ gee joined channel #puppet
[2010/02/02 09:59:18] <pheezy> :)
[2010/02/02 09:59:26] <jb> anually is typically fine for businesses.. it just becomes another yearly expense
[2010/02/02 09:59:27] <pheezy> so got your module somewhere? :)
[2010/02/02 09:59:53] <joe-mac> and the fact that i can actually know what is going on with my systems is priceless, the sysstat and syslog stuff just sin't cutting it anymore
[2010/02/02 09:59:59] <joe-mac> yea pheezy i can post it for you, brb for a second
[2010/02/02 10:00:03] <joe-mac> i gotta help a sales guy
[2010/02/02 10:01:57] @ uphillian joined channel #puppet
[2010/02/02 10:03:51] @ jmccune joined channel #puppet
[2010/02/02 10:05:12] @ kaptk2 joined channel #puppet
[2010/02/02 10:07:10] <suso> hi, just a quick question - what package provider should I use for OpenSUSE? there is no support for anything but rpm?
[2010/02/02 10:08:58] <jmccune> suso, I'm not positive, but you should be able to use yum
[2010/02/02 10:09:26] <jmccune> http://en.opensuse.org/YUM_servers
[2010/02/02 10:10:12] @ nanoz joined channel #puppet
[2010/02/02 10:13:17] @ Quit: lucky__: Remote host closed the connection
[2010/02/02 10:13:38] <suso> let me check, thanks!
[2010/02/02 10:14:21] <jmccune> you're welcome
[2010/02/02 10:16:57] <SEJeff> joe-mac, What product does your company sell?
[2010/02/02 10:18:31] @ Quit: rmiller4pi8: Quit: Leaving.
[2010/02/02 10:19:57] @ Quit: jmccune: Remote host closed the connection
[2010/02/02 10:20:05] @ jmccune joined channel #puppet
[2010/02/02 10:20:07] @ Bass10 joined channel #puppet
[2010/02/02 10:22:13] @ filler joined channel #puppet
[2010/02/02 10:23:14] @ Quit: tyll: Quit: Lost terminal
[2010/02/02 10:24:02] <joe-mac> SEJeff: NeXpose, and we just biought the rights to MetaSploit along with the MetaSploit team
[2010/02/02 10:24:31] <joe-mac> pheezy: i just realized i have a github account so once i test this i will throw it up on there
[2010/02/02 10:25:24] <ashp> Volcane: hey that post on puppet-users sounds like he wants to hear about mcollective :)
[2010/02/02 10:25:27] <pheezy> oh neat
[2010/02/02 10:27:48] @ jellis-real joined channel #puppet
[2010/02/02 10:28:50] @ cwebber joined channel #puppet
[2010/02/02 10:29:43] <SEJeff> joe-mac, ie: you bought metasploit? 20k seems awful cheap if you have any 0day stuff
[2010/02/02 10:30:10] <SEJeff> 3com's ZDI pays > $20k for really good 0day stuff
[2010/02/02 10:30:33] @ Quit: cwebber: Client Quit
[2010/02/02 10:30:59] <joe-mac> SEJeff: never heard of it, but our product is pretty cool. idk you can give it a try we recentl;y put out a community version (crippleware) but hey what dfo you expect from a proprietary software company lol
[2010/02/02 10:31:43] <joe-mac> SEJeff: i am not sure what our business dev plan consists of for metasploit, i know we now have integration in your scans, like next to a vuln it finds it will show the metasploit icon and say "exploitable" so you can like run metasploit on it all integrated
[2010/02/02 10:31:47] <SEJeff> joe-mac, Nice. ZDI is a front for 3com to buy 0day hacks from hackers. They pay in cash no questions asked a lot of the time. http://www.zerodayinitiative.com/
[2010/02/02 10:31:58] <SEJeff> Thats cool
[2010/02/02 10:32:04] <joe-mac> o no shit, maybe i should get into that line of work then lol
[2010/02/02 10:32:07] @ Quit: poison: Ping timeout: 258 seconds
[2010/02/02 10:32:40] <joe-mac> afa we don't use that service, but then again i am just a lowly operations guy, we could be doing that higher up in teh food chain and i would ahev no idea, but it seems liket hat kind of thing would trickel down
[2010/02/02 10:32:50] <joe-mac> who knows
[2010/02/02 10:33:15] <joe-mac> but yea you can download the community edition and get to scan some boxes for certain stuff
[2010/02/02 10:33:27] <joe-mac> the full featured product has lots of cool features, just expensive imo
[2010/02/02 10:33:29] @ themurph joined channel #puppet
[2010/02/02 10:33:41] <joe-mac> if my org had money it would go to splunk before any other commercial niceties
[2010/02/02 10:34:11] <joe-mac> i think our renewal is really cheap though, ast least that's what sales tells me is one of our advantages against someone like qualys, i don't rly know
[2010/02/02 10:34:13] @ Quit: tecto: Quit: tecto
[2010/02/02 10:37:37] <SEJeff> joe-mac, fwiw, you can scan up to 500G / day of logs with splunk for free or something like that
[2010/02/02 10:37:56] <jmccune> 500 Megs, not gigs.
[2010/02/02 10:38:01] <joe-mac> yea, i know, i've been working with sales. problem is, i don't think splunk is intelligent enough to do de duplication
[2010/02/02 10:38:12] <joe-mac> so like, my boxes transmit to syslog on the main syslog server
[2010/02/02 10:38:13] <nico> hum
[2010/02/02 10:38:19] <joe-mac> yet splunk collects that AND the logs on each host
[2010/02/02 10:38:26] <joe-mac> so my per day usage is like doubled i think
[2010/02/02 10:38:33] <SEJeff> nico, from Los Angeles?
[2010/02/02 10:38:33] <nico> when running mongrel does puppetmaster only listen on 127.0.0.1 and not on other IP ?
[2010/02/02 10:38:41] <nico> SEJeff: from Paris
[2010/02/02 10:38:50] <joe-mac> i am waiting on some more useful reports on index usage from the vendor, sales guy said he would send me some good ones
[2010/02/02 10:38:52] <SEJeff> Different nico then :)
[2010/02/02 10:39:09] @ labrown joined channel #puppet
[2010/02/02 10:39:13] <SEJeff> joe-mac, Yeah we do the same thing
[2010/02/02 10:39:41] <joe-mac> how mu ch data you indexing SE
[2010/02/02 10:39:44] <joe-mac> SEJeff:
[2010/02/02 10:39:54] @ baughj joined channel #puppet
[2010/02/02 10:39:56] <jmccune> nico: Yes, since mongrel doesn't handle SSL in that setup.
[2010/02/02 10:40:09] <SEJeff> Maybe a tinge over 1T / day
[2010/02/02 10:40:25] <SEJeff> but not via splunk, we wrote an inhouse splunk equivalent that ties into a lot of internal stuff
[2010/02/02 10:40:28] <nico> jmccune: I have a nginx in front
[2010/02/02 10:41:00] @ RageLink joined channel #puppet
[2010/02/02 10:41:13] <jmccune> nico: Cool. The default setup assumes your SSL termination point is on the same host as the mongrel puppetmasters
[2010/02/02 10:41:48] <jmccune> nico: If nginx is on another host, you'll need to have mongrel listen on another interface.
[2010/02/02 10:41:54] <nico> jmccune: but I'd like to have a nginx distributing queries on 2 puppetmasters
[2010/02/02 10:42:14] <jmccune> nico: That's fine, are the puppetmaster's on the same host or different hosts?
[2010/02/02 10:42:26] <nico> different
[2010/02/02 10:42:45] <nico> mongrel has ports from 18140 to 18143
[2010/02/02 10:42:57] <nico> nginx listens on 8140
[2010/02/02 10:43:05] <jmccune> nico: Then you'll need to have mongrel listen on something other than the loopback interface.
[2010/02/02 10:43:17] <nico> jmccune: that's what I want :)
[2010/02/02 10:44:08] <jmccune> nico: Just be aware of security. If the mongrel is accessible to hosts other than the reverse SSL proxy, you're exposing yourself
[2010/02/02 10:44:35] <jmccune> All an attacker would need to do to get any policy is forge some HTTP headers.
[2010/02/02 10:45:09] <nico> jmccune: it is not accessible
[2010/02/02 10:45:12] @ Quit: incommon_ike: Ping timeout: 252 seconds
[2010/02/02 10:45:24] <jmccune> nico: Cool, you're probably OK to just bind to 0.0.0.0 then.
[2010/02/02 10:45:45] <nico> jmccune: what I ask is how do I tell puppet to do so :)
[2010/02/02 10:45:49] <baughj> i have a question: i've recently done an upgrade from 0.24.8 to 0.25.4, and now puppetca is returning a message about being unable to find issuer certificate for all of my issued certificates
[2010/02/02 10:45:55] <nico> did not manage to find this in the doc
[2010/02/02 10:46:06] @ Quit: silfreed: Quit: Leaving
[2010/02/02 10:46:43] <jmccune> nico: Looking...
[2010/02/02 10:46:56] @ poison joined channel #puppet
[2010/02/02 10:46:59] @ silfreed joined channel #puppet
[2010/02/02 10:47:44] @ incommon_ike joined channel #puppet
[2010/02/02 10:48:07] <jmccune> nico: http://docs.reductivelabs.com/references/stable/configuration.html
[2010/02/02 10:48:22] @ lilmatt joined channel #puppet
[2010/02/02 10:48:26] <jmccune> nico: The bindaddress parameter is what you need.
[2010/02/02 10:48:29] <nico> thx
[2010/02/02 10:48:38] <jmccune> puppetmasterd --bindaddress=0.0.0.0 should do the trick.
[2010/02/02 10:48:40] * nico does not like the new doc
[2010/02/02 10:49:03] <jmccune> you're welcome
[2010/02/02 10:50:49] @ Quit: gebi: Ping timeout: 264 seconds
[2010/02/02 10:51:01] @ incommon_ike left channel #puppet ()
[2010/02/02 10:51:32] @ cwebber joined channel #puppet
[2010/02/02 10:56:55] <baughj> anyone have any ideas? no clue why this suddenly stopped working
[2010/02/02 10:57:59] <jmccune> baughj: certificate issues are pretty common when upgrading. At least they have been for me. Have you searched the puppet-users mailing list?
[2010/02/02 10:58:17] <ohadlevy> baughj: double check that puppet is looking for the same ssldir
[2010/02/02 10:59:14] <baughj> ohadlevy: I've configured the ssldir via puppet.conf
[2010/02/02 10:59:52] @ Quit: tim\|macbook: Quit: tim\|macbook
[2010/02/02 11:00:39] <jmccune> baughj: What's the debug output look like?
[2010/02/02 11:00:56] <baughj> one sec
[2010/02/02 11:01:35] <baughj> err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
[2010/02/02 11:02:08] <jmccune> baughj: Please paste as much as possible into pastie or some other pasteboard site.
[2010/02/02 11:02:08] <baughj> however, openssl s_client verifies correctly on the client side, and the certificates haven't changed and continue to verify on the master
[2010/02/02 11:02:41] <jmccune> baughj: Also, the debug output from the master is probably more helpful than the puppetd debug output.
[2010/02/02 11:03:54] @ Quit: erm_: Ping timeout: 252 seconds
[2010/02/02 11:04:54] @ phips is now known as phips\|away
[2010/02/02 11:05:47] <jhp> Hi everyone. How do I force a puppet client to go through a config cycle?
[2010/02/02 11:06:15] <ohadlevy> jhp: puppetrun or any other way you can trigger a command on your servers :)
[2010/02/02 11:06:27] @ tecto joined channel #puppet
[2010/02/02 11:06:51] @ allsystemsarego joined channel #puppet
[2010/02/02 11:06:53] * nico uses fabric
[2010/02/02 11:07:08] @ tyll joined channel #puppet
[2010/02/02 11:07:57] <baughj> jmccune: I don't get any useful debug output for the client in question; I should mention that the old 0.24.8 clients work fine with the new master, it's just when trying to upgrade the client to 0.25.4
[2010/02/02 11:08:09] <baughj> on the server, I don't even see an acknowledgement of its request (?!)
[2010/02/02 11:08:30] <ohadlevy> baughj: it means your client dont trust your server cerfiticate
[2010/02/02 11:08:44] <ohadlevy> baughj: the time is correct on your client?
[2010/02/02 11:08:52] <baughj> ohadlevy: indeed
[2010/02/02 11:08:59] <baughj> same time as 0.24.8 had :P
[2010/02/02 11:09:12] @ Telmo joined channel #puppet
[2010/02/02 11:09:14] <ohadlevy> baughj: did you also upgrade any ruby or ssl libs in the processes ?
[2010/02/02 11:09:39] <baughj> hmm
[2010/02/02 11:09:43] <baughj> on the master, i did it via a gem upgrade
[2010/02/02 11:09:45] <baughj> and reinstalled passenger
[2010/02/02 11:09:57] <baughj> on the client, i just built a new debian pkg, so, no
[2010/02/02 11:11:13] <jmccune> Ah
[2010/02/02 11:11:32] <jmccune> Perhaps passenger isn't sending a full certificate chain?
[2010/02/02 11:11:50] <baughj> openssl s_client -connect puppet:8140 verifies correctly from the client, so
[2010/02/02 11:12:13] <jhp> ohadlevy: Remember we talked about the problem I had with certificates in a chained environment and how to get the X509v3 Subject Alternative Name objects in the certificates and the CA's? Well, I have this all fixed, as in all CA's and certificates have the Alternative names that they need, but I still have a problem that the client is not thrusting the puppetmaster for some reason.
[2010/02/02 11:12:15] <jmccune> Try manually copying the CA certificates to the client manually.
[2010/02/02 11:13:13] @ erm_ joined channel #puppet
[2010/02/02 11:13:13] <baughj> jmccune: already done as part of the package install, localcacert is set appropriately
[2010/02/02 11:13:35] <jmccune> baughj: Ruby also verifies the DNS name... Are you sure the CN field of the certificate matches the hostname the client is connecting to?
[2010/02/02 11:13:49] <jmccune> server certificate that is.
[2010/02/02 11:14:59] <jmccune> To be more concise, ruby checks the hostname it's connecting to against the server certificate CN field.
[2010/02/02 11:15:03] <baughj> right, obviously
[2010/02/02 11:15:21] <jmccune> Well, not so obviously... =) It didn't in the past.
[2010/02/02 11:15:32] <baughj> heh, well, I say "obviously" from dealing with other things that use openssl
[2010/02/02 11:15:43] @ alfism joined channel #puppet
[2010/02/02 11:15:44] <baughj> anyways, my x509v3 alternative name is set appropriately
[2010/02/02 11:15:47] <baughj> in the master cert
[2010/02/02 11:15:50] <jmccune> openssl doesn't check the hostname against the CN by default.
[2010/02/02 11:16:05] @ Quit: PsychoSid: Quit: Leaving.
[2010/02/02 11:16:17] <ohadlevy> jhp: I promised to try and recreate mysetup in a lab sometime soon :)
[2010/02/02 11:16:29] <jmccune> baughj: On the client, please run with --debug --verbose and --trace and paste the whole thing somewhere.
[2010/02/02 11:16:55] <baughj> jmccune: I suppose I'm used to dealing with openldap, which has insanely strict checking, so I assume everything else checks it, and try to plan accordingly
[2010/02/02 11:17:05] <baughj> anyways, I'll paste that somewhere
[2010/02/02 11:17:50] <baughj> my alt name is DNS:puppet, DNS:<FQDN>, DNS:puppet.<DOMAIN>
[2010/02/02 11:18:03] <ashp> I think for the first time ever my solution might be ACLs on Linux.
[2010/02/02 11:18:24] <jmccune> baughj: Are you sure puppet deals with alt names, or just assuming?
[2010/02/02 11:18:29] <ashp> Because I'm getting tired of weirdly complicated directory structures to handle permissions. :/
[2010/02/02 11:18:50] <baughj> jmccune: Well, when I set this up originally, I was having issues with cert verification without having the x509v3 alt name in
[2010/02/02 11:19:00] <jhp> baughj: It looks like we might have the same problem somewhere.
[2010/02/02 11:19:40] <baughj> I'm more confused why the verification of certificates would change in an upgrade that neither touched openssl or ruby, since nothing is noted in the release notes about it
[2010/02/02 11:19:50] @ eshamow joined channel #puppet
[2010/02/02 11:20:04] <baughj> jmccune: http://pastebin.ca/1775766
[2010/02/02 11:20:12] <jmccune> baughj: looking...
[2010/02/02 11:20:14] <joe-mac> pheezy: i just put it up in my github account, though I haven't tested it yet and I am fairly certain there is a dependency cycle that I need to fix, will be testing in a few then I'll push the changes up to git http://github.com/joe-mac/puppet-splunk
[2010/02/02 11:20:36] @ gebi joined channel #puppet
[2010/02/02 11:21:08] <baughj> hm, odd, debug: Using cached certificate_revocation_list for ca, good until
[2010/02/02 11:21:11] <baughj> it's blank
[2010/02/02 11:22:02] <jmccune> Yeah
[2010/02/02 11:22:05] <jmccune> Just noticed that too
[2010/02/02 11:22:20] <baughj> it'd be nice if OCSP was supported :p
[2010/02/02 11:22:21] <pheezy> nice joe-mac, thanks!
[2010/02/02 11:22:49] <jmccune> Also, I don't see the client load the CA certificate anywhere.
[2010/02/02 11:22:54] <joe-mac> yea pheezy i haven't even testred yet but that's what i came up from some quick work i did the other day, hopefully it works
[2010/02/02 11:23:08] <joe-mac> i'm using cap right now to set it up across machines, would much rather use puppet
[2010/02/02 11:24:06] @ TREllis_ joined channel #puppet
[2010/02/02 11:24:09] <baughj> jmccune: I should point out, we're using a setup similar to yours (I presume you wrote http://reductivelabs.com/trac/puppet/wiki/MultipleCertificateAuthorities)
[2010/02/02 11:24:15] @ Quit: TREllis: Ping timeout: 252 seconds
[2010/02/02 11:24:28] @ TREllis_ is now known as TREllis
[2010/02/02 11:24:32] <baughj> although we aren't using multiple, we just have our own PKI, the puppet CA cert is issued via that
[2010/02/02 11:24:49] <baughj> but we do similar things with setting localcert = <ca bundle>
[2010/02/02 11:24:51] <jhp> Could someone tell me what is going wrong here ? http://pastebin.org/85478
[2010/02/02 11:24:51] <jmccune> baughj: I wrote it, yes, but never actually deployed it. It was more of an excercise for me. That was also years ago.
[2010/02/02 11:24:56] <baughj> Yeah.
[2010/02/02 11:25:03] <baughj> This was working circa 0.24.8, perfectly. :/
[2010/02/02 11:25:11] <jhp> All the Subject Alternative Names are filled etc.
[2010/02/02 11:25:33] <joe-mac> jhp: most likelt you are trying to connect to a server that is not listed in the CN on the actual server's cert
[2010/02/02 11:25:43] <jmccune> baughj: So, please try the same thing, but use --server=<fqdn>, where fqdn should exactly match whatever is in the server certificate's CN field.
[2010/02/02 11:25:45] <joe-mac> like you're connecting to puppet, but 'puppet' is not in the CN on the cert, it has the real hostname
[2010/02/02 11:26:26] <jhp> Well, the Subject has Subject: C=NL, ST=Overijssel, O=Better.be, CN=infranode01.lan.betterbe.com/emailAddress=it@betterbe.com
[2010/02/02 11:26:49] <jhp> And the X509v3 Subject Alternative Name has:
[2010/02/02 11:26:49] <baughj> jmccune: ok, I set --server appropriately, same error
[2010/02/02 11:26:56] <jhp> DNS:puppet, DNS:infranode01.lan.betterbe.com, DNS:infranode01.data.be.nl, DNS:infranode01.svc.be.nl, DNS:infranode01.nfs.be.nl, DNS:puppet.lan.betterbe.com, DNS:puppet.data.be.nl, DNS:puppet.svc.be.nl, DNS:puppet.nfs.be.nl
[2010/02/02 11:27:01] <baughj> wow
[2010/02/02 11:27:04] <baughj> that's some alt name
[2010/02/02 11:27:05] <baughj> hehe
[2010/02/02 11:27:26] <jhp> It has to work on a whole set of networks.
[2010/02/02 11:27:42] <jhp> it took some time to get this all in the CA but with that I succeeded.
[2010/02/02 11:27:48] @ Quit: suchu: Quit: ChatZilla 0.9.86 [Firefox 3.5.7/20091221164558]
[2010/02/02 11:28:32] <jmccune> baughj: I really, really thing puppetd isn't loading the CA certificates like you think. Comparing your debug output to mine, yours is missing any mention of ca.pem
[2010/02/02 11:28:39] <jmccune> s/thing/think/
[2010/02/02 11:28:45] <baughj> hrm
[2010/02/02 11:28:47] <baughj> okay
[2010/02/02 11:29:01] <jmccune> Try copying ca.pem from the master to $ssldir
[2010/02/02 11:29:33] <jhp> My problem is now that the client still doesn't trust it. And it doesn't matter what name I connect to.
[2010/02/02 11:29:35] <jmccune> So for you, /var/lib/puppet/ssl/ca.pem
[2010/02/02 11:29:50] <jhp> jmccune: for me?
[2010/02/02 11:30:01] <jmccune> jhp: No, sorry, for baughj
[2010/02/02 11:30:13] <baughj> jmccune: copied, restarted puppetd, same issue
[2010/02/02 11:30:22] <baughj> it still says it's using a cached certificate for the CA
[2010/02/02 11:31:40] <jmccune> So that caching seems to be relatively new.
[2010/02/02 11:31:45] @ Syn`work joined channel #puppet
[2010/02/02 11:31:52] <jmccune> I wonder if the developers have assumed only one certificate needs to be cached.
[2010/02/02 11:32:29] <jmccune> If the CA certificate isn't self-signed, then it wouldn't have enough information to verify things unless it cached all of the certs in the chain.
[2010/02/02 11:32:52] <baughj> right, how this used to work was setting localcacert on the client to a CA bundle
[2010/02/02 11:33:06] <jmccune> I bet there's a way to turn off caching...
[2010/02/02 11:33:25] <baughj> +ignorecache?
[2010/02/02 11:33:44] <baughj> hm, --test
[2010/02/02 11:33:52] <jmccune> --test should do it
[2010/02/02 11:34:22] <baughj> hm, even with test it still says:
[2010/02/02 11:34:22] <baughj> debug: Using cached certificate for ca, good until Wed Jul 25 20:39:15 UTC 2029
[2010/02/02 11:35:17] <jmccune> baughj: Do you have apache configured to send the entire chain? If so, you should only need the root CA certificate...
[2010/02/02 11:35:47] <jhp> If I change puppet from mongrel to webrick config on the puppetmaster with all the same certs etc, everything seems to work.
[2010/02/02 11:36:13] @ Quit: verwilst: Quit: Ex-Chat
[2010/02/02 11:37:26] <jhp> Something is wrong in my apache config I think then.
[2010/02/02 11:38:40] <eric0> hey jmccune , i was just poking at your MultipleCertificateAuthorities doc the other day.
[2010/02/02 11:38:51] <jmccune> eric0: You too? I'm sorry.
[2010/02/02 11:40:53] <baughj> jmccune: I believe apache's configured to do that, as s_client -connect shows a correct certificate chain back to the global root.
[2010/02/02 11:40:55] <jhp> Ok, ...... , was happy just a little to early. The wrong ca.pem was put on the client resulting in failure. After putting the trusted-ca-bundle.pem on the client everything is find in webrick mode.
[2010/02/02 11:41:17] <jmccune> baughj: got it... I'm guessing it's a bug with the CA caching stuff then.
[2010/02/02 11:41:20] <eric0> i updated the doc as i worked through a few things that might have changed in the intervening couple of years but still had no love -- i took a cop-out, but much easier route
[2010/02/02 11:42:15] <jmccune> eric0: Yeah, I'm actually sort of curious about trying it again. Back then, nobody really needed anything like it, but it seems that there's interest in multiple CA's now.
[2010/02/02 11:42:19] <eric0> jmccune: curious about this statement "there's an issue with the bundle of certificates used to authenticate remote connections to the puppet master server. Work is underway to sort the final issues out." is that work still underway? :)
[2010/02/02 11:42:51] <baughj> jmccune: Mostly because I think a lot of people who have existing PKI setups are starting to use puppet more
[2010/02/02 11:43:22] <jmccune> eric0: Oh man, I have no idea what issue I was even referring to. I should have been more specific.
[2010/02/02 11:43:59] <jmccune> baughj: Makes total sense. Shouldn't need to re-invent the wheel, especially one so complex as a PKI
[2010/02/02 11:44:01] <eric0> baughj: there just comes a point when you need to split out puppetmasters and the natural thing if you have experience with SSL is to make N issues that chain up to 1 root.
[2010/02/02 11:44:12] <eric0> ^issues^issuers
[2010/02/02 11:44:24] <baughj> eric0, that's basically what we have, puppet CA -> network CA -> global root
[2010/02/02 11:44:56] <jmccune> baughj: So I'm still running 0.25.1, which doesn't appear to have this CA caching stuff in it.
[2010/02/02 11:45:09] <jmccune> baughj: You may try it and see if you can at least get an SSL connection established.
[2010/02/02 11:45:14] <jhp> baughj: That is what I created as well, but it took some openssl.cnf hacking here to get it all fixed.
[2010/02/02 11:45:31] <jmccune> Then we'd have a pretty strong indicator the cache is the culprit.
[2010/02/02 11:45:43] <baughj> yeah, we handled this issue by bundling all of our stuff into a custom ca-certificates package on debian
[2010/02/02 11:45:54] <baughj> jmccune: OK, question is, how to disable the caching?
[2010/02/02 11:46:01] <baughj> i was about to go start digging
[2010/02/02 11:46:20] <baughj> my immediate concern is fixing this upgrade mess :P
[2010/02/02 11:46:45] <Volcane> \o/ client upgrade to 0.25.4 from 0.24.8 done
[2010/02/02 11:46:47] <eric0> baughj: are you talking about the line 'using cached certificate for ca' ?
[2010/02/02 11:47:05] <baughj> eric0: yes...jmccune believes it might be causing this issue
[2010/02/02 11:47:16] <baughj> basically, I had 0.24.8 working fine with custom ca chains, everything was happy
[2010/02/02 11:47:21] <rgsteele> If one wished to template a line in a config file like: "name value=var1,value=var2,value=var3", how would the configuration look? I know that you can iterate over arrays in templates, but all the examples look like they spit out one value per line, instead of multiple values per line.
[2010/02/02 11:47:30] <baughj> upgrade master to 0.25.4, old clients work fine, update clients to 0.25.4, borkage
[2010/02/02 11:47:57] @ ten8nine joined channel #puppet
[2010/02/02 11:48:11] <eric0> i am not 100% sure but i believe that just means puppet found $ssldir/certs/ca.pem on the filesystem
[2010/02/02 11:48:56] <rgsteele> Can I do something like "<% arrayname.each do \|val\| -%> name value=<%= val %> <% end -%>" ?
[2010/02/02 11:50:52] <jmccune> rgsteele: Yep, though you'll want name outside the loop
[2010/02/02 11:51:18] <rgsteele> jmccune: Ah, yeah, that was just an IRC typing mistake :)
[2010/02/02 11:51:28] <rgsteele> jmccune: Thanks, I'll give 'er a shot
[2010/02/02 11:51:54] <gepetto> ::trac:: Puppet Modules edited @ http://reductivelabs.com/trac/puppet/wiki/PuppetModules?version=44
[2010/02/02 11:52:11] <jhp> baughj: You had it working fine in 0.24.8, I'm working with that version at the moment for it is default in F10/F12. I have a little problem I just noticed. When a client connects it gets a ca.pem file, but this ca.pem is not complete. It contains only the ca.pem from the master, not the complete chain. Any idea what I can do to make sure that the whole trusted-ca-bundle.pem is send to the client ?
[2010/02/02 11:52:26] <baughj> jhp: I had to hack puppet
[2010/02/02 11:52:42] <baughj> it has a bad habit, in that version, of overwriting the file you specify in localcacert with whatever the puppet ca is from the master
[2010/02/02 11:52:50] <baughj> so i commented out those lines, and it worked. :P
[2010/02/02 11:52:56] <baughj> it doesn't seem to do that in 0.25.x though
[2010/02/02 11:53:40] <baughj> what I did then was set localcacert = bundle.pem and included bundle.pem on the system via other means (i.e. a debian package (ca-certificates) that has our certificate chains within)
[2010/02/02 11:54:12] <jmccune> eric0: That's the issue I was referring to a couple years ago! What jhp just said. Evidently the work is ongoing...
[2010/02/02 11:54:33] <baughj> jhp: it's a simple patch, if you want it
[2010/02/02 11:54:39] @ tim\|macbook joined channel #puppet
[2010/02/02 11:54:40] <jhp> So I'd betterbe upgrade to 0.25.4 then ? But then I will run into the same caching issues you have?
[2010/02/02 11:54:46] <baughj> presumably
[2010/02/02 11:54:50] <baughj> I've not gotten it working yet with 0.25.4
[2010/02/02 11:54:51] <jhp> baughj: Yeah, sounds like a fine plan.
[2010/02/02 11:55:06] @ Quit: Ramonster: Quit: leaving
[2010/02/02 11:55:29] @ jcape joined channel #puppet
[2010/02/02 11:55:37] <jmccune> baughj: depending on how thirsty I am tonight, I may try and take a crack at this tonight after work. Unfortunately, I can't really hack at it right now.
[2010/02/02 11:55:52] <jhp> But that also means that I have to get the trusted-ca-bundle.pem file on the client in an other way.
[2010/02/02 11:56:00] <baughj> jmccune: I suppose I am going to dig, like I did with 0.24
[2010/02/02 11:56:04] <baughj> jhp: right.
[2010/02/02 11:56:32] <baughj> jhp: our pxeboot environment auto-installs our ca cert chains as part of its bootstrapping of a new host
[2010/02/02 11:56:52] <baughj> i.e. we just install an extra package via the debian netinst
[2010/02/02 11:57:03] <jhp> That sounds like a fine plan.
[2010/02/02 11:57:11] @ rmiller4pi8 joined channel #puppet
[2010/02/02 11:57:21] <jhp> And this patch makes sure that the ca.pem is not send to the client?
[2010/02/02 11:57:31] <baughj> well, it is sent
[2010/02/02 11:57:32] <baughj> it's just not written
[2010/02/02 11:57:34] <baughj> to disk
[2010/02/02 11:57:39] <baughj> i just commented that out. :P
[2010/02/02 12:00:00] @ Quit: jcape: Ping timeout: 252 seconds
[2010/02/02 12:00:54] <jmccune> baughj: Interesting ... http://projects.reductivelabs.com/projects/puppet/repository/revisions/0dc2dbafe65b59bfbb3ab66e26f595260bdde356
[2010/02/02 12:01:01] <jmccune> Ugh, sorry about the long URL
[2010/02/02 12:01:10] <baughj> meh, there are worse problems in life
[2010/02/02 12:02:50] @ Quit: erm_: Ping timeout: 246 seconds
[2010/02/02 12:03:07] <baughj> jhp: http://pastebin.ca/1775830
[2010/02/02 12:03:12] <baughj> that's what i did for 0.24.8
[2010/02/02 12:03:16] <baughj> really simple :P
[2010/02/02 12:03:46] <baughj> then just specify localcacert to be your bundle, and get it on the host somehow, and it should work
[2010/02/02 12:04:57] <jhp> Great.
[2010/02/02 12:04:57] <jmccune> baughj: I'd file a bug at this point. At the very least, it should be possible to disable the cache.
[2010/02/02 12:05:11] @ crdant joined channel #puppet
[2010/02/02 12:05:13] <baughj> jmccune: I'm actually going to try blowing away the client and starting from scratch
[2010/02/02 12:05:18] <baughj> see if that works
[2010/02/02 12:05:19] <baughj> one moment
[2010/02/02 12:05:37] @ Quit: bug: Quit: bug
[2010/02/02 12:05:57] @ bug joined channel #puppet
[2010/02/02 12:06:01] @ unxfrek joined channel #puppet
[2010/02/02 12:06:06] <baughj> also, I am not sure why on the master, I get this now, from puppetca
[2010/02/02 12:06:17] <baughj> - sn-www-19.sovlmaib1.hades (unable to get issuer certificate)
[2010/02/02 12:06:25] <baughj> that is another puzzling one
[2010/02/02 12:06:52] @ Jailbait joined channel #puppet
[2010/02/02 12:07:04] <baughj> ok, on a brand new client, it is also broken
[2010/02/02 12:07:45] <\|Mike\|> define broken
[2010/02/02 12:07:45] <jmccune> And it doesn't say it's using anything cached?
[2010/02/02 12:08:03] <baughj> \|Mike\|: read backlog
[2010/02/02 12:08:10] @ crdant1 joined channel #puppet
[2010/02/02 12:08:38] @ Quit: crdant: Remote host closed the connection
[2010/02/02 12:08:42] @ crdant1 left channel #puppet ()
[2010/02/02 12:09:34] <baughj> jmccune: I get info: Caching certificate for ca
[2010/02/02 12:09:43] @ kolla joined channel #puppet
[2010/02/02 12:09:47] <baughj> hm, i wonder what it does cache, though
[2010/02/02 12:11:08] <rgsteele> jmccune: Yep, worked like a charm. Thanks again for the vote of confidence :)
[2010/02/02 12:11:42] <jmccune> rgsteele: you're welcome
[2010/02/02 12:12:10] <suso> hi. newbie language question. I have a definition that does this: $modules_dir = $webserver::modules_dir to set a variable so it can be used in templates. I should then put some kind of require/before to ensure the class 'webserver' is done first?
[2010/02/02 12:12:47] @ lucky__ joined channel #puppet
[2010/02/02 12:13:20] @ Quit: lucky__: Client Quit
[2010/02/02 12:13:32] @ Quit: pacalm: Quit: pacalm
[2010/02/02 12:13:53] <jmccune> suso: Can you paste the code? I'm not sure I understand what you're trying to accomplish.
[2010/02/02 12:14:18] <Jailbait> Hopefully this is a totally stupid question that I just can't find the answer to: I have 'node foo[01][0-9] {}' - how do I get the value of what node matched, to use inside the node block?
[2010/02/02 12:14:31] <Jailbait> is it just $node?
[2010/02/02 12:14:42] <Volcane> you can do $hostname and $fqdn
[2010/02/02 12:14:46] <Volcane> but not the actual match
[2010/02/02 12:14:50] <Volcane> it might be different
[2010/02/02 12:15:28] <jhp> Ok, I have it also working as mongrol service behind and apache balancer. Again the wrong trusted-ca-bundle.pem in apache config.
[2010/02/02 12:15:58] <suso> jmccune: http://www.pastie.org/806153
[2010/02/02 12:16:12] <Jailbait> Wow. No way to get the match? Seems... odd. (Yes. Very VERY new n00b.)
[2010/02/02 12:16:32] <Volcane> Jailbait: not afaik, i think it was discussed as a easy addition but i doubt a ticket got filed about it
[2010/02/02 12:16:37] <Volcane> Jailbait: masterzen will know for sure
[2010/02/02 12:16:42] @ Quit: tim\|macbook: Ping timeout: 240 seconds
[2010/02/02 12:18:19] <Jailbait> Does he tend to read his scroll when he comes back, or should I ask again when he pops up?
[2010/02/02 12:18:20] @ Quit: unxfrek: Quit: Leaving
[2010/02/02 12:18:56] <jmccune> suso: it's not that webserver need to be realized before instance_config, it just needs to be imported
[2010/02/02 12:19:02] <jmccune> (I think)
[2010/02/02 12:19:28] <suso> see, the language tutorial says: "Variable qualification is dependent on the evaluation order of your classes. Class myclass must be evaluated before class anotherclass for variables to be set correctly."
[2010/02/02 12:19:30] @ Quit: gebi: Ping timeout: 240 seconds
[2010/02/02 12:19:49] <jmccune> evaluated is different than realized.
[2010/02/02 12:20:04] <suso> hmm.
[2010/02/02 12:20:19] <suso> so, including it would work? Just like "pasting" the code into the node, right?
[2010/02/02 12:20:21] <jmccune> before / require specify the order of things when they're realized on the client
[2010/02/02 12:20:49] <jmccune> evaludated more or less means parsed (by the master). I think.
[2010/02/02 12:20:57] <suso> ohhh.
[2010/02/02 12:21:09] <suso> ok, I kind of see.
[2010/02/02 12:21:22] <jmccune> Well, remember "include" is not like C's #include. include adds the class to the node. I think you want "import"
[2010/02/02 12:21:39] <jmccune> I confuse the two all the time. still.
[2010/02/02 12:22:29] <jmccune> import says "evaluate this file..." which will give you the variables you're looking for.
[2010/02/02 12:23:11] <joe-mac> hey guys what is this new puppet_testsuite package in the debian stuff?
[2010/02/02 12:23:12] <Volcane> import loads the file from the disk into memory - does not "apply" it or evaluate it onto a node
[2010/02/02 12:23:13] <joe-mac> never noticed it
[2010/02/02 12:23:14] @ tuf_ joined channel #puppet
[2010/02/02 12:23:26] <Volcane> include applies it, aka evaluates it so the resources in the class makes it to the node
[2010/02/02 12:23:28] @ murkk joined channel #puppet
[2010/02/02 12:23:35] <Volcane> to access variables/resources in it, you must include it
[2010/02/02 12:23:55] <joe-mac> include is sort of like compilation if you ask me
[2010/02/02 12:23:56] <jmccune> suso: you should listen to Volcane and not me.
[2010/02/02 12:24:00] <joe-mac> import is more like just reading it
[2010/02/02 12:24:22] <Volcane> yeh it just finds it on disk and reads it in - ready for use by include, importing doesnt have any result on any nodes
[2010/02/02 12:24:22] <joe-mac> idk everyone's got their own way of maintaining the difference in their head heh
[2010/02/02 12:24:25] <suso> Volcane: so in this case, I include the class, that means that when I execute the definition it will see the vars on the class?
[2010/02/02 12:24:48] <Volcane> suso: didnt look at your sample but yes, to see vars ina class you must include it - and its probably order dependant too
[2010/02/02 12:26:06] @ jcape joined channel #puppet
[2010/02/02 12:26:07] <suso> I'm a bit confused (doesnt show, ah? :-P), between the evaluation and realization part, I think. I found about the "random" order of realization when I saw some manifests not working some times, and want to avoid this.
[2010/02/02 12:26:16] <suso> But evaluate the vars is another separate thing,then?
[2010/02/02 12:26:40] <Volcane> yeah there's two things
[2010/02/02 12:26:55] <Volcane> it goes through all the code, notices all your variables, classes, resources etc
[2010/02/02 12:27:04] <Volcane> compiles it into a manifest and sends it on to the clients
[2010/02/02 12:27:15] <Volcane> accessing variables happens in the first pass
[2010/02/02 12:27:35] <Volcane> and that is order dependant, so include foo then later you can use $foo::var to get to a variable
[2010/02/02 12:28:08] <Volcane> in the 2nd phase the client just goes through all the resources - the result of the compile - and realizes them onto the node, this is where resources happen in a seemingly random order
[2010/02/02 12:28:22] @ Quit: Guest87958: Remote host closed the connection
[2010/02/02 12:28:23] <Volcane> and you influence the order iwth require =>, before, subscribe etc properties on resources
[2010/02/02 12:28:24] <suso> ok, then I only have to worry about require/before when thinking about the application of the resources, like "manage the dir before the file"
[2010/02/02 12:28:29] <Volcane> where resources are like file{...}
[2010/02/02 12:28:38] <jhp> baughj: Thanks for the help. I have it all working now.
[2010/02/02 12:28:51] <jhp> I can start creating modules etc.
[2010/02/02 12:28:59] <baughj> jhp: great, now find out what's wrong with 0.25.4. :P
[2010/02/02 12:29:16] <Volcane> suso: yes, there's a few auto require magics happening too - like file{"/one": } and file{"/one/two": } will have a automagic require between File["/one/two"] and File["/one"]
[2010/02/02 12:29:26] <Volcane> suso: in that case you dont need to state it
[2010/02/02 12:29:28] <jhp> You never know
[2010/02/02 12:29:40] <suso> hmmm good to know, cause I'm going crazy with a ton of requires :-P
[2010/02/02 12:30:15] <Volcane> there's a lot of autorequires happening, if you say owner => foo and there's a user{"foo": } it will auto require
[2010/02/02 12:32:48] @ erm_ joined channel #puppet
[2010/02/02 12:32:48] @ Quit: erm_: Changing host
[2010/02/02 12:32:49] @ erm_ joined channel #puppet
[2010/02/02 12:32:54] @ toi joined channel #puppet
[2010/02/02 12:33:38] <joe-mac> guys if i install somek ind of pson library on my nodes or master will puppet stop teh pson logspam?
[2010/02/02 12:33:43] <joe-mac> i am getting so annoyed by it
[2010/02/02 12:33:54] <Volcane> suso: but probably if you're finding that you're writing LOTS of requires, you're doing it wrong
[2010/02/02 12:34:09] <Volcane> suso: read http://www.devco.net/archives/2009/09/28/simple_puppet_module_structure.php
[2010/02/02 12:34:57] <suso> Oh, I did, I'm using that, but I was worried about the orders inside the same class
[2010/02/02 12:35:16] <Volcane> k
[2010/02/02 12:36:19] @ Quit: jaredrhine: Ping timeout: 258 seconds
[2010/02/02 12:36:36] @ wagner joined channel #puppet
[2010/02/02 12:38:28] <jbeez> jwags
[2010/02/02 12:38:29] <jbeez> whatup
[2010/02/02 12:38:42] <wagner> ahoy
[2010/02/02 12:40:36] @ finalprefix joined channel #puppet
[2010/02/02 12:41:18] @ finalprefix left channel #puppet ()
[2010/02/02 12:41:37] <wagner> I'm reading in a file using a custom function, and puppet is complaining that file doesn't exist. The class which is reading in the file is getting executed BEFORE the file is pulled from svn which is a problem
[2010/02/02 12:41:41] @ finalprefix joined channel #puppet
[2010/02/02 12:42:04] <wagner> even though i have a dependency that requires the file exists before attempting to read it
[2010/02/02 12:43:39] <wagner> do functions get executed regardless of order?
[2010/02/02 12:44:34] @ Quit: erm_: Ping timeout: 248 seconds
[2010/02/02 12:45:15] <joe-mac> heh, found a novel use for puppet ssl certs- splunk
[2010/02/02 12:45:22] <joe-mac> i point my config at where teh puppet ssl cert is
[2010/02/02 12:45:25] <joe-mac> hopefully this works fine
[2010/02/02 12:45:39] <joe-mac> then i have auth and encryption without having to maintain a separate set of certs
[2010/02/02 12:45:52] * suso writing a multi OS apache webserver module is becoming insane
[2010/02/02 12:47:35] <joe-mac> lol suso, yea i wouldn't try so hard at that
[2010/02/02 12:48:01] <joe-mac> unless you like apache::solaris::vhost and apache::debian::packages etc
[2010/02/02 12:48:16] <joe-mac> using case and selectors would probably be a mess, so i think namespaces might make it cleaner
[2010/02/02 12:48:24] <joe-mac> idk, i wouldn't take on such an insurmountable task haha
[2010/02/02 12:49:42] <joe-mac> hey RL, anybody here? when can we expect the PSON logspam to DIAF?
[2010/02/02 12:50:11] <joe-mac> if i need some extra pson package i'd rather install it than constanmtly see this warning
[2010/02/02 12:52:13] @ Quit: alban2: Ping timeout: 260 seconds
[2010/02/02 12:52:51] <suso> I'm trying to learn Puppet as a kind of ... "enterprise scholarship deal". I'm unsure about what to actually do, mind you. Testing several operating systems on virtual boxes sounds like something worthwhile.
[2010/02/02 12:53:20] <duritong> wagner: functions are executed on the server
[2010/02/02 12:53:23] @ incommon_ike joined channel #puppet
[2010/02/02 12:54:00] <joe-mac> what is an enterprise scholarship deal?
[2010/02/02 12:54:01] <wagner> duritong: would the function get executed before another class which has a dependency on it runs first?
[2010/02/02 12:54:32] <suso> my employers "free" me 3 months from my actual job to do this.
[2010/02/02 12:54:44] <joe-mac> lol, what is your actual job?>
[2010/02/02 12:54:53] <suso> ... good question :-P
[2010/02/02 12:55:01] <joe-mac> 3 months for a puppet roll out is a decent amount of time, if you have a lot of servers
[2010/02/02 12:56:10] <suso> nah, I'm doing it on a bunch of virtual boxes in a home server, just trying to understand the language and the way to use puppet, not looking to implement it on our servers right now.
[2010/02/02 12:56:52] <suso> (mainly cause the servers we currently manage are for an account that we lost and are about to transition :-/)
[2010/02/02 12:57:07] <duritong> wagner: what do you mean with runs?
[2010/02/02 12:57:20] <duritong> wagner: can you elaborate what you try to achieve
[2010/02/02 12:57:35] @ me` joined channel #puppet
[2010/02/02 12:57:43] <wagner> im checking out a file from svn and parsing it, but i cant parse it before its checked out
[2010/02/02 12:57:57] <wagner> the problem is, its trying to parse it before the file is checked out
[2010/02/02 12:58:20] <wagner> even though im using 'before' statements to show a dependency
[2010/02/02 12:59:04] <duritong> you try to parse the file in the function, but the checkout is defined in the catalog?
[2010/02/02 12:59:27] <wagner> right now, everything is running on the master
[2010/02/02 12:59:59] <duritong> that doesn't change anything
[2010/02/02 13:00:00] <joe-mac> parsing svn files should be done at the pre hook so you never have to worry about parsing it after tyou check it out...
[2010/02/02 13:00:09] @ Quit: themurph: Quit: themurph
[2010/02/02 13:00:12] <duritong> functions are evaluated at compile time, while the catalog gets applied later
[2010/02/02 13:01:05] @ themurph joined channel #puppet
[2010/02/02 13:01:19] @ gebi joined channel #puppet
[2010/02/02 13:01:46] <wagner> duritong: by "pre hook", do you mean a hook in svn?
[2010/02/02 13:01:53] <wagner> err joe-mac*
[2010/02/02 13:02:00] <duritong> wagner: http://reductivelabs.com/images/Puppet_Parsing_Architecture_0.25.x.png
[2010/02/02 13:02:03] @ Quit: 5EXAAAWHJ: Ping timeout: 276 seconds
[2010/02/02 13:02:06] <joe-mac> wagner: yes
[2010/02/02 13:02:25] <joe-mac> if you're checeking something out of svn, it should have been grammar checked on the way in
[2010/02/02 13:02:41] @ Quit: mqr: Ping timeout: 246 seconds
[2010/02/02 13:03:37] <wagner> grammar checked?
[2010/02/02 13:04:15] <wagner> the problem is, i need to checkout the file from svn multiple times, but it may only be checked in once in a while
[2010/02/02 13:05:13] @ Quit: vinci: Ping timeout: 264 seconds
[2010/02/02 13:05:20] <wagner> and id rather not have any svn hooks at this point, im trying to do everything in the manifest
[2010/02/02 13:05:35] @ Quit: TREllis: Quit: --->train
[2010/02/02 13:05:50] @ shenson joined channel #puppet
[2010/02/02 13:06:01] <duritong> wagner: then you can't use the content in the manifests
[2010/02/02 13:06:36] @ vinci joined channel #puppet
[2010/02/02 13:07:31] @ bobbyz joined channel #puppet
[2010/02/02 13:08:57] @ Quit: finalprefix: Quit: This computer has gone to sleep
[2010/02/02 13:10:50] @ Claviceps joined channel #puppet
[2010/02/02 13:12:56] <wagner> so my only option here is to have an svn hook that parses the file after checkout?
[2010/02/02 13:13:05] <wagner> err checkin?
[2010/02/02 13:13:34] @ autowidget joined channel #puppet
[2010/02/02 13:17:05] @ docelic joined channel #puppet
[2010/02/02 13:17:06] @ lak joined channel #puppet
[2010/02/02 13:20:11] @ ezmobius joined channel #puppet
[2010/02/02 13:24:18] <odyi> Anyone have a strategy for randomizing client check in times so my puppetmaster doesn't get hit with 50+ requests all at once?
[2010/02/02 13:24:29] <Claviceps> Mr Hudson ft Kanye West - Supernova lyrics
[2010/02/02 13:25:48] <Claviceps> www.norml.org -- "this is normal... this is normal..." SCHOOL - EDUCATION
[2010/02/02 13:25:50] <shenson> odyi, I believe there is a splay time in there
[2010/02/02 13:27:14] <shenson> odyi, check the splay and splaylimit in the puppet.conf file (or its man page)
[2010/02/02 13:27:48] <Claviceps> Bob Marley I Shot The Sheriff
[2010/02/02 13:28:53] @ Quit: giskard: Remote host closed the connection
[2010/02/02 13:29:48] <odyi> shenson: Thank you. I did not know of this config option. That will be perfect.
[2010/02/02 13:30:57] @ Quit: filler: Quit: Changing server
[2010/02/02 13:31:07] <duritong> odyi: the only odd things that puppet already loas itself into memory, having a splay in pure bash might be "nicer"
[2010/02/02 13:32:14] @ incommon_ike_ joined channel #puppet
[2010/02/02 13:32:26] @ filler joined channel #puppet
[2010/02/02 13:32:45] <Claviceps> Guns N' Roses - Knockin' on Heaven's Door (Argentina, 1992)
[2010/02/02 13:32:58] <eric0> Claviceps: turn that script off, now. pretty please.
[2010/02/02 13:33:22] @ Quit: incommon_ike: Ping timeout: 240 seconds
[2010/02/02 13:33:22] @ incommon_ike_ is now known as incommon_ike
[2010/02/02 13:33:30] @ Quit: suso: Remote host closed the connection
[2010/02/02 13:33:38] @ Quit: filler: Client Quit
[2010/02/02 13:33:42] @ filler joined channel #puppet
[2010/02/02 13:34:36] @ hy is now known as _hy
[2010/02/02 13:34:50] <Claviceps> http://www.youtube.com/
[2010/02/02 13:35:08] @ jaredrhine joined channel #puppet
[2010/02/02 13:35:53] @ erm_ joined channel #puppet
[2010/02/02 13:37:55] @ _hy is now known as hy
[2010/02/02 13:40:11] @ webx joined channel #puppet
[2010/02/02 13:40:27] <lak> Claviceps: how are those comments related to puppet?
[2010/02/02 13:46:16] <Disconnect> lol. that'd be a funny trojan - log into random irc channels and spit out your browsing history.
[2010/02/02 13:48:21] @ mqr joined channel #puppet
[2010/02/02 13:54:25] @ Quit: mqr: Read error: Connection reset by peer
[2010/02/02 13:54:51] @ mqr joined channel #puppet
[2010/02/02 13:55:40] @ giskard joined channel #puppet
[2010/02/02 13:58:10] @ Quit: ten8nine: Quit: ten8nine
[2010/02/02 13:59:38] @ Quit: gebi: Ping timeout: 256 seconds
[2010/02/02 14:00:05] @ ten8nine joined channel #puppet
[2010/02/02 14:00:17] @ ambroff joined channel #puppet
[2010/02/02 14:00:29] <Claviceps> Katy Perry - Hot N Cold
[2010/02/02 14:00:31] <Claviceps> Katy Perry - Hot N Cold
[2010/02/02 14:00:37] <ohlolohlol> omg
[2010/02/02 14:00:56] @ Quit: poison: Remote host closed the connection
[2010/02/02 14:01:47] @ Quit: lak: Quit: lak
[2010/02/02 14:03:11] <jmccune> Nothing like driving a developer out of the room...
[2010/02/02 14:05:27] <Claviceps> Kanye West - Good Life ft. T-Pain
[2010/02/02 14:06:40] <tmz> Volcane, jamesturnbull: Don't suppose either of you could make Claviceps quieter here? ;)
[2010/02/02 14:07:01] <jrojas> we could just make more noise so we dont notice him
[2010/02/02 14:07:33] <Disconnect> or just go to #freenode and ask for a kick
[2010/02/02 14:08:13] @ nigelk joined channel #puppet
[2010/02/02 14:08:35] @ finalprefix joined channel #puppet
[2010/02/02 14:10:18] <Claviceps> Black Eyed Peas - I Gotta Feeling [HQ]
[2010/02/02 14:11:06] <mpdehaan> Yeah somebody gimme ops
[2010/02/02 14:11:18] <shenson> no, not him, don't give him ops!!!
[2010/02/02 14:11:25] @ mqr_ joined channel #puppet
[2010/02/02 14:11:43] @ Quit: mqr: Read error: Connection reset by peer
[2010/02/02 14:12:26] <Claviceps> yes... I could always make a marketing campaign
[2010/02/02 14:12:27] <Claviceps> yes... I could always make a marketing campaign
[2010/02/02 14:13:13] @ chris231989_ joined channel #puppet
[2010/02/02 14:13:19] @ chris231989_ left channel #puppet ()
[2010/02/02 14:13:48] @ Quit: Bass10: Read error: Connection reset by peer
[2010/02/02 14:14:02] <Claviceps> Soulja Boy Tell`em - Kiss Me Thru The Phone ft. Sammie
[2010/02/02 14:14:03] <Claviceps> Soulja Boy Tell`em - Kiss Me Thru The Phone ft. Sammie
[2010/02/02 14:14:11] @ Bass10 joined channel #puppet
[2010/02/02 14:14:12] <jrojas> yeah....
[2010/02/02 14:14:17] <SEJeff> Claviceps, stop spamming
[2010/02/02 14:14:26] <jrojas> SEJeff: hes a bot. of sorts.
[2010/02/02 14:14:32] * Claviceps turns his music script off
[2010/02/02 14:14:37] <mpdehaan> thanks
[2010/02/02 14:14:39] <jrojas> ha
[2010/02/02 14:14:43] @ mvn071 joined channel #puppet
[2010/02/02 14:14:46] <SEJeff> A self aware one?
[2010/02/02 14:14:49] <jrojas> apparently
[2010/02/02 14:14:51] <SEJeff> why doesn't someone kill it
[2010/02/02 14:14:55] * shenson was enjoying the play list
[2010/02/02 14:15:21] <jmccune> gepetto can't promote someone to ops can then?
[2010/02/02 14:15:30] <mpdehaan> ChanServ can, but...
[2010/02/02 14:15:30] <jmccune> can it rather
[2010/02/02 14:15:38] <mpdehaan> only those who have freenode ops
[2010/02/02 14:15:50] <Claviceps> Hannah Montana Miley musik video - The Climb
[2010/02/02 14:15:51] <mpdehaan> looking into that :)
[2010/02/02 14:16:01] <eric0> lak jamesturnbull and volcane have chanops and can make more ops
[2010/02/02 14:17:11] <mpdehaan> yeah for James it is 6:17AM right now :)
[2010/02/02 14:17:19] @ Quit: benlovell: Quit: benlovell
[2010/02/02 14:18:36] @ KamusHadenes joined channel #puppet
[2010/02/02 14:18:51] @ Quit: cynicismic: Quit: "> /dev/null"
[2010/02/02 14:19:03] <jmccune> I don't have permission with gepetto to promote myself
[2010/02/02 14:19:46] @ mquin joined channel #puppet
[2010/02/02 14:20:16] <SEJeff> Is lak gone for now?
[2010/02/02 14:20:27] <jmccune> left about 20 minutes ago
[2010/02/02 14:20:29] <SEJeff> He is the channel founder according to /msg chanserv info #puppet
[2010/02/02 14:20:31] @ Cuchulain joined channel #puppet
[2010/02/02 14:24:39] @ Quit: mqr_: Ping timeout: 252 seconds
[2010/02/02 14:26:07] @ clen joined channel #puppet
[2010/02/02 14:26:56] @ Quit: giskard: Remote host closed the connection
[2010/02/02 14:27:12] @ Quit: finalprefix: Ping timeout: 276 seconds
[2010/02/02 14:27:40] @ Mode +o Volcane by ChanServ
[2010/02/02 14:28:08] <Volcane> Claviceps: please stop annoying others.
[2010/02/02 14:28:27] @ Quit: siezer_: Remote host closed the connection
[2010/02/02 14:30:59] @ Quit: mvn071: Quit: Leaving
[2010/02/02 14:31:19] @ mqr joined channel #puppet
[2010/02/02 14:33:11] <jmccune> Volcane: Please /mode #puppet +b Claviceps!gambino@c-67-183-243-199.hsd1.wa.comcast.net]
[2010/02/02 14:33:17] @ jes5 joined channel #puppet
[2010/02/02 14:33:43] <Volcane> well he/it claims the music annoyance is turned off
[2010/02/02 14:33:47] <Volcane> if he does it again, sure
[2010/02/02 14:33:51] <jmccune> Ah
[2010/02/02 14:33:58] <jmccune> Fair enough
[2010/02/02 14:34:50] @ Quit: bug: Quit: bug
[2010/02/02 14:34:53] @ jes5 left channel #puppet ()
[2010/02/02 14:34:56] @ darko434 joined channel #puppet
[2010/02/02 14:36:08] @ giskard joined channel #puppet
[2010/02/02 14:36:16] <tuf_> Anyone here familiar with cobbler_web?
[2010/02/02 14:36:23] <tuf_> Seems the cobbler channel is flooded out
[2010/02/02 14:36:56] @ jcape left channel #puppet ()
[2010/02/02 14:37:22] @ jcape joined channel #puppet
[2010/02/02 14:44:38] @ jaredrhine left channel #puppet ()
[2010/02/02 14:44:52] @ ahasenack joined channel #puppet
[2010/02/02 14:45:11] <ahasenack> can I require a package greater-than a certain version? Or just a specific version?
[2010/02/02 14:45:36] @ Quit: mqr: Ping timeout: 246 seconds
[2010/02/02 14:46:08] <baughj> jmccune: so, I've done some digging
[2010/02/02 14:46:36] <jmccune> baughj: Cool
[2010/02/02 14:46:39] <baughj> specifically
[2010/02/02 14:46:50] <baughj> cert_setup in network/http_pool.rb
[2010/02/02 14:47:32] <baughj> if i add http.ca_path = <path to ca certs> and comment out the usage of cert_store and ca_file, everything works
[2010/02/02 14:47:45] @ jes5 joined channel #puppet
[2010/02/02 14:48:27] <baughj> i tried hardcoding ca_file to a PEM bundle, didn't work, neither did changing the ssl_store (ssl/host.rb) to add the certificates to itself on init
[2010/02/02 14:48:46] <baughj> so something strange is going on with ruby's openssl or puppet
[2010/02/02 14:49:55] <baughj> but i can't get anything but ca_path = <OpenSSL hashed directory of certs> to work for multiple certificates any longer
[2010/02/02 14:50:05] <baughj> i wonder if something in the chain is not liking the fact that the PEM is a bundle instead of a singular cert
[2010/02/02 14:50:17] <eric0> maybe related to http://projects.reductivelabs.com/issues/3120 ? i am not happy with my writeup on there but it sure seems related
[2010/02/02 14:50:58] <baughj> anyways, i fixed with a simple patch - add new variable in defaults.rb called capath, then set http.ca_path = Puppet[:capath] in that function
[2010/02/02 14:51:02] <baughj> ymmv though
[2010/02/02 14:51:39] <baughj> i don't know enough about ruby or ruby's openssl to spend time looking at it further at the moment
[2010/02/02 14:52:20] @ bug joined channel #puppet
[2010/02/02 14:52:55] <jmccune> baughj: I've also found certs have to be in-order in the bundle
[2010/02/02 14:53:00] <jmccune> If you know what I mean
[2010/02/02 14:53:04] <baughj> i do
[2010/02/02 14:53:06] <baughj> mine are in order
[2010/02/02 14:53:09] <jmccune> But yeah
[2010/02/02 14:53:13] @ jaredrhine joined channel #puppet
[2010/02/02 14:53:14] <baughj> i.e. global root -> network root -> puppet CA
[2010/02/02 14:53:14] <jmccune> I hear you
[2010/02/02 14:53:25] <jmccune> Other way around I thought
[2010/02/02 14:53:34] <baughj> this at least allows me to move forward
[2010/02/02 14:53:36] <jmccune> root cert should be "last"
[2010/02/02 14:53:42] <baughj> oh, really? hmm
[2010/02/02 14:53:42] <jmccune> shouldn't it?
[2010/02/02 14:53:46] <baughj> if it's that simple i'll shoot myself
[2010/02/02 14:53:56] <jmccune> Well, I'm just thinking about a naive checking method...
[2010/02/02 14:54:15] <baughj> well, what ends up happening is that it just calls the openssl methods directly
[2010/02/02 14:54:22] <baughj> and those are supposed to be smart enough to DTRT given a bundle
[2010/02/02 14:54:25] <jmccune> "Do I have this cert? Yes, but it's signed by someone I don't know... Do I have that cert? (without resetting the file pointer)... etc..."
[2010/02/02 14:54:33] <baughj> let me try reversing it
[2010/02/02 14:54:35] <baughj> one moment
[2010/02/02 14:55:25] <eric0> pretty sure i tried it both ways
[2010/02/02 14:55:49] @ Quit: jcape: Remote host closed the connection
[2010/02/02 14:55:52] <jmccune> I'm not very confident I'm right, I just remember it being an issue.
[2010/02/02 14:56:08] <ahasenack> can I "require => Package["foo"]" outside a case statement if that package was declared inside a case statement?
[2010/02/02 14:56:11] @ jcape joined channel #puppet
[2010/02/02 14:56:33] <jmccune> And I also remember the Ruby ssl stuff not operating as I expected... I believe the entire bundle is read into memory and the openssl library is given a certificate store rather than a file.
[2010/02/02 14:56:53] <baughj> indeed
[2010/02/02 14:56:56] <baughj> well, it seems it gets both
[2010/02/02 14:57:07] <baughj> because it sets a cert store AND sets ca_file = Puppet[:localcacert]
[2010/02/02 14:57:12] <jmccune> ahasenack: yes
[2010/02/02 14:57:31] <ahasenack> jmccune: thanks
[2010/02/02 14:57:33] <jmccune> ahasenack: Just understand that you may be requiring something that's not present
[2010/02/02 14:57:45] <ahasenack> jmccune: right, so I could get a run-time error
[2010/02/02 14:57:45] <jmccune> Depending on the outcome of the case selection.
[2010/02/02 14:58:01] <ahasenack> ok
[2010/02/02 14:58:05] <baughj> jmccune: I tried a number of combinations, does not work.
[2010/02/02 14:58:07] <jmccune> ahasenack: Right, but syntax wise you're fine.
[2010/02/02 14:58:08] <baughj> no matter the order
[2010/02/02 14:58:14] <jmccune> Darn
[2010/02/02 14:58:31] <baughj> there's something else going on here, though
[2010/02/02 14:58:31] <jmccune> I'm really curious now...
[2010/02/02 14:58:39] <baughj> i find ruby's openssl to be weird
[2010/02/02 14:58:55] <jmccune> Yeah, I mean way back when I originally played with this stuff I ended up directly hacking around with ruby's SSL
[2010/02/02 14:58:56] <baughj> i also notice that webrick deals with this, I think I said, by having extra_chain_cert
[2010/02/02 14:58:59] <jmccune> Completely outside of puppet
[2010/02/02 14:59:06] <jmccune> Just to figure out what the heck was happening.
[2010/02/02 14:59:12] <baughj> but net/https.rb doesn't expose that
[2010/02/02 14:59:18] <baughj> webrick sets it as part of the SSL context directly
[2010/02/02 14:59:25] <jmccune> Ah
[2010/02/02 14:59:33] <baughj> but extra_chain_cert is kind of what you want here
[2010/02/02 14:59:43] <baughj> ca_cert = <your cert> and the extra is the chain to get from point A to B
[2010/02/02 14:59:52] <baughj> (imo)
[2010/02/02 15:00:05] <baughj> but ca_path wfm, so i'll be moving forward with that for now
[2010/02/02 15:00:11] @ Quit: RageLink: Quit: up up and away
[2010/02/02 15:00:22] <nico> #1683
[2010/02/02 15:00:23] <gepetto> nico: #1683 is http://projects.reductivelabs.com/issues/show/1683 "Puppet - Bug #1683: Settings should not replace current values until new values are available - ReductiveLabs.com"
[2010/02/02 15:03:06] @ Quit: jcape: Ping timeout: 256 seconds
[2010/02/02 15:05:54] @ Quit: flakrat: Quit: Leaving
[2010/02/02 15:09:57] <baughj> jmccune: if you are interested, here's a patch: http://pastebin.ca/1776149
[2010/02/02 15:10:04] <baughj> that got me working with multiple ca's for 0.25.4
[2010/02/02 15:11:19] <jmccune> baughj: Thanks
[2010/02/02 15:11:28] <jmccune> baughj: Do you happen to have a public git repo?
[2010/02/02 15:11:37] <jmccune> We could probably hack on this together.
[2010/02/02 15:12:37] <baughj> hmm
[2010/02/02 15:12:41] <baughj> that is from my work repo, which is internal
[2010/02/02 15:12:51] <baughj> although I could just start a repo somewhere, or I am happy to push/pull as needed to where ever
[2010/02/02 15:13:33] <jmccune> I've got github myself, though I haven't hacked on puppet publicly in ages. I'll get myself up to date after 5pm ET
[2010/02/02 15:17:04] @ flakrat joined channel #puppet
[2010/02/02 15:17:37] @ Quit: baughj: Quit: leaving
[2010/02/02 15:19:44] @ jcape joined channel #puppet
[2010/02/02 15:22:45] @ thuglife joined channel #puppet
[2010/02/02 15:22:47] <thuglife> Hi
[2010/02/02 15:23:06] <thuglife> Is it possible to connect to puppetmasterd which is listening on multiple external IP addreses?
[2010/02/02 15:23:18] <thuglife> because it works on one network and on the other one i get certificate errors
[2010/02/02 15:23:31] <thuglife> err: /File[/var/puppet/lib]: Failed to generate additional resources using 'eval_generate': certificate verify failed
[2010/02/02 15:25:39] <jrojas> thuglife: sounds like a dns issue
[2010/02/02 15:25:48] <thuglife> do i have to run mutiple puppetmasters?
[2010/02/02 15:26:01] <thuglife> dns points to the correct IP addresses
[2010/02/02 15:26:09] <jrojas> well the certificates are DNS based
[2010/02/02 15:26:17] <thuglife> puppetmaster.humppa.hu points to 192.168.2.1 from one network
[2010/02/02 15:26:22] <thuglife> and to 192.168.1.1 from thje oether
[2010/02/02 15:26:47] <jrojas> does the same DNS name resolve to all the IP addresses?
[2010/02/02 15:27:27] <Claviceps> Katy Perry - Hot N Cold
[2010/02/02 15:27:28] @ m3t3or joined channel #puppet
[2010/02/02 15:27:35] <thuglife> jrojas: yes
[2010/02/02 15:27:42] <jrojas> hmm interesting
[2010/02/02 15:27:46] <m3t3or> hello,
[2010/02/02 15:28:10] <jrojas> Claviceps: how many time are you going to listen to that song?
[2010/02/02 15:28:41] <Disconnect> Volcane: pingpong
[2010/02/02 15:28:42] <thuglife> jrojas: puppetmater gets the certificate requests, signs it
[2010/02/02 15:28:45] <jmccune> Volcane: How about now?
[2010/02/02 15:28:51] <thuglife> then the client freaks out
[2010/02/02 15:28:58] <thuglife> err: Could not retrieve catalog from remote server: certificate verify failed
[2010/02/02 15:29:38] <jmccune> thuglife: The IP doesn't much matter. Are you using the same CA certificate and key?
[2010/02/02 15:29:42] @ euclid joined channel #puppet
[2010/02/02 15:29:59] <thuglife> jmccune: yes
[2010/02/02 15:30:06] @ nigelk_ joined channel #puppet
[2010/02/02 15:30:10] <thuglife> i mean i guess so, i use autosign
[2010/02/02 15:30:27] @ Quit: nigelk: Read error: Connection reset by peer
[2010/02/02 15:30:27] @ nigelk_ is now known as nigelk
[2010/02/02 15:30:30] <thuglife> and if i clean all the certs on the server + client i end up having the same issue
[2010/02/02 15:31:29] <m3t3or> on debian, which kind of packages will be installed by puppet? .deb or other?
[2010/02/02 15:32:53] @ poison joined channel #puppet
[2010/02/02 15:33:26] <jmccune> thuglife: sorry I can't be of more help at the moment
[2010/02/02 15:33:46] <jmccune> m3t3or: Puppet will automatically figure out that you have apt and dpkg
[2010/02/02 15:34:06] <thuglife> jmccune: no problem, thanks anyways
[2010/02/02 15:34:44] <m3t3or> jmccune: and then puppet will be load the binary package and install it with dpkg?
[2010/02/02 15:35:16] <jmccune> m3t3or: package { "openssh-server": ensure => present; } will result in puppet executing apt-get install openssh-server
[2010/02/02 15:35:31] <jmccune> m3t3or: You probably want to read up on the package providers and how they work
[2010/02/02 15:35:53] <m3t3or> jmccune: thank you
[2010/02/02 15:38:30] <Volcane> thuglife: u can use different ips but u should access it with the same name
[2010/02/02 15:38:45] <Volcane> thuglife: unless you do special stuff when u first generate the cert
[2010/02/02 15:46:36] @ Quit: jcape: Ping timeout: 252 seconds
[2010/02/02 15:47:10] @ Quit: ahasenack: Quit: Leaving
[2010/02/02 15:48:10] @ Quit: bitmonk: Read error: Connection reset by peer
[2010/02/02 15:49:35] @ edwrk joined channel #puppet
[2010/02/02 15:49:47] @ fsweetser joined channel #puppet
[2010/02/02 15:51:00] <thuglife> Volcane: i am accessing it with the same name
[2010/02/02 15:51:09] <thuglife> what do you mean by me generating the cert first?
[2010/02/02 15:54:25] @ lak joined channel #puppet
[2010/02/02 15:54:32] @ Quit: edwrk: Quit: leaving
[2010/02/02 15:54:32] <thuglife> there are two ethernet interfaces on the puppet master
[2010/02/02 15:54:39] <thuglife> each connected to a different subnet of a network
[2010/02/02 15:54:57] <thuglife> and the master does autosigning
[2010/02/02 15:55:39] <jmccune> thuglife: Given two clients on each of these network, what is the full name they use to connect to the server?
[2010/02/02 15:55:47] <jmccune> it may be different
[2010/02/02 15:55:51] <thuglife> puppetmaster.humppa.hu
[2010/02/02 15:56:03] <thuglife> and on each client i have a hosts entry for that name
[2010/02/02 15:56:06] <thuglife> to point to the correct ip
[2010/02/02 15:56:27] <thuglife> the connection goes fine, the certificate gets created then it bails out
[2010/02/02 15:57:10] <jmccune> That might happen if the client has been wiped and re-installed.
[2010/02/02 15:57:27] <jmccune> The server keeps the old certificate, sees the new CSR, and ignores it, handing back the old certificate
[2010/02/02 15:57:31] <jmccune> Which won't match the private key.
[2010/02/02 15:57:36] <jmccune> Could that be the problem?
[2010/02/02 15:57:43] @ incommon_ike left channel #puppet ()
[2010/02/02 15:58:29] <thuglife> no
[2010/02/02 15:58:39] <thuglife> i basically did rm -rf /etc/puppet/ssl on the server and client too
[2010/02/02 15:58:48] <jmccune> Could you paste the output of puppetd --debug --test --trace please
[2010/02/02 15:58:58] <thuglife> sure
[2010/02/02 15:59:15] @ bitmonk joined channel #puppet
[2010/02/02 16:01:17] <lak> still having ops problems on the channel?
[2010/02/02 16:01:31] <Volcane> seems mostly ok
[2010/02/02 16:01:36] <jmccune> lak: I think Volcane took care of it
[2010/02/02 16:01:39] @ Quit: erm_: Read error: Operation timed out
[2010/02/02 16:04:45] @ jcape joined channel #puppet
[2010/02/02 16:07:58] <thuglife> jmccune: http://pastebin.ca/1776214
[2010/02/02 16:09:42] @ Quit: jcape: Ping timeout: 252 seconds
[2010/02/02 16:10:09] <jmccune> thuglife: Do the system clocks all agree?
[2010/02/02 16:10:48] @ Quit: ppickfor: Quit: Leaving.
[2010/02/02 16:11:54] <thuglife> no but that's not an issue because other machines on the other (main) network work fine
[2010/02/02 16:11:57] <thuglife> and their clock skew too
[2010/02/02 16:12:03] @ Quit: kolla: Remote host closed the connection
[2010/02/02 16:12:45] <jmccune> thuglife: Right, but a machine could be off by weeks and "work" as long as the certificate is valid.
[2010/02/02 16:13:10] @ jcape joined channel #puppet
[2010/02/02 16:13:31] <jmccune> thuglife: Since you're generating all of your certificates "now", a certificate may not yet be valid if one system clock is ahead of another.
[2010/02/02 16:13:50] <thuglife> ok i can test it
[2010/02/02 16:13:52] <thuglife> give me a second
[2010/02/02 16:14:42] <jmccune> I'm really starting to think it would be worth my time to hack in some better error messages as they relate to certificate verification.
[2010/02/02 16:15:00] <jmccune> Seems to bite a lot of people, myself included.
[2010/02/02 16:15:09] @ ricdanger joined channel #puppet
[2010/02/02 16:15:12] <ricdanger> hi there
[2010/02/02 16:15:22] <ricdanger> is there any time limit for each puppetd --onetime run?
[2010/02/02 16:15:29] <Volcane> jmccune: i tried before to add some debug there - most of these messages come direct from the ssl library
[2010/02/02 16:17:20] @ Robbie joined channel #puppet
[2010/02/02 16:17:24] <ricdanger> I'm not getting deterministic results on each puppetd --onetime run
[2010/02/02 16:17:41] <ricdanger> equal machines are not applying the same number of manifests
[2010/02/02 16:17:47] <ricdanger> this can only be related to some time limit
[2010/02/02 16:17:48] @ Robbie is now known as Guest99775
[2010/02/02 16:17:50] <thuglife> jmccune: fuck you were right
[2010/02/02 16:17:56] <thuglife> they were 1 month off
[2010/02/02 16:18:07] <jmccune> Volcane: Yeah, I remember looking at it too awhile ago.
[2010/02/02 16:18:13] <thuglife> jmccune: thank you
[2010/02/02 16:18:16] <jmccune> Volcane: It's almost as if we'd have to patch ruby itself
[2010/02/02 16:18:20] <jmccune> thuglife: you're welcome
[2010/02/02 16:18:28] <Volcane> jmccune: you'd have to patch openssl i suspect
[2010/02/02 16:18:47] <thuglife> jmccune: i thought it's the network because only the machines in that network had the issues
[2010/02/02 16:18:54] <Volcane> jmccune: since thse messages are identical cross language
[2010/02/02 16:21:18] <thuglife> bye
[2010/02/02 16:21:19] @ thuglife left channel #puppet ()
[2010/02/02 16:22:47] <jmccune> Now that 0.25 is out, has development switched off the master branch? If so, I'll update DevelopmentLifecycle and DeveloperRepositories
[2010/02/02 16:22:55] <jmccune> e.g. is master now stable?
[2010/02/02 16:23:11] <jmccune> I suppose I should switch to #puppet-dev
[2010/02/02 16:24:25] @ Quit: KamusHadenes: Ping timeout: 264 seconds
[2010/02/02 16:27:51] @ Quit: Guest99775: Ping timeout: 252 seconds
[2010/02/02 16:33:41] @ Quit: toi: Quit: Ex-Chat
[2010/02/02 16:36:22] @ kolla joined channel #puppet
[2010/02/02 16:45:49] @ mqr joined channel #puppet
[2010/02/02 16:46:22] @ Quit: Demosthenes: Quit: leaving
[2010/02/02 16:47:29] @ Quit: bug: Quit: bug
[2010/02/02 16:47:49] <jamesturnbull> jmccune: gepetto can if I enable it
[2010/02/02 16:48:53] <jmccune> jamesturnbull: What do you mean?
[2010/02/02 16:48:56] @ Quit: tim\|imac: Quit: tim\|imac
[2010/02/02 16:48:57] <jamesturnbull> jmccune: ops
[2010/02/02 16:49:03] <jamesturnbull> jmccune: master is development HEAD
[2010/02/02 16:49:08] <jamesturnbull> jmccune: 0.25.x is current stable
[2010/02/02 16:49:47] <jmccune> Ah, I'll review the wiki docs then
[2010/02/02 16:50:02] <jmccune> I think they're written assuming that would change once 0.25.x came out
[2010/02/02 16:50:14] @ Mode +o jamesturnbull by ChanServ
[2010/02/02 16:50:35] @ Mode +o mpdehaan by ChanServ
[2010/02/02 16:50:38] @ tim\|imac joined channel #puppet
[2010/02/02 16:50:43] @ Quit: tim\|imac: Client Quit
[2010/02/02 16:52:30] <jamesturnbull> jmccune: haven't seen you online for a while?
[2010/02/02 16:55:04] <jmccune> jamesturnbull: Yeah... I wish I had a better excuse than I do.
[2010/02/02 16:56:10] <jmccune> It's nice to be back
[2010/02/02 16:56:58] @ Quit: uphillian: Quit: Leaving.
[2010/02/02 16:57:52] <jamesturnbull> jmccune: nice to have you back
[2010/02/02 16:58:02] <jmccune> Thanks
[2010/02/02 16:58:18] <jamesturnbull> we didn't end up switching branches
[2010/02/02 16:58:45] <jamesturnbull> want we're going to do is branch off master every stable release
[2010/02/02 16:58:49] <jamesturnbull> continue development on master
[2010/02/02 16:58:56] <jamesturnbull> and bug fix on x.x.x branch
[2010/02/02 16:59:23] @ Quit: allsystemsarego: Quit: Leaving
[2010/02/02 16:59:26] <jmccune> Makes sense.
[2010/02/02 17:01:16] <jamesturnbull> jmccune: nigel will be happy to see you back - I think everytime we see the letters "OSX" he gets assigned a ticket ;)
[2010/02/02 17:02:30] <jmccune> Haha... I'm not sure I'll be terribly much help to him, my laptop is the only OSX box I touch anymore.
[2010/02/02 17:02:55] <jmccune> And I'm trying to use my Linux desktop at home as my dominant machine. We'll see how that goes.
[2010/02/02 17:04:09] <jmccune> I think whoever replaced me at OSU math wasn't terribly keen on puppet.
[2010/02/02 17:04:20] <jamesturnbull> oh that's a shame
[2010/02/02 17:04:30] @ mpdehaan set topic "Puppet 0.25.4 released - http://bit.ly/9c5HMv \| Log bugs and feature requests at http://tinyurl.com/46ryk7 \| see also #puppet-dev"
[2010/02/02 17:05:07] <eric0> i've got a fair number of OSX boxen to run, though i think not as many as nigel.
[2010/02/02 17:05:41] <jmccune> I think we've got a volunteer. =)
[2010/02/02 17:05:41] @ Mode +o mpdehaan by jamesturnbull
[2010/02/02 17:05:43] @ jfreeman joined channel #puppet
[2010/02/02 17:05:48] @ Quit: jcape: Ping timeout: 252 seconds
[2010/02/02 17:06:00] <eric0> at this point though i'm still making more work than fixing substantive problems.
[2010/02/02 17:06:31] @ bug joined channel #puppet
[2010/02/02 17:06:44] @ Quit: jfreeman: Read error: Connection reset by peer
[2010/02/02 17:07:40] <jmccune> eric0: Heh, I've thought that too, then after awhile you try and build a machine without puppet and you realize how much small additions here and there add up
[2010/02/02 17:08:43] @ KamusHadenes joined channel #puppet
[2010/02/02 17:09:07] <eric0> i mean hacking on puppet itself, though yes this week is
[2010/02/02 17:09:17] @ erm_ joined channel #puppet
[2010/02/02 17:09:19] @ jfreeman joined channel #puppet
[2010/02/02 17:09:25] <eric0> my big push to stop doing any manual post-intall steps
[2010/02/02 17:09:41] @ jcape joined channel #puppet
[2010/02/02 17:09:44] <jmccune> eric0: Good luck... nirvana awaits.
[2010/02/02 17:10:02] @ Quit: lilmatt: Quit: lilmatt
[2010/02/02 17:12:25] @ OpenMedia joined channel #puppet
[2010/02/02 17:16:23] <jason^> what is everyone's method for keeping puppet up to date on ubuntu machines? i think i'm running an older version of puppet than current
[2010/02/02 17:17:02] @ KamusHadenes left channel #puppet ()
[2010/02/02 17:17:23] @ Quit: rgsteele: Remote host closed the connection
[2010/02/02 17:18:15] <jamesturnbull> jason^: backport?
[2010/02/02 17:18:27] @ Quit: jcape: Ping timeout: 252 seconds
[2010/02/02 17:19:18] <jamesturnbull> jason^: current is 0.25.4 . what are you running?
[2010/02/02 17:19:25] @ OpenMedia1 joined channel #puppet
[2010/02/02 17:19:26] <jason^> i have 0.24.8
[2010/02/02 17:20:42] <jason^> deb http://mirror.anl.gov/pub/ubuntu/ hardy-backports main restricted universe multiverse
[2010/02/02 17:21:22] @ Quit: shadoi: Quit: Leaving.
[2010/02/02 17:21:23] <jason^> do i have to be on a newer ubuntu version?
[2010/02/02 17:22:18] @ Quit: OpenMedia: Ping timeout: 252 seconds
[2010/02/02 17:23:55] @ OpenMedia joined channel #puppet
[2010/02/02 17:24:48] @ Quit: ezmobius: Remote host closed the connection
[2010/02/02 17:25:21] <jamesturnbull> jason^: what do you mean? if do you need to upgrade ubuntu - no - 0.25.x releases should run fine on hardy
[2010/02/02 17:25:45] <eric0> ack, i got saved a misunderstanding on my test box -- i have a very naïve package provider that i am trying to protect by making each package { "somefoo": require => File["somefoo.tar.bz2"] } ; i'd thought file { "somefoo.tar.bz2": ensure => 'file' } would fail if it doesn't exist, but instead puppet helpfully creates a 0-lenght file, passes the dependency and tries to untar from it
[2010/02/02 17:26:02] @ elasticdog joined channel #puppet
[2010/02/02 17:26:35] @ alban2 joined channel #puppet
[2010/02/02 17:26:56] <jmccune> eric0: Yep, that's a feature.
[2010/02/02 17:27:48] @ Quit: OpenMedia1: Ping timeout: 252 seconds
[2010/02/02 17:28:27] <jmccune> eric0: Try it without an ensure parameter
[2010/02/02 17:30:28] <eric0> yeah tried, that it doesn't create the file, but the dependency isn't considered a failure either.
[2010/02/02 17:31:02] <shenson> anyone know the syntax for setting defaults on a file object in puppet?
[2010/02/02 17:31:25] @ Quit: cwebber: Quit: cwebber
[2010/02/02 17:31:54] <jason^> jamesturnbull: in here there's 0.25.1 but i guess my machines aren't seeing that http://archive.ubuntu.com/ubuntu/pool/main/p/puppet/
[2010/02/02 17:32:14] <eric0> shenson: use the capital File { owner => root }
[2010/02/02 17:32:19] <shenson> ahh, thanks
[2010/02/02 17:32:48] <jmccune> eric0: You could just have your provider check File.exists?
[2010/02/02 17:33:06] <jmccune> eric0: Probably cleaner anyway
[2010/02/02 17:33:24] @ Quit: themurph: Quit: themurph
[2010/02/02 17:34:43] <jmccune> So I do scary things these days like play ~100MB SVR4 packages into the master's fileserver...
[2010/02/02 17:35:32] @ jmccune is now known as _jmccune
[2010/02/02 17:36:42] @ _jmccune is now known as jmccune_
[2010/02/02 17:38:26] @ docelic_ joined channel #puppet
[2010/02/02 17:39:47] @ Quit: jmccune_: Quit: leaving
[2010/02/02 17:40:47] @ lilmatt joined channel #puppet
[2010/02/02 17:41:33] @ Quit: docelic: Ping timeout: 276 seconds
[2010/02/02 17:45:24] @ Quit: ten8nine: Quit: ten8nine
[2010/02/02 17:46:19] @ kaptk2 left channel #puppet ()
[2010/02/02 17:48:56] @ Quit: docelic_: Quit: Leaving
[2010/02/02 17:54:27] @ Quit: giskard: Remote host closed the connection
[2010/02/02 17:54:43] @ Robbie joined channel #puppet
[2010/02/02 17:55:11] @ Robbie is now known as Guest71965
[2010/02/02 17:55:33] @ Quit: wagner: Quit: Leaving
[2010/02/02 17:56:33] @ giskard joined channel #puppet
[2010/02/02 18:02:05] @ Quit: shenson: Quit: /me taps out
[2010/02/02 18:03:40] @ Quit: nevyn: Ping timeout: 260 seconds
[2010/02/02 18:05:15] @ nevyn joined channel #puppet
[2010/02/02 18:06:47] @ kaptk2 joined channel #puppet
[2010/02/02 18:08:52] <eric0> yeah ok, that's better. I used FileTest.size? so i get existence and non-zero-length with one check.
[2010/02/02 18:17:14] @ themurph joined channel #puppet
[2010/02/02 18:20:24] @ Demosthenes joined channel #puppet
[2010/02/02 18:21:44] @ Quit: erm_: Ping timeout: 265 seconds
[2010/02/02 18:24:43] @ Quit: nigelk: Remote host closed the connection
[2010/02/02 18:25:06] @ Quit: realist: Ping timeout: 276 seconds
[2010/02/02 18:25:15] @ nigelk joined channel #puppet
[2010/02/02 18:28:17] @ Quit: pheezy: Remote host closed the connection
[2010/02/02 18:30:13] @ jmccune joined channel #puppet
[2010/02/02 18:30:19] <nigelk> jmccune: !
[2010/02/02 18:30:44] <jmccune> nigelk: good evening
[2010/02/02 18:31:27] <nigelk> how's tricks?
[2010/02/02 18:32:15] <jmccune> Pretty good.
[2010/02/02 18:32:25] <nigelk> this 0.24 to 0.25 migration is sending me a bit insane
[2010/02/02 18:32:32] <jmccune> Heh
[2010/02/02 18:32:40] <jmccune> Yeah, it wasn't plesant
[2010/02/02 18:32:44] <nigelk> I can't seem to get a single config that works for distributing plugins to 0.24 and 0.25 clients
[2010/02/02 18:32:44] <jmccune> I can't imagine how it'd be for you.
[2010/02/02 18:33:06] <nigelk> I may have to set 0.24 clients to use pluginsource puppet://$server/legacy_plugins or something
[2010/02/02 18:33:27] <jmccune> mod_rewrite =)
[2010/02/02 18:33:36] <nigelk> based on client version? :)
[2010/02/02 18:33:37] <nigelk> eeeeeew
[2010/02/02 18:33:47] <jmccune> is horrible idea
[2010/02/02 18:34:54] <jmccune> But yeah, sorting out my irssi configuration at home at the moment.
[2010/02/02 18:35:31] <himanshu> is basenode some internal puppet keyword?
[2010/02/02 18:36:20] <himanshu> I was defining some node defintion and even though I am not inheriting it from basenode, still it applies everything included in basenode
[2010/02/02 18:38:48] @ Quit: giskard: Remote host closed the connection
[2010/02/02 18:41:06] @ Quit: jmccune: Quit: brb
[2010/02/02 18:41:12] @ Quit: rmiller4pi8: Ping timeout: 272 seconds
[2010/02/02 18:41:39] @ jmccune joined channel #puppet
[2010/02/02 18:42:02] @ jmccune left channel #puppet ()
[2010/02/02 18:43:07] @ jmccune joined channel #puppet
[2010/02/02 18:43:56] @ Quit: bobbyz: Ping timeout: 246 seconds
[2010/02/02 18:47:28] @ Quit: jmccune: Quit: brb
[2010/02/02 18:47:51] @ jmccune joined channel #puppet
[2010/02/02 18:50:06] @ jmccune is now known as jmccune_
[2010/02/02 18:52:43] @ m3t3or left channel #puppet ()
[2010/02/02 18:54:02] @ Quit: barn: Quit: Lost terminal
[2010/02/02 18:56:21] @ Quit: jellis-real: Ping timeout: 252 seconds
[2010/02/02 18:58:41] @ barn joined channel #puppet
[2010/02/02 19:01:01] @ RSpacePope joined channel #puppet
[2010/02/02 19:05:54] @ realist joined channel #puppet
[2010/02/02 19:07:33] @ Quit: tecto: Quit: tecto
[2010/02/02 19:07:38] @ Quit: murkk: Quit: murkk
[2010/02/02 19:08:04] @ Quit: phips\|away: Ping timeout: 260 seconds
[2010/02/02 19:08:18] @ Quit: DrHouseMD: Remote host closed the connection
[2010/02/02 19:08:31] @ Quit: gee: Ping timeout: 245 seconds
[2010/02/02 19:08:41] @ DrHouseMD joined channel #puppet
[2010/02/02 19:09:02] @ phips\|away joined channel #puppet
[2010/02/02 19:09:16] @ gee joined channel #puppet
[2010/02/02 19:09:17] @ Quit: Demosthenes: Ping timeout: 260 seconds
[2010/02/02 19:10:15] @ Demosthenes joined channel #puppet
[2010/02/02 19:11:09] @ Quit: lak: Ping timeout: 260 seconds
[2010/02/02 19:11:40] @ lak joined channel #puppet
[2010/02/02 19:15:32] @ blahdeblah joined channel #puppet
[2010/02/02 19:24:27] @ Quit: tyll: Quit: leaving
[2010/02/02 19:28:01] @ ten8nine joined channel #puppet
[2010/02/02 19:28:05] @ totem joined channel #puppet
[2010/02/02 19:30:59] @ PaulWay[w] joined channel #puppet
[2010/02/02 19:33:39] @ Quit: darko434: Ping timeout: 248 seconds
[2010/02/02 19:34:35] <nigelk> DEPRECATION NOTICE: Files found in modules without specifying 'modules' in file path will be deprecated in the next major release
[2010/02/02 19:34:40] <nigelk> this is way too spammy :(
[2010/02/02 19:37:07] @ Quit: autowidget: Quit: autowidget
[2010/02/02 19:38:39] <whack> In puppet templates, facts dont' show up in local_variables or Module.constants. Is there some silly method_missing shenanigans going on here?
[2010/02/02 19:40:16] @ Quit: jab_doa: Quit: Verlassend
[2010/02/02 19:44:42] @ Quit: Guest71965: Remote host closed the connection
[2010/02/02 19:55:07] @ Quit: lak: Quit: lak
[2010/02/02 20:02:30] @ Quit: nanoz: Read error: Operation timed out
[2010/02/02 20:05:43] @ bgupta is now known as bgupta_afk
[2010/02/02 20:15:07] <ohadlevy> nigelk: yeah,
[2010/02/02 20:15:40] <ohadlevy> nigelk: I'm also playing around with different pluginsync solutions
[2010/02/02 20:15:41] <nigelk> #2532 argh
[2010/02/02 20:15:42] <gepetto> nigelk: #2532 is http://projects.reductivelabs.com/issues/show/2532 "Puppet - Bug #2532: ca_server/ca_port config settings overrides server/masterport config settings - ReductiveLabs.com"
[2010/02/02 20:15:52] <nigelk> ohadlevy: do you have separate ca_server/ca_port ?
[2010/02/02 20:16:16] <nigelk> it's like the client is trying to plugin sync from the ca_server.....
[2010/02/02 20:16:28] <ohadlevy> nigelk: depends :) we have a chained CA setup, so each productive puppetmaster can sign clients, dev puppetmasters dont have ca
[2010/02/02 20:16:41] <ohadlevy> nigelk: I didnt see this problem
[2010/02/02 20:16:54] <nigelk> yeah, it's been really erratic for me
[2010/02/02 20:17:07] <nigelk> and seems to depend on whether you're supplying and/or overriding settings on the command line
[2010/02/02 20:17:15] <ohadlevy> nigelk: is it on first time (e.g. when it requests a certificate?)
[2010/02/02 20:17:29] <nigelk> no no no
[2010/02/02 20:17:40] <nigelk> this client has no need to talk to the ca at all at this point
[2010/02/02 20:17:47] <ohadlevy> right
[2010/02/02 20:18:00] <nigelk> thus me being surprised by the eval_generate lines :)
[2010/02/02 20:18:09] <ohadlevy> i simulated it in my tests, i didnt see it so far
[2010/02/02 20:18:18] @ Quit: mpdehaan: Ping timeout: 252 seconds
[2010/02/02 20:18:32] * nigelk tests whether it happens if I put everything in the conf file
[2010/02/02 20:18:33] <ohadlevy> and all of my initial tests are done on dev puppetmasters (read no ca)
[2010/02/02 20:19:01] <ohadlevy> yeah, I dont use so much the command line args
[2010/02/02 20:24:25] @ Quit: notbrien: Quit: notbrien
[2010/02/02 20:24:41] <nigelk> absolutely reproducible now :( nothing to do with command line args
[2010/02/02 20:24:59] <nigelk> ca_server/port in .conf, tries to talk to the ca_server for plugin sync
[2010/02/02 20:25:24] <ohadlevy> thats odd, if the ca server is up, does it work?
[2010/02/02 20:26:09] <nigelk> it is up
[2010/02/02 20:26:13] <nigelk> it's just not running 0.25 :)
[2010/02/02 20:26:41] <nigelk> and it wouldn't work, as my CA servers don't work as what we call "config" servers
[2010/02/02 20:26:46] <nigelk> they can only do CA things
[2010/02/02 20:26:57] <ohadlevy> nigelk: i'm quite sure I dont have that problem... my test dev server has no ca, my prod ca is 0.24.x and the client is 0.25.4
[2010/02/02 20:27:28] <nigelk> what does the client think --configprint ca_server is?
[2010/02/02 20:27:36] <nigelk> are you running them all on the same ports?
[2010/02/02 20:27:48] <ohadlevy> nigelk: yeah, all on standard ports
[2010/02/02 20:28:05] <nigelk> I wonder if that's it. I'm doing config 9140 ca 9150
[2010/02/02 20:28:33] <ohadlevy> the client points to the right ca server with --configprint
[2010/02/02 20:35:34] @ Quit: ten8nine: Quit: ten8nine
[2010/02/02 20:36:16] @ ten8nine joined channel #puppet
[2010/02/02 20:38:50] <nigelk> ohadlevy: I just updated the bug, anything obvious you can think I'm missing?
[2010/02/02 20:43:00] <ohadlevy> nigelk: hmm.. not that i could see, can you iptables block the ca server, and see if you can get a trace of where it fails?
[2010/02/02 20:43:38] @ Quit: mqr: Quit: mqr
[2010/02/02 20:44:57] @ Quit: ambroff: Quit: Ex-Chat
[2010/02/02 20:46:26] @ Quit: jes5: Quit: Leaving.
[2010/02/02 20:46:48] <nigelk> one sec, just wanted to verify on multiple client OSes first :)
[2010/02/02 20:58:21] @ RageLink joined channel #puppet
[2010/02/02 21:08:01] @ sebas891 joined channel #puppet
[2010/02/02 21:18:59] @ tecto joined channel #puppet
[2010/02/02 21:19:00] @ Quit: tecto: Changing host
[2010/02/02 21:19:00] @ tecto joined channel #puppet
[2010/02/02 21:23:32] <jamesturnbull> nigelk: yeah i gave up on that a while back - similar issues to you
[2010/02/02 21:23:39] <jamesturnbull> nigelk: had meant to document it all but .. time etc
[2010/02/02 21:24:04] <nigelk> with separate ca server ?
[2010/02/02 21:26:13] @ Quit: jaredrhine: Ping timeout: 264 seconds
[2010/02/02 21:26:30] <jamesturnbull> nigelk: yeah
[2010/02/02 21:26:50] <nigelk> this is totally erratic, and I swear it's not me this time...
[2010/02/02 21:28:47] <nigelk> unless it's the CRL... that all changed in 0.25 didn't it?
[2010/02/02 21:29:59] <nigelk> motherf****
[2010/02/02 21:31:19] <jamesturnbull> it did yes
[2010/02/02 21:31:30] <jamesturnbull> I think masterzen rewrote that? or was it lak?
[2010/02/02 21:31:33] @ alexine_dsouza joined channel #puppet
[2010/02/02 21:31:36] <nigelk> AAAAAAAARGHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH
[2010/02/02 21:31:40] <nigelk> the error message is wrong
[2010/02/02 21:31:45] <nigelk> err: /File[/var/puppet/lib]: Failed to generate additional resources using 'eval_generate': Error 405 on SERVER: Method Not Allowed
[2010/02/02 21:31:46] <jamesturnbull> nigelk: calm calm
[2010/02/02 21:31:50] <nigelk> it has nothing to do with that file :)
[2010/02/02 21:31:53] <nigelk> it's the crl
[2010/02/02 21:32:03] <jamesturnbull> we do it because we hate you
[2010/02/02 21:32:16] <nigelk> I don't know how it's getting confused with the resource it's reporting on, but I swear that's it
[2010/02/02 21:32:31] <jamesturnbull> that's a sucky error too
[2010/02/02 21:32:51] <nigelk> if I switch to a 0.25 CA, I get a fresh CRL, and the runs work, even with my old CA specified
[2010/02/02 21:32:57] <nigelk> delete crl.pem and it repeats
[2010/02/02 21:33:17] <jamesturnbull> ouch
[2010/02/02 21:33:39] <nigelk> so this is ok in one way. I can just provision the CA with 0.25 first, which is what I was planning to do anyway
[2010/02/02 21:33:42] <jamesturnbull> I sort of see the logic there
[2010/02/02 21:33:52] @ cwebber joined channel #puppet
[2010/02/02 21:33:57] <nigelk> totally. it's just the error message that is misleading :)
[2010/02/02 21:34:13] <jamesturnbull> update ticket and we should fix that
[2010/02/02 21:34:16] <nigelk> my concern now though is that if my clients are hitting the CA all the time to get the CRL....
[2010/02/02 21:34:19] <jamesturnbull> stupid error reporting
[2010/02/02 21:34:21] <nigelk> which they didn't in 0.24.8
[2010/02/02 21:34:44] <jamesturnbull> well because CRLs were basically borken from memory
[2010/02/02 21:34:52] <nigelk> then I need an entirely different SLA around my CA :)
[2010/02/02 21:34:59] <nigelk> yeah
[2010/02/02 21:35:17] <jamesturnbull> so now we are makming your life by making things work right
[2010/02/02 21:35:19] <jamesturnbull> damn us
[2010/02/02 21:35:23] <nigelk> :)
[2010/02/02 21:35:43] <nigelk> don't you guys have private messages to be posting to public mailing lists or something?
[2010/02/02 21:35:58] <jamesturnbull> nigelk: hey - I don't work there
[2010/02/02 21:36:04] <nigelk> :)
[2010/02/02 21:36:04] <jamesturnbull> nigelk: I just lurk and make snide remarks
[2010/02/02 21:36:56] <jamesturnbull> awkward though :)
[2010/02/02 21:37:33] <nigelk> yes :)
[2010/02/02 21:43:46] * eric0 is also coordinating upgrades of puppet via puppet itself, and there are some mighty odd states the test boxen have gotten into
[2010/02/02 21:44:02] <nigelk> ohadlevy: did you see my latest update?
[2010/02/02 21:44:06] <nigelk> eric0: been there... :)
[2010/02/02 21:44:10] <ohadlevy> eric0: yeeah.... I'm still trying to find a way to upgrade only parts at a time :)
[2010/02/02 21:44:11] <nigelk> I cheated today
[2010/02/02 21:44:16] <ohadlevy> refreshing
[2010/02/02 21:44:26] <nigelk> puppet and puppetmaster now have different config files on my puppetmasters
[2010/02/02 21:44:31] <nigelk> made life so much simpler
[2010/02/02 21:45:10] <ohadlevy> nigelk: you mean puppetd and puppetmaster on the same box?
[2010/02/02 21:45:27] <nigelk> yeah. I know it shouldn't be necessary
[2010/02/02 21:45:49] <nigelk> however when you combine templating of clients with a bunch of other automated processes that need to work entirely differently on clients to servers....
[2010/02/02 21:45:52] <ohadlevy> nigelk: i was thinking about generating partials inside templates (e.g. an erb inside another erb)
[2010/02/02 21:46:02] <nigelk> ah. insane minds think alike :)
[2010/02/02 21:46:09] <ohadlevy> :)
[2010/02/02 21:46:15] <ohadlevy> thats how its done in rails, DRY
[2010/02/02 21:46:20] <nigelk> I autogen the environments sections of my puppetmasterd.conf based on XML
[2010/02/02 21:46:34] <nigelk> and was spending time in erb inside erb earlier today
[2010/02/02 21:46:50] <ohadlevy> nigelk: i do it too, based on some other manifest
[2010/02/02 21:47:06] <ohadlevy> I am playing with the idea that foreman could build the puppet environments
[2010/02/02 21:47:25] <ohadlevy> but that move must include many many assumptions about your puppet setup
[2010/02/02 21:47:32] <nigelk> yeah
[2010/02/02 21:47:35] <nigelk> I have stuff like this
[2010/02/02 21:47:36] <nigelk> <environment path="goobuntu" depth=4 />
[2010/02/02 21:47:51] <nigelk> so goobuntu/foo/bar/whatever makes goobuntu_foo_bar_whatever environment
[2010/02/02 21:48:15] <ohadlevy> I have : envs = File.read(envfile).grep(/module_dir/).map {\|e\| e.match(/\"#{env_path}\/(.)\":./)[1]}.sort.uniq
[2010/02/02 21:48:21] <ohadlevy> not so nice ;)
[2010/02/02 21:48:30] <ohadlevy> but the env file is really easy to manage :)
[2010/02/02 21:48:40] <nigelk> but because I have legacy crap... also have things like <environment path="foo" depth="4" name="%1%4%3%2: />
[2010/02/02 21:48:55] <nigelk> so foo/bar/1/2 becomes foo_2_1_bar :)
[2010/02/02 21:48:58] <ohadlevy> in mysetup, puppet actully builds the environment
[2010/02/02 21:49:06] @ mqr joined channel #puppet
[2010/02/02 21:49:15] <nigelk> yeah. that's where I'm headed. after 0.25 :)
[2010/02/02 21:49:27] <ohadlevy> but because of some anonying ordering bug in puppet, I cant do it all the way (templates are processed before some of the manifest parsing)
[2010/02/02 21:50:15] <ohadlevy> nigelk: some of the code is out there - maybe can save some time - http://github.com/ohadlevy/puppet-multipuppetmaster/blob/master/manifests/functions.pp
[2010/02/02 21:50:42] <ohadlevy> but Iguess you need some of the background info how of we manage modules and versioning first :)
[2010/02/02 21:50:58] <nigelk> yeah, same from my end actually :)
[2010/02/02 21:51:03] <nigelk> think perforce triggers :)
[2010/02/02 21:52:20] <ohadlevy> do you care about a version per module or per env?
[2010/02/02 21:52:41] <nigelk> sometimes? :)
[2010/02/02 21:53:21] <ohadlevy> nigelk: we have a release process per module, which at the end leads to an env which is a selection of modules in a certain version
[2010/02/02 21:53:37] <ohadlevy> so it allows different people to do different stuff
[2010/02/02 21:53:49] @ Quit: mqr: Ping timeout: 264 seconds
[2010/02/02 21:53:58] @ nigelk left channel #puppet ()
[2010/02/02 21:54:02] @ nigelk joined channel #puppet
[2010/02/02 21:54:03] @ nigelk left channel #puppet ()
[2010/02/02 21:55:42] @ nigelk joined channel #puppet
[2010/02/02 21:55:55] @ rmiller4pi8 joined channel #puppet
[2010/02/02 21:56:30] @ ambroff joined channel #puppet
[2010/02/02 22:01:58] <ohadlevy> eric0: so far I've been successful in having a puppet module supporting both 0.24 and 0.25 masters
[2010/02/02 22:02:16] <ohadlevy> but I havnt started to deploy real servers just yet ;)
[2010/02/02 22:02:50] <ohadlevy> I'm annoyed by the Ruby 1.81 breaks with 0.25x
[2010/02/02 22:05:56] <stahnma> ohadlevy: do you have the option of moving ruby?
[2010/02/02 22:06:05] <ohadlevy> stahnma: you mean upgrading?
[2010/02/02 22:06:08] <stahnma> we bumped ruby on all of our RHEL4
[2010/02/02 22:06:12] <stahnma> yeah
[2010/02/02 22:06:25] @ mqr joined channel #puppet
[2010/02/02 22:06:27] <ohadlevy> stahnma: thats what I do on RHEL3, I created rpms that co exists with the original rpms
[2010/02/02 22:06:33] <stahnma> ah
[2010/02/02 22:06:42] <stahnma> our strategy on RHEL3 was shoot it
[2010/02/02 22:06:45] <stahnma> :)
[2010/02/02 22:06:50] <ohadlevy> stahnma: I wish
[2010/02/02 22:07:00] <stahnma> for RHEL 4 we I think we put 1.8.5
[2010/02/02 22:07:01] <ohadlevy> I think we have almost 1000 RHEL3 around here
[2010/02/02 22:07:13] <stahnma> if I recall correctly we recompiled the RHEL5 SRPM onto 4
[2010/02/02 22:07:28] <stahnma> we had a deadline of June 1 last year to be done with RHEL3
[2010/02/02 22:07:30] <stahnma> we have 5 left
[2010/02/02 22:07:33] <ohadlevy> there is a bug in 2.6 kernels with NFS locking which kernel panic some apps on 2.6 kerenels
[2010/02/02 22:07:35] <stahnma> I think we did pretty good
[2010/02/02 22:07:44] <stahnma> still ?
[2010/02/02 22:08:02] <stahnma> the kernel guys are aware of that?
[2010/02/02 22:08:24] <stahnma> jamesturnbull: what hours UTC are you normally online?
[2010/02/02 22:09:31] <ohadlevy> stahnma: its quite a complicated case, there is an open ticket with RH for a couple of years now
[2010/02/02 22:09:35] <ohadlevy> very unique use case
[2010/02/02 22:09:49] <stahnma> ohadlevy: I guess.
[2010/02/02 22:10:48] <ohadlevy> so cant kill the RHE3 just yet
[2010/02/02 22:11:13] <ohadlevy> I'm planning to start a museum soon - have a few sparc 2.4 and friends
[2010/02/02 22:11:57] @ Quit: unomi: Ping timeout: 276 seconds
[2010/02/02 22:12:05] <stahnma> wow
[2010/02/02 22:12:17] @ Quit: mqr: Ping timeout: 265 seconds
[2010/02/02 22:13:27] @ unomi joined channel #puppet
[2010/02/02 22:19:43] @ Quit: sebas891: Quit: Leaving.
[2010/02/02 22:28:45] @ jaredrhine joined channel #puppet
[2010/02/02 22:31:54] <stahnma> if you're running puppet without a puppetmaster, where do you place custom facts normally?
[2010/02/02 22:32:07] <agaffney> you can run it without a puppetmaster?
[2010/02/02 22:33:55] <stahnma> sure, puppet in cron works just fine if you distribute manifests via git or nfs or something
[2010/02/02 22:34:19] <agaffney> ewwwww
[2010/02/02 22:35:19] <stahnma> there are several people in here who do that
[2010/02/02 22:35:29] <stahnma> mostly due to some sort of scaling issue
[2010/02/02 22:36:48] @ bodepd joined channel #puppet
[2010/02/02 22:36:55] <jamesturnbull> stahnma: depends AEST 8 to 11pm ish
[2010/02/02 22:38:05] <jamesturnbull> stahnma: http://www.timeanddate.com/worldclock/meetingtime.html?day=3&month=2&year=2010&p1=0&p2=152&p3=-1&p4=-1
[2010/02/02 22:38:08] <jamesturnbull> stahnma: why?
[2010/02/02 22:38:13] <stahnma> jamesturnbull: well, I'd like to find out more about the manifest testing and CI in general for puppet. and I figured if I was going to do that, I should try to be online the same time you are to start with
[2010/02/02 22:38:35] <jamesturnbull> stahnma: start with Teyo I'd say
[2010/02/02 22:38:46] <stahnma> ok
[2010/02/02 22:39:06] <stahnma> how often is he in here, or should I hit him up offline?
[2010/02/02 22:39:09] <bodepd> can I help?
[2010/02/02 22:39:13] <jamesturnbull> stahnma: he has some ideas - which be to honest we're suppose to have talked about but you teyo - slacker.. :P
[2010/02/02 22:39:32] <stahnma> ok
[2010/02/02 22:39:41] <stahnma> well, we should set something up
[2010/02/02 22:40:45] <jamesturnbull> yeah we should
[2010/02/02 22:40:56] <jamesturnbull> stahnma: as a fedora guy I'd like your take on how you guys do it
[2010/02/02 22:40:57] @ Quit: webx: Quit: My damn controlling terminal disappeared!
[2010/02/02 22:41:01] @ Quit: nigelk: Quit: nigelk
[2010/02/02 22:41:08] <bodepd> jamesturnball: can I get some background on what you guys are talking about?
[2010/02/02 22:41:40] <stahnma> jamesturnbull: I may only have a few insights into all of Fedora. It's so huge I only know about bits and pieces of it
[2010/02/02 22:41:49] <stahnma> mpdehann can help too with that
[2010/02/02 22:43:55] @ Quit: xcrracer: Remote host closed the connection
[2010/02/02 22:52:03] @ Quit: ten8nine: Quit: ten8nine
[2010/02/02 22:53:01] <tmz> stahnma, jamesturnbull: I'm sure we can cobble together a decent view from the Fedora perspective around here. A number of fedora-infrastructure folks lurk. ;)
[2010/02/02 22:53:16] <stahnma> true ture
[2010/02/02 22:54:39] <jamesturnbull> tmz: true :)
[2010/02/02 22:55:32] <jamesturnbull> tmz: I guess we're looking for a simple solution for large scale Puppet testing - and I fear to state too much as I don't know what Teyo is thinking - but it's one thing running the tests and another actually determining Puppet is behaving correctly
[2010/02/02 22:56:50] <tmz> jamesturnbull: No doubt it's an ambitious and involved task. Something worthwhile for sure and something I could learn a bit from.
[2010/02/02 22:58:01] <jamesturnbull> yeah
[2010/02/02 22:58:24] <tmz> jamesturnbull: FWIW, so far the only major glitch I've heard of with 0.25.4 on fedora/rhel/centos is the yaml problem ohadlevy mentioned with catalogs on EL-3 (which isn't really .4 specific)
[2010/02/02 22:58:26] <jamesturnbull> and I'd obviously prefer to keep infrastrucutre light weight and use VM and EC2 rather than havign to deploy physical slaves
[2010/02/02 22:58:41] <jamesturnbull> tmz: yeah that's ohadlevy's fault I am sure
[2010/02/02 22:58:53] <ohadlevy> tmz: its EL-4
[2010/02/02 22:58:55] <jamesturnbull> but yes pretty happy with the release
[2010/02/02 22:59:00] <tmz> Of course, the messenger is alway to blame.
[2010/02/02 22:59:05] <jamesturnbull> totally
[2010/02/02 22:59:09] <stahnma> I'd like to ensure we have some of the odder platforms covered. Such as AIX, cause damn it I have to deal with it
[2010/02/02 22:59:43] * tmz prepares the large cross to ward off the legacy vampires
[2010/02/02 22:59:44] <tmz> ;)
[2010/02/02 23:00:30] <stahnma> sadly in some respects, AIX is much nicer than Linux. I mean, not for my purposes, but I can see the argument
[2010/02/02 23:01:44] <stahnma> anyway, so testing
[2010/02/02 23:01:52] @ Djelibeybi joined channel #puppet
[2010/02/02 23:01:53] <stahnma> we have some, we'd like more :)
[2010/02/02 23:01:57] <tmz> I'm all for ensuring that puppet does the job well on as man platforms as possible, since I can't guarantee I won't have to work on one of them someday.
[2010/02/02 23:02:08] <tmz> stahnma: Yeah, sounds like the theme.
[2010/02/02 23:02:22] <Insyte> jamesturnbull: Aren't people using Cucumber for that these days?
[2010/02/02 23:02:31] <Insyte> (Verifying behavior.)
[2010/02/02 23:03:22] <Insyte> Me, I just randomly poke around a bit. If I don't get an error flood, I assume it's good and go to sleep.
[2010/02/02 23:03:52] <stahnma> a proven strategy...
[2010/02/02 23:04:00] <Insyte> "proven"
[2010/02/02 23:04:14] <bodepd> I talked with Teyo briefly about some work that needs to be done on a separate program that can verify things outside of puppet.
[2010/02/02 23:04:22] <Insyte> "widely-adopted", maybe...
[2010/02/02 23:04:41] <stahnma> it's proven until it isn't
[2010/02/02 23:04:53] <Insyte> I thought it was the other way around...
[2010/02/02 23:05:18] <stahnma> depends on if it's your turn for the pager
[2010/02/02 23:05:32] <bodepd> I think the strategy early on will be to combine that with some scripts that autogenerate puppet manifests to test the supported configs on the supported platforms.
[2010/02/02 23:05:33] <Insyte> There's only one of me. It's always my turn.
[2010/02/02 23:05:54] <stahnma> bodepd: I started with someting like that
[2010/02/02 23:05:57] <stahnma> I mean, really really simple
[2010/02/02 23:06:13] <bodepd> I work at RL for those who dont know :)
[2010/02/02 23:06:16] <stahnma> basically sets of files that execute a manifest and use test/unit for results
[2010/02/02 23:06:49] * stahnma doesn't have nick translation skills :)
[2010/02/02 23:07:02] <bodepd> bodepd = Dan Bode
[2010/02/02 23:07:07] <stahnma> ah yes
[2010/02/02 23:07:21] <tmz> Heh, hi Dan!
[2010/02/02 23:07:57] <stahnma> so anyway, basically having extremely simple predictable manifests, and then testing the results out of band
[2010/02/02 23:08:03] <stahnma> was my very simple approach
[2010/02/02 23:08:12] <stahnma> it's how i've started verifying AIX
[2010/02/02 23:08:27] <stahnma> in my copious free time
[2010/02/02 23:08:41] <bodepd> is your code available? I know that I will be working on this project. (also in my free time)
[2010/02/02 23:08:50] <stahnma> it can be
[2010/02/02 23:08:53] <stahnma> when I said simple
[2010/02/02 23:08:58] <stahnma> I mean really really really simple
[2010/02/02 23:09:02] <stahnma> I wrote it on an airplane
[2010/02/02 23:09:36] <bodepd> I have a basic idea, and I've talked to Teyo about it a bit. I just travel so much doing training.
[2010/02/02 23:09:37] <stahnma> my plan was then to plug in results to hudson or something so I could visualize it / show any output to a management team
[2010/02/02 23:10:25] <bodepd> do you have a reusable model for the manifest generation? (is that how it works?)
[2010/02/02 23:10:36] <stahnma> no, it was hard coded
[2010/02/02 23:10:44] <stahnma> that's a much better idea :)
[2010/02/02 23:11:00] <bodepd> just make it work :) the sooner the better :)
[2010/02/02 23:11:27] <stahnma> what I wanted to do was test each resource type and basically say if it worked or not at all
[2010/02/02 23:11:40] <stahnma> then get into what parameters work on each resource type...
[2010/02/02 23:12:11] <bodepd> yeah, I am thinking more about the combinatorics problem of variations of attributes to be tested
[2010/02/02 23:12:58] <bodepd> (within reason) :)
[2010/02/02 23:12:58] <stahnma> I didn't want to hurt my brain quite yet
[2010/02/02 23:13:15] <stahnma> but again, I was mostly shooting for a sanity validation of AIX
[2010/02/02 23:13:25] <bodepd> how are you verifying effects outside of puppet?
[2010/02/02 23:13:56] <bodepd> can you release some kind of support matrix for what things are missing from AIX?
[2010/02/02 23:13:57] <stahnma> using test/unit code (often times shelling out)
[2010/02/02 23:14:03] <stahnma> I'd like to
[2010/02/02 23:14:03] <bodepd> that would be awesome!
[2010/02/02 23:14:23] <bodepd> we actually get a lot of inquiries about AIX (its been quite shcking actually)
[2010/02/02 23:14:42] <stahnma> financials and insurance
[2010/02/02 23:14:48] <stahnma> they love them some AIX
[2010/02/02 23:15:15] <bodepd> everyone seems to have those AIX machines in the basement that no one wants to touch :)
[2010/02/02 23:16:31] <stahnma> or people are just very happy to meatcloud it
[2010/02/02 23:16:51] <stahnma> :(
[2010/02/02 23:17:08] <bodepd> is your stuff published, I would be more than willing to take a look at it?
[2010/02/02 23:17:16] <bodepd> willing = hapy :)
[2010/02/02 23:17:19] <stahnma> I'll look at it tomorrow
[2010/02/02 23:17:32] <stahnma> the lastest copy (of the very little there is) is at work
[2010/02/02 23:18:09] <stahnma> really I wanted to discuss the ideas of testing with James/Teyo and anybody else before I started something that was either worthless or already done
[2010/02/02 23:18:30] <bodepd> this is big time on our radar.
[2010/02/02 23:18:50] <bodepd> to have acceptance testing that verifies all supported resource types
[2010/02/02 23:19:09] <bodepd> on al supported/resonably supported platforms
[2010/02/02 23:19:10] <stahnma> seems like a key thing to have
[2010/02/02 23:19:45] @ Quit: cwebber: Quit: cwebber
[2010/02/02 23:19:59] <bodepd> we may just start throwing stuff together and try to craft a reusable model as we go.
[2010/02/02 23:20:12] <bodepd> Maybe I can start drafting a gasp design document
[2010/02/02 23:20:36] <jamesturnbull> Insyte: it's more complex than Cucumber - cucumber is a test framework - you still need to tell it what and how to test
[2010/02/02 23:21:07] <jamesturnbull> bodepd: that's actually an approach I'd like to avoid :) replicating Puppe ot test Puppet seems ... dodgy :)
[2010/02/02 23:21:31] @ Quit: bug: Quit: bug
[2010/02/02 23:22:19] <bodepd> I'm not sure I follow. It would be two parts, a test manifest generator, and some kind of a validator (maybe even written in python).
[2010/02/02 23:22:58] <jamesturnbull> bodepd: so mqr and I talk about this for quite some time
[2010/02/02 23:23:09] <jamesturnbull> you have a three tier problem
[2010/02/02 23:23:21] <jamesturnbull> classic test/unit/rspec does the code work tests
[2010/02/02 23:23:26] <jamesturnbull> tier 1
[2010/02/02 23:23:57] <jamesturnbull> tier 2 is does Puppet instantiate configuration, run, create resources, etc etc
[2010/02/02 23:24:04] @ cwebber joined channel #puppet
[2010/02/02 23:24:09] <jamesturnbull> tier 3 is are those resources correct on all platforms
[2010/02/02 23:24:21] <jamesturnbull> tier 2 and 3 related but not quite the same
[2010/02/02 23:24:45] <bodepd> ok, I was talking about #2, but assuming reusing 2 for 3 is easy
[2010/02/02 23:24:46] <gepetto> bodepd: ok: #2 is http://projects.reductivelabs.com/issues/show/2 "Puppet - Feature #2: Add 'link' ability to File - ReductiveLabs.com"
[2010/02/02 23:24:55] <jamesturnbull> to test 3 you need to effectively replicate types and providers
[2010/02/02 23:25:12] <bodepd> thanks gepetto :)
[2010/02/02 23:25:42] <jamesturnbull> 2 is easy - create dynamic manifests and run them on various platforms, parse output into some test format and check
[2010/02/02 23:26:44] <jamesturnbull> 3 means actually, for example, using puppet to create a user then using some other mechanisms to retreive details of that user (that mechanisms would need to be customised for each platform - just as puppet has providers)
[2010/02/02 23:26:56] <jamesturnbull> and then validate puppet user == created user
[2010/02/02 23:26:58] <bodepd> ok.
[2010/02/02 23:27:05] <jamesturnbull> that's a non-trivial problem IMHO
[2010/02/02 23:27:06] <stahnma> jamesturnbull: can the output be misleading for tier 2? could puppet think something worked and then didn't? cron comes to mind
[2010/02/02 23:27:13] @ xcrracer joined channel #puppet
[2010/02/02 23:27:14] <jamesturnbull> stahnma: yeah
[2010/02/02 23:27:24] <jamesturnbull> stahnma: but it's closer to comfort
[2010/02/02 23:27:51] <stahnma> I guess that's why I'd prefer to parse state than output
[2010/02/02 23:28:05] <jamesturnbull> stahnma: easy on one platform
[2010/02/02 23:28:09] <jamesturnbull> harder on many
[2010/02/02 23:28:12] <stahnma> agreed
[2010/02/02 23:28:23] <jamesturnbull> the many is part of the problem space Puppet was built to solve :)
[2010/02/02 23:28:29] <stahnma> you need like inverse providers
[2010/02/02 23:28:32] <jamesturnbull> you're in a maze of twsity passages all alike... :p
[2010/02/02 23:29:01] <stahnma> sounds complicated
[2010/02/02 23:29:03] <jamesturnbull> stahnma: I'd prefer to go to straight to 3 - because it covers 2 and 3
[2010/02/02 23:29:08] <stahnma> yes
[2010/02/02 23:29:21] <jamesturnbull> but I don't see how without maintaining complex code to query results
[2010/02/02 23:29:34] <jamesturnbull> times that by 30 types on say 10 platforms
[2010/02/02 23:29:46] <jamesturnbull> perhaps facter facts?
[2010/02/02 23:29:50] <stahnma> hmm
[2010/02/02 23:30:01] <jamesturnbull> actually that's not a bad idea for a lot of the results
[2010/02/02 23:30:05] <stahnma> facts for how to verify? or the output of the verification?
[2010/02/02 23:30:13] <jamesturnbull> facts to verify state
[2010/02/02 23:30:16] <jamesturnbull> rather than output
[2010/02/02 23:30:35] @ bug joined channel #puppet
[2010/02/02 23:31:53] <stahnma> so small tests built into facts
[2010/02/02 23:32:11] <stahnma> rather than an externalized program like test/unit or python whatever etc
[2010/02/02 23:32:28] <jamesturnbull> yeah
[2010/02/02 23:32:37] <jamesturnbull> actually that's kind of nifty ...
[2010/02/02 23:32:46] <bodepd> so the second time that it runs, it could use functions to check fact results... interesting.
[2010/02/02 23:32:47] * jamesturnbull waits for penny to drop about the gapping flaw in his idea
[2010/02/02 23:33:19] <jamesturnbull> yeah
[2010/02/02 23:33:34] <jamesturnbull> so we dynamically create resouces
[2010/02/02 23:33:35] <bodepd> it would reuse the puppet infrastructure to centralize the test results
[2010/02/02 23:33:48] <jamesturnbull> yeah
[2010/02/02 23:33:49] <bodepd> which takes care of one of the features that has to exist.
[2010/02/02 23:34:23] <bodepd> but facts only key=value pairs...
[2010/02/02 23:34:56] <bodepd> you would have to dynamically tell the facts what to verify.
[2010/02/02 23:35:59] <bodepd> maybe they could interact with the catalog data(but then we are asserting that trust the catalog created valid data)
[2010/02/02 23:36:26] <jamesturnbull> bodepd: that's takken care of to some extent by tier 1 tests
[2010/02/02 23:36:34] <jamesturnbull> bodepd: and we can beef those up too
[2010/02/02 23:36:49] <jamesturnbull> bodepd: but we parse the json catalogue and compare with fact output
[2010/02/02 23:36:58] <bodepd> is that what you see? the tests trust the catalog data? and create dynamic facts based on teh most recent catalog?
[2010/02/02 23:37:05] <jamesturnbull> or something like that
[2010/02/02 23:37:31] <jamesturnbull> no we build tests to ensure we have some data validation for catagloues
[2010/02/02 23:37:40] @ Quit: totem: Quit: totem
[2010/02/02 23:37:47] <jamesturnbull> blah blah resource should == blah blah json
[2010/02/02 23:37:54] <jamesturnbull> i think
[2010/02/02 23:38:10] <jamesturnbull> that's Rspec tests i mean there
[2010/02/02 23:38:30] <bodepd> thats a huge assertion. I like the idea of reusing puppet infrastructure to centralize results. I am not sure if there is a good way to communicate to puppet which facts should be gathered.
[2010/02/02 23:39:02] <bodepd> unless.....
[2010/02/02 23:39:12] @ notbrien joined channel #puppet
[2010/02/02 23:39:30] <bodepd> if the manifest generationn code could also generate facts, and facts were cleared between runs (maybe in the post script)
[2010/02/02 23:40:05] <bodepd> so we generate both the puppet manifest and the facts that verify it, then use the post script to clear facts or something.
[2010/02/02 23:40:27] <jamesturnbull> yeah
[2010/02/02 23:40:30] <jamesturnbull> seems reasonable
[2010/02/02 23:40:40] <bodepd> well, I didnt exactly saw what I meant.
[2010/02/02 23:40:48] <bodepd> read what I meant, not what I wrote
[2010/02/02 23:41:05] <jamesturnbull> um?
[2010/02/02 23:41:30] <bodepd> I screwed up explaining the order of how facts would have to be removed.
[2010/02/02 23:42:43] @ Quit: themurph: Quit: themurph
[2010/02/02 23:43:18] <bodepd> ok, Im out. long day already, another long one tomorrow.
[2010/02/02 23:45:05] @ bodepd left channel #puppet ()
[2010/02/02 23:45:06] * stahnma is ready to call it a day as well
[2010/02/02 23:45:14] * stahnma &
[2010/02/02 23:47:41] @ Quit: eric0: Ping timeout: 245 seconds

Generated by irclog2html.py 2.8 by Marius Gedminas - find it at mg.pov.lt!