Friday, 2010-05-28

« Thursday, 2010-05-27 Index Saturday, 2010-05-29 »
[2010/05/28 00:05:13] @ Log started by gepetto
[2010/05/28 00:05:13] @ j_c joined channel #puppet
[2010/05/28 00:05:25] @ Quit: jmeeuwen: Quit: Disconnecting from stoned server.
[2010/05/28 00:05:42] @ jmeeuwen joined channel #puppet
[2010/05/28 00:08:54] @ Quit: _jc_: Ping timeout: 248 seconds
[2010/05/28 00:22:20] @ tuvyz joined channel #puppet
[2010/05/28 00:23:45] @ Quit: tuv: Ping timeout: 245 seconds
[2010/05/28 00:27:12] @ viridari left channel #puppet ()
[2010/05/28 00:42:17] @ Quit: \ask: Remote host closed the connection
[2010/05/28 00:42:41] @ \ask joined channel #puppet
[2010/05/28 00:47:27] @ Quit: \ask: Ping timeout: 260 seconds
[2010/05/28 00:47:42] @ \ask joined channel #puppet
[2010/05/28 00:52:54] @ cmatheson joined channel #puppet
[2010/05/28 00:54:10] <cmatheson> is there a way to reference variables from my node from an included module... like class foo { $foo = $mynode::somevar }
[2010/05/28 00:59:27] @ Quit: xerxas: Ping timeout: 260 seconds
[2010/05/28 01:16:34] <kjetilho> cmatheson: variables from your node are global
[2010/05/28 01:16:49] <kjetilho> cmatheson: but you have to pay attention to evaluation order
[2010/05/28 01:17:15] <kjetilho> ie. the variable has to be set before you include the module
[2010/05/28 01:24:01] <cmatheson> kjetilho: ok, maybe i'm running into something else then. i'm getting this error on a host that is receiving exported Nagios_host definitions: Could not create dataecs: Parameter notify failed: Relationships must be resource references at line 43 (notify is the variable that is defined in my node)
[2010/05/28 01:26:44] @ n0ts__ joined channel #puppet
[2010/05/28 01:26:47] <kjetilho> notify is probably a reserved word
[2010/05/28 01:28:50] <cmatheson> kjetilho: ah, i'll try that. thanks (i had looked for notify in facter's output, but i hadn't thought of reserved words)
[2010/05/28 01:28:51] <Djelibeybi> cmatheson: notify is a type/function
[2010/05/28 01:28:58] <cmatheson> Djelibeybi: great, thanks
[2010/05/28 01:29:53] @ nexx joined channel #puppet
[2010/05/28 01:40:33] @ Quit: Djelibeybi: Quit: Leaving
[2010/05/28 01:53:07] @ pinoyskull joined channel #puppet
[2010/05/28 01:55:41] @ Quit: fredden: Quit: Leaving
[2010/05/28 02:05:22] @ andrew3 left channel #puppet ()
[2010/05/28 02:06:28] @ Quit: n0ts__: Quit: Page closed
[2010/05/28 02:12:09] @ Quit: cmatheson: Ping timeout: 264 seconds
[2010/05/28 02:22:04] @ PsychoSid joined channel #puppet
[2010/05/28 02:26:08] @ comprehensive left channel #puppet ()
[2010/05/28 02:26:08] <tuvyz> is mysql absolutely required for dashboard? no other db backends supported (e.g. sqlite)?
[2010/05/28 02:34:02] @ pmorillo joined channel #puppet
[2010/05/28 02:38:21] @ gaveen joined channel #puppet
[2010/05/28 02:39:58] @ Quit: alban2: Quit: Leaving.
[2010/05/28 02:42:26] @ TREllis joined channel #puppet
[2010/05/28 02:43:08] @ Quit: gaveen: Client Quit
[2010/05/28 02:50:31] <ohadlevy> tuvyz: yeah - why?
[2010/05/28 03:07:09] @ Karan joined channel #puppet
[2010/05/28 03:08:06] <tim|mac> good morning, #puppetcamp
[2010/05/28 03:08:09] @ noyb joined channel #puppet
[2010/05/28 03:08:12] <tim|mac> and others too, of course
[2010/05/28 03:09:37] @ Quit: giskard: Remote host closed the connection
[2010/05/28 03:10:51] @ themroc joined channel #puppet
[2010/05/28 03:11:55] @ ckauhaus joined channel #puppet
[2010/05/28 03:13:26] @ Quit: NDBrendan: Quit: NDBrendan
[2010/05/28 03:14:44] @ Quit: ricky: Quit: leaving
[2010/05/28 03:27:38] @ DavidS joined channel #puppet
[2010/05/28 03:31:28] <|Mike|> DavidS: hi!
[2010/05/28 03:33:04] @ Quit: rodnet: Quit: rodnet
[2010/05/28 03:34:02] @ jorgecab joined channel #puppet
[2010/05/28 03:35:18] @ giskard joined channel #puppet
[2010/05/28 03:35:53] <jorgecab> Hi everybody
[2010/05/28 03:36:09] <jorgecab> can anyone please help me with one quick question about puppet?
[2010/05/28 03:37:49] @ xerxas joined channel #puppet
[2010/05/28 03:38:13] <jorgecab> I was thinking about including the control of the contents of the /etc/hosts of a group of servers
[2010/05/28 03:38:29] <jorgecab> one group have one /etc/hosts and the other has a different one
[2010/05/28 03:38:52] <jorgecab> So I don't know if the best way to do this is by creating a module named hosts and use templates
[2010/05/28 03:39:05] @ mikepea joined channel #puppet
[2010/05/28 03:39:25] <jorgecab> or using the "host" functionality of puppet but I haven't found an example of this in google
[2010/05/28 03:39:29] @ DavidS1 joined channel #puppet
[2010/05/28 03:39:30] <jorgecab> any thoughts?
[2010/05/28 03:41:13] @ Quit: DavidS: Ping timeout: 265 seconds
[2010/05/28 03:41:43] @ Quit: mikepea: Client Quit
[2010/05/28 03:42:20] * DavidS1 reporting live from puppetcamp
[2010/05/28 03:44:40] @ mikepea joined channel #puppet
[2010/05/28 03:44:51] @ lucky__ joined channel #puppet
[2010/05/28 03:45:01] @ lucky__ left channel #puppet ()
[2010/05/28 03:47:03] @ lak joined channel #puppet
[2010/05/28 03:47:21] <DavidS1> g'morning lak :-)
[2010/05/28 03:47:36] <lak> DavidS1: good morning
[2010/05/28 03:47:53] @ DavidS1 is now known as DavidS
[2010/05/28 03:48:24] <tim|mac> hey lak, awake already? no headache? ;-)
[2010/05/28 03:48:41] <lak> none at all - i was asleep before midnight :)
[2010/05/28 03:48:55] @ \\localhost joined channel #puppet
[2010/05/28 03:49:06] <tim|mac> I won't hold it against you, because you're a nice guy overall
[2010/05/28 03:49:13] @ twisla joined channel #puppet
[2010/05/28 03:51:40] <tim|mac> bah, we published our modules too :S very early already
[2010/05/28 03:59:48] <tim|mac> his accent is really cool
[2010/05/28 04:00:18] <ohadlevy> tim|mac: who is - al ?
[2010/05/28 04:00:32] <tim|mac> yeah
[2010/05/28 04:00:46] <ohadlevy> yeah :)
[2010/05/28 04:01:09] <twisla> it's "sunny" :)
[2010/05/28 04:01:21] @ Pupeno joined channel #puppet
[2010/05/28 04:01:27] <tim|mac> verily
[2010/05/28 04:02:06] <Pupeno> Anyone managing bacula with puppet?
[2010/05/28 04:02:07] <tim|mac> i just remember, we talked yesterday in a open space about a lint tool for puppet, to check some conventions
[2010/05/28 04:02:22] <tim|mac> that would be really nice
[2010/05/28 04:03:28] <ohadlevy> tim|mac: yeah
[2010/05/28 04:03:58] <tim|mac> i'll make it a feature request
[2010/05/28 04:04:05] <tim|mac> or i can write one in python ;-)
[2010/05/28 04:07:25] @ Quit: ckauhaus: Read error: Operation timed out
[2010/05/28 04:08:24] @ lutter joined channel #puppet
[2010/05/28 04:08:30] <DavidS> tim|mac: heretic! ;-)
[2010/05/28 04:08:49] <tim|mac> :P
[2010/05/28 04:08:57] <tim|mac> this is silly... you sit next to me!
[2010/05/28 04:09:16] <DavidS> yes, i feel young again :-)
[2010/05/28 04:09:38] <tim|mac> passing notes in class, 21st century style ;-)
[2010/05/28 04:09:49] * ohadlevy is enjoying this
[2010/05/28 04:10:46] @ ckauhaus joined channel #puppet
[2010/05/28 04:11:27] <tim|mac> ooo i like the variable definition subclass
[2010/05/28 04:11:33] <tim|mac> never seen that before
[2010/05/28 04:11:46] <tim|mac> would work great with require... require apache::params in this case
[2010/05/28 04:12:04] <DavidS> but no resources => no dependencies
[2010/05/28 04:12:09] <tim|mac> or does a reference to ${apache::params::bla} already defines that order?
[2010/05/28 04:12:45] @ fluxdude joined channel #puppet
[2010/05/28 04:13:08] @ asenchi left channel #puppet ()
[2010/05/28 04:14:34] <tim|mac> i keep thinking of a nice way to allow you to keep track of the module in forge, while still applying your own customizations, without a need to change the module name too much
[2010/05/28 04:14:41] <tim|mac> i can only think of a tiered way
[2010/05/28 04:14:45] <tim|mac> not sure if i like that
[2010/05/28 04:14:53] <\\localhost> Hi there, can someone tell me what is the difference between 'import' and 'include' ?
[2010/05/28 04:15:14] <ohadlevy> tim|mac: I have a custom function which allows to store data in modules data dir, maybe that be a solution for variables
[2010/05/28 04:15:22] <tim|mac> import makes sure the file is read by puppetmaster, include actually allows you to apply the module to a noce
[2010/05/28 04:15:28] <tim|mac> if it contains a class
[2010/05/28 04:15:41] <tim|mac> if the file you import doesn't contain a class, everything in there is available
[2010/05/28 04:16:09] <tim|mac> ohadlevy: ah yes, that would be interesting... got it online somewhere? on forge by any chance? :)
[2010/05/28 04:16:29] <ohadlevy> github
[2010/05/28 04:16:48] <ohadlevy> tim|mac: http://github.com/ohadlevy/puppet-lookup
[2010/05/28 04:16:55] <\\localhost> tim|mac: and if i have , let's say, a definitions file in one of my module, and i want to use them in one of my module class, should i import it, or include it ?
[2010/05/28 04:17:00] <tim|mac> dashboard vs foreman count in the room is about even :)
[2010/05/28 04:17:00] <tim|mac> \
[2010/05/28 04:17:34] <tim|mac> \\localhost: import it, but even better (i think) is to have them in a class and incude the class if needed
[2010/05/28 04:17:58] <\\localhost> tim|mac: oh i see, thanks for the hint :)
[2010/05/28 04:18:02] <DavidS> tim|mac: 1) that is parse order dependent 2) futures(yay!) will make that irrelevant
[2010/05/28 04:18:08] <tim|mac> ohadlevy: that's like the extlookup right?
[2010/05/28 04:18:20] <DavidS> tim|mac: the forge needs vcs integration
[2010/05/28 04:18:25] <tim|mac> +1 for futures
[2010/05/28 04:18:29] <ohadlevy> tim|mac: similiar, but allow you to store data in modules and other modules too
[2010/05/28 04:18:44] <ohadlevy> tim|mac: or from other modules
[2010/05/28 04:18:51] <ohadlevy> e.g. you got the forge module
[2010/05/28 04:18:57] <ohadlevy> but you can override the settings in another module
[2010/05/28 04:19:00] <tim|mac> DavidS: does it? shouldn't it just point to a vcs system and keep distributing tarballs?
[2010/05/28 04:20:40] <tim|mac> my problem with extlookup and like approaches is mostly that you have several places where you store your information... not a good thing, imho
[2010/05/28 04:21:11] <DavidS> it doesn't have to host the tree, but it should integrate the available information
[2010/05/28 04:21:27] <DavidS> tags<=>releases, changes etc
[2010/05/28 04:21:32] <DavidS> merge support
[2010/05/28 04:21:46] <DavidS> see github's network graph
[2010/05/28 04:21:57] <tim|mac> true
[2010/05/28 04:22:07] <tim|mac> that's important info... but it's already on github
[2010/05/28 04:22:16] <ohadlevy> tim|mac: it depends, sometimes you want that if you have many people editing the manifests (or in our case, editing the modules)
[2010/05/28 04:22:17] <DavidS> but it's not accessible via pmt
[2010/05/28 04:22:24] <ohadlevy> each module can come with a set of defaults, which you can override
[2010/05/28 04:23:28] <DavidS> but, actually, WHAT do you have to change from a well designed module?
[2010/05/28 04:24:00] <tim|mac> Kumina's sysadmin rules #1: Assumption is the mother of all fuckups.
[2010/05/28 04:24:01] <gepetto> tim|mac: #1 is http://projects.puppetlabs.com/issues/show/1 "Puppet - Feature #1: Differentiate classes from definitions - PuppetLabs.com"
[2010/05/28 04:24:17] <tim|mac> i never assume that any module is well designed... i'm to fickle for that
[2010/05/28 04:24:32] <DavidS> point taken
[2010/05/28 04:25:34] <ohadlevy> DavidS: know anyone in austria who is looking for a job managing a very large puppet infrastructure ?
[2010/05/28 04:25:39] <tim|mac> honestly, i'm contemplating if there would be interest in a "module design" open space... not about designing actual modules, but about modelling your setup so you have a framework for which to build your puppet modules on...
[2010/05/28 04:26:25] <ohadlevy> tim|mac: i think thats what jamesturnbull had in mind with the scaffolding
[2010/05/28 04:26:25] @ Quit: DavidS: Read error: Connection reset by peer
[2010/05/28 04:26:25] @ Quit: mikepea: Read error: Connection reset by peer
[2010/05/28 04:26:25] @ Quit: lak: Read error: Connection reset by peer
[2010/05/28 04:26:37] <tim|mac> s/module design/model design/
[2010/05/28 04:26:43] @ allsystemsarego joined channel #puppet
[2010/05/28 04:26:45] @ mikepea joined channel #puppet
[2010/05/28 04:27:08] @ lak joined channel #puppet
[2010/05/28 04:27:39] @ DavidS joined channel #puppet
[2010/05/28 04:27:48] <DavidS> sounds interesting
[2010/05/28 04:28:00] <zipkid> souns interesting indeed.
[2010/05/28 04:28:06] <zipkid> sounds too
[2010/05/28 04:28:42] @ Quit: lak: Client Quit
[2010/05/28 04:28:45] <Pupeno> Is there a way to have a global variable to use in various templates?
[2010/05/28 04:28:45] <tim|mac> i'll propose it then... although i'm not an expert about that subject at all, i think i'll be able to ask the right questions
[2010/05/28 04:29:04] <zipkid> Pupeno: declare it in site.pp
[2010/05/28 04:29:05] <DavidS> hehe :-)
[2010/05/28 04:29:42] <Pupeno> zipkid: how do you declare it in site.pp and make it available to the templates? (sorry, I'm just starting with templates)
[2010/05/28 04:30:20] <zipkid> just do, and use... $myvar = myval -> and <%= myval %> in mytemplaye.erb
[2010/05/28 04:30:38] <zipkid> oops <%= myvar %>
[2010/05/28 04:35:16] <zipkid> Pupeno: http://docs.puppetlabs.com/guides/templating.html
[2010/05/28 04:35:55] <\\localhost> Hello guys, i have a problem, i set up a definition (to configure our apps) , and i want to use this definition twice (or more ) in my node definition ( per node), but puppet throws me an error "duplicate definition" , how can i avoid that ?
[2010/05/28 04:35:57] @ jcesario_ joined channel #puppet
[2010/05/28 04:36:23] <zipkid> \\localhost: use a different name value
[2010/05/28 04:37:40] <\\localhost> zipkid: actually it is different
[2010/05/28 04:37:59] @ Quit: bronto: Quit: Leaving.
[2010/05/28 04:38:01] <zipkid> then it is a definiton IN your define
[2010/05/28 04:38:13] <zipkid> a class or resource
[2010/05/28 04:38:14] <\\localhost> i have one value that is the same it's the value "release" (it's the release number of our app)
[2010/05/28 04:38:44] @ Quit: jcesario: Ping timeout: 258 seconds
[2010/05/28 04:38:49] <zipkid> put your code + error on pastie
[2010/05/28 04:39:26] <\\localhost> sure
[2010/05/28 04:39:29] <\\localhost> http://pastebin.com/kNH5q1k2
[2010/05/28 04:40:50] <zipkid> you did not include the recepie of the define nor the error you get.....
[2010/05/28 04:42:07] @ alban2 joined channel #puppet
[2010/05/28 04:42:41] <\\localhost> zipkid: sry, here is an updated pastebin : http://pastebin.com/kBuZ24zC
[2010/05/28 04:43:21] @ mauve joined channel #puppet
[2010/05/28 04:43:52] <\\localhost> i'm just showing the vars that i'm passing to the method
[2010/05/28 04:43:53] <zipkid> chang your notify { "name value is :... to notify { "name value for $name is :
[2010/05/28 04:44:41] <zipkid> or 'Release value is' to 'Release value for $name is'
[2010/05/28 04:44:57] <\\localhost> sure
[2010/05/28 04:45:19] <zipkid> anyway, make all $name vars unique, for ANY type/function (notify is one of them too)
[2010/05/28 04:46:40] @ Quit: z00dax: Ping timeout: 245 seconds
[2010/05/28 04:46:52] <\\localhost> zipkid: it seems to run now
[2010/05/28 04:47:06] <zipkid> \\localhost: obviously :-D
[2010/05/28 04:47:19] @ Quit: Lunar_Lamp: Quit: Changing server
[2010/05/28 04:47:36] @ z00dax joined channel #puppet
[2010/05/28 04:47:36] @ Lunar_Lamp joined channel #puppet
[2010/05/28 04:47:36] @ Quit: Lunar_Lamp: Changing host
[2010/05/28 04:47:37] @ Lunar_Lamp joined channel #puppet
[2010/05/28 04:47:58] <\\localhost> is that because the Notify array already have a previous entry "Release value is..." ?
[2010/05/28 04:48:03] @ Quit: DavidS: Quit: Leaving.
[2010/05/28 04:48:37] <zipkid> \\localhost: only a problem where it is identical to one before
[2010/05/28 04:49:10] <\\localhost> i see , thanks you for pointing this out to me zipkid !
[2010/05/28 04:50:07] @ Quit: mikepea: Quit: mikepea
[2010/05/28 04:50:22] @ Quit: alban2: Quit: Leaving.
[2010/05/28 04:51:04] <zipkid> \\localhost: np!
[2010/05/28 04:51:32] <zipkid> break!
[2010/05/28 04:55:54] @ DavidS joined channel #puppet
[2010/05/28 04:57:07] <matti> Hi zipkid
[2010/05/28 04:59:23] @ Quit: DavidS: Client Quit
[2010/05/28 05:00:16] @ lak joined channel #puppet
[2010/05/28 05:00:31] <matti> HI lak
[2010/05/28 05:00:40] <lak> hullo
[2010/05/28 05:00:53] <matti> Feeling better? ;]
[2010/05/28 05:02:16] @ mikepea joined channel #puppet
[2010/05/28 05:02:28] <zipkid> hi matti
[2010/05/28 05:03:11] <matti> Hi mikepea
[2010/05/28 05:03:22] <mikepea> lo
[2010/05/28 05:03:23] <matti> ;]
[2010/05/28 05:03:44] @ thegcat joined channel #puppet
[2010/05/28 05:03:49] <matti> Are you all folks at the venue?
[2010/05/28 05:04:06] <barn> they're outside, screaming, with pictures of lak they want signing! (;
[2010/05/28 05:04:11] <mikepea> yup. jeff mccune up talking about puppet+splunk
[2010/05/28 05:04:12] * matti had to stay in the hotel and do some coding for $people_who_have_me_on_paycheck ;/
[2010/05/28 05:04:12] <twisla> :)
[2010/05/28 05:04:13] <lak> hah!
[2010/05/28 05:04:14] <mikepea> barn: ha!
[2010/05/28 05:04:26] <lak> matti: sucker!
[2010/05/28 05:04:26] <matti> barn: Oh oh.
[2010/05/28 05:04:30] <matti> lak: Hahaha.
[2010/05/28 05:04:33] <matti> lak: I love you too ;]
[2010/05/28 05:04:47] @ MattyM joined channel #puppet
[2010/05/28 05:05:28] <matti> barn: I have heard rumors about private audience with lak... free hugs included. Although, there is a waiting-list apparently.
[2010/05/28 05:05:51] <barn> don't believe the rumours! (:
[2010/05/28 05:05:58] <lak> matti: yes, private audiences are available, but very expensive :)
[2010/05/28 05:06:18] <matti> lak: Hey! That explains why "free hugs" are included.
[2010/05/28 05:06:19] <matti> ;p
[2010/05/28 05:06:47] @ Quit: lutter: Ping timeout: 260 seconds
[2010/05/28 05:08:32] <zipkid> does anyone have the link to Jeff's talk slides... i missed it...
[2010/05/28 05:08:44] @ jab_doa joined channel #puppet
[2010/05/28 05:08:59] <matti> Hm.
[2010/05/28 05:09:49] <\\localhost> Hello there, is there a way that a module depends on another module in the class itself (and not using a require in a ressource) or an include ?
[2010/05/28 05:10:42] <\\localhost> i know i can do this by including the needed class , but for my knowledge, i would like to know if there is another possibility
[2010/05/28 05:10:45] <zipkid> there is one more way but it is meant to be used for another reason 'inherits' class a inhetits b {}
[2010/05/28 05:11:39] <\\localhost> hmm you right !
[2010/05/28 05:11:52] <twisla> zipkid: http://bit.ly/puppetsplunkslides
[2010/05/28 05:12:00] <zipkid> thx twisla
[2010/05/28 05:12:58] @ Quit: MattyM: Read error: Connection reset by peer
[2010/05/28 05:12:58] @ Quit: mikepea: Read error: Connection reset by peer
[2010/05/28 05:12:58] @ Quit: lak: Read error: Connection reset by peer
[2010/05/28 05:13:30] @ MattyM joined channel #puppet
[2010/05/28 05:14:20] @ lak joined channel #puppet
[2010/05/28 05:14:21] @ mikepea joined channel #puppet
[2010/05/28 05:20:21] @ lutter joined channel #puppet
[2010/05/28 05:21:04] @ kolla joined channel #puppet
[2010/05/28 05:22:45] @ bitfield joined channel #puppet
[2010/05/28 05:28:37] <Pupeno> Any ideas why puppetrun --host machine2.example.com may not be doing anything? It says Finished, but nothing happened
[2010/05/28 05:33:34] <zipkid> ah, that is where you are sitting twisla :-)
[2010/05/28 05:33:58] <twisla> heh
[2010/05/28 05:34:19] <zipkid> Pupeno: i'm not using pupetrun but is the host actually listening?
[2010/05/28 05:34:28] @ toi joined channel #puppet
[2010/05/28 05:34:34] <zipkid> hello toi
[2010/05/28 05:34:53] <toi> Morning zipkid
[2010/05/28 05:37:16] <Pupeno> zipkid: apparently, it wasn't.
[2010/05/28 05:37:28] @ Quit: mikepea: Quit: mikepea
[2010/05/28 05:38:59] <Pupeno> now it is listening, but nothing happens.
[2010/05/28 05:43:20] @ Quit: ckauhaus: Ping timeout: 272 seconds
[2010/05/28 05:43:58] @ Quit: toi: Ping timeout: 272 seconds
[2010/05/28 05:45:23] @ lainwir3d joined channel #puppet
[2010/05/28 05:45:29] <lainwir3d> hi
[2010/05/28 05:46:42] <lainwir3d> i have a "small problem"
[2010/05/28 05:46:52] <lainwir3d> i have this config http://pastebin.com/txjnKq58
[2010/05/28 05:47:13] <lainwir3d> i want to ensure the owner/group of a directory and and all its file
[2010/05/28 05:47:16] <lainwir3d> well it works
[2010/05/28 05:47:20] <lainwir3d> but it's really slow
[2010/05/28 05:47:29] <lainwir3d> like 10minutes for less than 20files
[2010/05/28 05:47:34] @ suit joined channel #puppet
[2010/05/28 05:47:36] <lainwir3d> some files are quite big
[2010/05/28 05:47:57] <lainwir3d> but I don't think it should take this much time just to ensure owner/group/mode
[2010/05/28 05:48:10] <lainwir3d> so i think there may be some options i could set
[2010/05/28 05:49:01] <lainwir3d> or i could change this to an exec who launch chown / chmod
[2010/05/28 05:50:28] <lainwir3d> oh!
[2010/05/28 05:50:37] <lainwir3d> must be because of the checksum
[2010/05/28 05:51:25] @ mikepea joined channel #puppet
[2010/05/28 06:00:43] @ Quit: thegcat: Quit: Leaving.
[2010/05/28 06:03:00] @ Quit: lak: Quit: lak
[2010/05/28 06:03:04] @ Quit: fluxdude: Ping timeout: 258 seconds
[2010/05/28 06:05:07] @ Quit: lainwir3d: Ping timeout: 260 seconds
[2010/05/28 06:10:47] @ Quit: jorgecab: Quit: Leaving
[2010/05/28 06:12:42] @ Quit: MattyM: Ping timeout: 260 seconds
[2010/05/28 06:15:21] @ Quit: pmorillo: Quit: pmorillo
[2010/05/28 06:16:06] @ Quit: mikepea: Quit: mikepea
[2010/05/28 06:19:28] @ alban2 joined channel #puppet
[2010/05/28 06:20:39] @ thegcat joined channel #puppet
[2010/05/28 06:22:04] @ MattyM joined channel #puppet
[2010/05/28 06:25:50] @ toi joined channel #puppet
[2010/05/28 06:30:08] @ Quit: Karan: Ping timeout: 252 seconds
[2010/05/28 06:31:46] @ Quit: toi: Read error: Connection reset by peer
[2010/05/28 06:31:46] @ Quit: alban2: Read error: Connection reset by peer
[2010/05/28 06:33:07] @ alban2 joined channel #puppet
[2010/05/28 06:36:12] @ ricky joined channel #puppet
[2010/05/28 06:37:51] @ Quit: xerxas: Quit: Leaving.
[2010/05/28 06:37:52] @ kuh joined channel #puppet
[2010/05/28 06:39:24] @ Quit: kuh-44444: Ping timeout: 240 seconds
[2010/05/28 06:41:20] @ bronto joined channel #puppet
[2010/05/28 06:43:59] @ Quit: mellen: Ping timeout: 260 seconds
[2010/05/28 06:44:39] @ suchu joined channel #puppet
[2010/05/28 06:47:40] <sts> hello folks. can i use $name like that: define foo( $foo="${name}" ) {}, so $foo evaluates to $name?
[2010/05/28 06:48:32] <kjetilho> sts: unfortunately not
[2010/05/28 06:49:23] <sts> so i have to evaluate it afterwards...
[2010/05/28 06:50:36] @ itguru joined channel #puppet
[2010/05/28 06:52:15] @ Quit: MattyM: Ping timeout: 260 seconds
[2010/05/28 06:52:20] @ mellen joined channel #puppet
[2010/05/28 06:54:34] @ Quit: alban2: Read error: Connection reset by peer
[2010/05/28 06:55:49] @ alban2 joined channel #puppet
[2010/05/28 06:57:30] @ ciupicri joined channel #puppet
[2010/05/28 06:59:31] <ciupicri> even if I set "selrange => undef, selrole => undef, seltype => undef, seluser => undef," for a file resource puppet still tries to change the SELinux attributes: (/File[/mnt/Music]/seluser) seluser changed 'unconfined_u' to 'system_u' | Failed to set SELinux context unconfined_u:object_r:mnt_t:s0 on /mnt/Music (it's mounted read-only)
[2010/05/28 07:00:25] @ lbt_ joined channel #puppet
[2010/05/28 07:02:58] @ Quit: weizhang: Quit: Leaving
[2010/05/28 07:03:15] @ weizhang joined channel #puppet
[2010/05/28 07:03:20] @ Quit: weizhang: Read error: Connection reset by peer
[2010/05/28 07:03:35] @ weizhang joined channel #puppet
[2010/05/28 07:03:35] @ Quit: weizhang: Client Quit
[2010/05/28 07:03:50] @ weizhang joined channel #puppet
[2010/05/28 07:07:20] @ Quit: lutter: Quit: Leaving.
[2010/05/28 07:07:25] @ p3rror joined channel #puppet
[2010/05/28 07:07:44] @ Quit: mellen: Ping timeout: 252 seconds
[2010/05/28 07:08:16] @ Quit: tsb: Quit: quitted
[2010/05/28 07:09:00] @ tsb joined channel #puppet
[2010/05/28 07:10:20] @ Quit: alban2: Read error: Connection reset by peer
[2010/05/28 07:10:20] @ mellen joined channel #puppet
[2010/05/28 07:11:40] @ alban2 joined channel #puppet
[2010/05/28 07:12:39] @ gantec joined channel #puppet
[2010/05/28 07:13:22] <gantec> hi, i want to add a virtual host on Apache2 and i've got this err message on the client server where is apache2 installed
[2010/05/28 07:13:23] <gantec> err: //apache_class/File[/etc/apache2/ports.conf]/source: Could not describe /apache2/ports.conf: Fileserver module 'apache2' not mounted
[2010/05/28 07:14:33] @ Quit: joe-mac: Quit: Leaving.
[2010/05/28 07:18:23] <|Mike|> bbl, puppetcamp openspace is starting
[2010/05/28 07:18:59] <barn> quick! Move everything around!
[2010/05/28 07:19:23] @ jense joined channel #puppet
[2010/05/28 07:19:54] @ Quit: alban2: Quit: Leaving.
[2010/05/28 07:23:16] <bitfield> next year i'm going to send a remote-controlled drone version of myself to attend puppetcamp
[2010/05/28 07:23:36] <bitfield> it will have a receptacle at the front for putting beer into, and a usb socket for uploading presentations
[2010/05/28 07:27:50] @ AlexLuya joined channel #puppet
[2010/05/28 07:27:56] <aglet> is there a way to branch on whether another module is included or not? eg: I have an sshd module which concats a line into iptables, but what if iptables/concat isn't included for a particular host
[2010/05/28 07:28:02] <bitfield> and lasers
[2010/05/28 07:35:42] @ alban2 joined channel #puppet
[2010/05/28 07:39:59] @ benoit_c joined channel #puppet
[2010/05/28 07:41:54] @ Quit: tuf: Ping timeout: 265 seconds
[2010/05/28 07:42:56] <gantec> how to run a script from the puppetmaster to the client ?
[2010/05/28 07:46:02] @ Quit: maxagaz: Quit: Ex-Chat
[2010/05/28 07:46:46] <gantec> ??
[2010/05/28 07:47:29] <ciupicri> gantec, http://docs.reductivelabs.com/guides/types/exec.html ?
[2010/05/28 07:48:23] <jamesturnbull> aglet: the defined function is worth a look
[2010/05/28 07:48:46] <jamesturnbull> aglet: http://docs.puppetlabs.com/references/stable/function.html#defined
[2010/05/28 07:49:25] <gantec> ciupicri : thankx it's ok but if i want this -> behind my terminal, i want to execute a script to srv1, srv2, srv24, srv37
[2010/05/28 07:49:28] <gantec> can i do it ?
[2010/05/28 07:50:08] <ciupicri> gantec, you copy it using the file type than run it
[2010/05/28 07:50:39] @ mikepea joined channel #puppet
[2010/05/28 07:50:50] <gantec> ok thank you very much
[2010/05/28 07:50:51] <ciupicri> gantec, btw there is also func https://fedorahosted.org/func/
[2010/05/28 07:51:06] <gantec> and i've got a problem with my apache2
[2010/05/28 07:51:13] <gantec> can you maybe help too ?
[2010/05/28 07:51:41] <ciupicri> jamesturnbull, do you happen to be familiar with SELinux? I'm having some issue with it http://serverfault.com/questions/145829/how-to-manage-mounted-partitions-fstab-mount-points-from-puppet
[2010/05/28 07:51:49] <gantec> err: //apache_class/File[/etc/apache2/ports.conf]/source: Could not describe /webserver/ports.conf: Fileserver module 'webserver' not mounted
[2010/05/28 07:52:29] <ciupicri> gantec, yeah, I was just looking at it
[2010/05/28 07:52:50] <gantec> ok
[2010/05/28 07:53:04] @ Quit: benoit_c: Ping timeout: 260 seconds
[2010/05/28 07:53:10] @ Quit: alban2: Quit: Leaving.
[2010/05/28 07:53:13] <ciupicri> gantec, do you have [webserver] in /etc/puppet/fileserver.conf ? Btw, I'm a newbie too...
[2010/05/28 07:53:14] <jamesturnbull> gantec: can you pastie your manifest?
[2010/05/28 07:53:27] @ ahasenack joined channel #puppet
[2010/05/28 07:53:43] <jamesturnbull> ciupicri: I greatly dislike SELinux but will have a look ;)
[2010/05/28 07:57:47] <gepetto> ::redmine:: Wiki edit: Style_Guide (#5) @ http://projects.reductivelabs.com/projects/1/wiki/Style_Guide?version=5 (by Stephen Nelson-Smith)
[2010/05/28 07:57:47] <gepetto> ::redmine:: Wiki edit: Puppet_Best_Practice2 (#4) @ http://projects.reductivelabs.com/projects/1/wiki/Puppet_Best_Practice2?version=4 (by Stephen Nelson-Smith)
[2010/05/28 07:59:16] <gantec> no
[2010/05/28 07:59:16] <jamesturnbull> ciupicri: hmmm not sure what's happening there
[2010/05/28 07:59:20] <gantec> didnt define it
[2010/05/28 07:59:34] <ciupicri> jamesturnbull, are there any debugging flags/settings that I could use?
[2010/05/28 07:59:56] <jamesturnbull> ciupicri: and you've tried undef on the SELinux attributes?
[2010/05/28 08:00:05] <ciupicri> jamesturnbull, yes
[2010/05/28 08:00:24] @ Quit: bitfield: Quit: Leaving.
[2010/05/28 08:00:26] <gantec> ciupicri, no haven't it but defined like a module in puppet.conf
[2010/05/28 08:00:47] @ xerxas joined channel #puppet
[2010/05/28 08:01:01] <jamesturnbull> ciupicri: --debug --verbose --trace is the most information you'll get
[2010/05/28 08:01:04] <ciupicri> jamesturnbull, does puppet stores the client's setup somewhere in order to see what has changed?
[2010/05/28 08:01:17] <ciupicri> jamesturnbull, time to try it :-D
[2010/05/28 08:01:36] <tim|mac> hm... my views are so different from alessandro's and luke's, I feel very uncomfortable voicing them :S
[2010/05/28 08:01:51] <jamesturnbull> tim|mac: don't be
[2010/05/28 08:02:00] <jamesturnbull> tim|mac: luke's regularly wrong
[2010/05/28 08:02:03] <jamesturnbull> :P
[2010/05/28 08:02:07] <tim|mac> hehehe
[2010/05/28 08:02:36] <jamesturnbull> ciupicri: you can run in --noop mode to just see the proposed changes
[2010/05/28 08:02:51] <jamesturnbull> ciupicri: --debug will show you a lot of the actuall commands being executed
[2010/05/28 08:02:54] <gantec> jamesturnbull, what does mean pastie ?
[2010/05/28 08:03:02] <ciupicri> gantec, www.pastebin.com
[2010/05/28 08:03:02] <gepetto> ::redmine:: Wiki edit: Puppet_Best_Practice2 (#5) @ http://projects.reductivelabs.com/projects/1/wiki/Puppet_Best_Practice2?version=5 (by Stephen Nelson-Smith)
[2010/05/28 08:03:05] <jamesturnbull> gantec: pastie.org
[2010/05/28 08:03:15] <ciupicri> gantec, use that to paste your config or what jamesturnbull mentioned
[2010/05/28 08:03:35] <jamesturnbull> gantec: what puppet version btw?
[2010/05/28 08:03:41] <gantec> ciupicri:ok going to try
[2010/05/28 08:03:46] <gantec> the latest
[2010/05/28 08:03:54] <jamesturnbull> gantec: 0.25.5?
[2010/05/28 08:04:15] <gantec> yep
[2010/05/28 08:04:23] @ lainwir3d joined channel #puppet
[2010/05/28 08:04:40] @ Quit: mikepea: Read error: Connection reset by peer
[2010/05/28 08:04:42] <jamesturnbull> gantec: does your source line look like source => puppet:///modules/module_name/filename
[2010/05/28 08:05:00] <gantec> yes
[2010/05/28 08:05:12] @ Quit: pinoyskull: Quit: Leaving
[2010/05/28 08:05:24] <gantec> source => "puppet:///webserver/ports.conf"
[2010/05/28 08:05:58] <jamesturnbull> gantec: that's not correct
[2010/05/28 08:06:02] <gantec> ok
[2010/05/28 08:06:20] <gantec> i have to dive the path of the apache module ?
[2010/05/28 08:06:24] <gantec> give*
[2010/05/28 08:06:33] <jamesturnbull> gantec: source => "puppet:///modules/webserver/ports.conf"
[2010/05/28 08:06:44] @ Quit: thegcat: Quit: Leaving.
[2010/05/28 08:06:56] @ mikepea joined channel #puppet
[2010/05/28 08:07:01] <jamesturnbull> gantec: add "modules" in there and I am assuming "webserver" is the name of the module?
[2010/05/28 08:07:39] <gantec> don't know....
[2010/05/28 08:07:56] <gantec> sorry i'm going to try to resolve my problem and come here for realy question after
[2010/05/28 08:08:08] <ciupicri> jamesturnbull, no new info, only
[2010/05/28 08:08:40] <ciupicri> jamesturnbull, http://pastie.org/981692
[2010/05/28 08:09:23] @ Karan joined channel #puppet
[2010/05/28 08:10:40] @ Quit: mikepea: Read error: Connection reset by peer
[2010/05/28 08:10:48] <gantec> what is a module ? a file wrote in ruby ?
[2010/05/28 08:11:01] <jamesturnbull> ciupicri: does specifying seluser to unconfirmed_u work? ie. trying to force it not to change
[2010/05/28 08:11:20] <jamesturnbull> gantec: can i suggest you start with some basics? http://docs.puppetlabs.com/guides/introduction.html
[2010/05/28 08:11:21] <ciupicri> gantec, a module is a set of configuration declarations, just like a library when it comes to programming
[2010/05/28 08:11:26] @ mikepea joined channel #puppet
[2010/05/28 08:11:36] <lisa> a puppet module is a collection of stuff that tells puppet what to do to nodes that are affected by the module
[2010/05/28 08:11:48] <gantec> ok
[2010/05/28 08:12:07] <ciupicri> jamesturnbull, yeah, it worked, but why should I care about what's on the mounted partition?
[2010/05/28 08:12:10] <lisa> a class is the same thing... usually you use modules to bunch related classes together
[2010/05/28 08:12:11] <gantec> maybe a link for a tutorial to set up apache with puppet ? to add virtual hosts ?
[2010/05/28 08:12:18] <jamesturnbull> ciupicri: yeah that's a big I'd say
[2010/05/28 08:12:23] <jamesturnbull> s/big/bug/
[2010/05/28 08:13:42] <jamesturnbull> gantec: this is a module to do that - http://github.com/puppet-modules/puppet-apache
[2010/05/28 08:13:42] @ Quit: mikepea: Read error: Connection reset by peer
[2010/05/28 08:14:27] <jamesturnbull> gantec: as an example - but I do recommend trying some simple stuff first - perhaps managing something like sudo
[2010/05/28 08:14:58] <jamesturnbull> gantec: I also have a book - http://tinyurl.com/pupbook that might help - which you're under zero obligation to buy :)
[2010/05/28 08:15:17] <gantec> jamesturnbull:yes i've already download it
[2010/05/28 08:15:23] <gantec> thnx
[2010/05/28 08:15:28] * lisa bought the book in ebook format
[2010/05/28 08:15:51] <lisa> jamesturnbull: soo version 2 of the book going to have a table of contents and be broken up into sections like o'reilly books? :)
[2010/05/28 08:16:00] @ mikepea joined channel #puppet
[2010/05/28 08:16:02] * lanky smiles at the idea that sudo is considered 'simple'
[2010/05/28 08:16:19] <gantec> jamesturnbull:i begin with puppet a few weeks (1) and i have to set up something asap for my boss
[2010/05/28 08:16:28] <lisa> lainwir3d: the package is, sudoers file...less so :)
[2010/05/28 08:16:35] @ Quit: mikepea: Read error: Connection reset by peer
[2010/05/28 08:17:19] @ [GuS] joined channel #puppet
[2010/05/28 08:17:19] @ Quit: Karan: Quit: Page closed
[2010/05/28 08:17:40] @ Karan joined channel #puppet
[2010/05/28 08:18:14] <jamesturnbull> lisa: it will - this is also unlike all other Apress books - this was a range of "mini" books called First Press
[2010/05/28 08:18:16] <lainwir3d> lisa: huh? what?
[2010/05/28 08:18:34] <lisa> jamesturnbull: good to hear. when is the next edition coming? :)
[2010/05/28 08:18:35] @ mikepea joined channel #puppet
[2010/05/28 08:18:37] <lisa> lainwir3d: nevermind
[2010/05/28 08:18:40] <lanky> lainwir3d: I blame tab completion.
[2010/05/28 08:18:41] <jamesturnbull> lisa: they didn't - over my objections have an index - it does have a TOC and was broken into chapters
[2010/05/28 08:19:00] <jamesturnbull> lanky: managing it is :)
[2010/05/28 08:19:05] @ Karan_ joined channel #puppet
[2010/05/28 08:19:08] <jamesturnbull> lanky: one package, sudoers file etc :)
[2010/05/28 08:19:19] @ Quit: Karan: Client Quit
[2010/05/28 08:19:21] <lanky> assuming your sudoers file is the same everywhere...
[2010/05/28 08:19:21] @ Karan_ is now known as Karan
[2010/05/28 08:19:32] <jamesturnbull> lanky: templates to the rescue
[2010/05/28 08:19:47] <lanky> jamesturnbull: I suppose
[2010/05/28 08:19:57] @ Quit: mikepea: Client Quit
[2010/05/28 08:19:59] <lanky> I spent some time trying to do it with augeas, which *nearly* works
[2010/05/28 08:20:06] <jamesturnbull> it's one of the best examples because it's simple initially but grows to show you lots of Puppet bits
[2010/05/28 08:20:10] <lainwir3d> oh ok, no problem :)
[2010/05/28 08:20:12] <_^Sarge^_> And after doing sudoers, then do something nice and easy like an AD integration including joining the domain via winbind
[2010/05/28 08:20:26] * jamesturnbull backs away slowly
[2010/05/28 08:20:29] <lanky> except that the augeas type does not have an 'unless' parameter
[2010/05/28 08:20:42] <lisa> yeah
[2010/05/28 08:20:46] <jamesturnbull> lanky: is there a feature request for that?
[2010/05/28 08:20:50] <lanky> and my ruby is not quite good enough to add that without breaking stuff
[2010/05/28 08:20:58] <lisa> i managed to join some CentOS boxes to open directory with relative ease
[2010/05/28 08:21:03] <lanky> jamesturnbull: not yet - I got very sidetracked with the rest of the project :)
[2010/05/28 08:21:30] * lanky wanders off to add one. remind me where I do that again?
[2010/05/28 08:21:47] <_^Sarge^_> It's actually not that hard, probably hardest to do the keytabs to join the domain
[2010/05/28 08:22:17] <jamesturnbull> lanky: because the augeas guys are pretty prompt
[2010/05/28 08:22:18] <jamesturnbull> lanky: http://projects.puppetlabs.com/projects/puppet/issues/new
[2010/05/28 08:22:19] <lisa> next trick is kerberizing those hosts
[2010/05/28 08:22:49] <jamesturnbull> ciupicri: ditto on logging a bug for your SELinux issue - although I can't guarantee it isn't some weird downstream SEL behaviour
[2010/05/28 08:25:24] <ciupicri> jamesturnbull, yeah, that's why I'm going to use the Fedora bug tracker
[2010/05/28 08:26:28] <ciupicri> jamesturnbull, and let the packager decide what to do
[2010/05/28 08:27:18] <gantec> ciupicri & jamesturbull: thank you for the help. have i nice week end
[2010/05/28 08:27:31] <ciupicri> gantec, you too
[2010/05/28 08:27:49] @ Quit: gantec: Quit: Page closed
[2010/05/28 08:35:21] @ beata_ joined channel #puppet
[2010/05/28 08:36:07] @ Quit: ciupicri: Quit: Leaving
[2010/05/28 08:37:25] <lanky> ciupicri: can you paste the audit logs and or the relevant /var/log/messages parts from the client box for the SELinux issue?
[2010/05/28 08:37:59] <lanky> also, are you ytrying to set SELinux contexts on a mountpoint and then mounting stuff onto it, or after the mount? This makes a difference... :)
[2010/05/28 08:38:27] <|Mike|> re
[2010/05/28 08:38:29] @ thegcat joined channel #puppet
[2010/05/28 08:39:07] <lanky> you may need to add a -o context=system_u:system_r:public_content_t:s0 or equivalent as part of the mount command for that to stick
[2010/05/28 08:39:12] @ Quit: bug: Quit: bug
[2010/05/28 08:40:49] @ vachon joined channel #puppet
[2010/05/28 08:40:55] <vachon> morning all
[2010/05/28 08:41:05] <vachon> i discovered an issue with the host thing yesterday
[2010/05/28 08:41:15] <vachon> wondering if anyone has seen or has a fix
[2010/05/28 08:41:16] <vachon> http://pastebin.com/UQXtmYFv
[2010/05/28 08:41:54] <vachon> notice the ^I where a whitespace should be
[2010/05/28 08:43:22] @ bodepd joined channel #puppet
[2010/05/28 08:43:38] <lanky> vachon: those are tab characters
[2010/05/28 08:44:05] <lanky> do you have this open in vi(m)
[2010/05/28 08:44:10] <lanky> with :set list turned on?
[2010/05/28 08:44:16] <vachon> that is with set list on
[2010/05/28 08:44:28] <vachon> basically, the server freaked out
[2010/05/28 08:44:36] <vachon> it couldnt resolve localhost among other things
[2010/05/28 08:44:39] <vachon> it saw it munged
[2010/05/28 08:44:44] <vachon> (cent 5.3)
[2010/05/28 08:45:22] <lanky> vachon: i really should read more carefully :)
[2010/05/28 08:45:39] <vachon> happens
[2010/05/28 08:46:22] <vachon> so any reason that would break /etc/hosts?
[2010/05/28 08:47:56] @ Guest24975 joined channel #puppet
[2010/05/28 08:48:01] @ Quit: AlexLuya: Read error: Connection reset by peer
[2010/05/28 08:48:18] @ AlexLuya joined channel #puppet
[2010/05/28 08:48:37] <lanky> vachon: nope. Works fine here
[2010/05/28 08:49:24] @ Quit: Karan: Ping timeout: 240 seconds
[2010/05/28 08:51:12] <|Mike|> where is the beer at?
[2010/05/28 08:52:23] <lanky> |Mike|: which beer?
[2010/05/28 08:52:44] <|Mike|> belgium beer :D
[2010/05/28 08:54:33] @ Karan joined channel #puppet
[2010/05/28 08:54:38] <lanky> |Mike|: aha. You at puppetcamp then?
[2010/05/28 08:55:28] @ Quit: rmiller4pi8: Quit: Leaving.
[2010/05/28 08:55:29] <|Mike|> Yeah
[2010/05/28 08:55:55] <lanky> downstairs, under the table with the T-shirts on
[2010/05/28 08:56:24] <lanky> AFAIR
[2010/05/28 08:56:40] <|Mike|> so true hehe
[2010/05/28 08:56:53] <|Mike|> you're sitting downstairs as well?
[2010/05/28 08:57:19] @ Quit: lainwir3d: Ping timeout: 260 seconds
[2010/05/28 08:57:27] @ lainwir3d joined channel #puppet
[2010/05/28 08:57:36] <lanky> |Mike|: nope, listening to info about mcollective
[2010/05/28 08:57:50] <lanky> clearly it has my fullest attention
[2010/05/28 08:58:13] <zipkid> lanky: mcollective over beer!!!??? :-P
[2010/05/28 08:58:52] <lanky> zipkid: I have to drive home. I shall take a bottle with me, however
[2010/05/28 08:58:53] <barn> if beer is a new messaging protocol, that would work
[2010/05/28 08:59:10] @ Quit: suchu: Quit: ChatZilla 0.9.86 [Firefox 3.6.3/20100401080539]
[2010/05/28 08:59:11] <lanky> barn: beer does make it easier to get my point across
[2010/05/28 08:59:14] <lanky> does that count?
[2010/05/28 08:59:18] <zipkid> :-)
[2010/05/28 08:59:37] <zipkid> lanky: that is wat it might feel like to you....
[2010/05/28 08:59:53] <lanky> indeed. But that's what counts.
[2010/05/28 09:00:35] <lanky> however, i feel we are veering off topic
[2010/05/28 09:00:43] @ MarkN joined channel #puppet
[2010/05/28 09:00:51] <zipkid> When is beer ever off-topic?
[2010/05/28 09:00:53] @ Quit: MarkN: Disconnected by services
[2010/05/28 09:01:51] @ MarkN1 joined channel #puppet
[2010/05/28 09:02:17] <lanky> um...
[2010/05/28 09:02:28] <zipkid> exactly!
[2010/05/28 09:03:49] <|Mike|> lanky: haha, it's tim stoop's time now ;)
[2010/05/28 09:04:37] <zipkid> lanky: look at the ceiling!
[2010/05/28 09:05:54] @ joe-mac joined channel #puppet
[2010/05/28 09:06:44] @ mikepea joined channel #puppet
[2010/05/28 09:08:56] @ lak joined channel #puppet
[2010/05/28 09:10:43] <aglet> jamesturnbull: thanks, defined() is what I wanted
[2010/05/28 09:12:05] @ ckauhaus joined channel #puppet
[2010/05/28 09:12:21] @ Quit: lainwir3d: Read error: Operation timed out
[2010/05/28 09:15:24] @ Quit: mikepea: Quit: mikepea
[2010/05/28 09:19:25] @ Quit: ckauhaus: Read error: Operation timed out
[2010/05/28 09:20:27] <\\localhost> Hello guys, i have a strange problems when i launch my puppetd i need t olaunch it 3 or 4 times before it runs the catalog, here is the steps : http://pastebin.com/cNjRDFNX , has anyone faced this before ?
[2010/05/28 09:26:38] <jamesturnbull> \\localhost: do you have the puppet::client class defined?
[2010/05/28 09:27:46] @ Khalsa joined channel #puppet
[2010/05/28 09:28:08] <Khalsa> are the presentations from puppetcampt going to be made available somewhere?
[2010/05/28 09:34:04] <|Mike|> Khalsa: yeah, let me seek
[2010/05/28 09:35:52] @ Quit: p3rror: Ping timeout: 248 seconds
[2010/05/28 09:36:05] <|Mike|> Jeff McCune's presentation is online somewhere, i can't remember the url
[2010/05/28 09:36:37] <\\localhost> jamesturnbull: sure, it runs fine and does everything after i try 3 or 4 times
[2010/05/28 09:36:43] <dballing> Question: I have a number of puppetmasters behind a load-balancer (for redundancy). Is there any way, as there is for reporting, to tell the client to direct cert requests at a specific host?
[2010/05/28 09:37:22] <dballing> otherwise they start up, send a request to "1 of 3" and then may end up asking "2 of 3" for their signed cert, and "2 of 3" is all WTF?
[2010/05/28 09:37:50] @ Quit: Karan: Quit: ChatZilla 0.9.86 [Firefox 3.6.3/20100401080539]
[2010/05/28 09:39:30] @ mikepea joined channel #puppet
[2010/05/28 09:41:17] @ Quit: lak: Ping timeout: 265 seconds
[2010/05/28 09:48:52] @ kaptk2 joined channel #puppet
[2010/05/28 09:49:09] @ Quit: bodepd: Quit: bodepd
[2010/05/28 09:49:11] <ashp> i'm glad to see the extlookup stuff on the mailing list
[2010/05/28 09:49:18] <ashp> look forward to seeing more of that kind of thing :)
[2010/05/28 09:49:18] @ toi joined channel #puppet
[2010/05/28 09:49:22] @ pheezy joined channel #puppet
[2010/05/28 09:49:30] @ vachon left channel #puppet ()
[2010/05/28 09:49:32] @ p3rror joined channel #puppet
[2010/05/28 09:49:33] @ Quit: mikepea: Quit: mikepea
[2010/05/28 09:54:56] <Khalsa> |Mike|: any luck on that URL? That's actually the one presentation I'm interested in seeing >_>
[2010/05/28 09:56:45] @ Quit: weizhang: Quit: Leaving
[2010/05/28 09:57:01] @ Quit: thegcat: Quit: Leaving.
[2010/05/28 09:57:20] @ mikepea joined channel #puppet
[2010/05/28 09:57:22] <ohadlevy> are there any videos from puppetcamp?
[2010/05/28 09:58:02] @ Quit: mikepea: Client Quit
[2010/05/28 09:58:13] @ bug joined channel #puppet
[2010/05/28 09:58:15] @ Quit: p3rror: Ping timeout: 248 seconds
[2010/05/28 09:59:44] @ Quit: jense: Quit: Verlassend
[2010/05/28 10:04:31] @ benoit__ joined channel #puppet
[2010/05/28 10:07:14] @ herdingcat joined channel #puppet
[2010/05/28 10:10:34] @ thegcat joined channel #puppet
[2010/05/28 10:11:58] @ GioGio joined channel #puppet
[2010/05/28 10:12:05] <GioGio> hi there :)
[2010/05/28 10:12:40] @ suchu joined channel #puppet
[2010/05/28 10:14:21] <GioGio> i have some problems with passenger/puppet. I'm trying to test the performance of both. but randomly, when my clients try to contact the master, the didn't find the class to apply. is there anyone who already have this problem ?
[2010/05/28 10:16:41] <GioGio> the error is : Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find class test in namespaces....
[2010/05/28 10:21:54] @ bodepd joined channel #puppet
[2010/05/28 10:22:03] @ ActionJax joined channel #puppet
[2010/05/28 10:22:27] <beata_> is there functionality to have puppet send an email if a condition is met?
[2010/05/28 10:22:33] @ bodepd_ joined channel #puppet
[2010/05/28 10:23:12] <ashp> Does anyone here use autofs to handle NFS? I am trying to work out the best way to handle centrally managing nfs mounts
[2010/05/28 10:24:26] <ohadlevy> ashp: yeah
[2010/05/28 10:24:31] @ caglar10ur joined channel #puppet
[2010/05/28 10:24:38] <ashp> ohadlevy: Rather than make a giant module with hundreds of calls to my nfs define
[2010/05/28 10:24:46] <ashp> I thought "hmm, maybe I should see what other options I have"
[2010/05/28 10:25:02] <ashp> as this is a stupid crazy mess - I basically require the ability to set mount points by host without it being crazy hard to maintain
[2010/05/28 10:25:06] <ohadlevy> ashp: autofs and nis/ldap can work
[2010/05/28 10:25:10] <ashp> so I thought maybe I should clear everything out and look at autofs
[2010/05/28 10:25:30] <ashp> we have ldap but I'd rather just distribute a hardcoded file then mess with that as we don't deal with hosts in ldap
[2010/05/28 10:26:54] @ Quit: bodepd: Ping timeout: 264 seconds
[2010/05/28 10:26:55] @ bodepd_ is now known as bodepd
[2010/05/28 10:27:29] <ohadlevy> ashp: can work too
[2010/05/28 10:27:40] <ohadlevy> ashp: you could generate it nicely with templates
[2010/05/28 10:27:43] @ kad-afk is now known as thekad
[2010/05/28 10:27:56] <jbooth> GioGio: sounds like a problem with environments and/or your puppet configs. Drop passenger and debug.
[2010/05/28 10:29:27] @ DavidS joined channel #puppet
[2010/05/28 10:30:47] @ mikepea joined channel #puppet
[2010/05/28 10:31:01] @ Quit: AlexLuya: Read error: Connection reset by peer
[2010/05/28 10:31:03] @ AlexLuya joined channel #puppet
[2010/05/28 10:31:41] <ashp> ohadlevy: That's what I'm thinking, just have to work out the best way to do it now, it's got to be cleaner than all the alternatives
[2010/05/28 10:32:26] <ashp> to be honest I'd be ok with a giant template that just said if hostname {these}, elseif otherhostname {these}
[2010/05/28 10:32:36] <ashp> I was just doing that with a define instead as it stands to make life easier
[2010/05/28 10:32:49] @ Quit: TREllis: Ping timeout: 240 seconds
[2010/05/28 10:33:16] <ohadlevy> ashp: either that, or apply it though classes or parameters (that if you can group those mounts to some logic)
[2010/05/28 10:33:33] @ alhoang joined channel #puppet
[2010/05/28 10:34:42] @ TREllis joined channel #puppet
[2010/05/28 10:34:59] <GioGio> jbooth: without passenger, it works well. i have a new idea to debug that
[2010/05/28 10:35:24] <GioGio> jbooth: i'm trying to modify the configuration on the conf.d of passenger.
[2010/05/28 10:35:36] <GioGio> seems working better now ;)
[2010/05/28 10:35:44] <GioGio> i continue to investigate
[2010/05/28 10:36:56] <dballing> Question: I have a number of puppetmasters behind a load-balancer (for redundancy). Is there any way, as there is for reporting, to tell the client to direct cert requests at a specific host? (repeating the Q since nobody answered it) :-)
[2010/05/28 10:37:50] <bodepd> dballing: ca_server
[2010/05/28 10:38:16] <bodepd> dballing: but that not for reporting, thats for sending csrs
[2010/05/28 10:38:39] <dballing> right, I've got report_server set already.
[2010/05/28 10:38:47] <dballing> so I'll send ca_server to the same place
[2010/05/28 10:38:48] @ Quit: mikepea: Read error: Connection reset by peer
[2010/05/28 10:38:48] @ Quit: DavidS: Read error: Connection reset by peer
[2010/05/28 10:39:55] <bodepd> dballing: thats the easier way to manage certs behind a load balancer. 1 master is the ca, set ca=false on the others, then specify ca_server on the clients.
[2010/05/28 10:40:15] @ DavidS joined channel #puppet
[2010/05/28 10:40:16] @ themurph joined channel #puppet
[2010/05/28 10:40:17] <dballing> makes sense... thanks. :-)
[2010/05/28 10:40:36] <bodepd> dballing: I just got assigned a ticket to write a page in docs.puppetlabs about this :) coming soon.
[2010/05/28 10:40:54] @ mikepea joined channel #puppet
[2010/05/28 10:41:32] <bodepd> DavidS: How is puppetcamp?
[2010/05/28 10:41:47] @ Quit: DavidS: Client Quit
[2010/05/28 10:42:01] <ohadlevy> bodepd: probably a lot of fun :)
[2010/05/28 10:42:05] * bodepd blindly assumes s/S/Schmitt/
[2010/05/28 10:43:00] <bodepd> ohadlevy: I saw you open sourced that per module extlookup tool.
[2010/05/28 10:43:26] <bodepd> I have drawn that on a white board before :)
[2010/05/28 10:43:34] @ alban2 joined channel #puppet
[2010/05/28 10:43:44] <jbooth> GioGio: I have a hard time buying that puppet behaves differently (presuming it works at all) under passenger or not.
[2010/05/28 10:44:15] <ohadlevy> bodepd: cool :) hopefully someone will find it useful
[2010/05/28 10:44:17] <|Mike|> Khalsa: i just spoke with him
[2010/05/28 10:45:00] @ Quit: themurph: Remote host closed the connection
[2010/05/28 10:45:16] @ Quit: mikepea: Client Quit
[2010/05/28 10:45:31] @ themurph joined channel #puppet
[2010/05/28 10:46:26] @ Quit: thekad: Quit: leaving
[2010/05/28 10:47:28] @ Quit: alban2: Client Quit
[2010/05/28 10:47:40] @ Quit: AlexLuya: Read error: Connection reset by peer
[2010/05/28 10:48:05] <|Mike|> Green room, anyone?
[2010/05/28 10:48:33] @ AlexLuya joined channel #puppet
[2010/05/28 10:55:53] <Khalsa> |Mike|: ?
[2010/05/28 10:55:59] @ Quit: toi: Ping timeout: 240 seconds
[2010/05/28 10:56:13] @ Quit: Guest24975: Ping timeout: 272 seconds
[2010/05/28 10:56:14] <|Mike|> Khalsa: it's some kind of bit.ly url with splunge and puppet in it
[2010/05/28 10:56:38] <Khalsa> thanks, that narrows it down :p
[2010/05/28 10:57:28] @ Quit: suchu: Quit: ChatZilla 0.9.86 [Firefox 3.6.3/20100401080539]
[2010/05/28 10:58:04] <ohadlevy> masterzen: puppetdoc integration with foreman is commited :)
[2010/05/28 11:00:15] @ ciupicri joined channel #puppet
[2010/05/28 11:00:21] @ Quit: AlexLuya: Remote host closed the connection
[2010/05/28 11:02:39] @ rmiller4pi8 joined channel #puppet
[2010/05/28 11:03:12] <ciupicri> jamesturnbull, https://bugzilla.redhat.com/show_bug.cgi?id=597285
[2010/05/28 11:03:34] <ciupicri> hopefully someone will figure out what's going on
[2010/05/28 11:06:28] @ Quit: PsychoSid: Quit: Leaving.
[2010/05/28 11:06:38] @ fbe_ joined channel #puppet
[2010/05/28 11:10:45] @ cmatheson joined channel #puppet
[2010/05/28 11:12:52] <joe-mac> ciupicri: i only read it fast, but is this possibly NOTABUG? or did jamesturnbull say it was?
[2010/05/28 11:13:38] <ciupicri> joe-mac, he suggested reporting a bug
[2010/05/28 11:13:45] <ciupicri> joe-mac, I'm open to any suggestions
[2010/05/28 11:14:59] <ciupicri> joe-mac, including another approach to the big problem
[2010/05/28 11:16:21] <joe-mac> ahh, i'd look at it more in depth but i am responding to a bunch of tickets and e-mails and then have to munge some data for a client, then hopefully leaving on time to the catskills
[2010/05/28 11:16:34] <jetole> Hey guys. Can I tell the default node to use a class and then speciy for a specific node not to use that class without redefining it in another way for that node?
[2010/05/28 11:17:50] <joe-mac> the default node is a catch-all for undefined nodes... so i guess you mean you're inheriting the default node def, and the answer is no. you can't dis-include or un-include a class... in class inheritance you can override resources, that's about it
[2010/05/28 11:18:10] <jetole> hmmm
[2010/05/28 11:18:21] <jetole> That sounds like a feature which should be added
[2010/05/28 11:19:41] <joe-mac> heh...
[2010/05/28 11:20:00] <joe-mac> does the resource type work yet for ssh_authorized_keys?
[2010/05/28 11:20:10] <jetole> yes
[2010/05/28 11:20:32] <jetole> I'm using .25 and it does but I think it did in .24
[2010/05/28 11:20:42] <jetole> 0.25.4
[2010/05/28 11:20:46] <joe-mac> jetole: so you're purging all ssh keys not defined in puppet?
[2010/05/28 11:20:55] <jetole> what?
[2010/05/28 11:21:03] <jetole> I didn't mention anything about ssh keys
[2010/05/28 11:21:23] <joe-mac> o- i thought your 'yes' was a response to my question about the resource type
[2010/05/28 11:21:43] <jetole> no my yes was in response to "does the resource type work yet for ssh_authorized_keys?"
[2010/05/28 11:22:06] <jetole> yes. The resource type does work.
[2010/05/28 11:22:19] <joe-mac> right, then you say you didn't mention anything abotu ssh keys, but i did, and you said yes
[2010/05/28 11:22:23] <joe-mac> so... i am confused
[2010/05/28 11:22:46] <jetole> "jetole: so you're purging all ssh keys not defined in puppet?" No @ that and not sure why you thought I was
[2010/05/28 11:23:01] <joe-mac> because that's what the 'resource' type is useful for?
[2010/05/28 11:23:06] <joe-mac> i don't really know of any other use for it.
[2010/05/28 11:23:09] <pixie79> how do people distribute their perl settings, i just distributed Comfig.pm via puppet and perl broke on the client ?
[2010/05/28 11:23:14] * joe-mac rtfms
[2010/05/28 11:23:14] @ Quit: GioGio: Quit: Page closed
[2010/05/28 11:23:18] <pixie79> is it tied to other files
[2010/05/28 11:23:34] <jetole> joe-mac: it appends to authorized keys
[2010/05/28 11:23:45] <jetole> it does not purge it unless you tell it to remove a key
[2010/05/28 11:24:25] <joe-mac> jetole: i think you're misunderstanding me.
[2010/05/28 11:24:29] <joe-mac> there is a resource in puppet named 'resources'
[2010/05/28 11:24:40] <joe-mac> from tfm: This is a metatype that can manage other resource types. Any metaparams specified here will be passed on to any generated resources, so you can purge umanaged resources but set noop to true so the purging is only logged and does not actually happen.
[2010/05/28 11:24:56] @ Khalsa left channel #puppet ()
[2010/05/28 11:25:39] <jetole> joe-mac: I was under the impression you were asking if the resource type for ssh_authorized_keys work
[2010/05/28 11:25:42] <jetole> my mistake
[2010/05/28 11:25:51] <jetole> s/work/works
[2010/05/28 11:25:54] <joe-mac> it's fine, the name of it is kind of weird anyways
[2010/05/28 11:26:21] <joe-mac> i just don't wanna try to put this into place without knowing, it really sucks not having a real test/dev environment
[2010/05/28 11:27:15] @ Quit: rmiller4pi8: Quit: Leaving.
[2010/05/28 11:30:34] <\\localhost> Hello there, i've made a class that source a large file (.tgz around 150 mb) , the puppet client suceed to download it, but it's very long => 400sec (it's a lan network, scp take about 30sec), also, sometimes , it justs fails. does anyone have experienced this issue ?
[2010/05/28 11:33:20] @ mpdehaan joined channel #puppet
[2010/05/28 11:33:20] @ Mode +v mpdehaan by ChanServ
[2010/05/28 11:35:19] <pixie79> How do i define the order classes should be installed? i had been using include to say that one class needed to include another but that does not appear to install the class first?
[2010/05/28 11:37:07] @ ezekiel_ joined channel #puppet
[2010/05/28 11:37:26] @ steph021 joined channel #puppet
[2010/05/28 11:37:53] @ Quit: ezekiel: Ping timeout: 276 seconds
[2010/05/28 11:37:56] @ ezekiel_ is now known as ezekiel
[2010/05/28 11:40:51] @ Quit: cmatheson: Quit: leaving
[2010/05/28 11:43:50] @ bodepd left channel #puppet ()
[2010/05/28 11:44:24] @ Quit: docelic__: Ping timeout: 240 seconds
[2010/05/28 11:44:56] @ mikepea joined channel #puppet
[2010/05/28 11:46:17] <joe-mac> pixie79: right, that's part of the core philosophy around puppet... the end state is what matters, but there ways to ensure order between parts of your config, you can use require instead of include, and inside resources you can require => Some_resource["resource_name"], and Some_resource can even be Class
[2010/05/28 11:46:27] @ emarshall joined channel #puppet
[2010/05/28 11:47:07] <joe-mac> \\localhost: known issue... probably never be fixed. i'm surprised it ever works...
[2010/05/28 11:47:30] <\\localhost> joe-mac: oh that's bad :(
[2010/05/28 11:47:38] <\\localhost> joe-mac: can i source the file from http ?
[2010/05/28 11:47:47] <pixie79> joe-mac: yes but my issue is that i can chown files it it doesnt distribute the passwd file until last :)
[2010/05/28 11:48:00] <\\localhost> i've rtfm but i can't find anything on this...
[2010/05/28 11:48:14] <joe-mac> source only suppoprts puppet:// i think \\localhost, unless some features have been added. your best bet is to create a define that gets the file via curl/wget/rsync from ssh: or http:
[2010/05/28 11:48:36] <joe-mac> pixie79: distributing your passwd file is asking for trouble
[2010/05/28 11:48:36] <\\localhost> joe-mac: i see, thanks for your advice.
[2010/05/28 11:48:44] <joe-mac> np \\localhost
[2010/05/28 11:49:08] <pixie79> joe-mac: not really helps pci compliance and we use ldap for the main users
[2010/05/28 11:49:44] <matti> ;]
[2010/05/28 11:50:17] @ santoroj joined channel #puppet
[2010/05/28 11:51:50] <\\localhost> joe-mac: but the puppet:// is suitable for small files (configs , etc etc ..) , right ?
[2010/05/28 11:52:00] <joe-mac> \\localhost: yea, that's the intended use
[2010/05/28 11:52:11] <\\localhost> that's fine then :) thanks joe-mac
[2010/05/28 11:52:34] <chadh> joe-mac: you using nagios hostgroups configured by puppet?
[2010/05/28 11:52:38] <joe-mac> pixie79: right, but it would probably be more 'puppet-like' to create your non-ldap user with a user resource, then set resources for user tpes to purge
[2010/05/28 11:52:45] <joe-mac> chadh: yes
[2010/05/28 11:52:56] <chadh> joe-mac: the members are dynamically generated?
[2010/05/28 11:53:10] <joe-mac> sort of. depends on waht you mean by dynamic
[2010/05/28 11:53:14] <joe-mac> let me paste a peice of code
[2010/05/28 11:53:33] <chadh> joe-mac: I mean automatic :) I can't see how to collect that piece of information
[2010/05/28 11:53:49] @ Quit: herdingcat: Quit: Leaving
[2010/05/28 11:55:45] @ bgupta joined channel #puppet
[2010/05/28 11:55:52] <joe-mac> http://www.pastie.org/981980
[2010/05/28 11:55:57] @ Quit: bronto: Quit: Leaving.
[2010/05/28 11:56:15] <joe-mac> basically, that's about as 'dynamic' as i could figure out how to get. it won't work in every environment, but we use a lot of virtualization so one host generally equals one service
[2010/05/28 11:56:46] <chadh> so if you specify the hostgroup parameter, does that create a hostgroup automatically?
[2010/05/28 11:56:48] <joe-mac> then, i have all my hostgroups pre-defined, because you can have empty hostgroups in nagios3
[2010/05/28 11:56:57] @ Quit: Ramonster: Quit: So long, thanx for all the fish
[2010/05/28 11:57:08] <joe-mac> no, the hostgroups, all of them, even if a site doesn't have any, i set up before hand in a nagios::objects class
[2010/05/28 11:57:11] <chadh> ahh. but if the hostgroup is defined with no members, that option will add the host to it?
[2010/05/28 11:57:16] <joe-mac> right
[2010/05/28 11:57:48] <chadh> sweet. that's what I needed to know. I don't mind predefining the hostgroups. I just didn't want to have to add the host to them in addition to setting up the host
[2010/05/28 11:57:57] <joe-mac> right, same here
[2010/05/28 11:58:25] @ docelic__ joined channel #puppet
[2010/05/28 11:58:27] <joe-mac> my base module is a fork of camptocamp's nagios really
[2010/05/28 11:58:29] @ Quit: mikepea: Quit: mikepea
[2010/05/28 11:58:42] <joe-mac> but it's split up differently cause i didn't like some of the stuff they did
[2010/05/28 11:59:10] <chadh> looking at that
[2010/05/28 12:00:27] <joe-mac> ohadlevy: you sleeping?
[2010/05/28 12:01:57] @ Quit: themroc: Remote host closed the connection
[2010/05/28 12:05:10] @ Quit: Pupeno: Quit: Pupeno
[2010/05/28 12:05:38] @ Quit: pheezy: Remote host closed the connection
[2010/05/28 12:06:16] @ DavidS joined channel #puppet
[2010/05/28 12:06:29] @ Quit: beata_: Quit: leaving
[2010/05/28 12:07:11] @ Quit: suit: Quit: leaving
[2010/05/28 12:08:03] @ pheezy joined channel #puppet
[2010/05/28 12:10:10] @ Quit: pheezy: Read error: Operation timed out
[2010/05/28 12:13:28] @ Quit: emarshall: Quit: emarshall
[2010/05/28 12:13:40] <joe-mac> nasrat: i created an issue for klaus on the mailing list, since he's pretty adamant about not creating a login
[2010/05/28 12:14:04] <joe-mac> i create an issue in redmine for "klaus on the mailing list", hope that sounds clearer
[2010/05/28 12:15:49] <jbooth> Someone needs to learn to use a password-syncing firefox extension. :-P
[2010/05/28 12:16:03] <jbooth> Says the guy who hasn't found one he considers acceptable yet but ignore that!
[2010/05/28 12:16:31] @ Quit: lbt_: Remote host closed the connection
[2010/05/28 12:17:26] <rhyno> jbooth: Have you tried xmarks?
[2010/05/28 12:18:43] <jbooth> rhyno: I'd looked at them, but I'm not convinced I want to send my passwords/etc to their servers.
[2010/05/28 12:18:50] <jbooth> The pin encryption seems kinda weak
[2010/05/28 12:19:19] <jbooth> I'd like to just be able to specify my own server.
[2010/05/28 12:21:05] @ Quit: giskard: Remote host closed the connection
[2010/05/28 12:21:22] <\\localhost> jbooth: i agree
[2010/05/28 12:21:38] <joe-mac> i use keepassx
[2010/05/28 12:21:43] <joe-mac> i generate 25 char random passwords
[2010/05/28 12:21:49] <joe-mac> badda bing, bada boom
[2010/05/28 12:21:56] @ Quit: ActionJax: Quit: Leaving
[2010/05/28 12:22:01] <joe-mac> then for unimportant stuff i have a really week password, though i am phasing that out with keepassx
[2010/05/28 12:22:07] <joe-mac> s/week/weak
[2010/05/28 12:22:40] <rhyno> jbooth : I don't believe they are using the pin model any more. It would be nice to specify a server.
[2010/05/28 12:22:56] <jbooth> joe-mac: Does that integrate with firefox, or will I continually be cut&pasting said passwords?
[2010/05/28 12:23:08] <jbooth> rhyno: Their website still says PIN.
[2010/05/28 12:23:22] <jbooth> And they did have a "specify your own server" but it was reported as fairly flakey
[2010/05/28 12:23:25] <jbooth> Which is a real shame.
[2010/05/28 12:23:40] <jbooth> I'm tempted to just "trust google" even though I consider them evil at this point, but...
[2010/05/28 12:25:09] <rhyno> I installed on chrome this morning and it was a user/pass setup. I think the pin on the web it to recover your account but I just set it and forget it so... I do know you have to go into the settings and force encryption for all traffic. I'd think that should be the default if it were me making the rules.
[2010/05/28 12:26:12] <jbooth> If I were making the rules I'm not sure http would exist. :-P
[2010/05/28 12:26:44] <jbooth> CPUs have long since passed the point you shouldn't ever send an unencrypted packet. Except maybe for a FPS. Even that's iffy.
[2010/05/28 12:28:44] <fsweetser> before you do that, would mind fixing HTTPS, and have the client tell the server which hostname it wants to talk to before SSL kicks in so you can do name based HTTPS servers?
[2010/05/28 12:28:57] <joe-mac> jbooth: you copy and paste from keepassx, btu there is a timeout, like ten seconds, where keepassx goes into the clipboard and destroys the data
[2010/05/28 12:29:18] <joe-mac> the timeout is configurable
[2010/05/28 12:29:31] <Dominic> fsweetser: or just have SNI implemented in every client
[2010/05/28 12:30:00] @ Quit: DavidS: Quit: Leaving.
[2010/05/28 12:30:31] <jbooth> joe-mac: Yeah I'm too lazy for that. If it integrated into firefox so it was automatic that'd be really sweet.
[2010/05/28 12:30:39] <fsweetser> Dominic: yeah, that =)
[2010/05/28 12:30:53] <jbooth> fsweetser: That's above my pay grade. ;-) Talk to the campus it architect.
[2010/05/28 12:31:01] <joe-mac> yea, a keepassx plugin for firefox... that would probably be do-able because there are fields in a keepassx entry for the url
[2010/05/28 12:31:49] @ tep joined channel #puppet
[2010/05/28 12:31:49] @ Quit: tep: Changing host
[2010/05/28 12:31:49] @ tep joined channel #puppet
[2010/05/28 12:36:36] @ jel joined channel #puppet
[2010/05/28 12:37:27] <jel> Can't reassign a variable in the same scope. How do I do something like if ($arg == "") { $arg = "$otherarg/x" } ?
[2010/05/28 12:37:54] <jbooth> $realarg = "$otherarg/x" is how people usually do it.
[2010/05/28 12:38:11] <jbooth> Just rename the variable and use the real one through the rest of the manifest
[2010/05/28 12:38:15] <jel> jbooth: does that work in an argspec?
[2010/05/28 12:38:33] <jbooth> jel: You mean in the define? I don't think so
[2010/05/28 12:38:35] <jel> (function signature)
[2010/05/28 12:38:37] <jel> yep
[2010/05/28 12:38:44] <jbooth> jel: When I tried it I didn't get any love
[2010/05/28 12:38:48] @ Quit: themurph: Quit: themurph
[2010/05/28 12:38:54] <jbooth> jel: That was a couple versions ago though, so...
[2010/05/28 12:39:05] <joe-mac> variable scope is getting fixed, fyi
[2010/05/28 12:39:08] <jel> OK, thanks anyway :)
[2010/05/28 12:39:12] <joe-mac> someone from PL told me that i think, or maybe nigel
[2010/05/28 12:39:16] <jel> joe-macah, great
[2010/05/28 12:39:44] <jbooth> There's been discussion on one of the lists about scope getting sanitized.
[2010/05/28 12:39:55] @ Quit: mauve: Quit: Leaving
[2010/05/28 12:39:57] <jbooth> Wonder how long it'll take for the puppet language to quit being declarative. ;-)
[2010/05/28 12:39:58] <xerxas> do you guys deploy the same ssh_authorized_key to several users ?
[2010/05/28 12:40:47] <jbooth> xerxas: In the case I have, I just build a machine-level ssh host trust.
[2010/05/28 12:41:07] <jbooth> xerxas: that's also a supercomputer though, so all hosts have the exact same user list.
[2010/05/28 12:41:09] @ blkperl left channel #puppet ()
[2010/05/28 12:41:11] <joe-mac> xerxas: no, if you need to do any auditing, you're making a larger attack surface by letting one key become several users
[2010/05/28 12:41:26] @ blkperl joined channel #puppet
[2010/05/28 12:42:31] <jel> xerxas: I've done that manually when a user shares the same roles on some machines, as it keeps things easy. But now that I'm moving to puppet and can automate security more, it makes much more sense to keep them unique.
[2010/05/28 12:43:50] <xerxas> err
[2010/05/28 12:44:06] <xerxas> I think need to "impersonate" some users
[2010/05/28 12:44:17] <xerxas> my company have a application users
[2010/05/28 12:44:43] <jel> xerxas: think of them as roles/groups, rather than users
[2010/05/28 12:44:47] <xerxas> to deploy the application , and know who has deployed … we need that any person that can deploy be authorized with its key
[2010/05/28 12:44:47] <joe-mac> sudo -i then su -, or sudo -u, or sudo su - -u someguy
[2010/05/28 12:45:03] <xerxas> ahh
[2010/05/28 12:45:07] <xerxas> right
[2010/05/28 12:45:15] <xerxas> might be a solution ...
[2010/05/28 12:45:16] <joe-mac> right, but are you making them use their personal key to log in to a gateway first before they deploy? otherwise you're losing the audit trail
[2010/05/28 12:45:34] <jel> xerxas: but if you ever need to audit who logged in and did something, they should use their own key
[2010/05/28 12:45:36] <jel> yep
[2010/05/28 12:45:36] <joe-mac> like some people have an automation gateway, where their devsl og in to their personal accounts, then thjat machine is allowed to deploy
[2010/05/28 12:46:05] <joe-mac> so at least you can say "jsmith was logged in from 10.1.1.1 at the time of deployment"
[2010/05/28 12:46:16] <xerxas> yep
[2010/05/28 12:46:24] <xerxas> I'll rethink about it then
[2010/05/28 12:46:42] <joe-mac> if it's a huge change it might not be worth it for you, that's hjust my outlook on it. believe me my devs fight me on it.
[2010/05/28 12:47:04] <jel> joe-mac: manual deployments? Doesn't that overlap a lot with puppet? I used to use capistrano, but I'm planning to do it all in puppet now.
[2010/05/28 12:47:37] <joe-mac> jel: i use capistrano, there is a place for manual deploys, such as when a hudson build is triggered, when the website should be updated... it's something a human needs to push a button for
[2010/05/28 12:47:39] <xerxas> for now I declare several ssh_authorized_key with different names because it need to be unique, but I don't mind, the same key => , different user => and group =>
[2010/05/28 12:47:44] <joe-mac> it's automated as m,uch as possible...
[2010/05/28 12:48:02] <jel> joe-mac: having a lead developer who needs to manage the devs helps a lot. You talk to him, and share similar concerns, he's closer to them in terms of being able to convince them.
[2010/05/28 12:48:08] <xerxas> puppet isn't made for application deployement
[2010/05/28 12:48:12] <xerxas> because it's async
[2010/05/28 12:48:31] <xerxas> I totally agree that theres a need for push button deployements
[2010/05/28 12:48:32] <joe-mac> right, that's why you still need some sort of parallel ssh or deployment framework alongside puppet
[2010/05/28 12:48:54] <jbooth> I'm with joe-mac here. pdsh service puppet (re)start
[2010/05/28 12:48:55] <xerxas> mcollective ! ;)
[2010/05/28 12:49:19] <xerxas> didn't knew of pdsh
[2010/05/28 12:49:21] <joe-mac> mcollective is nice. i'm still on cap...
[2010/05/28 12:49:24] <xerxas> capistrano is nice
[2010/05/28 12:49:28] <jbooth> Of course that's a location where I also only run puppet once on boot
[2010/05/28 12:49:32] <joe-mac> cap doesn't scale so well though
[2010/05/28 12:49:41] <xerxas> but I have headakes doing run "sh -c echo \\" ...
[2010/05/28 12:49:43] <joe-mac> mcollective has like near infinite scaling possibility becauseo f the queueing
[2010/05/28 12:49:47] <xerxas> so much escaping with capistrano
[2010/05/28 12:49:53] <jbooth> pdsh scales very well. And that's seriously important with 768 nodes.
[2010/05/28 12:50:14] <joe-mac> pdsh does? how does it handle the ssh-agent choking on something > 50 simultaneous auth attempts?
[2010/05/28 12:50:20] <joe-mac> or more if you have smaller keys i think?
[2010/05/28 12:50:22] <jel> joe-mac: but why isn't the developer tagging a release enough for puppet to take that and deploy?
[2010/05/28 12:50:32] <jbooth> joe-mac: puppetmaster chokes long before pdsh.
[2010/05/28 12:50:37] <alhoang> capistrano is tricky past 200+ connections as some versions of ruby blow up, some versions of cap blow up, and sometimes even net-ssh itself has issues. *sigh*
[2010/05/28 12:50:41] <jbooth> joe-mac: So I'm always rate limited by that instead
[2010/05/28 12:51:01] <jbooth> joe-mac: And if not puppetmaster, then nodes all slamming the ldap server... or dns server...
[2010/05/28 12:51:06] <joe-mac> alhoang: mine fails due to the agent on a low number of hosts. i had to split my servers up into sub-roles
[2010/05/28 12:51:15] <joe-mac> jbooth: interesting
[2010/05/28 12:51:42] <jbooth> joe-mac: We can fan-out with 32 connections just fine for patching or similar, we've never tried wider.
[2010/05/28 12:51:58] <jbooth> joe-mac: even at 32 with a big patch set we tend to be hitting the local repo too hard already
[2010/05/28 12:52:16] <jel> jbooth: should be fairly easy to scale puppet though, splitting configs, deploying those to multiple puppet servers, then from there to client machines?
[2010/05/28 12:52:35] <joe-mac> jel: sure that works if your developers understand version control
[2010/05/28 12:52:53] <jbooth> jel: If I had a large supply of service hosts to run puppetmaster on, sure.
[2010/05/28 12:53:05] <jbooth> Also if the performance of ruby on ppc was better, that wouldn't hurt.
[2010/05/28 12:53:28] <jbooth> But this is a HPC cluster and spending money on excess head nodes isn't their way.
[2010/05/28 12:53:32] <joe-mac> jbooth: what kind of box are you using to handle 768 nodes, and what's your runinterval? do you mess with the splay values?
[2010/05/28 12:53:47] <jbooth> Also, any excess I had became spare parts for compute nodes... stupid failing apple PSUs.
[2010/05/28 12:53:57] <jbooth> joe-mac: --onetime at boot.
[2010/05/28 12:54:06] <joe-mac> and you stagger reboots i assume
[2010/05/28 12:54:13] <jbooth> joe-mac: And we use apache to rate-limit incoming connections so puppetmaster doesnt' backup.
[2010/05/28 12:54:15] <joe-mac> i want to get into HPC so bad
[2010/05/28 12:54:19] <jbooth> joe-mac: Yeah, we do stagger
[2010/05/28 12:54:35] * jbooth heard from a friend that SDSC has switched from Rocks to Puppet.
[2010/05/28 12:54:45] <jbooth> In some ways though HPC is a really boring problem.
[2010/05/28 12:54:56] <joe-mac> how do you determine how to partition a cluster like that, do you just iterate through like node0-31, reboot?
[2010/05/28 12:55:04] @ Quit: itguru: Quit: Leaving
[2010/05/28 12:55:08] <jbooth> joe-mac: Pretty much.
[2010/05/28 12:55:20] <jbooth> One thing to remember about clusters: they're batch systems, and you almost always have a job queue.
[2010/05/28 12:55:28] @ Quit: mellen: Ping timeout: 260 seconds
[2010/05/28 12:55:31] <joe-mac> i just like the idea that i am helping the world solve real problems through my work, albeit indirectly, it's better than feeling like your work just makes some guys money
[2010/05/28 12:55:42] <jbooth> So you'll end up with a couple-hour maintenance window sometime each month where you do your work.
[2010/05/28 12:55:47] @ Quit: jel:
[2010/05/28 12:55:53] <jbooth> If it takes a while to pdsh through a reboot... eh so what?
[2010/05/28 12:56:16] <jbooth> Also, since the task of the cluster is to run jobs not service users you can do things like set your maintenance window to occur during the workday. :-)
[2010/05/28 12:56:44] @ mellen joined channel #puppet
[2010/05/28 13:04:20] <mpdehaan> jbooth, you could always go to the big circuit breaker in the datacenter and just flick it on and off real quick
[2010/05/28 13:06:33] @ Quit: \ask: Remote host closed the connection
[2010/05/28 13:06:48] @ j00bar joined channel #puppet
[2010/05/28 13:06:55] @ \ask joined channel #puppet
[2010/05/28 13:07:08] <j00bar> is there a way to fire different notifications based on whether a file is new or updated?
[2010/05/28 13:07:30] <jbooth> mpdehaan: You have no idea how glad I am they put a cover on that. Because it glows. My precioussss....
[2010/05/28 13:08:01] <mpdehaan> j00bar, I don't think so, notify would work on both IIRC
[2010/05/28 13:08:05] <jbooth> mpdehaan: Unfortunately with the "data center consolidation" they have going on we now have other machines in that datacenter. Otherwise I was looking forward to slamming that when this cluster finally 'expired'
[2010/05/28 13:08:51] <mpdehaan> more seriously, we did the power management integration thing in Cobbler at one point. Something like that for Puppet would be cool.
[2010/05/28 13:08:53] <jbooth> j00bar: You could fake that with a exec { "touch file": creates => file, notify => secondthing }
[2010/05/28 13:09:11] <mpdehaan> that's just basic fence wrapper stuff though, but its' a little weird
[2010/05/28 13:09:15] <mpdehaan> as it doesn't target *that* host
[2010/05/28 13:09:26] <mpdehaan> eh, maybe not such a good idea
[2010/05/28 13:09:52] <jbooth> j00bar: (said exec doing the "file is new" part of the implementation, use your standard file delivery for "updated"}
[2010/05/28 13:10:00] @ Quit: TREllis: Quit: leaving
[2010/05/28 13:10:06] <jbooth> j00bar: Oh... and exec must before=>file otherwise you won't for sure detect the file is new.
[2010/05/28 13:10:33] <j00bar> jbooth: except the file isn't just a "presence/absence" thing...
[2010/05/28 13:10:47] <j00bar> basically on initial setup, i've got to run one command...
[2010/05/28 13:10:54] <j00bar> and any updated setup i've got to run a different command...
[2010/05/28 13:11:40] @ Quit: \ask: Ping timeout: 260 seconds
[2010/05/28 13:13:17] @ jaredrhine joined channel #puppet
[2010/05/28 13:14:35] @ Quit: mellen: Ping timeout: 252 seconds
[2010/05/28 13:15:26] @ Quit: bug: Quit: bug
[2010/05/28 13:18:05] @ Quit: jaredrhine: Ping timeout: 272 seconds
[2010/05/28 13:23:50] <robinbowes> Is there a simply way to enable/disable a file?
[2010/05/28 13:24:13] <j00bar> robinbowes: you can use a conditional switch...
[2010/05/28 13:24:32] <robinbowes> ie. I'd like to do : file{ foo: source => 'puppet:///modules/bar/foo'}
[2010/05/28 13:24:48] <robinbowes> But, remove it if $enable is false
[2010/05/28 13:25:16] <robinbowes> So, I have to use a conditional?
[2010/05/28 13:25:16] <j00bar> robinbowes: file { "foofile": ensure => $enabled ? {true => 'file', false => 'absent'} }
[2010/05/28 13:25:23] @ gmcquillan joined channel #puppet
[2010/05/28 13:25:44] <robinbowes> Ah, OK. Let me try that
[2010/05/28 13:25:57] <robinbowes> I was just using ensure => $enabled
[2010/05/28 13:27:08] <ciupicri> does anyone has any idea regarding this bug https://bugzilla.redhat.com/show_bug.cgi?id=597285 ?
[2010/05/28 13:27:14] @ giskard joined channel #puppet
[2010/05/28 13:27:25] <ciupicri> am I doing something wrong?
[2010/05/28 13:28:44] <robinbowes> j00bar: thx
[2010/05/28 13:29:08] <mpdehaan> ciupicri, first file the puppet bugs in projects.puppetlabs.com
[2010/05/28 13:29:20] <mpdehaan> the distro bug tracker is probably not ideal to getting them looked at as quickly
[2010/05/28 13:30:37] <ciupicri> mpdehaan, I agree, that's why I've also asked here on the channel :-)
[2010/05/28 13:30:45] <mpdehaan> I mean use the bug tracker
[2010/05/28 13:31:26] <jbooth> j00bar: You should still be able to do that with that sort of exec setup. A "setup exec" with creates=> will only run once to create the file, then you can update it however you like and notify the other command?
[2010/05/28 13:31:48] <j00bar> jbooth: hmm... i'll see what i can jerryrig.
[2010/05/28 13:31:49] <mpdehaan> I don't know why SELinux is not letting puppet do that, it should be unconfined ... ?
[2010/05/28 13:32:19] @ Quit: fbe_: Ping timeout: 265 seconds
[2010/05/28 13:32:27] <ciupicri> mpdehaan, the partition is mounted read-only and I also don't want it to be changed
[2010/05/28 13:33:32] <jbooth> Selinux screws up running extneral programs with the dumping into /tmp
[2010/05/28 13:33:35] <mpdehaan> I suspect the change is there because mounts /must/ be set to that type
[2010/05/28 13:33:42] <mpdehaan> if you pre-set it to that type it should work?
[2010/05/28 13:33:47] <mpdehaan> like jbooth said, with an exec?
[2010/05/28 13:33:59] <mpdehaan> well it's read only, but I think you see what I'm saying?
[2010/05/28 13:34:05] <mpdehaan> the problem is SELinux works differently between OS distros
[2010/05/28 13:34:16] <mpdehaan> s/the/one/
[2010/05/28 13:34:23] <mpdehaan> because of newer versions of the policy
[2010/05/28 13:34:40] <jbooth> So I'd be suspicious that that might be hosing up something else unrelated -- by disabling puppet's ability to inspect the state of something.
[2010/05/28 13:34:51] <jbooth> Like puppet thinking it isn't mounted, so it can change the permissions of the directory
[2010/05/28 13:35:01] <ciupicri> mpdehaan, I think I understand what you're saying. I'll try it right away. IIRC it worked, but I hate this solution. I shouldn't care about what's on the mounted partition.
[2010/05/28 13:35:17] <mpdehaan> right
[2010/05/28 13:35:25] <mpdehaan> It should just be setting up the mount
[2010/05/28 13:35:26] <jbooth> mpdehaan: Is puppet-dev google group moderated?
[2010/05/28 13:35:36] <mpdehaan> it requires subscription and that's it IIRC
[2010/05/28 13:35:37] @ jaredrhine joined channel #puppet
[2010/05/28 13:35:54] * mpdehaan => AFK for a bit
[2010/05/28 13:36:01] <jbooth> I'm subscribed, but I sent a mail and didn't obviously get a bounce nor has it gone through in 30 minutes... Hmm.
[2010/05/28 13:36:28] <jbooth> ciupicri: I'd just encourage you to kill selinux on fedora 12+ until either puppet or the distro fixes the issues.
[2010/05/28 13:36:47] <jbooth> ciupicri: There's a puppet bug somewhere to quit using temp files for command output because that causes huge selinux enforcement issues.
[2010/05/28 13:37:27] @ adrian_broher joined channel #puppet
[2010/05/28 13:37:32] <ciupicri> jbooth, here are 2 other selinux bugs https://bugzilla.redhat.com/show_bug.cgi?id=596535 and https://bugzilla.redhat.com/show_bug.cgi?id=596536
[2010/05/28 13:38:48] <mpdehaan> jbooth, I approved it
[2010/05/28 13:38:56] <mpdehaan> not sure why it was moderating you but I set to "always allow"
[2010/05/28 13:38:58] <mpdehaan> so maybe it is
[2010/05/28 13:39:23] <ciupicri> mpdehaan, I've change file to seltype => public_content_t, seluser => unconfined_u and puppet stopped complaining
[2010/05/28 13:39:24] * mpdehaan is not a SELinux fan either, FWIW, though it needs to work
[2010/05/28 13:39:40] <mpdehaan> yeah it wants to make sure it is public_content_t I bet
[2010/05/28 13:39:50] <mpdehaan> which is generally what it needs to be anyway, I think
[2010/05/28 13:39:55] <jbooth> mpdehaan: Thanks!
[2010/05/28 13:40:01] <mpdehaan> that's what you have to do to get something to work via TFTP, I remember
[2010/05/28 13:40:11] <mpdehaan> and also NFS
[2010/05/28 13:40:19] <mpdehaan> if it worked without that it's odd
[2010/05/28 13:40:20] * jbooth is a selinux fan, it has saved me from bad developer php code, but... it is a pain in the aft.
[2010/05/28 13:40:26] <mpdehaan> yeah more of that
[2010/05/28 13:40:43] <mpdehaan> as a developer when I was working on it, I didn't have to get saved from that, it was just the pain :)
[2010/05/28 13:40:55] <mpdehaan> ok actually AFK for a bit now :)
[2010/05/28 13:41:38] * eric0 reading through lak's slides. is there video of the talk available?
[2010/05/28 13:41:59] @ bug joined channel #puppet
[2010/05/28 13:43:45] @ emarshall joined channel #puppet
[2010/05/28 13:44:52] @ mellen joined channel #puppet
[2010/05/28 13:47:31] @ Mick27 joined channel #puppet
[2010/05/28 13:50:34] @ \ask_ joined channel #puppet
[2010/05/28 13:51:10] <twiz_> I'd like to configure two differnt environments (development and production), which use the same manifest/modules but use different passwords. Where do I store the passwords? It probably wouldn't be secure to put them as variables in Facter
[2010/05/28 13:52:36] * jbooth mutters something about "stupid meeting that won't end so I can catch a pal and head to lunch"
[2010/05/28 13:52:41] @ nigelk joined channel #puppet
[2010/05/28 13:52:43] @ Quit: xerxas: Ping timeout: 264 seconds
[2010/05/28 13:52:56] @ ciupicri is now known as ciupicri|away
[2010/05/28 13:53:08] <jbooth> twiz_: If both environments have the same manifest/modules, aren't they the same thing and shouldn't have different passwords?
[2010/05/28 13:53:16] <chadh> mpdehaan: ping
[2010/05/28 13:53:28] <jbooth> twiz_: I think you'd probably be best splitting the manifests and defining them there.
[2010/05/28 13:54:18] <twiz_> well I'd like to keep the passwords out of source control. Ideally they would be in a yaml file somewhere and it would error if that file didn't exist
[2010/05/28 13:54:56] @ gaveen joined channel #puppet
[2010/05/28 13:57:45] <jbooth> Volcane's extlookup?
[2010/05/28 13:58:12] @ Quit: bgupta: Quit: bgupta
[2010/05/28 13:58:14] <jbooth> I mean, keeping them in dashboard or facter might also be okay -- they are already hashes
[2010/05/28 13:58:33] <nigelk> someone on irc the other day claimed we could use $certname in manifests to refer to the client certname... but this doesn't seem to be the right variable. Anyone know what it's meant to be ?
[2010/05/28 13:58:51] @ bgupta joined channel #puppet
[2010/05/28 13:59:28] <twiz_> I will take a look at thix extlookup
[2010/05/28 13:59:29] @ Quit: bgupta: Remote host closed the connection
[2010/05/28 13:59:37] <twiz_> thanks
[2010/05/28 14:00:00] @ bgupta joined channel #puppet
[2010/05/28 14:07:43] @ Quit: santoroj: Ping timeout: 276 seconds
[2010/05/28 14:13:16] <twiz_> is %{fqdn} the same as $fqdn?
[2010/05/28 14:13:57] <chadh> twiz_: ${fqdn} ?
[2010/05/28 14:14:23] @ xerxas joined channel #puppet
[2010/05/28 14:15:05] @ themurph joined channel #puppet
[2010/05/28 14:16:00] <twiz_> In site.pp I have done if ($fqdn == "foo.domain.com") and I notice documentation referencing %{fqdn} I'm just wondering what the difference is?
[2010/05/28 14:16:41] <chadh> twiz_: hmm, typo, maybe? Or maybe that is some new feature of the language (treat fqdn as hash?)
[2010/05/28 14:21:43] @ Quit: stockholm: Remote host closed the connection
[2010/05/28 14:22:32] @ Quit: rcrowley: Quit: rcrowley
[2010/05/28 14:24:57] @ Quit: adrian_broher: Ping timeout: 276 seconds
[2010/05/28 14:25:19] @ adrian_broher joined channel #puppet
[2010/05/28 14:28:16] <mpdehaan> chadh, where is it, it should be ${fqdn} or $fqdn
[2010/05/28 14:28:23] <mpdehaan> that looks like a typo
[2010/05/28 14:28:31] <chadh> mpdehaan: ask twiz_
[2010/05/28 14:28:41] <mpdehaan> twiz_, ^ let me know where that is and I'll fix it up
[2010/05/28 14:29:03] <chadh> mpdehaan: I am going to be at SELF and would like to talk to you about Cobbler here at Georgia Tech's college of computing
[2010/05/28 14:29:10] <chadh> s/Cobbler/Puppet/
[2010/05/28 14:29:15] <mpdehaan> sweet
[2010/05/28 14:29:17] <chadh> (although I want to talk to you about cobbler as well)
[2010/05/28 14:29:23] <mpdehaan> that too :)
[2010/05/28 14:29:44] <chadh> I'm planning to make cobbler the center of my world here, so I want to make sure it has a future ;-)
[2010/05/28 14:29:47] <mpdehaan> I'm really looking forward to SELF ... looks like a lot of fun
[2010/05/28 14:29:57] <chadh> mpdehaan: my first time
[2010/05/28 14:30:21] <zahna> hey, if i have a node block with some variables and includes, are the variables assigned before the includes are evaluated?
[2010/05/28 14:30:44] <mpdehaan> yeah wanted to make it last time, ended up going to HP tech forum for $work
[2010/05/28 14:31:09] <mpdehaan> zahna, you are doing includes with dollar signs in them?
[2010/05/28 14:31:16] <mpdehaan> like "include $foo" ?
[2010/05/28 14:31:18] <zahna> mpdehaan: nope
[2010/05/28 14:31:51] <zahna> i'm doing things like "$mysql_server_type = master" then "include mysql"
[2010/05/28 14:31:54] <chadh> zahna: yes . the variables are evaluated before your includes. At leat that works for me
[2010/05/28 14:32:01] <chadh> s/leat/least/
[2010/05/28 14:33:26] <zahna> chadh: cool. i wasn't sure if puppet executed in that order.
[2010/05/28 14:34:10] <chadh> zahna: you can rarely depend on order if you don't explicitly specify it, but for whatever reason, that works. I am pretty sure it is intentional, though ;-)
[2010/05/28 14:34:33] <zahna> chadh: right, which is why i was asking :)
[2010/05/28 14:40:02] <mpdehaan> variables don't quite obey the same order properties
[2010/05/28 14:40:32] <mpdehaan> I think it's going to work a bit better in coming releases but you'd have to ask dev list as the implementation is complicated :)
[2010/05/28 14:40:39] <mpdehaan> s/a bit/even/
[2010/05/28 14:41:24] <dan__t> Alright... I have a directory that was mistakenly created. There should be a file in its place instead. Trying to write a resource that does ensure => absent, but I want/need to make sure this directory exists before I do that, so it doesn't delete the subsequent file...
[2010/05/28 14:41:27] <dan__t> Does that make sense?
[2010/05/28 14:41:32] @ notbrien joined channel #puppet
[2010/05/28 14:46:26] @ gm1959 joined channel #puppet
[2010/05/28 14:47:24] <gm1959> can anyone please explain group {}? I don't get the 'manages_members' thing, and just adding 'members => [a,b,c],' did nothing
[2010/05/28 14:49:06] <mpdehaan> gm1959, do you have ensure => present added ?
[2010/05/28 14:49:08] <chadh> gm1959: look closely at your puppet logs. You may see a message saying that your provider does not support that functionality. I run rhel here, and that is the case for 'groupadd'
[2010/05/28 14:49:10] <mpdehaan> maybe you can pastebin what you have
[2010/05/28 14:49:49] <gm1959> chadh - centos/rhel dont support groupadd? interesting
[2010/05/28 14:50:04] <mpdehaan> no no no
[2010/05/28 14:50:09] <mpdehaan> it's different :)
[2010/05/28 14:50:16] <chadh> gm1959: it uses groupadd, but the puppet groupadd provider doesn't seem to support manages_members
[2010/05/28 14:50:20] <mpdehaan> manages members means the group controls what members are in it
[2010/05/28 14:50:25] <mpdehaan> rather than the user
[2010/05/28 14:50:33] <mpdehaan> so centos/rhel do it through the user
[2010/05/28 14:50:40] <gm1959> aah
[2010/05/28 14:50:57] <mpdehaan> user { gid => 'whatever',groups => [ 'othergroup1', 'othergroup2' ] }
[2010/05/28 14:51:05] <mpdehaan> but you also have to declare the group so it will exist
[2010/05/28 14:51:10] <dan__t> What about modifying an existing user? I need to change the shell on a user account.
[2010/05/28 14:51:17] <mpdehaan> with groups the dependencies are auto detected, so the user does not have to require the group
[2010/05/28 14:51:23] <mpdehaan> yeah that is easy
[2010/05/28 14:51:35] <chadh> mpdehaan: it would be nice if we could do both, though. for instance 'httpd' user is defined in webserver class, but then I need to add it to the nagios group
[2010/05/28 14:52:08] <mpdehaan> user { "foo": ensure=>present; shell=> "/bin/false" }
[2010/05/28 14:52:28] <mpdehaan> chadh, yeah you have to do that in the webserver class now
[2010/05/28 14:52:30] @ Quit: thegcat: Quit: Leaving.
[2010/05/28 14:52:36] <joe-mac> chadh: sub-optimal, but i get around that problem by iunheriting the class the user is defined in and overriding the groups
[2010/05/28 14:54:30] <chadh> I wonder if you could use virtual resources somehow. Can you override attributes on a resource when you realize it?
[2010/05/28 14:54:39] <dan__t> hmm
[2010/05/28 14:54:44] <dan__t> Existing user?
[2010/05/28 14:55:07] <dan__t> Guess we'll find out.
[2010/05/28 14:55:13] <chadh> dan__t: I'm sure you can't, because I am pretty sure that defeats the purpose of the virtual resources in the first place. You could have conflicting versions
[2010/05/28 14:55:16] <gm1959> groups => [ "wheel", "apache", "nagios" ] - didn't seem to do jack to the groups
[2010/05/28 14:56:16] <dan__t> er, what
[2010/05/28 14:56:25] @ Quit: adrian_broher: Ping timeout: 265 seconds
[2010/05/28 14:56:50] <joe-mac> you can override by inheriting the class you realize in
[2010/05/28 14:56:52] @ adrian_broher joined channel #puppet
[2010/05/28 14:57:23] <chadh> I mean if you realize the same user in two different places and can override attributes, then they could conflict. I think that is what virtual resources were supposed to get around in the first place.
[2010/05/28 14:57:24] <joe-mac> you could gm1959, the groups param should work- what scenario are you seeing it fail in?
[2010/05/28 14:57:58] <gm1959> joe-mac - I'm thinking this is a 'realize' problem, since the users are virtual
[2010/05/28 14:58:17] <joe-mac> are you trying to override those parameters when you realize or something?
[2010/05/28 14:59:02] <gm1959> I'm just guessing that none of the 'ifs' are triggering the realize. I can go in and force it to see if the group stuff is being added
[2010/05/28 15:00:20] <gm1959> what happens if there are multiple 'realize'?
[2010/05/28 15:00:35] <gm1959> of the same resource, I mean?
[2010/05/28 15:00:46] <joe-mac> gm1959: you get failures
[2010/05/28 15:01:15] @ Quit: MattM: Quit: Leaving.
[2010/05/28 15:01:16] @ MattM1 joined channel #puppet
[2010/05/28 15:03:10] @ Quit: MattM1: Client Quit
[2010/05/28 15:04:00] @ Quit: adrian_broher: Ping timeout: 240 seconds
[2010/05/28 15:04:23] @ adrian_broher joined channel #puppet
[2010/05/28 15:19:47] @ ad4m joined channel #puppet
[2010/05/28 15:20:26] <gm1959> is there a resource or something that will allow me to keep all the files in a directory in sync? files being served out of the module config?
[2010/05/28 15:21:56] <ad4m> if i have a large set of package definitions, is there anyway to make them all require or depend on another definition instead of have a 'require' line in each package definition?
[2010/05/28 15:22:14] <chadh> gm1959: the file resource can do that (with recurse => true), but there is long, sordid story that goes with using it :)
[2010/05/28 15:22:18] <gm1959> ad4m - use inheritance
[2010/05/28 15:22:49] <chadh> ad4m: maybe put them in a class, and then depend/require the class?
[2010/05/28 15:22:56] <chadh> (that's new with 0.25)
[2010/05/28 15:23:02] <gm1959> chadh - okay, where do I begin reading this long, sad story?
[2010/05/28 15:23:14] <ad4m> so everything in a super class of a class is "executed" before the class?
[2010/05/28 15:24:15] <chadh> gm1959: I am not sure what the current state is, but managing a directory of files used to perform extremely poorly. The switch to REST was supposed to help, and I know I have seen discussions on the -dev list about how to make it even better. I am just not sure how many of the changes have made it into the current version
[2010/05/28 15:24:55] <gm1959> speaking of current versions - how do I upgrade from 0.25.4 to 25.5?
[2010/05/28 15:25:02] <gm1959> is there a simple version?
[2010/05/28 15:25:14] <chadh> gm1959: upgrade the master first
[2010/05/28 15:25:16] <chadh> that's pretty much it
[2010/05/28 15:25:18] <ad4m> chadh: its the other way around in my case, i have one file resource definition that i need to have in place before the package resources should be run. any suggestions?
[2010/05/28 15:26:23] <chadh> ad4m: I think the class can also require resources. class foo { require => File['bar'] } maybe? I haven't done this yet
[2010/05/28 15:28:43] <chadh> gm1959: http://tinyurl.com/38oc2of
[2010/05/28 15:28:45] <ad4m> hmmm that seems odd, but i'll give it a shot
[2010/05/28 15:28:56] @ Beens joined channel #puppet
[2010/05/28 15:29:02] <chadh> there is a kind of recent discussion about recursion. notice in particular Brice's posts
[2010/05/28 15:29:04] <Beens> hi @all
[2010/05/28 15:29:34] <setient> quick question about erb templates if anyone here is good :)
[2010/05/28 15:29:48] <gm1959> are fileserver resources from a module path relative? IE source => "/etc/foo" is really /etc, but source => "etc/foo" is <path to module>/files/etc/foo?
[2010/05/28 15:31:04] @ Quit: adrian_broher: Ping timeout: 240 seconds
[2010/05/28 15:31:24] <joe-mac> setient: erb templates is just ruby code wrapped in tags, so sure someone can help shoot the question
[2010/05/28 15:31:30] @ adrian_broher joined channel #puppet
[2010/05/28 15:34:52] @ Quit: bug: Quit: bug
[2010/05/28 15:35:45] <setient> joe-mac: sweet i am wondering if http://pastebin.com/8T1NuYM4 is correct (i put the erb file in there)
[2010/05/28 15:35:54] <setient> i also have NFC how to call that after i put that into a pp file
[2010/05/28 15:36:01] @ ckauhaus joined channel #puppet
[2010/05/28 15:36:06] <gm1959> chadh - good god. default behavior is to checksum each and every file twice, using a non-optimal cpu intensive version of the md5 sum? holy crap
[2010/05/28 15:36:37] <chadh> gm1959: ;-)
[2010/05/28 15:37:11] <gm1959> lol... and the fix is pushed out at least two more releases
[2010/05/28 15:37:16] <joe-mac> setient: atre you using modules? if not you need tio set templatedir = /etc/puppet/templates in puppet.conf
[2010/05/28 15:37:37] <joe-mac> then create the templates folder, put that in, then in the file resource use the parameter content => template("filename.whatever"),
[2010/05/28 15:37:46] <joe-mac> i keep losing my vpn, christ this is annoying
[2010/05/28 15:39:33] <setient> i am not using modules
[2010/05/28 15:39:43] <setient> you can't just put them in the files folder?
[2010/05/28 15:39:47] <setient> it HAS to be the templates folder?
[2010/05/28 15:40:35] <joe-mac> it's wherever you set templatedir to be
[2010/05/28 15:42:28] <setient> k sweet
[2010/05/28 15:42:29] <setient> thanks
[2010/05/28 15:42:55] @ brehm left channel #puppet ()
[2010/05/28 15:43:39] <setient> ok so now how do i call that (i been using just classes instead of defines)
[2010/05/28 15:44:58] @ Quit: adrian_broher: Ping timeout: 258 seconds
[2010/05/28 15:45:34] <joe-mac> i don't understand that last statement, so i'm going to ignore it, but you need to use the content parameter of the file resource. you do it like this file { "/etc/something": content => template("filenameoftemplate") }
[2010/05/28 15:45:37] @ adrian_broher joined channel #puppet
[2010/05/28 15:46:24] @ bug joined channel #puppet
[2010/05/28 15:48:08] @ Quit: gaveen: Ping timeout: 265 seconds
[2010/05/28 15:48:18] <joe-mac> say i create a link like file { "/etc/somethign": ensure => "/etc/someotherthing_that_is_a_directory" } can i do file { "/etc/something/.": checksum => md5, notify => Service["someservice"] }?
[2010/05/28 15:49:16] <joe-mac> i have a link from my nagios3 configs to an auto generated serviceextinfo folder from nagiosgrapher. i want to watch to see if new extinfo files are created. and then kick nagios if there are, but i want to use the path like the link i created...
[2010/05/28 15:50:03] @ ciupicri|away is now known as ciupicri
[2010/05/28 15:52:23] <tuvyz> i'm having a hard time getting foreman to run. my latest trial: checkout foreman from git to /usr/share/foreman. running /usr/share/foreman/scripts/server -e productions says: RubyGem version error: rack(1.1.0 not ~> 1.0.1). how do i get arount this error?
[2010/05/28 15:54:54] <jbooth> tuvyz: Pull your rack package off from your system package manager and install 'rubygems' instead. Use 'gem' to install 1.0.1. You're using ubuntu too, aren't you?
[2010/05/28 15:55:23] <nahamu> is there a way to trigger the notice function just before an exec runs?
[2010/05/28 15:55:48] <tuvyz> jbooth: debian (squeeze). how do i tell gem to install 1.0.1, not 1.1.0
[2010/05/28 15:56:02] <joe-mac> --version=1.0.1 i think
[2010/05/28 15:56:37] @ verwilst joined channel #puppet
[2010/05/28 15:57:42] @ Quit: [GuS]: Read error: Connection reset by peer
[2010/05/28 15:57:54] @ plathrop-away is now known as plathrop
[2010/05/28 15:59:11] <tuvyz> joe-mac: that worked. thanks
[2010/05/28 15:59:28] <tuvyz> now i'm getting an internal server error. at least the server starts!
[2010/05/28 15:59:36] @ Guest24975 joined channel #puppet
[2010/05/28 16:00:34] @ gaveen joined channel #puppet
[2010/05/28 16:02:50] @ alrs joined channel #puppet
[2010/05/28 16:05:51] <|Mike|> reeeeeeeeeee
[2010/05/28 16:05:56] <jbooth> debian/ubuntu, close enough.
[2010/05/28 16:05:56] * |Mike| got home from puppetcamp
[2010/05/28 16:06:24] <jbooth> Maybe someday we'll have a friggin budget again and I can attend a camp. :-/
[2010/05/28 16:06:36] <|Mike|> It was awesom!
[2010/05/28 16:07:01] @ Quit: Guest24975: Read error: Operation timed out
[2010/05/28 16:07:40] @ Quit: emarshall: Quit: emarshall
[2010/05/28 16:08:34] <|Mike|> I'm actually looking for the English lad which I learned some dutch in the Openspace time about system administration challenge
[2010/05/28 16:09:51] <gm1959> the more I play with puppet the more I like it.
[2010/05/28 16:10:18] <gm1959> very nice alternative to cfengine
[2010/05/28 16:11:17] <|Mike|> gm1959: you've attended at puppetcamp in ghent?
[2010/05/28 16:11:50] <gm1959> nope. wish I could actually get trained on it instead of learning it by trial of fire
[2010/05/28 16:12:12] <|Mike|> http://dl.dropbox.com/u/469429/PuppetChangeManagement.pdf
[2010/05/28 16:14:25] <|Mike|> Oh, i'm actually looking for lordcope
[2010/05/28 16:15:40] <Beens> puppetcamp was nice :)
[2010/05/28 16:15:42] <joe-mac> that's interesting
[2010/05/28 16:16:40] @ Quit: beata:
[2010/05/28 16:16:50] <jbooth> gm1959: You learn a heck of a lot more in the trail by fire.
[2010/05/28 16:16:58] <jbooth> gm1959: Course sometimes you learn bad ways of doing things...
[2010/05/28 16:17:30] <gm1959> jbooth - yep. :)
[2010/05/28 16:17:57] @ Quit: kolla: Remote host closed the connection
[2010/05/28 16:19:24] @ Quit: Mick27: Quit: Leaving
[2010/05/28 16:19:32] @ Quit: ninjazjb: Read error: No route to host
[2010/05/28 16:22:16] @ Quit: madduck: Ping timeout: 276 seconds
[2010/05/28 16:23:41] @ madduck joined channel #puppet
[2010/05/28 16:27:00] @ stewartl42 joined channel #puppet
[2010/05/28 16:27:03] @ stewartl42 left channel #puppet ()
[2010/05/28 16:36:20] @ Quit: gmcquillan: Quit: gmcquillan
[2010/05/28 16:37:10] <nahamu> is there a way to make a module depend fully on another module?
[2010/05/28 16:37:32] <nahamu> using require seems to pull in all the definitions, but has no affect on the dependency graph.
[2010/05/28 16:37:43] <nahamu> do I have to make all inter-module dependencies explicit?
[2010/05/28 16:37:43] <agaffney> I don't think you can do dependencies at the module level
[2010/05/28 16:37:53] <nahamu> that sucks
[2010/05/28 16:38:28] @ sebas891 joined channel #puppet
[2010/05/28 16:38:58] <gm1959> does notify => Service['blah'] have a doc page anywhere? I don't understand how a restart/reload gets called
[2010/05/28 16:39:25] <bhearsum> you probably want http://docs.puppetlabs.com/references/latest/configuration.html
[2010/05/28 16:40:42] @ Brownoxford joined channel #puppet
[2010/05/28 16:42:18] <Brownoxford> Hi Folks, is it possible to specify a "null" value that will be ignored when a resource is executed? I have a define that accepts "groups" and proxies to the user resource, but it's breaking if no groups are specified.
[2010/05/28 16:42:40] <Brownoxford> It actually tries to run usermod with a group consisting of the empty string
[2010/05/28 16:43:12] <Brownoxford> like this: /usr/sbin/usermod -G ,ssh,users,wheel myusername
[2010/05/28 16:45:56] @ alban2 joined channel #puppet
[2010/05/28 16:46:12] @ Quit: caglar10ur: Quit: caglar10ur
[2010/05/28 16:46:22] @ Quit: MarkN1: Ping timeout: 264 seconds
[2010/05/28 16:47:21] @ foo_ joined channel #puppet
[2010/05/28 16:47:56] @ Quit: foo_: Client Quit
[2010/05/28 16:51:19] @ Quit: alfism: Quit: alfism
[2010/05/28 16:52:08] @ Quit: kn1ght: Ping timeout: 248 seconds
[2010/05/28 16:53:23] @ Quit: axisys: Quit: leaving
[2010/05/28 16:53:36] <jbooth> Brownoxford: =>undef
[2010/05/28 16:54:03] @ axisys joined channel #puppet
[2010/05/28 16:54:17] <jbooth> nahamu: I think that's coming in the next release. Require should do it, but I think there's a bug if you require multiple times only the (last?) one sticks
[2010/05/28 16:59:05] <gm1959> where does the filebucket live?
[2010/05/28 16:59:18] <gm1959> by default, I mean
[2010/05/28 16:59:59] @ Quit: bug: Quit: bug
[2010/05/28 17:00:11] <|Mike|> var/lib/something ?
[2010/05/28 17:00:58] <jbooth> default $vardir/bucket
[2010/05/28 17:01:04] <jbooth> so sayeth puppetmaster --genconfig
[2010/05/28 17:02:42] @ Quit: bgupta: Quit: bgupta
[2010/05/28 17:03:37] @ bgupta joined channel #puppet
[2010/05/28 17:08:23] <gm1959> is ensure syntax for a file - file { "source": ensure => target } or file { "target": ensure => "source"}???
[2010/05/28 17:08:49] @ Quit: nexx: Quit: quit
[2010/05/28 17:17:21] @ Guest24975 joined channel #puppet
[2010/05/28 17:18:08] @ Quit: themurph: Quit: themurph
[2010/05/28 17:19:00] @ Quit: ckauhaus: Quit: Leaving.
[2010/05/28 17:21:49] <ciupicri> gm1959, you need a comma (,) before }
[2010/05/28 17:22:13] <ciupicri> gm1959, as for the rest look here http://docs.reductivelabs.com/guides/types/file.html
[2010/05/28 17:22:31] @ bug joined channel #puppet
[2010/05/28 17:23:25] <gm1959> I had to do a test to figure it out.... it's non obvious, the doc shoule be more clear. The "File" resource being defined is the symlink to be created, the ensure => 'file path' is the existing file
[2010/05/28 17:23:28] <ciupicri> gm1959, it's the second one; the name is the "target" http://docs.reductivelabs.com/guides/types/file.html#id652
[2010/05/28 17:24:04] <ciupicri> gm1959, right
[2010/05/28 17:25:57] @ Quit: jaredrhine: Ping timeout: 252 seconds
[2010/05/28 17:26:35] @ joe-mac left channel #puppet ()
[2010/05/28 17:27:01] @ Quit: sebas891: Quit: Leaving.
[2010/05/28 17:27:04] <gm1959> ciupicri - that syntax seems completely backwards. it's very hard to imagine a time that a symlink would have a different owner or group or permissions than the targeted file.
[2010/05/28 17:28:17] @ Quit: RageLink: Quit: up up and away
[2010/05/28 17:28:32] <ciupicri> gm1959, but on the other hand, just as you've mentioned the resource being defined is the file that you want to create, in this case the symlink file
[2010/05/28 17:29:43] <gm1959> ciupicri - think of it this way - current syntax makes ensure => [link1,link2,link3] impossible
[2010/05/28 17:30:32] @ ezmobius joined channel #puppet
[2010/05/28 17:31:00] @ Quit: adrian_broher: Ping timeout: 240 seconds
[2010/05/28 17:31:15] <ciupicri> gm1959, how can a symlink point to multiple targets?
[2010/05/28 17:32:06] <gm1959> the current syntax has it as file { "this is the sym not the file": ensure => "this is the real file pointed to" }
[2010/05/28 17:32:24] <ciupicri> gm1959, I agree
[2010/05/28 17:32:44] <gm1959> and it would make more sense to allow file { "this is the real file":
[2010/05/28 17:32:56] @ Quit: verwilst: Quit: Ex-Chat
[2010/05/28 17:33:13] <gm1959> ensure => ["link I want to that file 1", "link I want to that file 2"... etc]
[2010/05/28 17:33:35] <ciupicri> gm1959, yes, but only for symlinks, it would break the consistency with the other use cases
[2010/05/28 17:34:01] <gm1959> hmmm
[2010/05/28 17:34:29] @ jaredrhine joined channel #puppet
[2010/05/28 17:34:35] @ rcrowley joined channel #puppet
[2010/05/28 17:34:57] @ cz8s joined channel #puppet
[2010/05/28 17:36:07] <ciupicri> gm1959, also think about other resource type, e.g. package; the namevar is the name of the package that you want installed. It's the same with the file symlinks; the namevar is the symlink that want to create.
[2010/05/28 17:36:09] @ Quit: ahasenack: Quit: Leaving
[2010/05/28 17:36:24] <cz8s> hi. I seem to be too stupid to subscribe to puppet-users. mails to puppet-users-subscribe@googlegroups.com bounce. Any ideas ?
[2010/05/28 17:36:57] <ciupicri> cz8s, I think someone else had a similar problem and complained about it. mpdehaan should know more
[2010/05/28 17:37:02] <gm1959> cz8s dont you do mail puppet-users@googlegroups.com -s subscribe?
[2010/05/28 17:37:18] <ciupicri> cz8s, although that was for another list, the one for developers IIRC
[2010/05/28 17:39:17] <cz8s> gm1959: -s subscribe bounces also
[2010/05/28 17:40:33] <mpdehaan> cz8s, o
[2010/05/28 17:40:37] <gm1959> well shrug, I just did it by the web
[2010/05/28 17:40:41] <mpdehaan> I'll check
[2010/05/28 17:41:01] <mpdehaan> ah yeah, use the web
[2010/05/28 17:41:14] @ Quit: Guest24975: Ping timeout: 240 seconds
[2010/05/28 17:41:18] <cz8s> mpdehaan: how ? I don't have a google account
[2010/05/28 17:42:13] <ciupicri> cz8s, in this web 2.0 era? :-)
[2010/05/28 17:42:28] <gm1959> if you wanted to join a group called google-friends, you'd send an email to google-friends+subscribe@googlegroups.com
[2010/05/28 17:42:28] <mpdehaan> unfortunately google is stupid about that
[2010/05/28 17:42:37] <gm1959> thats from google
[2010/05/28 17:42:46] <mpdehaan> ah, good
[2010/05/28 17:42:54] <gm1959> use + not -
[2010/05/28 17:43:04] @ Quit: ad4m: Quit: ad4m
[2010/05/28 17:43:06] <cz8s> ah, makes sense. Will try
[2010/05/28 17:45:11] <cz8s> ah puppet-users+subscribe@googlegroups.com hasn't bounced yet. Thats a good sign. Thank you all
[2010/05/28 17:45:18] <gm1959> welcome
[2010/05/28 17:48:27] @ Quit: ciupicri: Quit: Leaving
[2010/05/28 17:48:33] @ Quit: gm1959:
[2010/05/28 17:48:50] @ jph98 joined channel #puppet
[2010/05/28 17:49:58] @ Quit: alban2: Ping timeout: 264 seconds
[2010/05/28 17:51:39] @ Quit: jaredrhine: Ping timeout: 276 seconds
[2010/05/28 17:57:55] @ Quit: Whoop: Ping timeout: 245 seconds
[2010/05/28 18:00:49] @ Quit: steph021: Remote host closed the connection
[2010/05/28 18:03:25] @ Quit: flakrat: Quit: Leaving
[2010/05/28 18:12:51] @ Quit: Chiku: Quit: Quitte
[2010/05/28 18:18:05] @ jaredrhine joined channel #puppet
[2010/05/28 18:20:11] <dan__t> Hi.
[2010/05/28 18:22:57] @ steph021 joined channel #puppet
[2010/05/28 18:24:24] @ Quit: kaptk2: Quit: Leaving.
[2010/05/28 18:28:27] @ Quit: allsystemsarego: Quit: Leaving
[2010/05/28 18:32:10] @ Quit: ryanc_: Quit: Leaving
[2010/05/28 18:41:34] @ Quit: gaveen: Remote host closed the connection
[2010/05/28 18:43:24] @ Quit: giskard: Remote host closed the connection
[2010/05/28 18:46:37] @ Quit: jaredrhine: Quit: Leaving.
[2010/05/28 18:47:46] @ Quit: mpdehaan: Remote host closed the connection
[2010/05/28 18:55:26] @ Quit: bug: Quit: bug
[2010/05/28 19:02:23] @ jph98 left channel #puppet ()
[2010/05/28 19:09:42] @ Quit: steph021: Quit: Leaving
[2010/05/28 19:11:28] @ brothers joined channel #puppet
[2010/05/28 19:16:08] @ Quit: alrs: Ping timeout: 260 seconds
[2010/05/28 19:16:46] @ \ask joined channel #puppet
[2010/05/28 19:18:53] @ Quit: \ask_: Read error: Operation timed out
[2010/05/28 19:36:00] @ AlexLuya joined channel #puppet
[2010/05/28 19:36:33] @ alban2 joined channel #puppet
[2010/05/28 19:43:27] @ shenson joined channel #puppet
[2010/05/28 19:44:27] @ Quit: AlexLuya: Remote host closed the connection
[2010/05/28 19:51:28] <gepetto> ::redmine:: Wiki edit: Development_Puppet_Continuous_Integration (#3) @ http://projects.reductivelabs.com/projects/1/wiki/Development_Puppet_Continuous_Integration?version=3 (by Matt Robinson)
[2010/05/28 19:51:44] @ lak joined channel #puppet
[2010/05/28 19:57:41] @ Quit: tep: Quit: Leaving.
[2010/05/28 19:57:41] @ alrs joined channel #puppet
[2010/05/28 19:58:16] @ Quit: cliff-hm: Ping timeout: 248 seconds
[2010/05/28 19:58:35] @ Quit: alban2: Quit: Leaving.
[2010/05/28 20:09:46] @ Quit: lak: Quit: lak
[2010/05/28 20:12:44] @ Quit: alrs: Ping timeout: 260 seconds
[2010/05/28 20:12:45] @ jaredrhine joined channel #puppet
[2010/05/28 20:21:54] @ Quit: jab_doa: Quit: Verlassend
[2010/05/28 20:23:39] @ tonyskapunk joined channel #puppet
[2010/05/28 20:32:36] @ Quit: ricky: Quit: leaving
[2010/05/28 20:32:58] @ ricky joined channel #puppet
[2010/05/28 20:41:27] @ cliff-hm joined channel #puppet
[2010/05/28 20:42:13] @ themurph joined channel #puppet
[2010/05/28 20:43:09] @ plathrop is now known as plathrop-away
[2010/05/28 20:49:17] @ tuvyz is now known as tuv
[2010/05/28 20:58:12] @ Quit: notbrien: Quit: notbrien
[2010/05/28 21:07:20] @ davea1 joined channel #puppet
[2010/05/28 21:14:54] @ Quit: LowValueTarget: Remote host closed the connection
[2010/05/28 21:21:06] @ AngryParsley joined channel #puppet
[2010/05/28 21:22:50] @ Quit: kaos01: Remote host closed the connection
[2010/05/28 21:22:58] <AngryParsley> is there some simple way to know if puppet is using a cached catalog? I know I can tail the syslog but I want to set up a monitor that alerts when a machine is using a cached catalog
[2010/05/28 21:25:10] <AngryParsley> hopefully it's something simple like checking for the existence of a file in /var/log/puppet
[2010/05/28 21:30:14] @ Quit: nigelk: Quit: nigelk
[2010/05/28 21:31:06] @ port-0x3c2 joined channel #puppet
[2010/05/28 21:32:57] @ port-0x3c2_ joined channel #puppet
[2010/05/28 21:35:04] @ knight_ joined channel #puppet
[2010/05/28 21:35:20] @ Quit: port-0x3c2: Ping timeout: 240 seconds
[2010/05/28 21:35:31] @ Quit: \ask: Remote host closed the connection
[2010/05/28 21:49:12] @ kaos01 joined channel #puppet
[2010/05/28 21:49:16] @ port-0x3c2_ is now known as port-0x3c2
[2010/05/28 21:50:31] @ bug joined channel #puppet
[2010/05/28 21:52:41] @ LowValueTarget joined channel #puppet
[2010/05/28 21:54:27] @ weizhang joined channel #puppet
[2010/05/28 21:54:52] @ Quit: port-0x3c2:
[2010/05/28 22:11:35] @ Quit: bug: Quit: bug
[2010/05/28 22:13:29] @ Quit: rcrowley: Quit: rcrowley
[2010/05/28 22:24:38] @ bug joined channel #puppet
[2010/05/28 22:43:05] @ Quit: knight_: Remote host closed the connection
[2010/05/28 22:45:13] @ Quit: LowValueTarget: Remote host closed the connection
[2010/05/28 22:55:01] @ \ask_ joined channel #puppet
[2010/05/28 22:59:11] @ miah is now known as hephaestus_
[2010/05/28 23:06:41] @ Quit: cliff-hm: Ping timeout: 245 seconds
[2010/05/28 23:08:35] <ohadlevy> tuvyz: you probably miss the sqlite3 deb/gems on squeeze
[2010/05/28 23:16:20] @ Quit: occamshatchet: Quit: leaving
[2010/05/28 23:19:02] <agaffney> with the yum package provider, does yum login to RHN for every puppet run?
[2010/05/28 23:19:05] @ Quit: shenson: Quit: /me taps out
[2010/05/28 23:19:23] <agaffney> I've got some boxes hat got "banned" from RHN due to it trying to install the same package every 10 minutes (my fault)
[2010/05/28 23:19:36] <agaffney> but even after removing that package install, puppet bitches on every run right off the bat
[2010/05/28 23:21:06] <agaffney> err: Could not prefetch package provider 'yum': Execution of '/usr/bin/python /usr/lib/ruby/site_ruby/1.8/puppet/provider/package/yumhelper.py' returned 1
[2010/05/28 23:21:55] <agaffney> it seems like the rhnplugin signs in to RHN every time you run yum, even for something like 'yum repolist'
[2010/05/28 23:22:05] <agaffney> and then just bails when ti's banned
[2010/05/28 23:22:12] <agaffney> so puppet complains on every run
[2010/05/28 23:22:17] <agaffney> even without any package installs
[2010/05/28 23:22:32] <ohadlevy> agaffney: :(
[2010/05/28 23:22:55] <agaffney> it just popped up on 2 new boxes that weren't failing prior
[2010/05/28 23:23:08] <agaffney> when I had my hosting provider re-register all my RHEL systems with RHN
[2010/05/28 23:23:15] <agaffney> I didn't ahve them do those because they weren't complaining
[2010/05/28 23:23:25] <agaffney> but as soon as I added a new package to install, they got banned
[2010/05/28 23:24:05] <agaffney> what I really need to know is if I need to scale back my runinterval from 10m
[2010/05/28 23:24:18] <agaffney> to prevent getting banned on RHN when I screw up
[2010/05/28 23:24:47] <agaffney> or even if I don't screw up...will it happen just from normal use of puppet?
[2010/05/28 23:28:09] <agaffney> also, fsck RHN
[2010/05/28 23:28:32] <agaffney> I have half a mind to disable rhnplugin and add CentOS's repos on these boxes
[2010/05/28 23:28:39] <agaffney> they're only RHEL because they're managed hosting
[2010/05/28 23:28:49] <agaffney> but we do everything ourselves :P
[2010/05/28 23:31:39] <AngryParsley> so… is there some way to find out if puppet failed downloading the new catalog and is using a cached catalog?
[2010/05/28 23:31:57] <AngryParsley> besides tailing the syslog, I mean
[2010/05/28 23:32:25] <agaffney> you could probably look at the mtime of /var/lib/puppet/localconfig.yaml
[2010/05/28 23:32:39] <AngryParsley> that updates every 10/30/whatever minutes?
[2010/05/28 23:32:46] <agaffney> if it's older than your runinterval plus a bit of padding, then something is probably wrong
[2010/05/28 23:33:12] <agaffney> I believe it's updated each time that puppetd fetches the manifest
[2010/05/28 23:33:43] <ohadlevy> yeah - it should
[2010/05/28 23:34:02] <AngryParsley> ah thanks
[2010/05/28 23:34:04] <ohadlevy> AngryParsley: I think that in the next version of puppet (2.6) it will also provide that data in the report
[2010/05/28 23:34:15] <ohadlevy> so it would be possible to visualize it in Foreman / dashboard
[2010/05/28 23:35:53] <agaffney> doesn't help if the puppetmaster isn't reachable
[2010/05/28 23:36:01] <agaffney> which is a possible reason for using a cached catalog
[2010/05/28 23:36:08] <AngryParsley> hmm
[2010/05/28 23:36:19] <agaffney> but the mtime check would :P
[2010/05/28 23:37:29] <ohadlevy> agaffney: the reports will still be sent, for example if you had a typo in your manifest
[2010/05/28 23:37:42] <ohadlevy> agaffney: or if you have a report server etc
[2010/05/28 23:38:15] <ohadlevy> agaffney: lack of report also means something (out of sync hosts term in foreman)
[2010/05/28 23:38:20] <AngryParsley> is there any easier way? the name of that catalog yaml file changes for each machine
[2010/05/28 23:38:31] <agaffney> AngryParsley: umm, it does?
[2010/05/28 23:38:42] <agaffney> not the client-side one
[2010/05/28 23:38:55] <AngryParsley> root@mon0:/var/lib/puppet/client_yaml/catalog# ls
[2010/05/28 23:38:55] <AngryParsley> mon0.k1k.me.yaml
[2010/05/28 23:39:21] <agaffney> 0.25?
[2010/05/28 23:39:29] <agaffney> it stays consistent for me in 0.24.8
[2010/05/28 23:39:35] <AngryParsley> 25.1
[2010/05/28 23:40:08] @ Quit: bug: Quit: bug
[2010/05/28 23:40:33] <AngryParsley> well it's not like I don't know the hostnames for these machines
[2010/05/28 23:40:38] <AngryParsley> I can probably figure something out
[2010/05/28 23:41:22] <AngryParsley> thanks for the advice
[2010/05/28 23:42:51] @ bug joined channel #puppet
[2010/05/28 23:54:54] @ blood joined channel #puppet
[2010/05/28 23:56:09] @ MarkN1 joined channel #puppet
« Thursday, 2010-05-27 Index Saturday, 2010-05-29 »

Generated by irclog2html.py 2.8 by Marius Gedminas - find it at mg.pov.lt!