Wednesday, 2010-06-16

[2010/06/16 00:02:38] @ Log started by gepetto
[2010/06/16 00:02:38] @ allsystemsarego joined channel #puppet
[2010/06/16 00:04:08] @ Ramonster joined channel #puppet
[2010/06/16 00:05:48] @ claviola joined channel #puppet
[2010/06/16 00:11:14] @ sdog joined channel #puppet
[2010/06/16 00:15:41] @ Quit: itguru: Ping timeout: 240 seconds
[2010/06/16 00:16:33] @ Quit: sdog: Changing host
[2010/06/16 00:16:33] @ sdog joined channel #puppet
[2010/06/16 00:21:36] @ themroc joined channel #puppet
[2010/06/16 00:22:59] @ Quit: bobinabottle: Quit: bobinabottle
[2010/06/16 00:23:23] @ ckauhaus joined channel #puppet
[2010/06/16 00:24:55] @ gebi joined channel #puppet
[2010/06/16 00:25:39] @ thekad is now known as thekad-afk
[2010/06/16 00:45:03] @ Quit: siezer: Ping timeout: 260 seconds
[2010/06/16 00:49:28] @ MattyM joined channel #puppet
[2010/06/16 00:50:40] @ frodo624 joined channel #puppet
[2010/06/16 00:50:50] @ Quit: frodo624: Client Quit
[2010/06/16 00:51:17] <espent> i am just about to give up using puppet. puppetd has either just suddenly stopped working, or started 4-5 processes of it self - on 18 out of 35 servers
[2010/06/16 00:51:30] <espent> anybody had similar problems?
[2010/06/16 00:53:19] <Volcane> nope
[2010/06/16 00:54:10] @ Quit: lwhalen: Quit: Computer has gone to sleep
[2010/06/16 00:56:25] @ Quit: giskard_: Remote host closed the connection
[2010/06/16 00:59:26] @ Quit: tjoe: Quit: leaving
[2010/06/16 01:02:28] @ mauve joined channel #puppet
[2010/06/16 01:04:59] @ TREllis joined channel #puppet
[2010/06/16 01:05:58] @ fluxdude joined channel #puppet
[2010/06/16 01:06:49] <tim\|mac> espent: which version are you using? never seen that before
[2010/06/16 01:08:50] @ verwilst joined channel #puppet
[2010/06/16 01:14:28] <espent> 25.5
[2010/06/16 01:14:35] <espent> through freebsd ports
[2010/06/16 01:15:07] @ alban2 joined channel #puppet
[2010/06/16 01:15:38] <espent> very similar to this one: http://projects.reductivelabs.com/issues/1254
[2010/06/16 01:15:59] @ Quit: Djelibeybi: Quit: Leaving
[2010/06/16 01:16:50] <espent> just sent an email to puppetlabs, maybe they can do a little (paid) support
[2010/06/16 01:17:16] <nico> sure they can
[2010/06/16 01:18:43] @ giskard joined channel #puppet
[2010/06/16 01:19:20] @ jab_doa joined channel #puppet
[2010/06/16 01:19:43] @ goraxe joined channel #puppet
[2010/06/16 01:21:05] * tim\|mac has no idea how good puppet runs on freebsd
[2010/06/16 01:23:05] <espent> when it can do a configuration run, it works very well
[2010/06/16 01:23:45] <espent> the problem is when its not run. process just stops after 10-15 runs.. and needs killing w/restart
[2010/06/16 01:25:56] <ohadlevy> espent: move to cron in the meanwhile?
[2010/06/16 01:29:12] @ thdem joined channel #puppet
[2010/06/16 01:29:20] <espent> we been trying that - it will still randomly stop
[2010/06/16 01:30:24] <ohadlevy> espent: during a run?
[2010/06/16 01:31:05] @ lohapuk joined channel #puppet
[2010/06/16 01:31:14] <espent> hm no.. one server here, its running 17:01, 18:01, 19:01, but then, silent..
[2010/06/16 01:31:16] @ mccune joined channel #puppet
[2010/06/16 01:32:31] @ itguru joined channel #puppet
[2010/06/16 01:32:45] <espent> the process started 19:01 yesterday is still in the processlist, but it has not done anything - yet
[2010/06/16 01:33:07] @ Quit: jeffmccune: Ping timeout: 245 seconds
[2010/06/16 01:33:07] @ mccune is now known as jeffmccune
[2010/06/16 01:33:48] <espent> ohadlevy: it was started from cron, with verbose and debug. The only line logged to /var/log/messages was: Jun 15 19:01:01 kitmon002 puppetd[81225]: Reopening log files
[2010/06/16 01:35:57] <thdem> hello I have a question, and excuse me first for my English, I would use external certificat for ssl, not puppet certificat because in my enterprise I use a pki for all, It possible ?
[2010/06/16 01:36:10] <ohadlevy> thdem: sure
[2010/06/16 01:36:18] <ohadlevy> thdem: search the mailing list ;-)
[2010/06/16 01:36:38] <thdem> ok have you a date on this subject
[2010/06/16 01:36:49] @ jense joined channel #puppet
[2010/06/16 01:36:53] <ohadlevy> thdem: i remember reading about it in the last month or so
[2010/06/16 01:36:56] @ pkhamre is now known as pkharme
[2010/06/16 01:37:10] @ gospch joined channel #puppet
[2010/06/16 01:37:27] @ pkhamre joined channel #puppet
[2010/06/16 01:37:28] @ Quit: pkharme: Quit: leaving
[2010/06/16 01:37:49] <thdem> ohadlevy : ok thanks
[2010/06/16 01:38:26] @ Quit: pkhamre: Client Quit
[2010/06/16 01:38:53] @ pkhamre joined channel #puppet
[2010/06/16 01:42:27] @ Quit: gospch: Ping timeout: 265 seconds
[2010/06/16 01:46:02] @ Quit: jense: Quit: Verlassend
[2010/06/16 01:48:38] @ lutter joined channel #puppet
[2010/06/16 01:48:42] @ Quit: nexusone: Quit: Leaving
[2010/06/16 01:58:54] @ alx1121 joined channel #puppet
[2010/06/16 02:07:21] <malikai> deadboi: You have sex with puppets>
[2010/06/16 02:07:27] <malikai> lulz
[2010/06/16 02:07:47] <malikai> reminds me of "The Advent" - "I want to make love to a mannequin"
[2010/06/16 02:08:00] <malikai> awesome track
[2010/06/16 02:11:05] @ floess_chris is now known as flooose
[2010/06/16 02:12:53] <flooose> does anyone have experience using puppet to install debian packages from backports? I didn't see anything in the package documentation and google did do much either
[2010/06/16 02:13:13] <barn> using pinning, yes
[2010/06/16 02:13:25] <flooose> hmm, pinning?
[2010/06/16 02:13:40] <flooose> is that a puppet thing?
[2010/06/16 02:13:44] <barn> http://jaqque.sbih.org/kplug/apt-pinning.html
[2010/06/16 02:14:34] <henk> flooose: just read the backports.org page. it's explained there...
[2010/06/16 02:15:04] <barn> quite
[2010/06/16 02:15:29] <henk> it explains thorougly enough how to install packages from there.
[2010/06/16 02:15:51] <henk> of course it is no documentation for pinning, there already is a good manpage.
[2010/06/16 02:16:33] <flooose> yeah, I'm looking at both. I didn't think this was a backports issue, so much as just getting puppet to issue a different command
[2010/06/16 02:16:37] <barn> http://backports.org/dokuwiki/doku.php?id=instructions # "You can also use pinning"
[2010/06/16 02:16:48] <flooose> thanks for your input though barn: and henk:
[2010/06/16 02:17:14] <flooose> ohadlevy, and pinning is still under consideration :)
[2010/06/16 02:17:39] <henk> pinning is imho the way to go.
[2010/06/16 02:27:05] @ gospch joined channel #puppet
[2010/06/16 02:28:17] @ Quit: pinoyskull: Quit: Leaving
[2010/06/16 02:28:55] @ danand joined channel #puppet
[2010/06/16 02:29:19] @ danand left channel #puppet ()
[2010/06/16 02:30:39] @ Quit: tuf_: Remote host closed the connection
[2010/06/16 02:30:51] @ tuf_ joined channel #puppet
[2010/06/16 02:32:36] @ Quit: gospch: Remote host closed the connection
[2010/06/16 02:37:30] @ Quit: strattog: Read error: Operation timed out
[2010/06/16 02:37:50] @ Quit: QMan: Remote host closed the connection
[2010/06/16 02:40:40] @ strattog joined channel #puppet
[2010/06/16 02:46:32] <Berge> Hm, can I somehow make a generic virtual resource? I've got a number of different classes which requires various packages, but with some overlap (as in, more than one class needs the package apache2 and libcatalyst-perl, for instance). Right now, I've got @package { "apache2": }, @package { "libcatalyst-perl": } for every package which is needed by multiple classes and realize them there, but I'd basically like a @package { "$name": }, and realize whatever ...
[2010/06/16 02:46:38] <Berge> ... package I'd like in any class.
[2010/06/16 02:47:34] <Berge> (This is on puppet 0.24.8, btw.)
[2010/06/16 02:52:23] @ siezer joined channel #puppet
[2010/06/16 02:58:14] @ shug joined channel #puppet
[2010/06/16 03:00:43] @ bitfield joined channel #puppet
[2010/06/16 03:01:31] @ Quit: wilmoore_: Remote host closed the connection
[2010/06/16 03:04:04] <Volcane> Berge: you can create a define that makes the resources and realize them but i doubt you'll win much
[2010/06/16 03:04:18] <Volcane> Berge: better to structure your manifests properly - need apache, include an apache class
[2010/06/16 03:10:14] @ Quit: cure: Ping timeout: 265 seconds
[2010/06/16 03:12:07] <malikai> pulling strings set me straight with packages
[2010/06/16 03:12:45] <malikai> Berge, have you had a look at pulling strings?
[2010/06/16 03:14:37] @ Quit: alx1121: Quit: alx1121
[2010/06/16 03:18:05] @ sw joined channel #puppet
[2010/06/16 03:19:46] <sw> Hi, i'm new to Puppet.. i want to retrieve virtual ip addresses in variables in puppet. I noticed facter only find addresses on physical adapter. Is there a documented alternative way ?
[2010/06/16 03:21:20] <bitfield> sw: it does give you virtual IPs as well
[2010/06/16 03:21:28] <Volcane> facter seems to give me virtual addresses just fine
[2010/06/16 03:21:34] <bitfield> if you mean like eth0:1… etc
[2010/06/16 03:21:38] <sw> which version are you guys running ?
[2010/06/16 03:21:47] <bitfield> 1.5.6
[2010/06/16 03:21:55] <sw> hmm 1.3.7 here
[2010/06/16 03:22:28] <bitfield> that sounds like a fine old vintage package… does it come with a free top hat and monocle :D
[2010/06/16 03:22:35] <sw> :)
[2010/06/16 03:23:03] <sw> thx guys :D
[2010/06/16 03:26:49] <sw> that indeed works better now :)
[2010/06/16 03:28:36] <bitfield> :D
[2010/06/16 03:29:38] <telmich> anyone an idea, why puppet complains about the : here? http://home.schottelius.org/~nico/unix/progs/puppet/pam_krb5.pp
[2010/06/16 03:31:56] <Volcane> inherits probably doesnt support that syntax
[2010/06/16 03:32:02] <Volcane> i think i filed a bug for something like that
[2010/06/16 03:33:37] @ Quit: strattog: Read error: Operation timed out
[2010/06/16 03:35:07] <telmich> weired
[2010/06/16 03:35:15] <telmich> it works on a different example, using class ethz_systems::motd inherits ::motd
[2010/06/16 03:35:42] @ alx1121 joined channel #puppet
[2010/06/16 03:35:43] <telmich> but we just found out that we have multiple subclasess named pam_krb5 (not only the one seen above), maybe puppet is "confused"
[2010/06/16 03:36:52] <telmich> Volcane: do you have the ticket id?
[2010/06/16 03:37:17] @ sar joined channel #puppet
[2010/06/16 03:38:09] @ alx1121 left channel #puppet ()
[2010/06/16 03:41:47] @ basex joined channel #puppet
[2010/06/16 03:42:20] @ gospch joined channel #puppet
[2010/06/16 03:46:31] <Berge> malikai: Yeah, I've got it.
[2010/06/16 03:47:09] @ Quit: gospch: Ping timeout: 265 seconds
[2010/06/16 03:47:52] <Berge> Volcane: Hm, thanks.
[2010/06/16 03:48:11] @ basex left channel #puppet ()
[2010/06/16 03:49:04] <Berge> Volcane: The packages are mostly libraries and stuff. It'll get better whenever I get around to package the software we're deploying and give the packages decent dependencies, though.
[2010/06/16 03:49:49] <nasrat> is Cody Herriges about?
[2010/06/16 03:50:37] @ Quit: ckauhaus: Ping timeout: 276 seconds
[2010/06/16 03:50:39] <barn> you can't just make up names like that! (:
[2010/06/16 03:51:17] @ strattog joined channel #puppet
[2010/06/16 04:00:29] @ gospch joined channel #puppet
[2010/06/16 04:08:33] @ ckauhaus joined channel #puppet
[2010/06/16 04:12:06] @ threescoops joined channel #puppet
[2010/06/16 04:14:53] <FiXion> how do you guys ensure the puppet client daemon is running?
[2010/06/16 04:15:01] @ Quit: alban2: Ping timeout: 264 seconds
[2010/06/16 04:15:01] <threescoops> Afternoon all. I'm fairly new to puppet and would like some pointers as how to best go about defining different sets of ntp servers to template into a file, based on hostname. Basically I have a couple of on-site master NTP servers I want to use external NTP servers, whilst everything else should use those on-site higher-stratum machines.
[2010/06/16 04:15:11] <FiXion> I tried pattern = "/usr/sbin/puppetd" - but that happens to be the same pattern when running puppetd -t
[2010/06/16 04:15:17] <FiXion> so it thinks the service is running :(
[2010/06/16 04:15:38] <henk> FiXion: 'it'?
[2010/06/16 04:15:39] <FiXion> only solution I can think of - is distributing my own init script - with hasstatus support
[2010/06/16 04:15:51] <FiXion> henk: it?
[2010/06/16 04:16:01] <FiXion> it = puppet
[2010/06/16 04:16:11] <henk> FiXion: ah, so you are using puppet to make sure puppet is running?
[2010/06/16 04:16:16] <FiXion> I want puppet to start the puppet client daemon (so it'll run automaticly on configured intervals)
[2010/06/16 04:16:30] <FiXion> I figured it might as well check - when it's running
[2010/06/16 04:16:51] <FiXion> like it controls every other service
[2010/06/16 04:17:01] <henk> how is puppet supposed to start the daemon if puppet is not running?
[2010/06/16 04:17:03] <thdem> just have you an idea for this error : Could not run: Invalid mount files ?
[2010/06/16 04:17:12] <FiXion> but I'm missing a !..
[2010/06/16 04:17:31] <FiXion> henk: when I run puppetd -t - it only runs once. doesn't fork off to background
[2010/06/16 04:17:49] <henk> FiXion: so via cron or what?
[2010/06/16 04:17:54] <FiXion> and when doing so - I'd like it to verify that a puppetd (without -t) is running
[2010/06/16 04:18:07] <FiXion> henk: no - I actually run them using ssh keys - when I need to push out changes immediately
[2010/06/16 04:18:20] <henk> FiXion: using ssh keys? o_O
[2010/06/16 04:18:32] <henk> i'm not sure if i really want to hear this 'g'
[2010/06/16 04:18:34] <FiXion> you can force them to run only a certain command.
[2010/06/16 04:18:42] <FiXion> pretty standard
[2010/06/16 04:19:08] <henk> yup, but rather unconventional imho...
[2010/06/16 04:19:21] <FiXion> rather common
[2010/06/16 04:19:24] <henk> and i don't see the need for that...
[2010/06/16 04:19:32] <FiXion> how do you force an immediate run of puppet on a client?
[2010/06/16 04:19:40] <threescoops> Should I be defining my array in a node block, a class, the module, some other way? I've not found any examples to eyeball.
[2010/06/16 04:20:24] <henk> FiXion: what's the ssh keys sense? i don't see it... why not just do "ssh host command"?
[2010/06/16 04:20:44] <FiXion> ssh host command means I need to have a user+password somewhere.
[2010/06/16 04:21:02] <FiXion> using an ssh-key means no user creation needed.
[2010/06/16 04:21:03] <henk> s/password/password or sshkey/
[2010/06/16 04:21:16] <FiXion> and I can force it to only be able to do 1 thing - using that specific key
[2010/06/16 04:21:17] <henk> oh, so you using that to secure the root account?
[2010/06/16 04:21:26] <FiXion> puppetd needs to run as root
[2010/06/16 04:21:31] <Lunar_Lamp> When I do an initial contact from a node to the puppetmaster, it generates certs based upon the fqdn of the puppet. How can I set this to be something different? In my case, the FQDN refers to the "live" lan interface on all the nodes, but I wish for puppet to run over the "management" interface, which is in DNS as a different thing.
[2010/06/16 04:21:37] <FiXion> but actually any thing someone needs to do remotely
[2010/06/16 04:21:40] <FiXion> must be secured
[2010/06/16 04:21:44] <FiXion> principle of least privilege thing
[2010/06/16 04:21:54] <henk> FiXion: true. i'm used to _never_ log in as root usually... :)
[2010/06/16 04:22:02] <Lunar_Lamp> I would like to be able to do something like 'hostname = my_management_hostname' in /etc/puppet/puppet.conf.
[2010/06/16 04:22:02] <FiXion> no help.
[2010/06/16 04:22:11] <FiXion> usually not far from not-root to root on any distro
[2010/06/16 04:22:17] <FiXion> if you have a full environment
[2010/06/16 04:22:23] <henk> FiXion: if you have...
[2010/06/16 04:22:24] <FiXion> no need to risk any account -
[2010/06/16 04:22:27] <Volcane> Lunar_Lamp: certname =
[2010/06/16 04:22:41] <FiXion> I'd like pattern to have a ! match thing.
[2010/06/16 04:22:47] <henk> FiXion: you are 'risking' the root account...
[2010/06/16 04:22:49] <FiXion> or $
[2010/06/16 04:22:53] <FiXion> henk: how?
[2010/06/16 04:22:59] <henk> FiXion: you allow logins via ssh for root...
[2010/06/16 04:23:04] <FiXion> no I don't.
[2010/06/16 04:23:17] <FiXion> I allow 1 command (defined in authorized_Keys) to be run - with a certain key.
[2010/06/16 04:23:19] <henk> FiXion: ok, then you don't disallow ssh logins for root.
[2010/06/16 04:23:21] <FiXion> no parameters is taken from remote
[2010/06/16 04:23:25] <FiXion> sure I do.
[2010/06/16 04:23:31] <Lunar_Lamp> Volcane: thanks :-)
[2010/06/16 04:23:31] <FiXion> ever heard of keys-only setup?
[2010/06/16 04:23:34] <henk> _sure_?
[2010/06/16 04:23:41] <threescoops> FiXion: I tend to find PermitRootLogin without-password in sshd_config is a good compromise - ssh in only when you have the ssh key loaded (which should have a password)
[2010/06/16 04:23:52] <henk> funny, i'd have said "sure i don't allow root to connect to my servers"...
[2010/06/16 04:23:52] <FiXion> exactly what I do.
[2010/06/16 04:24:39] <FiXion> so on one tries to control the puppet client service/daemon using puppet rules?
[2010/06/16 04:24:40] <FiXion> :)
[2010/06/16 04:24:53] <FiXion> threescoops: exactly what I do (just to talk specificly to you :)
[2010/06/16 04:25:01] <threescoops> FiXion: tried and failed, it's a bit of a chicken and egg problem
[2010/06/16 04:25:07] <threescoops> FiXion: :)
[2010/06/16 04:25:20] <FiXion> I only have one solution - when pattern can't match EOL ($)
[2010/06/16 04:25:30] <FiXion> adding hasstatus support to init.d script
[2010/06/16 04:25:36] <FiXion> and do the proper check there
[2010/06/16 04:25:45] <henk> FiXion: use nagios ;)
[2010/06/16 04:25:52] <FiXion> so "puppetd -t" runs isn't taken as puppetd running
[2010/06/16 04:26:03] <FiXion> henk: for ensuring a service is started?
[2010/06/16 04:26:08] <FiXion> I use nagios - for monitoring it
[2010/06/16 04:26:16] @ pinoyskull joined channel #puppet
[2010/06/16 04:26:23] <FiXion> it doesn't interfer with the actual state though - just reports it
[2010/06/16 04:26:25] <henk> FiXion: for fixing it if the service isn't running...
[2010/06/16 04:27:02] <FiXion> I'd rather not mix monitoring with other duties
[2010/06/16 04:27:08] <FiXion> puppet does stuff
[2010/06/16 04:27:11] <FiXion> nagios monitors it
[2010/06/16 04:27:30] <FiXion> I'll expand the init script to support it then :)
[2010/06/16 04:28:22] <henk> FiXion: have a look at the init script from debian backports.org puppet package. it has a status command.
[2010/06/16 04:29:13] <henk> FiXion: and imho puppet is there for doing stuff as long as everything is ok. nagios is there for seeing if everything is ok and fixing it if it is not.
[2010/06/16 04:30:42] <FiXion> I disagree - but to each his own
[2010/06/16 04:30:58] <FiXion> what framework have you added to nagios - for it to try and fix stuff?
[2010/06/16 04:31:21] <henk> FiXion: none. afaik that's what event handlers are for.
[2010/06/16 04:31:30] <FiXion> a framework for fixing things - needs to have a limit to how many times it tries, within a certain timeframe
[2010/06/16 04:31:38] <FiXion> what it does it it doesn't succeed etc.
[2010/06/16 04:31:46] <FiXion> I know of no such support in nagios
[2010/06/16 04:31:58] <FiXion> and I'd rather not code my own in nrpe client scripts
[2010/06/16 04:32:06] <FiXion> puppet has builtin support for these things
[2010/06/16 04:32:12] <FiXion> and logs nicely to syslog if things fail
[2010/06/16 04:32:36] <FiXion> and since I monitor all syslog messages from every server (and filter :) - I get those messages served directly in our issue queue
[2010/06/16 04:32:40] <henk> FiXion: http://nagios.sourceforge.net/docs/3_0/eventhandlers.html
[2010/06/16 04:33:06] @ Welsh_Dwarf_ joined channel #puppet
[2010/06/16 04:33:22] <FiXion> so you need to code your own
[2010/06/16 04:34:14] <FiXion> and it seems to be serverside?
[2010/06/16 04:34:19] <henk> well, of course you have to tell nagios what to do... that feature would be pretty useless if not.
[2010/06/16 04:34:27] <FiXion> but you could make a script available via nrpe ofcourse
[2010/06/16 04:34:51] <FiXion> well - I like puppet's config way. I don't have to tell it to how to actually do something on any given OS
[2010/06/16 04:35:17] <FiXion> but sure it can be nice to that with things that can be fixed by restarting a service and nothing else.
[2010/06/16 04:35:35] <FiXion> puppet also fixes issues where someone changed the config - and borked the service.
[2010/06/16 04:35:54] <FiXion> as it reverts config files to what they should be (and backs up what was before) and then restarts service
[2010/06/16 04:36:09] <FiXion> a lot of nice features - so that's why I like puppet to handle those things.
[2010/06/16 04:36:21] <FiXion> but again - whatever works in your environment
[2010/06/16 04:36:46] @ Quit: Welsh_Dwarf: Ping timeout: 276 seconds
[2010/06/16 04:38:18] @ zoeloelip joined channel #puppet
[2010/06/16 04:39:18] <henk> FiXion: afaict puppet does not work correctly in your environment which is why you want to monitor/restart it if necessary. i can't really understand why one monitors/restarts an unreliable (at least for you) piece of software with the same piece of software... imho that's in no way logical. plus puppet is not meant to be a tool to solve such problems, even if it might be capable of doing so. but "because it can" is not a valid reason to do it, or do you ...
[2010/06/16 04:39:24] <henk> ... send mails with telnet?
[2010/06/16 04:39:54] <FiXion> I actually do send mails using telnet when testing stuff :)
[2010/06/16 04:40:13] <henk> so do i but not usually...
[2010/06/16 04:40:27] <FiXion> but still I believe puppet is intended to control services
[2010/06/16 04:40:38] <threescoops> No-one wanting to bite on my question?
[2010/06/16 04:40:41] <FiXion> otherwise I don't see why the service functioniality is there
[2010/06/16 04:41:10] <FiXion> threescoops: have a look at using extlookup
[2010/06/16 04:41:24] <FiXion> threescoops: I then put variables in the template - and set those using extlookup
[2010/06/16 04:41:45] <FiXion> and then you can set those variables by different common facter-trades (incl. hostname)
[2010/06/16 04:42:29] <FiXion> henk: you don't think puppet is meant to start/stop services ?
[2010/06/16 04:42:30] <henk> FiXion: it is intended do control services but it is not intended to do problem recovery...
[2010/06/16 04:42:59] @ Disconnect joined channel #puppet
[2010/06/16 04:43:12] <FiXion> depends on your definition I guess
[2010/06/16 04:43:29] <FiXion> I don't use it to fix problems noticed by nagios
[2010/06/16 04:43:32] <henk> probably...
[2010/06/16 04:43:49] <FiXion> I use it to control things that it should be able to
[2010/06/16 04:44:01] <FiXion> sometimes someone stops puppet though
[2010/06/16 04:44:14] <FiXion> if they need to test something on a host - and don't want puppet to revert state
[2010/06/16 04:44:31] <FiXion> and it'd be nice to just run puppetd -t - and then it reverts state AND starts the puppetd again
[2010/06/16 04:44:38] <FiXion> the the need I have now.
[2010/06/16 04:44:54] <FiXion> puppet works rather flawlessly in my environment
[2010/06/16 04:45:05] <threescoops> As a general case, what's the simpliest approach to having one set of config some machines (i.e. the servers), with a slightly different one for the rest (i.e. the clients)? Most of a module defining a service, config, install etc is the same, can this be done with classes/definitions if so where can the variable to control that behavior be defined (or a different class loaded)?
[2010/06/16 04:46:00] <threescoops> extlookup seems like an odd workaround, surely puppet should be able to handle simple cases like mine itself
[2010/06/16 04:46:12] <FiXion> I have a servicename::client
[2010/06/16 04:46:15] <FiXion> and servicename::server
[2010/06/16 04:46:29] <FiXion> in servicename/manifests/init.pp
[2010/06/16 04:46:38] <henk> threescoops: i set $mta_role={internal,external,mailinglists} in the node definition and "include mta" which checks if mta_role is set, sets it to internal if not and includes mta::$mta_role
[2010/06/16 04:46:39] <FiXion> and then assign the relevant
[2010/06/16 04:47:56] @ itguru_ joined channel #puppet
[2010/06/16 04:48:12] @ Quit: itguru: Ping timeout: 276 seconds
[2010/06/16 04:48:50] @ Quit: itguru_: Remote host closed the connection
[2010/06/16 04:49:16] @ itguru joined channel #puppet
[2010/06/16 04:49:55] <threescoops> I've been using http://www.devco.net/archives/2009/09/28/simple_puppet_module_structure.php as a basis for my modules, will look at extending it
[2010/06/16 04:50:30] <threescoops> henk: I assume mta is a class
[2010/06/16 04:51:40] <henk> threescoops: a module/class, yeah
[2010/06/16 04:51:54] <henk> threescoops: i can paste them if you like...
[2010/06/16 04:52:32] <threescoops> henk: pastebin somewhere would be good, please
[2010/06/16 04:54:26] <henk> threescoops: http://pastie.org/1006729
[2010/06/16 04:54:48] <henk> ah, forgot a part...
[2010/06/16 04:55:02] <henk> mixed up $mta and $mta_role, but i guess you get the idea...
[2010/06/16 04:55:56] @ Bass10 joined channel #puppet
[2010/06/16 04:56:13] <henk> threescoops: http://pastie.org/1006729 added the stuff where mta_role is checked.
[2010/06/16 04:56:18] @ Quit: MrHeavy: Ping timeout: 240 seconds
[2010/06/16 04:56:59] <threescoops> henk: ah, ta. Just having a look now
[2010/06/16 04:58:09] <threescoops> OK, makes sense. Bit more flexiblity and abstraction than pulling in classes directly
[2010/06/16 04:58:23] @ MrHeavy joined channel #puppet
[2010/06/16 05:02:24] <FiXion> I figured defining $MTA=yes - or just including it - amounted to the same thing.
[2010/06/16 05:02:33] <FiXion> 1 line in templates.pp
[2010/06/16 05:02:58] <FiXion> I use extlookup for role assignment though.
[2010/06/16 05:03:49] <threescoops> FiXion: I'll keep extloopup in mind, no doubt it'll be handy at some point
[2010/06/16 05:06:14] @ sar left channel #puppet ()
[2010/06/16 05:06:26] <henk> FiXion: hm? you mean it can be done easier?
[2010/06/16 05:07:19] @ BLZbubba joined channel #puppet
[2010/06/16 05:07:24] <FiXion> henk: differently. what's easier is a very much an individual matter :)
[2010/06/16 05:07:40] <henk> FiXion: that's true ;)
[2010/06/16 05:07:44] <FiXion> Volcane wrote extlookup - and he explains in the top the usual case
[2010/06/16 05:07:59] <FiXion> I like to have my role assignment in extdata folder.
[2010/06/16 05:08:11] <henk> i haven't bothered about extlookup yet... let's see...
[2010/06/16 05:08:13] <FiXion> which has vars - based on different groupings of hosts.
[2010/06/16 05:08:14] <threescoops> I'm all for alternatives
[2010/06/16 05:09:06] <FiXion> I genereally find another way (like extlookup) when what I want to do - is annoying to do with my existing approach
[2010/06/16 05:09:09] <FiXion> or something like that
[2010/06/16 05:09:27] <FiXion> to try and keep it all neat and manageble
[2010/06/16 05:09:57] <henk> are extlookups documented on puppetlabs.com somewhere?
[2010/06/16 05:10:37] <Volcane> henk: its not part of puppet
[2010/06/16 05:10:44] <henk> ah ok
[2010/06/16 05:10:45] <espent> ohadlevy: remember my problem with hanging puppetd? ive managed to track it down to an Exec-command, have a look at bug #573020
[2010/06/16 05:11:14] <fox2mike> nareshov: hey, wasn't watching this space..
[2010/06/16 05:12:05] @ ahasenack joined channel #puppet
[2010/06/16 05:13:02] <ohadlevy> espent: url?
[2010/06/16 05:13:34] <espent> http://lists.alioth.debian.org/pipermail/pkg-puppet-devel/2010-March/002357.html
[2010/06/16 05:14:07] <espent> its exactly the same thing - "For more fun, the bug doesn't appear everytime you executed puppetd, it
[2010/06/16 05:14:10] <espent> only happens randomly"
[2010/06/16 05:14:34] <espent> i can run puppetd manually in foreground maybe 20 times before it stops
[2010/06/16 05:16:53] <espent> might be a ruby bug
[2010/06/16 05:20:45] @ Quit: alexine_dsouza: Read error: Connection reset by peer
[2010/06/16 05:21:46] @ alban2 joined channel #puppet
[2010/06/16 05:26:52] <zipkid> ReinH: is Dashboard still being developed on?
[2010/06/16 05:27:54] <zipkid> and, ohadlevy: i cannot live with a 1-group-per-node limit....
[2010/06/16 05:28:46] <ohadlevy> zipkid: chose your tool :)
[2010/06/16 05:29:08] * sdog points zipkid to volcane :)
[2010/06/16 05:29:30] <zipkid> sdog: does Volcane have an external-node tool?
[2010/06/16 05:30:35] * zipkid hopes that sdog does not mean to say that extlookup is a tool that compares to Foreman or Dashboard....
[2010/06/16 05:32:05] <sdog> zipkid .. wasn't following the discussion .. but I vaguely remember discussions ..
[2010/06/16 05:36:15] <zipkid> sdog: ohadlevy: the question is NOT 'Which tool' but 'Is Dashboard being developed on...' ReinH..?
[2010/06/16 05:43:46] @ poison joined channel #puppet
[2010/06/16 05:44:50] <poison> hi all, I have a template (.erb) configuration file where I want to do some complex stuff and I was wondering why the 'puts' statement doesn't work there in the template (so to print some strings to the file I'm configuring), any ideas?
[2010/06/16 05:45:34] <poison> basically I want to <% puts "testing\n" %> in my template.erb file and expect that the actual file would contain "testing<linefeed>"
[2010/06/16 05:45:57] <henk> poison: afair erb is pretty well documented regarding this...
[2010/06/16 05:46:28] <poison> henk: erb is indeed, documentation says "puts" but it doesn't work with puppet
[2010/06/16 05:46:47] <henk> is that <%= puts "foo" =%> perhaps?
[2010/06/16 05:47:53] <poison> <% Ruby code -- inline with output %>
[2010/06/16 05:47:53] <poison> <%= Ruby expression -- replace with result %>
[2010/06/16 05:48:01] <poison> that' what I see in the manual of erb
[2010/06/16 05:48:07] <henk> mhm...
[2010/06/16 05:48:25] <Lunar_Lamp> I wish to use puppetrun with arguments such as "--all". The docs say that I must configure for use with LDAP if I wish to do this. Are the docs correct? If so, is there some good documentation on configuring puppet + ldap? (the ldap server would be purely for puppet)
[2010/06/16 05:48:32] @ stevenjenkins joined channel #puppet
[2010/06/16 05:49:39] <henk> poison: actually, that works here. i don't know if my test is really valid, though... i just start erb and give it 'bla <% print "test" %>' or 'bla <% print "test\n" %>' the latter having the same effect as using puts without \n
[2010/06/16 05:51:10] <poison> interesting, what version of puppet do you use?
[2010/06/16 05:51:42] <henk> poison: as i say: i just start erb... does your code work in simple erb correctly?
[2010/06/16 05:52:21] <poison> henk: when I do erb -x -T '-' templates/test.erb \| ruby I get the expected output
[2010/06/16 05:52:33] <poison> but in puppet the actual file doesn't get that content
[2010/06/16 05:53:41] @ cliff-hm joined channel #puppet
[2010/06/16 05:57:35] @ lwhalen joined channel #puppet
[2010/06/16 06:03:19] <poison> henk: did you test with puppet itself? or just with erb?
[2010/06/16 06:03:41] <Lunar_Lamp> When I have a running puppet installation, and I want to make a change (e.g. deploy new file etc), what is the correct way to stop nodes reading configs until I am happy that I have made all the changes? Is it to simply stop the puppetmaster?
[2010/06/16 06:04:19] <threescoops> Lunar_Lamp: source control, branches and test systems?
[2010/06/16 06:05:18] @ Quit: Bevo: Ping timeout: 240 seconds
[2010/06/16 06:05:23] <Lunar_Lamp> threescoops: so there is no "don't push out any updates until I've confirmed that all is OK"?
[2010/06/16 06:05:26] <threescoops> Add your config, commit on one branch, test, fix, test, merge onto production branch, push/pull production branch with all the changes onto your production puppet master
[2010/06/16 06:05:41] <henk> poison: just erb
[2010/06/16 06:06:12] <Lunar_Lamp> threescoops: yes, that would work for "normal" procedures - I was just wondering if there was any other method for 'emergency' updates and the like.
[2010/06/16 06:06:54] <poison> henk: well that was my question, if anybody knows why it doesn't work with puppet itself, if I do file {"/tmp/bla": content=> template("test/test.erb") } and do some "print" inside that test.erb, the file /tmp/bla doesn't see whatever I printed from inside the erb itself
[2010/06/16 06:07:08] <threescoops> Lunar_Lamp: That I can't answer, puppet newbie. The source controlled approach works in the general case (not just puppet)
[2010/06/16 06:08:19] <henk> poison: then i guess my test was not really valid, sorry...
[2010/06/16 06:09:00] @ reyjrar joined channel #puppet
[2010/06/16 06:10:01] @ Quit: MrHeavy: Ping timeout: 258 seconds
[2010/06/16 06:12:15] @ MPSimmons joined channel #puppet
[2010/06/16 06:12:24] @ MrHeavy joined channel #puppet
[2010/06/16 06:16:49] <FiXion> Lunar_Lamp: I have a test system setup. where each user can run the puppetmasterd using sudo - it then uses his local svn checkout of puppet repo to run from.
[2010/06/16 06:17:12] <FiXion> Lunar_Lamp: then I have test-puppet clients which mirror the needed production environments - to test the rules
[2010/06/16 06:17:36] <FiXion> and you then just commit and run a script (I've written) on the production puppetmaster - to update from svn.
[2010/06/16 06:17:53] <FiXion> the script shows you the diff and asks you if this is really what you want etc. etc. :)
[2010/06/16 06:18:14] <FiXion> really nice to have a test system where you can play and test until it's finished
[2010/06/16 06:18:33] <FiXion> and this way, several people can work on their individual modules etc. without bothering the rest of us :)
[2010/06/16 06:24:08] @ pheezy joined channel #puppet
[2010/06/16 06:26:26] @ Quit: rmiller4pi8: Quit: Leaving.
[2010/06/16 06:27:38] @ Quit: walkeran: Quit: KVIrc Insomnia 4.0.0, revision: 3921, sources date: 20100125, built on: 2010-06-10 14:58:33 UTC http://www.kvirc.net/
[2010/06/16 06:27:56] <FiXion> Lunar_Lamp: I use ssh-keys to forcefully push changes out. A script just ssh's with the key that does a puppetd -t run on the client to the relevant hosts.
[2010/06/16 06:28:21] <FiXion> use it for website releases on a huge bunch of webservers who need to be alike.
[2010/06/16 06:28:41] <FiXion> it backgrounds the ssh process and outputs to a file for each. and then loops over the output file to check for problems.
[2010/06/16 06:28:46] <FiXion> so they all run in parallel
[2010/06/16 06:29:18] <Lunar_Lamp> FiXion: yeah, I'm basically wanting to push to a few hundred identical machines. Which is why I wanted to use puppetrun. Pity that requires me setting up an ldap instance!
[2010/06/16 06:29:45] <FiXion> I don't use an ldap instance for that.
[2010/06/16 06:30:14] <Volcane> FiXion: and how many do you run concurrently that way?
[2010/06/16 06:30:18] <FiXion> as always - there's many ways to skin a cat :)
[2010/06/16 06:30:35] @ jcharette joined channel #puppet
[2010/06/16 06:30:37] <FiXion> enough to know 0.24.x had a problem - so I had to delay them with 1 second each :)
[2010/06/16 06:30:43] <FiXion> usually 20+
[2010/06/16 06:30:54] <Volcane> :)
[2010/06/16 06:31:13] <FiXion> I haven't tried to remove my sleep 1 from the script yet.
[2010/06/16 06:31:23] <FiXion> just upgraded to 0.25.5 - so it should be a solved issue :)
[2010/06/16 06:33:20] <Volcane> it can still only do so much per master worker
[2010/06/16 06:33:29] <Volcane> how many masters do you run with? and with mongrel or passenger?
[2010/06/16 06:35:00] <FiXion> actually still just 1 - a huge bugger though :)
[2010/06/16 06:35:08] <FiXion> no mongrel - no passenger
[2010/06/16 06:35:17] <Volcane> heh
[2010/06/16 06:35:22] <Volcane> surprised it works
[2010/06/16 06:35:31] <FiXion> haven't looked into what they'd "buy" me
[2010/06/16 06:36:12] <Volcane> well more or less you shouldnt be able to run your 20 machines concurrently at all against the webrick thing
[2010/06/16 06:36:28] <FiXion> no problems with 0.25 :)
[2010/06/16 06:36:37] <FiXion> and fine with 0.24 with a 1 second interval
[2010/06/16 06:36:38] @ jcape joined channel #puppet
[2010/06/16 06:37:00] <FiXion> so I should let mongrel or passenger respond to the puppetmaster port ?
[2010/06/16 06:37:12] <Volcane> typically it would be apache/nginx
[2010/06/16 06:37:17] <FiXion> and they are some form of performance-optimized frameworks
[2010/06/16 06:37:29] <FiXion> ahh.
[2010/06/16 06:37:36] <Volcane> and apache would load balance via either of those to multiple puppetmaster processes
[2010/06/16 06:37:58] <FiXion> what protocol is used - couldn't I just let apache loadbalance directly ?
[2010/06/16 06:38:11] <FiXion> it's puppets own protocol ofcourse
[2010/06/16 06:38:42] <Volcane> for mongrel you cant direct cos mongrel doesnt do ssl
[2010/06/16 06:38:43] <FiXion> or actually just use something like linux virtual server
[2010/06/16 06:38:50] <Volcane> in that case you offload the SSL to the apaches
[2010/06/16 06:38:54] <FiXion> which does tcp load balancing
[2010/06/16 06:39:01] <Volcane> passenger speaks its own protocol and it does fancy pol management etc
[2010/06/16 06:39:13] <FiXion> so the SSL goes to the "virtual ip"
[2010/06/16 06:39:21] <Volcane> all go through 1 ip
[2010/06/16 06:39:26] <FiXion> yup - a VIP
[2010/06/16 06:39:31] <FiXion> like we do for websites
[2010/06/16 06:39:51] <FiXion> this setup is at a company who runs many of the sites top-20 traffic sites in DK
[2010/06/16 06:40:06] <FiXion> so it would be easiest to just use that technology to loadbalance
[2010/06/16 06:40:11] <FiXion> at tcp level
[2010/06/16 06:40:17] <Volcane> no you dont understand
[2010/06/16 06:40:37] <Volcane> webrick by default is one puppetmaser and webrick itself is dog slow too
[2010/06/16 06:40:48] <FiXion> I got that part :)
[2010/06/16 06:40:53] <Volcane> just load balancing to many webricks, while it works, its much less nice say passenger
[2010/06/16 06:41:11] <Volcane> with passenger you have apache+passenger+puppetmaster and apache has the port open
[2010/06/16 06:41:17] <Volcane> and you can load balance that with a hardware LB if you want
[2010/06/16 06:41:24] <FiXion> does webric spawn a puppetmaster pr. core/cpu ?
[2010/06/16 06:41:27] @ Quit: MrHeavy: Ping timeout: 258 seconds
[2010/06/16 06:41:27] <Volcane> still thoughy you need to keep sessions to the same master for example
[2010/06/16 06:41:31] <Volcane> no
[2010/06/16 06:41:35] <Volcane> its just 1
[2010/06/16 06:41:45] <Volcane> and since ruby is green threaded, its 1 core
[2010/06/16 06:42:06] <FiXion> and using passenger - it can distribute on all cores ?
[2010/06/16 06:42:13] <FiXion> and on many machines as well
[2010/06/16 06:42:32] <Volcane> passenger maintains a pool of puppetmasters
[2010/06/16 06:42:42] <FiXion> ahh mod_rails
[2010/06/16 06:42:44] <FiXion> = passenger
[2010/06/16 06:42:46] <Volcane> and it periodically kills them off and start new ones etc to keep memory issues at bay
[2010/06/16 06:42:47] <FiXion> it's an apache module
[2010/06/16 06:43:14] <Volcane> also nginx
[2010/06/16 06:43:31] <FiXion> but it's for 1 host, right?
[2010/06/16 06:43:45] <Volcane> yes, you can then LB with a LVS over many of those
[2010/06/16 06:43:56] <FiXion> Volcane: thanks for clearing that up.
[2010/06/16 06:44:05] <FiXion> so I could start with mod_rails to get performance out of the 1 master
[2010/06/16 06:44:15] <Volcane> yup
[2010/06/16 06:44:17] <FiXion> and then do the usual thing of VIP+cluster later
[2010/06/16 06:45:35] <FiXion> right now the master is actually running webrick on a vmware box :)
[2010/06/16 06:45:38] <Volcane> need to keep nodes to the same master
[2010/06/16 06:45:41] <FiXion> so it's not really that well powered :)
[2010/06/16 06:45:49] <FiXion> Volcane: for the same run is all ?
[2010/06/16 06:46:09] <FiXion> certs needs to be distributed to all puppetmaster hosts
[2010/06/16 06:46:26] <FiXion> just like with websites - where you keep the session on one webserver
[2010/06/16 06:46:33] <Volcane> yes
[2010/06/16 06:46:36] <FiXion> (or some do) :)
[2010/06/16 06:46:39] @ [GuS] joined channel #puppet
[2010/06/16 06:47:13] <FiXion> sounds like it'll be fun to play with :)
[2010/06/16 06:47:58] <FiXion> there's only ~100 clients - running on 30minute intervals on the master right now.
[2010/06/16 06:48:04] @ MrHeavy joined channel #puppet
[2010/06/16 06:48:07] <FiXion> some simultanious activity though - on releases :)
[2010/06/16 06:48:15] <Volcane> FiXion: really surprised you dont have issues
[2010/06/16 06:48:23] <Volcane> FiXion: do you do much file copying?
[2010/06/16 06:48:37] @ Quit: shug: Quit: Leaving
[2010/06/16 06:48:37] <FiXion> not that much - and usually only once.
[2010/06/16 06:48:46] <FiXion> release is done using packages.
[2010/06/16 06:48:48] <Volcane> that certainly helps
[2010/06/16 06:48:53] <FiXion> everything is distributed using packages
[2010/06/16 06:48:58] <FiXion> which is installed using yum/aptitude
[2010/06/16 06:49:11] <FiXion> apt-get can't rollback to lower version (using puppet) :)
[2010/06/16 06:49:20] <FiXion> so we just set what version of a package we want.
[2010/06/16 06:49:30] <Volcane> FiXion: package{....: provider => aptitude} supports downgrades :)
[2010/06/16 06:49:31] <FiXion> and can check that files from the package still looks like when installed (checksum)
[2010/06/16 06:49:44] <FiXion> Volcane: that's what I said - that is why we use aptitude - not apt-get :)
[2010/06/16 06:49:55] <Volcane> ah right i must have missed a line
[2010/06/16 06:50:03] <Volcane> oh yeah, i missed that bit :)
[2010/06/16 06:50:42] <FiXion> it's all mostly 10Gbe lines and SAN/NFS on NetAPP backends
[2010/06/16 06:50:47] <FiXion> so it's expensive hardware
[2010/06/16 06:51:07] <FiXion> I have another customer where it's normal cheap-ish server hardware - and he's fine for now.
[2010/06/16 06:51:22] <FiXion> but doesn't run releases like those - and haven't got so many servers :)
[2010/06/16 06:51:25] @ Quit: cliff-hm: Ping timeout: 258 seconds
[2010/06/16 06:51:58] <FiXion> they all love that I write the puppet module - they install with a single command :)
[2010/06/16 06:52:12] <FiXion> it's amazing what accumulate of small changes to a base install :)
[2010/06/16 06:52:16] @ joe-mac joined channel #puppet
[2010/06/16 06:56:44] <FiXion> I have a friend whose working on getting to install puppet on a mixed unix environment
[2010/06/16 06:56:52] <FiXion> hpux, solaris etc.
[2010/06/16 06:57:01] <FiXion> sounds like a fun task :)
[2010/06/16 06:57:10] @ Quit: jcape: Ping timeout: 258 seconds
[2010/06/16 06:57:33] @ Quit: MrHeavy: Ping timeout: 258 seconds
[2010/06/16 06:58:45] @ shenson joined channel #puppet
[2010/06/16 06:59:14] @ carlasouza joined channel #puppet
[2010/06/16 07:00:43] @ jcape joined channel #puppet
[2010/06/16 07:01:10] @ Quit: ckauhaus: Quit: Leaving.
[2010/06/16 07:02:53] @ Quit: pinoyskull: Quit: Leaving
[2010/06/16 07:06:23] <thdem> I have problem with my PKI and my puppetmaster, because puppet erase ssl folder, i don t understand why
[2010/06/16 07:08:02] <poison> does anybody know if function definitions are possible inside erb templates?
[2010/06/16 07:10:07] @ cliff-hm joined channel #puppet
[2010/06/16 07:11:43] @ MrHeavy joined channel #puppet
[2010/06/16 07:18:05] @ PhabX joined channel #puppet
[2010/06/16 07:18:24] @ Quit: PhabX: Client Quit
[2010/06/16 07:21:10] @ ckauhaus joined channel #puppet
[2010/06/16 07:21:44] @ saedu14 joined channel #puppet
[2010/06/16 07:22:04] <mikepea> poison: ruby functions?
[2010/06/16 07:24:44] <poison> mikepea: def myfunction (bla) ... end and then call myfunction inside an erb
[2010/06/16 07:25:03] <mikepea> poison: yup, should be fine.
[2010/06/16 07:25:20] <poison> mikepea: and can I use the "print" statement?
[2010/06/16 07:25:26] @ wilmoore joined channel #puppet
[2010/06/16 07:25:37] <poison> if I do file {"/tmp/bla": content=> template("test/test.erb") } and do some "print" inside that test.erb, the file /tmp/bla doesn't see whatever I printed from inside the erb itself
[2010/06/16 07:25:52] <Volcane> cos print sends to STDOUT
[2010/06/16 07:25:56] <Volcane> templates take return values
[2010/06/16 07:26:12] <Volcane> template dont just capture STDOUT and return it as text
[2010/06/16 07:26:15] @ notbrien joined channel #puppet
[2010/06/16 07:26:58] <Volcane> the equivelant of 'print foo' is just <%= foo %>
[2010/06/16 07:29:21] @ Rejo joined channel #puppet
[2010/06/16 07:29:36] @ Quit: wilmoore: Remote host closed the connection
[2010/06/16 07:29:47] <Rejo> Could someone explain me the following error message?
[2010/06/16 07:29:48] <Rejo> err: Could not request certificate: undefined method `closed?' for nil:NilClass
[2010/06/16 07:30:02] <Rejo> It's not really explanatory to me by itself. :)
[2010/06/16 07:30:30] <FiXion> Rejo: what combination of client/server puppet versions do you have?
[2010/06/16 07:30:43] <Rejo> I see this message when new clients try to connect for the first time (just before their certificated that needs to be signed is created).
[2010/06/16 07:30:56] @ Quit: shenson: Quit: /me taps out
[2010/06/16 07:30:57] <Rejo> It started to appear when I migrated puppetmaster from one server to the other.
[2010/06/16 07:31:01] <Rejo> FiXion: Let me check.
[2010/06/16 07:31:27] <Rejo> support01:~# puppetmasterd --version
[2010/06/16 07:31:27] <Rejo> 0.25.4
[2010/06/16 07:31:40] <Rejo> root@mm-eee-27:~# puppetd --version
[2010/06/16 07:31:41] <Rejo> 0.25.4
[2010/06/16 07:32:01] <FiXion> then it must be some kind of bug.
[2010/06/16 07:32:09] <FiXion> I've only seen it with 0.24.8 clients and 0.25.5 master
[2010/06/16 07:32:24] <FiXion> I guess it might crop up again - even after the clients have been updated..
[2010/06/16 07:32:44] <FiXion> I have no idea - would suggest you search through puppet bugs
[2010/06/16 07:32:56] @ Quit: jcape: Remote host closed the connection
[2010/06/16 07:33:00] <Rejo> I don't expect it's a bug, I suspect file permission issues or something alike.
[2010/06/16 07:33:14] <Rejo> Exactly the same version was installed on the old server.
[2010/06/16 07:33:27] <Rejo> Actualy, it's backport-lenny
[2010/06/16 07:33:30] @ sdog left channel #puppet ()
[2010/06/16 07:33:30] <Rejo> from debian
[2010/06/16 07:33:43] @ jdcasey joined channel #puppet
[2010/06/16 07:35:05] @ Quit: lwhalen: Quit: Computer has gone to sleep
[2010/06/16 07:37:09] <FiXion> Rejo: http://projects.reductivelabs.com/issues/3101
[2010/06/16 07:37:18] <FiXion> always a good idea to search through puppet bugs :)
[2010/06/16 07:40:26] @ acrollet joined channel #puppet
[2010/06/16 07:40:48] <Rejo> FiXion: I found that one. But that doesn't make a lot of sense to me.
[2010/06/16 07:40:52] @ Quit: mattock: Ping timeout: 258 seconds
[2010/06/16 07:40:59] <Rejo> FiXion: On the same OS, same package, other hardware it works.
[2010/06/16 07:42:00] <FiXion> and your ruby version is newer than 1.8.7 ?
[2010/06/16 07:42:21] @ Quit: jeffmccune: Quit: jeffmccune
[2010/06/16 07:42:24] @ Quit: cliff-hm: Ping timeout: 258 seconds
[2010/06/16 07:43:05] @ cliff-hm joined channel #puppet
[2010/06/16 07:44:15] <Rejo> rejo@support01:~$ ruby --version
[2010/06/16 07:44:15] <Rejo> ruby 1.8.7 (2008-08-11 patchlevel 72) [x86_64-linux]
[2010/06/16 07:45:31] @ Quit: jbooth: Quit: Lost terminal
[2010/06/16 07:48:25] <FiXion> then I'd write in that bug - and see if anyone there has any ideas
[2010/06/16 07:48:26] @ Quit: Welsh_Dwarf_: Remote host closed the connection
[2010/06/16 07:48:55] @ Quit: MrHeavy: Ping timeout: 258 seconds
[2010/06/16 07:49:09] <FiXion> it's odd they say fix is targeted for 0.25.5
[2010/06/16 07:49:18] <FiXion> I see no talk of actual code changes
[2010/06/16 07:49:29] <FiXion> perhaps upgrade to 0.25.5 - just to be sure
[2010/06/16 07:49:39] <FiXion> if it's still there..
[2010/06/16 07:51:37] @ jbooth joined channel #puppet
[2010/06/16 07:54:23] @ jcape joined channel #puppet
[2010/06/16 07:56:07] @ MrHeavy joined channel #puppet
[2010/06/16 07:58:11] <jason^> Rejo: are you on ubuntu 10.04? i have/had the same problem
[2010/06/16 07:59:06] @ sebas891 joined channel #puppet
[2010/06/16 08:01:11] @ Quit: saedu14:
[2010/06/16 08:06:24] @ Quit: hamish: Ping timeout: 248 seconds
[2010/06/16 08:06:31] @ Quit: nevyn: Ping timeout: 260 seconds
[2010/06/16 08:08:55] <Rejo> jason^: client is ubuntu 10.04, server is a debian lenny with puppetmaster from lenny+1 (forgot name :))
[2010/06/16 08:09:05] <Rejo> jason^: i can try 9.04 :_)
[2010/06/16 08:09:10] @ jcharette left channel #puppet ()
[2010/06/16 08:09:50] @ Quit: giskard: Remote host closed the connection
[2010/06/16 08:10:21] @ Quit: ckauhaus: Ping timeout: 276 seconds
[2010/06/16 08:10:54] @ lwhalen joined channel #puppet
[2010/06/16 08:11:06] <jason^> Rejo: i had to modify a file and essentially add a closed? method to NilClass
[2010/06/16 08:11:17] <jason^> it was referenced in the bug on how to do that
[2010/06/16 08:11:46] <Rejo> i am testin gkarmic now
[2010/06/16 08:12:04] <Rejo> than i test your solution
[2010/06/16 08:18:33] @ tonyskapunk joined channel #puppet
[2010/06/16 08:27:02] @ giskard joined channel #puppet
[2010/06/16 08:31:37] @ kaptk2 joined channel #puppet
[2010/06/16 08:32:09] @ nevyn joined channel #puppet
[2010/06/16 08:32:34] @ lohapuk left channel #puppet ()
[2010/06/16 08:35:30] @ ckauhaus joined channel #puppet
[2010/06/16 08:36:50] @ Quit: cliff-hm: Ping timeout: 258 seconds
[2010/06/16 08:38:55] <Rejo> Interestingly: when trying from a karmic client, it works
[2010/06/16 08:39:14] <Rejo> a client running 0.24.8
[2010/06/16 08:39:40] @ Quit: kaptk2: Quit: Leaving.
[2010/06/16 08:39:56] @ kaptk2 joined channel #puppet
[2010/06/16 08:40:40] @ Quit: ckauhaus: Quit: Leaving.
[2010/06/16 08:45:16] @ eventi joined channel #puppet
[2010/06/16 08:45:23] <eventi> morning
[2010/06/16 08:45:58] @ Quit: flooose: Ping timeout: 240 seconds
[2010/06/16 08:46:04] <eventi> I have a broken puppet in Ubuntu 9.04 - Any suggestions for a .deb I can install?
[2010/06/16 08:48:25] <joe-mac> just grab .25.4 from ftp.ubuntu, if it doesn';t install outright just build it
[2010/06/16 08:48:37] @ Quit: Ramonster: Quit: So long, thanx for all the fish
[2010/06/16 08:49:56] @ jeffmccune joined channel #puppet
[2010/06/16 08:50:26] <eventi> thanks joe-mac
[2010/06/16 08:50:49] <joe-mac> np
[2010/06/16 08:57:30] @ ajbourg joined channel #puppet
[2010/06/16 08:58:12] <ajbourg> Is there a way to get puppet to notice a file change made by rsync and to execute a script?
[2010/06/16 08:59:20] @ plathrop-away is now known as plathrop
[2010/06/16 08:59:29] @ Quit: themroc: Remote host closed the connection
[2010/06/16 09:00:53] @ macfly left channel #puppet ()
[2010/06/16 09:01:58] @ Quit: thdem: Quit: Page closed
[2010/06/16 09:02:11] <joe-mac> yes in the file resource only set checksum => md5, notify => Exec["whatever"]
[2010/06/16 09:02:17] <joe-mac> the exec should be refreshonly
[2010/06/16 09:06:44] @ Quit: MrHeavy: Ping timeout: 258 seconds
[2010/06/16 09:09:06] <ajbourg> joe-mac: does the exec need to be subscribed to the file? Because I am going to have many files but only 1 exec
[2010/06/16 09:09:38] <joe-mac> no, notify will handle it
[2010/06/16 09:10:07] <ajbourg> cool in theory, but it doesn't seem to be working for me
[2010/06/16 09:10:52] <ajbourg> do I need to remove the rule and reapply it for puppet to notice since I didn't have the md5 before?
[2010/06/16 09:11:36] <ajbourg> and if it makes a difference, the file I am monitoring is symlinked to the rsync location...
[2010/06/16 09:11:41] @ sdog joined channel #puppet
[2010/06/16 09:11:59] @ Quit: sdog: Changing host
[2010/06/16 09:11:59] @ sdog joined channel #puppet
[2010/06/16 09:12:05] @ cliff-hm joined channel #puppet
[2010/06/16 09:12:33] @ jph98 left channel #puppet ()
[2010/06/16 09:13:10] @ gmcquillan joined channel #puppet
[2010/06/16 09:13:31] <bitfield> i think it will make a difference
[2010/06/16 09:13:44] <bitfield> you might want links => follow on the file resource
[2010/06/16 09:13:44] <joe-mac> ajbourg: first, i don't think you can monitor a symlink for changes, second, yes if puppet never sees the md5 change, well then it's nto going to notify anything
[2010/06/16 09:14:01] <joe-mac> yea even then i am not sure how links => interacts with the checksum parameter
[2010/06/16 09:14:48] <bitfield> ajbourg: why don't you have rsync itself run the script, via a post-exec?
[2010/06/16 09:15:45] <ajbourg> bitfield: because I am rsync'ing an entire directory on a bunch of servers. Puppet is making the symlink on the proper hosts, and then runs the right script
[2010/06/16 09:15:51] <ajbourg> or that's what I want, anyway
[2010/06/16 09:16:16] <bitfield> tell us more about what problem you're trying to solve
[2010/06/16 09:16:17] <ajbourg> shouldn't checksum apply to the symlinked file and not the symlink?
[2010/06/16 09:16:27] <bitfield> we might know a better pattern to solve it :)
[2010/06/16 09:16:40] @ thekad-afk is now known as thekad
[2010/06/16 09:16:44] @ sdog left channel #puppet ()
[2010/06/16 09:18:12] <ajbourg> I am building a way to manage iptables rules on each host
[2010/06/16 09:18:36] <ajbourg> So I created /etc/iptables/config-available and /etc/iptables/config-enabled
[2010/06/16 09:18:42] <bitfield> ah! a familiar problem around here
[2010/06/16 09:19:00] * jbooth really should finish writing the hosts provider and release his firewall type shouldn't I?
[2010/06/16 09:19:05] <ajbourg> haha
[2010/06/16 09:19:15] <ajbourg> I am not looking for a iptables specific rule
[2010/06/16 09:19:27] <ajbourg> because I can imagine doing the exact same thing for nginx/apache/etc
[2010/06/16 09:19:52] <ajbourg> anway the config-available directory is rsynced and should be consistent across hosts
[2010/06/16 09:19:54] <bitfield> jbooth: you and everyone else :D
[2010/06/16 09:20:12] <joe-mac> ajbourg: rsyncd from where?
[2010/06/16 09:20:14] <jbooth> well, thing is I have the iptables part of the provider
[2010/06/16 09:20:18] <jbooth> So the hard work is done
[2010/06/16 09:20:30] <ajbourg> joe-mac: a central host, in this case, puppetmaster
[2010/06/16 09:20:55] <ajbourg> puppet makes the symlink on specific hosts with whatever rules I want enabled on those hosts
[2010/06/16 09:20:59] <ajbourg> that all works great
[2010/06/16 09:21:00] <jbooth> What I don't have is good docs, test cases (beyond my use of it), or any non-iptables providers
[2010/06/16 09:21:07] @ mpdehaan joined channel #puppet
[2010/06/16 09:21:22] <ajbourg> but I need to execute a script that will read the config-enabled directory whenever it changes
[2010/06/16 09:21:28] <ajbourg> and that's where I have trouble
[2010/06/16 09:21:45] <ajbourg> If I have to, I will just put it in cron, but I would rather be better than that :)
[2010/06/16 09:22:08] <bitfield> can you distribute the directory with puppet directly? then that problem goes away
[2010/06/16 09:22:19] <bitfield> ie a recursive file resource
[2010/06/16 09:22:22] <ajbourg> any thoughts? I am going down this road because I will probably replicate the same setup for nginx
[2010/06/16 09:22:26] @ threescoops left channel #puppet ()
[2010/06/16 09:22:48] <joe-mac> what does the symlink buy? i don't understand
[2010/06/16 09:22:49] <ajbourg> bitfield: will puppet copy a whole directory? I thought I had tried and failed, but that was 2 weeks ago so I am not sure
[2010/06/16 09:22:53] <joe-mac> you tried with links => follow and it didnt' work?
[2010/06/16 09:23:08] <ajbourg> joe-mac: no
[2010/06/16 09:23:15] <bitfield> ajbourg: yes it will, it's not super fast for lots of files, but it'll work
[2010/06/16 09:23:17] <ajbourg> joe-mac: in addition to md5 or in place of?
[2010/06/16 09:23:33] <jbooth> recursive in puppet is really slow.
[2010/06/16 09:23:34] <jbooth> Or was
[2010/06/16 09:24:03] <ajbourg> joe-mac: the symlink allows me to have the rules available on each host but enabled on a host by host setup. This is how apache/nginx work in stock debian
[2010/06/16 09:24:12] <bitfield> nothing in puppet is exactly lightning fast...
[2010/06/16 09:24:37] @ toi joined channel #puppet
[2010/06/16 09:25:02] <ajbourg> I am ok with slow... but what is the trick to get it to recurse?
[2010/06/16 09:25:15] <jbooth> recurse=>true
[2010/06/16 09:25:26] <joe-mac> recurse => true? idk what you're doing is what i would call not the best way
[2010/06/16 09:25:42] <joe-mac> not everything works in an object-available and object-enabled structure
[2010/06/16 09:25:49] <ajbourg> joe-mac: how would you do it different?
[2010/06/16 09:25:57] <jbooth> having seen debian's apache stuff, it's not totally insane.
[2010/06/16 09:26:02] <jbooth> anyway, lunch for real!
[2010/06/16 09:27:00] <ajbourg> ok, it looks like the combination of checksum=>md5 and links=>follow is working... hooray!
[2010/06/16 09:27:12] <ajbourg> but if you have another suggestion, please do let me know
[2010/06/16 09:27:27] <ajbourg> I am still very new to puppet and could easily be doing something very very stupid
[2010/06/16 09:28:01] <bitfield> ajbourg: if it gets too complicated that way, try just serving the whole directory with recurse => true and notify a refreshonly exec
[2010/06/16 09:28:05] <bitfield> if that makes sense :)
[2010/06/16 09:28:41] <bitfield> lots of people have got ingenious schemes for managing iptables with puppet, asking on the mailing list might be an idea if you get stuck
[2010/06/16 09:28:42] <ajbourg> bitfield: thanks, I will check into that. I know I had problems when I first started which is why I went down the rsync road, but I was probably doing something dumb
[2010/06/16 09:29:07] <ajbourg> I do like the idea of having everything managed through puppet, even if it is slower
[2010/06/16 09:29:16] <bitfield> you can be actually quite smart and still struggle a bit to get puppet to do what you want :)
[2010/06/16 09:29:41] @ Quit: TREllis: Quit: leaving
[2010/06/16 09:30:44] <ajbourg> thanks for your help jbooth joe-mac bitfield ... I'm sure I will have more questions later :)
[2010/06/16 09:31:10] @ Quit: mauve: Quit: Leaving
[2010/06/16 09:32:45] <joe-mac> np
[2010/06/16 09:33:00] <bitfield> we exist only to serve!
[2010/06/16 09:33:12] @ Quit: MattyM: Remote host closed the connection
[2010/06/16 09:33:17] @ Quit: verwilst: Quit: Ex-Chat
[2010/06/16 09:33:25] @ Quit: ahasenack: Remote host closed the connection
[2010/06/16 09:35:47] <eventi> got a weird one
[2010/06/16 09:36:06] <eventi> Could not parse for environment production: Node rackspace_node is already defined at /etc/puppet/manifests/classes/rackspace.pp:1; cannot redefine at /etc/puppet/manifests/rackspace.pp:61
[2010/06/16 09:36:31] <eventi> line 1 is the node rackspace_node { ... line 61 is the closing }
[2010/06/16 09:37:02] <bitfield> eventi: pastie?
[2010/06/16 09:37:02] <eventi> but the word only appears once - seems like a bad error message
[2010/06/16 09:37:06] <eventi> set
[2010/06/16 09:37:10] <eventi> *sec
[2010/06/16 09:37:30] @ ahasenack joined channel #puppet
[2010/06/16 09:38:11] @ rmiller4pi8 joined channel #puppet
[2010/06/16 09:38:21] <eventi> http://www.pastie.org/1007095
[2010/06/16 09:38:38] @ shenson joined channel #puppet
[2010/06/16 09:38:50] <eventi> prty basic
[2010/06/16 09:39:09] <eventi> and it's a cut and paste from another similar node - only the name was changed
[2010/06/16 09:39:39] <bitfield> what was the name before?
[2010/06/16 09:40:05] <eventi> slicehost_node
[2010/06/16 09:40:16] <eventi> i inherit the node
[2010/06/16 09:40:48] <eventi> but even after I removed the inheritence it complained
[2010/06/16 09:41:21] @ Quit: itguru: Ping timeout: 276 seconds
[2010/06/16 09:41:29] <bitfield> and is there a file etc/puppet/manifests/classes/rackspace.pp in addition to manifests/rackspace.pp?
[2010/06/16 09:42:33] * eventi smacks forhead
[2010/06/16 09:42:41] <bitfield> :)
[2010/06/16 09:42:56] <eventi> pair programming
[2010/06/16 09:42:58] <eventi> :)
[2010/06/16 09:42:59] <eventi> tahnks
[2010/06/16 09:43:00] <bitfield> surprising how often a second pair of eyes comes in handy
[2010/06/16 09:43:02] <bitfield> np
[2010/06/16 09:43:06] <Tonnerre> .oO(Hare programming)
[2010/06/16 09:44:10] @ aliver joined channel #puppet
[2010/06/16 09:44:59] <aliver> Hey fellas, when you setup the whole reverse-proxy thing with mongrel/apache/nginx how do you get around puppetmasterd saying that it can't write to it's PID file after the first puppetmasterd is started? Google has not been my friend on this one.
[2010/06/16 09:45:26] <aliver> err... wait..
[2010/06/16 09:45:28] <aliver> --pidfile
[2010/06/16 09:45:33] <aliver> ugyh. finally found it.
[2010/06/16 09:45:34] @ MrHeavy joined channel #puppet
[2010/06/16 09:45:35] <aliver> sorry.
[2010/06/16 09:45:40] <aliver> n/m
[2010/06/16 09:49:25] @ carlasouza left channel #puppet ()
[2010/06/16 09:50:29] @ Quit: Bass10: Ping timeout: 240 seconds
[2010/06/16 09:51:29] <Lunar_Lamp> By default puppet checks for update every 30mins. How is this calculated? Is it xx:00 and xx:30, every 30mins since puppet was started, or is it more random than that?
[2010/06/16 09:51:55] <Volcane> Lunar_Lamp: calculated at end of run afaik
[2010/06/16 09:52:00] <Lunar_Lamp> Or, to phrase it another wya: I've just started puppet on ~100 nodes in a quick ssh loop. Are they always going to be checking the puppetmaster at the same time?
[2010/06/16 09:52:13] <Volcane> Lunar_Lamp: yes, thats a bad idea
[2010/06/16 09:52:26] * Lunar_Lamp swears lightly
[2010/06/16 09:53:14] <plathrop> Well, there's "splay" which helps but unfortunately doesn't work the way it should
[2010/06/16 09:53:42] <Lunar_Lamp> plathrop: was that directed at me? :-/
[2010/06/16 09:53:52] <Volcane> yeah splay doesnt work well
[2010/06/16 09:55:34] <ajbourg> another problem for the brain trust: I have links => follow and checksum => md5 set on a file I am symlinking elsewhere. But puppet is confused and always thinks the file has changed unless I remove links => follow
[2010/06/16 09:56:04] <ajbourg> I want puppet to think the file has changed only if the target md5 has changed
[2010/06/16 09:56:14] <plathrop> Lunar_Lamp: sorta, just letting you know what is out there.
[2010/06/16 09:56:18] <Lunar_Lamp> Hmm, looking at the docs, splay does seem to be what I want.
[2010/06/16 09:56:19] <ajbourg> but puppet is getting confused and thinks the file has changed at every run
[2010/06/16 09:56:35] <plathrop> Lunar_Lamp: yeah, but it doesn't work as well as you'd like
[2010/06/16 09:56:43] @ alfism joined channel #puppet
[2010/06/16 09:56:48] @ eventi left channel #puppet ()
[2010/06/16 09:56:52] <plathrop> Lunar_Lamp: basically, on a busy puppetmaster, clients start to clump up anyway
[2010/06/16 09:56:54] <Volcane> Lunar_Lamp: documented vs actual behavior :)
[2010/06/16 09:57:01] <plathrop> There are a couple work-arounds.
[2010/06/16 09:57:02] <Lunar_Lamp> plathrop: hmm, well, the first link is a bug saying that it's bad behaviour is fixed in 0.24.6?
[2010/06/16 09:57:20] <Volcane> Lunar_Lamp: you should be using 0.25.5
[2010/06/16 09:57:26] <Lunar_Lamp> Volcane: I am :-)
[2010/06/16 09:57:31] <plathrop> Volcane has something cool built on top of mcollective, but if you don't have an mcollective fabric in place, you can also do what I did at Digg:
[2010/06/16 09:57:43] @ Olly_ joined channel #puppet
[2010/06/16 09:58:18] <Olly_> trying to get puppet master / client running on Ubuntu 10.4 using the ubuntu packages
[2010/06/16 09:58:33] <plathrop> Which is use some arbitrary unique info (I chose IP address) and do some math to map that into cron job timing
[2010/06/16 09:58:36] <Olly_> i am getting these error messages: http://gist.github.com/440955 when i run puppetd --server puppet.example.com --waitforcert 60 --test
[2010/06/16 09:58:38] <Olly_> any ideas?
[2010/06/16 09:58:55] <plathrop> I converted the IP into an int and calculated mod 30 to spread them out over a 30 minute run
[2010/06/16 09:59:06] <Lunar_Lamp> plathrop: I had considered that tbh - I was hoping that puppet would be smart enough to deal with it though.
[2010/06/16 09:59:09] <plathrop> It's a hack, but it worked.
[2010/06/16 09:59:38] <plathrop> Volcane: did you file a ticket about the problem that I can upvote?
[2010/06/16 09:59:38] @ Quit: poison: Read error: Connection reset by peer
[2010/06/16 09:59:46] <Volcane> for splay?
[2010/06/16 09:59:46] @ poison joined channel #puppet
[2010/06/16 09:59:50] <plathrop> yah
[2010/06/16 09:59:59] <plathrop> brb, meeting
[2010/06/16 10:00:04] <Volcane> no, the ticket would be 'this is a crap idea, make it all better' :)
[2010/06/16 10:00:04] @ plathrop is now known as plathrop-meeting
[2010/06/16 10:00:06] <Lunar_Lamp> If there's somewhere I can upvote splay being dodgy - I'd be all for it.
[2010/06/16 10:00:16] <Volcane> which wont work
[2010/06/16 10:01:30] <Lunar_Lamp> Surely the correct logic would be:
[2010/06/16 10:02:04] <Lunar_Lamp> on startup of puppet, sleep for a random interval where that interval is < the check interval. After the first check has been performed, check every checkinterval.
[2010/06/16 10:02:15] <Lunar_Lamp> Or am I missing an obvious failure scenario there?
[2010/06/16 10:02:43] <Lunar_Lamp> Anyway - it's 6pm - I'm going home.
[2010/06/16 10:02:58] <Volcane> Lunar_Lamp: problem is runs can take varying amount of times
[2010/06/16 10:02:58] <bitfield> hour => inline_template("<%= ip.hash % 24 %>") is the usual sort of pattern
[2010/06/16 10:03:14] <Volcane> Lunar_Lamp: so it can end up running too soon again making hte problem worse
[2010/06/16 10:03:24] <Volcane> problem being the master cant cope with high concurrency
[2010/06/16 10:03:40] <bitfield> but running mcollective is probably the right solution :)
[2010/06/16 10:05:10] @ Quit: jcape: Remote host closed the connection
[2010/06/16 10:05:28] @ jcape joined channel #puppet
[2010/06/16 10:10:22] @ Quit: jcape: Ping timeout: 258 seconds
[2010/06/16 10:18:12] @ ckauhaus joined channel #puppet
[2010/06/16 10:19:57] @ Quit: alban2: Ping timeout: 240 seconds
[2010/06/16 10:20:48] @ labrown joined channel #puppet
[2010/06/16 10:21:59] @ Quit: jdcasey: Remote host closed the connection
[2010/06/16 10:27:53] @ thekad is now known as thekad-afk
[2010/06/16 10:27:56] @ PhabX joined channel #puppet
[2010/06/16 10:33:17] @ adrian_broher joined channel #puppet
[2010/06/16 10:34:06] @ thekad-afk is now known as thekad
[2010/06/16 10:39:30] @ alban2 joined channel #puppet
[2010/06/16 10:40:06] @ mccune joined channel #puppet
[2010/06/16 10:41:52] @ Quit: jeffmccune: Ping timeout: 245 seconds
[2010/06/16 10:41:52] @ mccune is now known as jeffmccune
[2010/06/16 10:42:27] @ Quit: felipe`: Ping timeout: 276 seconds
[2010/06/16 10:43:35] @ plathrop-meeting is now known as plathrop
[2010/06/16 10:43:44] @ Quit: Olly_: Quit: This computer has gone to sleep
[2010/06/16 10:45:36] @ Quit: acrollet: Quit: acrollet
[2010/06/16 10:46:08] @ jcape joined channel #puppet
[2010/06/16 10:47:58] @ Quit: alban2: Ping timeout: 252 seconds
[2010/06/16 10:53:57] @ Quit: oremj: Remote host closed the connection
[2010/06/16 10:58:04] @ flooose joined channel #puppet
[2010/06/16 11:01:21] @ rmiller4pi81 joined channel #puppet
[2010/06/16 11:01:21] @ Quit: rmiller4pi8: Read error: Connection reset by peer
[2010/06/16 11:01:21] @ Quit: cliff-hm: Ping timeout: 258 seconds
[2010/06/16 11:01:35] @ Quit: rmiller4pi81: Client Quit
[2010/06/16 11:02:01] @ rmiller4pi8 joined channel #puppet
[2010/06/16 11:03:11] <Lunar_Lamp> mcollective?
[2010/06/16 11:04:23] <plathrop> Lunar_Lamp: yeah, Volcane wrote it, it's made of awesome.
[2010/06/16 11:04:31] @ Quit: ckauhaus: Read error: Operation timed out
[2010/06/16 11:04:34] <plathrop> http://code.google.com/p/mcollective/
[2010/06/16 11:04:51] <Volcane> Lunar_Lamp: the main difference is mcollective schedular for puppet is aware of the whole network
[2010/06/16 11:05:02] <Volcane> Lunar_Lamp: and when scheduling runs it constraints the concurrent runs to a capped limit
[2010/06/16 11:05:07] @ Quit: ahasenack: Remote host closed the connection
[2010/06/16 11:05:10] <Lunar_Lamp> Hmm
[2010/06/16 11:05:24] <Volcane> Lunar_Lamp: and makes sure that how many ever machines you have it finishes them all in the assigned time - if there's enough resources
[2010/06/16 11:05:42] <Lunar_Lamp> Let's get the important question out of the way first: as someone very new to puppet, is it something I'm realistically going to be able to play with?
[2010/06/16 11:06:07] <plathrop> Lunar_Lamp: technically mcollective is orthogonal to puppet. They are complementary tools
[2010/06/16 11:06:09] <Volcane> Lunar_Lamp: and say you're doing --test runs by hand, the schedular will back down and stop scheduling machines if they would go over the resource constraints you set so they dont take your resources
[2010/06/16 11:06:35] @ cliff-hm joined channel #puppet
[2010/06/16 11:06:45] <Volcane> Lunar_Lamp: its a orchastration framework but has some nice integration with puppet and other tools like that
[2010/06/16 11:06:46] <Lunar_Lamp> (I'm watching the video on the linked page now)
[2010/06/16 11:07:53] @ ahasenack joined channel #puppet
[2010/06/16 11:08:04] @ ckauhaus joined channel #puppet
[2010/06/16 11:08:24] <Volcane> plathrop: how are you doing node classification on ec2?
[2010/06/16 11:09:33] @ lilnick joined channel #puppet
[2010/06/16 11:09:39] <plathrop> Volcane: I haven't got that far yet. My nebulous thought is to assign a role via userdata at provisioning time, but I'm not sure
[2010/06/16 11:09:50] <Volcane> yeah
[2010/06/16 11:10:11] <plathrop> Because a node's role isn't going to change over it's lifetime.
[2010/06/16 11:10:26] <Volcane> will you configure them up from the ground every boot?
[2010/06/16 11:10:58] <Volcane> or use puppet to build ami's that fill various roles?
[2010/06/16 11:11:06] <Volcane> and boot them ready to go ?
[2010/06/16 11:11:17] <plathrop> Ground-up
[2010/06/16 11:11:23] <plathrop> We don't want to maintain a bunch of AMIs
[2010/06/16 11:11:35] <Volcane> currently finding it hard to figure out if a puppet run is actually 100% succesful
[2010/06/16 11:11:39] <Volcane> 2.6 will make this easier
[2010/06/16 11:11:52] <plathrop> s/hard/nearly impossible/
[2010/06/16 11:11:53] @ Quit: bitfield: Quit: Leaving.
[2010/06/16 11:11:54] <Volcane> ie hard to determine when a node a is ready ready to be put into the LB
[2010/06/16 11:11:57] <plathrop> I've tackled that a couple times
[2010/06/16 11:12:00] <ReinH> zipkid: definitely
[2010/06/16 11:12:03] <plathrop> It's basically not possible.
[2010/06/16 11:12:25] <Volcane> plathrop: sure, well i can just go look on the master at the report with mc :P
[2010/06/16 11:13:03] <Volcane> plathrop: if during the provision cycle i ever get to the point where there's been no more changes, bang it into the lb
[2010/06/16 11:13:13] @ jdcasey joined channel #puppet
[2010/06/16 11:13:49] <Volcane> but yes, its meh. there's a --detailed-exitcodes patch for puppetd i see
[2010/06/16 11:13:57] <Volcane> hope its in 2.6 and it actually does useful things
[2010/06/16 11:16:07] @ Quit: fruitcake: Ping timeout: 260 seconds
[2010/06/16 11:18:11] <Volcane> stages will also help i guess
[2010/06/16 11:22:42] @ Quit: poison: Remote host closed the connection
[2010/06/16 11:25:11] <Volcane> home time
[2010/06/16 11:25:29] <Tonnerre> mcollective seems to be pretty nice stuff to me
[2010/06/16 11:25:56] <Volcane> Tonnerre: thnx :) I should make a new intro video much has changed
[2010/06/16 11:26:10] <Tonnerre> Volcane, so I look forward to that ;)
[2010/06/16 11:26:23] <Volcane> but the basic concepts apply, now just with more enterprisey stuff like centralised auditing etc
[2010/06/16 11:26:34] <Volcane> ssl security plugins, fine grained authorization on every call
[2010/06/16 11:26:35] <Tonnerre> Should bring it to NetBSD too
[2010/06/16 11:26:38] <Volcane> that kind of hting
[2010/06/16 11:26:52] <Tonnerre> Volcane, helpful
[2010/06/16 11:26:54] <Volcane> i have it on freebsd
[2010/06/16 11:27:08] <Volcane> (in a vm, with 20 jails running 20 instances of mc) :)
[2010/06/16 11:27:27] <Tonnerre> Volcane, is it more than just installing a gem?
[2010/06/16 11:27:32] <Volcane> its not a gem
[2010/06/16 11:27:44] <Tonnerre> Hm ok
[2010/06/16 11:27:45] <Volcane> and u need middleware like activemq
[2010/06/16 11:28:04] <Volcane> somewhere, just one depending on your HA needs
[2010/06/16 11:28:22] @ macfly joined channel #puppet
[2010/06/16 11:29:24] <Volcane> anyway, time to go, back in 2hr or so
[2010/06/16 11:29:49] <Tonnerre> Volcane, get to your destination well then
[2010/06/16 11:36:01] @ Quit: ckauhaus: Ping timeout: 276 seconds
[2010/06/16 11:37:34] @ Quit: seanos: Quit: leaving
[2010/06/16 11:39:21] @ Quit: [GuS]: Quit: Konversation terminated!
[2010/06/16 11:39:22] @ lak joined channel #puppet
[2010/06/16 11:39:35] @ [GuS] joined channel #puppet
[2010/06/16 11:43:54] @ Quit: jcape: Ping timeout: 258 seconds
[2010/06/16 11:48:44] @ Quit: jdcasey: Ping timeout: 260 seconds
[2010/06/16 11:51:04] @ jdcasey joined channel #puppet
[2010/06/16 11:53:04] @ Quit: labrown: Remote host closed the connection
[2010/06/16 11:56:17] @ pting joined channel #puppet
[2010/06/16 12:00:23] @ Quit: fluxdude: Ping timeout: 258 seconds
[2010/06/16 12:02:16] @ zorzar_ joined channel #puppet
[2010/06/16 12:04:13] @ Quit: zorzar: Ping timeout: 264 seconds
[2010/06/16 12:05:38] @ jcape joined channel #puppet
[2010/06/16 12:11:02] <jbooth> I looked at mc but decided I wasn't up to that much setup mess when it isn't offering me a ton over basic ssh right now.
[2010/06/16 12:11:30] @ Quit: cliff-hm: Ping timeout: 258 seconds
[2010/06/16 12:11:50] <jbooth> I'll probably dig it once I hit that level of complexity
[2010/06/16 12:15:39] @ labrown joined channel #puppet
[2010/06/16 12:15:45] @ ialien joined channel #puppet
[2010/06/16 12:18:19] @ seanos joined channel #puppet
[2010/06/16 12:22:01] @ Quit: jameswhite: Remote host closed the connection
[2010/06/16 12:26:07] @ jameswhite joined channel #puppet
[2010/06/16 12:26:18] @ itguru joined channel #puppet
[2010/06/16 12:26:49] @ TREllis joined channel #puppet
[2010/06/16 12:27:54] <ashp> our security manager emailed me a pastebin i once put up while asking for help here like i had leaked out the crown jewels
[2010/06/16 12:28:08] <ashp> it's a list of nfs mounts and a node statement, geez, is he that bored that he's trolling pastebin
[2010/06/16 12:28:18] <ashp> gonna deface our website to keep him busy
[2010/06/16 12:29:11] @ tessier_ joined channel #puppet
[2010/06/16 12:32:45] <Volcane> jbooth: yeah for small setups its probably not worth it or if you already have a wicked cmdb or something
[2010/06/16 12:33:20] @ Quit: MPSimmons: Quit: Leaving.
[2010/06/16 12:35:17] <jbooth> Anyone know if parsedfile as a provider parent can handle complex multi-line junk?
[2010/06/16 12:35:23] @ itguru_ joined channel #puppet
[2010/06/16 12:36:10] @ Quit: itguru: Read error: Connection reset by peer
[2010/06/16 12:37:25] @ HouseAway is now known as AimanA
[2010/06/16 12:37:35] <Volcane> jbroome: it cant
[2010/06/16 12:40:33] @ Quit: jaredrhine: Quit: Leaving.
[2010/06/16 12:40:51] <tessier_> Hello all. I am having some sort of key issue with puppet-0.25.4-1.el5. I cloned the disk for one machine to make another. Then I deleted all of the keys from it (or so I thought) and reran puppet. Now something is out of sync. The client logs: puppetd[19736]: Did not receive certificate
[2010/06/16 12:41:18] <tessier_> How do I get it to re-establish trust with the puppetmaster?
[2010/06/16 12:41:25] <joe-mac> by re signing all the certs
[2010/06/16 12:41:35] <jbooth> Volcane: No end-of-line \ love. Bah.
[2010/06/16 12:41:36] <tessier_> There are no signing requests on the puppetmaster
[2010/06/16 12:41:39] <joe-mac> you should have just kept all the keys in place really
[2010/06/16 12:41:45] @ sdog joined channel #puppet
[2010/06/16 12:41:48] <tessier_> Yeah, I know I probably messed up there.
[2010/06/16 12:41:49] @ Quit: sdog: Changing host
[2010/06/16 12:41:49] @ sdog joined channel #puppet
[2010/06/16 12:41:52] <joe-mac> yea to get a new csr you most likely ghave to clear the nodes out too
[2010/06/16 12:41:59] <tessier_> And actually, I do still have a bunch of stuff in /var/lib/puppet/ssl/certificate_requests/
[2010/06/16 12:42:09] <joe-mac> but puppetca -l doesn't show them?
[2010/06/16 12:42:24] <tessier_> On the client? No, it doesn't.
[2010/06/16 12:42:47] @ sdog left channel #puppet ()
[2010/06/16 12:42:56] @ Quit: itguru_: Ping timeout: 258 seconds
[2010/06/16 12:45:54] @ Quit: BLZbubba: Ping timeout: 260 seconds
[2010/06/16 12:46:50] <ashp> argh, this machine is messing up the interfaces because I don't have a /etc/mactab
[2010/06/16 12:47:05] @ poison joined channel #puppet
[2010/06/16 12:52:50] <tessier_> I just reinstalled the puppet rpm and blew away all of the old keys and restarted puppet and it's all good now. Thanks.
[2010/06/16 12:53:22] @ Quit: notbrien: Quit: notbrien
[2010/06/16 12:54:05] <joe-mac> wtf is /etc/mactab?
[2010/06/16 12:54:29] <mackn> is it some strange slowarisism?
[2010/06/16 12:54:40] <mackn> it sounds slowarish to me
[2010/06/16 12:54:40] <Volcane> mac address to network card name mappings
[2010/06/16 12:54:42] <joe-mac> i thinm it's pre-udecv
[2010/06/16 12:54:48] <joe-mac> i don't think that has existed for years
[2010/06/16 12:54:56] <Volcane> for linux
[2010/06/16 12:55:10] <joe-mac> right- is it still used elsehwere?
[2010/06/16 12:55:23] <Volcane> not sure :)
[2010/06/16 12:55:29] <joe-mac> it's not on my obsd boxen
[2010/06/16 12:55:43] <Volcane> given how rubbish hp machines tend to shuffle nics around randomly i can totally see the usefulness
[2010/06/16 12:56:04] <joe-mac> heh /etc/udev.d/SXXnetwork-interfaces
[2010/06/16 12:56:10] <joe-mac> whatever the file is
[2010/06/16 12:56:15] @ mkeeler joined channel #puppet
[2010/06/16 12:56:39] @ Quit: mkeeler: Client Quit
[2010/06/16 12:57:14] @ alban2 joined channel #puppet
[2010/06/16 12:58:22] <nico> Volcane: is there a manufacturer you like ? :D
[2010/06/16 12:58:29] @ Quit: [GuS]: Remote host closed the connection
[2010/06/16 12:58:31] <Volcane> i like ibm mostly
[2010/06/16 12:58:39] <Volcane> except the raid cards in the new machines
[2010/06/16 12:58:42] <nico> :)
[2010/06/16 12:58:46] <Volcane> its like nostalgia trip to geocities
[2010/06/16 12:59:17] <Volcane> http://www.youtube.com/watch?v=StvDPOEcVtM
[2010/06/16 12:59:20] <Volcane> wtf seriously
[2010/06/16 13:01:09] @ Quit: toi: Quit: Ex-Chat
[2010/06/16 13:01:32] <Volcane> these new 12 disk 2U machines are way way kewl
[2010/06/16 13:03:59] <nico> Volcane: http://bit.ly/bRO888 ?
[2010/06/16 13:04:36] <Volcane> heh
[2010/06/16 13:04:38] <Kiloman> good lord somebody hates my eyes
[2010/06/16 13:04:53] <Volcane> that woul improve the raid card controller
[2010/06/16 13:06:19] <nico> Volcane: this is GREEN IT
[2010/06/16 13:06:47] <fsweetser> it's not quite so... painful... if you ctrl-a and highlight all of the text
[2010/06/16 13:07:15] @ olly_ joined channel #puppet
[2010/06/16 13:09:56] @ Quit: lak: Quit: lak
[2010/06/16 13:11:29] <olly_> i'm trying to get a puppet client's certificate signed
[2010/06/16 13:11:52] <olly_> the server sees the request: info: Could not find certificate for 'balancer.boomer.local'
[2010/06/16 13:12:00] <olly_> but puppetca doesn't list anything
[2010/06/16 13:12:38] <olly_> is there some mechanism outright rejecting it? because it doesn't come from an allowed ip range?
[2010/06/16 13:12:40] <Volcane> so it wasnt sent properly
[2010/06/16 13:13:22] @ rmiller joined channel #puppet
[2010/06/16 13:13:47] <rmiller> hey, I'm having an issue with puppet literally bogging down a 16 core box... any known issues that would cause all the ruby threads to spin at 100%?
[2010/06/16 13:16:00] <olly_> Volcane: (talking to me?) why might it not be sent properly? by the looks of the puppetmaster output it looks like it is receiving an auth request: http://gist.github.com/441206
[2010/06/16 13:16:24] <joe-mac> rmiller what version fo puppet what version of ruby what os
[2010/06/16 13:16:28] <joe-mac> this is the master or puppetd?
[2010/06/16 13:16:46] <rmiller> master. centos 5.4, puppet 0.25.4, ruby.. ummm
[2010/06/16 13:16:57] <rmiller> ruby 1.9.7
[2010/06/16 13:17:00] <rmiller> er 1.8.7
[2010/06/16 13:17:08] <Kiloman> no mongrel/nginx?
[2010/06/16 13:17:14] <rmiller> using passenger
[2010/06/16 13:17:19] @ Quit: bleon: Remote host closed the connection
[2010/06/16 13:17:26] <Volcane> olly_: rm the files in /var/lib/puppet/ssl/* on the client and run puppetd --test. put the output on pastie.org
[2010/06/16 13:17:38] <joe-mac> rmiller this just started happening out of nowhere?
[2010/06/16 13:17:50] <rmiller> I think it might have to do with reporting but I can't even figure out how to debug it
[2010/06/16 13:18:22] <zahna> what is the default var location for puppet data in puppet 0.25.5? /var/puppet or /var/lib/puppet?
[2010/06/16 13:18:33] <rmiller> when I strace the process it seems to be replaying a RackRewindableInput file
[2010/06/16 13:18:35] <joe-mac> can you firewall off all nodes and only allwo one test node, put apache in debug mode, put puppetmasterd in debug mode, and then save the logs?
[2010/06/16 13:18:56] <joe-mac> i mean just cutting off all the nodes should tell you something too
[2010/06/16 13:19:08] <joe-mac> if you firewall off all running nodes and it's still at 100 something is seriously wrong in general...
[2010/06/16 13:19:22] <olly_> Volcane: no ssl directory. do i need to generate a certificate
[2010/06/16 13:19:44] <rmiller> I can try that but I think I know what'll happen, because I think that the input is getting sent to the file faster than it can be processed
[2010/06/16 13:19:55] @ Quit: jcape: Remote host closed the connection
[2010/06/16 13:20:13] <rmiller> ok, first approach: Is there any way to turn off reporting entirely, at the server, to not even allow reports?
[2010/06/16 13:20:18] @ jcape joined channel #puppet
[2010/06/16 13:25:17] @ Quit: flooose: Ping timeout: 240 seconds
[2010/06/16 13:26:07] <olly_> Volcane: removed everything in /var/lib/puppet/ssl/. ran `puppetd --server operations.Boomer.local --test` output: http://gist.github.com/441215
[2010/06/16 13:26:59] <Volcane> olly_: and now puppetca --list on the operations? run it as root properly not sudo
[2010/06/16 13:29:54] <olly_> Volcane, OK great that works. Think I may have ran the command not as root accidentally
[2010/06/16 13:30:10] <Volcane> ok
[2010/06/16 13:30:17] @ Quit: TREllis: Quit: leaving
[2010/06/16 13:31:08] @ Quit: nexx: Quit: quit
[2010/06/16 13:39:12] <rmiller> yeah... I think reports are getting backed up.
[2010/06/16 13:39:22] @ Quit: rmiller4pi8: Ping timeout: 245 seconds
[2010/06/16 13:43:47] @ Quit: RDove: Read error: Connection reset by peer
[2010/06/16 13:44:56] @ Quit: zorzar_: Remote host closed the connection
[2010/06/16 13:45:11] @ zorzar joined channel #puppet
[2010/06/16 13:50:11] <olly_> is there anyway to let the fileserver serve files to clients that have signed certificates
[2010/06/16 13:50:34] <olly_> seems a bit weird to also have to allow by ip address in /etc/puppet/fileserver.conf
[2010/06/16 13:51:51] @ anvil14 joined channel #puppet
[2010/06/16 13:52:02] <anvil14> good afternoon all
[2010/06/16 13:52:18] @ Quit: allsystemsarego: Quit: Leaving
[2010/06/16 13:52:30] <joe-mac> OHAI
[2010/06/16 13:52:32] <anvil14> I'm having a problem with ssh_authorized_key I'm getting error: key_read: uudecode
[2010/06/16 13:52:49] <rmiller> yup. it appears to have been the reports.
[2010/06/16 13:53:09] <rmiller> puppet apparently takes an incredibly long time to process them and when there are too many servers on the puppet server, it backs up.
[2010/06/16 13:53:23] <anvil14> the format of the authorized_hosts file looks correctly
[2010/06/16 13:53:26] <Volcane> olly_: it takes wildcards
[2010/06/16 13:54:14] <joe-mac> rmiller: this happened out of nowhere? you can off load reports to a diff server btw
[2010/06/16 13:54:15] <anvil14> http://pastie.org/1007559
[2010/06/16 13:54:57] <rmiller> I know, but at the moment they're not 100% necessary so I'm turning them off
[2010/06/16 13:55:15] <rmiller> it happened when I turned reports on. :)
[2010/06/16 13:55:17] @ Quit: cmoates: Quit: Leaving
[2010/06/16 13:55:29] <olly_> Volcane, yeah i get that. but is there a reason why the configuration (catalogs? is that the correct terminology?) needs to have a signed cert to access? whilst the files are based on ip ranges?
[2010/06/16 13:55:42] <olly_> Volcane, i'm sure there is a reason. but i'm new and don't understand it
[2010/06/16 13:56:07] <Volcane> olly_: only machines with signed certs can access the fileserver, but you can have additional restrictions to say staging cant access a production file store
[2010/06/16 13:56:39] <olly_> Volcane, ohh ok. that makes sense. thanks
[2010/06/16 13:57:42] <joe-mac> bahh, nico hey you managing pf.conf with puppet? Any special sauce or just serving it out and re loading if it parses/
[2010/06/16 13:59:25] <anvil14> well, thx all I fixed it :p
[2010/06/16 14:00:02] <anvil14> turns out I had an extra A at the start of my key
[2010/06/16 14:00:16] <anvil14> not sure how it got there but it works now
[2010/06/16 14:02:32] @ Determinist joined channel #puppet
[2010/06/16 14:04:53] @ Quit: Determinist: Remote host closed the connection
[2010/06/16 14:05:08] @ andrew3 joined channel #puppet
[2010/06/16 14:06:26] @ Determinist joined channel #puppet
[2010/06/16 14:08:36] @ joe-mac left channel #puppet ()
[2010/06/16 14:08:43] @ cynicismic joined channel #puppet
[2010/06/16 14:10:55] <rmiller> quit
[2010/06/16 14:10:57] @ Quit: rmiller: Quit: leaving
[2010/06/16 14:13:01] @ WALoeIII joined channel #puppet
[2010/06/16 14:14:40] @ Quit: ialien: Ping timeout: 252 seconds
[2010/06/16 14:16:11] @ marcellods_ joined channel #puppet
[2010/06/16 14:16:52] <marcellods_> \quit
[2010/06/16 14:17:00] @ marcellods_ left channel #puppet ()
[2010/06/16 14:17:53] <Tonnerre> Why did he try to escape the q?
[2010/06/16 14:18:04] <marcellods> sorry
[2010/06/16 14:19:52] @ jaredrhine joined channel #puppet
[2010/06/16 14:24:48] @ felipe` joined channel #puppet
[2010/06/16 14:25:15] @ plathrop is now known as plathrop-away
[2010/06/16 14:29:19] @ Quit: reyjrar: Quit: Leaving.
[2010/06/16 14:32:15] @ acrollet joined channel #puppet
[2010/06/16 14:32:52] @ itguru joined channel #puppet
[2010/06/16 14:34:49] @ Quit: lwhalen: Ping timeout: 264 seconds
[2010/06/16 14:37:36] @ Diranged joined channel #puppet
[2010/06/16 14:38:30] <Diranged> ok.. $serverip only gets set if your connecting to a remote puppet master. now for those nodes that are using local puppet configs (only a few..) i'd like to set $serverip to a specific ip. in the defaults.pp file in my default node definition where i have all of my variables, can i do something like an "if $serverip {} else { serverip=someip}"?
[2010/06/16 14:39:15] <Volcane> what do you do with $serverip? just out of curiosity
[2010/06/16 14:39:33] @ ad4m joined channel #puppet
[2010/06/16 14:40:06] <Diranged> Volcane: we're going to have several datacenters… each datacenter will get a local puppetmaster that is completely isolated from the other datacenters. I want to be able to say 'puppetd —server serverA.mydomain.com -t' and have it self-configur that node, and that node forever uses serverA.mydomain.com as its puppet server..
[2010/06/16 14:40:33] <ad4m> if do 'require classA' inside classB, does that mean that everything in classA is done before anything in classB?
[2010/06/16 14:40:49] <jbooth> ad4m: No.
[2010/06/16 14:40:55] <Volcane> Diranged: surely doing that through dns search or something is a better option?
[2010/06/16 14:40:58] <jbooth> ad4m: Well... it should. But it is buggy.
[2010/06/16 14:41:11] <ad4m> jbooth: yeah, i was going to say it doesn't seem to work that way. any ideas on how i can accomplish that?
[2010/06/16 14:41:16] <Volcane> Diranged: anyway, yes you can do an if like that you might just need to do some noop style thing in the first {}, but puppet now also have ! operator
[2010/06/16 14:41:48] <Diranged> jbooth: not for our environment I dont think.. though we'll figure that out soon enough :)
[2010/06/16 14:42:00] <Diranged> Volcane: what do you mean by noop style thing?
[2010/06/16 14:43:04] <jbooth> ad4m: Just depend on the individual stuff inside class a you need
[2010/06/16 14:43:15] <jbooth> ad4m: Alternately you can require=>Class["classa"] but...
[2010/06/16 14:43:43] <Volcane> actually that should just work
[2010/06/16 14:43:58] <Volcane> older puppet had issues iwth empty {}'s
[2010/06/16 14:44:03] <Diranged> ah
[2010/06/16 14:44:05] <Diranged> i see
[2010/06/16 14:44:18] <ad4m> i've got a class which consists of a bunch of package resources, but in order to be able to install those packages with apt, i need to add some new sources to apt, so i want the class that adds the apt sources to be executed before the class holding all the packages
[2010/06/16 14:44:33] <ad4m> i don't really want to add a require to each package resource definition
[2010/06/16 14:46:15] <ad4m> jbooth: what do you mean by depend on the stuff in class a? do you mean add require's to each package resource definition?
[2010/06/16 14:50:05] @ Quit: jdcasey:
[2010/06/16 14:50:42] <ad4m> is there a better approach to this problem that will accomplish what i'm trying to do?
[2010/06/16 14:51:17] <Volcane> ad4m: Package { require => Class["apt"] } in site.pp
[2010/06/16 14:51:37] <Volcane> ad4m: sets a default require - BUT if you then set a specific require it will 'loose' this default and you'd need to set it again
[2010/06/16 14:51:55] <Volcane> ad4m: else wrap package installs in a define - and always set the require in the define
[2010/06/16 14:51:57] <jbooth> In general stages would be the right way to do it, but we don't have them yet. They're coming in the next version of puppet.
[2010/06/16 14:52:35] <Volcane> cant wait yeah
[2010/06/16 14:53:00] <ad4m> i just need these apt sources for a specific set of packages, not every package and not all systems i'm managing through puppet will need this special set of packages, so i don't want the additional source added across everything
[2010/06/16 14:53:44] <Volcane> ad4m: then put all of them in a class: class oddpackages { Package { require => Class["apt"] } .....do package resources here }
[2010/06/16 14:53:54] <Volcane> ad4m: and just include oddpackages where needed
[2010/06/16 14:54:43] <ad4m> so the Package default require i'd be adding will stick to the local scope?
[2010/06/16 14:54:45] <Volcane> ad4m: or use this kind of syntax for many packages at a time http://pastie.org/1007645
[2010/06/16 14:55:09] <Volcane> ad4m: yeah it honors scope
[2010/06/16 14:56:22] <ad4m> Volcane: that pastie won't work for me because i'm defining specific versions for each package, not using ensure => present
[2010/06/16 14:57:01] <Volcane> then do a class
[2010/06/16 14:57:07] <ad4m> so i guess it's define a new resource type to auto require the apt sources class or define a default require for package resources in the class
[2010/06/16 14:57:19] @ Quit: jcape: Remote host closed the connection
[2010/06/16 14:57:25] <ad4m> any gotchas with the latter?
[2010/06/16 14:57:38] @ jcape joined channel #puppet
[2010/06/16 14:57:44] <ad4m> jbooth said earlier require => Class[.... but followed it with a 'but'
[2010/06/16 14:58:17] <Volcane> ad4m: http://pastie.org/1007655
[2010/06/16 14:58:45] <ad4m> ya, i was about to do the same thing before i decided to hop on here
[2010/06/16 14:59:31] <ad4m> but changing the Package require default for the local scope sounds more appealing
[2010/06/16 15:01:00] @ Quit: ajbourg: Quit: ajbourg
[2010/06/16 15:02:01] <olly_> could someone explain to me the difference between require and include?
[2010/06/16 15:02:15] <Kiloman> Volcane: how about:
[2010/06/16 15:02:15] <Kiloman> Package { require => Class['apt] }
[2010/06/16 15:02:15] <Kiloman> package { foo: ensure => 1.2.3, require +> Package["otherpackage"] }
[2010/06/16 15:02:22] @ ezmobius joined channel #puppet
[2010/06/16 15:02:52] <Volcane> might work, i never tend to do this kind of thing
[2010/06/16 15:02:53] <Kiloman> use "plusignment"
[2010/06/16 15:03:08] @ Quit: jaredrhine: Quit: Leaving.
[2010/06/16 15:03:09] <Kiloman> available since 0.23 or so
[2010/06/16 15:03:55] <Volcane> nods, i know about it just dont trust it much :)
[2010/06/16 15:04:14] <Kiloman> it does look a little shifty!
[2010/06/16 15:04:18] <jbooth> I'm with Volcane there.
[2010/06/16 15:04:18] @ Quit: anvil14: Quit: anvil14
[2010/06/16 15:04:54] <Volcane> its kind of a thing that you think works, and then you get screwed over when execution order changes
[2010/06/16 15:05:00] <Volcane> in this case its probably safe
[2010/06/16 15:05:08] <Volcane> in general, i am unconvinced
[2010/06/16 15:05:17] <Kiloman> yeah that's the problem I suppose
[2010/06/16 15:05:46] <Kiloman> puppets execution ordering is inconsistent at best if left to its own devices
[2010/06/16 15:05:54] <Kiloman> at least that's always how it seems
[2010/06/16 15:05:54] <Volcane> thats the design yes
[2010/06/16 15:07:12] @ Quit: gospch: Remote host closed the connection
[2010/06/16 15:09:54] @ jaredrhine joined channel #puppet
[2010/06/16 15:10:19] @ Quit: jaredrhine: Client Quit
[2010/06/16 15:10:54] @ jcape left channel #puppet ()
[2010/06/16 15:12:58] @ jaredrhine joined channel #puppet
[2010/06/16 15:13:31] @ Quit: ssm: Ping timeout: 260 seconds
[2010/06/16 15:20:18] @ itguru_ joined channel #puppet
[2010/06/16 15:21:13] @ Quit: itguru: Ping timeout: 260 seconds
[2010/06/16 15:24:17] @ Quit: bgupta: Quit: bgupta
[2010/06/16 15:26:29] <Diranged> http://www.pastie.org/1007680
[2010/06/16 15:26:39] <Diranged> im not sure whats going on.. new puppetmasterd server is giving this error when a client tires to connect
[2010/06/16 15:26:41] <Diranged> er tries
[2010/06/16 15:33:15] @ Quit: jab_doa: Quit: Verlassend
[2010/06/16 15:38:50] @ Quit: kaptk2: Quit: Leaving.
[2010/06/16 15:43:25] @ Quit: adrian_broher: Quit: Verlassend
[2010/06/16 15:44:00] @ Quit: pheezy: Remote host closed the connection
[2010/06/16 15:44:38] @ Quit: itguru_: Ping timeout: 258 seconds
[2010/06/16 15:44:41] <eric0> can you run puppetmasterd by itself as the userid who owns your config.ru ?
[2010/06/16 15:46:53] @ Bevo joined channel #puppet
[2010/06/16 15:47:40] @ Transformer joined channel #puppet
[2010/06/16 15:50:49] @ Quit: Transformer: Excess Flood
[2010/06/16 15:55:55] @ sebas891 left channel #puppet ()
[2010/06/16 16:02:52] @ Transformer joined channel #puppet
[2010/06/16 16:04:09] @ jcape joined channel #puppet
[2010/06/16 16:04:13] @ lwhalen joined channel #puppet
[2010/06/16 16:04:41] @ theriffer joined channel #puppet
[2010/06/16 16:06:26] @ Quit: Transformer: Excess Flood
[2010/06/16 16:10:34] @ anvil14 joined channel #puppet
[2010/06/16 16:14:50] @ bobinabottle joined channel #puppet
[2010/06/16 16:16:26] @ OpenMedia joined channel #puppet
[2010/06/16 16:16:51] @ Quit: labrown: Quit: Leaving
[2010/06/16 16:18:32] <Diranged> looks like its a permissions issue with puppetmasterd and my ssl certs..
[2010/06/16 16:19:02] @ Quit: lutter: Quit: Leaving.
[2010/06/16 16:19:10] <Diranged> er
[2010/06/16 16:19:11] <Diranged> no
[2010/06/16 16:19:48] <Diranged> so yes, i can run puppetmasterd as the puppet user just fine
[2010/06/16 16:20:10] @ Quit: jaredrhine: Ping timeout: 252 seconds
[2010/06/16 16:20:58] @ Quit: olly_: Quit: Leaving
[2010/06/16 16:22:14] @ Quit: ezmobius: Remote host closed the connection
[2010/06/16 16:24:04] <Diranged> this is just weird
[2010/06/16 16:24:13] <Diranged> puppetmasterd runs fine alone.. not with apache and passenger though
[2010/06/16 16:24:29] <Diranged> passenger 2.2.14, puppet 0.25.5
[2010/06/16 16:28:25] @ Quit: tonyskapunk: Quit: ERC Version 5.3 (IRC client for Emacs)
[2010/06/16 16:31:40] @ Quit: cynicismic: Quit: "beertime"
[2010/06/16 16:34:42] <mackn> i'm running puppet 0.25.4 on pass 2.2.11 just fine
[2010/06/16 16:36:00] <mackn> but i guess that doesn't help you at all :)
[2010/06/16 16:37:23] @ Quit: acrollet: Quit: acrollet
[2010/06/16 16:41:01] @ Quit: ahasenack: Quit: Leaving
[2010/06/16 16:44:19] @ johnf1 joined channel #puppet
[2010/06/16 16:44:58] <johnf1> anyone using an external CA with puppet?
[2010/06/16 16:47:53] @ Quit: jcape: Ping timeout: 258 seconds
[2010/06/16 16:49:52] <Diranged> perhaps i need an updated config.ru file for puppetmasterd..
[2010/06/16 16:49:57] <Diranged> can anyone post theirs?
[2010/06/16 16:50:33] <mackn> are you using the one from the tutoral?
[2010/06/16 16:50:47] <mackn> pretty much drop and go (after having it point to your certs)
[2010/06/16 16:51:19] <mackn> but again.. i'm using an older version of everything so again why am i trying to help hah
[2010/06/16 16:54:50] @ ssm joined channel #puppet
[2010/06/16 16:56:32] @ Quit: darkfade1: Ping timeout: 248 seconds
[2010/06/16 17:01:35] @ Bass10 joined channel #puppet
[2010/06/16 17:02:09] @ keyur joined channel #puppet
[2010/06/16 17:03:14] @ Quit: Bass10: Max SendQ exceeded
[2010/06/16 17:03:47] @ Bass10 joined channel #puppet
[2010/06/16 17:08:06] @ QMan joined channel #puppet
[2010/06/16 17:13:02] @ Quit: alfism: Quit: alfism
[2010/06/16 17:13:03] <russell_h> does puppet automatically order files based on their location?
[2010/06/16 17:13:22] <mackn> order files?
[2010/06/16 17:13:50] <russell_h> if I have a directory, and a file within it, do I have to specify that the file requires the directory?
[2010/06/16 17:14:17] <russell_h> I swear I read somewhere that puppet figures that out for you, but now I can't find it
[2010/06/16 17:15:03] <lilnick> If you don't make the directory a requirement and it doesn't exist then I believe the run will fail - unless there's some way to have it figure that out
[2010/06/16 17:15:50] <russell_h> http://bitcube.co.uk/content/puppet-errors-explained
[2010/06/16 17:15:51] <AngryParsley> puppet needs you to spell everything out
[2010/06/16 17:16:07] <russell_h> "(note that you don't need an explicit dependency as puppet will do that for you)"
[2010/06/16 17:16:49] @ pheezy joined channel #puppet
[2010/06/16 17:17:10] <russell_h> but I have no idea if thats actually correct
[2010/06/16 17:17:28] <lilnick> I'm not sure how it will 'do that for you' if it doesn't know it's a dependency
[2010/06/16 17:17:34] <Kiloman> if you need the directory to be created, you need to say so
[2010/06/16 17:17:42] <Kiloman> but you don't need to require => directory for the flile
[2010/06/16 17:17:53] <Kiloman> that's been my interpretation of that at least
[2010/06/16 17:18:06] <mackn> sounds reasonable
[2010/06/16 17:18:10] <Kiloman> it should figure the order out based on the path
[2010/06/16 17:18:17] <lilnick> If you create the directory first yes, and typically after multiple runs both will eventually work
[2010/06/16 17:18:27] <russell_h> uh
[2010/06/16 17:18:28] <lilnick> but I've had problems if the directory is defined after the file
[2010/06/16 17:18:40] <russell_h> I prefer systems to work without multiple runs
[2010/06/16 17:18:45] <lilnick> me too :)
[2010/06/16 17:18:47] <Kiloman> puppet: where order doesn't matter, except when it does.
[2010/06/16 17:18:57] <mackn> that's what the requires are for :)
[2010/06/16 17:19:14] <russell_h> sigh
[2010/06/16 17:22:40] <ReinH> if your configuration has dependencies, you should specify them
[2010/06/16 17:23:13] <lilnick> yeah, beside the functional effect - it helps someone getting acquainted with the configs understand how things work
[2010/06/16 17:24:25] <russell_h> why would you ever not want /foo/bar to depend on /foo ?
[2010/06/16 17:24:56] @ jaredrhine joined channel #puppet
[2010/06/16 17:25:17] <lilnick> well, do you make /etc a dependency for a file you put there?
[2010/06/16 17:25:42] <ReinH> lilnick: if it might not exist, why not?
[2010/06/16 17:25:50] <lilnick> no reason why not I guess
[2010/06/16 17:25:55] <ReinH> sounds reasonable enough to me
[2010/06/16 17:26:09] <ReinH> of course it does exist, so you don't
[2010/06/16 17:26:17] <russell_h> unless it doesn't
[2010/06/16 17:26:21] <mackn> heh
[2010/06/16 17:26:21] <ReinH> but then it isn't a perfect analogy
[2010/06/16 17:26:23] <ReinH> indeed
[2010/06/16 17:26:25] <mackn> nod
[2010/06/16 17:26:40] <russell_h> you might thin /usr/local exists - but it doesn't on a mac
[2010/06/16 17:26:47] <ReinH> indeed
[2010/06/16 17:26:55] <lilnick> but /etc does :)
[2010/06/16 17:26:58] <ReinH> :p
[2010/06/16 17:27:23] <russell_h> until they rename it /Configuration or somesuch
[2010/06/16 17:27:32] <russell_h> or just /Etc
[2010/06/16 17:27:41] * russell_h quits hating on macs
[2010/06/16 17:27:45] <lilnick> yes, then we can be oldschool and remember when it used to be...
[2010/06/16 17:27:54] @ btipling joined channel #puppet
[2010/06/16 17:28:19] <AngryParsley> /Etc might work. HFS+ is case-insensitive by default
[2010/06/16 17:29:58] @ Quit: Demosthenes: Ping timeout: 240 seconds
[2010/06/16 17:32:10] @ Demosthenes joined channel #puppet
[2010/06/16 17:34:26] @ Quit: nevyn: Ping timeout: 265 seconds
[2010/06/16 17:40:28] @ nightrav joined channel #puppet
[2010/06/16 17:41:27] @ johnf2 joined channel #puppet
[2010/06/16 17:41:53] @ Quit: johnf1: Read error: No route to host
[2010/06/16 17:43:25] @ nightrav left channel #puppet ()
[2010/06/16 17:44:15] @ Quit: mpdehaan: Ping timeout: 240 seconds
[2010/06/16 17:45:27] @ Quit: PhabX:
[2010/06/16 17:48:05] <ReinH> russell_h: :p
[2010/06/16 17:48:18] <ReinH> russell_h: actually there's no spec that says /usr/local should exist afaik
[2010/06/16 17:48:26] <ReinH> I mean, that's sort of what "/usr/local" is for...
[2010/06/16 17:49:55] <AngryParsley> it's just annoying to have to write more requires
[2010/06/16 17:53:07] @ crdant joined channel #puppet
[2010/06/16 17:55:36] @ Quit: WALoeIII: Quit: Bai.
[2010/06/16 17:55:38] @ Quit: filler: Ping timeout: 240 seconds
[2010/06/16 17:57:22] @ Quit: jaredrhine: Ping timeout: 264 seconds
[2010/06/16 17:59:34] @ filler joined channel #puppet
[2010/06/16 18:02:01] <ReinH> or... you could be happy that you can specify dependencies at all...
[2010/06/16 18:04:05] <hMz> haha
[2010/06/16 18:04:10] <hMz> no joke.
[2010/06/16 18:05:03] @ jcape joined channel #puppet
[2010/06/16 18:06:07] @ bgupta joined channel #puppet
[2010/06/16 18:06:38] @ Quit: theriffer: Quit: theriffer
[2010/06/16 18:12:03] @ nevyn joined channel #puppet
[2010/06/16 18:14:02] @ Quit: ad4m: Quit: ad4m
[2010/06/16 18:14:38] <eric0> ReinH: is following your git fork of dashboard an effective way of finding out what's going on with it?
[2010/06/16 18:18:19] @ cliff-hm joined channel #puppet
[2010/06/16 18:19:02] <ReinH> eric0: yeah
[2010/06/16 18:23:39] @ Quit: cliff-hm: Ping timeout: 260 seconds
[2010/06/16 18:30:07] @ KenjiPops joined channel #puppet
[2010/06/16 18:33:33] @ thekad is now known as thekad-afk
[2010/06/16 18:45:49] @ nick_ joined channel #puppet
[2010/06/16 18:46:10] @ nick_ is now known as nicklewis
[2010/06/16 18:46:35] @ nicklewis left channel #puppet ()
[2010/06/16 18:52:01] @ Quit: bgupta: Quit: bgupta
[2010/06/16 18:57:59] @ Quit: keyur: Quit: Leaving
[2010/06/16 19:12:22] @ alexine_dsouza joined channel #puppet
[2010/06/16 19:26:25] @ Quit: gmcquillan: Quit: gmcquillan
[2010/06/16 19:29:58] @ ad4m joined channel #puppet
[2010/06/16 19:34:43] @ jaredrhine joined channel #puppet
[2010/06/16 19:40:48] @ rmiller4pi8 joined channel #puppet
[2010/06/16 19:42:34] @ BLZbubba joined channel #puppet
[2010/06/16 20:02:38] @ Quit: gebi: Ping timeout: 240 seconds
[2010/06/16 20:10:12] @ Quit: ad4m: Quit: ad4m
[2010/06/16 20:16:38] @ Quit: Bass10: Ping timeout: 240 seconds
[2010/06/16 20:18:45] @ Quit: johnf2: Ping timeout: 240 seconds
[2010/06/16 20:34:24] @ p3rror joined channel #puppet
[2010/06/16 20:41:02] @ flooose joined channel #puppet
[2010/06/16 20:49:18] @ jcape left channel #puppet ()
[2010/06/16 20:50:30] @ Quit: p3rror: Ping timeout: 272 seconds
[2010/06/16 20:50:46] @ AimanA is now known as HouseAway
[2010/06/16 20:52:09] @ wilmoore joined channel #puppet
[2010/06/16 20:52:36] @ p3rror joined channel #puppet
[2010/06/16 21:00:51] @ Log started by gepetto
[2010/06/16 21:00:51] @ Joined channel #puppet
[2010/06/16 21:00:51] @ Topic is "Dashboard 1.0.0 released: http://bit.ly/cxZUas \| Puppet 0.25.5 released: http://bit.ly/beIuIm \| http://docs.puppetlabs.com \| Bugs & Feature Requests: http://bit.ly/ddjhPk"
[2010/06/16 21:00:51] @ Topic set by jamesturnbull!~jamesturn@pelin.lovedthanlost.net on Mon May 17 18:32:40 -0700 2010
[2010/06/16 21:00:55] @ Mode +cnt by gibson.freenode.net
[2010/06/16 21:01:53] @ Quit: jamesturnbull: Ping timeout: 260 seconds
[2010/06/16 21:12:03] @ gebi joined channel #puppet
[2010/06/16 21:12:06] <chadh> weird. when I run puppet by hand (with --test), it runs fine, but when the daemon runs, a couple of my augeas resources are failing
[2010/06/16 21:17:58] @ pinoyskull joined channel #puppet
[2010/06/16 21:22:09] @ Quit: KenjiPops: Quit: Leaving...
[2010/06/16 21:25:50] @ Quit: pheezy: Remote host closed the connection
[2010/06/16 21:29:40] @ rmiller4pi81 joined channel #puppet
[2010/06/16 21:31:13] @ Quit: rmiller4pi8: Ping timeout: 264 seconds
[2010/06/16 21:33:14] <nareshov> for some reason i'm unable to make symlinks with neither the file type nor the symlink type
[2010/06/16 21:37:03] <chadh> nareshov: symlink type?
[2010/06/16 21:37:29] <nareshov> symlink {
[2010/06/16 21:37:29] <nareshov> "/etc/glusterfs/glusterfsd.vol" :
[2010/06/16 21:37:29] <nareshov> ensure => "glusterfsd-$hostname.vol";
[2010/06/16 21:37:29] <nareshov> }
[2010/06/16 21:37:30] <nareshov> like that
[2010/06/16 21:37:50] <nareshov> symlink/file: neither is working :\
[2010/06/16 21:37:54] <chadh> nareshov: what if you specify the full path in the "ensure"
[2010/06/16 21:38:24] <nareshov> checking
[2010/06/16 21:39:27] <nareshov> didn't work
[2010/06/16 21:40:13] <chadh> are you getting any errors?
[2010/06/16 21:41:35] <nareshov> nothing related to this symlink creation though
[2010/06/16 21:41:51] <nareshov> just that i'm unable to trigger the service to start - because it depends on the existence of this symlink
[2010/06/16 21:44:42] <chadh> have you tried --debug. that should give you a little more info to help with debugging
[2010/06/16 21:44:59] <nareshov> i'm using debug
[2010/06/16 21:46:24] <chadh> do you see where the file/symlink resource is applied?
[2010/06/16 21:47:03] <nareshov> in the log?
[2010/06/16 21:47:15] <chadh> yeah, the debug output
[2010/06/16 21:47:31] <chadh> (I normally test by running 'puppetd --test --debug' on the console
[2010/06/16 21:47:35] <chadh> )
[2010/06/16 21:47:39] <nareshov> http://dpaste.com/208282/
[2010/06/16 21:47:42] <nareshov> same here
[2010/06/16 21:48:41] <chadh> there is no mention of the file/symlink resource there. Does that happen earlier in the log, or is it maybe getting skipped?
[2010/06/16 21:49:06] <nareshov> it's getting skipped
[2010/06/16 21:49:08] <nareshov> http://dpaste.com/208283/
[2010/06/16 21:49:11] <nareshov> that's my module
[2010/06/16 21:49:33] @ pheezy joined channel #puppet
[2010/06/16 21:50:31] <chadh> I am pretty sure you can't do both ensure and source. At least you didn't use to be able to
[2010/06/16 21:51:02] <nareshov> which lines are you referring to?
[2010/06/16 21:51:11] <chadh> nareshov: sorry. I'm an idiot
[2010/06/16 21:51:20] <nareshov> o_o
[2010/06/16 21:52:21] <chadh> you probably want to add a dependency between the symlink and the source file
[2010/06/16 21:53:10] <chadh> and you are including glusterfs::files, right? (sanity check)
[2010/06/16 21:53:18] @ Quit: pheezy: Remote host closed the connection
[2010/06/16 21:53:44] <nareshov> hm
[2010/06/16 21:56:23] <nareshov> ya
[2010/06/16 21:56:26] <nareshov> that was the problem
[2010/06/16 21:56:34] <nareshov> i had the include in the main glusterfs class before
[2010/06/16 21:56:50] <nareshov> i removed it and made ::files inherit the glusterfs one
[2010/06/16 21:56:54] <chadh> oh, and then you switched to inheritance
[2010/06/16 21:56:58] <nareshov> ya
[2010/06/16 21:57:11] <nareshov> can i have inheritance + include at the same tie
[2010/06/16 21:57:51] <nareshov> it works now
[2010/06/16 21:58:19] <chadh> well, the idea is that you just include the class that inherits. You can mix inheritance and includes, but I don't know about with the same classes :) Seems ... incestuous
[2010/06/16 21:58:27] <nareshov> :D
[2010/06/16 22:00:00] @ wilmoore_ joined channel #puppet
[2010/06/16 22:00:08] @ allsystemsarego joined channel #puppet
[2010/06/16 22:00:32] @ Quit: pting: Quit: Ex-Chat
[2010/06/16 22:03:22] @ Quit: wilmoore: Ping timeout: 252 seconds
[2010/06/16 22:04:53] @ Quit: flooose: Ping timeout: 260 seconds
[2010/06/16 22:06:38] @ Quit: Diranged: Ping timeout: 260 seconds
[2010/06/16 22:07:58] @ kc7zzv joined channel #puppet
[2010/06/16 22:10:33] @ Quit: gebi: Read error: Operation timed out
[2010/06/16 22:16:23] @ johnf joined channel #puppet
[2010/06/16 22:17:41] @ nexx joined channel #puppet
[2010/06/16 22:24:51] @ Diranged joined channel #puppet
[2010/06/16 22:26:37] @ \ask joined channel #puppet
[2010/06/16 22:27:15] @ Quit: Determinist: Read error: Operation timed out
[2010/06/16 22:27:50] <QtPlatypus> Is there anyway to prevent changes from happening at the same time.
[2010/06/16 22:28:03] @ Determinist joined channel #puppet
[2010/06/16 22:29:03] @ Quit: johnf: Ping timeout: 258 seconds
[2010/06/16 22:29:35] @ Quit: poison: Ping timeout: 240 seconds
[2010/06/16 22:30:00] @ poison joined channel #puppet
[2010/06/16 22:31:15] @ Quit: Edgan: Ping timeout: 260 seconds
[2010/06/16 22:35:56] @ MarkN joined channel #puppet
[2010/06/16 22:35:56] @ Quit: kc7zzv: Read error: Connection reset by peer
[2010/06/16 22:36:05] @ kc7zzv joined channel #puppet
[2010/06/16 22:36:33] @ MarkN left channel #puppet ()
[2010/06/16 22:37:54] <kc7zzv> QtPlatypus: I don't even understand the question.
[2010/06/16 22:40:05] @ bgupta joined channel #puppet
[2010/06/16 22:40:26] <QtPlatypus> kc7zzv: Say I have 3 servers behind a load balancer. I wish to change the configuration of a service on all of them. But I don't wish the service to restart at the same time, I wish to have it staggered. But more then just staggered I wish to be sure that the servers will not restart at the same time.
[2010/06/16 22:42:41] <kc7zzv> QTPlatypus: The only way that I know of is to put the restart in a script that takes care of locking. In general, puppet handles each node independently.
[2010/06/16 22:43:11] <QtPlatypus> Thats what I thought.
[2010/06/16 22:43:23] <kc7zzv> You might be able to handle this in the "pre" ad "post" script.
[2010/06/16 22:43:45] <ohadlevy> kc7zzv: there is a locking type in puppet (not in core) that can do something of that sort
[2010/06/16 22:43:56] <QtPlatypus> pre and post? Can you ref me to documentation?
[2010/06/16 22:44:34] <ohadlevy> QtPlatypus: no - http://github.com/reductivelabs/puppet-external-resource
[2010/06/16 22:44:34] <kc7zzv> QtPlatupus: You can run a command before and after a puppet run.
[2010/06/16 22:46:01] <kc7zzv> Oh. That's a cool resource.
[2010/06/16 22:46:50] @ theriffer joined channel #puppet
[2010/06/16 22:53:23] @ Quit: theriffer: Quit: theriffer
[2010/06/16 22:54:37] @ btipling left channel #puppet ("Closed channel window.")
[2010/06/16 22:55:53] @ KenjiPops joined channel #puppet
[2010/06/16 23:02:44] @ Quit: andrew3: Quit: Leaving.
[2010/06/16 23:04:15] @ Quit: kc7zzv: Ping timeout: 240 seconds
[2010/06/16 23:14:22] @ Quit: Determinist: Remote host closed the connection
[2010/06/16 23:16:48] @ Quit: pinoyskull: Ping timeout: 272 seconds
[2010/06/16 23:24:56] @ shug joined channel #puppet
[2010/06/16 23:33:17] @ flooose joined channel #puppet
[2010/06/16 23:33:38] @ Quit: alban2: Ping timeout: 240 seconds
[2010/06/16 23:36:24] @ Quit: rcrowley: Quit: rcrowley
[2010/06/16 23:36:44] @ pinoyskull joined channel #puppet
[2010/06/16 23:44:25] @ cashe joined channel #puppet
[2010/06/16 23:45:22] @ m1nish joined channel #puppet
[2010/06/16 23:50:13] @ jamesturnbull joined channel #puppet
[2010/06/16 23:50:55] @ sdog joined channel #puppet
[2010/06/16 23:54:16] @ joe-mac joined channel #puppet
[2010/06/16 23:56:33] @ joe-mac left channel #puppet ()
[2010/06/16 23:57:23] @ Quit: \ask: Ping timeout: 265 seconds
[2010/06/16 23:57:41] @ lohapuk joined channel #puppet

Generated by irclog2html.py 2.8 by Marius Gedminas - find it at mg.pov.lt!