Wednesday, 2010-03-03

« Tuesday, 2010-03-02 Index Thursday, 2010-03-04 »
[2010/03/03 00:00:40] @ Log started by gepetto
[2010/03/03 00:00:40] @ maxagaz joined channel #puppet
[2010/03/03 00:04:34] @ Quit: Bass10: Ping timeout: 265 seconds
[2010/03/03 00:04:49] @ ahuman joined channel #puppet
[2010/03/03 00:07:05] @ Quit: cabernet: Quit: cabernet
[2010/03/03 00:07:40] @ ckauhaus joined channel #puppet
[2010/03/03 00:09:16] @ Quit: axisys: Quit: leaving
[2010/03/03 00:09:36] @ axisys joined channel #puppet
[2010/03/03 00:14:10] @ Quit: axisys: Client Quit
[2010/03/03 00:14:30] @ axisys joined channel #puppet
[2010/03/03 00:22:56] @ Quit: ckauhaus: Read error: Operation timed out
[2010/03/03 00:33:47] @ DrHouseMD is now known as HouseAway
[2010/03/03 00:44:54] @ bkero is now known as bkero-legacy
[2010/03/03 00:46:50] @ bkero-ZNC is now known as bkero
[2010/03/03 00:46:52] @ Quit: bkero: Changing host
[2010/03/03 00:46:53] @ bkero joined channel #puppet
[2010/03/03 00:52:52] <tessier__> hmm...I upgraded the puppetmaster and now my clients are saying Failed to generate additional resources during transaction: Certificates were not trusted
[2010/03/03 00:53:06] <tessier__> I didn't expect it to generate new certificates. :|
[2010/03/03 01:08:24] @ Quit: Disconnect: Read error: Connection reset by peer
[2010/03/03 01:09:11] @ Disconnect joined channel #puppet
[2010/03/03 01:21:56] @ m1nish joined channel #puppet
[2010/03/03 01:24:06] @ Robbie_ joined channel #puppet
[2010/03/03 01:24:44] @ Quit: johnw: Quit: johnw
[2010/03/03 01:31:39] @ Quit: stevenjenkins: Ping timeout: 276 seconds
[2010/03/03 01:33:29] @ Quit: Robbie_: Remote host closed the connection
[2010/03/03 01:35:39] @ bug joined channel #puppet
[2010/03/03 01:44:40] @ stevenjenkins joined channel #puppet
[2010/03/03 01:56:39] @ crdant joined channel #puppet
[2010/03/03 02:00:08] @ Quit: crdant: Remote host closed the connection
[2010/03/03 02:00:43] @ Quit: Chiku: Read error: Connection reset by peer
[2010/03/03 02:01:11] @ Chiku joined channel #puppet
[2010/03/03 02:02:51] @ vermeer__ joined channel #puppet
[2010/03/03 02:03:31] @ lak joined channel #puppet
[2010/03/03 02:07:36] @ tjoe joined channel #puppet
[2010/03/03 02:22:55] @ bkohler joined channel #puppet
[2010/03/03 02:24:55] @ Quit: lak: Quit: lak
[2010/03/03 02:30:44] @ erlingre joined channel #puppet
[2010/03/03 02:31:55] @ pacalm joined channel #puppet
[2010/03/03 02:33:25] @ spawnyd joined channel #puppet
[2010/03/03 02:42:58] @ Quit: spawnyd: Ping timeout: 276 seconds
[2010/03/03 02:48:46] @ Robbie_ joined channel #puppet
[2010/03/03 02:59:35] @ TREllis joined channel #puppet
[2010/03/03 03:01:16] @ tuf joined channel #puppet
[2010/03/03 03:02:09] @ Quit: Erik78se_mobile: Ping timeout: 256 seconds
[2010/03/03 03:02:45] @ Quit: strattog: Read error: Operation timed out
[2010/03/03 03:02:55] @ randybias is now known as randybias|away
[2010/03/03 03:03:00] @ Erik78se_mobile joined channel #puppet
[2010/03/03 03:03:05] @ Ramonster joined channel #puppet
[2010/03/03 03:07:16] @ Quit: Erik78se_mobile: Client Quit
[2010/03/03 03:09:29] @ telmich left channel #puppet ()
[2010/03/03 03:10:29] @ Quit: tjoe: Quit: leaving
[2010/03/03 03:14:02] @ MattyM joined channel #puppet
[2010/03/03 03:19:11] @ manish__ joined channel #puppet
[2010/03/03 03:22:37] @ Quit: m1nish: Ping timeout: 276 seconds
[2010/03/03 03:23:17] @ Quit: manish__: Client Quit
[2010/03/03 03:23:57] @ m1nish joined channel #puppet
[2010/03/03 03:28:46] @ francois1 joined channel #puppet
[2010/03/03 03:29:09] @ Quit: vermeer__: Ping timeout: 265 seconds
[2010/03/03 03:32:02] @ Quit: `properzel: Ping timeout: 248 seconds
[2010/03/03 03:34:39] @ markwell joined channel #puppet
[2010/03/03 03:35:26] @ Quit: keds:
[2010/03/03 03:39:41] @ benlovell joined channel #puppet
[2010/03/03 03:39:41] @ gebi joined channel #puppet
[2010/03/03 03:41:50] @ Quit: benlovell: Client Quit
[2010/03/03 03:43:36] @ themroc joined channel #puppet
[2010/03/03 03:43:45] @ ShiNboi joined channel #puppet
[2010/03/03 03:43:46] @ ShiNboi_ joined channel #puppet
[2010/03/03 03:45:21] @ Quit: ShiNboi_: Client Quit
[2010/03/03 03:45:27] @ Quit: ShiNboi: Client Quit
[2010/03/03 03:45:31] @ ShiNboi joined channel #puppet
[2010/03/03 03:45:52] @ Quit: ShiNboi: Remote host closed the connection
[2010/03/03 03:45:54] @ ShiNboi joined channel #puppet
[2010/03/03 03:54:11] @ Quit: ShiNboi: Quit: Verlassend
[2010/03/03 03:54:16] @ ShiNboi joined channel #puppet
[2010/03/03 03:55:13] @ Quit: ShiNboi: Client Quit
[2010/03/03 03:56:43] @ ShiNboi joined channel #puppet
[2010/03/03 04:01:38] @ Quit: sjefen6: Ping timeout: 264 seconds
[2010/03/03 04:04:56] @ Quit: bkohler: Ping timeout: 265 seconds
[2010/03/03 04:05:55] @ suchu joined channel #puppet
[2010/03/03 04:09:08] @ Quit: m1nish: Ping timeout: 265 seconds
[2010/03/03 04:14:13] @ vermeer__ joined channel #puppet
[2010/03/03 04:17:28] @ bkohler joined channel #puppet
[2010/03/03 04:34:04] @ spawnyd joined channel #puppet
[2010/03/03 04:38:35] @ Spruit_elf joined channel #puppet
[2010/03/03 04:40:43] @ verwilst joined channel #puppet
[2010/03/03 04:40:58] @ Quit: giskard: Remote host closed the connection
[2010/03/03 04:47:17] @ Quit: M-: Quit: This computer has gone to sleep
[2010/03/03 04:59:00] @ M- joined channel #puppet
[2010/03/03 04:59:50] @ danielbln joined channel #puppet
[2010/03/03 05:04:23] <gepetto> ::trac:: Lab42Infrastructure edited @ http://reductivelabs.com/trac/puppet/wiki/Lab42Infrastructure?version=7
[2010/03/03 05:04:25] @ Lab42 joined channel #puppet
[2010/03/03 05:06:41] <Lab42> Hi all, wondering how many ppl will be at Puppetcamp Europe...
[2010/03/03 05:07:52] @ benlovell joined channel #puppet
[2010/03/03 05:08:08] <masterzen> Lab42: I plan to be there :-)
[2010/03/03 05:08:21] <nasrat> Lab42: hoping to get there, not booked yet
[2010/03/03 05:08:24] <Lab42> great Brice :-)
[2010/03/03 05:08:42] <masterzen> Lab42: are you going there, too?
[2010/03/03 05:08:54] <masterzen> I've not booked anything yet.
[2010/03/03 05:08:58] <Lab42> btw, I'm seriourly considering to attend the development class in London... masterzen will you teach it?
[2010/03/03 05:09:06] <masterzen> nasrat: will you be a speaker?
[2010/03/03 05:09:09] <Lab42> masterzen: almost sure pfor Puppetcamp
[2010/03/03 05:09:29] <masterzen> Lab42: no, that's not me.
[2010/03/03 05:09:50] <masterzen> Lab42: for Puppetcamp, cool. We'll see there then.
[2010/03/03 05:10:11] <Lab42> masterzen: sure
[2010/03/03 05:10:34] <masterzen> Lab42: I think Ohad wants to go too. I'm not sure if he will be able to make it though...
[2010/03/03 05:10:47] <nasrat> masterzen: If I go I might try put something together
[2010/03/03 05:10:55] <Lab42> masterzen: hope so
[2010/03/03 05:11:02] <masterzen> nasrat: cool.
[2010/03/03 05:11:05] @ giskard joined channel #puppet
[2010/03/03 05:11:34] <masterzen> that event will be the perfect occasion to know more EU puppet users that couldn't attend last year PuppetCamp...
[2010/03/03 05:12:56] <Lab42> masterzen: sure, nad also a good occasion to understand how big is the community in eu
[2010/03/03 05:13:03] @ Quit: Spads: Ping timeout: 256 seconds
[2010/03/03 05:13:48] <masterzen> Lab42: I think the community is large but not that active, compared to the US one. I have difficulties to find French puppet users (except those few hanging around here).
[2010/03/03 05:14:22] <masterzen> it looks like there are more UK people here than FR or IT :-)
[2010/03/03 05:14:54] <Lab42> masterzen: you are probably right, even if there seems to be hotspots of interests, such as in Switzerland
[2010/03/03 05:16:05] <bkohler> and London :-)
[2010/03/03 05:16:56] <Lab42> bkohler: good! if i'll manage to attend the London class it would nice to organize a puppet meetup there, in those days
[2010/03/03 05:17:11] @ Quit: suchu: Quit: ChatZilla 0.9.86 [Firefox 3.5.8/20100202165920]
[2010/03/03 05:17:47] <nasrat> Lab42: what's the dates?
[2010/03/03 05:18:11] <Lab42> nasrat: London, UK – March 29-April 2
[2010/03/03 05:18:35] @ kolla joined channel #puppet
[2010/03/03 05:18:47] <nasrat> wow they're training on a bank holiday
[2010/03/03 05:18:51] <bkohler> Lab42, we can ask Volcane to organize a devops meetup in this week
[2010/03/03 05:19:41] <Lab42> nasrat: i'll be there at least the 1st and 2nd, I suppose, but also earlier and later... it'd be my first time in london
[2010/03/03 05:19:54] <Lab42> bkholer: it would be great
[2010/03/03 05:20:05] <nasrat> Well Friday will be bad for most ppl due to the bank holiday weekend - often ppl go away
[2010/03/03 05:20:12] <nasrat> Wed or Thurs night more likely
[2010/03/03 05:20:37] <Lab42> bkholer: i suppose all the participants of the training classes would be interested
[2010/03/03 05:20:53] <Lab42> nasrat: yeah
[2010/03/03 05:21:57] <nasrat> yeah - so a puppet meet probably makes sense, but throw it open
[2010/03/03 05:21:59] <nasrat> http://www.beerintheevening.com/pubs/results.shtml?l=W1T+6AA
[2010/03/03 05:23:36] <nasrat> should find a pub with a room
[2010/03/03 05:24:32] <Lab42> nasrat: seems there're a few to choose from :-D
[2010/03/03 05:25:37] <Lab42> nasrat: I'd post a message on the list to call for partecipants
[2010/03/03 05:25:57] @ Quit: MattyM: Quit: ta ta
[2010/03/03 05:30:39] @ TREllis_ joined channel #puppet
[2010/03/03 05:31:09] @ Quit: TREllis: Read error: Connection reset by peer
[2010/03/03 05:36:51] @ Quit: fxpester: Ping timeout: 245 seconds
[2010/03/03 05:40:11] <Lab42> nasrat: i've posted a message on the list... we might follow up the organization from there
[2010/03/03 05:41:45] @ fxpester joined channel #puppet
[2010/03/03 05:51:00] @ Spruit_elf_ joined channel #puppet
[2010/03/03 05:55:07] @ Quit: Spruit_elf: Ping timeout: 265 seconds
[2010/03/03 05:55:07] @ Spruit_elf_ is now known as Spruit_elf
[2010/03/03 06:00:10] @ Quit: Spruit_elf: Quit: Spruit_elf
[2010/03/03 06:01:19] <nasrat> Lab42: ack
[2010/03/03 06:02:17] @ TREllis_ is now known as TREllis
[2010/03/03 06:02:36] @ Spads joined channel #puppet
[2010/03/03 06:04:52] <duritong> Lab42: try to be at puppetcamp as well
[2010/03/03 06:09:47] @ MattyM joined channel #puppet
[2010/03/03 06:10:36] <Lab42> duritong: yeah
[2010/03/03 06:24:07] @ Quit: alexine_dsouza: Read error: Connection reset by peer
[2010/03/03 06:29:31] @ Spruit_elf joined channel #puppet
[2010/03/03 06:32:43] @ fluxdude joined channel #puppet
[2010/03/03 06:48:49] @ Quit: MrHeavy: Ping timeout: 256 seconds
[2010/03/03 06:49:21] @ Quit: bkohler: Ping timeout: 245 seconds
[2010/03/03 07:03:47] @ Quit: Spruit_elf: Quit: Spruit_elf
[2010/03/03 07:08:48] @ Quit: M-: Quit: Leaving
[2010/03/03 07:19:22] @ strattog joined channel #puppet
[2010/03/03 07:21:27] @ ahasenack joined channel #puppet
[2010/03/03 07:21:39] @ Quit: MattyM: Quit: ta ta
[2010/03/03 07:22:48] @ biertie joined channel #puppet
[2010/03/03 07:28:53] @ sdog joined channel #puppet
[2010/03/03 07:29:00] <lanky> hi all
[2010/03/03 07:29:11] <lanky> puppet/augeas question?
[2010/03/03 07:29:28] <sdog> anyone around with recipe's for http://mon.wiki.kernel.org/ ? before I start reinventing the wheel :)
[2010/03/03 07:29:43] <lanky> currently adding users to sudoers using augeas, but ideally want to only add a user if not already present.
[2010/03/03 07:30:11] <lanky> there appears to be no opposite to match spec/user include $user
[2010/03/03 07:30:15] @ allsystemsarego joined channel #puppet
[2010/03/03 07:30:28] <lanky> and augeas doesn't support 'unless'
[2010/03/03 07:30:35] <lanky> anyone tried similar things?
[2010/03/03 07:30:42] <tim|imac> lanky: augeas supports onlyif, though
[2010/03/03 07:30:58] <lanky> yes, but onlyif NOT present seems very hard to achieve
[2010/03/03 07:31:13] <tim|imac> the way I would handle is, is to create virtual resources when you create the user and simply collect all those resources
[2010/03/03 07:31:15] <lanky> I won't know the precise list of users that will be in sudoers
[2010/03/03 07:31:37] <lanky> some will be NIS users, for example
[2010/03/03 07:31:53] <tim|imac> exported resources, then :)
[2010/03/03 07:32:30] * lanky is fairly new to this
[2010/03/03 07:33:13] <lanky> so I'm not 100% certain that I follow :)
[2010/03/03 07:33:32] <majeru> sdog: no idea about mon, but there is already a recipe for monit, which is similar to mon from what I can tell
[2010/03/03 07:34:09] <sdog> majeru: not gonna change the existing tool ... I only want to automate it before ....
[2010/03/03 07:34:21] <lanky> can I (efectively) grep for the users and store that in the definition?
[2010/03/03 07:37:47] <tim|imac> lanky: well, it depends on how you create the users
[2010/03/03 07:38:00] <tim|imac> if you do that manually, there's no way to efficiently let puppet know about them, I'm afraid
[2010/03/03 07:38:22] <tim|imac> if you create them from within puppet, you can work with exported or virtual resources
[2010/03/03 07:38:31] * lanky is now reading the augeas ruby sources to see what I can do.
[2010/03/03 07:38:44] <lanky> it seems odd that there's no 'unless'
[2010/03/03 07:39:15] <lanky> eventually these systems may also have users coming in from AD, so can't create them with puppet
[2010/03/03 07:40:03] <Filbert> tim|imac: the issue isn't so much the creation of users - it's the fact that augeas doens't seem to be able to effectively manage sudoers via Puppet
[2010/03/03 07:40:26] <Filbert> as when it comes to run, there's no way for Puppet to see if the specific entry is already in the sudoers file
[2010/03/03 07:40:45] * lanky just thnks that an 'unless' option would do the trick
[2010/03/03 07:40:52] <tim|imac> Filbert: yes there is? le me see your code and I'll take a look
[2010/03/03 07:40:52] <Filbert> it would indeed ;)
[2010/03/03 07:41:05] * Filbert points at lanky
[2010/03/03 07:41:08] <Filbert> (we're sitting next to each other ;)
[2010/03/03 07:41:27] <tim|imac> i recently had a discussion about it with David Lutterkort on the ml: http://groups.google.com/group/puppet-users/browse_thread/thread/77d68641a1939ea4
[2010/03/03 07:41:33] <tim|imac> he pointed me in the right direction
[2010/03/03 07:42:25] * ohadlevy waves to Lab42
[2010/03/03 07:42:48] <Lab42> hei ohad!
[2010/03/03 07:43:30] <ohadlevy> whatsup? :)
[2010/03/03 07:43:39] <Lab42> ohadlevy: masterzen told me that you might come to Puppetcamp Europe... it would be great!
[2010/03/03 07:43:49] <ohadlevy> Lab42: I would love to
[2010/03/03 07:43:54] <ohadlevy> lets see :)
[2010/03/03 07:44:36] <Lab42> ohadlevy: lets hope... how is foreman development going?
[2010/03/03 07:45:26] <ohadlevy> lab42: not bad, been on vacation for a while, but hopefully releasing a new version until the end of the week
[2010/03/03 07:47:04] <Lab42> ohadlevy: good ... have you seen this: http://www.devco.net/archives/2010/02/26/what_does_puppet_manage_on_a_node-2.php ? It could be nice to integrate it with foreman and show those data on the web
[2010/03/03 07:47:27] <ohadlevy> lab42: but in order not to offend anyone, we've created a #theforeman channel ;)
[2010/03/03 07:47:36] <Lab42> ohadlevy: lol
[2010/03/03 07:49:50] @ suchu joined channel #puppet
[2010/03/03 07:51:55] <lanky> tim|imac: pasted the current attempt at http://www.pastie.org/851529
[2010/03/03 07:52:24] <lanky> the reliance on the user existing is badly coded, but I can't see how to check if a user is already in sudoers
[2010/03/03 07:52:37] <lanky> match spec/user include $user
[2010/03/03 07:52:52] <lanky> works fine, but as there's no 'unless' ...
[2010/03/03 07:54:06] <tim|imac> I'd do something like match spec/*[user = $user] size == 0
[2010/03/03 07:54:19] <tim|imac> but I'm a newbie with augeas too
[2010/03/03 07:54:27] <tim|imac> so check it for correct syntax ;-)
[2010/03/03 07:54:40] <lanky> tim|imac: I just tried something vaguely similar, but not precisely that, let's see...
[2010/03/03 07:56:15] <lanky> unfortunately that still adds another entry for one of our existing users, so isn't quite there yet
[2010/03/03 07:56:23] @ bkohler joined channel #puppet
[2010/03/03 07:56:34] * lanky wonders if he can hack an 'unless' option into the augeas.rb file
[2010/03/03 08:11:53] @ Quit: cwebber: Ping timeout: 265 seconds
[2010/03/03 08:15:41] @ stewartl42 joined channel #puppet
[2010/03/03 08:17:17] @ Quit: benlovell: Quit: benlovell
[2010/03/03 08:17:40] @ Quit: stewartl42: Client Quit
[2010/03/03 08:17:56] @ stewartl42 joined channel #puppet
[2010/03/03 08:18:12] @ stewartl42 left channel #puppet ()
[2010/03/03 08:19:54] @ MattyM joined channel #puppet
[2010/03/03 08:22:10] @ Quit: bug: Quit: bug
[2010/03/03 08:27:29] @ eventi joined channel #puppet
[2010/03/03 08:29:03] @ eventi left channel #puppet ()
[2010/03/03 08:30:19] @ Quit: jY: Quit: go home
[2010/03/03 08:30:45] <_nono_> hi folks
[2010/03/03 08:30:54] @ jY joined channel #puppet
[2010/03/03 08:31:25] <_nono_> I have migrated my test puppetmaster from 0.24.8 to 0.25.4 and the ldap nodes don't work anymore
[2010/03/03 08:31:48] <_nono_> servers and clients running centos 5 with puppet from epel
[2010/03/03 08:32:00] <_nono_> the puppetmaster config is at http://files.glou.org/puppet/puppetmaster-puppet.conf
[2010/03/03 08:32:30] <_nono_> the puppetmaster does not even open a connection to the ldap server
[2010/03/03 08:32:39] <_nono_> what am I doing wrong?
[2010/03/03 08:33:00] @ omry|work joined channel #puppet
[2010/03/03 08:34:23] @ uphillian joined channel #puppet
[2010/03/03 08:42:30] <_nono_> I still use the old ldap schema from the 0.24.x days, I hope it does not make a difference?
[2010/03/03 08:43:27] @ yure joined channel #puppet
[2010/03/03 08:43:28] <_nono_> erm, forget this last line, it would fail after connecting to ldap
[2010/03/03 08:45:57] @ Bass10 joined channel #puppet
[2010/03/03 08:47:12] @ Quit: MattyM: Quit: ta ta
[2010/03/03 08:59:20] @ pheezy joined channel #puppet
[2010/03/03 09:00:01] @ eventi joined channel #puppet
[2010/03/03 09:00:23] @ eventi left channel #puppet ()
[2010/03/03 09:03:29] @ cwebber joined channel #puppet
[2010/03/03 09:05:54] @ Quit: erlingre: Ping timeout: 248 seconds
[2010/03/03 09:07:22] @ Lab42 left channel #puppet ()
[2010/03/03 09:07:42] @ rcrowley joined channel #puppet
[2010/03/03 09:14:11] @ Quit: afletcher: Quit: afletcher
[2010/03/03 09:16:49] @ Quit: rdavidr: Quit: Leaving
[2010/03/03 09:19:06] @ joe-mac1 joined channel #puppet
[2010/03/03 09:20:51] @ artista_frustrad joined channel #puppet
[2010/03/03 09:22:22] @ MattyM joined channel #puppet
[2010/03/03 09:22:23] @ rmiller4pi81 joined channel #puppet
[2010/03/03 09:23:10] @ shenson joined channel #puppet
[2010/03/03 09:24:01] @ artista-frustrad joined channel #puppet
[2010/03/03 09:25:18] @ bug joined channel #puppet
[2010/03/03 09:25:53] @ Quit: rmiller4pi8: Ping timeout: 246 seconds
[2010/03/03 09:29:35] @ Quit: uphillian: Remote host closed the connection
[2010/03/03 09:32:01] @ Quit: nexx: *.net *.split
[2010/03/03 09:32:02] @ Quit: bkero: *.net *.split
[2010/03/03 09:32:02] @ Quit: nevyn: *.net *.split
[2010/03/03 09:32:03] @ Quit: neh: *.net *.split
[2010/03/03 09:32:03] @ Quit: dirkD: *.net *.split
[2010/03/03 09:32:04] @ Quit: chrisg: *.net *.split
[2010/03/03 09:32:05] @ Quit: jermy: *.net *.split
[2010/03/03 09:32:06] @ Quit: markl_: *.net *.split
[2010/03/03 09:33:40] @ swygue joined channel #puppet
[2010/03/03 09:34:09] @ Quit: ricky: Ping timeout: 240 seconds
[2010/03/03 09:36:04] @ fzzzt joined channel #puppet
[2010/03/03 09:36:35] @ nexx joined channel #puppet
[2010/03/03 09:36:36] @ bkero joined channel #puppet
[2010/03/03 09:36:36] @ nevyn joined channel #puppet
[2010/03/03 09:36:36] @ jermy joined channel #puppet
[2010/03/03 09:36:36] @ neh joined channel #puppet
[2010/03/03 09:36:36] @ dirkD joined channel #puppet
[2010/03/03 09:36:36] @ chrisg joined channel #puppet
[2010/03/03 09:36:36] @ markl_ joined channel #puppet
[2010/03/03 09:38:05] @ labrown joined channel #puppet
[2010/03/03 09:38:54] <gepetto> ::trac:: Lab42Infrastructure edited @ http://reductivelabs.com/trac/puppet/wiki/Lab42Infrastructure?version=8
[2010/03/03 09:39:02] @ sjefen6 joined channel #puppet
[2010/03/03 09:40:33] @ rgsteele joined channel #puppet
[2010/03/03 09:44:18] @ Quit: ShiNboi: Ping timeout: 248 seconds
[2010/03/03 09:44:37] @ Quit: rmiller4pi81: Quit: Leaving.
[2010/03/03 09:49:00] @ afletcher joined channel #puppet
[2010/03/03 09:50:13] @ sebas891 joined channel #puppet
[2010/03/03 09:51:54] @ jmccune joined channel #puppet
[2010/03/03 09:52:02] <jmccune> Good morning
[2010/03/03 09:54:31] <fzzzt> morning
[2010/03/03 09:55:42] <fzzzt> Curious, so you organize files in files/ and/or templates/ with a hierarchy relative to where they go, e.g. files/etc/blah/file.ext?
[2010/03/03 09:55:46] <fzzzt> s/so/do/
[2010/03/03 09:55:54] <fzzzt> (anyone)
[2010/03/03 09:55:59] <jmccune> I do
[2010/03/03 09:56:16] <jmccune> Though, I'm not convinced it's of much benefit
[2010/03/03 09:57:01] <kubicek> i put separate things into modules (package, service, config files)
[2010/03/03 09:57:08] <ohadlevy> i do too
[2010/03/03 09:57:25] @ Quit: spawnyd: Ping timeout: 264 seconds
[2010/03/03 09:58:24] @ sdog left channel #puppet ()
[2010/03/03 10:10:44] <fzzzt> You separate that into 3 modules?
[2010/03/03 10:10:53] <fzzzt> kubicek:
[2010/03/03 10:11:55] <kubicek> fzzzt: no, each service has its own module, which contains information about its package, how to run the service and the config files for this service
[2010/03/03 10:12:01] <fzzzt> What got me thinking about this is, I've flip-flopped between a flat hierarchy and reflective of target path... I just switched to Mongrel, and now I have two puppet.conf files (one for apache)
[2010/03/03 10:12:04] <fzzzt> ah ok
[2010/03/03 10:12:21] <kubicek> modules are small, easy to review and re-usable
[2010/03/03 10:12:23] <fzzzt> I always wonder if I should put things like that in the puppet module or apache module
[2010/03/03 10:12:48] <fzzzt> I suppose the "right" way to do it is a define though...
[2010/03/03 10:13:06] @ bobbyz joined channel #puppet
[2010/03/03 10:14:28] <fzzzt> I've been avoiding apache defines, which seems like a crazily complex task to do
[2010/03/03 10:19:45] @ Quit: zipkid: Remote host closed the connection
[2010/03/03 10:19:59] @ Quit: sebas891: Quit: Leaving.
[2010/03/03 10:25:28] @ Quit: TREllis: Quit: leaving
[2010/03/03 10:28:00] @ Quit: Robbie_: Remote host closed the connection
[2010/03/03 10:30:44] @ murkk joined channel #puppet
[2010/03/03 10:35:58] @ rmiller4pi8 joined channel #puppet
[2010/03/03 10:37:26] @ Quit: biertie: Quit: I'm off :)
[2010/03/03 10:37:49] @ TREllis joined channel #puppet
[2010/03/03 10:40:02] @ Quit: yure: Ping timeout: 258 seconds
[2010/03/03 10:45:43] @ kaptk2 joined channel #puppet
[2010/03/03 10:46:05] @ lak joined channel #puppet
[2010/03/03 10:46:09] @ Quit: rmiller4pi8: Quit: Leaving.
[2010/03/03 10:47:09] @ rmiller4pi8 joined channel #puppet
[2010/03/03 10:50:07] @ Quit: erik78se: Quit: Leaving.
[2010/03/03 10:54:10] @ sijis joined channel #puppet
[2010/03/03 10:59:43] @ Quit: TREllis: Quit: leaving
[2010/03/03 11:03:49] @ ShiNboi joined channel #puppet
[2010/03/03 11:05:54] @ alfism joined channel #puppet
[2010/03/03 11:10:20] @ lilmatt joined channel #puppet
[2010/03/03 11:11:34] @ Quit: pacalm: Quit: pacalm
[2010/03/03 11:13:20] @ marcellods joined channel #puppet
[2010/03/03 11:13:55] <marcellods> ?
[2010/03/03 11:13:56] @ Quit: bkohler: Ping timeout: 245 seconds
[2010/03/03 11:14:05] @ Quit: lak: Quit: lak
[2010/03/03 11:16:27] @ _elmata_ is now known as RageLink
[2010/03/03 11:18:19] @ Quit: alfism: Quit: http://opensolaris.com/
[2010/03/03 11:19:30] <fluxdude> I have a really strange problem
[2010/03/03 11:19:46] <fluxdude> I rebuilt one of my test vms and did the usual puppetca --clean host.domain.com
[2010/03/03 11:19:59] <fluxdude> and then had the fresh vm try to get a cert but it gets
[2010/03/03 11:20:07] <fluxdude> notice: Did no receive certificate
[2010/03/03 11:20:11] <fluxdude> even though I have autosigning
[2010/03/03 11:20:15] <joe-mac1> did you clean the ssldir on the node?
[2010/03/03 11:20:18] <fluxdude> and there is nothing in the puppetmaster logs either
[2010/03/03 11:20:30] <fluxdude> the node was rebuilt
[2010/03/03 11:20:45] <fluxdude> ie the whole system wiped and reinstalled
[2010/03/03 11:20:51] <joe-mac1> yes but when did you clean the master?
[2010/03/03 11:21:15] <fluxdude> yes
[2010/03/03 11:21:20] <fluxdude> puppetca --clean host.domain.com
[2010/03/03 11:21:26] <fluxdude> as mentioned above
[2010/03/03 11:21:43] <fluxdude> the puppetmaster doesn't even log any problem
[2010/03/03 11:21:54] <fluxdude> which is why this is so strange, I don't recall seeing this problem before
[2010/03/03 11:21:54] <joe-mac1> yes but when did you clean the master?
[2010/03/03 11:22:04] <joe-mac1> when being key
[2010/03/03 11:22:17] <fluxdude> huh?
[2010/03/03 11:22:27] <fluxdude> around the time the node was rebuilding
[2010/03/03 11:22:28] <joe-mac1> if you forgot to celan the master and the new node already started the puppet daemon, you will have a stale csr in your ssl dir on the node
[2010/03/03 11:22:34] <Volcane> are you sure it cleaned, like did it delete the files and all?
[2010/03/03 11:22:46] <fluxdude> I rm -fr the whole ssl dir, puppetd created it again and still the same
[2010/03/03 11:22:55] <fluxdude> i restarted puppet after the rm -fr
[2010/03/03 11:23:09] <fluxdude> it created a new key and new csr
[2010/03/03 11:23:23] <fluxdude> but for some reason nothing is happening when it sends it to the pp master
[2010/03/03 11:23:36] @ Quit: swygue: Read error: Connection reset by peer
[2010/03/03 11:23:42] <joe-mac1> are you certain you're looking at the master for that domain and not some other domain?
[2010/03/03 11:23:48] <fluxdude> am tailing the logs and no mention of this host or any host trying to get any cert
[2010/03/03 11:23:51] <Volcane> stop puppetd. rm the files, run puppetd --test and pastie the output
[2010/03/03 11:24:03] <Volcane> the ssl files
[2010/03/03 11:27:28] @ alfism joined channel #puppet
[2010/03/03 11:27:37] @ Quit: MattyM: Quit: ta ta
[2010/03/03 11:27:57] <tim|imac> nigelk, hacim: any idea why apt thinks puppet 0.25.4 from testing is ready to be autoremoved on lenny?
[2010/03/03 11:28:48] <joe-mac1> sure, did you build your own and now trying to update/
[2010/03/03 11:28:52] <joe-mac1> thjere is now a puppet-common package
[2010/03/03 11:28:59] <joe-mac1> that probably makes the 'puppet' package obselete
[2010/03/03 11:29:15] <joe-mac1> this is the same horse shit i went through when rubygems changed from libruby-gems1.8 to rubygems1.8
[2010/03/03 11:29:18] <tim|imac> no. puppet and puppetmaster both depend on puppet-common :S
[2010/03/03 11:29:29] <joe-mac1> ah, i c, no clue then
[2010/03/03 11:29:42] <tim|imac> and using the package from testing without rebuilding it, just download and install
[2010/03/03 11:29:46] <joe-mac1> reminded me of rubygems though, my blood pressure began to rise, had to eat some tums
[2010/03/03 11:29:55] <hacim> tim|imac: I'm guessing you mean aptitude, not apt
[2010/03/03 11:30:01] <tim|imac> no, apt-get
[2010/03/03 11:30:11] <tim|imac> i never seen any reason to switch to aptitude
[2010/03/03 11:30:31] <tim|imac> i'll check with aptitude
[2010/03/03 11:30:44] <hacim> i would need to see your sources, your preferences, pinning and know what version you had installed
[2010/03/03 11:31:31] <hacim> also, are you using ubuntu or debian
[2010/03/03 11:31:35] <tim|imac> debian
[2010/03/03 11:31:55] <tim|imac> nothing in preferences references puppet
[2010/03/03 11:32:05] * tim|imac thinks he knows how to solve it...
[2010/03/03 11:32:16] <tim|imac> unmarkauto
[2010/03/03 11:32:59] @ Quit: Ramonster: Quit: Get MacIrssi - http://www.sysctl.co.uk/projects/macirssi/
[2010/03/03 11:33:19] <fluxdude> Volcane: http://pastie.org/851885
[2010/03/03 11:33:28] <hacim> tim|imac: your preferences do not have to reference puppet at all
[2010/03/03 11:33:31] @ TREllis joined channel #puppet
[2010/03/03 11:33:52] <tim|imac> ah hm
[2010/03/03 11:35:09] <fluxdude> I've removed and let puppetd recreate the csr several times without luck or any logs in the puppetmaster at all which is what is so troubling, puppet is not giving me any information to work with
[2010/03/03 11:35:33] <fluxdude> the puppetmaster is up and working, other hosts are getting their compiled catalogs
[2010/03/03 11:35:42] <fluxdude> no idea why this isn't working
[2010/03/03 11:35:51] <Volcane> fluxdude: seems its not being signed on the master
[2010/03/03 11:36:01] <fluxdude> I've rebuilt this machine (it's a test machine) lots of times
[2010/03/03 11:36:16] <fluxdude> and usually just doing the clean and letting the puppetmaster autosign it on the next run works
[2010/03/03 11:36:36] <fluxdude> yes but the puppetmaster doesn't even output any log of it to say there is any problem
[2010/03/03 11:36:39] <fluxdude> just silence
[2010/03/03 11:36:40] <tim|imac> hacim: if you have the time for it, I'd appreciate a look at http://pastie.org/851893, maybe you see something that I do not :S
[2010/03/03 11:36:43] <|Mike|> fluxdude: can you ping your puppet(master)?
[2010/03/03 11:36:50] <fluxdude> yes
[2010/03/03 11:37:04] <fluxdude> I've tcpdumped the pings and replies and even the cert request
[2010/03/03 11:37:05] <Volcane> fluxdude: as root - not via sudo or something - do puppetca --list
[2010/03/03 11:37:21] <fluxdude> there is a whole series of packets ending with the master sending an reset
[2010/03/03 11:37:32] @ away is now known as eshamow
[2010/03/03 11:37:46] <fluxdude> and the client then doing the same after there has been a successful 3 way handshake, a bunch of packets
[2010/03/03 11:38:41] <hacim> tim|imac: can you also provide apt-cache policy puppet?
[2010/03/03 11:38:51] @ francois1 left channel #puppet ()
[2010/03/03 11:38:53] <fluxdude> now running the puppetmaster with --no-daemonize and --verbose and still it outputs nothing about this node
[2010/03/03 11:39:01] <Volcane> did you do the puppetca --list i asked?
[2010/03/03 11:39:03] <|Mike|> fluxdude: puppetca --list ?
[2010/03/03 11:39:04] <hacim> tim|imac: and what you were doing to get in the situation where apt was offering to remove it
[2010/03/03 11:39:12] <Volcane> fluxdude: as root, not via sudo
[2010/03/03 11:39:35] <fluxdude> |Mike|: no certificates to sign
[2010/03/03 11:39:38] <fluxdude> I am using autosigning
[2010/03/03 11:39:47] @ Quit: rcrowley: Quit: rcrowley
[2010/03/03 11:39:55] <tim|imac> hacim: updated the paste
[2010/03/03 11:40:03] <tim|imac> oh
[2010/03/03 11:40:05] <tim|imac> forgot something
[2010/03/03 11:40:06] <fluxdude> Volcane: yes I am doing all this via a straight root shell so no env stripping
[2010/03/03 11:40:15] <Volcane> on the master too?
[2010/03/03 11:40:40] <fluxdude> yes
[2010/03/03 11:40:52] <fluxdude> root keys, my favourite ;-)
[2010/03/03 11:41:13] <tim|imac> hacim: updated paste again
[2010/03/03 11:42:19] <hacim> tim|imac: ok, thx, will take a look when I get a chance
[2010/03/03 11:42:28] <tim|imac> hacim: much appreciated!
[2010/03/03 11:43:38] @ Quit: eshamow: Quit: eshamow
[2010/03/03 11:43:55] @ eshamow joined channel #puppet
[2010/03/03 11:47:37] <fluxdude> I can't even find the cert for this host on the puppetmaster
[2010/03/03 11:47:55] <fluxdude> it doesn't exist in the ssl/ca/requests folder or anywhere
[2010/03/03 11:48:05] <Volcane> do you have just one puppetmaster?
[2010/03/03 11:48:10] <fluxdude> and yet the puppetmaster doesn't log the request for a signing from this client
[2010/03/03 11:48:13] <fluxdude> yes
[2010/03/03 11:48:14] <fluxdude> for now
[2010/03/03 11:49:06] @ Quit: danielbln: Quit: Leaving.
[2010/03/03 11:49:39] @ Quit: verwilst: Quit: Ex-Chat
[2010/03/03 11:50:57] <hacim> tim|imac: after installing with dpkg -i, what does aptitude show puppet give you?
[2010/03/03 11:51:19] @ swygue joined channel #puppet
[2010/03/03 11:51:34] <tim|imac> State: installed; will be removed because nothing depends on it
[2010/03/03 11:51:35] <hacim> tim|imac: ie, do you see: Automatically installed:
[2010/03/03 11:51:55] <tim|imac> Automatically installed: yes
[2010/03/03 11:52:14] <fluxdude> running puppetmasterd --debug --no-daemonize --verbose isn't telling me anything either!
[2010/03/03 11:52:23] <fluxdude> it lists all the actions for all the other hosts
[2010/03/03 11:52:26] <fluxdude> but nothing for this one
[2010/03/03 11:52:36] <fluxdude> and yet pinging and traceroutes work fine between those 2 machines...
[2010/03/03 11:52:42] <hacim> tim|imac: you installed it via dpkg -i?
[2010/03/03 11:52:46] <tim|imac> yeah
[2010/03/03 11:53:04] <tim|imac> removed it first
[2010/03/03 11:53:18] <hacim> tim|imac: odd, I am not getting Automatically installed: yes
[2010/03/03 11:53:36] <tim|imac> this is lenny, btw, and using the package from testing without any modifications
[2010/03/03 11:54:10] <hacim> tim|imac: had you already installed puppet via another way in the past, and then you updated the package with dpkg -i newversion.deb?
[2010/03/03 11:54:36] <hacim> tim|imac: also, you aren't using the package from testing, from what I can see
[2010/03/03 11:54:36] <tim|imac> puppet was already installed before, yes, from lenny-kumina repository
[2010/03/03 11:55:20] <hacim> sorry
[2010/03/03 11:55:26] <hacim> scratch the last thing I said :)
[2010/03/03 11:55:38] <tim|imac> ah ok, because i was just about to show you where i downloaded it from ;-)
[2010/03/03 11:55:55] <hacim> sorry for throwing that bit of confusion in there
[2010/03/03 11:56:09] <hacim> when you said "removed it first", how did you remove it?
[2010/03/03 11:56:12] @ bkohler42 joined channel #puppet
[2010/03/03 11:56:14] <tim|imac> apt-get autoremove
[2010/03/03 11:56:21] <hacim> ok
[2010/03/03 11:56:23] @ Quit: gebi: Ping timeout: 246 seconds
[2010/03/03 11:56:55] <tim|imac> shall i try removing it with dpkg?
[2010/03/03 11:57:02] <tim|imac> i'll try it anyway ;-)
[2010/03/03 11:57:04] @ bkohler42 is now known as bkohler
[2010/03/03 11:57:39] <tim|imac> nope, didn't help
[2010/03/03 11:57:40] @ gebi joined channel #puppet
[2010/03/03 11:58:07] @ Quit: mpdehaan: Quit: mpdehaan
[2010/03/03 11:58:42] <hacim> tim|imac: I think the situation is basically a result of apt only maintaining a database about packages that *apt* installs/removes, it is a front-end to dpkg, and it doesn't have any visibility into what you have done with dpkg
[2010/03/03 11:59:09] <tim|imac> hacim: but i installed puppet-common en puppetmaster by dpkg -i too, those aren't giving me that message :S
[2010/03/03 11:59:19] <hacim> tim|imac: so from apt-get's perspective, this package, which is not available in any valid archive (based on your sources.list and preferences) is installed on the system, and I dont know how it got there
[2010/03/03 11:59:51] <hacim> tim|imac: right, but that is the tricky part about what 'autoremove' actually does
[2010/03/03 12:00:15] <hacim> tim|imac: autoremove *only* removes packages that were automatically installed to satisfy dependencies for some package and that are no longer needed
[2010/03/03 12:00:29] <hacim> the puppet-common and puppetmaster packages are needed to satisfy dependencies
[2010/03/03 12:00:45] <hacim> btw. this is a case of apt resisting feature changes, that aptitude and cupt have adopted
[2010/03/03 12:00:45] <gebi> same problem with autoremove is with apt-get vs. aptitude
[2010/03/03 12:01:04] <hacim> in otherwords, with aptitude you would mark the package
[2010/03/03 12:01:08] <tim|imac> true, i noticed aptitude doesn't want to remove puppet
[2010/03/03 12:01:09] <gebi> they don't use the same db about what was automatically installed and what manually
[2010/03/03 12:01:14] <hacim> right
[2010/03/03 12:01:37] <hacim> aptitude *is* a little smarter about this, and you have more knobs to turn to let it know
[2010/03/03 12:01:59] <tim|imac> hm... so i finally found a good reason to switch to aptitude, i guess :)
[2010/03/03 12:02:37] <hacim> tim|imac: well, be sure you understand that both apt *and* aptitude only are able to keep a list of auto-installed packages, not manually-installed packages
[2010/03/03 12:02:48] <hacim> unless you indicate to aptitude that you have manually installed it
[2010/03/03 12:03:07] <tim|imac> well, that's kind of the strange thing, because i install packages with dpkg very often and this is the first time i notice apt-get wanting to autoremove one
[2010/03/03 12:05:05] <tim|imac> thanks for your time and effort, hacim :)
[2010/03/03 12:07:09] @ tyll joined channel #puppet
[2010/03/03 12:07:51] @ ricky joined channel #puppet
[2010/03/03 12:08:22] @ biertie joined channel #puppet
[2010/03/03 12:09:55] @ paxos joined channel #puppet
[2010/03/03 12:11:57] <hacim> yeah the autoremove is only wanting to remove puppet because nothing depends on it
[2010/03/03 12:12:20] <hacim> in other situations, apt-get wont autoremove things because other packages depend on it
[2010/03/03 12:12:21] <tim|imac> hacim: I solved it... I uninstalled the package with aptitude, installed it again with dpkg and now neither apt-get nor aptitude want to remove it anymore
[2010/03/03 12:12:39] @ Quit: ShiNboi: Ping timeout: 240 seconds
[2010/03/03 12:14:31] @ Quit: lilmatt: Ping timeout: 265 seconds
[2010/03/03 12:15:14] @ randybias|away is now known as randybias
[2010/03/03 12:15:20] @ Quit: TREllis: Quit: leaving
[2010/03/03 12:18:18] <fluxdude> this problem is driving me crazy
[2010/03/03 12:18:26] <fluxdude> I cannot get this node to get a cert
[2010/03/03 12:18:43] <fluxdude> I removed the cert from another node did a puppetca --clean on that one and it got a new cert on the next run
[2010/03/03 12:19:01] <fluxdude> but this node which is in the same network, same subnet etc doesn't get it and doesn't even have anything logged on the puppetmaster
[2010/03/03 12:19:14] @ malraid joined channel #puppet
[2010/03/03 12:19:36] <tim|imac> fluxdude: tried ssldump?
[2010/03/03 12:20:15] <fluxdude> no, let me have a look
[2010/03/03 12:22:05] <fluxdude> ssldump doesn't show anything obvious...
[2010/03/03 12:22:39] @ Quit: giskard: Remote host closed the connection
[2010/03/03 12:22:47] <nasrat> fluxdude: basics - host in autosign.conf, time correct?
[2010/03/03 12:23:03] <fluxdude> time correct
[2010/03/03 12:23:08] <fluxdude> host is in autosign.conf
[2010/03/03 12:23:38] <fluxdude> even if it wasn't in autosign, puppetca --list shows no pending requests
[2010/03/03 12:24:14] <nasrat> ok
[2010/03/03 12:24:40] @ Quit: Eghie: Ping timeout: 265 seconds
[2010/03/03 12:24:53] @ Quit: vermeer__: Read error: Connection reset by peer
[2010/03/03 12:25:04] @ ShiNboi joined channel #puppet
[2010/03/03 12:25:08] <nasrat> so what you running from the host in question? puppetd --test --debug --server <puppet.example.com?
[2010/03/03 12:25:56] @ vermeer__ joined channel #puppet
[2010/03/03 12:28:43] <nasrat> fluxdude: does find /etc/puppet/ssl/ -type f
[2010/03/03 12:28:58] <nasrat> on the host (not master) have the old certs
[2010/03/03 12:31:35] @ Quit: ricky: Remote host closed the connection
[2010/03/03 12:32:58] @ ricky joined channel #puppet
[2010/03/03 12:33:11] @ Quit: raphink: Remote host closed the connection
[2010/03/03 12:35:29] <fluxdude> nasrat: no such file or directoryu
[2010/03/03 12:35:33] <fluxdude> there is no ssl in /etc/puppet
[2010/03/03 12:36:14] <fluxdude> trying that in /var/lib/puppet/ssl it does find the certs
[2010/03/03 12:37:01] <fluxdude> however I have rm -fr and tried puppetd --test again and it just recreates them and then again complains about not being able to get the signed cert
[2010/03/03 12:37:04] @ Eghie joined channel #puppet
[2010/03/03 12:37:27] @ rcrowley joined channel #puppet
[2010/03/03 12:38:43] @ Quit: shenson: Quit: /me taps out
[2010/03/03 12:39:03] @ shenson joined channel #puppet
[2010/03/03 12:39:13] @ Quit: alfism: Quit: http://opensolaris.com/
[2010/03/03 12:41:09] @ BarnacleBob joined channel #puppet
[2010/03/03 12:43:39] @ Quit: suchu: Quit: ChatZilla 0.9.86 [Firefox 3.5.8/20100202165920]
[2010/03/03 12:44:35] <nigelk> tim|imac: did you get it sorted out?
[2010/03/03 12:45:15] <tim|imac> nigelk: yeah, eventually i just had to remove it with aptitude and reinstall with dpkg... don't ask me why, though... thanks for asking :)
[2010/03/03 12:45:28] <nigelk> no worries. that seems odd behavior though...
[2010/03/03 12:45:42] <nigelk> did apt-cache policy tell you anything useful?
[2010/03/03 12:45:44] <abien> Is anyone here having puppet automagicly adding hosts to theyr cacti setup?
[2010/03/03 12:46:04] <tim|imac> nothing, really... it's on the pastie i pasted before
[2010/03/03 12:46:18] <tim|imac> http://pastie.org/851893
[2010/03/03 12:47:51] <BarnacleBob> abien, not cacti here. its database driven. you might want to look into ganglia
[2010/03/03 12:49:10] <pheezy> Anyone have a capistrano script to install puppet?
[2010/03/03 12:49:54] <BarnacleBob> er for what os
[2010/03/03 12:50:00] <BarnacleBob> its just apt-get install puppet or yum install puppet
[2010/03/03 12:50:44] <pheezy> Yeah but I need to add EPEL repositories, or check to make sure they already there, and then install it, and then change the environments on all those boxes, about 400 :-/
[2010/03/03 12:50:50] <pheezy> so it's not really just "yum install puppet"
[2010/03/03 12:50:58] @ aliver joined channel #puppet
[2010/03/03 12:51:38] <pheezy> guess I can just use dish or some for loop, but was just curious
[2010/03/03 12:52:40] @ Quit: Spads: Ping timeout: 276 seconds
[2010/03/03 12:52:59] @ Quit: maxagaz: Remote host closed the connection
[2010/03/03 12:53:50] <BarnacleBob> ah yeah
[2010/03/03 12:54:12] <BarnacleBob> i wrote up a bash script that just runs a block of code on all machines. does N in parrallel
[2010/03/03 12:54:14] <BarnacleBob> want it?
[2010/03/03 12:55:07] <pheezy> Sure.
[2010/03/03 12:56:10] <BarnacleBob> http://pastie.org/852045
[2010/03/03 12:56:22] <BarnacleBob> just list the machines on the cmdline
[2010/03/03 12:56:47] <BarnacleBob> ./script server[0,1,2,3,4] etc
[2010/03/03 12:57:19] @ unxfrek joined channel #puppet
[2010/03/03 12:57:35] <jamesturnbull> tmz: quite correct - it's actually my cue to put out 0.25.5 and 0.25.6 nd 0.25.7 :)
[2010/03/03 12:58:25] * BarnacleBob stabs you
[2010/03/03 12:58:46] <BarnacleBob> ugh it was only last month i spent 3 days upgrading .2, .3, .4
[2010/03/03 12:59:40] <pheezy> thanks!
[2010/03/03 13:01:04] <BarnacleBob> np
[2010/03/03 13:01:38] @ Quit: coronel2: Ping timeout: 248 seconds
[2010/03/03 13:02:51] <BarnacleBob> pheezy, oh i might not have been clear how to use the code block. here is an example in it http://pastie.org/852045
[2010/03/03 13:02:59] @ Quit: swygue: Ping timeout: 245 seconds
[2010/03/03 13:04:20] @ giskard joined channel #puppet
[2010/03/03 13:06:38] @ Quit: randybias: Quit: Leaving...
[2010/03/03 13:07:29] @ bodepd joined channel #puppet
[2010/03/03 13:09:39] @ Quit: mellen: Ping timeout: 240 seconds
[2010/03/03 13:13:16] @ Quit: vermeer__: Read error: No route to host
[2010/03/03 13:13:59] @ swygue joined channel #puppet
[2010/03/03 13:14:43] @ eryc joined channel #puppet
[2010/03/03 13:19:19] <bodepd> does anyone have experience with the load implications of using puppetrun? if I call puppet run on all my machines which have the same run interval, now all of these machines will try to hit the puppet server at the same time. How are people getting around this?
[2010/03/03 13:20:15] @ Quit: dotNox: Read error: Connection reset by peer
[2010/03/03 13:21:06] @ HouseAway is now known as DrHouseMD
[2010/03/03 13:21:38] <BarnacleBob> i run puppet from cron
[2010/03/03 13:21:49] <fsweetser> from what I've seen people use a combination of putting puppetmaster behind something like mongrel or passenger, and configuring splay on the clients to spread the load around a bit
[2010/03/03 13:22:28] <bodepd> I am pretty sure that puppetrun ruins splay. Or can it recover?
[2010/03/03 13:22:43] @ Quit: unxfrek: Quit: Leaving
[2010/03/03 13:24:58] <bodepd> I guess the secrets in the source code :)
[2010/03/03 13:26:36] @ unxfrek joined channel #puppet
[2010/03/03 13:27:17] @ alfism joined channel #puppet
[2010/03/03 13:33:37] @ coronel2 joined channel #puppet
[2010/03/03 13:34:52] @ Quit: fluxdude: Quit: When two people dream the same dream, it ceases to be an illusion
[2010/03/03 13:36:54] @ Quit: londo_: Remote host closed the connection
[2010/03/03 13:37:17] @ grim_radical joined channel #puppet
[2010/03/03 13:38:13] @ Quit: bodepd: Quit: bodepd
[2010/03/03 13:39:21] @ tonyskapunk joined channel #puppet
[2010/03/03 13:40:51] @ jbooth_ joined channel #puppet
[2010/03/03 13:42:44] @ Quit: giskard: Remote host closed the connection
[2010/03/03 13:44:15] @ tonyskapunk left channel #puppet ()
[2010/03/03 13:44:26] @ tonyskapunk joined channel #puppet
[2010/03/03 13:44:48] @ plathrop-away is now known as plathrop
[2010/03/03 13:48:56] <fsweetser> is there any good answer to the chicken/egg problem us a custom type, where the provider requires binaries from a puppet-installed package?
[2010/03/03 13:50:01] @ Quit: tonyskapunk: Remote host closed the connection
[2010/03/03 13:50:31] @ Quit: gebi: Ping timeout: 276 seconds
[2010/03/03 13:51:04] @ tonyskapunk joined channel #puppet
[2010/03/03 13:51:17] @ bodepd joined channel #puppet
[2010/03/03 13:52:23] <joe-mac1> fsweetser: closest i have come is setting a site-wide default require for whatever resource may need the binary
[2010/03/03 13:52:36] <joe-mac1> problem with that is that you can't just add to default requires
[2010/03/03 13:52:44] <joe-mac1> unless that has been changed/fixed
[2010/03/03 13:54:19] <jbooth_> fsweetser: Modify puppet to do just-in-time provider evaluation?
[2010/03/03 13:54:34] <jbooth_> fsweetser: (this may not qualify as 'a good answer' however)
[2010/03/03 13:54:54] @ giskard joined channel #puppet
[2010/03/03 13:55:54] <fsweetser> joe-mac1: that's about what I figured
[2010/03/03 13:56:07] <fsweetser> jbooth_: that would certainly be a better long-term solution, but a bit out of my reach =)
[2010/03/03 13:56:44] <jbooth_> fsweetser: can you try to detect that package install and force puppet to restart? (environments would do it, but...)
[2010/03/03 13:57:18] <joe-mac1> the alternative answer, though kind of shitty, is move the package install to your kickstart/preseed
[2010/03/03 13:57:35] <fsweetser> that's not a bad idea... maybe an exec that sends a HUP to puppet, triggered off of the package install
[2010/03/03 13:57:58] <jbooth_> If you want the wrong way to do it... You could write the command line to install it in the custom provider and let it do that?
[2010/03/03 13:58:36] @ Spads joined channel #puppet
[2010/03/03 13:58:48] <fsweetser> you're right, that's pretty wrong =)
[2010/03/03 14:00:21] <plathrop> fsweetser: Isn't the "confine" system set up to handle that?
[2010/03/03 14:00:56] <fsweetser> plathrop: yes, but unfortunately that's the problem
[2010/03/03 14:01:10] <fsweetser> in my case, I'm working with a mysql_database type
[2010/03/03 14:01:40] <fsweetser> the confine system checks for the mysql binaries before the manifest gets applied
[2010/03/03 14:01:48] <plathrop> o i c
[2010/03/03 14:01:59] <fsweetser> hence, the chicken/egg problem
[2010/03/03 14:02:25] <plathrop> hrm
[2010/03/03 14:02:49] @ gebi joined channel #puppet
[2010/03/03 14:02:58] <jbooth_> The real problem is puppet isn't lazy in evaluating providers. ;-) Silly go-get-em! attitude.
[2010/03/03 14:05:05] <jbooth_> fsweetser: You could take this as inspiration to learn enough ruby to be able to fix puppet.
[2010/03/03 14:05:51] <jbooth_> fsweetser: the O'Reilly book by Flanagan and Mats is pretty good.
[2010/03/03 14:06:03] <fsweetser> I'd love to, if only I had the time...
[2010/03/03 14:06:47] <plathrop> +1
[2010/03/03 14:07:00] <plathrop> "If I only had some time" is my theme song
[2010/03/03 14:10:10] <jamesturnbull> plathrop: you getting any sleep with baby yet? You should have heaps of time... :P
[2010/03/03 14:10:59] <plathrop> jamesturnbull: I don't touch my computer when sleep-deprived. I have passwordless ssh access to too many root accounts...
[2010/03/03 14:11:17] * nb would ALWAYS put a password on his ssh key
[2010/03/03 14:11:21] <jamesturnbull> plathrop: lol
[2010/03/03 14:11:41] <nb> especially since i have root to a lot of servers
[2010/03/03 14:11:59] * jamesturnbull always does the "now what host am I on and who am I" dance before typing commands
[2010/03/03 14:12:02] <jamesturnbull> rm -fr
[2010/03/03 14:12:02] <jamesturnbull> ooopps
[2010/03/03 14:12:15] <joe-mac1> i put that stuff in my prompt and the title of the window
[2010/03/03 14:12:19] @ uphillian joined channel #puppet
[2010/03/03 14:12:24] @ jes5 joined channel #puppet
[2010/03/03 14:12:28] <jamesturnbull> joe-mac1: yeah so do I - do I read it? :)
[2010/03/03 14:12:36] <joe-mac1> though sometimes i am on 'puppet' and in the wrong domain :-D
[2010/03/03 14:13:01] <plathrop> nb: By "passwordless" I mean "ssh-agent"
[2010/03/03 14:13:33] <nb> oh ok
[2010/03/03 14:13:34] <nb> true
[2010/03/03 14:14:01] <fzzzt> Anyone see what may be causing line 90: http://pastie.org/852182
[2010/03/03 14:14:15] <fzzzt> I see a 'timeout' in there, but it's talking to the master just fine...
[2010/03/03 14:14:21] @ jmslagle joined channel #puppet
[2010/03/03 14:14:23] <jmslagle> Hrm
[2010/03/03 14:14:40] @ Quit: coronel2: Ping timeout: 245 seconds
[2010/03/03 14:14:40] <joe-mac1> inheriting wrong or something? is this custom code you're working on?
[2010/03/03 14:14:41] <jmslagle> The version of puppet in EPEL-Testing seems to not be closing the storeconfig DB.
[2010/03/03 14:14:47] <jmslagle> So I'm running out of open files
[2010/03/03 14:14:51] <joe-mac1> jmslagle: the wrong mysql gem can do that
[2010/03/03 14:15:15] <jmslagle> I'm using sqlite :P
[2010/03/03 14:16:11] <jmslagle> Would the same issue exist there?
[2010/03/03 14:17:57] <fzzzt> same exact thing is happening on many hosts.. i have 800 message in my inbox lol
[2010/03/03 14:18:01] <fzzzt> huh
[2010/03/03 14:18:09] <fzzzt> seems to be after i switched to mongrel
[2010/03/03 14:18:11] * fzzzt googles
[2010/03/03 14:18:14] @ Quit: lutter: Quit: Leaving.
[2010/03/03 14:18:26] <joe-mac1> jmslagle: never heard of that affecting sqlite...
[2010/03/03 14:20:09] @ Quit: sjefen6: Ping timeout: 240 seconds
[2010/03/03 14:20:54] <fzzzt> So, with mongrel, so I need to change fileserver.conf since connections come from my localhost apache?
[2010/03/03 14:20:58] <fzzzt> do*
[2010/03/03 14:21:18] <fzzzt> (I just have a default/empty fileserver.conf)
[2010/03/03 14:22:05] <joe-mac1> fzzzt: the apache config iirc passes in the proper headers doesn't it? so you still have to set the allow stuff
[2010/03/03 14:22:12] <joe-mac1> it's been a long time since i touched that portion of puppet by hand
[2010/03/03 14:22:23] @ coronel2 joined channel #puppet
[2010/03/03 14:22:30] <jmslagle> Oh know..
[2010/03/03 14:22:35] <jmslagle> Who let Andreas in here.
[2010/03/03 14:22:56] <joe-mac1> the internet
[2010/03/03 14:24:53] <fzzzt> well that didn't help
[2010/03/03 14:25:01] @ sjefen6 joined channel #puppet
[2010/03/03 14:25:05] <ahasenack> jmslagle: hmm?
[2010/03/03 14:25:49] @ lutter joined channel #puppet
[2010/03/03 14:26:04] <jmslagle> coronel2 ;)
[2010/03/03 14:26:15] <joe-mac1> fzzzt: your error is like when you inherit and the object you inherited from, you assume it has conversion methods, but it doesn't. so i'm kidna puzzled as to why you would have this if not writing some of your own code
[2010/03/03 14:26:19] <ahasenack> :D
[2010/03/03 14:26:24] <jmslagle> Oh we have 2 andreas's
[2010/03/03 14:26:26] <jmslagle> Interesting.
[2010/03/03 14:26:51] <fzzzt> joe-mac1: none of my own code.. i have a custom fact, and a type, but they were working previous to today...
[2010/03/03 14:27:52] <fzzzt> Strangely, the client continues on and processes some stuff, the shuts down without error
[2010/03/03 14:28:42] <joe-mac1> try without syncing your custom types and facts just for grins. if it still doesn't work and it's a recent version on what should be a well-supported setup, i'd file a bug
[2010/03/03 14:35:59] @ nasrat_ joined channel #puppet
[2010/03/03 14:36:36] @ Quit: nasrat: Disconnected by services
[2010/03/03 14:36:36] @ nasrat_ is now known as nasrat
[2010/03/03 14:37:33] <fzzzt> looks like it's a version problem
[2010/03/03 14:37:50] @ WALoeIII joined channel #puppet
[2010/03/03 14:38:24] <nigelk> nasrat: should 'facter -p' work with a factpath of $libdir/facter ?
[2010/03/03 14:39:21] <nigelk> oh I see...
[2010/03/03 14:39:27] <nigelk> all my config lives in [puppetd]
[2010/03/03 14:43:22] <fzzzt> yeah
[2010/03/03 14:43:26] <fzzzt> some hosts still had 0.25.0
[2010/03/03 14:43:41] <fzzzt> up2date didn't upgradeem
[2010/03/03 14:43:55] @ Quit: vzctl_: Remote host closed the connection
[2010/03/03 14:44:04] <joe-mac1> o i c
[2010/03/03 14:44:07] <nasrat> nigelk: well IIRC with -p we load puppet
[2010/03/03 14:44:11] * nasrat looks at code
[2010/03/03 14:44:15] @ vzctl_ joined channel #puppet
[2010/03/03 14:44:40] <nasrat> nigelk: can you do
[2010/03/03 14:44:41] <nasrat> irb
[2010/03/03 14:44:44] <nasrat> require 'puppet'
[2010/03/03 14:45:04] <nasrat> Puppet.parse_config
[2010/03/03 14:45:15] <nigelk> => [:main, :name, :memory, :cli]
[2010/03/03 14:45:16] <nigelk> :)
[2010/03/03 14:45:18] <nasrat> and let me know what $LOAD_PATH is set to
[2010/03/03 14:45:26] @ Robbie joined channel #puppet
[2010/03/03 14:45:31] <nigelk> so when I added a puts for LOAD_PATH to facter
[2010/03/03 14:45:40] <nigelk> I saw it was looking in the default location /var/puppet/lib
[2010/03/03 14:45:44] <nasrat> hmm
[2010/03/03 14:45:45] <nasrat> ok
[2010/03/03 14:45:47] <nigelk> however we have vardir /var/lib/puppet
[2010/03/03 14:45:55] @ Robbie is now known as Guest36762
[2010/03/03 14:46:08] @ Quit: Guest36762: Read error: Connection reset by peer
[2010/03/03 14:46:09] <nigelk> if I add a [main] section with factpath /var/lib/puppet/lib/facter
[2010/03/03 14:46:11] <nasrat> the comments in bin/facter indicate there is some fiddlyness there
[2010/03/03 14:46:12] <nigelk> it works as expected
[2010/03/03 14:46:14] <nigelk> yeah
[2010/03/03 14:46:24] <nasrat> I'd say it *should* work and is a but
[2010/03/03 14:46:26] <nasrat> bug
[2010/03/03 14:46:30] <nasrat> file please
[2010/03/03 14:46:36] <nigelk> I'm thinking I might rework my puppet.confs anyway
[2010/03/03 14:46:37] <nigelk> and put the genericy stuff in [main]
[2010/03/03 14:47:10] <nasrat> still file please, as we should handle non puppetd setups in a sane way
[2010/03/03 14:47:15] <nigelk> ok
[2010/03/03 14:47:51] <plathrop> -1 sanity is a prison!!!
[2010/03/03 14:47:56] <plathrop> <--- not enough sleep
[2010/03/03 14:48:24] <joe-mac1> rofl, i got hilarious mental imagery from that
[2010/03/03 14:48:36] <nasrat> SAN is a dump stat for sysadmins
[2010/03/03 14:49:34] @ TREllis joined channel #puppet
[2010/03/03 14:49:37] <nasrat> plathrop: in all seriousness hope stuff is going ok for you, sounds like it's been quite stressfull
[2010/03/03 14:50:01] <plathrop> nasrat: It has been, but we're making it through.
[2010/03/03 14:50:09] <plathrop> thanks for the well wishes :-)
[2010/03/03 14:51:35] @ Robbie_ joined channel #puppet
[2010/03/03 14:53:25] @ lak joined channel #puppet
[2010/03/03 14:53:50] @ Quit: ShiNboi: Ping timeout: 245 seconds
[2010/03/03 14:54:58] @ Quit: nevyn: Ping timeout: 264 seconds
[2010/03/03 14:55:34] @ Quit: markl_: Ping timeout: 264 seconds
[2010/03/03 14:55:50] @ nevyn joined channel #puppet
[2010/03/03 14:57:13] @ vermeer__ joined channel #puppet
[2010/03/03 14:57:53] @ Quit: ahasenack: Ping timeout: 265 seconds
[2010/03/03 14:58:07] @ Quit: Robbie_: Ping timeout: 276 seconds
[2010/03/03 14:59:12] <jmslagle> Can I do a case in a definition?
[2010/03/03 14:59:17] @ markl_ joined channel #puppet
[2010/03/03 15:00:54] <jmslagle> Nevermind :)
[2010/03/03 15:01:35] @ ahasenack joined channel #puppet
[2010/03/03 15:02:14] <nasrat> plathrop: ISTR having a conversation with you at puppetcamp re server naming
[2010/03/03 15:03:18] @ Quit: bodepd: Quit: bodepd
[2010/03/03 15:04:20] <plathrop> nasrat: yeah, that sounds like me :-)
[2010/03/03 15:05:16] <jamesturnbull> plathrop: http://plathrop.tertiusfamily.net/blog/2009/01/20/naming-is-a-hard-problem/#comments - I get a 404?
[2010/03/03 15:05:28] <plathrop> jamesturnbull: yeah, my blog is busted.
[2010/03/03 15:06:04] <nasrat> yeah I'm trying to stoke some discussion so was then going to ask if there's anything on what you said out there
[2010/03/03 15:06:05] <plathrop> Haven't figured out how to fix my permalinks.
[2010/03/03 15:07:38] <whack> mod_rewrite!
[2010/03/03 15:07:55] <plathrop> nasrat: There is, but as I said, my permalinks are busted. And it isn't a very thorough discussion of the issue, yet. But it is the second most recent post at http://plathrop.tertiusfamily.net/blog
[2010/03/03 15:08:04] <plathrop> whack: lighttpd has mod_rewrite?
[2010/03/03 15:08:20] <whack> I think so.
[2010/03/03 15:08:30] <barn> http://redmine.lighttpd.net/wiki/1/Docs:ModRewrite
[2010/03/03 15:09:04] <whack> I have a boatload of rewrite rules that help fix links on my site from older moves
[2010/03/03 15:09:17] <plathrop> ah, right. I had got that far, but hadn't been able to figure out how to write the correct rules
[2010/03/03 15:11:11] * Volcane thnks hostnames are for human use so you can look at say nagios/host lists and know what you're looking at
[2010/03/03 15:11:14] <Volcane> but thats all
[2010/03/03 15:11:26] @ Quit: bkohler: Ping timeout: 245 seconds
[2010/03/03 15:11:28] <Volcane> need to address servers through meta data, service cnames etc
[2010/03/03 15:11:57] <plathrop> Our nagios lists have "host names" that have no relationship to the hostname of the machines.
[2010/03/03 15:12:08] <Volcane> yeah
[2010/03/03 15:12:09] @ Quit: ahasenack: Ping timeout: 245 seconds
[2010/03/03 15:12:38] <Volcane> why i wrote mcollective to be all about discovery based on meta data and nothing else
[2010/03/03 15:14:27] <plathrop> w00t! I fixed my blog
[2010/03/03 15:14:34] <plathrop> jamesturnbull: that permalink should work now
[2010/03/03 15:14:43] <jamesturnbull> Volcane: yeah I like host names to tell me something about the host aukxpblah
[2010/03/03 15:15:54] <plathrop> See, I used to feel that way, but when I started working here we kept finding hostnames that *used* to tell you something about the host, but weren't accurate anymore.
[2010/03/03 15:15:56] <jamesturnbull> plathrop: cool - working
[2010/03/03 15:16:05] <Volcane> yup, but they're never enough to tell systems/automation/etc enough about those machines
[2010/03/03 15:16:08] <jamesturnbull> plathrop: depends on scale too - you guys have many many
[2010/03/03 15:16:17] <Volcane> so relying on hostnames generally just doesnt work for more than human consumption
[2010/03/03 15:16:21] @ ahasenack joined channel #puppet
[2010/03/03 15:16:30] <jamesturnbull> Volcane: of course - that doesn't preclude metadata/cnames/etc
[2010/03/03 15:16:38] <plathrop> yeah, exactly. That's why we came down on the side of arbitrary names
[2010/03/03 15:16:39] <Volcane> jamesturnbull: yeah thats my point
[2010/03/03 15:16:50] <jamesturnbull> Volcane: and we're agreeing about it :)
[2010/03/03 15:16:56] <whack> I use <site>-<number> for dns for the sake of not having to think about what name to choose.
[2010/03/03 15:17:15] <Volcane> with mcollective the identifier is just a string, doesnt mean anything wrt the hostname - i just use hostname as a convenience
[2010/03/03 15:17:16] <plathrop> Our hostnames currently look like /[a-z][0-9]+
[2010/03/03 15:17:26] @ Quit: buffalo: Read error: Operation timed out
[2010/03/03 15:17:27] <plathrop> /[a-z][0-9]+/ rather
[2010/03/03 15:17:29] <jamesturnbull> I like to know the country the box is in and usually the DC but beyond that arbitary
[2010/03/03 15:18:06] <plathrop> We offload all the metadata about the machine to our CMDB (in-house written, but hopefully open-source soonish)
[2010/03/03 15:18:24] <jamesturnbull> plathrop: oh - will be interested to see that
[2010/03/03 15:18:29] <plathrop> And we use a fair amount of discovery to populate the CMDB and keep it in sync
[2010/03/03 15:18:31] <whack> plathrop: same
[2010/03/03 15:18:39] <whack> ahh, I don't use any discovery.
[2010/03/03 15:18:52] <whack> discovery to me means you don't know what's on your network.
[2010/03/03 15:18:59] <plathrop> jamesturnbull: yeah don't get too excited, I'm not convinced it is the best design.
[2010/03/03 15:19:05] <Volcane> it means your network is the only source of truth
[2010/03/03 15:19:08] <jamesturnbull> we use our VA tool to do most of the discovery becaus the rest of technology are asshats and can't keep track of their boxes
[2010/03/03 15:19:17] <plathrop> whack: no it means the network is the source of truth
[2010/03/03 15:19:24] <plathrop> hah, Volcane
[2010/03/03 15:19:31] <whack> plathrop: which may not be correct truth.
[2010/03/03 15:19:43] <whack> if a webserver is down, you don't discover it, etc.
[2010/03/03 15:20:09] <jamesturnbull> plathrop: always interested to see how people interpret CMDB and associated though - even if not quite right - lessons learnt and all that
[2010/03/03 15:20:27] <Volcane> whack: like dont build your monitoring from discovery
[2010/03/03 15:20:46] <plathrop> No, what is actually on the network is the *only* truth. You don't rely on discovery for monitoring
[2010/03/03 15:20:54] <Volcane> whack: but regular updating of meta data about servers and such using discovery is right
[2010/03/03 15:21:09] <whack> It's a philosophy I don't subscribe to ;)
[2010/03/03 15:21:13] <jamesturnbull> especially if it allows compliance
[2010/03/03 15:21:20] <whack> since I use truth to to tell puppet what goes on what servers.
[2010/03/03 15:21:36] <whack> using discovery truth means there's a bootstrapping problem
[2010/03/03 15:21:40] <jamesturnbull> I know I have ten of these - discovery shows 12 - where'd the other two come from and why aren't I managing/monitoring them?
[2010/03/03 15:21:42] <plathrop> And I'll tell you a dirty little secret - in our case we don't actually "know what is on the network" - we don't really care.
[2010/03/03 15:21:58] <Volcane> plathrop: yeah thats normal once you're big enough
[2010/03/03 15:22:09] <plathrop> A lot of what we do only works in our specific line of business, too.
[2010/03/03 15:22:16] <Volcane> whack: there are still authoritive information - monitoring, puppet node lists, hard asset lists etc
[2010/03/03 15:22:17] <plathrop> We don't keep people's financial information, for example
[2010/03/03 15:22:18] <jamesturnbull> plathrop: we are a bank so we seriously care :)
[2010/03/03 15:22:25] <plathrop> jamesturnbull: exactly
[2010/03/03 15:22:27] <Volcane> whack: you still create those and they solve your bootstrap issue
[2010/03/03 15:22:36] <whack> Volcane: in my case, all of that data comes from one source.
[2010/03/03 15:22:47] <jamesturnbull> whack: so what about rogue hosts?
[2010/03/03 15:22:49] <whack> rather than using discovery to know that serverX is a webserver running some piece of software to be monitored
[2010/03/03 15:22:56] <whack> jamesturnbull: discovery is for auditing, not for truth.
[2010/03/03 15:22:57] <jamesturnbull> whack: do you ignorre them because they aren't managed?
[2010/03/03 15:23:03] <whack> imo
[2010/03/03 15:23:16] <jamesturnbull> ah I see your distinction
[2010/03/03 15:23:20] <jamesturnbull> hmm
[2010/03/03 15:23:21] <Volcane> whack: no build your system on amazon :)
[2010/03/03 15:23:31] <plathrop> whack: I think you have a narrow interpretation of discovery :-P
[2010/03/03 15:23:33] <Volcane> s/no/now
[2010/03/03 15:23:45] <whack> Volcane: still works there, since the action of 'buy a server' is the same as 'buy an instance' - the same data has to go in the database.
[2010/03/03 15:23:46] @ Quit: markl_: Ping timeout: 264 seconds
[2010/03/03 15:24:22] <whack> truth is written down by a human (me, usually) into a database. Changing truth ends up telling nagios what to monitor, puppet what to configure, dns data, etc.
[2010/03/03 15:24:25] @ markl_ joined channel #puppet
[2010/03/03 15:24:31] <whack> we could use discovery to audit it
[2010/03/03 15:24:59] <Volcane> whack: well so we agree, thats what we've all said - you provide hard truth and you audit with discovery
[2010/03/03 15:25:04] <jamesturnbull> I think truth is actually a few things woven together - IMO discovery is a key one - it depends how you define "truth" - is it what we have under management? or what we have full stop?
[2010/03/03 15:25:04] <plathrop> That's an interesting (and perhaps valid) definition of truth.
[2010/03/03 15:25:08] @ Quit: bug: Quit: bug
[2010/03/03 15:25:15] <plathrop> jamesturnbull: +1
[2010/03/03 15:25:19] <Volcane> whack: but i suspect most big sites take it much further than just that they admin/address/manage via discovery too
[2010/03/03 15:25:31] <plathrop> Truth is policy, but truth is also "what's actually going on out there"
[2010/03/03 15:25:47] <whack> at my previous job all truth came as defined by a person, sometimes imported from a vendor "here's a rack of machines" spreadsheet
[2010/03/03 15:25:48] <Volcane> if you just for loop say over your 'truth' thats in a db
[2010/03/03 15:25:51] <Volcane> it's a screwup
[2010/03/03 15:25:58] <Volcane> cos static truth doesnt work
[2010/03/03 15:26:07] <jamesturnbull> Volcane: ++!
[2010/03/03 15:26:59] <whack> maybe i'm misinterpreting discovery as your source of truth
[2010/03/03 15:27:06] <plathrop> Another example: we have a bunch of machines on our network that are marked "RMA" in our CMDB. But they are still *there* and some of them are still *running*
[2010/03/03 15:27:13] <whack> and I think we're mixing trutha nd reality
[2010/03/03 15:27:22] <whack> discovery tells you reality, not truth.
[2010/03/03 15:27:32] <Volcane> it tells you desired state
[2010/03/03 15:27:42] <jamesturnbull> hmmm reality != truth?
[2010/03/03 15:27:47] <whack> truth is what should be, reality is what is.
[2010/03/03 15:27:52] <plathrop> I say reality is an important component of truth, that you need to acknowledge and deal with.
[2010/03/03 15:27:52] <Volcane> reality is not desired state
[2010/03/03 15:27:56] <whack> stuff like puppet helps you align the two
[2010/03/03 15:28:47] <jamesturnbull> whack: I think your definition of "truth" is probably not one I'd agree with - the philosophy major in me is seriously in disagreement :P
[2010/03/03 15:28:53] <whack> hah
[2010/03/03 15:29:07] <plathrop> jamesturnbull: +1
[2010/03/03 15:29:08] <joe-mac1> i don't look at the channel for a few minutes and all of a sudden there is an armchair psychology session going on?
[2010/03/03 15:29:09] <whack> s/truth/data about what should be/ ?
[2010/03/03 15:29:15] <whack> hehe
[2010/03/03 15:29:25] <joe-mac1> or philosophy rather
[2010/03/03 15:29:45] <plathrop> Nah, no armchair, I'm on a couch.
[2010/03/03 15:29:52] <whack> couches are better anyway
[2010/03/03 15:29:56] <whack> or so says my source of truth
[2010/03/03 15:29:58] * whack shift eyes
[2010/03/03 15:30:10] <Volcane> whack: you can see a demo of what i do with discovery at least in the mcollective intro video - but i do not use that to build monitoring, puppet node lists or ultimate desired state
[2010/03/03 15:30:11] <plathrop> And about to go eat lunch and play MW2 against my fellow Systems Engineers.
[2010/03/03 15:30:28] <whack> Volcane: yeah I saw that
[2010/03/03 15:30:30] <jamesturnbull> I'd subscribe to a more coherence theory version of truth I suspect
[2010/03/03 15:31:05] <barn> I look away for 5 minutes and we're on theory versions of truth?!
[2010/03/03 15:31:18] <joe-mac1> exactly what i said
[2010/03/03 15:31:20] <whack> haha
[2010/03/03 15:31:21] <whack> <3
[2010/03/03 15:31:22] <jamesturnbull> whilst IMHO you're being all Habermas and consensus theory :)
[2010/03/03 15:31:26] <joe-mac1> who's handing out acid to #puppet?
[2010/03/03 15:31:33] <barn> when's Sartre night on #puppet?
[2010/03/03 15:31:53] <barn> or morning for jamesturnbull (: (well, depending on which timezone you're in today)
[2010/03/03 15:32:11] <nigelk> jamesturnbull: you're not deflationary ? :)
[2010/03/03 15:32:19] <jamesturnbull> barn: that existenialist - whole different fish in a balloon
[2010/03/03 15:32:36] <jamesturnbull> nigelk: correspondence if I was honest about feelings
[2010/03/03 15:32:46] <barn> sysadmins were always more a Nietzsche crowd...
[2010/03/03 15:32:46] <nigelk> ah. nerd :)
[2010/03/03 15:33:09] <jamesturnbull> but I prefer to believe the world is a nice logical coherent place
[2010/03/03 15:33:16] <nigelk> I find IT people in general are hung up on correspondence
[2010/03/03 15:33:33] <joe-mac1> elaborate on that
[2010/03/03 15:33:45] <barn> he wants more penpals
[2010/03/03 15:33:46] <jamesturnbull> so ... truth in philosophy 101
[2010/03/03 15:33:54] <nigelk> background article for the non-philosophy majors
[2010/03/03 15:33:55] * jmccune breaks out the popcorn
[2010/03/03 15:33:55] <nigelk> http://en.wikipedia.org/wiki/Truth#Correspondence_theory
[2010/03/03 15:33:55] <nigelk> :)
[2010/03/03 15:34:02] @ Quit: TREllis: Quit: leaving
[2010/03/03 15:34:02] <jamesturnbull> nigelk: oh even better -
[2010/03/03 15:34:08] <Volcane> nigelk: i have a new version of my localconfig parser toy up with the featur u wanted
[2010/03/03 15:34:17] <barn> jamesturnbull: he _just_ editted that this minute, don't trust it (;
[2010/03/03 15:34:22] <nigelk> you were going to link to the Stanford Enc of Philosophy or something weren't you :)
[2010/03/03 15:34:24] <jamesturnbull> nigelk: wow that's really detailed? no wonder college students cheat
[2010/03/03 15:34:38] <jamesturnbull> nigelk: yep
[2010/03/03 15:34:44] <jamesturnbull> nigelk: or explain it on IRC
[2010/03/03 15:34:48] <jamesturnbull> for 1400 pages :)
[2010/03/03 15:34:56] <nigelk> Volcane: I saw. I should be done with my puppet upgrades end of the week
[2010/03/03 15:35:02] <Volcane> heh ok
[2010/03/03 15:35:05] <nigelk> 0.25 on my servers finally.....
[2010/03/03 15:36:29] * jamesturnbull is off to Borderlands Books to play with cats and buy plane home reading
[2010/03/03 15:36:43] <jamesturnbull> barn: still in SFO BTW
[2010/03/03 15:37:12] <joe-mac1> nigelk: after reading the snippet i agree with that statement
[2010/03/03 15:37:26] <nigelk> yeah. I'm more of a constructivist/coherence person I think
[2010/03/03 15:37:35] <jamesturnbull> nigelk: damn hippie
[2010/03/03 15:37:40] @ Robbie_ joined channel #puppet
[2010/03/03 15:37:41] <jamesturnbull> nigelk: social values as truth
[2010/03/03 15:37:43] <jamesturnbull> bah
[2010/03/03 15:37:44] <nigelk> but I think that's a common position for philosophy majors as it gives you more wiggle room :)
[2010/03/03 15:37:51] <jamesturnbull> :P
[2010/03/03 15:38:31] <nigelk> it's formal truth that interested me more
[2010/03/03 15:38:45] <nigelk> but I have a man-crush on http://en.wikipedia.org/wiki/Saul_Kripke
[2010/03/03 15:39:17] <nigelk> (Kripke taught my (abandoned) PhD supervisor
[2010/03/03 15:39:48] <joe-mac1> well, one thing's for sure. his beard isn't very impressive for a 'philosopher'
[2010/03/03 15:40:04] <nigelk> that's the cleanest most well groomed photo I've ever seen of him
[2010/03/03 15:40:10] <joe-mac1> haha
[2010/03/03 15:40:13] <nigelk> he's infamous for spraying food over people while talking
[2010/03/03 15:40:38] <nigelk> This -> http://en.wikipedia.org/wiki/Naming_and_Necessity is one of the most amazing philosophical pieces of the last century
[2010/03/03 15:41:08] <nigelk> apart from his arguments against identity materialism
[2010/03/03 15:41:27] * nigelk is currently deciding whether or not to go back to university part-time to finish his PhD
[2010/03/03 15:41:34] <nigelk> s/finish/start again/
[2010/03/03 15:41:39] <jamesturnbull> nigelk: well he doesn't like Searle so that's a +1 from me
[2010/03/03 15:41:44] <nigelk> FUCK Searle
[2010/03/03 15:42:08] <nigelk> proof all you need is one contentious idea in phil academia to make a living off it your whole life
[2010/03/03 15:42:26] <joe-mac1> i don't understand how any philosophers 'make a living'
[2010/03/03 15:42:33] <joe-mac1> touring/talking i guess
[2010/03/03 15:42:42] <nigelk> joe-mac1: conference circuits, publishing, low academic salaries
[2010/03/03 15:43:17] <jmccune> All this talk makes me want to switch kill off my bard and reroll a truenamer
[2010/03/03 15:43:25] <jmccune> s/switch//
[2010/03/03 15:43:38] <nigelk> I really wish I understood what on earth you were talking about :)
[2010/03/03 15:43:54] <jamesturnbull> nigelk: actually Searle is rich
[2010/03/03 15:44:06] <nigelk> so I hear, drives a Ferrari or something?
[2010/03/03 15:44:15] <jamesturnbull> nigelk: http://en.wikipedia.org/wiki/John_Searle#Politics
[2010/03/03 15:44:18] <jamesturnbull> nigelk: what a prick
[2010/03/03 15:44:25] <jmccune> nigelk: Was that for me?
[2010/03/03 15:44:40] <nigelk> jmccune: ya :)
[2010/03/03 15:44:53] @ Quit: Robbie_: Ping timeout: 256 seconds
[2010/03/03 15:44:55] <jamesturnbull> jmccune: what's a trunamer?
[2010/03/03 15:45:01] <jmccune> http://www.wizards.com/default.asp?x=dnd/frcc/20070801
[2010/03/03 15:45:14] @ ichristo joined channel #puppet
[2010/03/03 15:45:30] <nigelk> Huh. Glass Bead Game-ish
[2010/03/03 15:46:50] <jamesturnbull> jmccune: I think D&D has gotten a lot more complex sicne I played it
[2010/03/03 15:46:53] <jmccune> Yeah, I haven't made it to that book in my reading list, but I'll take your word for it.
[2010/03/03 15:47:23] <jamesturnbull> jmccune: can you just be a Fighter? :)
[2010/03/03 15:47:25] <jmccune> jamesturnbull: Actually, it's gotten easier. I just play casually, though some of my friends do get pretty deep into it.
[2010/03/03 15:47:48] <jmccune> jamesturnbull: Sure, if by figher you mean fighter with tons of cool magical stances and such. =)
[2010/03/03 15:48:02] <jamesturnbull> jmccune: can Clerics use edged weapons? ;)
[2010/03/03 15:48:31] <eric0> philosophy and rpgs... my people <3
[2010/03/03 15:48:35] <jmccune> idk, but I'm a bard with a long sword and full plate...
[2010/03/03 15:48:52] <joe-mac1> lmao
[2010/03/03 15:48:56] <nigelk> eric0: and autechre!
[2010/03/03 15:49:04] @ buffalo joined channel #puppet
[2010/03/03 15:50:36] @ Quit: nexx: Quit: quit
[2010/03/03 15:51:11] @ Ramonster joined channel #puppet
[2010/03/03 15:52:43] @ Quit: nevyn: Ping timeout: 276 seconds
[2010/03/03 15:52:44] @ bodepd joined channel #puppet
[2010/03/03 15:54:20] @ nevyn joined channel #puppet
[2010/03/03 15:58:33] @ Quit: lak: Quit: lak
[2010/03/03 15:58:35] @ Quit: nevyn: Ping timeout: 246 seconds
[2010/03/03 15:59:59] @ lak joined channel #puppet
[2010/03/03 16:03:15] @ Quit: lak: Client Quit
[2010/03/03 16:04:15] @ p3rror joined channel #puppet
[2010/03/03 16:04:36] @ Quit: alfism: Quit: alfism
[2010/03/03 16:06:18] @ nevyn joined channel #puppet
[2010/03/03 16:13:02] <plathrop> I'm totally not buying the Correspondence thing. I know I'm LTTP, but I had to step out for coffee
[2010/03/03 16:13:27] <plathrop> Now I'm gonna have to read the whole damn article, and probably end up buying a bunch of books. I blame you, jamesturnbull
[2010/03/03 16:17:05] @ Pirate_Hunter joined channel #puppet
[2010/03/03 16:21:24] @ jab_doa joined channel #puppet
[2010/03/03 16:25:20] @ kpatton joined channel #puppet
[2010/03/03 16:25:43] @ Quit: vzctl_: Remote host closed the connection
[2010/03/03 16:26:01] @ vzctl_ joined channel #puppet
[2010/03/03 16:29:27] @ ichristo left channel #puppet ()
[2010/03/03 16:36:58] @ Quit: jab_doa: Quit: Verlassend
[2010/03/03 16:37:26] @ MrHeavy joined channel #puppet
[2010/03/03 16:39:22] <nigelk> jamesturnbull: https://www.gelaskins.com/artist.php?ArtistID=190
[2010/03/03 16:40:43] @ Quit: p3rror: Read error: Operation timed out
[2010/03/03 16:41:06] @ Quit: nasrat: Quit: nasrat
[2010/03/03 16:46:14] <stahnma> can somebody confirm that creating a mailalias does not inform sendmail to re make the aliases maps? I need to do that myself correct?
[2010/03/03 16:48:18] <jbooth_> stahnma: yes
[2010/03/03 16:48:21] @ Quit: paxos: Ping timeout: 256 seconds
[2010/03/03 16:48:26] <stahnma> jbooth_: thanks, just making sure
[2010/03/03 16:48:35] <jbooth_> stahnma: doing so automatically would be unsafe; what if you aren't using sendmail?
[2010/03/03 16:48:56] <jbooth_> postfix also will take newaliases, but I don't think qmail for instance does.
[2010/03/03 16:49:19] <stahnma> jbooth_: I kind of thought that, i was just making sure there wasn't a bug on AIX
[2010/03/03 16:49:41] <stahnma> AIX tends to have very odd ways of doing somethings
[2010/03/03 16:50:50] @ Quit: rgsteele: Remote host closed the connection
[2010/03/03 16:53:44] @ Quit: allsystemsarego: Quit: Leaving
[2010/03/03 17:05:58] @ Quit: afletcher: Read error: Connection reset by peer
[2010/03/03 17:06:24] @ afletcher joined channel #puppet
[2010/03/03 17:08:05] @ Quit: \ask: Remote host closed the connection
[2010/03/03 17:09:22] @ jmccune left channel #puppet ()
[2010/03/03 17:10:16] @ jmccune joined channel #puppet
[2010/03/03 17:10:40] @ \ask joined channel #puppet
[2010/03/03 17:11:06] @ alfism joined channel #puppet
[2010/03/03 17:13:03] @ Quit: unxfrek: Quit: Leaving
[2010/03/03 17:13:42] @ Quit: uphillian: Quit: Leaving.
[2010/03/03 17:14:30] <jmccune> nigelk: Ah ha! Default is modulepath = /etc/puppet/modules:/usr/share/puppet/modules
[2010/03/03 17:14:38] <jmccune> nigelk: This is my issue
[2010/03/03 17:15:04] @ Quit: \ask: Ping timeout: 245 seconds
[2010/03/03 17:15:05] @ Quit: jaredrhine: Ping timeout: 260 seconds
[2010/03/03 17:15:21] <jmccune> nigelk: So, to be as "default" as possible, what would you do here? Augment modulepath, or symlink /etc/puppet/modules to my git working copy?
[2010/03/03 17:15:23] <nigelk> jmccune: server side?
[2010/03/03 17:15:27] @ Quit: nevyn: Ping timeout: 276 seconds
[2010/03/03 17:15:28] <jmccune> nigelk: yeah
[2010/03/03 17:15:39] <nigelk> hrm. I dunno. I don't have any good ideas for working without environments
[2010/03/03 17:15:56] @ nevyn joined channel #puppet
[2010/03/03 17:15:57] <jmccune> nigelk: Yeah... And this is sort of my issue with going with the defaults.
[2010/03/03 17:16:22] <jmccune> nigelk: Stuff is scattered all over the filesystem, so it's difficult to keep everything in version control nice and tidy.
[2010/03/03 17:16:33] <nigelk> I think... if you're not using environments and sticking to the defaults....
[2010/03/03 17:16:39] <nigelk> then you should put your modules in the default location?
[2010/03/03 17:16:44] <jmccune> Well, I will be using environments
[2010/03/03 17:17:07] <jmccune> nigelk: OK, if I do that, how do I easily keep them in version control?
[2010/03/03 17:17:25] @ Quit: swygue: Quit: Ex-Chat
[2010/03/03 17:17:43] <jmccune> See what I'm getting at?
[2010/03/03 17:17:46] <nigelk> make /etc/puppet/modules be the location of the vcs dump?
[2010/03/03 17:18:12] <jmccune> That could work...
[2010/03/03 17:18:16] <nigelk> or symlink /etc/puppet/modules to your modulepath or modify the default.
[2010/03/03 17:18:19] <nigelk> they all seem pretty sane options
[2010/03/03 17:18:22] <jmccune> Since 99% of puppet manifests are in modules
[2010/03/03 17:18:30] <jmccune> Yeah
[2010/03/03 17:18:45] <nigelk> is anyone else playing with the pre-post run commands in 0.25 ?
[2010/03/03 17:18:53] <plathrop> nigelk: will be soon
[2010/03/03 17:18:56] <nigelk> we're considering setting up run-parts for both and delivering fragments that way
[2010/03/03 17:19:32] <jmccune> nigelk: I'm starting to think I should have a git repo just for modules and nothing else.
[2010/03/03 17:19:54] <jmccune> nigelk: And other stuff like puppet.conf, helper scripts, etc... in another repo.
[2010/03/03 17:20:01] <nigelk> maybe
[2010/03/03 17:20:10] <nigelk> i don't think my perforce setup is like anyone else's git repos
[2010/03/03 17:20:16] <nigelk> so I may not have useful advice
[2010/03/03 17:20:31] <jmccune> no worries
[2010/03/03 17:22:13] <nigelk> huh. I think there might be a bug in --tags puppet
[2010/03/03 17:22:20] <nigelk> seems to ignore my module called "puppet"
[2010/03/03 17:22:56] @ Djelibeybi joined channel #puppet
[2010/03/03 17:23:14] <jmccune> nigelk: Heh, I named mine "ntst-puppet" for this reason...
[2010/03/03 17:23:20] <nigelk> goddamnit
[2010/03/03 17:23:51] <jmccune> Well, not that eact reason, but fear of it
[2010/03/03 17:25:18] @ Quit: labrown: Quit: Leaving
[2010/03/03 17:26:37] <eshamow> templating question if anyone has a moment
[2010/03/03 17:26:49] <eshamow> I am using 0.25.4, template is in a templates/ dir under my module
[2010/03/03 17:26:58] <eshamow> calling with content => template("tempname.erb")
[2010/03/03 17:27:14] <eshamow> i get "Could not find template"
[2010/03/03 17:27:15] <eshamow> any ideas?
[2010/03/03 17:27:17] <BarnacleBob> should work
[2010/03/03 17:27:48] <eshamow> turning on puppetmasterd debugging, let's see what we find...
[2010/03/03 17:27:52] <BarnacleBob> is it in modules/mymodule/templates/ ?
[2010/03/03 17:27:53] @ Quit: nb: Quit: ZNC - http://znc.sourceforge.net
[2010/03/03 17:27:59] <nigelk> eshamow: you need to provide the module
[2010/03/03 17:28:14] <eshamow> BarnacleBob: yes
[2010/03/03 17:28:23] <eshamow> nigelk: you mean in the content => line?
[2010/03/03 17:28:38] <nigelk> content => template("modulename/templatename.erb")
[2010/03/03 17:28:40] <nigelk> like that
[2010/03/03 17:28:42] <eshamow> ahh
[2010/03/03 17:28:51] <eshamow> trying
[2010/03/03 17:29:30] <nigelk> things like "templates" and "files" and "manifests" are magical invisible creatures
[2010/03/03 17:29:34] <nigelk> like special unicorns
[2010/03/03 17:29:51] <eshamow> nigelk: hey but the special unicorns worked
[2010/03/03 17:29:51] <BarnacleBob> i don't like magic
[2010/03/03 17:29:53] <nigelk> and are essentially hidden from actual paths you provide to things
[2010/03/03 17:30:00] <nigelk> :)
[2010/03/03 17:30:00] <eshamow> many thanks. now i shall go slay them with my "feature request" button
[2010/03/03 17:31:17] <eshamow> docs are wrong on this, fyi -- from http://reductivelabs.com/trac/puppet/wiki/PuppetTemplating
[2010/03/03 17:31:23] <eshamow> $value = template("mytemplate.erb")
[2010/03/03 17:31:26] <eshamow> blech
[2010/03/03 17:31:31] <eshamow> fixing
[2010/03/03 17:31:41] <elasticdog> if I have puppet/ssl/ca in version control, how do I get puppetmasterd to not try and overwrite it on a new server install?
[2010/03/03 17:31:44] <nigelk> well that's true eshamow
[2010/03/03 17:31:47] <nigelk> just not if you're using modules
[2010/03/03 17:31:52] <eshamow> ahh
[2010/03/03 17:31:57] <nigelk> and lots of the docs pre-date modules
[2010/03/03 17:31:59] @ Quit: alfism: Quit: http://opensolaris.com/
[2010/03/03 17:32:08] <nigelk> worth adding a line about use with modules though, as that's how almost everyone does it now
[2010/03/03 17:32:22] <elasticdog> this is what I get: http://pastie.org/852541
[2010/03/03 17:32:35] <eshamow> nigelk: that's what i'll do. thank you very much for the help
[2010/03/03 17:32:49] <elasticdog> it seems like puppetmasterd likes to remove and re-create my /etc/puppet directory
[2010/03/03 17:34:09] @ jaredrhine joined channel #puppet
[2010/03/03 17:34:33] <elasticdog> I'm trying to bootstrap a new server from my version control. I'm basically doing a rmdir /etc/puppet and then checking out my repo in /etc/puppet
[2010/03/03 17:35:30] @ nb joined channel #puppet
[2010/03/03 17:36:42] <jmccune> elasticdog: Yeah, so this is what I was just discussing a few moments ago... If $confdir (/etc/puppet) is a VC working copy, then you'll need to tweak a few things to make puppet not write into it.
[2010/03/03 17:36:52] <jmccune> e.g. --ssldir=/var/lib/puppet/ssl
[2010/03/03 17:37:14] <jmccune> And even then, puppet tries to manage itself
[2010/03/03 17:37:38] <elasticdog> jmccune: ahhh, I was trying --ssldir=/etc/puppet
[2010/03/03 17:37:46] <jmccune> So you have the option to set owner, group, and mode in the [puppetmasterd] section of puppet.conf
[2010/03/03 17:37:46] <elasticdog> so, does that need to be permanent?
[2010/03/03 17:37:59] <jmccune> Well, it depends on your preference.
[2010/03/03 17:38:28] <jmccune> I prefer to not have anything "dynamic" in my version control working copies.
[2010/03/03 17:38:53] <jmccune> And $ssldir is dynamic since the server will be issuing certificates and updating it's CA bits
[2010/03/03 17:39:37] <elasticdog> jmccune: I just had ^ssl/(?!ca).+ in my .hgignore file, as I was told pretty much ssl/ca was all you really need under version control
[2010/03/03 17:39:44] <jmccune> So I try to keep the things that could be mounted readonly in one tree and things that can't in another
[2010/03/03 17:40:09] @ \ask joined channel #puppet
[2010/03/03 17:40:21] <jmccune> elasticdog: Hrmmmm
[2010/03/03 17:40:32] <jmccune> elasticdog: Well, the puppet CA will be creating files in there
[2010/03/03 17:40:40] <nigelk> anyone else in a position they can test whether tag "puppet" works?
[2010/03/03 17:40:41] <jmccune> Do you want them under version control?
[2010/03/03 17:41:02] <markl_> is it possible to run a puppet 0.25 client and 0.24 server?
[2010/03/03 17:41:07] <elasticdog> jmccune: probably...that would prevent having to re-sign for all of your clients if you had to wipe the machine, right?
[2010/03/03 17:41:23] <markl_> i'm sure it would be best to be 0.25 everywhere
[2010/03/03 17:41:33] <tmz> markl_: No, not as far as I know.
[2010/03/03 17:41:42] <nigelk> markl_: it is absolutely not possible
[2010/03/03 17:41:52] <tmz> 0.24 clients work with 0.25 servers, but the other way isn't supported.
[2010/03/03 17:41:53] <jmccune> elasticdog: So long as you preserve the CA certificate itself and it's private keys, you actually don't need to keep track of all the signed client certificates
[2010/03/03 17:42:00] <markl_> ok cool
[2010/03/03 17:42:12] <jmccune> elasticdog: But it's not a bad idea to do so...
[2010/03/03 17:42:15] <markl_> good to know, this http error looked nasty: "GET /production/certificate/ca HTTP/1.1" 404
[2010/03/03 17:42:22] <nigelk> yes :)
[2010/03/03 17:42:49] <elasticdog> jmccune: so would that be ca_crl.pem, ca_crt.pem, and ca_key.pem?
[2010/03/03 17:42:51] <markl_> will the config files need to change?
[2010/03/03 17:42:58] <jmccune> elasticdog: Yep
[2010/03/03 17:43:07] <nigelk> oh i'm wrong about the puppet tag
[2010/03/03 17:43:34] <jmccune> elasticdog: even the puppetmaster SSL server certificate could be regenerated from ca_crt.pem and ca_key.pem, and the clients will trust it.
[2010/03/03 17:43:54] <tmz> markl_: For the most part, no. There are some things deprecated in 0.25 that you'll see warnings about, but your 0.24 configuration should work.
[2010/03/03 17:44:14] <nigelk> one big thing that bit me was that I had people checking in manifests with two require => lines in a resource
[2010/03/03 17:44:22] <nigelk> puppet 0.24 doesn't parse this as a syntax error
[2010/03/03 17:44:24] <nigelk> 0.25 does
[2010/03/03 17:44:50] <tmz> Ahh. I was never bitten by that one.
[2010/03/03 17:46:28] @ jhulten joined channel #puppet
[2010/03/03 17:46:35] <elasticdog> jmccune: I'll keep playing with it, and see what works...thanks for the ideas
[2010/03/03 17:47:17] <elasticdog> jmccune: so if I didn't have the clients certs under version control, the downside would be that they would show up as needing to be signed, but the clients would still trust the server?
[2010/03/03 17:47:28] <jmccune> nigelk: So, if we just make sure /etc/puppet/modules/null/lib exists, then plugin sync starts working... I'm not sure how I feel about this 'solution' though.
[2010/03/03 17:47:42] <jmccune> elasticdog: Nope
[2010/03/03 17:47:52] @ Quit: shenson: Quit: /me taps out
[2010/03/03 17:48:24] <jmccune> elasticdog: If any of us goes and blows away everything in $ssldir/ca/signed/
[2010/03/03 17:48:32] <jmccune> Then everything will keep working without a hitch
[2010/03/03 17:48:34] <nigelk> jmccune: eeeew!
[2010/03/03 17:49:04] <jmccune> the $ssldir/ca/signed/ directory is really just to keep track of stuff that's been signed, it's not actually used when SSL is operating.
[2010/03/03 17:49:06] @ Quit: vermeer__: Ping timeout: 252 seconds
[2010/03/03 17:49:23] @ Quit: afletcher: Quit: afletcher
[2010/03/03 17:49:24] <jmccune> So the client will still have a signed certificate on it's end, and use it to contact the master
[2010/03/03 17:49:36] <jmccune> Which can verify it's valid by checking it against ca_crt.pem
[2010/03/03 17:49:43] <nigelk> jmccune: it does let you avoid duplicate certnames on different certs though
[2010/03/03 17:50:09] <jmccune> definitely, as nigel points out... It's convenient in cases.
[2010/03/03 17:50:24] <jmccune> Though, from another perspective, if you blow away a client node and need to get a new cert
[2010/03/03 17:50:52] <elasticdog> that's a good point
[2010/03/03 17:50:53] <jmccune> The CA will refuse to sign the "new" CSR and instead hand back the already signed certificate from the blown-away node.
[2010/03/03 17:51:11] <nigelk> which is the right thing to do :)
[2010/03/03 17:51:19] <jmccune> So that's effectively what puppetca --clean does... It just removes the cert from $ssldir/ca/signed/
[2010/03/03 17:51:49] <jmccune> nigelk: Yes, perhaps with some nice error message to the effect. =)
[2010/03/03 17:51:49] <elasticdog> gotcha
[2010/03/03 17:52:33] <jmccune> elasticdog: So yeah, I'm not advocating removing the signed certs server side without good reason
[2010/03/03 17:53:08] <jmccune> elasticdog: Because it does open a security hole, if it's not there and you have autosign on, then someone could easily grab a signed certificate and pretend to be another node.
[2010/03/03 17:53:58] <jmccune> Plus, ls *.pem | wc is a nice way to count nodes. =)
[2010/03/03 17:54:07] <elasticdog> jmccune: I'm definitely not doing auto-sign, and think it probably makes sense to keep everything under ssl/ca under VC, even if you have to remember to commit those changes
[2010/03/03 17:54:40] <jmccune> elasticdog: Yeah, it's definitely not a bad idea or anything
[2010/03/03 17:56:21] <elasticdog> I just need to test for the proper procedure when setting up a fresh server
[2010/03/03 17:57:00] @ Quit: pheezy: Remote host closed the connection
[2010/03/03 17:57:34] @ pheezy joined channel #puppet
[2010/03/03 17:58:05] @ randybias joined channel #puppet
[2010/03/03 17:59:40] @ OpenMedia joined channel #puppet
[2010/03/03 17:59:49] @ alfism joined channel #puppet
[2010/03/03 18:01:01] @ Quit: malraid: Quit: malraid
[2010/03/03 18:01:44] @ Quit: pheezy: Ping timeout: 245 seconds
[2010/03/03 18:04:03] <elasticdog> hmmm...puppetmasterd especially doesn't like if /etc/puppet is a symlink to elsewhere
[2010/03/03 18:06:26] <nigelk> no it does not
[2010/03/03 18:06:38] <nigelk> I think the same holds true for subdirectories
[2010/03/03 18:07:29] <tessier> Anyone here use puppet to verify file checksums to look for rootkits etc?
[2010/03/03 18:07:31] <markl_> ok what does it mean when i do a puppetca --list and it lists a host, but when i try to sign it says:
[2010/03/03 18:07:35] <markl_> err: Could not call sign: Could not find certificate request for devdb01
[2010/03/03 18:09:10] @ Quit: biertie: Ping timeout: 265 seconds
[2010/03/03 18:10:22] <jmccune> tessier: Puppet doesn't make for a very good tripwire.
[2010/03/03 18:10:33] <tessier> jmccune: Why not? cfengine did ok.
[2010/03/03 18:11:36] <tessier> Just wondering how puppet might be able to help out with intrusion detection since it is always inspecting the systems anywya.
[2010/03/03 18:11:43] <jmccune> Right
[2010/03/03 18:11:54] <markl_> another identically configured machine works fine
[2010/03/03 18:11:55] <markl_> weird
[2010/03/03 18:12:04] @ lak joined channel #puppet
[2010/03/03 18:12:32] <jmccune> I suppose I was envisinging something like file { "/": recurse => true, source => "/known_good" }
[2010/03/03 18:12:47] <jmccune> Which would be pretty expensive
[2010/03/03 18:12:59] <proton> that sounds scary :)
[2010/03/03 18:13:04] <tessier> Nono...just some basic keeping track of checksums on commonly trojaned files.
[2010/03/03 18:13:12] <tessier> ls cp mv insmod rmmod uname free df etc.
[2010/03/03 18:13:29] <proton> i'd really suggest you use a proper tripwire if you want that
[2010/03/03 18:13:29] <jmccune> tessier: In the past I've used puppet to call radmind, which would perform a lot better since checksums are pre-computed.
[2010/03/03 18:13:31] <tessier> A couple dozen little things to checksum. cfengine did this and it was nto noticeable.
[2010/03/03 18:13:55] <jmccune> tessier: Yeah, you'd probably be just fine then.
[2010/03/03 18:13:55] <proton> checksumming those binaries is mostly pointless these days, any decent rootkit just modifies the kernel so you see the right checksum
[2010/03/03 18:14:03] <tessier> proton: Indeed.
[2010/03/03 18:14:29] <tessier> proton: I am debating with some folks about whether antivirus on Linux/Unix is required by PCI-DSS 5.1
[2010/03/03 18:14:34] <tessier> I'm pretty sure it isn't.
[2010/03/03 18:14:46] <tessier> QSA says it isn't. They say their QSA says it is.
[2010/03/03 18:14:49] * tessier shrugs
[2010/03/03 18:15:20] <jmccune> I'm out. Talk you you tomorrow.
[2010/03/03 18:15:25] @ Quit: jmccune: Quit: driving home
[2010/03/03 18:16:48] <markl_> am i going to have to dig at the source to figure out this puppetca error: err: Could not call sign: Could not find certificate request
[2010/03/03 18:16:58] <markl_> no matches on google
[2010/03/03 18:17:55] <markl_> weird, --all worked
[2010/03/03 18:18:22] <markl_> sun spots must be causing it
[2010/03/03 18:18:56] @ incommon_ike joined channel #puppet
[2010/03/03 18:18:58] @ Quit: incommon_ike: Client Quit
[2010/03/03 18:21:18] <tessier> If I upgrade puppet from the epel-testing rpm is it normal that I should have to re-sign all of my clients?
[2010/03/03 18:21:29] <tessier> Failed to
[2010/03/03 18:21:29] <tessier> generate additional resources during transaction: Certificates were not trusted:
[2010/03/03 18:22:45] @ Quit: tonyskapunk: Ping timeout: 260 seconds
[2010/03/03 18:22:50] @ biertie joined channel #puppet
[2010/03/03 18:23:03] @ Quit: ahasenack: Quit: Leaving
[2010/03/03 18:23:39] @ Quit: rmiller4pi8: Ping timeout: 240 seconds
[2010/03/03 18:24:49] <nigelk> hrm. can you raise an error inside a defined type?
[2010/03/03 18:24:54] @ Quit: lak: Quit: lak
[2010/03/03 18:25:09] <nigelk> fail
[2010/03/03 18:25:11] <nigelk> awesome
[2010/03/03 18:26:24] @ Quit: kaptk2: Quit: Leaving.
[2010/03/03 18:27:07] <markl_> tessier: i sure wouldn't expect that
[2010/03/03 18:27:29] @ zobbo_ joined channel #puppet
[2010/03/03 18:28:05] @ Quit: kpatton: Quit: ChatZilla 0.9.86 [Firefox 3.5.8/20100202152834]
[2010/03/03 18:28:59] <markl_> ok i'm using my first template
[2010/03/03 18:29:15] <markl_> do they go in /var/lib/puppet/dist/... like the other config files?
[2010/03/03 18:30:10] <markl_> Error 400 on SERVER: Could not find template 'common/etc/oratab'
[2010/03/03 18:30:53] <markl_> ok nm
[2010/03/03 18:31:12] <markl_> that was way up near the top of the wiki page
[2010/03/03 18:35:00] @ randybias is now known as randybias|away
[2010/03/03 18:36:30] @ tonyskapunk joined channel #puppet
[2010/03/03 18:38:39] @ Quit: zobbo_: Ping timeout: 276 seconds
[2010/03/03 18:38:50] <markl_> err: Could not retrieve catalog from remote server: wrong header line format
[2010/03/03 18:39:30] <markl_> that happens when i add this to a file: content => template("oratab.erb"),
[2010/03/03 18:39:41] @ randybias|away is now known as randybias
[2010/03/03 18:41:27] <markl_> hmm looks like it is a problem with the contents of the erb file
[2010/03/03 18:41:47] @ pierre`_ joined channel #puppet
[2010/03/03 18:41:53] @ Quit: pierre`: Read error: Connection reset by peer
[2010/03/03 18:43:04] @ afletcher_ joined channel #puppet
[2010/03/03 18:43:06] @ fzzzt left channel #puppet ()
[2010/03/03 18:43:25] @ swygue joined channel #puppet
[2010/03/03 18:44:02] <markl_> is there an erb guide somewhere? it seems to hate slashes and numbers
[2010/03/03 18:46:59] <jhulten> \q
[2010/03/03 18:47:03] @ Quit: jhulten: Quit: leaving
[2010/03/03 18:50:35] <joe-mac> markl_: as long as it's valid ruby inside the <% %> you should be fine
[2010/03/03 18:53:38] <markl_> ok i think i got it, thanks
[2010/03/03 18:58:09] @ Quit: bobbyz: Ping timeout: 240 seconds
[2010/03/03 19:00:25] <jamesturnbull> markl_: http://www.ruby-doc.org/stdlib/libdoc/erb/rdoc/
[2010/03/03 19:14:40] @ Quit: biertie: Ping timeout: 245 seconds
[2010/03/03 19:16:39] @ Quit: Pirate_Hunter: Ping timeout: 264 seconds
[2010/03/03 19:18:14] @ rmiller4pi8 joined channel #puppet
[2010/03/03 19:25:32] @ p3rror joined channel #puppet
[2010/03/03 19:26:00] @ Quit: p3rror: Read error: Connection reset by peer
[2010/03/03 19:28:30] @ biertie joined channel #puppet
[2010/03/03 19:30:34] @ Quit: tonyskapunk: Quit: Leaving
[2010/03/03 19:33:19] @ sebas891 joined channel #puppet
[2010/03/03 19:34:42] @ Quit: Ramonster: Quit: Get MacIrssi - http://www.sysctl.co.uk/projects/macirssi/
[2010/03/03 19:35:44] @ tjoe joined channel #puppet
[2010/03/03 19:37:37] @ Quit: biertie: Ping timeout: 276 seconds
[2010/03/03 19:37:43] @ neek joined channel #puppet
[2010/03/03 19:38:06] @ Quit: sebas891: Client Quit
[2010/03/03 19:38:27] <neek> boggle.
[2010/03/03 19:38:28] <neek> http://pastebin.ca/1822094
[2010/03/03 19:38:33] <neek> how is that variable not set?
[2010/03/03 19:39:01] * neek . o O ( this originally started with a bit more logic, and I gave up and backed down to the most minimal logic possible... )
[2010/03/03 19:39:24] <BarnacleBob> neek, if $var { doesn't test the value
[2010/03/03 19:39:31] <BarnacleBob> that would pass if $var='false' also
[2010/03/03 19:39:40] <BarnacleBob> but it should work
[2010/03/03 19:39:49] @ biertie joined channel #puppet
[2010/03/03 19:39:50] @ sebas891 joined channel #puppet
[2010/03/03 19:40:09] @ Quit: rcrowley: Quit: rcrowley
[2010/03/03 19:40:14] @ Quit: cwebber: Quit: cwebber
[2010/03/03 19:40:24] <neek> BarnacleBob: yep. that's where I started, but since that didn't work... :)
[2010/03/03 19:40:54] <kjetilho> works for me
[2010/03/03 19:41:00] <BarnacleBob> i have that style things all over and it works for me
[2010/03/03 19:41:06] <kjetilho> what version?
[2010/03/03 19:41:13] <BarnacleBob> you sure you don't have a parse error and so puppetmaster is not reloading your configs?
[2010/03/03 19:41:18] <BarnacleBob> i have 25.5
[2010/03/03 19:41:18] <BarnacleBob> er
[2010/03/03 19:41:20] <BarnacleBob> 25.4
[2010/03/03 19:41:32] @ Quit: gebi: Ping timeout: 246 seconds
[2010/03/03 19:41:32] <neek> yep. if I remove the logic down to just one or the other choice it works fine.
[2010/03/03 19:41:33] <kjetilho> I tried it in 0.24.8
[2010/03/03 19:41:40] <neek> I'm usign 0.24.8
[2010/03/03 19:41:45] <BarnacleBob> yeah i used it in 24.8 also
[2010/03/03 19:41:57] <neek> so it's just me. great. :)
[2010/03/03 19:42:21] <kjetilho> did you put that snippet in its own file and run puppet foo.pp ?
[2010/03/03 19:42:25] <BarnacleBob> neek, try doing a syntax check on your files
[2010/03/03 19:43:46] <neek> notice: //File[/tmp/sendmailenable]/ensure: created
[2010/03/03 19:43:47] <neek> [root@tibtwo-dsrlab ext-dev]#
[2010/03/03 19:43:54] <neek> in it's own pp
[2010/03/03 19:44:03] <neek> BarnacleBob: how, short of puppetd ?
[2010/03/03 19:44:34] <kjetilho> so you've been testing stale code somehow
[2010/03/03 19:45:00] <neek> kjetilho: stale maybe, but if I make changes to it and rerun puppetd, the changes happen.. :)
[2010/03/03 19:45:01] <kjetilho> puppet --parseonly
[2010/03/03 19:45:25] <kjetilho> *shrug*
[2010/03/03 19:45:32] <kjetilho> you're doing *something* wrong
[2010/03/03 19:45:55] <neek> clearly. :)
[2010/03/03 19:46:48] <kjetilho> way past bedtime for me, though
[2010/03/03 19:47:17] @ Quit: biertie: Ping timeout: 265 seconds
[2010/03/03 19:47:56] <BarnacleBob> neek, yeah puppet --parseonly on your site.pp and all your module init.pp
[2010/03/03 19:48:27] <BarnacleBob> oh you know what
[2010/03/03 19:48:36] <BarnacleBob> neek, if that variable isn't contained in a scope i don't think it will work
[2010/03/03 19:48:40] <BarnacleBob> well i'm not sure it will work
[2010/03/03 19:49:34] <neek> originally it was inside a node, then I moved it into a class in profile/
[2010/03/03 19:49:42] <neek> all with the same result.
[2010/03/03 19:49:55] <neek> notice: //Node[twocommon]/profile::tiger/File[/tmp/sendmailenable]/ensure: created
[2010/03/03 19:49:57] <neek> so wtf.
[2010/03/03 19:50:19] @ mpdehaan joined channel #puppet
[2010/03/03 19:50:45] @ Quit: tjoe: Quit: leaving
[2010/03/03 19:53:05] @ Quit: murkk: Ping timeout: 256 seconds
[2010/03/03 20:03:30] @ Quit: \ask: Ping timeout: 248 seconds
[2010/03/03 20:04:21] @ dgillies joined channel #puppet
[2010/03/03 20:04:28] @ dgillies is now known as davewongillies
[2010/03/03 20:06:27] <gepetto> ::trac:: Puppet MacOSX edited @ http://reductivelabs.com/trac/puppet/wiki/PuppetMacOSX?version=15
[2010/03/03 20:07:55] @ pheezy joined channel #puppet
[2010/03/03 20:14:36] <gepetto> ::trac:: Puppet MacOSX edited @ http://reductivelabs.com/trac/puppet/wiki/PuppetMacOSX?version=16
[2010/03/03 20:16:36] @ Quit: alfism: Quit: http://opensolaris.com/
[2010/03/03 20:20:30] @ Quit: mpdehaan: Quit: mpdehaan
[2010/03/03 20:27:57] @ Quit: pheezy: Remote host closed the connection
[2010/03/03 20:28:33] @ pheezy joined channel #puppet
[2010/03/03 20:29:22] <davewongillies> would anyone be able to help me out with a dreaded "Certificates were not trusted: hostname was not match with the server certificate" error?
[2010/03/03 20:29:24] <davewongillies> I've tried the solutions in both http://reductivelabs.com/trac/puppet/wiki/RubySSL-2007-006 and this http://reductivelabs.com/trac/puppet/wiki/FrequentlyAskedQuestions#i-keep-getting-certificates-were-not-trusted-what-s-wrong but no joy...
[2010/03/03 20:29:42] @ M- joined channel #puppet
[2010/03/03 20:30:48] <davewongillies> on a centos5.4 client running puppet 0.24.8
[2010/03/03 20:32:53] <BarnacleBob> are you using puppet.yourdomain to connect to the server?
[2010/03/03 20:32:57] @ Quit: pheezy: Ping timeout: 260 seconds
[2010/03/03 20:32:58] <BarnacleBob> or puppet
[2010/03/03 20:33:10] <davewongillies> puppet.yourdomain
[2010/03/03 20:33:51] <BarnacleBob> hrm sorry i forgot how to fix that error it was so long ago
[2010/03/03 20:34:01] <BarnacleBob> you might have to regenerate the certs after adding certname=
[2010/03/03 20:34:22] @ sijis is now known as sijis_afk
[2010/03/03 20:37:58] <davewongillies> huh... so I deleted some old, stray conf file in /etc/puppet
[2010/03/03 20:38:04] <davewongillies> restart and not its all good
[2010/03/03 20:38:08] <davewongillies> s/not/now
[2010/03/03 20:40:34] <BarnacleBob> nice
[2010/03/03 20:41:32] <davewongillies> think I might need to clean up the spacewalk repos. one repo has puppet 0.22 (from rpmforge) another has the newer EPEL package
[2010/03/03 20:41:49] <davewongillies> but the 0.22 one get precedence for some wacky reason
[2010/03/03 20:42:06] <davewongillies> then I end up with this crap.
[2010/03/03 20:42:33] <BarnacleBob> rpmforge and epel are notoriously bad to enable together
[2010/03/03 20:43:13] <BarnacleBob> you are best off enabling just one (i prefer epel) and then just create your own custom repo for one off packages you can just grab and drop in your repo
[2010/03/03 20:43:47] <davewongillies> yeah, true. I'd previously gotten around it with the yum-priorities package when we had our own mrepo repositories but now that we've migrated to spacewalk, I haven't figured out (due to time) if/how that can be done
[2010/03/03 20:47:39] @ cabernet joined channel #puppet
[2010/03/03 20:48:17] <cabernet> Hi folks, is it really necessary to open up port 8140 for tcp and udp on my puppet clients, or does that only need to happen on the master?
[2010/03/03 20:49:55] <Djelibeybi> cabernet: you need 8140 open on the Master and 8139 (by default) on the client *if* you use puppetrun
[2010/03/03 20:50:07] <Djelibeybi> If you're not using puppetrun, you only need 8140 on the master
[2010/03/03 20:50:35] <cabernet> good to know, thanks... I think docs say that it needs to be open on both master and client, which sounded odd to me.
[2010/03/03 20:50:39] @ mpdehaan joined channel #puppet
[2010/03/03 20:50:42] @ Quit: ahuman: Remote host closed the connection
[2010/03/03 20:50:46] <cabernet> Not sure what pupetrun is yet, just getting started here. :)
[2010/03/03 20:50:54] <Djelibeybi> cabernet: Well, open from client to master. :)
[2010/03/03 20:50:58] @ ahuman joined channel #puppet
[2010/03/03 20:51:15] <Djelibeybi> Also, only requires tcp, not udp
[2010/03/03 20:51:57] @ Quit: jes5: Quit: Leaving.
[2010/03/03 20:52:51] @ mpdehaan left channel #puppet ()
[2010/03/03 20:52:57] <cabernet> hmm. Might be a good idea to update the docs...
[2010/03/03 20:52:59] <cabernet> "You may need to open port 8140, both tcp and udp, on the server and client machines."
[2010/03/03 20:53:04] <cabernet> http://docs.reductivelabs.com/guides/installation.html
[2010/03/03 20:54:06] @ DrHouseMD is now known as HouseAway
[2010/03/03 20:56:59] @ Quit: Djelibeybi: Quit: Leaving
[2010/03/03 21:02:25] @ Djelibeybi joined channel #puppet
[2010/03/03 21:09:44] @ Quit: BarnacleBob: Quit: This computer has gone to sleep
[2010/03/03 21:15:34] @ Quit: ahuman: Remote host closed the connection
[2010/03/03 21:21:13] @ murkk joined channel #puppet
[2010/03/03 21:21:21] @ Quit: murkk: Client Quit
[2010/03/03 21:31:10] @ maxagaz joined channel #puppet
[2010/03/03 21:34:38] @ bug joined channel #puppet
[2010/03/03 21:36:39] @ biertie joined channel #puppet
[2010/03/03 21:39:32] @ Quit: biertie: Excess Flood
[2010/03/03 21:39:49] @ biertie joined channel #puppet
[2010/03/03 21:42:04] @ tjoe joined channel #puppet
[2010/03/03 21:42:17] @ Quit: tjoe: Client Quit
[2010/03/03 21:44:23] @ Quit: biertie: Ping timeout: 246 seconds
[2010/03/03 21:46:15] @ bodepd left channel #puppet ()
[2010/03/03 21:51:43] @ Quit: tyll: Quit: leaving
[2010/03/03 22:03:52] <axisys> how do I escape the curly braces that are part of sed in here http://pastie.org/852930 ?
[2010/03/03 22:04:15] <axisys> i think it is giving syntax error because of those curly braces
[2010/03/03 22:06:40] @ randybias is now known as randybias|away
[2010/03/03 22:07:11] <axisys> never mind .. it was really a syntax error
[2010/03/03 22:08:56] @ randybias|away is now known as randybias
[2010/03/03 22:14:27] @ Quit: cabernet: Quit: cabernet
[2010/03/03 22:15:04] @ rcrowley joined channel #puppet
[2010/03/03 22:22:51] @ plathrop is now known as plathrop-away
[2010/03/03 22:25:25] @ biertie joined channel #puppet
[2010/03/03 22:29:47] @ sijis_afk is now known as sijis
[2010/03/03 22:32:34] @ alfism joined channel #puppet
[2010/03/03 22:33:47] @ jes5 joined channel #puppet
[2010/03/03 22:34:20] @ Quit: jes5: Client Quit
[2010/03/03 22:34:36] <axisys> in the yaml file to call a module/securid/manifests/server.pp i use `- securid::server' , correct? it has been while since i used puppet .. trying to get back to it
[2010/03/03 22:35:29] @ nasrat joined channel #puppet
[2010/03/03 22:36:01] @ Quit: nasrat: Client Quit
[2010/03/03 22:36:14] <axisys> for the older classes in manifests/classes/config.pp , i call it like this `- config'
[2010/03/03 22:36:25] @ mpdehaan joined channel #puppet
[2010/03/03 22:38:09] @ Quit: mpdehaan: Client Quit
[2010/03/03 22:42:13] @ Quit: rcrowley: Quit: rcrowley
[2010/03/03 22:49:38] @ Quit: randybias: Quit: Leaving...
[2010/03/03 22:52:04] @ Quit: eshamow: Quit: eshamow
[2010/03/03 22:52:32] @ \ask joined channel #puppet
[2010/03/03 22:54:15] @ mpdehaan joined channel #puppet
[2010/03/03 23:03:43] @ Quit: mpdehaan: Quit: mpdehaan
[2010/03/03 23:03:59] @ nasrat joined channel #puppet
[2010/03/03 23:08:32] @ Quit: shadoi: Quit: Leaving.
[2010/03/03 23:10:47] @ rcrowley joined channel #puppet
[2010/03/03 23:12:18] @ Quit: artista_frustrad: Ping timeout: 248 seconds
[2010/03/03 23:13:01] @ Quit: artista-frustrad: Ping timeout: 264 seconds
[2010/03/03 23:15:44] @ bobbyz joined channel #puppet
[2010/03/03 23:20:34] @ Quit: WALoeIII: Ping timeout: 276 seconds
[2010/03/03 23:21:20] <axisys> i have the module in modules/securid/manifests/server.pp .. but puppet client is not calling it..
[2010/03/03 23:21:28] <axisys> need help w/ troubleshooting
[2010/03/03 23:24:52] <axisys> this is my setup in puppet master http://pastie.org/852999
[2010/03/03 23:26:17] <joe-mac> do you not need init.pp in .25+?
[2010/03/03 23:27:17] <joe-mac> i have a splitting headache, gotta go
[2010/03/03 23:29:47] @ Quit: joe-mac: Quit: Leaving.
[2010/03/03 23:30:42] @ Quit: nasrat: Quit: nasrat
[2010/03/03 23:32:17] @ nasrat joined channel #puppet
[2010/03/03 23:32:46] <axisys> joe-mac1: no .. cuz i have other modules where no init.pp was there... let me double check
[2010/03/03 23:33:33] <axisys> joe-mac1: feel better man
[2010/03/03 23:36:01] <asenchi> axisys: are you including that module in your node configuration?
[2010/03/03 23:37:07] <axisys> asenchi: well i am using external classifier.. check line 34 here http://pastie.org/852999
[2010/03/03 23:37:19] <axisys> asenchi: and line 58
[2010/03/03 23:39:07] <asenchi> and terminate is getting called?
[2010/03/03 23:39:35] <axisys> asenchi: yes .. that is how we terminate users
[2010/03/03 23:40:01] @ cwebber joined channel #puppet
[2010/03/03 23:40:43] <asenchi> have you tried running puppet by hand with --debug?
[2010/03/03 23:40:46] <asenchi> do you see any errors?
[2010/03/03 23:40:57] <asenchi> puppet --debug --modulepath=/etc/puppet/modules
[2010/03/03 23:41:07] <axisys> asenchi: on client ?
[2010/03/03 23:41:19] <asenchi> yes
[2010/03/03 23:43:32] @ Quit: M-: Quit: This computer has gone to sleep
[2010/03/03 23:44:59] @ WALoeIII joined channel #puppet
[2010/03/03 23:45:11] <axisys> asenchi: i just wanted to run that module instead of all .. so just called it .. and with some warning it did run ok
[2010/03/03 23:45:14] <axisys> http://pastie.org/853015
[2010/03/03 23:45:35] <axisys> asenchi: most modules sitting locally are not always tested
[2010/03/03 23:46:40] @ Quit: bug: Quit: bug
[2010/03/03 23:46:44] <axisys> asenchi: when i ran it against the puppetmaster .. i dont see terminate.. hmmm
[2010/03/03 23:46:51] <axisys> i dont see terminate either
[2010/03/03 23:46:54] <axisys> http://pastie.org/853017
[2010/03/03 23:46:57] <asenchi> you're missing a '"' on line 26: http://pastie.org/852999
[2010/03/03 23:47:35] <axisys> asenchi: doh!
[2010/03/03 23:49:10] <axisys> asenchi: something else is wrong.. i dont see terminate or securid::server
[2010/03/03 23:49:16] <axisys> asenchi: let me pastebin it
[2010/03/03 23:49:21] <axisys> pastie it rather
[2010/03/03 23:49:22] @ Quit: WALoeIII: Client Quit
[2010/03/03 23:50:07] <axisys> http://pastie.org/853020
[2010/03/03 23:50:22] <axisys> i think it is like this since i upgrade puppetd to 0.25.1
[2010/03/03 23:50:39] @ Quit: masterzen: Ping timeout: 240 seconds
[2010/03/03 23:50:51] <asenchi> debug: Failed to load library 'shadow' for feature 'libshadow'
[2010/03/03 23:50:52] <asenchi> debug: Failed to load library 'ldap' for feature 'ldap'
[2010/03/03 23:50:58] <asenchi> those are the problems i think
[2010/03/03 23:51:05] <asenchi> everything is related to that
[2010/03/03 23:51:09] <asenchi> i think
[2010/03/03 23:51:51] @ Quit: Jenza: Ping timeout: 245 seconds
[2010/03/03 23:51:54] <axisys> http://pastie.org/853021 why would this failed ?
[2010/03/03 23:51:55] @ Jenza joined channel #puppet
[2010/03/03 23:52:08] @ Quit: matti: Ping timeout: 246 seconds
[2010/03/03 23:52:19] <axisys> the libshadow and ldap warnings were always there .. for solaris you can ignore them
[2010/03/03 23:52:29] @ Quit: DanF: Ping timeout: 246 seconds
[2010/03/03 23:52:30] @ Quit: ashp: Ping timeout: 246 seconds
[2010/03/03 23:53:13] @ Quit: Whoop: Ping timeout: 264 seconds
[2010/03/03 23:53:14] <axisys> but something else is wrong.. puppet is not calling the classes from that yaml format external classifier
[2010/03/03 23:53:34] <asenchi> sounds like the primary issue is the external classifier
[2010/03/03 23:54:09] <axisys> http://pastie.org/853020 this shows no sign of calling any classes..
[2010/03/03 23:54:15] @ Whoop joined channel #puppet
[2010/03/03 23:54:33] <axisys> i had been using this same classifier .. i wonder since upgrading to 0.25.1 something changed
[2010/03/03 23:55:09] <asenchi> more than likely, lots has changed in 0.25
[2010/03/03 23:55:34] <asenchi> more than likely that broke your classifier
[2010/03/03 23:55:59] @ masterzen joined channel #puppet
[2010/03/03 23:56:31] <axisys> asenchi: hmm.. let me find out how the classifier syntax is suppose to be
[2010/03/03 23:57:03] <asenchi> is there a reason you need to use an external classifer?
[2010/03/03 23:57:13] <axisys> its too hard to find stuff on the docs.reductivelabs.com .. needs getting used to it instead of complaining :-)
[2010/03/03 23:57:19] @ matti joined channel #puppet
[2010/03/03 23:57:20] @ Quit: matti: Changing host
[2010/03/03 23:57:20] @ matti joined channel #puppet
[2010/03/03 23:57:42] @ ashp joined channel #puppet
[2010/03/03 23:57:47] <axisys> asenchi: i need one class per node.. cannot group them really since they are not in homogeneous env
« Tuesday, 2010-03-02 Index Thursday, 2010-03-04 »

Generated by irclog2html.py 2.8 by Marius Gedminas - find it at mg.pov.lt!