Monday, 2010-06-21

[2010/06/21 00:04:15] @ Log started by gepetto
[2010/06/21 00:04:15] @ wilmoore joined channel #puppet
[2010/06/21 00:05:14] @ Quit: wilmoore: Client Quit
[2010/06/21 00:06:18] @ mfournier joined channel #puppet
[2010/06/21 00:09:57] @ giskard joined channel #puppet
[2010/06/21 00:11:34] @ yannL joined channel #puppet
[2010/06/21 00:18:11] @ MattyM joined channel #puppet
[2010/06/21 00:18:15] @ ckauhaus joined channel #puppet
[2010/06/21 00:22:51] @ iranzo joined channel #puppet
[2010/06/21 00:22:57] <iranzo> morning
[2010/06/21 00:23:06] <sking> herro
[2010/06/21 00:25:48] @ Ramonster joined channel #puppet
[2010/06/21 00:27:18] <iranzo> I'm using puppet from EPEL both on EL4 and EL5, and what I would like to archieve is to have client systems to have a certificate that expires 'quickly' so if I reinstall server, clients will discard their certificate and request a new one. On the other side, does server create a new CA when actual one expires?
[2010/06/21 00:27:41] <iranzo> so far I discovered that putting <tab> ca_days makes puppet complain about stack deep :)
[2010/06/21 00:28:13] @ Quit: benoit_: Ping timeout: 260 seconds
[2010/06/21 00:29:36] @ themroc joined channel #puppet
[2010/06/21 00:37:27] @ poison joined channel #puppet
[2010/06/21 00:39:21] @ Quit: rcrowley: Quit: rcrowley
[2010/06/21 00:41:27] @ Quit: pmorillo: Read error: Connection reset by peer
[2010/06/21 00:43:02] @ Quit: Ramonster: Ping timeout: 276 seconds
[2010/06/21 00:45:28] @ shug left channel #puppet ("Leaving")
[2010/06/21 00:45:54] @ Quit: m1nish: Ping timeout: 258 seconds
[2010/06/21 00:50:22] @ pmorillo joined channel #puppet
[2010/06/21 00:53:36] @ jab_doa joined channel #puppet
[2010/06/21 00:57:45] @ spawnyd joined channel #puppet
[2010/06/21 00:58:11] @ verwilst joined channel #puppet
[2010/06/21 00:58:33] @ Quit: ipl31: Ping timeout: 245 seconds
[2010/06/21 00:58:57] @ m1nish joined channel #puppet
[2010/06/21 00:59:30] @ ipl31 joined channel #puppet
[2010/06/21 01:03:47] @ Ramonster joined channel #puppet
[2010/06/21 01:04:34] @ Quit: sking: Quit: Leaving.
[2010/06/21 01:11:25] @ Quit: suchu: Ping timeout: 276 seconds
[2010/06/21 01:11:56] @ Olly__ joined channel #puppet
[2010/06/21 01:13:17] @ Quit: Olly_: Ping timeout: 240 seconds
[2010/06/21 01:14:29] @ alcy joined channel #puppet
[2010/06/21 01:16:48] @ bronto joined channel #puppet
[2010/06/21 01:17:36] @ Quit: cosimo: Quit: leaving
[2010/06/21 01:18:07] @ Quit: \ask: Remote host closed the connection
[2010/06/21 01:18:59] @ \ask joined channel #puppet
[2010/06/21 01:20:03] @ Quit: MattyM: Remote host closed the connection
[2010/06/21 01:20:38] @ alcy left channel #puppet ()
[2010/06/21 01:20:56] @ TREllis joined channel #puppet
[2010/06/21 01:21:41] @ benoit_ joined channel #puppet
[2010/06/21 01:23:17] @ Quit: \ask: Ping timeout: 240 seconds
[2010/06/21 01:23:41] @ mauve joined channel #puppet
[2010/06/21 01:26:33] @ alban2 joined channel #puppet
[2010/06/21 01:30:11] @ \ask joined channel #puppet
[2010/06/21 01:37:50] @ Quit: TREllis: Read error: Operation timed out
[2010/06/21 01:41:56] @ TREllis joined channel #puppet
[2010/06/21 02:06:30] @ floess_chris joined channel #puppet
[2010/06/21 02:13:00] @ joerg joined channel #puppet
[2010/06/21 02:13:01] @ floess_chris is now known as flooose
[2010/06/21 02:13:09] <joerg> Hi everybody.
[2010/06/21 02:13:29] @ joerg is now known as Guest93351
[2010/06/21 02:13:42] @ Guest93351 is now known as joergherzinger
[2010/06/21 02:13:43] @ Quit: flooose: Quit: Ex-Chat
[2010/06/21 02:14:01] <joergherzinger> Does puppetd allow multiple environments?
[2010/06/21 02:15:17] @ flooose joined channel #puppet
[2010/06/21 02:17:03] @ Quit: kolla: Remote host closed the connection
[2010/06/21 02:17:28] @ Quit: jab_doa: Quit: Verlassend
[2010/06/21 02:20:10] <mfournier> joergherzinger: yes there is a --environment option
[2010/06/21 02:21:03] <joergherzinger> Yes, but the man page tells just about ONE environment, but does it actually allow multiple environments?
[2010/06/21 02:24:45] <Dominic> sounds like environments are the wrong tool if you need your server to be in multiple environments. If the manifests overlapped in anyway, you'd need some sort of conflict resolution. It sounds like you should be modelling in a single environment with multiple classes that systems include, instead of multiple environments.
[2010/06/21 02:25:25] <Dominic> environments are better when you have a puppetmaster that's serving your staging systems and your production systems so you can test out manifests on one before migrating to another
[2010/06/21 02:28:10] <joergherzinger> My idea was to use several environments for different systems. Like I do have modules for Ubuntu 9.10 Karmic (installs, purges, corporate_identity...) and now I want "same same but different" for Ubuntu 10.04 Lucid.
[2010/06/21 02:29:27] <joergherzinger> Putting these in different environments, and by that putting the modules in different folders, would make it a lot nicer I think.
[2010/06/21 02:30:40] <Dominic> sounds more risky to me as you could end up with duplication or differences between setups. You'd be better off using different classes per OS config ("include $lsbdistcodename" or something), or using switches based on the OS type
[2010/06/21 02:34:19] <joergherzinger> Yes, I already thought about that.
[2010/06/21 02:35:00] <Dominic> if you're determined, I suppose you could run puppetd multiple times, but it wouldn't detect any conflicts between environments - you could end up with resources flip-flopping between configs
[2010/06/21 02:35:04] @ itguru joined channel #puppet
[2010/06/21 02:36:14] <joergherzinger> Hmm, no, I guess Ill just use includes base on lsbdistcodename... thanks.
[2010/06/21 02:39:45] @ Quit: eric0: Ping timeout: 258 seconds
[2010/06/21 02:40:01] @ eric0 joined channel #puppet
[2010/06/21 03:14:14] <nareshov> how about tags?
[2010/06/21 03:15:49] @ malikai joined channel #puppet
[2010/06/21 03:29:20] @ Djelibeybi joined channel #puppet
[2010/06/21 03:31:53] @ Quit: TREllis: Ping timeout: 245 seconds
[2010/06/21 03:35:07] @ Quit: \ask: Ping timeout: 260 seconds
[2010/06/21 03:38:17] @ TREllis joined channel #puppet
[2010/06/21 03:41:35] @ r3g1ster joined channel #puppet
[2010/06/21 03:42:07] @ Quit: TREllis: Read error: Connection reset by peer
[2010/06/21 03:42:29] @ gebi joined channel #puppet
[2010/06/21 03:46:13] @ bitfield joined channel #puppet
[2010/06/21 03:48:05] @ Quit: r3g1ster: Quit: leaving
[2010/06/21 03:48:45] @ r3g1ster joined channel #puppet
[2010/06/21 03:57:20] @ Quit: siezer: Ping timeout: 265 seconds
[2010/06/21 03:57:33] @ Quit: joergherzinger: Quit: Page closed
[2010/06/21 04:02:15] @ Quit: itguru: Read error: Connection reset by peer
[2010/06/21 04:02:16] @ Quit: QMan: Read error: Connection reset by peer
[2010/06/21 04:03:11] @ QMan joined channel #puppet
[2010/06/21 04:07:29] @ Quit: gebi: Ping timeout: 265 seconds
[2010/06/21 04:17:04] @ TREllis joined channel #puppet
[2010/06/21 04:22:08] @ Quit: alban2: Ping timeout: 260 seconds
[2010/06/21 04:27:50] <r3g1ster> morning
[2010/06/21 04:27:53] @ Quit: Djelibeybi: Quit: Leaving
[2010/06/21 04:28:17] <r3g1ster> how do you call a service from one module - within another module ? eg: notify => Service["tomcat::tomcat5"],
[2010/06/21 04:32:04] <r3g1ster> ah - include it and just call it...
[2010/06/21 04:36:46] @ andrew3 joined channel #puppet
[2010/06/21 04:37:07] @ Quit: elasticdog: Ping timeout: 240 seconds
[2010/06/21 04:39:19] @ Quit: andrew3: Client Quit
[2010/06/21 04:48:50] <r3g1ster> Volcane: you round?
[2010/06/21 04:51:12] @ Pupeno joined channel #puppet
[2010/06/21 04:51:31] <Pupeno> Any ideas why I would get this: err: Could not retrieve catalog: Failed to parse template etc/bacula/bacula-fd.conf.erb: Could not find value for 'fqdn' at /etc/puppet/manifests/classes/bacula.pp:66 on node u4.example.com? facter shows fqdn in that machine.
[2010/06/21 04:55:03] <nareshov> show me line 66
[2010/06/21 04:56:02] <kjetilho> that's not the line number from the template, so probably not interesting
[2010/06/21 04:56:20] <Pupeno> nareshov: content => template("etc/bacula/bacula-fd.conf.erb"),
[2010/06/21 04:56:23] <Pupeno> kjetilho: it's not.
[2010/06/21 04:56:27] <Pupeno> I can paste the whole thing.
[2010/06/21 04:56:36] <kjetilho> is other Puppet code using fqdn successfully?
[2010/06/21 04:56:41] <kjetilho> on that node
[2010/06/21 04:57:19] @ Viper233 joined channel #puppet
[2010/06/21 04:57:50] <Pupeno> The whole thing: http://gist.github.com/446749
[2010/06/21 04:57:58] <Pupeno> kjetilho: I'm not 100%, let me check.
[2010/06/21 04:59:17] <Pupeno> kjetilho: yes.
[2010/06/21 05:01:23] @ Quit: pinoyskull: Quit: Leaving
[2010/06/21 05:03:15] @ ahasenack joined channel #puppet
[2010/06/21 05:03:32] <r3g1ster> when using define in a module - should i declare it in the form: "define modulename::testing" or "define testing" ?
[2010/06/21 05:06:38] @ alban2 joined channel #puppet
[2010/06/21 05:07:43] <Cope> r3g1ster: you don't need the modulename:: in fornt
[2010/06/21 05:07:48] <r3g1ster> ty
[2010/06/21 05:07:52] @ herdingcat joined channel #puppet
[2010/06/21 05:08:00] <Cope> r3g1ster: you should still be able to call it as modulename::define anyway
[2010/06/21 05:08:07] <Cope> if you need to use the define elsehwere
[2010/06/21 05:08:37] <r3g1ster> cos i'm running into a stupid problem - Duplicate definition
[2010/06/21 05:08:52] <r3g1ster> I understand why its happening - just trying to solve it is my problem
[2010/06/21 05:09:50] <kjetilho> Cope: that's only true if you declare the define inside a class
[2010/06/21 05:10:14] <kjetilho> (and the class has the name "modulename")
[2010/06/21 05:10:18] <Cope> kjetilho: obviously... i thought that was implied
[2010/06/21 05:10:34] <kjetilho> not at all.
[2010/06/21 05:10:35] <Cope> but as we all know, explicit is better than implicit
[2010/06/21 05:10:54] <r3g1ster> mine was inside a class
[2010/06/21 05:11:06] <kjetilho> ok, I put many of my defines in separate files
[2010/06/21 05:11:08] <r3g1ster> not sure if it should be - but it is.
[2010/06/21 05:11:09] <Cope> i assumed so from the context of your question
[2010/06/21 05:11:46] <Cope> kjetilho: some people have a set of defines in a helper module, and call them as usefulstuff:mydefine
[2010/06/21 05:11:55] <r3g1ster> so, how can i get around defining an array within a class - which gets called mutlipe times?
[2010/06/21 05:12:16] <Cope> in general the use of classes and namespaces is so prevalent, i tend to assume that's how people are operating
[2010/06/21 05:13:06] <kjetilho> monolithic init.pp files?
[2010/06/21 05:13:13] <Pupeno> I'm getting this for all nodes: warning: Could not find facts for u2.example.com; you probably have a discrepancy between the node and fact names
[2010/06/21 05:13:13] <Cope> r3g1ster: what problem are you trying to solve? tell us about the problem, not your implementation of a solution! it may be that there's an easier way
[2010/06/21 05:13:29] <Pupeno> Any ideas what could it be?
[2010/06/21 05:14:38] @ Quit: S_BS: Ping timeout: 260 seconds
[2010/06/21 05:15:14] @ \ask joined channel #puppet
[2010/06/21 05:15:33] @ S_BS joined channel #puppet
[2010/06/21 05:15:43] <r3g1ster> k - see : http://www.heypasteit.com/clip/KTQ
[2010/06/21 05:16:18] <r3g1ster> if i call that with two different names - it dies cos the $configFileList is already defined.
[2010/06/21 05:16:58] <r3g1ster> should i rather move $$configFileList out of the define and into the class?
[2010/06/21 05:17:07] <kjetilho> yes
[2010/06/21 05:17:41] <r3g1ster> note - thats my first module attempt
[2010/06/21 05:17:54] <r3g1ster> note - thats my first module attempt
[2010/06/21 05:18:50] @ \ask_ joined channel #puppet
[2010/06/21 05:20:17] @ Quit: \ask: Ping timeout: 260 seconds
[2010/06/21 05:30:24] @ Quit: ckdake: Quit: Leaving.
[2010/06/21 05:33:44] @ allsystemsarego joined channel #puppet
[2010/06/21 05:43:13] @ Quit: magnachef_: Ping timeout: 264 seconds
[2010/06/21 05:48:48] @ Quit: bug: Quit: bug
[2010/06/21 05:52:48] @ joe-mac joined channel #puppet
[2010/06/21 06:01:39] @ Quit: nexx: Ping timeout: 248 seconds
[2010/06/21 06:03:05] @ siezer joined channel #puppet
[2010/06/21 06:06:27] @ Quit: yannL: Remote host closed the connection
[2010/06/21 06:12:26] @ nexx joined channel #puppet
[2010/06/21 06:15:01] @ MPSimmons joined channel #puppet
[2010/06/21 06:20:10] @ Quit: \ask_: Ping timeout: 276 seconds
[2010/06/21 06:23:44] @ shenson_gone is now known as shenson
[2010/06/21 06:24:46] @ ninjazjb joined channel #puppet
[2010/06/21 06:25:15] <r3g1ster> if i call that with two different names - it dies cos the $configFileList is already defined.:0
[2010/06/21 06:25:30] <r3g1ster> grr.. didnt meant to paste here
[2010/06/21 06:28:04] @ gebi joined channel #puppet
[2010/06/21 06:30:59] @ kaptk2 joined channel #puppet
[2010/06/21 06:33:47] @ Quit: lwhalen: Quit: Computer has gone to sleep
[2010/06/21 06:34:14] @ avtobiff left channel #puppet ()
[2010/06/21 06:35:25] @ Quit: m1nish: Quit: Leaving
[2010/06/21 06:38:50] @ ActionJax joined channel #puppet
[2010/06/21 06:41:21] <ActionJax> Hey guys, my nodes.pp manifest is starting to get pretty large does anyone have any tips of migrating it to a backend datastore so it's more manageable e.g. Asset Tracker with RT?
[2010/06/21 06:41:52] <fsweetser> ActionJax: take a look at the external nodes interface
[2010/06/21 06:42:19] <fsweetser> basically you point puppetmaster at an external script that, when called with a node name, spits out some yaml definining what classes get assigned to that host
[2010/06/21 06:42:41] <fsweetser> dashboard and foreman are two good examples
[2010/06/21 06:42:59] <ActionJax> fsweetser: Ooooh Tah very much
[2010/06/21 06:44:21] @ jab_doa joined channel #puppet
[2010/06/21 06:44:38] <ActionJax> fsweeter: I thought Dashboard was simply a reporting tool, I'll look further into it.
[2010/06/21 06:46:12] <fsweetser> no prob
[2010/06/21 06:51:34] @ cliff-hm joined channel #puppet
[2010/06/21 06:56:56] @ Quit: fsweetser: Remote host closed the connection
[2010/06/21 06:57:08] @ notbrien joined channel #puppet
[2010/06/21 06:58:49] @ magnachef joined channel #puppet
[2010/06/21 07:01:49] @ Quit: ckauhaus: Quit: Leaving.
[2010/06/21 07:02:12] @ fsweetser joined channel #puppet
[2010/06/21 07:02:14] @ Quit: rmiller4pi8: Quit: Leaving.
[2010/06/21 07:03:48] @ pheezy joined channel #puppet
[2010/06/21 07:11:03] @ Quit: omry: Ping timeout: 245 seconds
[2010/06/21 07:11:51] @ lwhalen joined channel #puppet
[2010/06/21 07:13:19] @ omry joined channel #puppet
[2010/06/21 07:26:32] @ ckauhaus joined channel #puppet
[2010/06/21 07:27:22] @ aran01 joined channel #puppet
[2010/06/21 07:28:24] @ bug joined channel #puppet
[2010/06/21 07:29:24] @ \ask joined channel #puppet
[2010/06/21 07:32:28] <joe-mac> i finished what i think will fix the openbsd provider, but i won't know until i test
[2010/06/21 07:34:44] <joe-mac> openbsd package provider**
[2010/06/21 07:35:49] @ rcrowley joined channel #puppet
[2010/06/21 07:38:07] @ Quit: aran01: Quit: Page closed
[2010/06/21 07:39:09] @ tonyskapunk joined channel #puppet
[2010/06/21 07:42:43] @ rmiller4pi8 joined channel #puppet
[2010/06/21 07:44:02] @ alhoang joined channel #puppet
[2010/06/21 07:44:52] <Olly__> Which user provider does Ubuntu? I suspect it is useradd. Which says that it doesn't managepasswords. What is the best way to add a password for a newly created used?
[2010/06/21 07:44:55] <Olly__> *user
[2010/06/21 07:45:26] <jbooth> If you have ruby-shadow (or libshadow-ruby as I think it is on ubuntu) it'll manage passwords fine.
[2010/06/21 07:47:54] <jbooth> Hey joe-mac, if I sent you the firewall type I had (plus working iptables provider), any interest in writing a pf provider for it?
[2010/06/21 07:48:49] <joe-mac> possibly
[2010/06/21 07:48:51] <Olly__> jbooth, ohh ok. thanks
[2010/06/21 07:56:05] @ Quit: tonyskapunk: Quit: ERC Version 5.3 (IRC client for Emacs)
[2010/06/21 07:56:12] <jbooth> Sounds like "not so much" ;-) I guess I'll have to learn enough bsd to work with it then. Recs on a bsd that has pf and puppet with a minimum amount of pain?
[2010/06/21 07:56:21] @ Quit: rmiller4pi8: Quit: Leaving.
[2010/06/21 07:57:11] @ rmiller4pi8 joined channel #puppet
[2010/06/21 08:02:38] @ Quit: sdog: Quit: Leaving.
[2010/06/21 08:03:15] @ Quit: iranzo: Quit: a casita!
[2010/06/21 08:03:26] @ jhelwig_ joined channel #puppet
[2010/06/21 08:04:28] @ Quit: jhelwig: Ping timeout: 265 seconds
[2010/06/21 08:07:24] @ jhelwig_ is now known as jhelwig
[2010/06/21 08:12:37] @ Quit: ckauhaus: Ping timeout: 276 seconds
[2010/06/21 08:12:37] <joe-mac> jbooth: openbsd is what you want to use
[2010/06/21 08:12:51] <joe-mac> most pf users use that since it's what it's designed for, and the other bsd's that have pf are usually behind
[2010/06/21 08:13:19] <zahna> not behind by much though
[2010/06/21 08:15:47] @ ckauhaus joined channel #puppet
[2010/06/21 08:17:06] @ Quit: blahdeblah: Remote host closed the connection
[2010/06/21 08:17:06] @ artista_frustrad joined channel #puppet
[2010/06/21 08:17:43] @ blahdeblah joined channel #puppet
[2010/06/21 08:18:04] @ ecapriolo joined channel #puppet
[2010/06/21 08:21:13] @ tonyskapunk joined channel #puppet
[2010/06/21 08:21:56] @ Quit: artista_frustrad: Ping timeout: 276 seconds
[2010/06/21 08:22:50] @ Quit: bronto: Ping timeout: 265 seconds
[2010/06/21 08:27:53] <jbooth> Mkay
[2010/06/21 08:27:54] @ blushade joined channel #puppet
[2010/06/21 08:34:07] @ Quit: flooose: Ping timeout: 240 seconds
[2010/06/21 08:40:32] @ Bass10 joined channel #puppet
[2010/06/21 08:41:58] @ Quit: Bass10: Max SendQ exceeded
[2010/06/21 08:42:03] @ Quit: pmorillo: Quit: pmorillo
[2010/06/21 08:42:16] @ Quit: magnachef: Ping timeout: 240 seconds
[2010/06/21 08:42:32] @ Bass10 joined channel #puppet
[2010/06/21 08:43:35] @ Quit: ckauhaus: Quit: Leaving.
[2010/06/21 08:45:17] @ tep joined channel #puppet
[2010/06/21 08:45:17] @ Quit: tep: Changing host
[2010/06/21 08:45:17] @ tep joined channel #puppet
[2010/06/21 08:46:11] <joe-mac> jbooth: sorry dude i am just uber busy
[2010/06/21 08:46:25] <joe-mac> and i feel all out of my head for some reason from the coffee i had this morning, like it was laced with meth
[2010/06/21 08:47:01] @ magnachef_ joined channel #puppet
[2010/06/21 08:47:23] @ Quit: Pupeno: Quit: http://pupeno.com
[2010/06/21 08:47:30] <joe-mac> zahna: freebsd pf is 6 releases old according to its homepage, in openbsd time that's 3 years
[2010/06/21 08:47:56] <joe-mac> NetBSD 4.0 includes PF from OpenBSD 3.7 with patches from the 3.7 branch.
[2010/06/21 08:48:02] <joe-mac> that's so ancient it';s probably barely usable
[2010/06/21 08:48:40] <joe-mac> those are the big three, idk if dragonfly or whatever else there is uses pf at all
[2010/06/21 08:49:59] @ ona_matt joined channel #puppet
[2010/06/21 08:50:10] @ Mick27 joined channel #puppet
[2010/06/21 08:51:40] @ Quit: \ask: Remote host closed the connection
[2010/06/21 08:57:08] @ Alleskapot joined channel #puppet
[2010/06/21 09:00:27] @ Quit: herdingcat: Ping timeout: 240 seconds
[2010/06/21 09:00:33] <spawnyd> I have to do "puppetd --test" 5 times to get an initial sync. 3 times to get a cert request to a puppetmaster and 2 times to start a sync.
[2010/06/21 09:00:45] <spawnyd> Any idea why? http://pastie.org/1013744
[2010/06/21 09:00:51] @ Quit: giskard: Remote host closed the connection
[2010/06/21 09:04:38] <bitfield> spawnyd: it's this 'Could not write /etc/puppet/ssl/private_keys/aclient.campus.fu-berlin.de.pem to privatekeydir: Invalid argument' stuff that looks a bit ropey
[2010/06/21 09:05:09] <joe-mac> hmm do all my nodes also need preservefqdn turned on?
[2010/06/21 09:05:27] @ alfism joined channel #puppet
[2010/06/21 09:05:58] @ Quit: Ramonster: Quit: So long, thanx for all the fish
[2010/06/21 09:06:53] @ shug joined channel #puppet
[2010/06/21 09:06:54] @ Quit: ActionJax: Remote host closed the connection
[2010/06/21 09:07:15] <spawnyd> bitfield: do you think that the other "Invalid argument" messages are the same bug/problem?
[2010/06/21 09:07:25] <bitfield> joe-mac: what version rsyslog is it?
[2010/06/21 09:07:29] <bitfield> spawnyd: yes, i do :)
[2010/06/21 09:07:35] <bitfield> permissions?
[2010/06/21 09:07:53] <joe-mac> varying versiosn bitfield, most nodes are on like 1.19 or something ancient, the master is on 4 something
[2010/06/21 09:08:01] <joe-mac> a couple nodes are also on 4 something
[2010/06/21 09:08:19] <bitfield> joe-mac: ah that might explain it, there was a bug fix in 4.1.4 relating to preservefqdn
[2010/06/21 09:08:40] <joe-mac> 4.2.0-2ubuntu8
[2010/06/21 09:08:45] <joe-mac> maybe the bug is in the nodes
[2010/06/21 09:09:20] <bitfield> according to the changelog: "fix for the $PreserveFQDN config directive, which did not properly affect locally emitted messages", so that sounds like the nodes weren't sending the fqdn properly
[2010/06/21 09:09:23] @ Quit: magnachef_: Ping timeout: 248 seconds
[2010/06/21 09:09:58] <joe-mac> hm
[2010/06/21 09:10:00] <joe-mac> this sucks
[2010/06/21 09:10:55] <spawnyd> bitfield: the permissions should not be an issue, because this is a mac and I have to run puppetd as root.
[2010/06/21 09:11:14] @ alexs_ joined channel #puppet
[2010/06/21 09:12:23] <joe-mac> maybe you can't do -c 1 (version 1 compat) and have fqdn's
[2010/06/21 09:12:31] <joe-mac> idk, going to the other office
[2010/06/21 09:12:34] @ joe-mac left channel #puppet ()
[2010/06/21 09:13:02] <bitfield> spawnyd: what does puppet think your 'privatekeydir' is?
[2010/06/21 09:13:23] @ themroc is now known as themroc_pala
[2010/06/21 09:14:41] <bitfield> try 'puppetd —genconfig'
[2010/06/21 09:14:59] <bitfield> and stand well back
[2010/06/21 09:15:40] <spawnyd> bitfield: /etc/puppet/ssl/private
[2010/06/21 09:16:00] <spawnyd> should be ok that's on all my clients
[2010/06/21 09:16:38] <bitfield> well the first time you ran puppet after you deleted /etc/puppet, that directory won't be there
[2010/06/21 09:16:51] <bitfield> but it should create it after that… or does it
[2010/06/21 09:17:31] <r3g1ster> if an array is defined within a class - should i be able to use it within a define in the same class?
[2010/06/21 09:17:34] <spawnyd> yes puppet creates it
[2010/06/21 09:18:55] <spawnyd> bitfield: the odd thing is that I just do the command 3 times and after that the cert request hits the master...
[2010/06/21 09:20:30] <bitfield> spawnyd: have you tried reinstalling before you run it for the first time? where are you installing it from?
[2010/06/21 09:20:58] <bitfield> r3g1ster: you might want to qualify it with the class name, i'm not sure. like myclass::myarray
[2010/06/21 09:22:00] @ Pupeno joined channel #puppet
[2010/06/21 09:22:21] <spawnyd> bitfield: We use a plain image and install the last facter and puppet 0.25.4
[2010/06/21 09:22:47] @ Quit: seanos: Ping timeout: 260 seconds
[2010/06/21 09:23:51] @ Quit: verwilst: Quit: Ex-Chat
[2010/06/21 09:25:20] @ sijis joined channel #puppet
[2010/06/21 09:29:47] @ seanos joined channel #puppet
[2010/06/21 09:30:38] @ giskard joined channel #puppet
[2010/06/21 09:30:52] <r3g1ster> thanks bitfield
[2010/06/21 09:32:05] <r3g1ster> bitfield: and when you reference it? $class::array ?
[2010/06/21 09:32:30] <bitfield> r3g1ster: i think so. does that work better?
[2010/06/21 09:32:59] <r3g1ster> mm.. different - throws a different error
[2010/06/21 09:33:08] @ Quit: mauve: Quit: Leaving
[2010/06/21 09:33:09] <bitfield> pastie code and error please?
[2010/06/21 09:33:15] <r3g1ster> k
[2010/06/21 09:34:05] @ Quit: spawnyd: Ping timeout: 276 seconds
[2010/06/21 09:35:03] <r3g1ster> bitfield: http://www.heypasteit.com/clip/KTZ
[2010/06/21 09:37:03] <bitfield> hummm
[2010/06/21 09:37:34] <r3g1ster> bitfield: I know i have to change the way it works slightly, because this breaks if you call it twice
[2010/06/21 09:38:31] @ omry_ joined channel #puppet
[2010/06/21 09:38:49] @ Quit: pting: Quit: Ex-Chat
[2010/06/21 09:39:16] <bitfield> r3g1ster: i think it's all just got a bit muddled. i'd suggest rewriting it without using arrays and defines - just define each file resource separately
[2010/06/21 09:39:32] <bitfield> once that's working, you can try refactoring it to save a little duplication
[2010/06/21 09:39:49] <r3g1ster> yep - ok
[2010/06/21 09:39:56] <r3g1ster> ty
[2010/06/21 09:40:00] <bitfield> np :)
[2010/06/21 09:41:41] @ Quit: omry: Ping timeout: 240 seconds
[2010/06/21 09:44:23] <kuh> hi there :-) I have been seeing 'Too many open files' on puppetd clients. Lsof shows over a hundred of open sockets
[2010/06/21 09:44:34] <kuh> puppetd 4977 root 1020u sock 0,5 149146773 can't identify protoco
[2010/06/21 09:44:55] <kuh> this is happening on centos 5.4 boxes
[2010/06/21 09:45:21] <kuh> has anyone else had that problem?
[2010/06/21 09:45:31] <bitfield> kuh: what version of puppet?
[2010/06/21 09:46:06] <bitfield> and are you using puppet to push out a directory with lots of files in?
[2010/06/21 09:46:23] <kuh> bitfield: 0.25.5
[2010/06/21 09:47:47] <kuh> bitfield: only 18 files managed separately, no directories
[2010/06/21 09:48:47] @ Quit: omry_: Ping timeout: 240 seconds
[2010/06/21 09:49:37] <bitfield> it sounds a lot like http://projects.reductivelabs.com/issues/961
[2010/06/21 09:51:28] @ omry_ joined channel #puppet
[2010/06/21 09:52:10] <bitfield> but 100 sockets isn't very many… you might want to check your file descriptor limits
[2010/06/21 09:52:24] <bitfield> 'sysctl fs.file-max' and 'ulimit -n'
[2010/06/21 09:53:55] <kuh> fs.file-max = 371178, 1024
[2010/06/21 09:54:01] @ bodepd joined channel #puppet
[2010/06/21 09:54:30] <kuh> oops, i wanted to say over a thousand. 1066 to be exact
[2010/06/21 09:54:34] <kuh> =)
[2010/06/21 09:54:38] @ Quit: bodepd: Remote host closed the connection
[2010/06/21 09:54:39] <bitfield> kuh: ah right that would do it :)
[2010/06/21 09:55:09] @ bodepd joined channel #puppet
[2010/06/21 09:55:55] @ Quit: bodepd: Remote host closed the connection
[2010/06/21 09:56:05] @ thekad-afk is now known as thekad
[2010/06/21 09:56:20] @ bodepd joined channel #puppet
[2010/06/21 09:56:51] <bitfield> try increasing the system-wide ulimit in /etc/security/limits.conf
[2010/06/21 09:57:00] @ Quit: bodepd: Remote host closed the connection
[2010/06/21 09:57:31] @ bodepd joined channel #puppet
[2010/06/21 09:57:33] <bitfield> something like
[2010/06/21 09:57:33] <bitfield> * soft nofile 8192
[2010/06/21 09:58:16] <bitfield> if it is trying to use more than 8000 fds then you may have a different problem :)
[2010/06/21 09:58:16] @ Quit: bodepd: Read error: Connection reset by peer
[2010/06/21 09:58:43] @ bodepd joined channel #puppet
[2010/06/21 09:59:28] @ Quit: bodepd: Remote host closed the connection
[2010/06/21 09:59:54] @ bodepd joined channel #puppet
[2010/06/21 09:59:57] <kuh> bitfield: I'll try and see how far it goes :-)
[2010/06/21 10:00:27] @ Quit: omry_: Ping timeout: 240 seconds
[2010/06/21 10:00:33] @ Quit: bodepd: Remote host closed the connection
[2010/06/21 10:01:17] @ bodepd joined channel #puppet
[2010/06/21 10:01:25] @ Pupeno- joined channel #puppet
[2010/06/21 10:04:20] @ Quit: Pupeno: Ping timeout: 265 seconds
[2010/06/21 10:04:20] @ Pupeno- is now known as Pupeno
[2010/06/21 10:04:34] @ Quit: alban2: Ping timeout: 264 seconds
[2010/06/21 10:06:20] @ magnachef joined channel #puppet
[2010/06/21 10:06:24] @ Alagar joined channel #puppet
[2010/06/21 10:09:21] @ joe-mac joined channel #puppet
[2010/06/21 10:09:38] @ Quit: TREllis: Quit: leaving
[2010/06/21 10:11:22] @ Quit: gebi: Ping timeout: 260 seconds
[2010/06/21 10:14:27] @ Quit: Olly__: Quit: This computer has gone to sleep
[2010/06/21 10:18:39] @ omry_ joined channel #puppet
[2010/06/21 10:19:39] @ jaredrhine joined channel #puppet
[2010/06/21 10:21:59] @ sking joined channel #puppet
[2010/06/21 10:27:19] @ sdog joined channel #puppet
[2010/06/21 10:27:40] @ Quit: sdog: Changing host
[2010/06/21 10:27:40] @ sdog joined channel #puppet
[2010/06/21 10:28:15] <dballing> in awesomeness today, the job that is running my background : for i in `cat serverlist` ; do echo $i ; ssh -l root $i 'install_puppet_client.sh' ; done
[2010/06/21 10:28:47] <dballing> got the approval to do it, and before anyone sees some other talk at velocity and decides "no no, derek, you're completely wrong", I'm going to make sure the deed is done :-)
[2010/06/21 10:30:25] @ Quit: mikepea: Quit: mikepea
[2010/06/21 10:31:05] @ weaselkeeper joined channel #puppet
[2010/06/21 10:31:13] @ weaselkeeper left channel #puppet ("Leaving")
[2010/06/21 10:31:14] @ \ask joined channel #puppet
[2010/06/21 10:31:57] @ lak joined channel #puppet
[2010/06/21 10:32:21] <fsweetser> nice
[2010/06/21 10:32:49] <fsweetser> sometimes you just have to take the "yes" and run it with it before management realizes what they just agreed to =)
[2010/06/21 10:33:46] @ flooose joined channel #puppet
[2010/06/21 10:34:31] <Kiloman> is there any way to iterate over array arguments in a definition?
[2010/06/21 10:34:42] <Kiloman> I'm guessing no, but thought I'd ask just in case
[2010/06/21 10:35:04] <Volcane> depends what u want to do
[2010/06/21 10:35:33] <Kiloman> say I've got a definition that execs a mysql command to create a database
[2010/06/21 10:35:44] <Kiloman> and I want to grant permissions on that database as well
[2010/06/21 10:36:01] <Kiloman> I can take user, pass as arguments
[2010/06/21 10:36:21] <Kiloman> but it would be nice if I could take an array for each
[2010/06/21 10:36:29] <Volcane> ah, array of each, thats hard :)
[2010/06/21 10:36:42] <Volcane> array of say user=pass, that would be easier
[2010/06/21 10:36:51] <Kiloman> user => [ user1, user2], pass => [pass1, pass2]
[2010/06/21 10:37:22] <Kiloman> yeah, I was thinking of doing command => template('foo.erb')
[2010/06/21 10:37:53] <Kiloman> and then having the template iterate and build the proper commands
[2010/06/21 10:37:59] <Kiloman> but that seems like a bit of a hack
[2010/06/21 10:38:24] @ adrian_broher joined channel #puppet
[2010/06/21 10:38:29] <Kiloman> how would you do it with an array of user=pass?
[2010/06/21 10:38:39] <Kiloman> I'm not tied to any particular method
[2010/06/21 10:38:44] <Volcane> you'd have a 2nd define that does the grant
[2010/06/21 10:38:53] <Volcane> and in that define you'd split $name by =
[2010/06/21 10:39:23] <Volcane> giving you 2 vars, which you can then use to build the grants
[2010/06/21 10:39:51] <Volcane> would still need some inline_template to gain access to the vars but beats going to a whole template for everything, its not really geat
[2010/06/21 10:39:54] <Volcane> great
[2010/06/21 10:53:39] @ tecto joined channel #puppet
[2010/06/21 10:53:46] @ Quit: magnachef: Ping timeout: 264 seconds
[2010/06/21 10:55:39] @ tecto_ joined channel #puppet
[2010/06/21 10:59:07] @ Quit: mboyd: Quit: Read error: 131 (Connection reset by beer)
[2010/06/21 11:00:43] @ magnachef_ joined channel #puppet
[2010/06/21 11:01:09] @ yakub joined channel #puppet
[2010/06/21 11:03:32] @ artista_frustrad joined channel #puppet
[2010/06/21 11:03:40] @ yannL joined channel #puppet
[2010/06/21 11:05:25] @ Quit: mfournier: Ping timeout: 264 seconds
[2010/06/21 11:06:36] @ mfournier joined channel #puppet
[2010/06/21 11:07:37] @ plathrop-away is now known as plathrop
[2010/06/21 11:07:43] @ Quit: artista_frustrad: Ping timeout: 245 seconds
[2010/06/21 11:11:00] <chadh> how do you tell puppet you don't care about the status of a service? Can you do ensure => undef or something like that?
[2010/06/21 11:11:22] <jbooth> chadh: Just don't define it in the first place?
[2010/06/21 11:11:54] <chadh> jbooth: hmm. I think I must have a Service declaration that stops it. Would undef remove that?
[2010/06/21 11:12:33] <jbooth> Most likely it'd jus spit a error at you.
[2010/06/21 11:12:37] @ LeLutin_ is now known as LeLutin
[2010/06/21 11:12:38] <jbooth> You can't multiply define things.
[2010/06/21 11:12:58] <jbooth> If this is a child class, you might be able to override it, but I'm not sure undef will do what you want. You could test it and see.
[2010/06/21 11:13:04] <chadh> jbooth: I mean, I have a Service[ ensure => stopped ]
[2010/06/21 11:13:52] @ pting joined channel #puppet
[2010/06/21 11:14:28] <chadh> to set that back to the default, I guess it makes sense I could undef it. I'll try it.
[2010/06/21 11:14:55] <chadh> (accidentally killed a bunch of vms the other day when I unset ensure on the xendomains status. doh!
[2010/06/21 11:14:59] <chadh> )
[2010/06/21 11:16:49] <jbooth> sounds like time for a test environment
[2010/06/21 11:21:52] @ artista_frustrad joined channel #puppet
[2010/06/21 11:23:06] @ kolla joined channel #puppet
[2010/06/21 11:24:35] <chadh> jbooth: bah! :)
[2010/06/21 11:25:00] @ Quit: raven: Quit: No Ping reply in 180 seconds.
[2010/06/21 11:25:02] @ raven joined channel #puppet
[2010/06/21 11:26:27] @ Quit: artista_frustrad: Ping timeout: 260 seconds
[2010/06/21 11:27:22] @ Quit: tecto: Quit: tecto
[2010/06/21 11:27:22] @ tecto_ is now known as tecto
[2010/06/21 11:27:31] @ Quit: tecto: Quit: tecto
[2010/06/21 11:35:40] @ Quit: poison: Remote host closed the connection
[2010/06/21 11:41:24] @ toi joined channel #puppet
[2010/06/21 11:43:12] @ tecto joined channel #puppet
[2010/06/21 11:44:43] @ tecto is now known as tecto_work
[2010/06/21 11:45:28] @ Quit: tecto_work: Client Quit
[2010/06/21 11:46:36] @ tecto joined channel #puppet
[2010/06/21 11:46:41] @ Quit: tecto: Client Quit
[2010/06/21 11:46:57] @ tecto joined channel #puppet
[2010/06/21 11:49:34] @ Quit: bodepd: Read error: Connection reset by peer
[2010/06/21 11:51:12] @ lak_ joined channel #puppet
[2010/06/21 11:51:27] @ teyo joined channel #puppet
[2010/06/21 11:51:28] @ Quit: lak: Ping timeout: 245 seconds
[2010/06/21 11:51:28] @ lak_ is now known as lak
[2010/06/21 11:53:47] <hMz> anyone able to comment on the status of issue 3961?
[2010/06/21 11:53:51] <hMz> #3961
[2010/06/21 11:53:51] <gepetto> hMz: #3961 is http://projects.puppetlabs.com/issues/show/3961 "Puppet - Bug #3961: puppetca doesnt generate certificate in $certdir. - Puppet Labs"
[2010/06/21 11:53:51] <hMz> even
[2010/06/21 11:56:49] <joe-mac> hMz: weak, good reason for me not to move to .25.5 heh
[2010/06/21 11:57:03] <joe-mac> i rely on that for server-side cert generation in my svn trunk like you do it looks like
[2010/06/21 11:58:18] @ Quit: flooose: Ping timeout: 260 seconds
[2010/06/21 12:00:53] @ sdog left channel #puppet ()
[2010/06/21 12:01:44] @ zorzar_ joined channel #puppet
[2010/06/21 12:03:29] @ Quit: zorzar: Read error: Operation timed out
[2010/06/21 12:03:30] @ ckauhaus joined channel #puppet
[2010/06/21 12:09:11] @ bodepd joined channel #puppet
[2010/06/21 12:09:11] @ Quit: bodepd: Remote host closed the connection
[2010/06/21 12:09:45] @ bodepd joined channel #puppet
[2010/06/21 12:10:26] @ Quit: bodepd: Remote host closed the connection
[2010/06/21 12:10:55] @ bodepd joined channel #puppet
[2010/06/21 12:11:40] @ Quit: bodepd: Remote host closed the connection
[2010/06/21 12:12:05] @ bodepd joined channel #puppet
[2010/06/21 12:12:42] <_eric> can you depend on a Class?
[2010/06/21 12:12:45] @ Quit: bodepd: Remote host closed the connection
[2010/06/21 12:12:56] <jbooth> _eric: You mean require=> on it? Sure.
[2010/06/21 12:12:59] <_eric> yes
[2010/06/21 12:13:17] @ bodepd joined channel #puppet
[2010/06/21 12:13:54] @ Quit: shug: Quit: Leaving
[2010/06/21 12:14:02] @ Quit: bodepd: Remote host closed the connection
[2010/06/21 12:14:10] @ Quit: jaredrhine: Ping timeout: 272 seconds
[2010/06/21 12:14:27] @ bodepd joined channel #puppet
[2010/06/21 12:15:03] <_eric> neat
[2010/06/21 12:15:13] @ Quit: bodepd: Remote host closed the connection
[2010/06/21 12:15:39] @ bodepd joined channel #puppet
[2010/06/21 12:15:39] <_eric> does that implicitly make a require for all the resources in the class?
[2010/06/21 12:16:18] @ Quit: bodepd: Remote host closed the connection
[2010/06/21 12:16:49] @ bodepd joined channel #puppet
[2010/06/21 12:17:00] <jamesturnbull> hMz: so when did this stop working?
[2010/06/21 12:17:29] @ Quit: bodepd: Remote host closed the connection
[2010/06/21 12:17:40] <jbooth> _eric: Yes
[2010/06/21 12:18:01] @ bodepd joined channel #puppet
[2010/06/21 12:18:17] @ Quit: bodepd: Client Quit
[2010/06/21 12:19:38] @ jaredrhine joined channel #puppet
[2010/06/21 12:20:05] <Hunner> Is there any reason to manage ruby gems through puppet's gem providor instead of through ports? Or the other way around?
[2010/06/21 12:20:13] <Hunner> (in FreeBSD)
[2010/06/21 12:21:05] * bleything tends to prefer using the "canonical" source for gems rather than ports
[2010/06/21 12:21:38] @ Quit: Pupeno: Quit: http://pupeno.com
[2010/06/21 12:21:51] <bleything> I don't want to have to think about whether a port exists for whatever gem I want, at the right version, etc. I'm willing to pay the manual dependency resolution cost in exchange for that.
[2010/06/21 12:23:03] <joe-mac> i would use ports
[2010/06/21 12:23:14] <joe-mac> gem is a turd
[2010/06/21 12:23:28] <joe-mac> an infectious turd
[2010/06/21 12:23:33] * bleything eyeroll
[2010/06/21 12:23:37] <_eric> gem is awesome
[2010/06/21 12:23:47] <Volcane> awesomly shit
[2010/06/21 12:24:32] <Volcane> its awesome only in a way as proof of the stupidity human beings are capable of
[2010/06/21 12:24:45] <_eric> and that it works well
[2010/06/21 12:25:01] <_eric> and doesn't ask you 150 questions when you start it like CPAN
[2010/06/21 12:25:03] <bleything> you know what's really stupid? package management holy wars.
[2010/06/21 12:25:12] @ spawnyd joined channel #puppet
[2010/06/21 12:25:39] <Kiloman> just out of curiosity, has anyone written a package provider for drush yet?
[2010/06/21 12:25:41] <bleything> rubygems gets the job done. maybe it doesn't work the way you want it to.
[2010/06/21 12:25:51] <Volcane> bleything: its not a holy war, gem is a library packager, its not a package manager so you cant even compare
[2010/06/21 12:25:52] <Kiloman> I'm about halfway through one
[2010/06/21 12:26:16] <_eric> though honestly I was happy to see CPAN now asks you if you would just like to go with the defaults and be done with it
[2010/06/21 12:26:40] <bleything> Volcane: I don't think there's any difference. and as soon as your reasoning is "it's shit", then it's a holy war.
[2010/06/21 12:27:09] <Volcane> bleything: no seriously, gems is designed for delivery libraries its not designed for carrying everything an application needs
[2010/06/21 12:27:48] <_eric> what does that even mean?
[2010/06/21 12:28:00] <Volcane> bleything: it doesnt do config files, services, log dirs, bin and sbin files (one only) etc, its a tool for installing ruby libraries
[2010/06/21 12:28:08] @ jasonm joined channel #puppet
[2010/06/21 12:28:21] <Volcane> people do other things with it, but it does them very poorly and if you look at how they do it they basically hack it with a bunch of nasty ruby code
[2010/06/21 12:28:25] <bleything> Volcane: and? what's your point? it's not meant to be a general purpose package manager. it's meant to be a package manager for ruby code
[2010/06/21 12:28:39] <bleything> including full-fledged applications written in ruby.
[2010/06/21 12:28:52] <Volcane> bleything: so my point is, you cant compare them to package managers, so saying i am having a holy war is lame cos u cant even compare the two let alone have a war about it
[2010/06/21 12:29:03] * bleything shrug
[2010/06/21 12:29:04] <bleything> whatever.
[2010/06/21 12:29:11] <Volcane> bleything: nope, it fails as a packager for full applications written even in ruby
[2010/06/21 12:29:16] <tmz> puppet is a full-fledged application in ruby and installing it via gems is a not so hot.
[2010/06/21 12:29:32] <Volcane> tmz: thats cos when puppet start, it creates all the stuff the gem couldnt.
[2010/06/21 12:29:56] <bleything> I would argue that puppet is a specialized case that's not well-suited to gem distribution.
[2010/06/21 12:29:57] <_eric> that statement just demonstraits your lack of understanding of how the gem package works
[2010/06/21 12:30:21] <tmz> Volcane: I'm saying it's not so good. Sure, puppet works around some of the stupidity of gems, but can't fix all of it when it runs.
[2010/06/21 12:30:29] <bleything> it's about picking the right tool for the job. and I completely agree that gem isn't the right tool for many jobs. but saying it's shit because it doesn't work for you is crap.
[2010/06/21 12:31:08] <Volcane> tmz: but i said its bad at installing full apps and your answer is look how great it works for puppet? have you read lukes rants about how poor it works for puppet?
[2010/06/21 12:31:12] @ alban2 joined channel #puppet
[2010/06/21 12:31:27] <bleything> Volcane: re-read what he said. "installing it via gems is not so hot"
[2010/06/21 12:31:28] @ macfly joined channel #puppet
[2010/06/21 12:31:36] <tmz> Volcane: No, my answer wasn't to you, and it was "not so hot" :)
[2010/06/21 12:31:40] <Volcane> oh, doh, i did read wrong sorry :)
[2010/06/21 12:31:44] <tmz> I was trying to aggre with you. ;)
[2010/06/21 12:32:12] <Volcane> the moment u need config files, var dirs etc, gem is just a pile of fail
[2010/06/21 12:32:22] <Volcane> infact even you want a sbin instead of bin its a pile of fail
[2010/06/21 12:32:31] <bleything> Volcane: no argument from me there. it's just not that common that you would need that.
[2010/06/21 12:32:32] @ Quit: ckauhaus: Ping timeout: 272 seconds
[2010/06/21 12:32:42] <Volcane> bleything: full fledged ruby apps would need it
[2010/06/21 12:32:48] <bleything> not necessarily.
[2010/06/21 12:32:53] <Volcane> bleything: ie. almost every ruby app that isnt just a library
[2010/06/21 12:32:58] <jamesturnbull> bleything: actually it fails as a full applicatioh deployer too - Puppet for example has binaries in bin and sbin - gems can't accomodate that
[2010/06/21 12:32:59] <tmz> Unless all you have are rails apps, perhaps. Even then, rails apps dropping everything in one dir is just nasty.
[2010/06/21 12:33:18] <bleything> jamesturnbull: yes, I understand. again... puppet is a good example of a case where gems is not a good distribution method.
[2010/06/21 12:33:40] <Volcane> past that though, running multiple packagers on the same OS really is looking for trouble
[2010/06/21 12:33:47] <bleything> all I'm saying is that rubygems works really well for its intended purpose. and dismissing the entire system as crap because it doesn't work well for those cases outside its intended purpose is ridiculous.
[2010/06/21 12:34:02] <jamesturnbull> bleything: it's not good at deploying configuration files, init scripts, etc that many apps require - it MIGHT deploy a Rails okay but I doubt it
[2010/06/21 12:34:08] <_eric> I've found that ports is a pile of shit when it comes to managing Windows packages
[2010/06/21 12:34:11] <bleything> jamesturnbull: no, rails apps suck as gems, too.
[2010/06/21 12:34:18] <Volcane> _eric: lol
[2010/06/21 12:34:37] <_eric> what a bunch of crap!
[2010/06/21 12:34:50] <_eric> I mean! Windows! Everyone uses it!
[2010/06/21 12:34:54] <Volcane> in the context of any packaged distribution using gems/eggs/cpan packages on them all bad
[2010/06/21 12:35:14] <jamesturnbull> bleything: the issue is that a lot of the Ruby community state: "Gems work for me - suck it up"
[2010/06/21 12:35:35] <bleything> jamesturnbull: yeah. that's the equally ridiculous flipside of the argument, and it annoys me to no end.
[2010/06/21 12:35:54] <_eric> actually, the biggest response is: If you have a problem with it, please provide a fix (code) instead of bitching about it
[2010/06/21 12:35:59] <jamesturnbull> bleything: so if you're serious about deploying software you bypass gems entirely and use something viable
[2010/06/21 12:36:00] <bleything> jamesturnbull: gems do work for me... but I don't try to make them do anything they're not supposed to.
[2010/06/21 12:36:07] <bleything> jamesturnbull: that's crap.
[2010/06/21 12:36:13] <Volcane> _eric: i happily package my gems into native packages, there, fixed.
[2010/06/21 12:36:34] <bleything> jamesturnbull: the original question that sparked all of this was "why should I use ports instead of rubygems". to install ruby libraries, I don't see any reason to.
[2010/06/21 12:36:36] <_eric> volcane- I was responding to jamesturnbull's statement
[2010/06/21 12:36:47] @ plathrop is now known as plathrop-away
[2010/06/21 12:36:58] <jamesturnbull> eric0: so the bin/sbin bug has been open since 2006
[2010/06/21 12:37:09] <_eric> and you provided a patch that was rejected?
[2010/06/21 12:37:13] <Volcane> bleything: you should use your OS package manager cos the moment someone install a port that has a dependency on some gem that is packaged the 2 will start fighting
[2010/06/21 12:37:40] <_eric> opening a bug is not the same thing as providing the code to fix it
[2010/06/21 12:37:57] <Volcane> bleything: very few OS get it right that you can install packaged gems/cpan/etc along side ones installed by those tools unless you install into say ~/.gem
[2010/06/21 12:37:59] <jamesturnbull> _eric: nope ... I basically highlighted the issue and moved on - I can work around it - but that fact that it was basically ignored tells me about the users of gems
[2010/06/21 12:38:03] <_eric> clearly there has been no one who can code who feels strongly enough about the problem to provide the fix
[2010/06/21 12:38:15] <bleything> Volcane: are you sure about that? that has not been my experience. if a gem is already installed and ports wants to install it too, it just notes that it's there and moves on.
[2010/06/21 12:38:40] <Volcane> bleything: interesting, things must have improved since i last looked at freebsd + ruby
[2010/06/21 12:38:50] * bleything sighs
[2010/06/21 12:39:07] <bleything> yeah, it's not quite to bsdpan level, but it's pretty nice.
[2010/06/21 12:39:18] <Volcane> bleything: if it does that then i guess there isnt much to loose eitherway, not the case in say redhat/debian/ubuntu
[2010/06/21 12:39:20] <jamesturnbull> Volcane: bleything's right I think from last time I played with the ports providers
[2010/06/21 12:39:43] <bleything> I'm sorry. I guess I assumed that we all understood that about how ports worked before we started arguing about it.
[2010/06/21 12:40:04] <_eric> it's easier to just make bold statements, clearly
[2010/06/21 12:40:26] <jamesturnbull> _eric: I stand by my views on gems
[2010/06/21 12:40:31] * Volcane too
[2010/06/21 12:40:35] <bleything> all that aside, this is another reason why I really like freebsd :)
[2010/06/21 12:40:50] * jamesturnbull isn't a BSD user and has no strong opinions either way on it
[2010/06/21 12:40:58] <lisa> what is the minimum ruby version required for puppet ?
[2010/06/21 12:40:58] <jamesturnbull> or bold statements
[2010/06/21 12:41:06] <jamesturnbull> lisa: 1..1
[2010/06/21 12:41:16] <jamesturnbull> lisa: 1.8.1 even :)
[2010/06/21 12:41:18] <lisa> ah!
[2010/06/21 12:41:33] <jamesturnbull> lisa: we support bac kto RHEL4 which runs Ruby 1.8.1
[2010/06/21 12:41:35] <lisa> so even on ancient 1.8.2 it'll work?
[2010/06/21 12:41:37] <lisa> \o/
[2010/06/21 12:41:57] @ plathrop-away is now known as plathrop
[2010/06/21 12:41:58] <jamesturnbull> lisa: should do ... but there might be surprises on older Puppet code and older Ruby versions
[2010/06/21 12:42:06] <lisa> i have two ubuntu 6.06.2 installs.
[2010/06/21 12:42:19] <lisa> i intend to run the most recent puppet on them, if possible
[2010/06/21 12:42:54] <jamesturnbull> lisa: yeah easy to backport Puppet
[2010/06/21 12:43:23] <lisa> horray
[2010/06/21 12:44:28] @ bweiss joined channel #puppet
[2010/06/21 12:45:08] @ mboyd joined channel #puppet
[2010/06/21 12:45:20] <bweiss> hi folks. I'm wondering if I'm relying on accidental behavior here
[2010/06/21 12:45:35] <bweiss> In some class X, I do "include y" "include z" etc
[2010/06/21 12:46:22] @ fbe joined channel #puppet
[2010/06/21 12:46:22] <bweiss> I see some strange behavior in those included classes, and I'm wondering if I should stop that :)
[2010/06/21 12:46:34] @ Quit: fbe: Client Quit
[2010/06/21 12:46:38] @ fbe joined channel #puppet
[2010/06/21 12:47:05] @ Quit: lak: Quit: lak
[2010/06/21 12:47:05] @ Quit: macfly: Read error: Connection reset by peer
[2010/06/21 12:47:08] @ macfly joined channel #puppet
[2010/06/21 12:47:58] <bweiss> hm. no, the puppet book talks about including classes in classes
[2010/06/21 12:48:52] @ Quit: magnachef_: Ping timeout: 260 seconds
[2010/06/21 12:48:54] <jamesturnbull> bweiss: don't trust me I am very unreliable
[2010/06/21 12:49:01] <bweiss> oh, ok
[2010/06/21 12:49:05] <bweiss> :)
[2010/06/21 12:49:07] <jamesturnbull> bweiss: what;s "strange things"? :)
[2010/06/21 12:49:13] <bweiss> I guess I should be more clear about what I'm seeing
[2010/06/21 12:49:23] <spawnyd> bweiss: I do it without a pain in my pkg management class.
[2010/06/21 12:49:25] <bweiss> I have an "oracle" class that contains, among other things, a file
[2010/06/21 12:49:50] <chadh> bweiss: just don't assume any ordering, unless you explicitly define it
[2010/06/21 12:50:00] <bweiss> and a "foobar" class that starts with "include oracle"
[2010/06/21 12:50:08] <bweiss> on the server, I make a change to the source file of that oracle file
[2010/06/21 12:50:18] <bweiss> re-run puppet (puppetd --test) on my client
[2010/06/21 12:50:25] <bweiss> and it doesn't pick up the change to the file
[2010/06/21 12:50:47] <bweiss> it installed the file when I ran puppet the first time
[2010/06/21 12:51:15] <bweiss> heck, I even remove the file on the client and run puppet, it doesn't put the file back
[2010/06/21 12:51:27] * jamesturnbull brb
[2010/06/21 12:51:30] <bweiss> but if I change the node config to explicitly include oracle, then it works as expected
[2010/06/21 12:51:47] <chadh> bweiss: what is the source of the file?
[2010/06/21 12:52:12] <bweiss> source => "puppet:///modules/oracle/tnsnames.ora",
[2010/06/21 12:54:02] <chadh> bweiss: I don't think there is anything wrong with what you are trying to do. Maybe boil it down to a simpler scenario to test it? When you run with --test, can you see the File resource being referenced?
[2010/06/21 12:54:30] <bweiss> well, before I changed the node config, I was getting this
[2010/06/21 12:54:31] <bweiss> [root@queen ~]# puppetd --test
[2010/06/21 12:54:37] <bweiss> info: Caching catalog for queen.(domain)
[2010/06/21 12:54:41] <bweiss> info: Applying configuration version '1276898327'
[2010/06/21 12:54:41] <bweiss> notice: Finished catalog run in 0.05 seconds
[2010/06/21 12:54:56] <bweiss> even after I deleted the file
[2010/06/21 12:55:10] <bweiss> I tried with --ignorecache, same result
[2010/06/21 12:55:19] <bweiss> [root@queen ~]# puppetd --test --ignorecache
[2010/06/21 12:55:21] <bweiss> info: Caching catalog for queen.(domain)
[2010/06/21 12:55:24] <bweiss> info: Applying configuration version '1277148776'
[2010/06/21 12:55:25] <bweiss> notice: Finished catalog run in 0.04 seconds
[2010/06/21 12:55:35] <chadh> (I'm pretty sure --test implies --ignorecache)
[2010/06/21 12:55:48] <bweiss> yeah, I thought so too, but I wanted to double check
[2010/06/21 12:55:50] <chadh> How about with --debug
[2010/06/21 12:56:43] <bweiss> ok
[2010/06/21 12:56:54] <bweiss> I took "include oracle" out of the client config
[2010/06/21 12:57:06] <bweiss> but left in "include foobar", which contains an "include oracle"
[2010/06/21 12:57:17] @ Quit: fbe: Ping timeout: 240 seconds
[2010/06/21 12:57:45] <bweiss> --debug adds a bunch of content about /var/lib/puppet and about certificates, but nothing about files
[2010/06/21 12:58:10] <bweiss> if I put the "include oracle" back in, I see it checking the version of the oracle RPMs (which is also in my oracle class)
[2010/06/21 12:59:40] <chadh> yeah, debug should show lots of stuff about all the resources that are being applied
[2010/06/21 12:59:47] @ Quit: benoit_: Ping timeout: 260 seconds
[2010/06/21 13:00:06] @ ckauhaus joined channel #puppet
[2010/06/21 13:00:11] <chadh> what does the class that includes oracle look like?
[2010/06/21 13:00:18] <chadh> "foobar"
[2010/06/21 13:01:02] <chadh> pwd
[2010/06/21 13:01:43] <bweiss> brb
[2010/06/21 13:01:49] <lyric> just getting started with puppet, my manifest runs fine when using puppet (stand alone), but nothing seems to happen when connect to master
[2010/06/21 13:01:50] @ TREllis joined channel #puppet
[2010/06/21 13:02:23] <lyric> the master says compiled for.... and the client said says applied version ...
[2010/06/21 13:02:30] <chadh> lyric: you have a node file for the host, or just using default?
[2010/06/21 13:02:41] <lyric> node file
[2010/06/21 13:03:00] <chadh> you are using puppetd --test --debug ?
[2010/06/21 13:03:13] <lyric> on the client I tried puppet --noop manifests/nodes.pp
[2010/06/21 13:03:17] <lyric> and it worked
[2010/06/21 13:04:06] <lyric> tried puppetd and it said compiled ....applied version x but not picking up changes
[2010/06/21 13:04:36] <chadh> and --test --debug doesn't shed any light? You should be able to see which resources were applied
[2010/06/21 13:05:20] <lyric> puppetd --verbose --noop --test just says finished catalog in ... looks happy
[2010/06/21 13:06:03] <chadh> if --debug doesn't show any resources being applied , then it is likely that the master is not applying your node's configuration
[2010/06/21 13:06:03] <lyric> it seems like it is not applying anything
[2010/06/21 13:06:08] <chadh> right.
[2010/06/21 13:06:12] <jbooth> What's puppetmaster logging to syslog or messages about compiled configuration?
[2010/06/21 13:06:14] <chadh> What is in your nodes.pp file
[2010/06/21 13:08:48] @ Quit: cliff-hm: Ping timeout: 258 seconds
[2010/06/21 13:09:21] <lyric> @chadh http://pastie.org/1014143
[2010/06/21 13:09:36] <lyric> not much
[2010/06/21 13:10:15] @ Quit: Alleskapot: Quit: Leaving
[2010/06/21 13:10:22] @ fbe joined channel #puppet
[2010/06/21 13:12:53] <bweiss> chadh: sorry about that
[2010/06/21 13:12:57] @ Quit: Alagar: Quit: Leaving.
[2010/06/21 13:13:02] <bweiss> my class foobar looks like:
[2010/06/21 13:13:13] <bweiss> class foobar {
[2010/06/21 13:13:17] <bweiss> case $is_virtual {
[2010/06/21 13:13:30] <bweiss> false: { include foobar::physical }
[2010/06/21 13:13:35] <plathrop> bweiss: use a paste service, please
[2010/06/21 13:13:38] <bweiss> ok
[2010/06/21 13:14:00] <plathrop> thanks!
[2010/06/21 13:14:07] <bweiss> sorry about that :)
[2010/06/21 13:14:30] @ Quit: toi: Quit: Ex-Chat
[2010/06/21 13:15:11] <bweiss> http://pastie.org/private/llbfhfe5ypbrx38inhpyng
[2010/06/21 13:15:39] <bweiss> there's some context removed from there. If you need it, let me know?
[2010/06/21 13:17:41] @ Alagar joined channel #puppet
[2010/06/21 13:17:41] @ Quit: Alagar: Excess Flood
[2010/06/21 13:18:43] <chadh> bweiss: I do similar all over the place. I wonder if $is_virtual has a valid value. Maybe I'm just paranoid, but I always put a fall-through in my case statements
[2010/06/21 13:19:00] <bweiss> hm
[2010/06/21 13:19:02] <bweiss> I suppose
[2010/06/21 13:19:09] <bweiss> but, why would it have installed that junk in the first place?
[2010/06/21 13:21:06] <bweiss> [root@queen ~]# facter --puppet \| grep is_virtual
[2010/06/21 13:21:07] <bweiss> is_virtual => false
[2010/06/21 13:21:10] <bweiss> that... looks right?
[2010/06/21 13:22:19] @ Alagar joined channel #puppet
[2010/06/21 13:22:19] @ Quit: Alagar: Excess Flood
[2010/06/21 13:22:21] <chadh> seems right to me. just seen to many run-time insanity. afaict the code in your pastie looks fine
[2010/06/21 13:22:25] <bweiss> ok
[2010/06/21 13:22:31] <bweiss> well, I can replace that with an if
[2010/06/21 13:22:36] <bweiss> and that'll help if that's the problem
[2010/06/21 13:22:37] <bweiss> I think
[2010/06/21 13:22:39] @ magnachef joined channel #puppet
[2010/06/21 13:23:28] <chadh> I was suggesting you use an "err" or something like that. You really don't want to continue if your assumptions are that far off :)
[2010/06/21 13:23:54] <bweiss> hm
[2010/06/21 13:24:01] <bweiss> I changed it to if $is_virtual {}
[2010/06/21 13:24:06] <bweiss> and it seems to have worked
[2010/06/21 13:24:30] <bweiss> it now notices when I change things
[2010/06/21 13:24:32] <bweiss> hrm
[2010/06/21 13:26:03] <chadh> maybe $is_virtual is treated as a string in a case statement? so you need "true" and "false" ?
[2010/06/21 13:26:36] <jbooth> A fallthrough in cases that outputs what you're testing is always a good bet.
[2010/06/21 13:26:43] <jbooth> And yes, I think you need to quote true and false.
[2010/06/21 13:26:45] * bweiss nods
[2010/06/21 13:26:47] <bweiss> really
[2010/06/21 13:26:52] <jbooth> There are some strange ruby<=>puppet DSL interactions
[2010/06/21 13:26:58] <bweiss> if you look at http://docs.reductivelabs.com/guides/more_language.html#case_statement
[2010/06/21 13:27:12] <jbooth> In particular, integer 0 is a "true" value to ruby.
[2010/06/21 13:27:13] <bweiss> I see that you don't quote things like the hostname, or the operatingsystem ($operatingsystem)
[2010/06/21 13:27:20] <bweiss> but maybe I need to quote true and false?
[2010/06/21 13:27:24] <chadh> bweiss: that's laziness
[2010/06/21 13:27:35] <chadh> but true and false are reserved words
[2010/06/21 13:28:16] <bweiss> ew
[2010/06/21 13:28:22] <bweiss> well, ok
[2010/06/21 13:28:23] <bweiss> I can do that
[2010/06/21 13:29:03] <bweiss> but, will my if work correctly?
[2010/06/21 13:29:13] <bweiss> I assume it internally can do the right thing on true/false
[2010/06/21 13:29:22] <chadh> #3704 seems related
[2010/06/21 13:29:22] <gepetto> chadh: #3704 is http://projects.puppetlabs.com/issues/show/3704 "Facter - Bug #3704: Facter doesn't return booleans (converts them to strings instead) - Puppet Labs"
[2010/06/21 13:29:37] <bweiss> doh
[2010/06/21 13:29:54] <chadh> bweiss: yeah, I think if will take 1, "true", true, etc. and regard them as true.
[2010/06/21 13:32:10] <bweiss> bummer
[2010/06/21 13:32:14] <bweiss> well, thans
[2010/06/21 13:32:15] @ Quit: nahamu: Ping timeout: 240 seconds
[2010/06/21 13:32:15] <bweiss> *thanks
[2010/06/21 13:33:43] @ nahamu joined channel #puppet
[2010/06/21 13:36:37] @ Quit: ckauhaus: Quit: Leaving.
[2010/06/21 13:38:29] @ Quit: mfournier: Ping timeout: 276 seconds
[2010/06/21 13:44:06] <dan__t> So what's the best way to stop applying a catalog? fail() ?
[2010/06/21 13:44:14] <dan__t> I just want puppet to stop. There's something wrong. etc etc
[2010/06/21 13:45:17] <nico> ctrl-c
[2010/06/21 13:45:27] * nico whistle
[2010/06/21 13:45:29] <dan__t> haha
[2010/06/21 13:45:42] @ poison joined channel #puppet
[2010/06/21 13:46:09] <nico> I never use this kind of feature
[2010/06/21 13:46:29] <dan__t> Just don't want to conflicting classes to both be defined.
[2010/06/21 13:47:47] <nico> hum, like ?
[2010/06/21 13:50:13] @ Quit: magnachef: Ping timeout: 245 seconds
[2010/06/21 13:50:47] @ Quit: blahdeblah: Quit: Leaving.
[2010/06/21 13:50:52] @ Quit: Mick27: Quit: Leaving
[2010/06/21 13:54:01] <dan__t> like two diff postfix configurations
[2010/06/21 13:54:23] <nico> ho
[2010/06/21 13:56:01] <nico> can't you do something like per host config file ?
[2010/06/21 13:57:30] @ lak joined channel #puppet
[2010/06/21 13:57:36] @ bweiss left channel #puppet ()
[2010/06/21 13:58:24] <dan__t> no
[2010/06/21 13:58:25] @ gebi joined channel #puppet
[2010/06/21 14:04:45] @ Quit: alban2: Read error: Connection reset by peer
[2010/06/21 14:04:48] @ alban2 joined channel #puppet
[2010/06/21 14:05:16] @ Quit: spawnyd: Quit: leaving
[2010/06/21 14:05:18] @ docelic_ joined channel #puppet
[2010/06/21 14:06:12] <jbooth> dan__t: I fail(). Preferably with a useful error message.
[2010/06/21 14:06:43] <dan__t> That's wht I did, seems to work great.
[2010/06/21 14:07:03] <dan__t> if (defined(Class["postfix::conflictingclass"])) { fail("Can't do that, bozo!") }
[2010/06/21 14:07:12] @ Quit: Chiku\|dc: Quit: Quitte
[2010/06/21 14:07:27] @ Quit: mattock: Ping timeout: 258 seconds
[2010/06/21 14:08:05] @ Quit: docelic: Ping timeout: 240 seconds
[2010/06/21 14:08:32] <nico> :)
[2010/06/21 14:08:35] <jbooth> It would be nice to have some cleaner syntax for that -- conflicts "other::class", "fail message"
[2010/06/21 14:08:46] <jbooth> I suppose you could defined type and get close to that
[2010/06/21 14:08:54] <jbooth> but it'd be ugly
[2010/06/21 14:10:24] <dan__t> ah well.
[2010/06/21 14:15:10] <plathrop> dan__t: beware! defined() depends on parse order :-(
[2010/06/21 14:15:18] @ Quit: adrian_broher: Quit: Verlassend
[2010/06/21 14:15:53] <jbooth> A good point.
[2010/06/21 14:16:45] <jbooth> You could notify { "one mailer": message => "pick only one!" } in both classes to be exclusive. That should only fail out when you have both included... I think.
[2010/06/21 14:22:48] <dan__t> hmm
[2010/06/21 14:23:44] <dan__t> Forgot about that.
[2010/06/21 14:26:29] @ Quit: lak: Quit: lak
[2010/06/21 14:29:59] @ fredden joined channel #puppet
[2010/06/21 14:30:09] <jbooth> does Ubuntu really not have a well defined and auto-loaded iptables setup? Yuck!
[2010/06/21 14:31:22] <shenson> jbooth: what distro does?
[2010/06/21 14:31:43] <jbooth> RHEL?
[2010/06/21 14:32:00] <jbooth> Ah, there's a package that isn't default. That's easy to fix.
[2010/06/21 14:32:13] <shenson> even RHELs is kinda sparse
[2010/06/21 14:32:21] <jbooth> yes, but it exists.
[2010/06/21 14:32:26] @ Quit: tonyskapunk: Ping timeout: 276 seconds
[2010/06/21 14:32:27] <jbooth> Editing the rules is easy -- I have a type for that
[2010/06/21 14:32:57] <jbooth> I don't want to screw around with adding my own auto-loading code to interfaces...
[2010/06/21 14:33:03] <jbooth> (lest I end up with a full-on interface type)
[2010/06/21 14:33:35] <shenson> I used to use a really nice program on debian/ubuntu
[2010/06/21 14:33:44] <shenson> shorewall comes to mind, but I think that is wrong
[2010/06/21 14:33:52] @ tonyskapunk joined channel #puppet
[2010/06/21 14:37:05] @ Quit: MPSimmons: Quit: Leaving.
[2010/06/21 14:38:53] @ Quit: allsystemsarego: Quit: Leaving
[2010/06/21 14:43:49] <Berge> jbooth: There's iptables-persistent.
[2010/06/21 14:43:58] <jbooth> Berge: Yeah, that's what I installed
[2010/06/21 14:44:01] <Berge> Oh, you noticed. Sorry.
[2010/06/21 14:44:09] <jbooth> It is still lacking the save ability rhel has, which stinks, but...
[2010/06/21 14:44:23] <Berge> It can't take iptables-save output?
[2010/06/21 14:44:39] <jbooth> No, it can. I just can't call 'system iptables-persistant save'
[2010/06/21 14:44:43] <jbooth> like I can on redhat.
[2010/06/21 14:44:50] <Berge> Ah, right.
[2010/06/21 14:45:07] <Berge> Should of course be trivial to write such an utility.
[2010/06/21 14:45:10] <jbooth> Why should I have to know where it wants to stick data? Now if it changes that suddenly my puppet breaks
[2010/06/21 14:45:18] <jbooth> That's bad design on their part.
[2010/06/21 14:45:22] @ lak joined channel #puppet
[2010/06/21 14:45:40] <Berge> jbooth: I'm not sure how you'd like it to work.
[2010/06/21 14:46:01] <Berge> If you want to manage iptables rules with puppet, you'd not want anything else editing them.
[2010/06/21 14:46:25] <jbooth> Actually in my case I do want others to be able to edit them.
[2010/06/21 14:46:32] <jbooth> But I'm an odd edge case.
[2010/06/21 14:46:53] <jbooth> Still that's easy enough; I've got a firewall type that can do essentially line-by-line live iptables rule edits.
[2010/06/21 14:47:48] @ andrew3 joined channel #puppet
[2010/06/21 14:47:51] <Berge> And you just want to save the state across reboots?
[2010/06/21 14:48:16] <jbooth> Yeah. I just added the iptables-save > /etc/iptables/rules as an exec myself, but my point is I shouldn't have to.
[2010/06/21 14:48:25] <jbooth> That means I know internal state of the iptables-persistent package.
[2010/06/21 14:48:31] <jbooth> (ie: where it saves the rules)
[2010/06/21 14:48:40] <Berge> Right.
[2010/06/21 14:49:03] <Berge> I guess there could be a facility for it in Debian or Ubuntu, but it's really a oneliner configuration to ifupdown.
[2010/06/21 14:49:37] <Berge> itpables-save and iptables-restore with a known file name in post-up and post-down.
[2010/06/21 14:49:53] <jbooth> Well, iptables-persist does it via an init script
[2010/06/21 14:49:58] <jbooth> which is fine
[2010/06/21 14:50:01] <Berge> But doesn't save?
[2010/06/21 14:50:07] <Berge> Oh, wait, it does.
[2010/06/21 14:50:13] <jbooth> doesn't look like it to me
[2010/06/21 14:50:26] <Berge> Perhaps not.
[2010/06/21 14:50:29] @ Transformer joined channel #puppet
[2010/06/21 14:50:47] <jbooth> if it does, it isn't in the init script
[2010/06/21 14:50:55] <jbooth> I figured it might auto-save at shutdown, or such.
[2010/06/21 14:51:05] <jbooth> Really that'd be much more 'presistent'
[2010/06/21 14:51:13] <Berge> But still, it's a one-line configuration issue (-:
[2010/06/21 14:51:40] <jbooth> But it still requires me to known the guts of where it loads the rules from, and I shouldn't have to.
[2010/06/21 14:52:52] <Berge> /var/lib/iptables/rules, for instance?
[2010/06/21 14:53:08] @ Quit: nexx: Quit: quit
[2010/06/21 14:53:17] <jbooth> /etc/iptables/rules, in this case.
[2010/06/21 14:53:42] <jbooth> I would have expected /etc/defaults/iptables (since that seems to be the analog to rhel's /etc/sysconfig/)
[2010/06/21 14:53:48] <Berge> /var/lib might be more FHS compliant, but yes (-:
[2010/06/21 14:53:54] @ Quit: bug: Quit: bug
[2010/06/21 14:53:56] @ Quit: Transformer: Excess Flood
[2010/06/21 14:54:09] <jbooth> As is obvious by differing expectations, forcing others to know the internal state... not so hot.
[2010/06/21 14:54:27] @ Quit: ahasenack: Quit: Leaving
[2010/06/21 14:54:29] <Berge> Well, not the internal state as such.
[2010/06/21 14:54:41] <Berge> I see your point, though.
[2010/06/21 14:54:55] @ Quit: lak: Quit: lak
[2010/06/21 14:56:50] <jbooth> the location it saves the data it needs to restore is internal state
[2010/06/21 14:59:53] @ Quit: ecapriolo: Quit: KVIrc Insomnia 4.0.0, revision: 4030, sources date: 20100125, built on: 2010-02-25 23:12:54 UTC http://www.kvirc.net/
[2010/06/21 15:00:04] @ Quit: avocado: Remote host closed the connection
[2010/06/21 15:01:22] @ OpenMedia joined channel #puppet
[2010/06/21 15:01:48] @ jheiss left channel #puppet ()
[2010/06/21 15:02:20] @ Quit: yakub: Quit: leaving
[2010/06/21 15:02:42] @ Quit: rocket: Read error: Operation timed out
[2010/06/21 15:04:11] @ Quit: lwhalen: Ping timeout: 258 seconds
[2010/06/21 15:05:53] @ Quit: giskard: Remote host closed the connection
[2010/06/21 15:08:51] @ Quit: TREllis: Quit: gute nacht
[2010/06/21 15:12:39] @ Quit: \ask: Remote host closed the connection
[2010/06/21 15:12:54] @ Quit: pheezy: Remote host closed the connection
[2010/06/21 15:13:57] <ReinH> bleything: ping
[2010/06/21 15:14:07] <bleything> yes? :D
[2010/06/21 15:14:32] <ReinH> bleything: how's it going in Puppet land for you?
[2010/06/21 15:14:39] <bleything> haven't had much time to explore yet.
[2010/06/21 15:14:44] @ jasonm left channel #puppet ("Leaving")
[2010/06/21 15:14:47] <ReinH> well, enjoy your stay :D
[2010/06/21 15:14:58] <ReinH> the fauna is mostly harmless
[2010/06/21 15:15:00] <bleything> in the midst of a multi-week "fix production" ... situation
[2010/06/21 15:15:05] <ReinH> heh
[2010/06/21 15:15:06] <ReinH> good times
[2010/06/21 15:15:21] <bleything> yeah.
[2010/06/21 15:15:22] <bleything> no.
[2010/06/21 15:16:57] @ rodnet joined channel #puppet
[2010/06/21 15:19:13] @ magnachef joined channel #puppet
[2010/06/21 15:20:11] @ Quit: yannL: Remote host closed the connection
[2010/06/21 15:22:59] @ Quit: notbrien: Quit: notbrien
[2010/06/21 15:24:30] @ Quit: kaptk2: Quit: Leaving.
[2010/06/21 15:25:09] <AngryParsley> does puppet store the log from its last catalog run anywhere besides the syslog?
[2010/06/21 15:25:29] <AngryParsley> it would be nice to quickly check the last run to see how it compares to one right after a change
[2010/06/21 15:25:47] @ Quit: gebi: Ping timeout: 260 seconds
[2010/06/21 15:26:10] @ Quit: stevenjenkins: Ping timeout: 264 seconds
[2010/06/21 15:28:32] <ReinH> AngryParsley: you could look at the reports yaml, I think. Something like Dashboard would allow you to view reports for a given node.
[2010/06/21 15:28:48] <ReinH> AngryParsley: there may be other places logs are stored, but if you're storing reports you can definitely get them there.
[2010/06/21 15:32:10] @ Quit: rmiller4pi8: Ping timeout: 258 seconds
[2010/06/21 15:36:05] <plathrop> AngryParsley: you can configure several different report locations, otherwise, the report yaml.
[2010/06/21 15:38:59] <AngryParsley> what's the path to the report yaml? find doesn't find it in /var/lib/puppet
[2010/06/21 15:39:10] <AngryParsley> and I don't see the path specified anywhere in the docs
[2010/06/21 15:39:21] <AngryParsley> but I only looked for a minute
[2010/06/21 15:40:51] <plathrop> /var/lib/puppet/yaml/node on the puppetmaster
[2010/06/21 15:41:00] <AngryParsley> oh, on the puppet master
[2010/06/21 15:41:13] <AngryParsley> thanks
[2010/06/21 15:41:50] <plathrop> AngryParsley: maybe. I could be wrong actually
[2010/06/21 15:42:06] <AngryParsley> well I was looking on the client
[2010/06/21 15:42:13] <plathrop> AngryParsley: yeah, I was wrong, those are catalogs.
[2010/06/21 15:42:25] <jbartus> is there a best practice for static routes in puppet
[2010/06/21 15:42:43] <jbartus> looks like there's no pre-existing type for it... stuff it in rc.local?
[2010/06/21 15:43:15] <plathrop> AngryParsley: I think you have to have reports=store,log set and then the reports will be on the master under /var/lib/puppet/reports
[2010/06/21 15:43:30] <eric0> plathrop: yaml/node/*.yaml on puppetmaster has facts uploaded from client + classes set by server
[2010/06/21 15:45:21] @ joe-mac left channel #puppet ()
[2010/06/21 15:48:12] @ lak joined channel #puppet
[2010/06/21 15:49:21] @ sijis is now known as sijis_afk
[2010/06/21 15:53:58] @ stanlly joined channel #puppet
[2010/06/21 15:55:00] @ Quit: teyo: Ping timeout: 252 seconds
[2010/06/21 15:55:58] <lyric> is it possible to get the diff from a noop run through the reporting?
[2010/06/21 15:57:34] @ pheezy joined channel #puppet
[2010/06/21 15:58:20] @ Quit: jab_doa: Quit: Verlassend
[2010/06/21 15:59:35] @ Quit: mellen: Ping timeout: 260 seconds
[2010/06/21 16:05:21] @ Quit: pheezy: Remote host closed the connection
[2010/06/21 16:10:50] @ configure_ppt joined channel #puppet
[2010/06/21 16:14:54] @ ezmobius joined channel #puppet
[2010/06/21 16:19:23] @ xuru joined channel #puppet
[2010/06/21 16:19:59] <xuru> howdy, anyone know what this means: puppetd[948]: Reporting failed: end of file reached
[2010/06/21 16:20:21] <xuru> been banging my head on this one for a while now
[2010/06/21 16:24:09] @ Quit: ezmobius: Quit: Leaving...
[2010/06/21 16:24:31] <_eric> is there a way to say I want the same version of kernel-devel as I have kernel?
[2010/06/21 16:24:42] <_eric> when installing a package?
[2010/06/21 16:24:50] <_eric> or do I just have to say what the explicit versions are for both?
[2010/06/21 16:25:25] <agaffney> _eric: without a fact that reports the kernel package version, you'd just have to explicitly specify the version on both
[2010/06/21 16:26:21] <_eric> thanks
[2010/06/21 16:26:26] <xuru> _eric: I believe there is a "kernelrelease" fact
[2010/06/21 16:26:36] <xuru> run facter, and see what it prints out
[2010/06/21 16:28:02] @ quit (okay bye)
[2010/06/21 16:28:48] @ Joined channel #puppet
[2010/06/21 16:28:48] @ Topic is "Dashboard 1.0.0 released: http://bit.ly/cxZUas \| Puppet 0.25.5 released: http://bit.ly/beIuIm \| http://docs.puppetlabs.com \| Bugs & Feature Requests: http://bit.ly/ddjhPk"
[2010/06/21 16:28:48] @ Topic set by jamesturnbull!~jamesturn@pelin.lovedthanlost.net on Mon May 17 18:30:22 -0700 2010
[2010/06/21 16:28:51] <xuru> night
[2010/06/21 16:28:51] @ Mode +cnt by kornbluth.freenode.net
[2010/06/21 16:28:52] @ Quit: xuru: Quit: later!
[2010/06/21 16:29:01] @ stewartl421 joined channel #puppet
[2010/06/21 16:29:45] @ Quit: rcrowley: .net .split
[2010/06/21 16:29:45] @ Quit: bitfield: .net .split
[2010/06/21 16:29:45] @ Quit: msf: .net .split
[2010/06/21 16:29:45] @ Quit: emag: .net .split
[2010/06/21 16:29:45] @ Quit: Hilli: .net .split
[2010/06/21 16:29:46] @ Quit: lyric: .net .split
[2010/06/21 16:29:46] @ Quit: robinbowes: .net .split
[2010/06/21 16:29:46] @ Quit: pkhamre: .net .split
[2010/06/21 16:29:46] @ Quit: AdrianBroher: .net .split
[2010/06/21 16:29:46] @ Quit: hMz: .net .split
[2010/06/21 16:29:46] @ Quit: stahnma: .net .split
[2010/06/21 16:29:46] @ Quit: nimrod10: .net .split
[2010/06/21 16:29:46] @ Quit: husimon: .net .split
[2010/06/21 16:29:46] @ Quit: nicomen: .net .split
[2010/06/21 16:29:47] @ Quit: Dyresen: .net .split
[2010/06/21 16:30:42] @ stahnma_ is now known as stahnma
[2010/06/21 16:32:22] @ nimrod10 joined channel #puppet
[2010/06/21 16:32:35] @ emag joined channel #puppet
[2010/06/21 16:32:56] @ msf joined channel #puppet
[2010/06/21 16:33:08] @ Hilli joined channel #puppet
[2010/06/21 16:34:48] @ Quit: rodnet: Read error: Connection reset by peer
[2010/06/21 16:34:54] @ rodnet joined channel #puppet
[2010/06/21 16:36:27] @ rcrowley joined channel #puppet
[2010/06/21 16:37:52] @ bitfield joined channel #puppet
[2010/06/21 16:37:59] @ artista_frustrad joined channel #puppet
[2010/06/21 16:40:54] @ ricky joined channel #puppet
[2010/06/21 16:42:27] @ Quit: artista_frustrad: Ping timeout: 240 seconds
[2010/06/21 16:43:08] @ Djelibeybi joined channel #puppet
[2010/06/21 16:45:07] @ lyric joined channel #puppet
[2010/06/21 16:45:18] @ husimon joined channel #puppet
[2010/06/21 16:45:27] @ robinbowes joined channel #puppet
[2010/06/21 16:47:05] <ReinH> AngryParsley: reports are stored at /var/lib/puppet/reports/ or $reportdir
[2010/06/21 16:47:12] @ AdrianBroher joined channel #puppet
[2010/06/21 16:47:38] <ReinH> AngryParsley: assuming that you have reporting turned on for clients and that your puppetmaster is using the store processor (which is the default)
[2010/06/21 16:48:11] <ReinH> AngryParsley: more info about configuring reporting is at http://projects.puppetlabs.com/projects/puppet/wiki/Reports_And_Reporting
[2010/06/21 16:48:18] @ tonyskapunk left channel #puppet ("ERC Version 5.3 (IRC client for Emacs)")
[2010/06/21 16:49:49] @ herdingcat joined channel #puppet
[2010/06/21 16:50:51] @ Quit: raven: Read error: Operation timed out
[2010/06/21 16:50:53] @ raven joined channel #puppet
[2010/06/21 16:52:29] @ Quit: sking: Quit: Leaving.
[2010/06/21 16:54:25] @ Quit: lak: Quit: lak
[2010/06/21 16:56:02] @ Quit: raven: Quit: No Ping reply in 180 seconds.
[2010/06/21 16:56:04] @ raven joined channel #puppet
[2010/06/21 17:04:16] @ canllaith joined channel #puppet
[2010/06/21 17:04:31] @ stewartl421 left channel #puppet ()
[2010/06/21 17:04:35] <canllaith> Fancy that. There is a #puppet :)
[2010/06/21 17:04:44] <configure_ppt> hi I have a problem while using puppet , I am trying to configure ubuntu client and cent os server
[2010/06/21 17:04:59] <configure_ppt> and I get the following error "
[2010/06/21 17:05:00] <configure_ppt> err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
[2010/06/21 17:05:00] <configure_ppt> "
[2010/06/21 17:05:04] <Djelibeybi> Hey canllaith
[2010/06/21 17:05:24] <configure_ppt> can any one help me in regard this
[2010/06/21 17:05:35] <canllaith> Hey Djelibeybi :)
[2010/06/21 17:06:14] * canllaith is supposed to be delivering a detailed design document but has gotten sidetracked raiding the office for highlighters so she can draw a puppet cake.
[2010/06/21 17:06:38] <Djelibeybi> canllaith: yes, I saw your tweet. :)
[2010/06/21 17:06:45] <canllaith> :D
[2010/06/21 17:07:00] <canllaith> I now want to make a cupcake template for visio
[2010/06/21 17:13:37] @ sking joined channel #puppet
[2010/06/21 17:19:52] <kgraham> canllaith: is there a reason to think it _isn't_ cert validation?
[2010/06/21 17:20:59] <kgraham> namely, does the DN of the puppetmaster match the name you're specifying via --server?
[2010/06/21 17:21:47] <Djelibeybi> kgraham: I think that should be directed to configure_ppt not canllaith :)
[2010/06/21 17:23:16] @ pkhamre joined channel #puppet
[2010/06/21 17:23:16] @ nicomen joined channel #puppet
[2010/06/21 17:23:16] @ Dyresen joined channel #puppet
[2010/06/21 17:27:15] @ cliff-hm joined channel #puppet
[2010/06/21 17:27:35] <configure_ppt> @kgraham I entered the same DNS name
[2010/06/21 17:28:17] <configure_ppt> but still I get the same error
[2010/06/21 17:36:29] <rohanpm> configure_ppt: are you using plain puppetmasterd, or some other web server?
[2010/06/21 17:36:53] @ Quit: magnachef: Ping timeout: 245 seconds
[2010/06/21 17:37:23] <rohanpm> configure_ppt: I got errors like that, seemingly at random intervals, until I moved away from puppetmasterd to apache + passenger
[2010/06/21 17:44:21] @ Quit: rodnet: Read error: Connection reset by peer
[2010/06/21 17:44:22] @ rodnet_ joined channel #puppet
[2010/06/21 17:48:18] @ Quit: jaredrhine: Quit: Leaving.
[2010/06/21 17:50:10] @ magickal1 joined channel #puppet
[2010/06/21 17:55:03] @ thekad is now known as thekad-afk
[2010/06/21 17:55:07] @ Transformer joined channel #puppet
[2010/06/21 17:58:58] @ Quit: Transformer: Excess Flood
[2010/06/21 18:01:05] @ thekad-afk is now known as thekad
[2010/06/21 18:04:12] @ thekad is now known as thekad-afk
[2010/06/21 18:10:58] @ Quit: zahna: Remote host closed the connection
[2010/06/21 18:11:14] <configure_ppt> @rohanpm may I know what is passenger?
[2010/06/21 18:13:51] <rohanpm> configure_ppt: looks like an apache module to run ruby apps
[2010/06/21 18:15:02] @ Quit: stahnma: Read error: Connection reset by peer
[2010/06/21 18:25:00] @ tjoe joined channel #puppet
[2010/06/21 18:26:57] @ tessier_ left channel #puppet ("Leaving")
[2010/06/21 18:39:04] @ kazoo joined channel #puppet
[2010/06/21 18:44:00] @ Quit: tep: Quit: Leaving.
[2010/06/21 18:44:43] @ magnachef joined channel #puppet
[2010/06/21 18:45:16] @ Quit: kazoo: Excess Flood
[2010/06/21 18:46:32] @ magnachef__ joined channel #puppet
[2010/06/21 18:49:11] @ Quit: magnachef: Ping timeout: 240 seconds
[2010/06/21 18:55:53] @ Quit: herdingcat: Read error: Connection reset by peer
[2010/06/21 18:57:51] @ Quit: Djelibeybi: Quit: This computer has gone to sleep
[2010/06/21 19:02:55] @ Quit: Bass10: Quit: Leaving
[2010/06/21 19:05:12] @ pheezy joined channel #puppet
[2010/06/21 19:06:39] @ ahuman joined channel #puppet
[2010/06/21 19:07:03] @ artista_frustrad joined channel #puppet
[2010/06/21 19:08:53] @ Quit: axisys: Quit: leaving
[2010/06/21 19:09:13] @ axisys joined channel #puppet
[2010/06/21 19:11:52] @ plathrop is now known as plathrop-away
[2010/06/21 19:14:30] @ Quit: pheezy: Remote host closed the connection
[2010/06/21 19:16:06] @ Quit: rodnet_: Read error: Connection reset by peer
[2010/06/21 19:16:07] @ rodnet joined channel #puppet
[2010/06/21 19:16:46] @ jaredrhine joined channel #puppet
[2010/06/21 19:24:42] @ pheezy joined channel #puppet
[2010/06/21 19:44:29] @ lwhalen joined channel #puppet
[2010/06/21 19:45:11] @ mellen joined channel #puppet
[2010/06/21 19:54:36] @ Transformer joined channel #puppet
[2010/06/21 19:56:56] @ Transformer left channel #puppet ()
[2010/06/21 20:00:56] @ hMz joined channel #puppet
[2010/06/21 20:01:21] @ Quit: ceren: Quit: ceren
[2010/06/21 20:06:37] @ Quit: magnachef__: Ping timeout: 264 seconds
[2010/06/21 20:10:38] @ Quit: cliff-hm: Ping timeout: 245 seconds
[2010/06/21 20:11:20] @ herdingcat joined channel #puppet
[2010/06/21 20:14:25] @ tessier joined channel #puppet
[2010/06/21 20:14:28] <tessier> Hello all
[2010/06/21 20:14:36] <tessier> puppetd[23390]: Could not retrieve catalog from remote server: tlsv1 alert decrypt
[2010/06/21 20:14:39] <tessier> error
[2010/06/21 20:14:42] <tessier> What causes this sort of thing?
[2010/06/21 20:15:05] <sking> bad cert most likely
[2010/06/21 20:15:08] <tessier> puppet-server-0.25.4-1.el5 on CentOS 5.4
[2010/06/21 20:16:36] <sking> try regenerating the cert
[2010/06/21 20:17:00] <tessier> On the client? How? Probably not a problem on the server as all of the other clients work ok.
[2010/06/21 20:17:21] <sking> on the server puppetca —clean <fqdn>
[2010/06/21 20:17:26] <sking> on the client puppetd -tv
[2010/06/21 20:17:27] <tessier> Ah, ok.
[2010/06/21 20:17:34] <tessier> Thanks.
[2010/06/21 20:17:38] <sking> np :)
[2010/06/21 20:19:00] @ Transformer joined channel #puppet
[2010/06/21 20:21:54] @ Quit: Transformer: Excess Flood
[2010/06/21 20:27:43] <sking> does anyone know if it is possible to include a specific declaration, say a file, from another class?
[2010/06/21 20:29:40] @ magnachef__ joined channel #puppet
[2010/06/21 20:33:49] <chadh> sking: ?
[2010/06/21 20:33:54] <PhabX> include classname::blah ?
[2010/06/21 20:34:09] <sking> i just want this one file from a class to be applied to a host
[2010/06/21 20:34:11] <chadh> sking: you include classes, not resources, so I don't think so
[2010/06/21 20:34:22] <sking> i tried include classname::file["name"]
[2010/06/21 20:34:27] <sking> ok
[2010/06/21 20:34:34] <chadh> sking: you can put it in its own class and then include it in both
[2010/06/21 20:34:42] <PhabX> sking: you can try putting that file[name] into its own little class and call it
[2010/06/21 20:34:46] <sking> yeah
[2010/06/21 20:34:48] <PhabX> yes like chadh said
[2010/06/21 20:35:03] <sking> that gets cumbersome but seems to be the only way
[2010/06/21 20:35:33] <PhabX> its only two extra lines :)
[2010/06/21 20:35:34] <chadh> sking: there is likely a better way to architect it
[2010/06/21 20:35:44] <chadh> there are also virtual and exported resources that could help
[2010/06/21 20:36:01] <sking> ah, know of any good docs on those?
[2010/06/21 20:36:43] <chadh> sking: the official docs at puppetlabs.org are a good place to start
[2010/06/21 20:37:06] <sking> ive read a lot from there… honestly, they are crappy
[2010/06/21 20:37:06] @ Quit: rodnet: Read error: Connection reset by peer
[2010/06/21 20:37:14] @ rodnet joined channel #puppet
[2010/06/21 20:37:19] <sking> they leave me with more questions than answers
[2010/06/21 20:37:50] <chadh> like most docs, they work better if you know what you are searching for, rather than trying to read from start to finish to learn something
[2010/06/21 20:38:16] <sking> this is true, but i find that to be something these docs even fail at :p
[2010/06/21 20:38:20] <chadh> but there are holes. Fortunately, it's a wiki, so when we find holes, we can fill it in :)
[2010/06/21 20:44:28] @ Quit: pheezy: Remote host closed the connection
[2010/06/21 20:45:04] @ Quit: pting: Quit: Ex-Chat
[2010/06/21 20:54:09] @ magnachef joined channel #puppet
[2010/06/21 20:55:34] @ Quit: jameswhite: Ping timeout: 264 seconds
[2010/06/21 20:56:41] @ Quit: magnachef__: Ping timeout: 265 seconds
[2010/06/21 20:59:31] @ Quit: magnachef: Ping timeout: 260 seconds
[2010/06/21 21:00:13] @ WALoeIII joined channel #puppet
[2010/06/21 21:02:41] @ Quit: PhabX:
[2010/06/21 21:08:47] @ magnachef__ joined channel #puppet
[2010/06/21 21:12:36] <chadh> Man, puppet and dhclient are fighting over ntp.conf
[2010/06/21 21:12:49] <sking> lol
[2010/06/21 21:13:05] <sking> don't puppetize it or stop annoucning the ntp peer in hdcp
[2010/06/21 21:13:55] <chadh> sking: can you explain the ntp peer stuff? I know that if I set that, it will disable the part of dhclient-script that fiddles with ntp.conf, buy I don't know if it will have any other effect
[2010/06/21 21:14:23] @ flooose joined channel #puppet
[2010/06/21 21:14:30] <rohanpm> anyone running multiple puppet instances on a single machine?
[2010/06/21 21:14:38] <rohanpm> e.g. one or more of them inside a chroot.
[2010/06/21 21:14:48] <sking> dhclicent is just applying the options receivd by the dhcp server
[2010/06/21 21:15:13] @ Quit: kgraham: Ping timeout: 245 seconds
[2010/06/21 21:15:35] <chadh> sking: what does being an ntp peer mean?
[2010/06/21 21:15:44] @ lak joined channel #puppet
[2010/06/21 21:15:45] @ Quit: magnachef__: Ping timeout: 240 seconds
[2010/06/21 21:15:49] <sking> an ntp peer is what ntp checks in to to update its time
[2010/06/21 21:17:17] @ kgraham joined channel #puppet
[2010/06/21 21:18:37] <chadh> I guess I am trying to figure out if I should set PEERNTP=no for just a regular host
[2010/06/21 21:19:49] <sking> unless you plan to use DHCP for everything, yes
[2010/06/21 21:21:54] <chadh> sking: I think I see. PEERDNS and PEERNTP are specific to dhclient, and are for toggling exactly this. I thought they might be used in other scripts and have some unexpected side effect
[2010/06/21 21:22:01] @ Quit: AdrianBroher: Read error: Connection reset by peer
[2010/06/21 21:22:23] <chadh> now I have to figure out how to puppetize it, since I don't do any interface stuff yet
[2010/06/21 21:22:49] <sking> just pull the ntp.conf file and put it in puppet
[2010/06/21 21:23:06] @ AdrianBroher joined channel #puppet
[2010/06/21 21:23:51] <chadh> I don't know why the stupid script doesn't modify an included file
[2010/06/21 21:28:01] @ Quit: lak: Quit: lak
[2010/06/21 21:30:13] @ magnachef joined channel #puppet
[2010/06/21 21:53:07] @ rocket joined channel #puppet
[2010/06/21 21:55:47] @ lutter joined channel #puppet
[2010/06/21 21:55:50] @ Quit: lutter: Client Quit
[2010/06/21 21:55:50] @ LinuxCode joined channel #puppet
[2010/06/21 21:59:10] @ Quit: flooose: Ping timeout: 264 seconds
[2010/06/21 22:00:26] @ bodepd joined channel #puppet
[2010/06/21 22:00:57] @ Pupeno joined channel #puppet
[2010/06/21 22:01:29] <Pupeno> I don't have many users or many server, but it's still a hassle to add users by hand. Can puppet help me maintain the users (for people)?
[2010/06/21 22:01:52] <Pupeno> ldap seems like an overkill.
[2010/06/21 22:01:59] <canllaith> I'm probably not the best person to answer this as I"m just a user and not a dev
[2010/06/21 22:02:01] <canllaith> but yes, it sure can
[2010/06/21 22:02:05] <bodepd> yes, check the user resource type.
[2010/06/21 22:02:17] <chadh> Pupeno: it would at least be only one place you have to put them and have them propagated out to your servers
[2010/06/21 22:03:30] <Pupeno> I am concerned about this "This type is mostly built to manage system users, so it is lacking some features useful for managing normal users.". Is anybody using the user resource to maintain users for people? Last time I tried I gave up, but I can't remember why. Will ensure => absent remove it?
[2010/06/21 22:04:02] <sking> im using it for a work around, ensure => absent should remove it
[2010/06/21 22:04:19] <sking> or so says the docs i read today :p
[2010/06/21 22:04:32] @ lak joined channel #puppet
[2010/06/21 22:05:04] @ Quit: S_BS: Ping timeout: 252 seconds
[2010/06/21 22:06:12] <canllaith> I've only used it for simple things like setting up the users required for software installations - for example a 'tomcat' user
[2010/06/21 22:06:24] @ PhabX joined channel #puppet
[2010/06/21 22:06:34] <Pupeno> canllaith: well, that's the goal of the user type... hence my concern.
[2010/06/21 22:06:40] <nevyn> Pupeno: I'm using it for human carbon lifeforms yes
[2010/06/21 22:06:51] <Pupeno> Sounds great then.
[2010/06/21 22:07:22] <nevyn> but I'm using a directory for passwords for those humans.
[2010/06/21 22:07:33] <nevyn> cause I don't want to deal with password management
[2010/06/21 22:08:18] <Pupeno> nevyn: oh, right, passwords. We use ssh to log in, but we would need passwords to sudo. What directory do you use?
[2010/06/21 22:08:21] @ Quit: PhabX: Client Quit
[2010/06/21 22:08:53] <nevyn> Pupeno: whichever one I can access that the users exist in.
[2010/06/21 22:09:33] <nevyn> so it depends
[2010/06/21 22:09:44] @ S_BS joined channel #puppet
[2010/06/21 22:09:53] <nevyn> it might be any of tivoli access manager, Rosetta or Active Directory
[2010/06/21 22:10:03] <nevyn> depending on where in the network the machine is.
[2010/06/21 22:10:44] <nevyn> I use a combined aproach where the users account exists locally
[2010/06/21 22:10:50] <nevyn> but their password is in the directory
[2010/06/21 22:10:58] <nevyn> it's a little bit unusual.
[2010/06/21 22:11:00] @ MattyM joined channel #puppet
[2010/06/21 22:11:06] <nevyn> but it means two things that I see as positive.
[2010/06/21 22:11:21] <nevyn> auditing the machine works the same way as it always has on unix.
[2010/06/21 22:11:36] <nevyn> ie cat /etc/passwd that's the list of accounts for the system.
[2010/06/21 22:11:47] <nevyn> and
[2010/06/21 22:11:49] <Pupeno> We don't have any directory and we really don't want to set up one; but I'm thinking of a workaround anyway.
[2010/06/21 22:12:02] <chadh> nevyn: hey, I do that too. passwd files for authorization
[2010/06/21 22:12:04] <Pupeno> i.e.: if you want to change your password, log in as root and be done with it.
[2010/06/21 22:12:05] <nevyn> I don't need to worry about password rotation complexity etc.
[2010/06/21 22:12:35] <nevyn> that doesn't work on my systems.
[2010/06/21 22:12:48] <nevyn> root can't change the password of a user.
[2010/06/21 22:13:52] <nevyn> and less credentials for humans which makes me happier.
[2010/06/21 22:14:03] <nevyn> I'd rather not remember more sets of credentials.
[2010/06/21 22:14:24] <nevyn> Pupeno: you don't have a directory at all?
[2010/06/21 22:14:27] <bodepd> nevyn: you could also use 'ralsh user' to audit users
[2010/06/21 22:14:37] <nevyn> bodepd: or getent passwd
[2010/06/21 22:14:41] <nevyn> or lots of other things
[2010/06/21 22:15:08] @ PhabX joined channel #puppet
[2010/06/21 22:16:01] <nevyn> bodepd: but I've seen audit processes and they usually say. "cat /etc/passwd > userlist && ypcat passwd >> userlist"
[2010/06/21 22:16:43] <nevyn> getent passwd is the most portable option for this.
[2010/06/21 22:17:20] <nevyn> it doesn't matter what crack pam is configured for getent passwd will give the list of users defined on the system.
[2010/06/21 22:17:53] <nevyn> Pupeno: I've used openldap before it's kinda painful to configure tho.
[2010/06/21 22:19:33] @ Quit: PhabX: Ping timeout: 260 seconds
[2010/06/21 22:20:39] @ \ask joined channel #puppet
[2010/06/21 22:21:36] @ Quit: WALoeIII: Quit: WALoeIII
[2010/06/21 22:22:40] @ Quit: bodepd: Ping timeout: 252 seconds
[2010/06/21 22:23:05] @ Quit: rcrowley: Quit: rcrowley
[2010/06/21 22:24:07] @ benoit_ joined channel #puppet
[2010/06/21 22:24:29] @ WALoeIII joined channel #puppet
[2010/06/21 22:28:24] @ PhabX joined channel #puppet
[2010/06/21 22:29:11] @ bodepd joined channel #puppet
[2010/06/21 22:29:39] @ ceren joined channel #puppet
[2010/06/21 22:32:17] @ ceren_ joined channel #puppet
[2010/06/21 22:33:22] @ Quit: bodepd: Client Quit
[2010/06/21 22:34:15] @ Quit: lak: Quit: lak
[2010/06/21 22:36:07] @ Quit: ceren: Ping timeout: 260 seconds
[2010/06/21 22:36:07] @ ceren_ is now known as ceren
[2010/06/21 22:36:29] <Pupeno> nevyn: I've never managed to use it for users, but I've set up a couple of openldap servers... it is a pain.
[2010/06/21 22:37:04] <nevyn> Pupeno: how can you not have a directory.
[2010/06/21 22:37:13] <nevyn> do you have all linux workstations?
[2010/06/21 22:37:37] <Pupeno> nevyn: no, this is for servers. We have four servers each with four virtual sears.
[2010/06/21 22:37:46] <Pupeno> s/sears/servers/
[2010/06/21 22:38:15] @ Quit: benoit_: Ping timeout: 240 seconds
[2010/06/21 22:44:50] @ bodepd joined channel #puppet
[2010/06/21 22:44:54] @ Quit: bodepd: Client Quit
[2010/06/21 22:52:20] @ Quit: kolla: Remote host closed the connection
[2010/06/21 23:00:04] @ pheezy joined channel #puppet
[2010/06/21 23:01:48] @ Quit: andrew3: Quit: Leaving.
[2010/06/21 23:02:43] @ shug joined channel #puppet
[2010/06/21 23:02:57] @ mfournier joined channel #puppet
[2010/06/21 23:05:54] @ Quit: fredden: Quit: Leaving
[2010/06/21 23:06:49] @ Quit: PhabX: Quit: Colloquy for iPhone - http://colloquy.mobi
[2010/06/21 23:07:05] @ Quit: WALoeIII: Quit: Bai.
[2010/06/21 23:11:26] @ Quit: rodnet: Read error: Connection reset by peer
[2010/06/21 23:11:26] @ rodnet_ joined channel #puppet
[2010/06/21 23:11:30] @ Quit: alban2: Quit: Leaving.
[2010/06/21 23:17:04] @ benoit_ joined channel #puppet
[2010/06/21 23:17:20] @ Quit: Pupeno: Quit: http://pupeno.com
[2010/06/21 23:19:50] @ gebi joined channel #puppet
[2010/06/21 23:20:36] @ Quit: ceren: Quit: ceren
[2010/06/21 23:27:11] @ kolla joined channel #puppet
[2010/06/21 23:32:08] @ Quit: pheezy: Remote host closed the connection
[2010/06/21 23:36:03] @ Quit: fbe: Ping timeout: 245 seconds
[2010/06/21 23:38:04] @ sdog joined channel #puppet
[2010/06/21 23:43:09] @ yannL joined channel #puppet
[2010/06/21 23:47:26] @ Quit: yannL: Remote host closed the connection
[2010/06/21 23:48:23] @ mattock joined channel #puppet
[2010/06/21 23:48:25] @ flooose joined channel #puppet
[2010/06/21 23:48:29] @ Quit: rodnet_: Quit: rodnet_
[2010/06/21 23:49:33] @ yannL joined channel #puppet
[2010/06/21 23:50:03] @ Quit: gebi: Read error: Operation timed out
[2010/06/21 23:51:32] @ giskard joined channel #puppet
[2010/06/21 23:51:44] @ m1nish joined channel #puppet
[2010/06/21 23:54:21] @ allsystemsarego joined channel #puppet
[2010/06/21 23:55:34] @ Pupeno joined channel #puppet
[2010/06/21 23:56:19] @ pmorillo joined channel #puppet

Generated by irclog2html.py 2.8 by Marius Gedminas - find it at mg.pov.lt!