FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Infrastructure

 
 
LinkBack Thread Tools
 
Old 09-08-2008, 03:33 PM
Seth Vidal
 
Default More puppet training!

On Mon, 2008-09-08 at 09:19 -0600, Stephen John Smoogen wrote:
> On Mon, Sep 8, 2008 at 9:16 AM, Mike McGrath <mmcgrath@redhat.com> wrote:
> > So I'm going to hold a couple more training seminars for Puppet in
> > Fedora's Infrastructure. I was hoping you guys could also throw some
> > questions together so i make sure I don't miss anything.
> >
>
> Are the old seminars up somewhere? My whole look at puppet is from
> 30k. I know more about cfengine .. which has made me look at some of
> the 'limitations' of puppet as 'huh?' versus purposeful design
> decisions. Heck I don't even know how to make a root password across a
> cluster .


don't feel bad, no one else does, either.

Not without leaving the crypted password all over the logs.

Well, to be fair, there's a way to do it, it's just hurky and feels
silly.

-sv


_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
 
Old 09-08-2008, 03:35 PM
Jesse Keating
 
Default More puppet training!

On Mon, 2008-09-08 at 10:16 -0500, Mike McGrath wrote:
> So I'm going to hold a couple more training seminars for Puppet in
> Fedora's Infrastructure. I was hoping you guys could also throw some
> questions together so i make sure I don't miss anything.

The "standard" way to define users, packages, directories, files, cron
jobs, and using variables or host specific definitions within a shared
class file.

I think our current files have multiple ways of doing all the above and
I'd like to see the current thought of standard practice (and then maybe
an effort to convert the current setup to the standards).

--
Jesse Keating
Fedora -- Freedom˛ is a feature!
identi.ca: http://identi.ca/jkeating
_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
 
Old 09-08-2008, 03:39 PM
Dennis Gilmore
 
Default More puppet training!

On Monday 08 September 2008 10:16:28 am Mike McGrath wrote:
> So I'm going to hold a couple more training seminars for Puppet in
> Fedora's Infrastructure. I was hoping you guys could also throw some
> questions together so i make sure I don't miss anything.

Id like to know where should i put a script in the puppet tree. where should
I put config files etc.

what if its something needed on 2 systems that have different purposes should
i create a new class? or just add it to each of the two groups?. but a
shared group. that kind of thing.


Dennis
_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
 
Old 09-08-2008, 04:49 PM
Mike McGrath
 
Default More puppet training!

On Mon, 8 Sep 2008, Seth Vidal wrote:

> On Mon, 2008-09-08 at 09:19 -0600, Stephen John Smoogen wrote:
> > On Mon, Sep 8, 2008 at 9:16 AM, Mike McGrath <mmcgrath@redhat.com> wrote:
> > > So I'm going to hold a couple more training seminars for Puppet in
> > > Fedora's Infrastructure. I was hoping you guys could also throw some
> > > questions together so i make sure I don't miss anything.
> > >
> >
> > Are the old seminars up somewhere? My whole look at puppet is from
> > 30k. I know more about cfengine .. which has made me look at some of
> > the 'limitations' of puppet as 'huh?' versus purposeful design
> > decisions. Heck I don't even know how to make a root password across a
> > cluster .
>
>
> don't feel bad, no one else does, either.
>
> Not without leaving the crypted password all over the logs.
>
> Well, to be fair, there's a way to do it, it's just hurky and feels
> silly.
>

I was kind of irked about that too. I'm going to file a ticket to make
sure this gets handled. Really I guess it'd be nice to have a

logDiff => false

option where it'd at least let you know something happened but not what if
it was explicitly listed. There's other uses for this besides just root
passwords.

Ticket: http://reductivelabs.com/redmine/issues/show/1566

-Mike

_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
 
Old 09-08-2008, 04:52 PM
Seth Vidal
 
Default More puppet training!

On Mon, 2008-09-08 at 11:49 -0500, Mike McGrath wrote:
> On Mon, 8 Sep 2008, Seth Vidal wrote:
>
> > On Mon, 2008-09-08 at 09:19 -0600, Stephen John Smoogen wrote:
> > > On Mon, Sep 8, 2008 at 9:16 AM, Mike McGrath <mmcgrath@redhat.com> wrote:
> > > > So I'm going to hold a couple more training seminars for Puppet in
> > > > Fedora's Infrastructure. I was hoping you guys could also throw some
> > > > questions together so i make sure I don't miss anything.
> > > >
> > >
> > > Are the old seminars up somewhere? My whole look at puppet is from
> > > 30k. I know more about cfengine .. which has made me look at some of
> > > the 'limitations' of puppet as 'huh?' versus purposeful design
> > > decisions. Heck I don't even know how to make a root password across a
> > > cluster .
> >
> >
> > don't feel bad, no one else does, either.
> >
> > Not without leaving the crypted password all over the logs.
> >
> > Well, to be fair, there's a way to do it, it's just hurky and feels
> > silly.
> >
>
> I was kind of irked about that too. I'm going to file a ticket to make
> sure this gets handled. Really I guess it'd be nice to have a
>
> logDiff => false
>
> option where it'd at least let you know something happened but not what if
> it was explicitly listed. There's other uses for this besides just root
> passwords.
>

The way I worked out to do it is a bit silly but you put the crypted
password in a file somewhere in /etc or /root

and you just have that file in config_files or private (or as a
template) and then a cron job goes through and takes that value and sets
it in /etc/shadow using lpasswd or chpasswd

not pretty but it will keep the crypted pw from showing up in a log
-sv


_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
 
Old 09-08-2008, 06:44 PM
"Stephen John Smoogen"
 
Default More puppet training!

On Mon, Sep 8, 2008 at 10:52 AM, Seth Vidal <skvidal@fedoraproject.org> wrote:
> On Mon, 2008-09-08 at 11:49 -0500, Mike McGrath wrote:
>> On Mon, 8 Sep 2008, Seth Vidal wrote:
>>
>> > On Mon, 2008-09-08 at 09:19 -0600, Stephen John Smoogen wrote:
>> > > On Mon, Sep 8, 2008 at 9:16 AM, Mike McGrath <mmcgrath@redhat.com> wrote:
>> > > > So I'm going to hold a couple more training seminars for Puppet in
>> > > > Fedora's Infrastructure. I was hoping you guys could also throw some
>> > > > questions together so i make sure I don't miss anything.
>> > > >
>> > >
>> > > Are the old seminars up somewhere? My whole look at puppet is from
>> > > 30k. I know more about cfengine .. which has made me look at some of
>> > > the 'limitations' of puppet as 'huh?' versus purposeful design
>> > > decisions. Heck I don't even know how to make a root password across a
>> > > cluster .
>> >
>> >
>> > don't feel bad, no one else does, either.
>> >
>> > Not without leaving the crypted password all over the logs.
>> >
>> > Well, to be fair, there's a way to do it, it's just hurky and feels
>> > silly.
>> >
>>
>> I was kind of irked about that too. I'm going to file a ticket to make
>> sure this gets handled. Really I guess it'd be nice to have a
>>
>> logDiff => false
>>
>> option where it'd at least let you know something happened but not what if
>> it was explicitly listed. There's other uses for this besides just root
>> passwords.
>>
>
> The way I worked out to do it is a bit silly but you put the crypted
> password in a file somewhere in /etc or /root
>
> and you just have that file in config_files or private (or as a
> template) and then a cron job goes through and takes that value and sets
> it in /etc/shadow using lpasswd or chpasswd
>
> not pretty but it will keep the crypted pw from showing up in a log
> -sv
>

Ugh. Is there a way to integrate this with augeus or something? Having
to assume you can protect a second file for root or having secure file
diff's logged sounds like a long term nightmare. However thats outside
of probably the class .



--
Stephen J Smoogen. -- BSD/GNU/Linux
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
 
Old 09-08-2008, 07:09 PM
"Brett Lentz"
 
Default More puppet training!

> -----Original Message-----
> From: fedora-infrastructure-list-bounces@redhat.com [mailto:fedora-
> infrastructure-list-bounces@redhat.com] On Behalf Of Dennis Gilmore
> Sent: Monday, September 08, 2008 8:39 AM
> To: Fedora Infrastructure
> Subject: Re: More puppet training!
>
> On Monday 08 September 2008 10:16:28 am Mike McGrath wrote:
> > So I'm going to hold a couple more training seminars for Puppet in
> > Fedora's Infrastructure. I was hoping you guys could also throw some
> > questions together so i make sure I don't miss anything.
>
> Id like to know where should i put a script in the puppet tree. where
> should I put config files etc.

A script to be pushed to the clients, then executed, should be in the
directories declared by the fileserver directives (/var/lib/puppet/config, I
believe).

A script run on the server-side (e.g. an external node classifier, etc.)
should live in /usr/local/bin on the puppetmaster.

>
> what if its something needed on 2 systems that have different purposes
> should i create a new class? or just add it to each of the two
> groups?. but a shared group. that kind of thing.
>

Yep. My rule of thumb tends to be to create purpose-specific classes, so
that any node or server group that needs singular bits can include or
inherit them (and override any conflicting values).

>
> Dennis


---Brett.

_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
 
Old 09-08-2008, 08:11 PM
"Douglas Furlong"
 
Default More puppet training!

This is possibly in appropriate.

But each time I've read this subject line I keep on seeing "More muppet training", and it's only on the second look I see puppet.

It's given me a giggle so I thought I'd share.


Sorry for the noise.

Doug

_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
 

Thread Tools




All times are GMT. The time now is 04:44 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org