Thursday, 2010-07-08

[2010/07/08 00:00:53] @ Log started by gepetto
[2010/07/08 00:00:53] @ Quit: rodnet_: Quit: rodnet_
[2010/07/08 00:01:44] @ Quit: Borges: Ping timeout: 260 seconds
[2010/07/08 00:09:43] @ Quit: blahdeblah: Ping timeout: 260 seconds
[2010/07/08 00:10:02] @ Quit: littleidea: Quit: littleidea
[2010/07/08 00:11:03] @ blahdeblah joined channel #puppet
[2010/07/08 00:14:45] @ jmccune joined channel #puppet
[2010/07/08 00:16:09] @ Quit: p3rror: Read error: Operation timed out
[2010/07/08 00:19:13] @ Quit: docelic: Read error: Operation timed out
[2010/07/08 00:19:30] <alcy> This is strange, was doing a dry run with puppetd, but there are no notifications ?
[2010/07/08 00:19:35] @ pinoyskull joined channel #puppet
[2010/07/08 00:19:39] <alcy> in noop mode I mean
[2010/07/08 00:19:55] <bhearsum> yeah
[2010/07/08 00:19:59] <bhearsum> i found that out too
[2010/07/08 00:20:06] @ docelic joined channel #puppet
[2010/07/08 00:20:19] <alcy> bhearsum: did you find a fix ?
[2010/07/08 00:20:28] <bhearsum> nope
[2010/07/08 00:21:35] @ Quit: kenneho: Quit: Ex-Chat
[2010/07/08 00:21:35] @ littleidea joined channel #puppet
[2010/07/08 00:24:19] @ arnt joined channel #puppet
[2010/07/08 00:25:47] @ Quit: sako: Ping timeout: 252 seconds
[2010/07/08 00:25:53] @ nexx joined channel #puppet
[2010/07/08 00:28:25] <alcy> ok I am not sure but did you try setting noop=true in the puppetd section ?
[2010/07/08 00:28:44] <alcy> but that's gonna be true for every run
[2010/07/08 00:28:52] <bhearsum> nope, didn't try that
[2010/07/08 00:30:57] @ p3rror joined channel #puppet
[2010/07/08 00:32:05] @ ceren joined channel #puppet
[2010/07/08 00:38:35] @ alban2 joined channel #puppet
[2010/07/08 00:39:15] @ verwilst joined channel #puppet
[2010/07/08 00:41:44] @ Quit: p3rror: Ping timeout: 252 seconds
[2010/07/08 00:43:47] @ Quit: jmccune: Ping timeout: 240 seconds
[2010/07/08 00:44:02] @ Quit: ceren: Ping timeout: 245 seconds
[2010/07/08 00:44:46] @ Ramonster joined channel #puppet
[2010/07/08 00:44:48] @ mfournier joined channel #puppet
[2010/07/08 00:45:00] @ allsystemsarego joined channel #puppet
[2010/07/08 00:45:45] @ jmccune joined channel #puppet
[2010/07/08 00:48:11] <alcy> it was my fault, works just fine
[2010/07/08 00:48:42] @ poison joined channel #puppet
[2010/07/08 00:51:30] @ ceren joined channel #puppet
[2010/07/08 00:51:32] @ Quit: gebi: Ping timeout: 245 seconds
[2010/07/08 00:53:21] @ Quit: alban2: Ping timeout: 240 seconds
[2010/07/08 00:54:47] @ p3rror joined channel #puppet
[2010/07/08 01:00:15] @ Quit: kolla: Remote host closed the connection
[2010/07/08 01:00:43] @ yann2 joined channel #puppet
[2010/07/08 01:01:20] <yann2> hello! I am trying to create files with puppet that contain the puppet hostname (and not the hostname as discovered by facter) - I have only found fqdn and hostname so far, which do not work for me... any idea?
[2010/07/08 01:03:11] @ alban2 joined channel #puppet
[2010/07/08 01:03:20] @ Quit: poison: Remote host closed the connection
[2010/07/08 01:03:21] <QuackNL> does $title work?
[2010/07/08 01:08:52] @ rmiller4pi81 joined channel #puppet
[2010/07/08 01:09:13] @ Quit: blahdeblah: Ping timeout: 260 seconds
[2010/07/08 01:09:26] <yann2> no... it returns the name of the class
[2010/07/08 01:09:38] @ Quit: rmiller4pi81: Client Quit
[2010/07/08 01:09:39] <yann2> (collectd for me)
[2010/07/08 01:09:57] @ Quit: freshtonic: Quit: freshtonic
[2010/07/08 01:11:40] <yann2> the name of the server (fqdn) is yhamon-dev.goo.thehumanjourney.net... the hostname from facter returns yhamon-dev.thehumanjourney.net, title returns collectd, and hostname yhamon-dev :(
[2010/07/08 01:12:09] @ Quit: rmiller4pi8: Ping timeout: 265 seconds
[2010/07/08 01:13:48] <alcy> yann2: not sure, but if you writtenc sutom facts before, maybe write one for puppet hostname OR make your classes read the puppet host name from /etc/hosts ?
[2010/07/08 01:14:08] @ TREllis joined channel #puppet
[2010/07/08 01:14:25] <alcy> ...have written custom facts before...
[2010/07/08 01:14:53] <yann2> from /etc/puppet/puppet.conf you mean? that's where I define the hostname for puppet
[2010/07/08 01:15:02] @ MattyM joined channel #puppet
[2010/07/08 01:15:38] <alcy> ...wherever you have defined it.
[2010/07/08 01:15:46] @ Quit: littleidea: Quit: littleidea
[2010/07/08 01:22:35] @ spawnyd joined channel #puppet
[2010/07/08 01:30:32] @ poison joined channel #puppet
[2010/07/08 01:30:46] @ Quit: jmccune: Ping timeout: 240 seconds
[2010/07/08 01:32:24] @ Quit: pinoyskull: Ping timeout: 248 seconds
[2010/07/08 01:33:00] @ jmccune joined channel #puppet
[2010/07/08 01:33:05] @ arnt left channel #puppet ("Enter part reason here")
[2010/07/08 01:33:25] @ rmayr joined channel #puppet
[2010/07/08 01:38:02] @ londo__ is now known as londo
[2010/07/08 01:39:43] @ Olly_ joined channel #puppet
[2010/07/08 01:41:22] @ Quit: wilmoore: Remote host closed the connection
[2010/07/08 01:45:25] @ blahdeblah joined channel #puppet
[2010/07/08 01:52:13] @ pinoyskull joined channel #puppet
[2010/07/08 01:52:41] @ jab_doa joined channel #puppet
[2010/07/08 01:54:33] @ Quit: benoit__: Ping timeout: 240 seconds
[2010/07/08 01:54:47] @ Quit: tuf: Quit: tuf
[2010/07/08 02:03:07] @ Quit: TREllis: Quit: leaving
[2010/07/08 02:03:40] @ TREllis joined channel #puppet
[2010/07/08 02:08:52] @ Quit: MattyM: Remote host closed the connection
[2010/07/08 02:09:05] @ mikepea joined channel #puppet
[2010/07/08 02:10:35] @ MattyM joined channel #puppet
[2010/07/08 02:11:11] @ Quit: malikai: Remote host closed the connection
[2010/07/08 02:11:44] @ malikai joined channel #puppet
[2010/07/08 02:12:01] @ itguru joined channel #puppet
[2010/07/08 02:12:01] @ Quit: itguru: Changing host
[2010/07/08 02:12:01] @ itguru joined channel #puppet
[2010/07/08 02:18:15] @ Quit: jmccune: Ping timeout: 240 seconds
[2010/07/08 02:20:14] @ jmccune joined channel #puppet
[2010/07/08 02:20:43] @ lkoranda joined channel #puppet
[2010/07/08 02:22:10] @ benoit__ joined channel #puppet
[2010/07/08 02:25:04] @ Quit: yann2: Read error: Connection reset by peer
[2010/07/08 02:27:22] @ Quit: pinoyskull: Ping timeout: 245 seconds
[2010/07/08 02:27:23] @ yannL joined channel #puppet
[2010/07/08 02:32:30] @ kolla joined channel #puppet
[2010/07/08 02:32:55] @ gebi joined channel #puppet
[2010/07/08 02:37:01] @ Quit: malikai: Quit: Leaving.
[2010/07/08 02:37:06] @ Quit: nimrod10: Read error: Connection reset by peer
[2010/07/08 02:38:35] @ nimrod10 joined channel #puppet
[2010/07/08 02:48:57] @ Quit: Jiko: Quit: bleh
[2010/07/08 02:49:03] @ Jiko joined channel #puppet
[2010/07/08 02:56:11] @ pinoyskull joined channel #puppet
[2010/07/08 02:59:15] @ Quit: jmccune: Ping timeout: 240 seconds
[2010/07/08 03:01:26] @ jmccune joined channel #puppet
[2010/07/08 03:07:53] @ kenneho joined channel #puppet
[2010/07/08 03:08:40] @ Quit: \\localhost: Quit: leaving
[2010/07/08 03:09:25] @ gilesw joined channel #puppet
[2010/07/08 03:09:30] <gilesw> heya puppetiers
[2010/07/08 03:09:46] <gilesw> has anyone had problems with gem spec files being installed 640 ?
[2010/07/08 03:10:31] <gilesw> seems to be happening to me on lucid when I use sudo gem install gemname
[2010/07/08 03:10:47] <spawnyd> gilesw: set the umask to 022
[2010/07/08 03:15:31] @ shug joined channel #puppet
[2010/07/08 03:16:25] @ Quit: Olly_: Quit: This computer has gone to sleep
[2010/07/08 03:18:09] @ Quit: uggedal: Quit: WeeChat 0.3.2
[2010/07/08 03:18:23] @ uggedal joined channel #puppet
[2010/07/08 03:18:45] @ alcy left channel #puppet ()
[2010/07/08 03:22:39] @ bearnard joined channel #puppet
[2010/07/08 03:24:07] <gilesw> hmm interesting, thanks spawnyd looks like our system umask has been set to 027 in a puppet template
[2010/07/08 03:25:10] @ malikai joined channel #puppet
[2010/07/08 03:28:43] @ Olly_ joined channel #puppet
[2010/07/08 03:29:34] <Olly_> if i configure defaults for the file resource inside of a class. are they only the defaults for that class?
[2010/07/08 03:33:16] @ Quit: uggedal: Quit: WeeChat 0.3.2
[2010/07/08 03:33:17] <gilesw> strange, umask 027 is set on another box running etch and doesn't seem to effect gem installation
[2010/07/08 03:33:31] <gilesw> same gem path, same rubygems package
[2010/07/08 03:33:33] @ uggedal joined channel #puppet
[2010/07/08 03:34:34] @ Quit: uggedal: Client Quit
[2010/07/08 03:34:58] @ uggedal joined channel #puppet
[2010/07/08 03:36:49] @ Quit: uggedal: Client Quit
[2010/07/08 03:37:03] @ uggedal joined channel #puppet
[2010/07/08 03:44:11] @ Quit: uggedal: Quit: WeeChat 0.3.2
[2010/07/08 03:44:28] @ uggedal joined channel #puppet
[2010/07/08 03:47:04] @ Quit: jmccune: Ping timeout: 276 seconds
[2010/07/08 03:47:09] <gilesw> hrm changed the umask on the lucid box and the gem installs correctly
[2010/07/08 03:48:27] <gilesw> i wonder if this is pam related
[2010/07/08 03:48:41] @ jmccune joined channel #puppet
[2010/07/08 03:49:03] @ Quit: kenneho: Ping timeout: 260 seconds
[2010/07/08 03:53:33] @ Quit: nwmcsween_: Ping timeout: 240 seconds
[2010/07/08 03:54:16] @ akoma1s joined channel #puppet
[2010/07/08 03:57:13] @ Quit: pinoyskull: Ping timeout: 260 seconds
[2010/07/08 03:57:56] <gilesw> okay seems to be something specific to the root users profile
[2010/07/08 03:58:08] @ Quit: mgisbers: Remote host closed the connection
[2010/07/08 03:58:22] @ mgisbers joined channel #puppet
[2010/07/08 03:58:34] @ pinoyskull joined channel #puppet
[2010/07/08 03:59:39] @ LinuxCode joined channel #puppet
[2010/07/08 04:00:30] @ kenneho joined channel #puppet
[2010/07/08 04:03:20] @ Quit: mgisbers: Read error: Connection reset by peer
[2010/07/08 04:03:35] @ mgisbers joined channel #puppet
[2010/07/08 04:11:03] @ joe-mac left channel #puppet ()
[2010/07/08 04:17:01] @ Quit: pinoyskull: Quit: Leaving
[2010/07/08 04:19:40] @ jab_doa_ joined channel #puppet
[2010/07/08 04:22:55] @ Quit: bearnard: Quit: This computer has gone to sleep
[2010/07/08 04:26:45] @ Quit: blahdeblah: Ping timeout: 260 seconds
[2010/07/08 04:27:45] @ Quit: jmccune: Ping timeout: 240 seconds
[2010/07/08 04:29:51] @ jmccune joined channel #puppet
[2010/07/08 04:34:49] @ Quit: uggedal: Quit: WeeChat 0.3.2
[2010/07/08 04:35:19] @ achester joined channel #puppet
[2010/07/08 04:35:38] @ uggedal joined channel #puppet
[2010/07/08 04:37:29] @ Quit: ceren: Quit: ceren
[2010/07/08 04:37:38] @ daff joined channel #puppet
[2010/07/08 04:42:01] <daff> need some help here setting up puppet for the first time: I am following the Configuration Guide and seem to be unable to get the test client to properly talk to the puppet master server
[2010/07/08 04:42:42] <daff> puppetd hangs after outputting the following: http://pastebin.com/hYPtR7j6
[2010/07/08 04:43:25] <Peanut> In /var/log/daemon.log on the server, do you get something like 'certificate signing request' from puppetmaster?
[2010/07/08 04:43:36] @ ceren joined channel #puppet
[2010/07/08 04:44:32] <daff> I run puppetmasterd from the commandline with --debug; it says http://pastebin.com/Q62zj3jp but nothing about the signing request
[2010/07/08 04:44:59] <daff> eventually puppetd reports an error about execution expiring
[2010/07/08 04:45:32] <daff> after that every new attempt by puppetd results in "info: Could not find certificate for 'testclient'"
[2010/07/08 04:45:44] <daff> ... on the server
[2010/07/08 04:46:00] <Peanut> Try and look in /var/log/daemon.log (if you're on linux) ?
[2010/07/08 04:46:22] <daff> it seems that puppetd gets stuck somewhere trying to generate the signing request?
[2010/07/08 04:46:29] <ptman> or add --logdest=console or somesuch
[2010/07/08 04:47:05] <daff> console is the default log output, is it not?
[2010/07/08 04:47:20] <daff> I see all messages on the console, nothing gets logged to daemon.log
[2010/07/08 04:48:55] <ptman> ok, might be
[2010/07/08 04:49:20] <Peanut> Is there anything special about how you built/installed puppet? Which distro, did you build from source?
[2010/07/08 04:49:37] <daff> I installed from source, on Ubuntu 9.10 servers
[2010/07/08 04:49:51] <daff> following http://docs.puppetlabs.com/guides/installation.html
[2010/07/08 04:50:56] <Peanut> Have you tried the puppet that Ubuntu supplies?
[2010/07/08 04:51:04] <daff> I have not
[2010/07/08 04:52:13] @ Bass10 joined channel #puppet
[2010/07/08 04:52:16] @ Quit: mgisbers: Ping timeout: 276 seconds
[2010/07/08 04:54:13] <Peanut> Might be a quick solution, unless you prefer the current source version for some reason. Using it just fine myself on 9.10
[2010/07/08 04:56:37] <daff> I wanted to use the latest stable version so I don't run into bugs that an old version might have but which are fixed in a newer one
[2010/07/08 04:57:02] <Peanut> Or introduced in a newer ;-)
[2010/07/08 04:57:19] @ mgisbers joined channel #puppet
[2010/07/08 04:57:22] <daff> well, yes :) but it seems to me that puppetd on the client is the problem. is there any way I could increase the verbosity to see what it is doing?
[2010/07/08 04:57:27] <daff> I am already using --debug
[2010/07/08 04:57:39] <daff> and strace outputs way too much
[2010/07/08 04:59:43] <LinuxCode> daff, did you connect ot to the puppetmaster before ?
[2010/07/08 04:59:46] <LinuxCode> it
[2010/07/08 05:00:12] <LinuxCode> did you open the firewall on the puppet server ?
[2010/07/08 05:00:16] <LinuxCode> can the client connect out ?
[2010/07/08 05:00:23] <Peanut> On the client, is there anything in /var/lib/puppet/ssl ?
[2010/07/08 05:00:33] <LinuxCode> Peanut, I was just ging to say, wipe it all
[2010/07/08 05:00:58] <LinuxCode> depending on what hes done so far
[2010/07/08 05:01:02] <LinuxCode> or she
[2010/07/08 05:01:06] <Peanut> LinuxCode: my suggestion too, as I had a problem with a client migrating to a new server giving I think exactly the same error message that Daff has.
[2010/07/08 05:01:46] @ Quit: mgisbers: Ping timeout: 259 seconds
[2010/07/08 05:02:07] @ Quit: FOCer: Remote host closed the connection
[2010/07/08 05:03:16] <daff> Peanut, LinuxCode: I have wiped everything several times, /etc/puppet/ssl and /var/lib/puppet on both the client and the server
[2010/07/08 05:03:34] <daff> on which port do puppetd and puppetmasterd communicate?
[2010/07/08 05:03:41] <daff> it is 8140, is it not?
[2010/07/08 05:03:54] <LinuxCode> 8140 inbound
[2010/07/08 05:03:58] <LinuxCode> on the master
[2010/07/08 05:03:59] <daff> right
[2010/07/08 05:04:31] <LinuxCode> telnet to it
[2010/07/08 05:04:35] <daff> so that shouldn't be the problem
[2010/07/08 05:04:36] <LinuxCode> if it disconnects you
[2010/07/08 05:04:39] <LinuxCode> its accessible
[2010/07/08 05:05:12] <daff> yes, it disconnected me
[2010/07/08 05:05:15] <LinuxCode> daff, did you remove a cet for the node before ?
[2010/07/08 05:05:19] <LinuxCode> cert
[2010/07/08 05:05:31] <LinuxCode> because if so, you must restart the puppetmaster
[2010/07/08 05:06:29] <daff> ah, stupid me. it was my network configuration after all
[2010/07/08 05:06:43] <LinuxCode> hehe
[2010/07/08 05:06:56] <daff> the puppet master is on two VLANs, one which goes through the firewall, the other doesn't
[2010/07/08 05:07:16] <daff> and the internal name resolution resolved the server to the wrong address
[2010/07/08 05:07:29] <daff> seems telnet and puppet resolve differently
[2010/07/08 05:07:47] <daff> no matter, thanks for the help, Peanut and LinuxCode
[2010/07/08 05:07:51] <LinuxCode> pleasure
[2010/07/08 05:07:57] <LinuxCode> now fix my anaconda
[2010/07/08 05:07:59] <LinuxCode> thanks
[2010/07/08 05:08:03] <LinuxCode> rofl
[2010/07/08 05:08:04] <LinuxCode> j/k
[2010/07/08 05:09:51] <daff> anawhatnow?
[2010/07/08 05:10:09] @ Quit: jmccune: Ping timeout: 252 seconds
[2010/07/08 05:10:46] @ freshtonic joined channel #puppet
[2010/07/08 05:11:03] @ jmccune joined channel #puppet
[2010/07/08 05:11:03] <LinuxCode> nevermind
[2010/07/08 05:11:06] <LinuxCode> hehe
[2010/07/08 05:11:43] <daff> isn't that the red hat/fedora installer?
[2010/07/08 05:11:48] <LinuxCode> yah
[2010/07/08 05:12:01] <daff> wouldn't know the first thing about it :)
[2010/07/08 05:21:15] @ Quit: shug: Quit: Leaving
[2010/07/08 05:21:24] @ ahasenack joined channel #puppet
[2010/07/08 05:22:33] @ shenson\|lappy joined channel #puppet
[2010/07/08 05:25:22] @ Quit: uggedal: Quit: WeeChat 0.3.2
[2010/07/08 05:27:22] @ Quit: jmccune: Ping timeout: 276 seconds
[2010/07/08 05:27:51] <vollmer> can anyone point me to some documentation asserting that a puppet client can work through a squid proxy, I seem to be finding a lot of people saying it doesn't
[2010/07/08 05:28:08] <vollmer> it only needs to work on a pull, just don't want to waste the setup time if I'm going down a dead end
[2010/07/08 05:29:36] <Volcane> puppetd --genconfig shows some proxy settings, past that i dont know
[2010/07/08 05:30:14] @ uggedal joined channel #puppet
[2010/07/08 05:30:45] <vollmer> yeah... eah fudge it, I'll bank on the fact that most people on the internet are morons and assume it'll work
[2010/07/08 05:30:50] <sejo> anyone can tel me how to debug augeas with puppet? gut this error: err: //usb_storage/Augeas[usb-storage]: Failed to retrieve current state of resource: Unknown command
[2010/07/08 05:30:51] <vollmer> thanks :)
[2010/07/08 05:31:04] @ Quit: achester: Remote host closed the connection
[2010/07/08 05:32:09] @ Quit: p3rror: Ping timeout: 252 seconds
[2010/07/08 05:32:12] <sejo> recipe: http://dpaste.com/215939/
[2010/07/08 05:37:26] @ Quit: ceren: Quit: ceren
[2010/07/08 05:38:11] @ p3rror joined channel #puppet
[2010/07/08 05:39:19] <zipkid> man... that #redmine channel is noisy!
[2010/07/08 05:40:07] <sejo> gets noisier with the day :p
[2010/07/08 05:43:52] <daff> another quick question: which config parameter do I need to tweak when I get the following message from puppetd after the initial connection and cert signing?
[2010/07/08 05:43:55] <daff> err: Could not retrieve catalog from remote server: hostname was not match with the server certificate
[2010/07/08 05:44:18] <daff> is it certname in /etc/puppet/puppet.conf?
[2010/07/08 05:46:03] @ Quit: zorzar: Ping timeout: 265 seconds
[2010/07/08 05:46:06] <Peanut> You might try and fix it by editing /etc/hosts on the client
[2010/07/08 05:46:54] @ Quit: eivindu: Quit: changing from irssi to weechat and changing nick from eivindu -> uggedal
[2010/07/08 05:47:27] <daff> Peanut: the DNS setup is bit complicated and naturally I'd like to avoid having to tweak such settings on every single client involved
[2010/07/08 05:47:33] @ zorzar joined channel #puppet
[2010/07/08 05:47:53] <daff> I just need to have puppetmasterd and puppetd use their (internal) FQDNs consistently and not strip away any domain parts
[2010/07/08 05:47:53] <ecolitan> when i add new nodes, do i always have to restart the master or will they eventually be noticed?
[2010/07/08 05:48:27] <Peanut> nod with a simple DNS setup it would have just worked.
[2010/07/08 05:48:55] @ Quit: jab_doa_: Quit: Verlassend
[2010/07/08 05:51:53] @ Quit: hephaestus: Ping timeout: 240 seconds
[2010/07/08 05:52:35] @ Quit: RS-232: Quit: kernel upgrade
[2010/07/08 05:52:57] <lisa> daff: what changed in your DNS between the time the cert was signed for that node and now?
[2010/07/08 05:55:19] @ Quit: Edgan: Ping timeout: 276 seconds
[2010/07/08 05:56:00] @ joe-mac joined channel #puppet
[2010/07/08 05:57:27] @ Quit: p3rror: Ping timeout: 252 seconds
[2010/07/08 05:59:59] @ hephaestus joined channel #puppet
[2010/07/08 06:02:00] @ p3rror joined channel #puppet
[2010/07/08 06:03:48] @ mtedesco joined channel #puppet
[2010/07/08 06:08:01] <bronto> If I have a module called "common", and I want to create a class called "common::ntp::client", what should be the path of the corresponding manifest? something like .../modules/common/manifests/ntp/client.pp? Or what?
[2010/07/08 06:08:22] <Volcane> yes
[2010/07/08 06:08:37] <bronto> Volcane: OK, thanks
[2010/07/08 06:08:40] <sejo> where can I ask puppet-augeas questions?
[2010/07/08 06:08:59] <Volcane> sejo: here or the user list, i dont think its heavily used though
[2010/07/08 06:09:01] @ Quit: ahasenack: Ping timeout: 264 seconds
[2010/07/08 06:09:07] @ Edgan joined channel #puppet
[2010/07/08 06:09:25] <zipkid> sejo: ask lefred... he did some stuff with it
[2010/07/08 06:11:44] <sejo> thx zipkid!
[2010/07/08 06:14:33] <tim\|mac> Volcane: I use it heavily, though :P
[2010/07/08 06:14:40] @ reyjrar joined channel #puppet
[2010/07/08 06:15:00] <sejo> Volcane: thx
[2010/07/08 06:15:19] <sejo> tim\|mac: any idea on how to debug or figure out what's wrong with my recipe?
[2010/07/08 06:15:36] <tim\|mac> sejo: did you try using augtool?
[2010/07/08 06:18:47] <sejo> tim\|mac: yes, no issues there...
[2010/07/08 06:19:41] <tim\|mac> sejo: can you pastie your recipe?
[2010/07/08 06:20:17] <tim\|mac> or at least the augeas part of course
[2010/07/08 06:21:07] <sejo> tim\|mac: 14:32:11 < sejo> recipe: http://dpaste.com/215939/
[2010/07/08 06:21:24] <tim\|mac> taking a look
[2010/07/08 06:21:42] <sejo> thx
[2010/07/08 06:22:24] <tim\|mac> hm... looks fine to me... what happens when you run the client with --debug --verbose?
[2010/07/08 06:22:25] @ [GuS] joined channel #puppet
[2010/07/08 06:22:47] <tim\|mac> do you get any error or does it think it applies the recipe?
[2010/07/08 06:24:38] <sejo> tim\|mac: err: //usb_storage/Augeas[usb-storage]: Failed to retrieve current state of resource: Unknown command
[2010/07/08 06:25:30] <tim\|mac> hm
[2010/07/08 06:25:35] <joe-mac> path problem?
[2010/07/08 06:25:48] <joe-mac> as puppet running as root? are there any other weird errors?
[2010/07/08 06:26:06] <joe-mac> run it in debug mode and pastie that too
[2010/07/08 06:26:09] <joe-mac> puppetd -dt
[2010/07/08 06:28:11] <sejo> here is the debug: http://dpaste.com/215956/
[2010/07/08 06:28:21] <sejo> puppet runs as root
[2010/07/08 06:29:52] @ MPSimmons joined channel #puppet
[2010/07/08 06:29:55] <tim\|mac> sejo: I've had trouble with augeas onlyif... I just tested it and it seems to be the trouble here too... if you disable the onlyif, it works (although it adds it every run, which is not what you want)
[2010/07/08 06:31:23] <sejo> ok so should find a better solution for the onlyif
[2010/07/08 06:31:55] @ static^ joined channel #puppet
[2010/07/08 06:32:37] <static^> do you need to put something in the puppet.conf to enable the fileserver?
[2010/07/08 06:32:42] <tim\|mac> sejo: yeah... although... if you add "match" in front of that line, it seems to work here...
[2010/07/08 06:32:47] @ hai joined channel #puppet
[2010/07/08 06:32:52] <hai> hey
[2010/07/08 06:32:52] @ ahasenack joined channel #puppet
[2010/07/08 06:32:58] <static^> everything i try to serve via puppet just gives me an error that it can't retrieve the dep
[2010/07/08 06:33:08] @ Quit: ahasenack: Read error: Connection reset by peer
[2010/07/08 06:33:31] @ ceren joined channel #puppet
[2010/07/08 06:33:39] @ ahasenack joined channel #puppet
[2010/07/08 06:33:46] <sejo> tim\|mac: apparently it's fixed in 0.3.2
[2010/07/08 06:33:54] <tim\|mac> sejo: ah
[2010/07/08 06:34:39] <sejo> bleh i have 0.5.0
[2010/07/08 06:34:44] <sejo> so still not fixed
[2010/07/08 06:34:50] <joe-mac> static^: yea, well you need to set up auth.conf
[2010/07/08 06:34:51] <sejo> http://groups.google.com/group/puppet-users/browse_thread/thread/148a1b7440162bb2
[2010/07/08 06:34:53] <joe-mac> or namespaceauth.conf
[2010/07/08 06:35:30] <tim\|mac> sejo: it works for me if I make it onlyif => "match /files/etc [... bla bla bla ...]
[2010/07/08 06:35:46] <static^> joe-mac: i setup fileserver.conf
[2010/07/08 06:35:49] <static^> with an allow for it
[2010/07/08 06:36:35] <joe-mac> what kind of error do you get static^?
[2010/07/08 06:37:05] <sejo> tim\|mac: testing
[2010/07/08 06:37:07] <static^> Could not apply complete configuration: Could not retrieve dependency 'File[/usr/local/src/ruby-1.8.7.tar.gz]'
[2010/07/08 06:37:41] <tim\|mac> static^: do you have a file resource for /usr/local/src/ruby-1.8.7.tar.gz defined?
[2010/07/08 06:38:18] <tim\|mac> static^: aka, you have a file { "/usr/local/src/ruby-1.8.7.tar.gz": ... } somewhere in your manifest?
[2010/07/08 06:38:25] <static^> http://pastie.org/1035905
[2010/07/08 06:38:31] <sejo> tim\|mac: works!!!! thanks a lot!
[2010/07/08 06:38:46] <tim\|mac> sejo: awesome :D
[2010/07/08 06:39:22] @ Quit: hai: Ping timeout: 252 seconds
[2010/07/08 06:39:37] <static^> tim\|mac: http://pastie.org/1035905
[2010/07/08 06:39:39] <tim\|mac> sejo: could you file a bug report against the docs for that? seems like it's simply mis-documented
[2010/07/08 06:39:40] <static^> updated with more info
[2010/07/08 06:41:23] <tim\|mac> static^: hm that's strange, your code looks fine
[2010/07/08 06:41:25] <sejo> tim\|mac: I'll do it tonight
[2010/07/08 06:41:28] <sejo> need to run now
[2010/07/08 06:41:31] <tim\|mac> sejo: thanks!
[2010/07/08 06:42:03] <static^> tim\|mac: on the server (puppetmasterd), the fileserver config file is defined in the [puppet] section
[2010/07/08 06:42:06] <static^> is that the right section?
[2010/07/08 06:43:12] <tim\|mac> static^: the error you're getting doesn't seem to say it cannot contact the fileserver, just that it cannot find the dependency... i don't get what's wrong here...
[2010/07/08 06:43:18] <tim\|mac> doubt it's anything to do with the fileserver, though
[2010/07/08 06:43:26] <tim\|mac> which version of puppet are you running?
[2010/07/08 06:43:26] <joe-mac> your source is set wrong, or the file has bad opermissions
[2010/07/08 06:43:31] <joe-mac> remember that puppetmasterd does not run as root
[2010/07/08 06:43:43] <tim\|mac> ah that could be it, indeed
[2010/07/08 06:43:45] <static^> joe-mac: i chowned the files to puppet
[2010/07/08 06:44:46] <joe-mac> the path is wrong then, it's been a while since i served files outside of modules, what is the local path on the master to the file?
[2010/07/08 06:45:10] <joe-mac> did you pastie your puppet.conf and fileserver.conf yet? i didn't see it
[2010/07/08 06:45:42] @ Quit: benoit__: Ping timeout: 245 seconds
[2010/07/08 06:47:08] @ jdcasey joined channel #puppet
[2010/07/08 06:48:03] <static^> joe-mac: http://pastie.org/1035924
[2010/07/08 06:48:13] <static^> the fileserver.conf is included at the bottom
[2010/07/08 06:48:36] @ bobbyz joined channel #puppet
[2010/07/08 06:49:32] @ tecto joined channel #puppet
[2010/07/08 06:50:42] @ Borges joined channel #puppet
[2010/07/08 06:51:15] <static^> joe-mac: see anything wrong there?
[2010/07/08 06:51:32] @ jimmij joined channel #puppet
[2010/07/08 06:52:02] <joe-mac> take out 'files/' from your source parameter
[2010/07/08 06:52:28] <static^> what do you meaN/
[2010/07/08 06:52:31] <static^> mean?
[2010/07/08 06:54:49] <static^> joe-mac: source => "puppet:///files/ruby-1.8.7.tar.gz" is what's in there now
[2010/07/08 06:55:16] @ rcrowley joined channel #puppet
[2010/07/08 06:57:14] @ Quit: rcrowley: Client Quit
[2010/07/08 06:58:31] @ gmcquillan joined channel #puppet
[2010/07/08 06:58:47] @ benoit__ joined channel #puppet
[2010/07/08 06:58:50] @ Quit: mikepea: Quit: mikepea
[2010/07/08 06:59:36] <joe-mac> i mean exactly what i said static
[2010/07/08 06:59:47] <joe-mac> sed s/files\///
[2010/07/08 06:59:53] <joe-mac> remove the string '
[2010/07/08 06:59:57] <joe-mac> files/'
[2010/07/08 07:00:00] <joe-mac> from your source parameter
[2010/07/08 07:02:20] @ mikepea joined channel #puppet
[2010/07/08 07:02:22] @ Quit: malikai: Quit: Leaving.
[2010/07/08 07:03:50] @ rcrowley joined channel #puppet
[2010/07/08 07:04:16] @ Quit: bug: Quit: bug
[2010/07/08 07:04:48] <static^> joe-mac: no change
[2010/07/08 07:05:08] @ jcharette joined channel #puppet
[2010/07/08 07:05:29] <jcharette> has anyone found a good method to install pecl modules?
[2010/07/08 07:06:01] <joe-mac> ok i just noticed you're kind of trying to do modules too
[2010/07/08 07:06:19] <joe-mac> static^: i think you might be following a guide for non modules fileserver
[2010/07/08 07:06:24] <joe-mac> but also trtying to do modules
[2010/07/08 07:06:40] <static^> i would like to serve the module files
[2010/07/08 07:06:49] <Olly_> when a service gets notified (notify or subscribe) does it do a restart or reload?
[2010/07/08 07:06:54] <joe-mac> right- but you're doing it like you would if you weren't using modules
[2010/07/08 07:07:05] <static^> k, which guide should i read?
[2010/07/08 07:07:07] @ bug joined channel #puppet
[2010/07/08 07:07:13] @ Quit: benoit__: Ping timeout: 240 seconds
[2010/07/08 07:07:44] <joe-mac> static^: stick with the modules guide wherever you saw it, but do this
[2010/07/08 07:07:50] <joe-mac> change that files stanza to 'modules'
[2010/07/08 07:07:52] <joe-mac> and take out the path
[2010/07/08 07:07:59] <joe-mac> and only have access control in there
[2010/07/08 07:08:15] <joe-mac> then change your source to puppet:///modules/testing/ruby-1.8.7.tar.gz
[2010/07/08 07:09:19] <static^> joe-mac: i did -d on the master - i see this "debug: No modules mount given; autocreating with default permissions "
[2010/07/08 07:09:30] <Volcane> (if you're compiling tarballs from source with puppet you're killing kittens)
[2010/07/08 07:09:45] <static^> everything is defined under [puppet] on the puppetmasterd server
[2010/07/08 07:09:52] <static^> is that the right place?
[2010/07/08 07:10:45] @ kaptk2 joined channel #puppet
[2010/07/08 07:11:01] @ racerx joined channel #puppet
[2010/07/08 07:11:57] @ benoit__ joined channel #puppet
[2010/07/08 07:11:58] <racerx> Hi all, im having issues with my fqdn being mapped to the CN name of puppets cert...
[2010/07/08 07:12:18] <racerx> Ive used certname= in puppet.conf on the master..
[2010/07/08 07:12:30] <racerx> but it doesnt change the CN name when a cert is generated
[2010/07/08 07:13:05] <racerx> http://projects.reductivelabs.com/issues/1507 gives some insight and the workaround here: http://projects.puppetlabs.com/projects/puppet/wiki/Ruby_Ssl_2007_006 doesnt work
[2010/07/08 07:13:07] @ sebas891 joined channel #puppet
[2010/07/08 07:13:17] <racerx> my CN is always set the the fqdn of the box
[2010/07/08 07:13:44] @ Quit: sebas891: Client Quit
[2010/07/08 07:13:45] @ Quit: poison: Ping timeout: 240 seconds
[2010/07/08 07:13:51] <Volcane> racerx: are you trying to change the master cert?
[2010/07/08 07:14:02] <racerx> yes
[2010/07/08 07:14:06] @ poison joined channel #puppet
[2010/07/08 07:14:12] <Volcane> and you set certname in [puppetmasterd] section?
[2010/07/08 07:14:19] @ sebas891 joined channel #puppet
[2010/07/08 07:14:24] @ jcharette left channel #puppet ()
[2010/07/08 07:14:37] <racerx> yes
[2010/07/08 07:14:38] @ Quit: poison: Read error: Connection reset by peer
[2010/07/08 07:14:56] <racerx> [puppermasterd]
[2010/07/08 07:14:57] <racerx> reports=puppet_dashboard
[2010/07/08 07:14:57] <racerx> certname=puppet.xxxxxx.net
[2010/07/08 07:14:57] <racerx> server=puppet.xxxxx.net
[2010/07/08 07:15:11] <Volcane> and your fqdn is whatever.xxxx.net ?
[2010/07/08 07:15:38] <racerx> the fqdn of the machine is brian.ed.xxxx.net
[2010/07/08 07:15:44] <racerx> and the CN is taking that too
[2010/07/08 07:15:48] <Volcane> ok
[2010/07/08 07:15:59] <Volcane> well if you just leave it to defaults
[2010/07/08 07:16:01] <racerx> i have a cname for puppet.xxxx.net to brian.ed.xxxx.net
[2010/07/08 07:16:12] <Volcane> you'd get a cert called brian, with cert dns names of puppet.xxx.net and puppet
[2010/07/08 07:16:30] <Volcane> hmm, actually i guess it would be puppet.ed.xxx.net not puppet.xxx.net.
[2010/07/08 07:16:58] <Volcane> anyway, to do it you more or less just set certname, delet ehte ssl files and then start the master in webrick mode
[2010/07/08 07:17:02] <Volcane> and it should sort itself out
[2010/07/08 07:17:26] <Volcane> its generally just easier to stick to defaults and just make sure your machines can resolve 'puppet'
[2010/07/08 07:18:38] <racerx> when i remove the ssl folder and restart the master it creates the cert with a CN that matches the fqdn of the server
[2010/07/08 07:18:51] <racerx> but I have the certname=puppet.xxxx.net set in the puppet.conf
[2010/07/08 07:19:12] <zahna> racerx: i ran into a problem like this. Volcane is right.
[2010/07/08 07:19:29] <zahna> except, i set certname=puppet on the master only
[2010/07/08 07:19:51] <racerx> thats what I did, but the CN is still the machines fqdn :(
[2010/07/08 07:20:06] <racerx> puppetd --no-daemonize -d -v --test --server puppet.xxxxx.net on a remote client gives
[2010/07/08 07:20:13] <racerx> err: Could not retrieve catalog from remote server: hostname was not match with the server certificate
[2010/07/08 07:20:19] <zahna> where did you put the certname line?
[2010/07/08 07:20:21] <Volcane> pastie your config, also a ls in the ssl dir, and also output from: openssl x509 -in whatever.pem -text
[2010/07/08 07:20:36] <racerx> ok 3 secs
[2010/07/08 07:20:45] <Volcane> racerx: just make your clients resolve 'puppet' and dont supply the --server, then it will work
[2010/07/08 07:20:56] <static^> can anyone recommend a good guide for service files via puppet:??
[2010/07/08 07:20:59] <static^> puppet://
[2010/07/08 07:21:18] <zahna> Volcane is right. Again.
[2010/07/08 07:21:33] @ Quit: tecto: Ping timeout: 240 seconds
[2010/07/08 07:22:04] @ londo_ joined channel #puppet
[2010/07/08 07:22:40] <racerx> problem is my clients are not on the same network
[2010/07/08 07:22:52] <Volcane> resolv.conf fixes it all
[2010/07/08 07:22:52] <racerx> some are local, so thats ok... but most are remote
[2010/07/08 07:23:00] <Volcane> or /etc/hosts
[2010/07/08 07:23:02] <Volcane> or dns entries
[2010/07/08 07:23:06] <Volcane> or any combination of above
[2010/07/08 07:23:19] <zahna> Volcane: i use /etc/resolv.conf and DNS CNAME's
[2010/07/08 07:23:23] <Volcane> yup
[2010/07/08 07:23:41] <zahna> racerx: i have clients scattered across 3 domains. they all use the same puppetmaster.
[2010/07/08 07:23:51] @ Quit: jdcasey: Remote host closed the connection
[2010/07/08 07:23:52] * Volcane has probably 20+ domains
[2010/07/08 07:24:19] <Volcane> and 3 masters
[2010/07/08 07:24:21] @ Quit: ahasenack: Quit: Leaving
[2010/07/08 07:24:29] <Volcane> defaults more or less just work
[2010/07/08 07:24:43] @ ahasenack joined channel #puppet
[2010/07/08 07:24:57] <zahna> Volcane: it would be cool to have this bit of info setup in a newbie guide
[2010/07/08 07:25:41] <Volcane> zahna: newbies: LOOK!!!! SETTINGS, LETS CHANGE THEM ALL! that willnever stop :)
[2010/07/08 07:25:43] <zahna> i remember seeing "the defaults work", but nothing like "the defaults work. it's recommended to use them. here's why. here are some examples of why."
[2010/07/08 07:26:26] * Volcane 's starting guide covered it and tried to convinced people of the merits, they never listen
[2010/07/08 07:26:37] <Volcane> 'i followed your guide, all i changes was...'
[2010/07/08 07:26:50] <zahna> was that guide part of wiki.puppetlabs.com?
[2010/07/08 07:26:56] <Volcane> nah
[2010/07/08 07:27:11] <zahna> i bet it'd be helpful if it was there
[2010/07/08 07:27:18] <racerx> biduha
[2010/07/08 07:27:21] <Volcane> its out of date now, need to rewrite
[2010/07/08 07:27:26] <zahna> ah
[2010/07/08 07:27:27] <racerx> http://pastie.org/1035986
[2010/07/08 07:27:28] <racerx> oops
[2010/07/08 07:27:29] <racerx> there
[2010/07/08 07:27:30] <racerx> ok
[2010/07/08 07:27:59] * zahna should punch racerx for choosing that color scheme
[2010/07/08 07:28:07] <zahna> where is your puppet.conf?
[2010/07/08 07:28:13] @ tecto joined channel #puppet
[2010/07/08 07:28:13] @ Quit: tecto: Changing host
[2010/07/08 07:28:13] @ tecto joined channel #puppet
[2010/07/08 07:28:21] <racerx> at the top
[2010/07/08 07:28:29] <zahna> oh there it is! fricking color scheme...
[2010/07/08 07:28:35] @ bearnard joined channel #puppet
[2010/07/08 07:28:39] <zahna> and there's the incorrect certname line
[2010/07/08 07:28:45] <Volcane> racerx: please have another look at what I asked you to run :)
[2010/07/08 07:29:12] <zahna> "certname=puppet" <-- correct certname line
[2010/07/08 07:29:23] <racerx> zahna: change the color scheme to whatever you like
[2010/07/08 07:29:59] <zahna> racerx: i'm trying to help you. the least you could do is go easy on my eyes.
[2010/07/08 07:30:05] <racerx> :)
[2010/07/08 07:30:18] <racerx> the watever.pem .... what should this be?
[2010/07/08 07:30:43] <Volcane> its in ssl/certs
[2010/07/08 07:30:48] <Volcane> that'll be the one the master uses
[2010/07/08 07:31:16] <zahna> is blowing away the ssl dir safe in your situation? ie, this isn't production, right?
[2010/07/08 07:31:43] <Volcane> racerx: also you can confirm your certname setting is taking effect iwth puppetmasterd --genconfig\|grep certname
[2010/07/08 07:32:05] <racerx> zaha: its not problem
[2010/07/08 07:32:36] @ Quit: tecto: Ping timeout: 252 seconds
[2010/07/08 07:33:22] <racerx> ok.. puppet.conf has certname=puppet ... i blew away the ssl dir
[2010/07/08 07:33:28] <racerx> then ran the command
[2010/07/08 07:33:31] <racerx> brian:/etc/puppet# puppetmasterd --genconfig\|grep certname
[2010/07/08 07:33:31] <racerx> # The default value is '$privatekeydir/$certname.pem'.
[2010/07/08 07:33:31] <racerx> # certname = brian.ed.xxxxx.net
[2010/07/08 07:33:31] <racerx> # The default value is '$ssldir/csr_$certname.pem'.
[2010/07/08 07:33:31] <racerx> # The default value is '$publickeydir/$certname.pem'.
[2010/07/08 07:33:32] <zahna> ok. then personally, i would blow away the ssl dir on your master, fix the certname line, restart puppetmasterd, make sure DNS is setup right, make sure clients use the default puppetmaster name.
[2010/07/08 07:33:32] <racerx> # The default value is '$certdir/$certname.pem'.
[2010/07/08 07:34:05] <Volcane> racerx: that suggests its not reading your settings.
[2010/07/08 07:34:09] <racerx> yup
[2010/07/08 07:34:11] <racerx> i know
[2010/07/08 07:34:15] <racerx> thats the issue
[2010/07/08 07:34:18] <Volcane> racerx: what .conf files do you have in /etc/puppet ?
[2010/07/08 07:34:37] <racerx> brian:/etc/puppet# ls -la
[2010/07/08 07:34:37] <racerx> total 36
[2010/07/08 07:34:37] <racerx> drwxr-xr-x 5 root root 4096 2010-07-08 15:32 .
[2010/07/08 07:34:37] <racerx> drwxr-xr-x 75 root root 4096 2010-07-08 14:59 ..
[2010/07/08 07:34:37] <racerx> -rw-r--r-- 1 root root 2346 2010-04-14 14:58 auth.conf
[2010/07/08 07:34:38] <racerx> drwxr-xr-x 6 root root 4096 2010-04-14 14:58 .bzr
[2010/07/08 07:34:40] <racerx> -rw-r--r-- 1 root root 377 2010-04-14 14:58 fileserver.conf
[2010/07/08 07:34:43] <Volcane> pls use pastie
[2010/07/08 07:34:44] <racerx> -rw-r--r-- 1 root root 83 2010-04-14 14:58 .geanyprj
[2010/07/08 07:34:46] <racerx> drwxr-xr-x 2 root root 4096 2010-07-08 15:04 manifests
[2010/07/08 07:34:48] <racerx> drwxr-xr-x 26 root root 4096 2010-07-08 13:36 modules
[2010/07/08 07:34:50] <racerx> -rw-r--r-- 1 root root 236 2010-07-08 15:32 puppet.conf
[2010/07/08 07:34:52] <racerx> sorry
[2010/07/08 07:35:57] <Volcane> so thats all?
[2010/07/08 07:36:01] <racerx> yup
[2010/07/08 07:36:15] <Volcane> ps -auxww\|grep puppetmaster
[2010/07/08 07:36:44] <zahna> Volcane: i've had a puppetmaster not read values from puppet.conf before.
[2010/07/08 07:37:16] <racerx> http://pastie.org/1036012
[2010/07/08 07:37:42] @ Quit: docelic: Ping timeout: 265 seconds
[2010/07/08 07:37:43] <zahna> i even strace'd it. it opened and read puppet.conf, then seemed to ignore all the values.
[2010/07/08 07:38:16] <Volcane> zahna: nods, used to happen if there were like puppetd.conf and puppetmasterd.conf in the dir
[2010/07/08 07:38:56] <zahna> Volcane: ah, i don't remember the details. it wasn't an important machine, and I didn't have more time, so I reclaimed the VM.
[2010/07/08 07:39:05] <Volcane> racerx: ok, please pastie your current entire puppet.conf on the master, and puppetmasterd --genconfig\|grep certname using the same config
[2010/07/08 07:39:06] @ sts joined channel #puppet
[2010/07/08 07:39:18] <sts> hello folks. where do i find docs about 'fail'?
[2010/07/08 07:39:22] @ tecto joined channel #puppet
[2010/07/08 07:39:43] <Volcane> sts: ref:function
[2010/07/08 07:39:43] <gepetto> Volcane: sts: ref:function is http://docs.puppetlabs.com/references/latest/function.html "Puppet Labs"
[2010/07/08 07:40:01] <racerx> http://pastie.org/1036016
[2010/07/08 07:40:30] <Volcane> racerx: also puppetmasterd --genconfig\|grep certdns
[2010/07/08 07:40:46] <racerx> # certdnsnames =
[2010/07/08 07:40:46] <sts> thank you Volcane
[2010/07/08 07:40:51] <racerx> thats it for that
[2010/07/08 07:41:21] @ Quit: mikepea: Ping timeout: 240 seconds
[2010/07/08 07:41:36] @ rasputnik joined channel #puppet
[2010/07/08 07:41:43] <Volcane> #oh
[2010/07/08 07:41:45] <Volcane> lame
[2010/07/08 07:41:49] <Volcane> [puppermasterd]
[2010/07/08 07:41:51] <Volcane> typo
[2010/07/08 07:41:59] <racerx> FFS!
[2010/07/08 07:42:00] @ littleidea joined channel #puppet
[2010/07/08 07:42:02] <Volcane> heh
[2010/07/08 07:43:24] <racerx> thanks so much
[2010/07/08 07:43:28] <Volcane> np
[2010/07/08 07:43:34] <racerx> been staring at this thing for way too long
[2010/07/08 07:43:46] <racerx> guess what...
[2010/07/08 07:43:47] <racerx> Server certificate
[2010/07/08 07:43:47] <racerx> subject=/CN=puppet
[2010/07/08 07:43:47] <racerx> issuer=/CN=ca
[2010/07/08 07:43:50] <racerx> works now :D
[2010/07/08 07:43:50] @ mikepea joined channel #puppet
[2010/07/08 07:43:55] <Volcane> shocker :P
[2010/07/08 07:43:58] <racerx> lol
[2010/07/08 07:44:00] <racerx> cheers again
[2010/07/08 07:44:20] <zahna> Volcane: how do you handle users and homedirs?
[2010/07/08 07:44:29] <Volcane> by not having any :P
[2010/07/08 07:44:38] <zahna> really?
[2010/07/08 07:44:51] <Volcane> i just make users with the user type, managehomes, copy keys out etc, all in a define
[2010/07/08 07:45:15] @ cliff-hm joined channel #puppet
[2010/07/08 07:45:18] <Volcane> but dont have enough users for that to be a problem
[2010/07/08 07:45:20] @ itguru_ joined channel #puppet
[2010/07/08 07:45:20] <zahna> how do you manage a home dir out of a define?
[2010/07/08 07:45:30] <Volcane> where we do have many users we have ldap
[2010/07/08 07:45:43] @ Quit: itguru_: Read error: Connection reset by peer
[2010/07/08 07:45:44] <Volcane> zahna: user{"foo": managehome => true, ensure => present}
[2010/07/08 07:45:46] <zahna> ah, what about those homedirs?
[2010/07/08 07:46:27] <zahna> but how does that define manage the users' keys?
[2010/07/08 07:46:43] @ jdcasey joined channel #puppet
[2010/07/08 07:46:46] <Volcane> for ldap ones if i didnt want to manage profiles, ldap login process will create skel home dirs
[2010/07/08 07:47:03] <Volcane> zahna: file{"/path/to/home/${name}/.ssh/authorized_keys":....}
[2010/07/08 07:48:10] <zahna> ah, so you manage each authorized_keys file individually?
[2010/07/08 07:48:27] @ Quit: kenneho: Quit: Ex-Chat
[2010/07/08 07:48:36] <Volcane> yeh just have a dir full of them on the master, like i aid, dont have 100s of users that works for me
[2010/07/08 07:48:43] <zahna> sure
[2010/07/08 07:48:45] <Volcane> s/aid/said
[2010/07/08 07:49:05] <Volcane> mostly its devs
[2010/07/08 07:49:11] <Volcane> and they can manage those files themselves
[2010/07/08 07:49:29] <Volcane> and they can put down a little tgz file in a given place with a given name and puppet will untar their profile everywhere for them
[2010/07/08 07:49:36] <Volcane> we obviously trust our devs a lot
[2010/07/08 07:50:07] <zahna> that's cool
[2010/07/08 07:50:40] @ poison joined channel #puppet
[2010/07/08 07:51:49] <zahna> this has given me some ideas. thanks.
[2010/07/08 07:52:19] @ tonyskapunk joined channel #puppet
[2010/07/08 07:52:26] <Volcane> puppetmanifest live in the same svn repo as everything else, unrestricted to the devs
[2010/07/08 07:53:37] <zahna> wow. i have a separate repo for puppet.
[2010/07/08 07:53:46] @ docelic joined channel #puppet
[2010/07/08 07:54:09] <Volcane> shrug if you dont trust them, dont run any code they write ever
[2010/07/08 07:54:53] @ Quit: poison: Ping timeout: 240 seconds
[2010/07/08 07:55:06] @ Quit: Qix: Quit: Leaving
[2010/07/08 07:55:08] @ poison joined channel #puppet
[2010/07/08 07:55:42] @ Quit: Borges: Ping timeout: 252 seconds
[2010/07/08 07:59:42] @ littleidea_ joined channel #puppet
[2010/07/08 07:59:53] @ Quit: poison: Ping timeout: 260 seconds
[2010/07/08 07:59:56] @ thekad-afk is now known as thekad
[2010/07/08 08:00:19] @ Quit: QMan: Read error: Connection reset by peer
[2010/07/08 08:00:41] @ _lucid joined channel #puppet
[2010/07/08 08:00:46] <_lucid> are manifest used in the puppet stand-alone ( puppetmaster less ) architecture?
[2010/07/08 08:00:56] @ lak joined channel #puppet
[2010/07/08 08:01:04] @ QMan joined channel #puppet
[2010/07/08 08:01:14] @ Quit: ninjazjb: Quit: leaving
[2010/07/08 08:01:23] <Volcane> _lucid: its all the same
[2010/07/08 08:01:50] <_lucid> Volcane: ok.. tye
[2010/07/08 08:01:53] <_lucid> ty
[2010/07/08 08:01:57] @ Quit: littleidea: Ping timeout: 245 seconds
[2010/07/08 08:02:06] @ littleidea joined channel #puppet
[2010/07/08 08:02:27] @ ecapriolo joined channel #puppet
[2010/07/08 08:03:45] @ Quit: littleidea_: Ping timeout: 240 seconds
[2010/07/08 08:05:41] <zahna> Volcane: that's a little extreme. there is a middle path...
[2010/07/08 08:07:05] @ poison joined channel #puppet
[2010/07/08 08:09:08] @ poison_ joined channel #puppet
[2010/07/08 08:09:08] @ Quit: poison: Read error: Connection reset by peer
[2010/07/08 08:09:24] @ Quit: mikepea: Quit: mikepea
[2010/07/08 08:10:06] @ Quit: ceren: Quit: ceren
[2010/07/08 08:13:57] @ Quit: poison_: Ping timeout: 265 seconds
[2010/07/08 08:15:32] @ thekad left channel #puppet ("Leaving")
[2010/07/08 08:16:16] @ murkk joined channel #puppet
[2010/07/08 08:16:49] @ Quit: tecto: Ping timeout: 264 seconds
[2010/07/08 08:17:16] @ Quit: _lucid: Ping timeout: 252 seconds
[2010/07/08 08:17:18] @ murkk left channel #puppet ()
[2010/07/08 08:17:19] @ poison joined channel #puppet
[2010/07/08 08:19:45] @ Quit: poison: Read error: Connection reset by peer
[2010/07/08 08:19:51] @ poison joined channel #puppet
[2010/07/08 08:20:43] @ Frix joined channel #puppet
[2010/07/08 08:20:43] @ Quit: poison: Read error: Connection reset by peer
[2010/07/08 08:20:48] @ Quit: QMan: Read error: Connection reset by peer
[2010/07/08 08:20:58] @ poison joined channel #puppet
[2010/07/08 08:21:06] @ QMan joined channel #puppet
[2010/07/08 08:21:48] @ tecto joined channel #puppet
[2010/07/08 08:21:49] @ Quit: tecto: Changing host
[2010/07/08 08:21:49] @ tecto joined channel #puppet
[2010/07/08 08:22:21] @ Borges joined channel #puppet
[2010/07/08 08:22:41] @ poison_ joined channel #puppet
[2010/07/08 08:23:32] @ Quit: Frix: Client Quit
[2010/07/08 08:25:55] @ Quit: poison: Ping timeout: 276 seconds
[2010/07/08 08:26:04] @ Quit: lak: Quit: lak
[2010/07/08 08:27:50] @ mikepea joined channel #puppet
[2010/07/08 08:28:32] @ Quit: pmorillo: Quit: pmorillo
[2010/07/08 08:29:31] @ lak joined channel #puppet
[2010/07/08 08:29:48] @ Quit: poison_: Ping timeout: 252 seconds
[2010/07/08 08:30:02] @ Quit: ecolitan: Remote host closed the connection
[2010/07/08 08:30:59] @ Quit: jimmij: Remote host closed the connection
[2010/07/08 08:31:47] @ poison_ joined channel #puppet
[2010/07/08 08:32:38] @ Quit: lak: Client Quit
[2010/07/08 08:32:43] @ Quit: uggedal: Quit: WeeChat 0.3.2
[2010/07/08 08:33:03] @ uggedal joined channel #puppet
[2010/07/08 08:33:06] @ Quit: verwilst: Quit: Ex-Chat
[2010/07/08 08:33:32] @ jimmij joined channel #puppet
[2010/07/08 08:33:51] @ Quit: mqr: Quit: mqr
[2010/07/08 08:34:01] @ ribo joined channel #puppet
[2010/07/08 08:39:56] @ Quit: Ramonster: Quit: So long, thanx for all the fish
[2010/07/08 08:40:22] @ Quit: mikepea: Quit: mikepea
[2010/07/08 08:42:54] <reyjrar> is it still considered best practice to cron puppetd runs instead of running the daemon?
[2010/07/08 08:43:13] @ ckauhaus joined channel #puppet
[2010/07/08 08:43:27] <Volcane> not sure if its best practise, but it might be your only option if you're getting problems
[2010/07/08 08:45:03] <reyjrar> memory usage is all over the board..
[2010/07/08 08:45:07] <Volcane> I'd def recommend it or somethig like it though
[2010/07/08 08:45:23] <zahna> Volcane: is that how you run puppet clients?
[2010/07/08 08:45:31] <Volcane> i schedule them with mcollective
[2010/07/08 08:45:31] <reyjrar> some of my clients are under 5MB, others are as high as 300MB of memory usage..
[2010/07/08 08:45:46] <zahna> Volcane: aren't you the author of mcollective?
[2010/07/08 08:45:50] <Volcane> i am
[2010/07/08 08:46:13] @ Chiku joined channel #puppet
[2010/07/08 08:46:15] <Volcane> http://www.devco.net/archives/2010/03/17/scheduling_puppet_with_mcollective.php thats how i do it
[2010/07/08 08:46:18] <zahna> can mcollective run scriptlets across groups of machines?
[2010/07/08 08:46:25] @ Chiku left channel #puppet ()
[2010/07/08 08:46:35] <zahna> and do it without SSH?
[2010/07/08 08:46:41] <Volcane> zahna: thats what its for :)
[2010/07/08 08:46:57] <zahna> does it require gems to be installed?
[2010/07/08 08:47:07] <Volcane> it runs a daemon of its own etc
[2010/07/08 08:47:20] <Volcane> need mostly 1 gem to talk to the middleware
[2010/07/08 08:47:28] @ Quit: ckauhaus: Client Quit
[2010/07/08 08:47:57] <zahna> does it require a "gem install"? i hate that.
[2010/07/08 08:48:06] @ ckauhaus joined channel #puppet
[2010/07/08 08:48:18] <Volcane> zahna: it really isnt hard making debs or rpms from gems
[2010/07/08 08:48:27] <Volcane> zahna: i have rpms for whats needed
[2010/07/08 08:48:59] <zahna> Volcane: if you can auto-generate the spec files, i'd agree
[2010/07/08 08:49:10] <zahna> (and have those spec files actually work)
[2010/07/08 08:49:19] <Volcane> 99% of my rubygem rpms are 1 command to convert the
[2010/07/08 08:49:46] <Volcane> only ones i have issues with are: stupid gems that list too many dependencies and ones who do native compiles sometimes need some tweaks
[2010/07/08 08:49:56] @ Quit: rasputnik: Read error: Operation timed out
[2010/07/08 08:51:50] @ gniks joined channel #puppet
[2010/07/08 08:52:01] @ Quit: gniks: Client Quit
[2010/07/08 08:52:16] @ Quit: tecto: Ping timeout: 265 seconds
[2010/07/08 08:52:56] <zahna> ok, i need to learn mcollective.
[2010/07/08 08:53:21] <zahna> i never liked solutions that were SSH based
[2010/07/08 08:53:28] <Volcane> zahna: it requires things like a middleware broker, but when you issue a command it happens immediately on all machines - you then attach an optional filter to restrict what machines
[2010/07/08 08:53:57] <zahna> a middleware broker? like what?
[2010/07/08 08:54:00] <Volcane> zahna: a filter is like -W architecture=i386 /foo/ <-- this means all machines with facter fact archicture being i386 and having puppet classes matching the regex /foo/
[2010/07/08 08:54:12] <Volcane> like activemq
[2010/07/08 08:54:13] <zahna> mcollective uses facter?
[2010/07/08 08:54:28] <zahna> oh, so not a broker, but a messaging queue
[2010/07/08 08:54:45] <Volcane> zahna: all your facts and classes are avilable to use in filtering which machines to work with yes
[2010/07/08 08:54:55] <Volcane> zahna: same shit, different term :P
[2010/07/08 08:55:10] <zahna> Volcane: i suppose. i've always thought of them as different.
[2010/07/08 08:55:24] @ thrain][ joined channel #puppet
[2010/07/08 08:55:31] <zahna> so what's required to install it?
[2010/07/08 08:55:46] <zahna> does it require the activemq rpm?
[2010/07/08 08:55:58] <Volcane> zahna: anyway, so i use activemq to do the really fast comms and handle the clustering and distributed stuff etc. you need to have 1 x activemq somewhere on your network at least
[2010/07/08 08:56:15] <Volcane> zahna: on the nodes you need the stomp gem (i have a rpm) and the mcollective + mcollective-common rpms
[2010/07/08 08:56:35] @ cwebber joined channel #puppet
[2010/07/08 08:56:36] <zahna> Volcane: is there a repo that contains the necessary rpms?
[2010/07/08 08:56:41] <Volcane> zahna: on machines that want to make requests to the collective, u need the mcollective-client and mcollective-common rpms
[2010/07/08 08:56:48] <Volcane> zahna: no
[2010/07/08 08:56:57] <zahna> Volcane: i might have to put one up
[2010/07/08 08:57:13] <Volcane> zahna: welcome to, I wouldnt recommend anyone depend on random 3rd party repos
[2010/07/08 08:57:33] <Volcane> so i dont host one :)
[2010/07/08 08:57:51] <zahna> Volcane: it would at least be somewhere someone could get the necessary rpms and not have to hunt them down
[2010/07/08 08:58:00] @ _lucid joined channel #puppet
[2010/07/08 08:58:11] <zahna> i hate hunting down rpms
[2010/07/08 08:58:16] <Volcane> zahna: http://www.marionette-collective.org/activemq/
[2010/07/08 08:58:39] <Volcane> the mc rpms are on the project download page
[2010/07/08 08:59:02] <zahna> tanukiwrapper? is that from super mario 3?
[2010/07/08 08:59:03] <Volcane> and mikepea (usually on this #) has a nice puppet module to deploy it all
[2010/07/08 08:59:14] <Volcane> no idea, its a thing to run java daemons
[2010/07/08 08:59:36] <zahna> oh! i've been looking for something to daemonize java!
[2010/07/08 09:00:52] <Volcane> zahna: anyway, check the intro screen cast at mcollective.blip.tv
[2010/07/08 09:00:58] @ Quit: jdcasey: Remote host closed the connection
[2010/07/08 09:01:01] <zahna> definitely
[2010/07/08 09:01:12] <Volcane> it isnt a 'run random commands' solution
[2010/07/08 09:01:21] @ achester joined channel #puppet
[2010/07/08 09:01:36] <zahna> i'm hoping it can do that, if i need it to.
[2010/07/08 09:01:54] <Volcane> you could no doubt write such an agent, i think its mostly a crap idea :)
[2010/07/08 09:02:01] <zahna> like, if i need to run a well tested sed on a file across N machines.
[2010/07/08 09:02:18] <Volcane> you could write a shell command agent
[2010/07/08 09:02:35] <Volcane> there's some caveats, agents have timeouts, if your random shell comands take too long they'll get killed off
[2010/07/08 09:02:42] <zahna> that sounds good for reversing things puppet does, when that's necessary
[2010/07/08 09:03:16] <Volcane> though, you can do funky things like:
[2010/07/08 09:03:20] <Volcane> mc-rpc puppetral do type=exec name="/bin/date > /tmp/date" user=root timeout=5
[2010/07/08 09:03:29] <Volcane> which will use puppet, make an exec resources and run it on the box
[2010/07/08 09:03:34] <Volcane> in isolation of the rest of puppet
[2010/07/08 09:03:37] <Volcane> like a one-off
[2010/07/08 09:03:44] <Volcane> anything puppet can do
[2010/07/08 09:04:00] <zahna> that's kind of cool
[2010/07/08 09:04:27] <zahna> a shell command agent sounds cooler though.
[2010/07/08 09:04:29] <Volcane> you just map the type out on the command line like you would in a manifest and it does it, its like ralsh
[2010/07/08 09:05:21] <zahna> i actually haven't used ralsh yet
[2010/07/08 09:07:05] <Volcane> ah. anyway, there's a channel #mcollective
[2010/07/08 09:07:16] <Volcane> its not really a puppet thing, puppet+fact functionality arrives through plugins
[2010/07/08 09:07:28] <Volcane> speaks to ohai too or just yaml files or whatever
[2010/07/08 09:07:37] <zahna> sweet
[2010/07/08 09:08:37] @ jmccune joined channel #puppet
[2010/07/08 09:09:58] @ Quit: static^: Quit: Leaving...
[2010/07/08 09:10:19] @ Quit: MattyM: Remote host closed the connection
[2010/07/08 09:12:49] @ Chiku joined channel #puppet
[2010/07/08 09:13:12] @ Chiku left channel #puppet ()
[2010/07/08 09:13:32] @ Quit: littleidea: Quit: littleidea
[2010/07/08 09:19:06] @ Quit: wilco: Remote host closed the connection
[2010/07/08 09:19:11] @ jdcasey joined channel #puppet
[2010/07/08 09:22:30] @ Quit: jdcasey: Remote host closed the connection
[2010/07/08 09:24:00] @ gniks joined channel #puppet
[2010/07/08 09:26:14] @ Quit: poison_: Remote host closed the connection
[2010/07/08 09:27:23] @ Quit: mfournier: Ping timeout: 260 seconds
[2010/07/08 09:28:51] @ littleidea joined channel #puppet
[2010/07/08 09:28:58] @ labrown joined channel #puppet
[2010/07/08 09:31:23] @ Quit: Olly_: Quit: This computer has gone to sleep
[2010/07/08 09:31:49] @ alcy joined channel #puppet
[2010/07/08 09:32:50] @ lak joined channel #puppet
[2010/07/08 09:33:52] @ Quit: jaredrhine: Quit: Leaving.
[2010/07/08 09:39:37] @ alcy left channel #puppet ()
[2010/07/08 09:39:38] @ Quit: jameswhite: Ping timeout: 265 seconds
[2010/07/08 09:42:54] @ toi joined channel #puppet
[2010/07/08 09:44:53] @ Quit: ckauhaus: Quit: Leaving.
[2010/07/08 09:47:31] @ sako joined channel #puppet
[2010/07/08 09:47:45] @ jameswhite joined channel #puppet
[2010/07/08 09:49:32] @ mclarke joined channel #puppet
[2010/07/08 09:51:43] @ Quit: p3rror: Ping timeout: 265 seconds
[2010/07/08 09:53:00] @ Quit: itguru: Ping timeout: 260 seconds
[2010/07/08 09:53:59] @ Quit: bug: Quit: bug
[2010/07/08 09:54:00] @ cwebber_ joined channel #puppet
[2010/07/08 09:55:45] @ Quit: rmayr: Ping timeout: 240 seconds
[2010/07/08 09:57:07] @ Quit: cwebber: Ping timeout: 276 seconds
[2010/07/08 09:57:58] @ cwebber joined channel #puppet
[2010/07/08 09:58:05] @ Quit: cwebber_: Read error: Connection reset by peer
[2010/07/08 10:00:35] @ Quit: Demosthenes: Quit: leaving
[2010/07/08 10:01:27] @ cwebber_ joined channel #puppet
[2010/07/08 10:02:35] @ Quit: cwebber: Read error: Connection reset by peer
[2010/07/08 10:02:35] @ cwebber_ is now known as cwebber
[2010/07/08 10:04:17] @ p3rror joined channel #puppet
[2010/07/08 10:05:28] @ markus joined channel #puppet
[2010/07/08 10:05:44] @ Quit: TREllis: Quit: leaving
[2010/07/08 10:08:33] @ Quit: lak: Quit: lak
[2010/07/08 10:11:06] @ Quit: cwebber: Quit: cwebber
[2010/07/08 10:11:07] @ Quit: gniks: Quit: Leaving.
[2010/07/08 10:12:37] @ rmiller4pi8 joined channel #puppet
[2010/07/08 10:12:57] @ poison joined channel #puppet
[2010/07/08 10:12:58] @ cwebber joined channel #puppet
[2010/07/08 10:13:45] @ Quit: gebi: Ping timeout: 240 seconds
[2010/07/08 10:14:57] @ mqr joined channel #puppet
[2010/07/08 10:15:04] @ Quit: cwebber: Client Quit
[2010/07/08 10:17:13] @ Quit: markus: Ping timeout: 240 seconds
[2010/07/08 10:17:22] @ Quit: racerx: Quit: Leaving
[2010/07/08 10:17:43] @ Quit: p3rror: Ping timeout: 276 seconds
[2010/07/08 10:19:05] @ Quit: mqr: Ping timeout: 240 seconds
[2010/07/08 10:20:30] @ jdcasey joined channel #puppet
[2010/07/08 10:22:22] @ Quit: poison: Remote host closed the connection
[2010/07/08 10:23:53] @ markus joined channel #puppet
[2010/07/08 10:23:53] @ Quit: fbe: Read error: Connection reset by peer
[2010/07/08 10:23:56] @ wilco joined channel #puppet
[2010/07/08 10:25:44] @ Quit: QMan: Read error: Connection reset by peer
[2010/07/08 10:25:52] @ Quit: marek: Quit: let's move it
[2010/07/08 10:26:04] @ QMan joined channel #puppet
[2010/07/08 10:27:33] @ fbe joined channel #puppet
[2010/07/08 10:27:53] @ Quit: docelic: Ping timeout: 240 seconds
[2010/07/08 10:29:00] @ Quit: alban2: Ping timeout: 260 seconds
[2010/07/08 10:29:47] @ gniks joined channel #puppet
[2010/07/08 10:35:17] @ Quit: jimmij: Ping timeout: 245 seconds
[2010/07/08 10:40:59] @ Quit: littleidea: Quit: littleidea
[2010/07/08 10:41:04] @ Quit: macfly: Quit: Leaving.
[2010/07/08 10:41:57] @ docelic joined channel #puppet
[2010/07/08 10:43:17] @ tecto joined channel #puppet
[2010/07/08 10:43:17] @ Quit: tecto: Changing host
[2010/07/08 10:43:17] @ tecto joined channel #puppet
[2010/07/08 10:46:08] @ bug joined channel #puppet
[2010/07/08 10:46:17] @ WALoeIII joined channel #puppet
[2010/07/08 10:47:00] <n3kl> Hello
[2010/07/08 10:47:29] @ Quit: lilnick: Quit: leaving
[2010/07/08 10:47:46] @ lilnick joined channel #puppet
[2010/07/08 10:49:14] <n3kl> My puppet structure is getting more complex and I am looking over the best practice guide for how I might make it a bit more manageable. I notice the services/ directory, but I am using standalone puppet, so will that directory be in my namespace, or do I have to include it somehow?
[2010/07/08 10:49:37] <jmccune> services directory?\
[2010/07/08 10:49:46] <n3kl> http://projects.puppetlabs.com/projects/puppet/wiki/Puppet_Best_Practice
[2010/07/08 10:49:55] <n3kl> Under File Hierarchy
[2010/07/08 10:52:46] @ maccam94 joined channel #puppet
[2010/07/08 10:52:52] @ marek joined channel #puppet
[2010/07/08 10:55:06] <maccam94> ok, I'm trying to set up a demo puppet environment. i've created a couple of cloud servers running ubuntu server 10.04 and I'm looking to set up puppet+passenger+dashboard
[2010/07/08 10:55:15] @ alxm joined channel #puppet
[2010/07/08 10:55:30] <alxm> puppet user group meeting on Tuesday? any info?
[2010/07/08 10:55:57] <maccam94> so far, i've installed puppetmaster and dashboard from the puppet repo, and tried configuring apache for passenger and puppet
[2010/07/08 10:56:16] <maccam94> however, the documentation seems incomplete/scattered/out of date
[2010/07/08 10:56:30] <n3kl> exactly why I am using standalone
[2010/07/08 10:56:44] <maccam94> i'm having trouble getting the puppet slave to talk to the puppet master
[2010/07/08 10:57:21] <maccam94> does anyone here have a similar configuration?
[2010/07/08 10:57:42] <maccam94> or know of a good how-to
[2010/07/08 10:59:18] <n3kl> I think thats all a bit of duct tae
[2010/07/08 11:00:10] <n3kl> Anyone know how I can see what directories puppet will look in for modules?
[2010/07/08 11:03:47] @ ceren joined channel #puppet
[2010/07/08 11:03:56] <Whoop> modulepath = ?
[2010/07/08 11:04:23] @ Quit: bearnard: Quit: This computer has gone to sleep
[2010/07/08 11:04:39] <n3kl> even for standalone? puppet.conf is not read I thought
[2010/07/08 11:05:22] @ Quit: Borges: Ping timeout: 276 seconds
[2010/07/08 11:10:55] <Phibs> anyone using latest foreman from dev?
[2010/07/08 11:10:59] <Phibs> its br0k3d :)
[2010/07/08 11:11:34] @ Borges joined channel #puppet
[2010/07/08 11:11:55] <Phibs> wtb ohadlevy
[2010/07/08 11:12:07] @ p3rror joined channel #puppet
[2010/07/08 11:13:00] <Phibs> http://pastebin.com/wJEpKm1h
[2010/07/08 11:13:01] <Phibs> yea dat
[2010/07/08 11:13:54] @ mfournier joined channel #puppet
[2010/07/08 11:15:04] <maccam94> very stupid question, where do i get/put config.rb for puppetmaster? documentroot?
[2010/07/08 11:15:07] <n3kl> Can someone tell me how to hunt down what module is spitting this out: Parameter require failed: No title provided and "openntpd" is not a valid resource reference
[2010/07/08 11:16:08] <maccam94> *config.ru
[2010/07/08 11:16:34] <jmccune> n3kl: ack, grep -r, or you could use my log_version report processor to get the file and line number that message is coming from.
[2010/07/08 11:17:09] <jmccune> n3kl: http://github.com/jeffmccune/puppet-demotools/blob/master/lib/puppet/reports/logversion.rb
[2010/07/08 11:19:06] @ macfly joined channel #puppet
[2010/07/08 11:19:09] <maccam94> er, apparently i don't need one o_O oy, this is so confusing
[2010/07/08 11:19:18] <n3kl> jmccune: sweet, thanks!
[2010/07/08 11:19:53] <n3kl> Ahh, I was doing require => ["openntpd"], not require => Package["...
[2010/07/08 11:22:39] <Phibs> nm I'm dumb.
[2010/07/08 11:22:54] <n3kl> What is this about:warning: require is a metaparam; this value will inherit to all contained resources
[2010/07/08 11:23:34] <jmccune> n3kl: what's the manifest look like?
[2010/07/08 11:24:46] @ Quit: alxm: Read error: Connection reset by peer
[2010/07/08 11:24:58] @ Phibs left channel #puppet ()
[2010/07/08 11:25:59] <maccam94> how do i configure puppet to use passenger? i've set SERVERTYPE=passenger in /etc/defaults/puppetmaster, but it still tries to run webrick
[2010/07/08 11:26:31] <jmccune> maccam94: Have you looked at http://projects.reductivelabs.com/projects/puppet/wiki/Using_Passenger ?
[2010/07/08 11:27:34] <maccam94> jmccune: yes, but there are a few problems with that page
[2010/07/08 11:27:35] @ bearnard joined channel #puppet
[2010/07/08 11:27:38] @ jimmij joined channel #puppet
[2010/07/08 11:28:41] <jmccune> maccam94: Which problems? I'm working on setting up a passenger master for puppet 2.6.0 right now and I'll help improve the documentation if things are tripping you up.
[2010/07/08 11:29:40] <maccam94> jmccune: woot, i can tell you all of the problems i'm having with the docs :-)
[2010/07/08 11:29:52] <mackn> i had no problems setting it up witht he docs heh
[2010/07/08 11:29:57] <jmccune> maccam94: Please do
[2010/07/08 11:30:01] <mackn> which OS are you doing this on
[2010/07/08 11:30:58] <maccam94> jmccune: i'm running ubuntu server 10.04
[2010/07/08 11:31:25] <maccam94> puppetmaster 0.25.4-2ubuntu6 from the puppet repo
[2010/07/08 11:32:17] <joe-mac> wow how many things can go wrong at once
[2010/07/08 11:32:40] <joe-mac> first puppet svn repo corrupt now for some reason all of a sudden puppetmasterd is bitching about \% in my nodes file, it's inm there for a cron job that uses date
[2010/07/08 11:32:46] <maccam94> jmccune: under configuring apache, /usr/share/doc/puppetmaster/examples/apache2.conf doesn't exist
[2010/07/08 11:34:29] <maccam94> jmccune: that's probably a packaging problem, because it exists on http://github.com/reductivelabs/puppet/blob/master/ext/rack/files/apache2.conf
[2010/07/08 11:40:18] <jmccune> maccam94: Yeah, sounds like it.
[2010/07/08 11:40:30] <maccam94> jmccune: anyway, so i used that file and i've got apache running.
[2010/07/08 11:40:36] <jmccune> Cool
[2010/07/08 11:41:19] <maccam94> ah looking back, i see there is info in the RHEL5 block that should be separate
[2010/07/08 11:41:59] <maccam94> jmccune: the last two lines under Configure Apache -> For RHEL 5 should be for all distros
[2010/07/08 11:43:06] <maccam94> actually make that the last 4 lines
[2010/07/08 11:43:20] <maccam94> i don't have that directory or the config.ru file
[2010/07/08 11:43:29] <maccam94> (might be a packaging issue again)
[2010/07/08 11:43:45] @ Quit: reyjrar: Ping timeout: 240 seconds
[2010/07/08 11:44:05] <maccam94> second to last line won't work anyway though, since there is no config.ru in the working directory
[2010/07/08 11:44:51] <maccam94> er....
[2010/07/08 11:45:00] @ gebi joined channel #puppet
[2010/07/08 11:45:51] <jmccune> maccam94: Gotcha. I actually don't have ubuntu in front of me at the moment.
[2010/07/08 11:45:57] <jmccune> I'm setting this stuff up on EL5
[2010/07/08 11:46:09] <jmccune> If you don't mind, it's a wiki so please feel free to edit it.
[2010/07/08 11:46:23] <jmccune> If you can't, I'll try and make the time today.
[2010/07/08 11:47:21] <maccam94> jmccune: well i'm a total noob to puppet, i haven't been able to get it working yet
[2010/07/08 11:48:06] @ mqr joined channel #puppet
[2010/07/08 11:48:49] <maccam94> i was looking and the apache config looks for DocumentRoot /etc/puppet/rack/public/, but the RHEL5 section makes a directory in /usr/share/puppet/ (so the ubuntu section needs that section tweaked to fit it)
[2010/07/08 11:51:19] @ Quit: markus: Ping timeout: 276 seconds
[2010/07/08 11:51:19] @ mqr is now known as markus
[2010/07/08 11:51:50] @ ezmobius joined channel #puppet
[2010/07/08 11:52:27] <maccam94> jmccune: my main problem right now seems to be that when I try to start puppetmasterd, it brings up webrick, even though I have apache configured and i specified SERVERTYPE=passenger in /etc/defaults/puppetmaster
[2010/07/08 11:53:00] <maccam94> i don't even know if that is the right value to assign to that variable, since the comments only mention webrick and mongrel
[2010/07/08 11:55:06] <Volcane> maccam94: if you're running under passenger you dont need to start puppetmasterd
[2010/07/08 11:55:15] <Volcane> maccam94: passenger takes care of all that
[2010/07/08 11:56:06] <maccam94> Volcane: ok thanks, that wasn't clear. do I need a config.ru with this apache config? http://github.com/reductivelabs/puppet/blob/0.25.x/ext/rack/files/apache2.conf
[2010/07/08 11:57:11] <jmccune> maccam94: You shouldn't start puppmasterd as Volcane mentioned
[2010/07/08 11:57:13] <Volcane> yeah you prety much always need a config.ru with passenger
[2010/07/08 11:57:37] <jmccune> maccam94: config.ru will have an ARGV variable that must have at least "--rack" passed to it.
[2010/07/08 11:57:51] <maccam94> ok, for dashboard apparently if you comment out the AutodetectOff statements, you don't need a config.ru o_O
[2010/07/08 11:58:16] <jmccune> maccam94: config.ru is the rack configuration file. Passenger uses rack as an interface to web applications that support rack
[2010/07/08 12:00:11] @ diranged joined channel #puppet
[2010/07/08 12:00:16] @ Quit: bearnard: Quit: This computer has gone to sleep
[2010/07/08 12:00:24] <maccam94> ok finally got it to show the connection
[2010/07/08 12:00:38] <diranged> im trying to add a 2nd puppet server to service our remote datacenter.. up until now all the remote datacenter nodes have come over the wan link into our primary DC. when i try to connect a remote node to the new puppet server, i get a certificate error..
[2010/07/08 12:01:02] <diranged> "err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of resource: certificate verify failed Could not retrieve file metadata for puppet://host/plugins: certificate verify failed"
[2010/07/08 12:01:34] <diranged> we have ALOT of hosts in this remote datacenter.. what can i do to help make these hosts automatically connect to the new puppet server without a certicicate issue? we already use auto-signing for new clients..
[2010/07/08 12:03:27] <Volcane> diranged: your masters all either have to have the same name or the certs need to have certdnsnames for all of your masters hostnames
[2010/07/08 12:03:50] <Volcane> diranged: and you either need to make a cascaded set of CA's all from a master root CA or just copy the same ca everywhere
[2010/07/08 12:04:12] <zahna> Volcane: how many users do you handle via puppet before you consider ldap?
[2010/07/08 12:04:38] <Volcane> zahna: shrug its almost always customer demand driven, I never consider ldap a solution for anything :P
[2010/07/08 12:07:40] <maccam94> jmccune: the main thing that fouled me up was the apache configuration section. The puppetmaster package from the puppet repo doesn't contain config.ru or apache2.conf, /etc/puppet/rack and /etc/puppet/rack/public don't exist, and config.ru is not put in /etc/puppet/rack/
[2010/07/08 12:09:17] <Volcane> maccam94: those packages are for redhat, redhat doesnt have passenger. you need to get the needed files and set the needed bits up for your environment
[2010/07/08 12:09:28] <tobert> diranged, I'm working on the same thing and am going with the cascaded CA route
[2010/07/08 12:10:03] <tobert> maccam94, passenger builds fine on EL5 btw - I just built it into /opt/passenger and load it into apache from there
[2010/07/08 12:10:04] <maccam94> Volcane: i'm not using redhat packages. I'm using apt.puppetlabs.com
[2010/07/08 12:10:19] <Volcane> ah sorry thought you were talking about the rpms
[2010/07/08 12:10:55] <maccam94> i'm using ubuntu 10.04, and the packages from the puppetlabs apt repo have the problems i listed above
[2010/07/08 12:12:01] @ HouseAway is now known as AimanA
[2010/07/08 12:12:44] <jmccune> maccam94: Yeah, those are all in the "ext" directory of the source.
[2010/07/08 12:12:57] @ Quit: kolla: Remote host closed the connection
[2010/07/08 12:13:20] <jmccune> maccam94: I'll modify the wiki to make it more explicit these resources may not be packaged by the OS vendors.
[2010/07/08 12:13:21] <diranged> hmm
[2010/07/08 12:13:41] <maccam94> jmccune: it never tells you where to put the config.ru file, so that part was confusing. it just says it's out there
[2010/07/08 12:13:49] <diranged> ok so if i have sdc01ppt1 as the main puppet host right now.. i need to take its CA and put it on vdc01ppt01..
[2010/07/08 12:13:59] <diranged> do i then need to re-generate the vdc01ppt01 certificate?
[2010/07/08 12:15:58] @ jaredrhine joined channel #puppet
[2010/07/08 12:22:01] <diranged> ugh ok furthermore.. and this scares me.. if i want to replace the certs completely and start with fresh ones. what kind of work am i looking at?
[2010/07/08 12:24:08] <Volcane> loads, you might potentially ahve to redo all your nodes
[2010/07/08 12:24:25] <Volcane> though you might just need to redo the 2 masters depending on what you do
[2010/07/08 12:24:39] <Volcane> (redo as in resign their certs)
[2010/07/08 12:26:00] <diranged> ok well i have a workaround for now by using the current CA.. ugly.. but whatever
[2010/07/08 12:26:06] @ glaw joined channel #puppet
[2010/07/08 12:26:22] <diranged> mye new puppet server is throwing errors though..not sure what this is
[2010/07/08 12:26:40] <diranged> im pretty sure they go away if i switch away from passenger and go directly to puppetmasterd
[2010/07/08 12:26:49] <diranged> http://www.pastie.org/1036444
[2010/07/08 12:27:35] <diranged> yep.. error goes away with puppetmasterd instead of passenger+apache
[2010/07/08 12:28:11] @ glaw left channel #puppet ()
[2010/07/08 12:28:33] @ reyjrar joined channel #puppet
[2010/07/08 12:29:11] @ danbeck joined channel #puppet
[2010/07/08 12:36:53] @ Quit: Borges: Ping timeout: 265 seconds
[2010/07/08 12:37:21] @ Quit: diranged: Ping timeout: 240 seconds
[2010/07/08 12:46:15] @ kolla joined channel #puppet
[2010/07/08 12:47:44] @ thrain][ left channel #puppet ()
[2010/07/08 12:48:27] @ itguru joined channel #puppet
[2010/07/08 12:48:28] @ Quit: itguru: Changing host
[2010/07/08 12:48:28] @ itguru joined channel #puppet
[2010/07/08 12:49:45] @ morpheus joined channel #puppet
[2010/07/08 12:51:45] @ Quit: shine: Ping timeout: 240 seconds
[2010/07/08 12:52:19] @ littleidea joined channel #puppet
[2010/07/08 12:52:36] @ iamchrisf joined channel #puppet
[2010/07/08 12:53:26] @ OpenMedia joined channel #puppet
[2010/07/08 12:53:51] <iamchrisf> all, I'm having the dreaded "err: Could not retrieve catalog from remote server: certificate verify failed" issue, but I have a certain use case that could be causing it. Would like to know what I might be doing wrong.
[2010/07/08 12:54:04] <iamchrisf> The server is runing puppetmaster
[2010/07/08 12:54:15] <iamchrisf> and is my "staging" puppetmaster.
[2010/07/08 12:54:28] <iamchrisf> When I run puppetd it's connecting to the production puppetmaster
[2010/07/08 12:54:51] <iamchrisf> now if I clear out /var/lib/ssl and stop puppetmaster then run puppetd --test it works fine
[2010/07/08 12:55:03] <iamchrisf> but when I try to run puppetmaster that fails
[2010/07/08 12:55:13] <iamchrisf> it seems I can't have both running at the same time
[2010/07/08 12:55:52] @ Borges joined channel #puppet
[2010/07/08 12:56:57] <iamchrisf> When I run puppetmaster after a successful puppetd run I get the following error:
[2010/07/08 12:56:59] <iamchrisf> Could not prepare for execution: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key
[2010/07/08 13:00:50] @ Quit: [GuS]: Remote host closed the connection
[2010/07/08 13:01:14] @ Quit: itguru: Read error: Connection reset by peer
[2010/07/08 13:03:47] @ shine joined channel #puppet
[2010/07/08 13:03:48] <eric0> are you frequently going to have clients that switch back and forth between them?
[2010/07/08 13:07:40] @ plathrop-away is now known as plathrop
[2010/07/08 13:07:50] @ plathrop is now known as plathrop-away
[2010/07/08 13:08:30] @ plathrop-away is now known as plathrop
[2010/07/08 13:08:46] <shenson\|lappy> iamchrisf: so the staging puppetmaster uses the production puppetmaster for its configuraitons?
[2010/07/08 13:09:02] <iamchrisf> correct
[2010/07/08 13:09:19] <iamchrisf> no all clients are either staging servers or production servers.
[2010/07/08 13:10:09] <shenson\|lappy> but none of the clients connect to both, correct?
[2010/07/08 13:11:20] @ plathrop is now known as plathrop-away
[2010/07/08 13:13:47] <iamchrisf> correct
[2010/07/08 13:14:43] <iamchrisf> stg-puppetmaster connects to prod-puppetmaster for its configuration. when that works puppetmaster doesn't and vice versa.
[2010/07/08 13:15:17] <iamchrisf> It's obviously due to CA and certs but I'm not too familiar with internals and unfortunately error messages do not provide much info.
[2010/07/08 13:15:21] <eric0> the problem you're seeing is that the puppetmaster is trying to send down a certificate which matches a private key that you blew away when you. so to really get rid of it you need to go to puppetmaster and 'puppetca --revoke hostname.me.com' and rm $ssldir/ca/signed/hostname.me.com.pem
[2010/07/08 13:15:25] <shenson\|lappy> so are you copying in the ssl dir? or recreating it everytime?
[2010/07/08 13:15:45] <eric0> ^you blew away when you rm'ed /var/lib/puppet/ssl on the client
[2010/07/08 13:15:46] <iamchrisf> blowing away all files in ssl dire
[2010/07/08 13:16:41] <Volcane> probably worth just setting a certname on the master so the puppetd and the puppetmasterd have different certs
[2010/07/08 13:16:52] <iamchrisf> ok so currently puppetd works and puppetmaster does not. the prod puppetmaster has an entry for the stg puppetmaster.
[2010/07/08 13:17:19] <shenson\|lappy> so have you tried, stopping puppetmaster and puppetd on stage, clean the cert of the puppetmaster-stage from puppetmaster-prod, then run puppetd --test on stage, then start puppetmaster, then try a stage client
[2010/07/08 13:18:18] <iamchrisf> that's what I did and I get this: Could not prepare for execution: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key
[2010/07/08 13:18:24] <iamchrisf> when trying to start puppetmaster
[2010/07/08 13:19:28] <Volcane> your puppetd will use fqdn for the certificate and puppetmaster will use whatever you set
[2010/07/08 13:19:32] <Volcane> gotta be different
[2010/07/08 13:19:41] <Volcane> then the puppetd will be signed by your prod master
[2010/07/08 13:19:53] <Volcane> and the master will use its own certs/ca to serve clients
[2010/07/08 13:22:20] @ JackEStorm joined channel #puppet
[2010/07/08 13:23:52] @ Quit: JackStorm: Ping timeout: 248 seconds
[2010/07/08 13:24:21] <iamchrisf> here is the output and my custom configs
[2010/07/08 13:24:22] <iamchrisf> http://pastie.org/1036547
[2010/07/08 13:25:08] <iamchrisf> Volcane: probably a misconfiguration with my fqdn and certdnsnames then?
[2010/07/08 13:25:40] <Volcane> you're not setting certname like i said
[2010/07/08 13:26:02] <iamchrisf> where would I set that?
[2010/07/08 13:29:44] @ Quit: p3rror: Ping timeout: 248 seconds
[2010/07/08 13:30:07] <iamchrisf> it should use the fqdn of nms.aws as default.
[2010/07/08 13:30:15] @ Quit: juniper: Ping timeout: 240 seconds
[2010/07/08 13:31:10] @ Quit: mclarke: Read error: Connection reset by peer
[2010/07/08 13:31:29] <tobert> hmm I'm writing docs for setting up a manual CA with subordinates for work ... is that area lacking on the puppet wiki? I didn't see much myself on how to actually go about it so I'm winging it
[2010/07/08 13:31:30] @ mclarke joined channel #puppet
[2010/07/08 13:31:41] <iamchrisf> puppetd works fine on stg pm -> prod pm. But when I try to start puppetmaster all hell breaks loose. Unsure how setting certname under [puppetmasterd] will fix it?
[2010/07/08 13:31:50] @ juniper joined channel #puppet
[2010/07/08 13:34:19] <Volcane> oh well, i tried.
[2010/07/08 13:36:42] @ Quit: reyjrar: Quit: Leaving.
[2010/07/08 13:37:13] @ Quit: juniper: Ping timeout: 240 seconds
[2010/07/08 13:39:00] @ rasputnik joined channel #puppet
[2010/07/08 13:40:03] <iamchrisf> Volcane: I'm not setting the certname because it's identical to the name on the prod puppetmaster. Do you have a recommendation on what I should set it to. Set it to the default, but obviously that failed with same error.
[2010/07/08 13:40:36] <iamchrisf> by identical i mean fqdn is nms.aws and the cert stored on prod puppetmaster is nms.aws
[2010/07/08 13:42:42] @ p3rror joined channel #puppet
[2010/07/08 13:43:26] @ nwmcsween_ joined channel #puppet
[2010/07/08 13:44:24] @ Quit: g0nz0\|Boston: Ping timeout: 240 seconds
[2010/07/08 13:46:47] @ g0nz0\|Boston joined channel #puppet
[2010/07/08 13:47:10] <sejo> tim\|mac: the docs don't even show the onlyif
[2010/07/08 13:47:21] <sejo> at least not this one http://projects.puppetlabs.com/projects/puppet/wiki/Puppet_Augeas
[2010/07/08 13:51:09] @ juniper joined channel #puppet
[2010/07/08 13:51:20] @ ribo left channel #puppet ()
[2010/07/08 13:51:34] @ Quit: p3rror: Ping timeout: 252 seconds
[2010/07/08 13:51:48] @ Phibs joined channel #puppet
[2010/07/08 13:52:39] <Volcane> sejo: you didnt click on the full documenttion on the type reference link in that wiki page
[2010/07/08 13:52:58] @ Quit: kolla: Remote host closed the connection
[2010/07/08 13:55:35] @ diranged joined channel #puppet
[2010/07/08 13:56:27] @ poison joined channel #puppet
[2010/07/08 13:58:53] @ maccam94 left channel #puppet ("Leaving.")
[2010/07/08 14:00:35] @ kolla joined channel #puppet
[2010/07/08 14:00:48] @ Quit: lkoranda: Quit: Ex-Chat
[2010/07/08 14:02:42] @ Quit: labrown: Quit: Leaving
[2010/07/08 14:02:42] @ MaxBube joined channel #puppet
[2010/07/08 14:04:57] @ Quit: mattock: Ping timeout: 240 seconds
[2010/07/08 14:05:23] @ p3rror joined channel #puppet
[2010/07/08 14:06:00] @ Quit: jimmij: Ping timeout: 260 seconds
[2010/07/08 14:06:20] @ Quit: _lucid: Ping timeout: 252 seconds
[2010/07/08 14:08:41] @ rasputnik left channel #puppet ()
[2010/07/08 14:11:26] @ fredden joined channel #puppet
[2010/07/08 14:11:51] @ Quit: allsystemsarego: Quit: Leaving
[2010/07/08 14:12:25] @ Quit: LinuxCode: Quit: Connection Closed
[2010/07/08 14:13:29] @ Quit: poison: Remote host closed the connection
[2010/07/08 14:13:48] @ Quit: kolla: Ping timeout: 260 seconds
[2010/07/08 14:16:31] @ Quit: jdcasey: Remote host closed the connection
[2010/07/08 14:17:22] @ Quit: mclarke: Read error: Connection reset by peer
[2010/07/08 14:17:40] @ mclarke joined channel #puppet
[2010/07/08 14:18:34] @ mikey_p joined channel #puppet
[2010/07/08 14:20:59] <mikey_p> if you are keeping all your puppet related stuff in version control what directory do you typically use as the root? just /etc/puppet/manifests?
[2010/07/08 14:21:28] <mackn> i svn all of /etc/puppet
[2010/07/08 14:21:30] <Volcane> thats what i use
[2010/07/08 14:21:47] <mackn> i also set my templates to that directory
[2010/07/08 14:21:50] <Volcane> the rest of the master is managed by puppetd
[2010/07/08 14:28:37] @ Quit: spawnyd: Quit: leaving
[2010/07/08 14:29:23] <MPSimmons> Hey Volcane, do you use puppet to manage your root passwords, or mcollective?
[2010/07/08 14:29:47] <Volcane> erm, not sure i manage it with puppet let me check
[2010/07/08 14:30:01] <Volcane> yeah otherways
[2010/07/08 14:30:08] <Volcane> kickstart etc sets a default
[2010/07/08 14:30:21] <Volcane> then i login first time round to bootstrap the machine, set appropriate password etc
[2010/07/08 14:30:22] <zahna> sdffds:wqsdf/win 12
[2010/07/08 14:30:25] <zahna> oops
[2010/07/08 14:30:34] <MPSimmons> I see nothing
[2010/07/08 14:30:35] <Volcane> machines each have a unique password, would be a pain with puppet
[2010/07/08 14:30:36] <MPSimmons> ;-)
[2010/07/08 14:30:43] * mackn averts his eyes
[2010/07/08 14:31:19] <Volcane> i dont seem to have any passwords in puppet
[2010/07/08 14:31:31] <MPSimmons> that's interesting...so do you use an algorithm to generate the root passwords?
[2010/07/08 14:31:43] <MPSimmons> I'm just wondering what the best way to do a semiannual password rotation would be
[2010/07/08 14:31:54] <MPSimmons> or as needed, of course
[2010/07/08 14:32:00] <MPSimmons> and I'm hoping that puppet can help with that
[2010/07/08 14:32:04] <Volcane> yeah, its a pain all round :)
[2010/07/08 14:32:12] <Volcane> if you have it all the same, puppet sure can make it easy
[2010/07/08 14:32:24] <MPSimmons> we have general "classes" of root password
[2010/07/08 14:32:27] <Volcane> if you go mad with custom ones per box you need a better way
[2010/07/08 14:32:48] <MPSimmons> because if someone needs root access on a machine of a certain type, say, an operations machine, then they probably need access to all of those machines
[2010/07/08 14:32:57] <MPSimmons> ah.
[2010/07/08 14:32:58] <Volcane> yeah
[2010/07/08 14:33:05] <mackn> ssh-keys! heh
[2010/07/08 14:33:22] <mackn> no one uses krb anymore? :)
[2010/07/08 14:33:23] <MPSimmons> mackn: Yeah, but I still need to be able to repair the box from console, if necessary
[2010/07/08 14:33:24] <Volcane> well, if i had to do them custom it would be based on per client or something - a fact more or less - and I'd look it up with extlookup so i can manage it that way
[2010/07/08 14:33:49] <mackn> i mean for those one off people who need root access.. they can use keys
[2010/07/08 14:34:03] <MPSimmons> That's an interesting idea
[2010/07/08 14:34:29] <MPSimmons> they'd only need access remotely and during normal operating procedures
[2010/07/08 14:34:36] <Volcane> keys then
[2010/07/08 14:34:41] <MPSimmons> hrm...
[2010/07/08 14:34:47] <mackn> i'm not a fan of distributing passwords to people who i hope would forget them when they no longer need the access blink
[2010/07/08 14:35:00] @ Quit: diranged: Quit: This computer has gone to sleep
[2010/07/08 14:35:01] <MPSimmons> I still want to manage the root passwords with puppet, though...
[2010/07/08 14:35:18] <MPSimmons> just because if an admin (like me) leaves, we need to be able to change them all over
[2010/07/08 14:35:34] <mackn> we use puppet to manage passwds
[2010/07/08 14:35:42] <Volcane> yeah, I'd set it with puppet then
[2010/07/08 14:35:47] <mackn> we use the same passwd for all the different classes of hosts so
[2010/07/08 14:36:26] <mackn> we use a parameter set in external nodes to decide which password the host gets
[2010/07/08 14:37:28] @ Quit: shenson\|lappy: Quit: WeeChat 0.3.2
[2010/07/08 14:37:51] <mackn> and use virtual resources for the keys to decide which hosts the user gets access to
[2010/07/08 14:38:19] @ Quit: p3rror: Ping timeout: 252 seconds
[2010/07/08 14:38:49] <mackn> i just wish there was a 'purge' for the keys file :)
[2010/07/08 14:38:54] <Volcane> +1
[2010/07/08 14:39:02] <mackn> some day...
[2010/07/08 14:39:04] <Volcane> thats why i manage whole files for them
[2010/07/08 14:39:06] <Volcane> :(
[2010/07/08 14:39:09] <mackn> yeah
[2010/07/08 14:39:15] <mackn> i'm on the fence with that..
[2010/07/08 14:39:26] <mackn> since it undoes the whole virtual resource bit
[2010/07/08 14:39:36] <mackn> but i guess i can use concat ;)
[2010/07/08 14:39:38] <Volcane> rather that than not know what keys are out there
[2010/07/08 14:39:43] <mackn> yeah
[2010/07/08 14:43:04] @ Quit: tecto: Quit: tecto
[2010/07/08 14:43:52] @ Quit: morpheus: Quit: Leaving
[2010/07/08 14:47:19] @ Quit: MPSimmons: Quit: Leaving.
[2010/07/08 14:48:19] @ poison joined channel #puppet
[2010/07/08 14:48:27] @ kolla joined channel #puppet
[2010/07/08 14:49:20] @ Quit: SpacePope: Ping timeout: 260 seconds
[2010/07/08 14:50:04] @ p3rror joined channel #puppet
[2010/07/08 14:52:23] @ Quit: poison: Remote host closed the connection
[2010/07/08 14:56:07] @ Quit: bobbyz: Ping timeout: 245 seconds
[2010/07/08 14:56:09] @ Quit: gebi: Ping timeout: 240 seconds
[2010/07/08 15:03:50] @ Quit: bug: Quit: bug
[2010/07/08 15:07:48] @ blahdeblah joined channel #puppet
[2010/07/08 15:12:18] @ Quit: iamchrisf: Quit: iamchrisf
[2010/07/08 15:14:06] @ Quit: ecapriolo: Quit: KVIrc Insomnia 4.0.0, revision: 4030, sources date: 20100125, built on: 2010-02-25 23:12:54 UTC http://www.kvirc.net/
[2010/07/08 15:16:05] @ Quit: Borges: Quit: leaving
[2010/07/08 15:20:59] @ Quit: MaxBube: Quit: Ex-Chat
[2010/07/08 15:22:07] @ poison joined channel #puppet
[2010/07/08 15:24:13] @ rodnet joined channel #puppet
[2010/07/08 15:24:31] @ bobbyz joined channel #puppet
[2010/07/08 15:25:21] @ Quit: p3rror: Read error: Operation timed out
[2010/07/08 15:25:22] @ Quit: poison: Remote host closed the connection
[2010/07/08 15:28:03] @ Quit: danbeck: Quit: danbeck
[2010/07/08 15:31:56] @ Quit: kaptk2: Quit: Leaving.
[2010/07/08 15:33:51] <eric0> what is the state of fact syncing in 0.25.5? i thought the plugins pseudo-mount was deprecated and it's all supposed to be in modules (and therefore doesnt need pluginsync=true anymore) but my clients are still looking for puppet://puppet/plugins
[2010/07/08 15:35:12] @ zorzar_ joined channel #puppet
[2010/07/08 15:35:40] <eric0> docs:plugins in modules kind of goes back and forth between old and new
[2010/07/08 15:36:32] <Volcane> yeah plugins maps to <all modules>/lib now
[2010/07/08 15:36:32] @ Quit: bobbyz: Read error: Operation timed out
[2010/07/08 15:36:51] <Volcane> pluginsync is the current way
[2010/07/08 15:36:56] <Volcane> factsync is deprecated
[2010/07/08 15:37:31] @ Quit: f3ew: Remote host closed the connection
[2010/07/08 15:37:45] @ Quit: zorzar: Ping timeout: 240 seconds
[2010/07/08 15:38:43] @ Quit: gmcquillan: Quit: gmcquillan
[2010/07/08 15:40:57] @ p3rror joined channel #puppet
[2010/07/08 15:41:58] @ Quit: nexx: Quit: quit
[2010/07/08 15:42:18] @ Quit: brothers: Disconnected by services
[2010/07/08 15:46:05] @ lak joined channel #puppet
[2010/07/08 15:46:12] @ Quit: ezmobius: Remote host closed the connection
[2010/07/08 15:46:28] @ Quit: lak: Client Quit
[2010/07/08 15:46:38] @ diranged joined channel #puppet
[2010/07/08 15:48:47] @ Quit: p3rror: Read error: Operation timed out
[2010/07/08 15:50:08] <diranged> ok.. so im not sure why my passenger+puppet+apache install isnt working right. Running puppetmasterd manually works fine, but using passenger I get this when a node connects: http://www.pastie.org/1036793
[2010/07/08 15:57:24] @ Quit: jab_doa: Quit: Verlassend
[2010/07/08 16:01:32] @ Quit: sebas891: Quit: Leaving.
[2010/07/08 16:02:37] @ gebi joined channel #puppet
[2010/07/08 16:03:37] <mikey_p> i may be missing something, but if i'm using the ubuntu package for puppet, where should one configure the address of the master server?
[2010/07/08 16:03:44] @ bug joined channel #puppet
[2010/07/08 16:03:53] <bhearsum> probably /etc/default/puppet
[2010/07/08 16:04:01] <bhearsum> or /etc/puppet/puppet.conf
[2010/07/08 16:04:27] @ poison joined channel #puppet
[2010/07/08 16:05:53] <mikey_p> hrm, neither of those look right (although they may be)
[2010/07/08 16:06:14] <Volcane> mikey_p: you really should just arrange it so the name 'puppet' resolves to your master
[2010/07/08 16:06:31] <Volcane> mikey_p: things will be much easier if you just do that
[2010/07/08 16:06:43] <mikey_p> Volcane: ahh, that makes sense
[2010/07/08 16:07:04] @ Quit: diranged: Ping timeout: 248 seconds
[2010/07/08 16:07:06] <Volcane> mikey_p: changing the server name involves all sorts of ssl trickery and changing settnigs everywhere etc
[2010/07/08 16:07:08] <mikey_p> what's the recommended way of handling that other than stick it's IP in /etc/hosts?
[2010/07/08 16:07:20] <Volcane> dns, and search order
[2010/07/08 16:07:35] @ p3rror joined channel #puppet
[2010/07/08 16:10:23] <mikey_p> is there any documentation on this?
[2010/07/08 16:10:36] <Volcane> on how to configure dns?
[2010/07/08 16:10:39] <mikey_p> or at least getting nodes up and running?
[2010/07/08 16:11:11] <Volcane> there's getting started guides on the puppetlabs docs site
[2010/07/08 16:11:21] <mikey_p> i guess this: http://docs.puppetlabs.com/guides/configuring.html
[2010/07/08 16:12:35] @ Quit: markus: Ping timeout: 260 seconds
[2010/07/08 16:14:27] @ Quit: blahdeblah: Ping timeout: 245 seconds
[2010/07/08 16:16:27] @ glaw joined channel #puppet
[2010/07/08 16:16:49] <Volcane> glaw: first twitter now irc? wtf :)
[2010/07/08 16:17:14] <glaw> :)
[2010/07/08 16:17:21] <glaw> yeah back online properly
[2010/07/08 16:18:51] <glaw> might even start reading email again
[2010/07/08 16:18:57] <Volcane> hehe
[2010/07/08 16:25:28] @ Quit: bug: Quit: bug
[2010/07/08 16:30:53] @ rmayr joined channel #puppet
[2010/07/08 16:32:15] @ glaw left channel #puppet ()
[2010/07/08 16:35:55] @ Quit: mfournier: Ping timeout: 260 seconds
[2010/07/08 16:36:19] @ bug joined channel #puppet
[2010/07/08 16:40:33] @ M- joined channel #puppet
[2010/07/08 16:40:58] <tobert> hmm anybody seen this before (passenger)? Puppet Server (Rack): Internal Server Error: Unhandled Exception: "undefined method `ip' for #<Rack::Request:0x2aaaac98f220>"
[2010/07/08 16:43:52] @ Quit: rmayr: Ping timeout: 248 seconds
[2010/07/08 16:46:14] @ jimmij joined channel #puppet
[2010/07/08 16:54:38] @ SpacePope joined channel #puppet
[2010/07/08 16:55:58] @ Quit: chadh: Read error: Operation timed out
[2010/07/08 16:58:15] @ chadh joined channel #puppet
[2010/07/08 17:00:32] @ Quit: p3rror: Read error: Operation timed out
[2010/07/08 17:08:04] @ Quit: sako: Ping timeout: 240 seconds
[2010/07/08 17:14:42] @ p3rror joined channel #puppet
[2010/07/08 17:18:37] @ Quit: gniks: Quit: Leaving.
[2010/07/08 17:27:32] @ mgisbers joined channel #puppet
[2010/07/08 17:28:37] @ Quit: cliff-hm: Ping timeout: 245 seconds
[2010/07/08 17:30:48] @ Quit: tim\|mac: Quit: Coyote finally caught me
[2010/07/08 17:31:16] @ cliff-hm joined channel #puppet
[2010/07/08 17:33:39] @ Quit: lilnick: Ping timeout: 265 seconds
[2010/07/08 17:34:32] @ Quit: Bevo: Remote host closed the connection
[2010/07/08 17:35:14] @ lilnick joined channel #puppet
[2010/07/08 17:36:56] @ tim\|mac joined channel #puppet
[2010/07/08 17:40:00] @ gniks joined channel #puppet
[2010/07/08 17:40:18] @ blahdeblah joined channel #puppet
[2010/07/08 17:41:27] @ Wandrewvious joined channel #puppet
[2010/07/08 17:41:27] @ Quit: Wandrewvious: Client Quit
[2010/07/08 17:42:24] @ Quit: blahdeblah: Remote host closed the connection
[2010/07/08 17:43:03] @ Quit: jaredrhine: Quit: Leaving.
[2010/07/08 17:43:50] @ markus joined channel #puppet
[2010/07/08 17:44:52] @ Quit: hephaestus: Ping timeout: 245 seconds
[2010/07/08 17:45:11] @ Quit: rodnet: Quit: rodnet
[2010/07/08 17:45:21] @ Quit: WALoeIII: Ping timeout: 240 seconds
[2010/07/08 17:45:52] @ Quit: AimanA: Remote host closed the connection
[2010/07/08 17:46:06] @ hephaestus joined channel #puppet
[2010/07/08 17:46:47] @ littleidea_ joined channel #puppet
[2010/07/08 17:47:44] @ Djelibeybi joined channel #puppet
[2010/07/08 17:48:08] <Djelibeybi> jamesturnbull: updated blog post sent upstream. Now includes screenshots! :)
[2010/07/08 17:51:03] @ Quit: littleidea: Ping timeout: 265 seconds
[2010/07/08 17:55:13] @ Quit: hephaestus: Ping timeout: 240 seconds
[2010/07/08 17:55:13] @ Quit: gebi: Ping timeout: 264 seconds
[2010/07/08 17:55:18] @ Quit: ReinH: Quit: leaving
[2010/07/08 17:55:26] @ gebi joined channel #puppet
[2010/07/08 17:55:32] @ hephaestus joined channel #puppet
[2010/07/08 17:58:55] @ Quit: markus: Quit: markus
[2010/07/08 18:03:43] @ Quit: tanto: Read error: Operation timed out
[2010/07/08 18:05:38] @ markus joined channel #puppet
[2010/07/08 18:05:45] @ Quit: Djelibeybi: Quit: Leaving
[2010/07/08 18:06:00] @ Quit: cliff-hm: Ping timeout: 248 seconds
[2010/07/08 18:08:38] @ Djelibeybi joined channel #puppet
[2010/07/08 18:10:17] @ pgrous joined channel #puppet
[2010/07/08 18:10:34] @ Quit: Djelibeybi: Client Quit
[2010/07/08 18:12:20] @ Quit: jmccune: Ping timeout: 260 seconds
[2010/07/08 18:14:37] @ brd joined channel #puppet
[2010/07/08 18:20:38] @ FOCer joined channel #puppet
[2010/07/08 18:22:09] @ Djelibeybi joined channel #puppet
[2010/07/08 18:28:26] @ Quit: pgrous: Read error: Connection reset by peer
[2010/07/08 18:29:03] @ pgrous__ joined channel #puppet
[2010/07/08 18:30:36] @ Quit: tonyskapunk: Quit: ERC Version 5.3 (IRC client for Emacs)
[2010/07/08 18:52:35] @ Quit: notbrien: Quit: notbrien
[2010/07/08 18:54:49] @ Quit: Djelibeybi: Quit: Leaving
[2010/07/08 19:00:48] @ Quit: markus: Quit: markus
[2010/07/08 19:05:22] @ Quit: QuackNL: .net .split
[2010/07/08 19:11:11] @ QuackNL joined channel #puppet
[2010/07/08 19:16:33] <hMz> any talks on prioritized notifies?
[2010/07/08 19:17:59] @ Quit: ahasenack: Quit: Leaving
[2010/07/08 19:20:20] @ Quit: mclarke: Quit: mclarke
[2010/07/08 19:24:54] @ Quit: kolla: Remote host closed the connection
[2010/07/08 19:34:57] @ Quit: hephaestus: Ping timeout: 252 seconds
[2010/07/08 19:35:48] @ Quit: ceren: Quit: ceren
[2010/07/08 19:36:49] @ hephaestus joined channel #puppet
[2010/07/08 19:37:19] @ WALoeIII joined channel #puppet
[2010/07/08 19:38:51] @ brd left channel #puppet ()
[2010/07/08 19:46:22] @ ceren joined channel #puppet
[2010/07/08 19:47:39] @ PaulWay[w] joined channel #puppet
[2010/07/08 19:52:14] @ Quit: mikey_p: Quit: mikey_p
[2010/07/08 19:55:42] @ Quit: littleidea_: Quit: littleidea_
[2010/07/08 19:57:36] @ Quit: beata-:
[2010/07/08 19:58:38] @ MaxBube joined channel #puppet
[2010/07/08 19:58:48] @ tecto joined channel #puppet
[2010/07/08 19:58:48] @ Quit: tecto: Changing host
[2010/07/08 19:58:48] @ tecto joined channel #puppet
[2010/07/08 20:11:00] @ wilmoore joined channel #puppet
[2010/07/08 20:16:29] @ Quit: ceren: Quit: ceren
[2010/07/08 20:19:05] @ lak joined channel #puppet
[2010/07/08 20:29:39] @ alcy joined channel #puppet
[2010/07/08 20:38:40] @ Quit: lak: Quit: lak
[2010/07/08 20:43:25] @ littleidea joined channel #puppet
[2010/07/08 20:45:01] @ Quit: alcy: Remote host closed the connection
[2010/07/08 20:47:07] @ Quit: OpenMedia: Quit: Leaving.
[2010/07/08 20:51:40] @ pinoyskull joined channel #puppet
[2010/07/08 20:55:00] @ Quit: WALoeIII: Quit: Bai.
[2010/07/08 20:56:52] @ alcy joined channel #puppet
[2010/07/08 21:01:55] @ Quit: jimmij: Quit: Leaving.
[2010/07/08 21:03:03] @ ahuman joined channel #puppet
[2010/07/08 21:05:45] @ Quit: toi: Ping timeout: 240 seconds
[2010/07/08 21:13:54] @ Quit: g0nz0\|Boston: Ping timeout: 240 seconds
[2010/07/08 21:14:25] @ Quit: juniper: Ping timeout: 276 seconds
[2010/07/08 21:34:40] @ Quit: yannL: Remote host closed the connection
[2010/07/08 21:44:23] @ juniper joined channel #puppet
[2010/07/08 21:45:17] @ g0nz0\|Boston joined channel #puppet
[2010/07/08 21:56:07] @ Quit: Bass10: Ping timeout: 245 seconds
[2010/07/08 21:56:08] @ Quit: tecto: Quit: tecto
[2010/07/08 21:56:13] @ markus joined channel #puppet
[2010/07/08 22:02:40] @ thrain][ joined channel #puppet
[2010/07/08 22:04:17] @ monkeypuzzle joined channel #puppet
[2010/07/08 22:05:34] <sejo> Volcane true, but I never used that one :p
[2010/07/08 22:05:45] <sejo> Volcane: the docs are correct though
[2010/07/08 22:05:53] @ Quit: alcy: Ping timeout: 265 seconds
[2010/07/08 22:13:34] @ PhabX joined channel #puppet
[2010/07/08 22:14:04] @ nexx joined channel #puppet
[2010/07/08 22:20:19] @ bearnard joined channel #puppet
[2010/07/08 22:21:07] @ thrain][ left channel #puppet ()
[2010/07/08 22:22:25] @ Quit: shenson: Ping timeout: 260 seconds
[2010/07/08 22:25:30] @ alcy joined channel #puppet
[2010/07/08 22:26:43] @ Quit: alcy: Client Quit
[2010/07/08 22:27:55] @ Quit: monkeypuzzle: Quit: Page closed
[2010/07/08 22:28:25] @ Quit: pgrous__: Remote host closed the connection
[2010/07/08 22:31:13] @ mattock joined channel #puppet
[2010/07/08 22:32:00] @ shenson joined channel #puppet
[2010/07/08 22:36:51] @ Quit: p3rror: Ping timeout: 252 seconds
[2010/07/08 22:44:25] @ Quit: MaxBube: Quit: Ex-Chat
[2010/07/08 22:47:17] <PaulWay[w]> Is it possible in a list of sources to say "this item if this variable is set"?
[2010/07/08 22:47:30] @ PhabX1 joined channel #puppet
[2010/07/08 22:47:45] @ Quit: PhabX1: Client Quit
[2010/07/08 22:51:42] @ Quit: PhabX: Ping timeout: 252 seconds
[2010/07/08 22:51:58] <littleidea> PaulWay[w]: It's possible to set the sources conditionally which should work
[2010/07/08 22:53:19] <PaulWay[w]> Ah, I see. Hmmm.
[2010/07/08 22:55:27] @ mfournier joined channel #puppet
[2010/07/08 22:56:03] @ Quit: fredden: Quit: Leaving
[2010/07/08 23:09:25] @ Quit: ahuman: Remote host closed the connection
[2010/07/08 23:09:39] @ mvn071 joined channel #puppet
[2010/07/08 23:10:20] @ Quit: nwmcsween_: Quit: nwmcsween_
[2010/07/08 23:11:34] @ asachs joined channel #puppet
[2010/07/08 23:12:06] <asachs> anyone got ralsh to Exec a command ?
[2010/07/08 23:12:09] <FiXion> PaulWay[w]: if you're talking about the source =>.. you can override it by redefining it later (within an if f.ex.) - using f.x. File["fileid"] { source =>..
[2010/07/08 23:13:58] <PaulWay[w]> FiXion: I understand that but this is a little more specific in application.
[2010/07/08 23:14:07] <PaulWay[w]> Doesn't matter.
[2010/07/08 23:20:14] <FiXion> PaulWay[w]: usually I define a @file - without setting source
[2010/07/08 23:20:38] <FiXion> that way - it will fail if it doesn't get a source defined later.
[2010/07/08 23:21:18] <FiXion> and since it's virtual - it won't be instantiated - if it's not realized later on
[2010/07/08 23:21:28] <FiXion> so you could define source and realize it in an if.
[2010/07/08 23:21:41] <FiXion> but I don't know what you "exactly" want - so can't get any closer :)
[2010/07/08 23:22:57] <asachs> asachs: nevermind got it working
[2010/07/08 23:23:28] @ jmccune joined channel #puppet
[2010/07/08 23:23:35] <PaulWay[w]> FiXion: thanks for those ideas.
[2010/07/08 23:23:38] @ asachs left channel #puppet ()
[2010/07/08 23:23:57] <PaulWay[w]> Basically I'm doing the 'standard' fallback for file sources.
[2010/07/08 23:25:15] <PaulWay[w]> Each machine can be in a couple of different categories, so we have sources that start from $filename-$hostname and gradually become more general until we get to just $filename.
[2010/07/08 23:28:30] @ Djelibeybi joined channel #puppet
[2010/07/08 23:28:30] @ Quit: Djelibeybi: Changing host
[2010/07/08 23:28:30] @ Djelibeybi joined channel #puppet
[2010/07/08 23:32:18] <FiXion> perhaps use extlookup
[2010/07/08 23:32:24] <FiXion> in some cases I've found it easier
[2010/07/08 23:32:28] <FiXion> and more flexible
[2010/07/08 23:32:48] <FiXion> if you define it's lookup path - and have a facter variable (or some other) which defines it's category
[2010/07/08 23:32:54] <FiXion> you could set filenames pr. category etc.
[2010/07/08 23:33:05] @ pmorillo joined channel #puppet
[2010/07/08 23:39:39] @ Quit: Djelibeybi: Quit: Colloquy for iPad - http://colloquy.mobi
[2010/07/08 23:40:59] @ Quit: freshtonic: Quit: freshtonic
[2010/07/08 23:45:05] @ Quit: littleidea: Quit: littleidea
[2010/07/08 23:45:25] @ lkoranda joined channel #puppet
[2010/07/08 23:46:03] @ macfly left channel #puppet ()
[2010/07/08 23:48:03] @ ceren joined channel #puppet
[2010/07/08 23:51:04] @ ecolitan joined channel #puppet
[2010/07/08 23:54:27] @ kenneho joined channel #puppet
[2010/07/08 23:57:15] @ ckauhaus joined channel #puppet

Generated by irclog2html.py 2.8 by Marius Gedminas - find it at mg.pov.lt!