FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Server Development

 
 
LinkBack Thread Tools
 
Old 03-31-2011, 11:16 PM
Clint Byrum
 
Default Puppet Integration

Excerpts from Mark Foster's message of Thu Mar 31 14:52:00 -0700 2011:
> On 03/31/2011 10:36 AM, Chuck Short wrote:
> > Puppet installs over apt-get and takes editing a quick
> >> /etc/default/puppet file to say YES to enable it (rather than risk
> >> conflicts)
>
> BTW this behavior is annoying, it should just rely on the normal methods
> i.e. update-rc.d puppet defaults
>

Agreed. Does anybody know why puppet does this? What conflicts are we
talking about?

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 04-01-2011, 12:05 AM
Mathias Gug
 
Default Puppet Integration

On Thu, Mar 31, 2011 at 7:16 PM, Clint Byrum <clint@ubuntu.com> wrote:
> Excerpts from Mark Foster's message of Thu Mar 31 14:52:00 -0700 2011:
>> On 03/31/2011 10:36 AM, Chuck Short wrote:
>> > Puppet installs over apt-get and takes editing a quick
>> >> /etc/default/puppet file to say YES to enable it (rather than risk
>> >> conflicts)
>>
>> BTW this behavior is annoying, it should just rely on the normal methods
>> i.e. update-rc.d puppet defaults
>>
>
> Agreed. Does anybody know why puppet does this? What conflicts are we
> talking about?
>

Could you clarify what behavior are you referring to? The fact that
puppet doesn't start after the package is installed?

--
Mathias

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 04-06-2011, 03:36 PM
Mark Foster
 
Default Puppet Integration

On 03/31/2011 05:05 PM, Mathias Gug wrote:

> Could you clarify what behavior are you referring to? The fact that
> puppet doesn't start after the package is installed?
>
Bingo!
It requires manual intervention (editing the /etc/default/puppet file).
The irony is that it could be fixed via puppet if it puppet was actually
running.

--
Mark D. Foster <mark@foster.cc>
http://mark.foster.cc/


--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam

Wed Apr 6 18:30:02 2011
Return-path: <ubuntu-server-bounces@lists.ubuntu.com>
Envelope-to: tom@linux-archive.org
Delivery-date: Wed, 06 Apr 2011 17:38:03 +0300
Received: from chlorine.canonical.com ([91.189.94.204]:36248)
by s2.java-tips.org with esmtp (Exim 4.69)
(envelope-from <ubuntu-server-bounces@lists.ubuntu.com>)
id 1Q7Tru-0006hj-RJ
for tom@linux-archive.org; Wed, 06 Apr 2011 17:38:03 +0300
Received: from localhost ([127.0.0.1] helo=chlorine.canonical.com)
by chlorine.canonical.com with esmtp (Exim 4.71)
(envelope-from <ubuntu-server-bounces@lists.ubuntu.com>)
id 1Q7V2w-0001Je-IX; Wed, 06 Apr 2011 15:53:30 +0000
Received: from mail-ey0-f177.google.com ([209.85.215.177])
by chlorine.canonical.com with esmtp (Exim 4.71)
(envelope-from <nikolay.fedosov@gmail.com>) id 1Q7UrM-0007GR-88
for ubuntu-server@lists.ubuntu.com; Wed, 06 Apr 2011 15:41:32 +0000
Received: by eyh6 with SMTP id 6so524699eyh.8
for <ubuntu-server@lists.ubuntu.com>;
Wed, 06 Apr 2011 08:41:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
h=domainkey-signature:message-id:date:from:user-agent:mime-version:to
:cc:subject:references:in-reply-to:content-type;
bh=G24jIwq2HWmFKbw05QB1cgn5nD/jBPUDISb/0vgBA3Y=;
b=xIwjeGrCN9X1+gvVVWgpvXDV3y/jiO8ljco7MxkQRDt78VkJoRhPqe3wKSwZ+OyMV3
uCMOlCtPd5hWO4D3FCQLPBFQYYDnnye4m1CMNhKeVjmgtIfTUP 2dfv22K119YvzIfBrz
BQ2rPk5GeTNsALUUttwDiISNEgC8Gt8mk7SXM=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
h=message-id:date:from:user-agent:mime-version:to:cc:subject
:references:in-reply-to:content-type;
b=Z9poyavF7wi7VKFAC3xiBIfhuy2rW6wr7smGrRu3aGhduvM0 mxBsLo8TO3cXUeGyix
RmGEu9InnvTClNoFDP2sSKnul3cJydSAZogWUJuHnVURyXRkVf MVB1sZY6G8fVqHEGvd
7QqDEgPsME6Rfc8pLgI+9ALnVyjmQWFlxzWek=
Received: by 10.213.29.199 with SMTP id r7mr894582ebc.53.1302104491943;
Wed, 06 Apr 2011 08:41:31 -0700 (PDT)
Received: from [192.168.0.2] ([188.130.242.12])
by mx.google.com with ESMTPS id x54sm438241eeh.26.2011.04.06.08.41.27
(version=TLSv1/SSLv3 cipher=OTHER);
Wed, 06 Apr 2011 08:41:28 -0700 (PDT)
Message-ID: <4D9C89A0.9040008@gmail.com>
Date: Wed, 06 Apr 2011 19:41:20 +0400
From: =?UTF-8?B?0J3QuNC60L7Qu9Cw0Lkg0KTQtdC00L7RgdC+0LI=?=
<nikolay.fedosov@gmail.com>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US;
rv:1.9.2.14) Gecko/20110223 Thunderbird/3.1.8
MIME-Version: 1.0
To: Diego Xirinachs <dxiri343@gmail.com>
Subject: Re: Shorewall and squid transparent proxy problem
References: <BANLkTi=9ddSz7M7OS=v409F_eBqYj2i_jw@mail.gmail.co m> <4D9AAE6E.1010106@gmail.com> <BANLkTinQusw1=Qux6maNeo_oonia_JK8KQ@mail.gmail.co m> <4D9B7642.40305@gmail.com> <BANLkTim-yENN_4LaLkPvwiaNAygG798RZg@mail.gmail.com> <4D9BA6C8.4060706@gmail.com>
<BANLkTinPJvOV-KfmV_NgbjzuJiJROXUvdg@mail.gmail.com>
In-Reply-To: <BANLkTinPJvOV-KfmV_NgbjzuJiJROXUvdg@mail.gmail.com>
Cc: ubuntu-server@lists.ubuntu.com
X-BeenThere: ubuntu-server@lists.ubuntu.com
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Ubuntu Server Development mailing list
<ubuntu-server.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/ubuntu-server>,
<mailto:ubuntu-server-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/ubuntu-server>
List-Post: <mailto:ubuntu-server@lists.ubuntu.com>
List-Help: <mailto:ubuntu-server-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/ubuntu-server>,
<mailto:ubuntu-server-request@lists.ubuntu.com?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============7911426913992665101=="
Sender: ubuntu-server-bounces@lists.ubuntu.com
Errors-To: ubuntu-server-bounces@lists.ubuntu.com

This is a multi-part message in MIME format.
--===============7911426913992665101==
Content-Type: multipart/alternative;
boundary="------------000100070607050506050702"

This is a multi-part message in MIME format.
--------------000100070607050506050702
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit

The most simple way is:

Put here the commands output:
iptables -t filter -L
iptables -t nat -L
iptables -t mangle -L

And this will be the start point!
If you also write about your goals (I remember about squid) It will be
great


06.04.2011 05:40, Diego Xirinachs пи?е?:
> Thanks a lot for your input, to answer your questions and clarify further,
>
> - I had the ACCEPT rule before the REDIRECT one before asking for
> help, and didnt work also, will change it back and leave it like that,
> so rules order would be:
>
>
>
> ACCEPT $FW net tcp www
> REDIRECT loc 3128 tcp www -
> ACCEPT $FW loc icmp
> ACCEPT $FW net icmp
> ##############################
> ###################
>
> - Explain when you can/want, I am curious
>
> - Regarding the iptables commands, no, im not sure. I just took those
> 2 commands from a tutorial and ran them to see if they would work.
>
> - Those 2 iptables commands you gave me, Can I run them with shorewall
> installed or would the server act weird?
>
> Today I noticed I dont have a masq file, and that IF the EXTERNAL
> network isnt connected on eth0 (mine is on eth1) you have to edit this
> masq file to reverse the order, at least thats what Shorewall
> documentation says (i dont have the URL handy) If that works I will
> post results here.
>
> thanks a lot again
>
> 2011/4/5 ?иколай Федо?ов <nikolay.fedosov@gmail.com
> <mailto:nikolay.fedosov@gmail.com>>
>
> 06.04.2011 01:43, Diego Xirinachs пи?е?:
>> DNS is already accepted on my shorewall rules file, here is the
>> complete file, I dont know why I didnt post it complete earlier.
>>
>>
>>
>> REDIRECT loc 3128 tcp www -
>> ACCEPT $FW net tcp www
>> ACCEPT $FW loc icmp
>> ACCEPT $FW net icmp
>> #################################################
> Here is your your mistake! First rule eval like the first rule/
> You try to REDIRECT packets www from firewall to port 3128, but
> you have no www packets in your firewall if (as I am understand)
> your policy is DROP
>
> Try in this order:
>
> first rule: ACCEPT $FW net tcp www
> second rule: REDIRECT loc 3128 tcp www
> -
>
> This example from documentation www.shorewall.net
> <http://www.shorewall.net>
>
>
>
>
>>
>> As you can see, DNS is already there also. Any other tips?
>>
>> @nikolay: Really? more complicated than Iptables? I find it easy
>> to configure access rules here, only problem I have had is this
>> one. With iptables I tried to get the transparent proxy working
>> but couldnt (i got the full command and ran it, didnt do
>> anything). I tried with the following commands
> I can explain it but not now
>
>>
>> |
>> iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp |--dport| 80
>> -j DNAT |--to-destination| 192.168.0.1:3128 <http://192.168.0.1:3128>
>> iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j
>> REDIRECT |--to-ports| 3128|
> Are you sure that SQUID requires nat ?????????????
>
> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j
> REDIRECT --to-ports 3128
> iptables -t filter -A FORWARD -i eth0 -p tcp --dport 80 -j DROP
>
>
> And you should to remember that THE ORDER of rules have the
> SIGNIFICANTE sense!
> Sorry for my english... now it's time to sleep....
>
>>
>> eth0 is my LAN and eth1 is connected to the internet. IP address
>> is just for the example, my internal network uses a different
>> range than that one.
>>
>> I would really like to get this working but I have no idea whats
>> wrong, this kind of issues im sure Is one of those wtf problems
>> that can be solved with a simple solution.
>>
>> Hope it helps and thanks again.
>>
>>
>>
>> 2011/4/5 ?иколай Федо?ов <nikolay.fedosov@gmail.com
>> <mailto:nikolay.fedosov@gmail.com>>
>>
>> My proposal is to change the order of your rules...
>>
>> But the true way is to : apt-get purge shorewall (it is very
>> complicated, more complicatated than iptables)
>>
>> 05.04.2011 13:29, Diego Xirinachs пи?е?:
>>
>> >> My /etc/shorewall/rules are setup with this ACCEPT and
>> REDIRECT rules:
>> >>
>> >> #ACTION SOURCE DEST PROTO DEST PORT(S)
>> SOURCE ORIGINAL
>> >> #
>> PORT(S) DEST
>> >> REDIRECT loc 3128 tcp www -
>> >>
>> >> ACCEPT $FW net tcp www
>>
>>
>> --
>> ubuntu-server mailing list
>> ubuntu-server@lists.ubuntu.com
>> <mailto:ubuntu-server@lists.ubuntu.com>
>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
>> More info: https://wiki.ubuntu.com/ServerTeam
>>
>>
>>
>>
>> --
>> X1R1
>
>
>
>
> --
> X1R1


--------------000100070607050506050702
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
The most simple way is:<br>
<br>
Put here the commands output:<br>
iptables -t filter -L<br>
iptables -t nat -L<br>
iptables -t mangle -L<br>
<br>
And this will be the start point!<br>
If you also write about your goals* (I remember about squid) It will
be great<br>
<br>
<br>
06.04.2011 05:40, Diego Xirinachs пи?е?:
<blockquote
cite="mid:BANLkTinPJvOV-KfmV_NgbjzuJiJROXUvdg@mail.gmail.com"
type="cite">Thanks a lot for your input, to answer your questions
and clarify further,<br>
<br>
- I had the ACCEPT rule before the REDIRECT one before asking for
help, and didnt work also, will change it back and leave it like
that, so rules order would be:<br>
<br>
<br>
<br>
ACCEPT*** *** $FW*** *** net*** *** tcp*** *** www<br>
REDIRECT*** loc*** *** 3128*** *** tcp*** *** www*** *** -*** ***
*** *** <br>
ACCEPT*** *** $FW*** *** loc*** *** icmp<br>
ACCEPT*** *** $FW*** *** net*** *** icmp<br>
##############################
<div class="im">###################</div>
<br>
- Explain when you can/want, I am curious <br>
<br>
- Regarding the iptables commands, no, im not sure. I just took
those 2 commands from a tutorial and ran them to see if they would
work.<br>
<br>
- Those 2 iptables commands you gave me, Can I run them with
shorewall installed or would the server act weird?<br>
<br>
Today I noticed I dont have a masq file, and that IF the EXTERNAL
network isnt connected on eth0 (mine is on eth1) you have to edit
this masq file to reverse the order, at least thats what Shorewall
documentation says (i dont have the URL handy) If that works I
will post results here. <br>
<br>
thanks a lot again <br>
<br>
<div class="gmail_quote">2011/4/5 ?иколай Федо?ов <span dir="ltr">&lt;<a
moz-do-not-send="true"
href="mailto:nikolay.fedosov@gmail.com">nikolay.fe dosov@gmail.com</a>&gt;</span><br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt
0.8ex; border-left: 1px solid rgb(204, 204, 204);
padding-left: 1ex;">
<div bgcolor="#ffffff" text="#000000"> 06.04.2011 01:43, Diego
Xirinachs пи?е?:
<blockquote type="cite">
<div class="im">DNS is already accepted on my shorewall
rules file, here is the complete file, I dont know why I
didnt post it complete earlier.<br>
<br>
<br>
<br>
</div>
<div class="im"> REDIRECT*** loc*** *** 3128*** *** tcp***
*** www*** *** -<br>
ACCEPT*** *** $FW*** *** net*** *** tcp*** *** www***
*** *** *** <br>
ACCEPT*** *** $FW*** *** loc*** *** icmp<br>
ACCEPT*** *** $FW*** *** net*** *** icmp<br>
#################################################< br>
</div>
</blockquote>
Here is your your mistake! First rule eval like the first
rule/<br>
You try to REDIRECT packets www from firewall to port 3128,
but you have no www packets in your firewall if (as I am
understand) your policy is DROP<br>
<br>
Try in this order:<br>
<br>
first rule: ACCEPT*** *** $FW*** *** net*** *** tcp*** ***
www<br>
second rule: REDIRECT*** loc*** *** 3128*** *** tcp*** ***
www*** *** -<br>
<br>
This example from documentation <a moz-do-not-send="true"
href="http://www.shorewall.net" target="_blank">www.shorewall.net</a>
<div class="im"><br>
<br>
<br>
<br>
<blockquote type="cite"><br>
As you can see, DNS is already there also. Any other
tips?<br>
<br>
@nikolay: Really? more complicated than Iptables? I find
it easy to configure access rules here, only problem I
have had is this one. With iptables I tried to get the
transparent proxy working but couldnt (i got the full
command and ran it, didnt do anything). I tried with the
following commands<br>
</blockquote>
</div>
I can explain it but not now
<div class="im"><br>
<blockquote type="cite"> <br>
<code><br>
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp <code>--dport</code>
80 -j DNAT <code>--to-destination</code> <a
moz-do-not-send="true"
href="http://192.168.0.1:3128" target="_blank">192.168.0.1:3128</a><br>
iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp
--dport 80 -j REDIRECT <code>--to-ports</code> 3128</code><br>
</blockquote>
</div>
Are you sure that SQUID requires nat ?????????????<br>
<br>
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j
REDIRECT --to-ports 3128<br>
iptables -t filter -A FORWARD -i eth0 -p tcp --dport 80 -j
DROP<br>
<br>
<br>
And* you should to remember that THE ORDER of rules have the
SIGNIFICANTE sense!<br>
Sorry for my english... now it's time to sleep....
<div class="im"><br>
<blockquote type="cite"><br>
eth0 is my LAN and eth1 is connected to the internet. IP
address is just for the example, my internal network
uses a different range than that one.<br>
<br>
I would really like to get this working but I have no
idea whats wrong, this kind of issues im sure Is one of
those wtf problems that can be solved with a simple
solution.<br>
<br>
Hope it helps and thanks again.<br>
<br>
<br>
<br>
<div class="gmail_quote">2011/4/5 ?иколай Федо?ов <span
dir="ltr">&lt;<a moz-do-not-send="true"
href="mailto:nikolay.fedosov@gmail.com"
target="_blank">nikolay.fedosov@gmail.com</a>&gt;</span><br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt
0pt 0.8ex; border-left: 1px solid rgb(204, 204,
204); padding-left: 1ex;"> My proposal is to change
the order of your rules...<br>
<br>
But the true way is to : apt-get purge shorewall (it
is very complicated, more complicatated than
iptables)<br>
<br>
05.04.2011 13:29, Diego Xirinachs пи?е?:
<div><br>
&gt;&gt; My /etc/shorewall/rules are setup with
this ACCEPT and REDIRECT rules:<br>
&gt;&gt;<br>
&gt;&gt; #ACTION * SOURCE * * DEST * * PROTO *
*DEST PORT(S) * * SOURCE * * ORIGINAL<br>
&gt;&gt; # * * * * * * * * * * * * * * * * * * * *
* * * * * * * PORT(S) * *DEST<br>
&gt;&gt; REDIRECT *loc * * * *3128 * * tcp * *
*www * * * * * * *-<br>
&gt;&gt;<br>
&gt;&gt; ACCEPT * *$FW * * * *net * * *tcp * *
*www<br>
* <br>
</div>
</blockquote>
<blockquote class="gmail_quote" style="margin: 0pt 0pt
0pt 0.8ex; border-left: 1px solid rgb(204, 204,
204); padding-left: 1ex;">
<div> <br>
</div>
-- <br>
<div>
<div> ubuntu-server mailing list<br>
<a moz-do-not-send="true"
href="mailto:ubuntu-server@lists.ubuntu.com"
target="_blank">ubuntu-server@lists.ubuntu.com</a><br>
<a moz-do-not-send="true"
href="https://lists.ubuntu.com/mailman/listinfo/ubuntu-server"
target="_blank">https://lists.ubuntu.com/mailman/listinfo/ubuntu-server</a><br>
More info: <a moz-do-not-send="true"
href="https://wiki.ubuntu.com/ServerTeam"
target="_blank">https://wiki.ubuntu.com/ServerTeam</a></div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
X1R1<br>
</blockquote>
<br>
</div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
X1R1<br>
</blockquote>
<br>
</body>
</html>

--------------000100070607050506050702--


--===============7911426913992665101==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
--===============7911426913992665101==--
 
Old 04-06-2011, 04:03 PM
Serge van Ginderachter
 
Default Puppet Integration

On 6 April 2011 17:36, Mark Foster <mark@foster.cc> wrote:


It requires manual intervention (editing the /etc/default/puppet file).

The irony is that it could be fixed via puppet if it puppet was actually

running.
You might want to first install chef to handle that :-)*
You still have to install the client, in certain case you might want to push a certain base config. So enabling the service at instal time shouldn't be that big a deal.

EIther way, you have to start somewhere before puppet kicks in.
Besdides, not everybody want the puppet client running by default. Because of e.g. memory problems, some people (used to) run it from cron, not as a daemon - just giving a counter example.


--


Met vriendelijke groet,

Serge van Ginderachter





--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 04-06-2011, 04:26 PM
Mark Foster
 
Default Puppet Integration

On 04/06/2011 09:03 AM, Serge van Ginderachter wrote:
> On 6 April 2011 17:36, Mark Foster <mark@foster.cc> wrote:
>
>> It requires manual intervention (editing the /etc/default/puppet file).
>> The irony is that it could be fixed via puppet if it puppet was actually
>> running.
>>
>
> You might want to first install chef to handle that :-)

This thread is not about chef.

>
> You still have to install the client, in certain case you might want to push
> a certain base config. So enabling the service at instal time shouldn't be
> that big a deal.
> EIther way, you have to start somewhere before puppet kicks in.

preseed and other methods make it easy to install packages. Editing a
config file is a bit more complex.

The behavior in Hardy LTS was that you installed puppet and it (puppetd)
would run. So this change in behavior qualifies as a regression.

> Besdides, not everybody want the puppet client running by default. Because
> of e.g. memory problems, some people (used to) run it from cron, not as a
> daemon - just giving a counter example.
>

I'm sure a _majority_ of users do want it to run by default. Certainly
that's what the Hardy users got & thus expected.

If some users don't want it (puppetd) to run in which case they should
not install the puppet package at all, but just puppet-common.

--
Mark D. Foster <mark@foster.cc>
http://mark.foster.cc/


--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 05-05-2011, 08:15 PM
cdmiller
 
Default Puppet Integration

On 04/06/2011 09:36 AM, Mark Foster wrote:
> On 03/31/2011 05:05 PM, Mathias Gug wrote:
>
>> Could you clarify what behavior are you referring to? The fact that
>> puppet doesn't start after the package is installed?
>>
> Bingo!
> It requires manual intervention (editing the /etc/default/puppet file).
> The irony is that it could be fixed via puppet if it puppet was actually
> running.
>

We ended up using a --exec from vmbuilder to change the option to YES in
/etc/default/puppet. Also turned on auto signing of keys on the puppet
master. Fire up a new VM and puppet kicks off to complete
configuration. So the use case exists for autostart of the puppet
agent, auto provisioning of newly created VM's, potential for elastic
cloud expansion.

Sorry for the old thread reply.

- cameron

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 

Thread Tools




All times are GMT. The time now is 05:32 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org