"puppet agent --onetime" uses the same pidfile as the puppet service ($rundir/agent.pid). On debian this leads to the puppet cron run being killed when the puppet class tries to "stop" the service.

Just started using the example42/control-repo, and these two things were the first issues I bumped into:

1. the class name for the puppet4 updater was mistyped.
2. r10k config location has changed, says r10k.
   PR is coming.

I regularly deploy new virtual machines with a running puppet client (in daemon mode), and have it pull it's configuration from the puppetmaster. I'm using the puppet-puppet module and for clients, I set runmode=cron. This works fine so far, the script /etc/cron.d/puppet gets installed correctly. However, the puppet daemon is still running.

I think that in runmode=cron, the module should make sure that the puppet service is not running.

Hi,
Currently in the puppet master puppet.conf, the masterport is in the [master] section and only in it, so it prevent us to tell the agent running on the master to connect to a specific port.
We could move the masterport directive into the [main] section or add a new option like master_agent_port or something else.
I am willing to provide the corresponding PR but what is your feeling about this?

Best

Hi.

I'm very new to Puppet and the example42 modules and I'm trying to get things to work but I'm having some issues.

I have a site.pp file (see below) which defines the source parameter for the puppet class but when I run this I get an error stating "Error: Failed to apply catalog: You cannot specify more than one of content, source, target"

After asking for help I added the template => '' parameter and I've also tried template => undef but both of these have no effect.

As you can see I have also been trying to get source_dir to work but that has its own problems which I'll report in a separate bug. However, it may be of interest that specifying source_dir alone does not work but adding the template => undef does work to some extent in that case.

My site.pp file:

class base_nopuppet {
  include openssh
  class { 'sudo':
    source => [ "puppet:///modules/data/sudo/sudo.conf-${hostname}" , "puppet:///modules/data/sudo/sudo.conf" ],
  }
  class { 'mailx':
    source => [ "puppet:///modules/data/mailx/mailx.conf-${hostname}" , "puppet:///modules/data/mailx/mailx.conf" ],
  }
}

class base {
  include base_nopuppet
  class { 'puppet':
    source => "puppet:///modules/data/puppet/puppet.conf",
    #source_dir => 'puppet:///modules/data/puppet/conf/',
    #source_dir_purge => false,
    template => '',
  }
}

node default {
  include base
}

node 'puppet.cs.ru.is' {
  include base_nopuppet

  class { 'puppet':
    mode => 'server',
    source => "puppet:///modules/data/puppet/puppet.conf",
    #source_dir => 'puppet:///modules/data/puppet/puppet.conf',
    #source_dir_purge => false,                                               
    template => '',                                                          
  }
}

Hi,
It looks like some attempt has been made to make this module work on windows. I'm not sure when the last time anyone looked at it was, but it seems like puppet now requires the package source attribute when managing packages on Windows with it's default provider. This module doesn't have code to override package source within the package resource definition -

https://github.com/example42/puppet-puppet/blob/master/manifests/init.pp#L721

Even if it did, it does not seem very reasonable since there is no good way to set a default parameter value to the install executable. I see two possible resultions...

1. Setup to use Chocolatey, which I'm not familiar with, but seems to be a really nice yum/apt like package repo system for Windows and is a valid puppet package provider.
2. Setup logic using a $puppet::manage_package boolean to avoid defining the package resource on Windows platforms. I took a similar approach patching your SSH module for Solaris since it has similar reqiurements.

What are your thoughts?

In CentOS for Puppet 3.4 or newer the process name sent to nagios is "puppetd", while it should be "puppet"

Is there a reason why cron is implemented with a template rather than a Puppet type? Some systems don't use cron.* folders (specifically OpenBSD/FreeBSD, maybe others).

Would it be OK to change this?

If so, what is the preferred approach as far as backwards compatibility is concerned?

It seems that when using passenger, certificates are not generated with DNS alt names. Certificates seem to be generated in server.pp

exec { 'puppetmaster-ca-generate':
  [...]
}

but without using the --dns-alt-names option. Some trial and error modifications indicates that fixing this is not as easy as just adding the option. In at least some cases the certificate is created before the puppetmaster-ca-generate is run and so it is not re-generated.

Not really sure what the correct solution to this is...

https://github.com/example42/puppet-puppet/blame/master/manifests/server.pp#L100

Currently storeconfig don't need rails.

Hi.

I was trying to specify the source_dir parameter to put a set of configuration files into /etc/puppet/. I have files and directories there already that I don't want to change so I specified source_dir_purge => false as well. You can see my site.pp file below.

So, in /etc/puppet/environments/production/modules/data/files/puppet/conf/ I have the following files: auth.conf fileserver.conf puppet.conf tagmail.conf

In /etc/puppet I have roughly the following structure:

/etc/puppet/
      +- environments/
      |        +- production/  # contains manifests/ and modules/ dirs from git
      |        +- test/        # contains manifests/ and modules/ dirs from git
      +- ssl/                  # contains puppet certificates
      +- foo.txt               # just some file I want to keep there
      +-.git/                  # my puppet conf is in a git repo
      +- puppet.conf
      +- auth.conf
      +- fileserver.conf
      +- tagmail.conf

What I want is for the puppet module to install the files that are present in my /etc/puppet/environments/production/modules/data/files/puppet/conf/ directory into the /etc/puppet/ directory but leave all the other files and directories in there in peace.

What happens when I run puppet is I get a bunch of warnings and errors relating to the files that are in /etc/puppet (but not in /etc/puppet/environments/production/modules/data/files/puppet/conf/).

An example of this is the following:

Info: Applying configuration version '1366838929'
Notice: /File[puppet.dir]: Not removing directory; use 'force' to override
Notice: /File[puppet.dir]: Not removing directory; use 'force' to override
Error: Could not rename temporary file /etc/puppet.puppettmp_413 to /etc/puppet: Is a directory - /etc/puppet.puppettmp_413 or /etc/puppet
Error: /File[puppet.dir]/ensure: change from directory to file failed: Could not rename temporary file /etc/puppet.puppettmp_413 to /etc/puppet: Is a directory - /etc/puppet.puppettmp_413 or /etc/puppet
Notice: /File[/etc/puppet/ssl]: Dependency File[puppet.dir] has failures: true
Warning: /File[/etc/puppet/ssl]: Skipping because of failed dependencies
Notice: /File[/etc/puppet/.git]: Dependency File[puppet.dir] has failures: true
Warning: /File[/etc/puppet/.git]: Skipping because of failed dependencies

I seem to get one Notice and one Warning line for each file that exists in /etc/puppet/ (and/or subdirectories) and doesn't exist in /etc/puppet/environments/production/modules/data/files/puppet/conf/. I do not get these lines for files that do exist there.

My site.pp:

class base_nopuppet {
  include openssh
  class { 'sudo':
    source => [ "puppet:///modules/data/sudo/sudo.conf-${hostname}" , "puppet:///modules/data/sudo/sudo.conf" ],
  }
  class { 'mailx':
    source => [ "puppet:///modules/data/mailx/mailx.conf-${hostname}" , "puppet:///modules/data/mailx/mailx.conf" ],
  }
}

class base {
  include base_nopuppet
  class { 'puppet':
    source_dir => 'puppet:///modules/data/puppet/conf/',
    source_dir_purge => false,
    template => absent,
  }
}

node default {
  include base
}

node 'puppet.cs.ru.is' {
  include base_nopuppet

  class { 'puppet':
    mode => 'server',
    source_dir => 'puppet:///modules/data/puppet/conf/',
    source_dir_purge => false,                                               
    template => absent,                                                          
  }
}

When running together with puppet-dashboard - a substantial amount of disk space would be used for reports. Removing old reports should be baked into module

Got "Invalid parameter prerun_command" error when trying to apply prerun_command to puppet agents.

e.g.

    class { 'puppet':
        runinterval         => 20m,
        server              => 'example.com',
        prerun_command      => /etc/puppet/etckeeper-commit-pre,
        postrun_command     => /etc/puppet/etckeeper-commit-post,
    }

I had to change the manifest path in puppet.conf and was wondering, why my agents still didn't get their configuration:

class { 'puppet':
    manifest_path => '$confdir/environments/$environment/manifests/site.pp',
    mode          => 'server',
    passenger     => true,
}

It turned out, I had to manually restart Apache (using Passenger), as it wasn't restarted automatically after the changes done to puppet.conf.

puppet::server::passenger requires apache, while it actually works perfectly fine on nginx as well.

I am trying to use this module to deploy puppet and puppetmaster configuration on all of my servers, but in order to get the right service settings I need to set 'passenger' to true. However, I don't want it to include or install anything for Apache.

Is there an easy way for me to accomplish this just by creating a my_puppet class to include? I planned to create a my_puppet::passenger class which configures nginx and passenger properly, but it seems like I still need some way to set puppet::passenger to true to prevent it from auto-starting and monitoring the service.

Hello,
When using modules containing non ASCII strings agent fails to run saying

Error: Could not retrieve catalog from remote server: Error 400 on SERVER: invalid byte sequence in US-ASCII

This is issue is reported here: https://projects.puppetlabs.com/issues/20897

Adding the following lines to the config.ru_3 template fixes this:

Encoding.default_external = Encoding::UTF_8
Encoding.default_internal = Encoding::UTF_8

Are you interested in a pull request for this?

Hi,

Currently, it seems as if puppet::server::passenger does not have a dependency on puppet::server, causing it to fail if not included explicitly.

Also, after invoking both puppet::server and puppet::server::passenger, apache2 was not able to start because port 8140 was still occupied by the ruby puppetmaster daemon. This seems to be a minor glitch.

For reference, this was my solution:

class { 'puppet::server': }
class { 'puppet::server::passenger': }

Class['puppet::server'] -> Exec['disable puppetmaster daemon'] -> Class['puppet::server::passenger']


For setting up multiple puppetmasters sharing the same hostname and certificates (e.g. in a HA setup) the certname configuration parameter must be set differently in the [master] config section, I believe. For example, if I have two puppetmaster nodes, puppet1 and puppet2, then in the [main] section, certname should be set to either puppet1.mydomain.com or puppet2.mydomain.com. However, with this setting, the two masters will have problems with the SSL certs. So the [master] config section should have e.g. certname = puppet.mydomain.com.
Or am I misunderstanding puppet config here? If I'm right, then it would be great if you could add this config parameter.

Directory Environments are overtaking Config File Environments (the latter being deprecated now). I think all that is really necessary to support the former is adding a line to the [master] section (or [main]) of puppet.conf: environmentpath = $confdir/environments

One directory environment also has to exist for it to be enabled.

I may send a pull request if I have the time to implement this in the near future. Thanks!

The built in webrick server is still started even though I'm installing the nginx web server and vhost.

Am I missing a configuration option, or is this a bug?

Hi,

I'm changing my standalone set up to a puppetmaster based one, hence the flow of puppet-related issues and PR's ;).

I noticed the default $db_port value is 8080. Puppetdb uses 8081 by default with SSL, whereas port 8080 doesn't use SSL. I'd suggest to change the default value so it's safe by default, but that could potentially break BC. Just saying ;)

Also, when using the puppet, puppetdb and postgres modules, currently the default setup will fail (as puppet connects to port 8080, and puppetdb listens to 8081).

Freeaqingme

Right now, the only way to configure fileserver.conf, auth.conf and hiera, you need to override the template. Perhaps it'd be nice to be able to do so using puppet types as well.

Hi @example42,

I have a puppet master that its client connect to via puppet.example.com . The machine name (and fqdn) however is puppet01.vlan.network.example.net . This setup seems like a pretty common setup in situations where you (evantually) want to scale horizontally.

The problem I just ran into however is that templates/passenger/puppet-passenger.conf.erb uses fqdn for the certificate name:

        SSLCertificateFile /var/lib/puppet/ssl/certs/<%= fqdn %>.pem
        SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/<%= fqdn %>.pem

Wouldn't it make sense to use <%= server %> here? I just managed to provision my PKI by deploying this template, hence the suggestion ;) (the client and server certs on the same server did not match).

I see three options:

1. We could leave it the way it is. Downside is that I think a pretty common set up like this is not supported by default.
2. We change the fqdn variable to the server variable. Plus side is that this kind of setup is automatically supported - given that the passenger vhost is exclusively on puppet servers.
3. We introduce a certificatefilename variable, which is defined in ::params and defaults to fqdn. This would allow one to maintain backwards compatibility, while at the same time easily overriding it.

I could provide a PR for this. Also, I realize you're not a fan of introducing variables for everything, which I don't either. I don't mind overriding templates (in fact, we already do), but I think the changes I propose restrict themselves to generic bits & pieces.

On puppet 3 dns_alt_names in the puppet.conf file gets set to the string 'undef' by default. This seems to come from the setting at https://github.com/example42/puppet-puppet/blob/master/manifests/params.pp#L203

Hi,

As you may have noticed I'm trying to get some things done with puppet-puppet, but I ran into one more issue that I can't seem to debug. I have the following (standalone) manifest that I run using vagrant: I keep getting this error:

Error: Could not update: Execution of '/usr/bin/apt-get -q -y -o DPkg::Options::=--force-confold --force-yes install iptables=3.1.1-1puppetlabs1' returned 100: Reading package lists...
Building dependency tree...
Reading state information...
E: Version '3.1.1-1puppetlabs1' for 'iptables' was not found

Error: /Stage[main]/Iptables/Package[iptables]/ensure: change from 1.4.12-1ubuntu4 to 3.1.1-1puppetlabs1 failed: Could not update: Execution of '/usr/bin/apt-get -q -y -o DPkg::Options::=--force-confold --force-yes install iptables=3.1.1-1puppetlabs1' returned 100: Reading package lists...
Building dependency tree...
Reading state information...
E: Version '3.1.1-1puppetlabs1' for 'iptables' was not found

Manifesto:

$puppetDpkgVersion = '3.1.1-1puppetlabs1'

# Sqlite is required because it's the default db backend for puppet.
# We'll set up a decent one in the real manifests
package { [ 'bc', 'sqlite3', 'libsqlite3-ruby' ]: }

Exec { path => [ '/bin/', '/sbin/' , '/usr/bin/', '/usr/sbin/' ] }

class { 'puppet':
#  server              => hiera('puppet_master_host', 'some hostname'),
  server              => hiera('puppet_master_host', 'some hostname'),
  version             => $puppetDpkgVersion,
  mode                => 'server',
  passenger           => true,
  environment         => 'production',
  manifest_path       => '$confdir/environments/$environment/manifests/site.pp',
  module_path         => '$confdir/environments/$environment/modules',
  audit_only          => false,
  firewall            => true,
  firewall_tool       => 'iptables'
}

exec { 'disable puppetmaster daemon':
  command => 'update-rc.d -f puppetmaster remove && service puppetmaster stop'
}

# Minor version comparison for `bc`
$bcCmp = "`dpkg -s puppet | grep 'Version' | cut -c 10- | \
           cut -c -3` < `echo ${puppetDpkgVersion} | cut -c -3`"

exec { 'puppet-repo':
  command => 'wget http://apt.puppetlabs.com/puppetlabs-release-precise.deb && \
              dpkg -i puppetlabs-release-precise.deb && \
              rm -f puppetlabs-release-precise.deb && \
              sudo apt-get update',
  path    => [ '/bin/', '/sbin/' , '/usr/bin/', '/usr/sbin/' ],
  onlyif  => "/bin/bash -c x=$(echo \"${bcCmp}\" | bc); test \"\$x\" != \"1\""
}

Package['bc'] -> Exec['puppet-repo']
Exec['puppet-repo'] -> Class['puppet']
Class['puppet::server']
  -> Exec['disable puppetmaster daemon']
  -> Class['puppet::server::passenger']

It seems somewhere the puppet version and iptables version get mixed up, but I cant put my finger on it...

Right now, the param puppet::mode only supports either client or server, but something like dual isn't possible at all yet which would make it possible to also manage the Puppetmaster just as any other node.

The current implementation relies on different templates for client and server, so the question is:

When implementing dual mode support, which way should I go?

• Merge client/server templates into one and render blocks based on $puppet::mode?
• Introduce a third dual template?
• Anything else?

Input is very welcome, before I start working on it and possibly have to re-implement a lot.