17:32:05 #startmeeting 17:32:05 Meeting started Thu Jan 26 17:32:05 2012 UTC. The chair is adimania. Information about MeetBot at http://wiki.debian.org/MeetBot. 17:32:05 Useful Commands: #action #agreed #halp #info #idea #link #topic. 17:32:32 #topic Introduction To Puppet 17:33:22 Hi guys ! 17:33:48 Puppet is a configuration management tool. It can manage the entire life cycle of your system from starting till the time you retire your box. 17:34:51 You can manage several hundred, possibly thousands of servers. 17:35:00 nice! 17:35:03 Now let us start the setting up process. 17:35:15 #topic Setting up puppet master 17:35:42 Puppet is usually used in simple master slave configuration. 17:36:21 Your puppet server will run the master and each node which is to be managed will use puppet client to make the changes to a desirable state. 17:37:00 First requirement for puppet to work properly is to set a proper hostname in fqdn format. 17:37:15 Anything like localhost.localdoamin should work. 17:37:29 fqdn = fully qualified domain name 17:37:34 * FranciscoD looks at adimania for confirmation 17:37:42 * adimania nods 17:37:54 admania, So it need a working dns system ? 17:38:05 command: # hostname localhost.localdomain 17:38:17 ok with this is good to start.. 17:38:43 but you can configure in a real enviroment with dns and all stuff.. 17:38:44 bogor, ideally yes but you can put the ip and name in /etc/hosts and that would work fine. 17:39:25 is everybody done with the setting up of hostname? 17:39:31 yes 17:39:34 * ctria nods 17:39:35 yes 17:39:57 yes 17:40:03 mines already set to ankur.pc, how that is sufficient adimania 17:40:04 ? 17:40:17 FranciscoD, yes. that will do. 17:40:23 cool. next up, we'll install puppet master and client. 17:41:07 FYI, right now my aim is to manage the localhost. 17:41:19 we'll add more nodes at a later stage. 17:41:22 command: # yum install puppet-server puppet 17:41:47 do the machines have to be on the same (sub)network ? 17:42:10 and what happen with firewall? shall i need to add some rule? 17:42:21 pingou, it is not mandatory as long as the names resolve properly. 17:42:45 adimania: so safety is assured ? 17:42:48 rino, you need to whitelist port 8140 17:42:58 ok 17:43:13 pingou, what kind of safety are we talking about here? 17:43:55 rino, I think "--dport 8140 -j ACCEPT" should do the trick. 17:43:59 adimania: well the slave contacts the master, I don't want the master to give away information to any host 17:45:01 * casep installation done 17:45:03 ah! yes, it is perfectly safe in that regard. puppet master do not answer to rogue hosts 17:45:33 pingou, if there is no entry about the host in master then a 400 not found error is returned. 17:45:49 is puppet and puppet-master installed for everyone? 17:45:56 yes 17:45:58 yes 17:46:01 adimania: thanks for the info 17:46:12 ack 17:46:18 pingou, no problem. :) 17:47:11 installed++ 17:47:19 * shaon nods 17:47:40 okay. now get into /etc/puppet and have a good look at the files present there 17:47:45 I'm getting "no package available" 17:47:57 which repo? 17:48:10 dashcom: regular fedora repos 17:48:14 puppet-server 17:48:17 I think its called 17:48:33 dashcom: what fedora? 17:48:47 ok, I'll use Fedora vm then (was using CentOS) 17:48:54 dashcom, what repos are you having on your machine? 17:48:57 dashcom: centos has it in epel 17:49:00 yum repolist 17:49:00 dashcom, you can use epel 17:49:08 ok 17:49:15 dash com CentOS is fine if you enable EPEL 17:49:33 dashcom, make sure that rpmforge is not enabled. 17:50:08 for now I'll just install with Fedora 17:50:08 rpmforge has a more recent version. let us stay on the same version for this classroom. 17:50:36 (install finished) 17:50:52 okay. moving ahead, let us look at /etc/puppet/puppet.conf 17:51:05 which version is ok? 17:51:29 I prefer 2.6.x on my production server. 17:51:37 puppet-2.6.13-2.fc16.noarch ? 17:51:54 2.7.x is very recent and might need some big fixes. 17:52:02 thunderbirdtr, your version is fine. 17:52:13 thank you 17:52:24 thunderbirdtr, no problem. :) 17:52:55 if you have a look at the puppet.conf, it has two sections defined there. 17:53:46 [main] is the one with all the general variables. they are well commented so you can read them for an explanation 17:54:21 We would be interested in [agent] section at a later point of this session. 17:54:45 now start the master. 17:54:57 command: # service puppetmaster start 17:55:19 * casep done 17:55:23 i hope someone will report a problem ;) 17:55:28 yes 17:55:33 Starting puppetmaster: Could not prepare for execution: Cannot save ca; parent directory /var/lib/puppet/ssl/ca does not exist 17:55:48 systemctl start puppet.service 17:55:49 rino, that is what I was looking for :) 17:55:56 systemctl status puppet.service 17:56:07 * FranciscoD didnt have a problem 17:56:12 is that wrong? :O 17:56:27 selinux :) 17:56:27 Starting puppetmaster: Could not prepare for execution: Cannot save ca; parent directory /var/lib/puppet/ssl/ca does not exist 17:56:44 setenforce 0 :) 17:56:46 work 17:56:50 rino, you have selinux enabled I believe. 17:56:53 started fine here... 17:56:55 * FranciscoD has too 17:57:07 I have selinux enabled too ? but no problem ? 17:57:12 hm no selinux here :) 17:57:18 here no problem either 17:57:22 I do not know why try to set some ssl ca 17:57:28 thunderbirdtr: high 5 :P 17:57:44 despite having selinux in enforcing mode 17:57:49 # Where SSL certificates are kept. # The default value is '$confdir/ssl'. ssldir = $vardir/ssl 17:57:58 ssldir is uncommentd 17:58:06 in the master file puppet 17:58:12 so ca is setup because puppet will sign each node 17:58:31 Do i need ca ? 17:58:42 because it is on the puppet.conf 17:58:49 yes. puppet will sign each and every node. 17:59:17 any node which is not certified will not be able to communicate with puppet master 17:59:19 ok now maybe it was created 18:00:07 you can verify that ca was created by doing a "ls /var/lib/puppet/ssl/ca" 18:00:25 yes know i have it 18:00:28 now 18:00:32 was the port to whitelist earlier a tcp or an udp one? 18:00:42 it should have the keys and certs 18:00:45 muep, tcp 18:00:53 thanks 18:01:31 now let us start our first puppet execution. 18:01:55 command: # puppet agent -t 18:02:05 I hope someone will report an error again. 18:02:14 err: Could not retrieve catalog from remote server: getaddrinfo: Name or service not known 18:02:14 warning: Not using cache on failed catalog 18:02:14 err: Could not retrieve catalog; skipping run 18:02:21 on server? 18:02:32 same error 18:02:35 err: Could not retrieve catalog from remote server: getaddrinfo: Name or service not known 18:02:35 warning: Not using cache on failed catalog 18:02:36 err: Could not retrieve catalog; skipping run 18:02:42 rino, no this has to fired at client. 18:02:47 adimania: http://fpaste.org/yKLk/ 18:02:53 it check for puppet as hostname? 18:02:55 same error here, with server and client being in localhost 18:03:23 same over here 18:03:24 which packet do i need on client? 18:03:31 ctria, thunderbirdtr : there are two possible reasons. 18:03:48 1. you are not running the client as a sudoer. 18:04:20 2. your cert is not signed. 18:04:33 both look fine there but: 18:04:45 what i need to run in client? 18:04:50 I select 1 What I need for client ? 18:04:53 in certificate it added: DNS:puppet, DNS:puppet.domain 18:05:00 in the certificate 18:05:08 does it require (by default) puppet as hostname? 18:05:16 I got "could not request cert: connection timed out" 18:05:55 adimania: do i need run puppetserver on client? 18:06:03 okay. now as a sudoer fire : # puppet agent -t --server=localhost.localdomain 18:06:25 replace localhost.localdomain with the fqdn you used. 18:06:27 hm adding puppet to /etc/hosts changed it to: 18:06:28 err: Could not retrieve catalog from remote server: Connection refused - connect(2) 18:06:28 warning: Not using cache on failed catalog 18:06:28 err: Could not retrieve catalog; skipping run 18:06:43 rino, no. only client is need 18:06:50 s/need/needed 18:06:57 adimania: it aint saying anything, so I think its running 18:07:06 nah 18:07:07 failed 18:07:11 adimania: which package I need on client? 18:07:21 rino, yum install puppet 18:07:27 ok 18:07:36 info: Caching catalog for fedora.hp.dv6.pavilion.3031.et 18:07:36 info: Applying configuration version '1327601228' 18:07:37 info: Creating state file /var/lib/puppet/state/state.yaml 18:07:37 notice: Finished catalog run in 0.01 seconds 18:07:37 * casep notice: Finished catalog run in 0.01 seconds :) 18:07:40 :)) 18:07:54 what?! 18:07:56 grrr 18:07:59 thunderbirdtr, casep: excellent 18:08:05 http://fpaste.org/IXux/ 18:08:06 could someone paste or link the /etc/hosts for client and server 18:08:09 :( 18:08:41 for those who are still seeing the error: create a magical file /etc/puppet/manifests/site.pp 18:09:01 the error about getaddrinfo failing? 18:09:05 notice: Finished catalog run in 0.02 seconds 18:09:33 still error 18:09:36 muep, getaddrinfo usually means that you are not running it as a sudoer or the name is not resolving. 18:09:37 puppet agent -t --server=`hostname -f` 18:09:38 Hi, am i late? 18:09:43 this did it for me 18:09:51 adimania: not enough if I run it as root? 18:09:56 yes but client and server have localhost.localdomian 18:09:56 adimania: whats a magical file? 18:09:58 :O 18:10:01 muep, root is good 18:10:06 and both to 127.0.0.1 18:10:09 FranciscoD, will come to that 18:10:16 adimania: so, just touch that file? 18:10:17 adimania: ok, then I suspect my /etc/hosts is somehow broken 18:10:23 FranciscoD, yes. 18:10:43 muep, can you fpaste the snippet from /etc/hosts? 18:10:44 created 18:11:02 someone can paste the etc/hosts client and server 18:11:04 also check is the cert is waiting to be signed. command is: 18:11:15 adimania: whole /etc/hosts: http://fpaste.org/Brep/ 18:11:23 command: # puppet cert --list 18:11:51 rino, http://fpaste.org/r9ic/ 18:12:10 Will be log for this session? 18:12:15 adimania: http://fpaste.org/wVjJ/ 18:12:17 okay? 18:12:21 jpill: yes 18:12:25 there will be a log 18:12:26 Thanks 18:12:33 thanks 18:13:15 FranciscoD, I see nothing ? 18:13:19 FranciscoD, try running "puppet agent -t --server= --waitforcert 60" 18:13:45 adimania: can i just use 127.0.0.1? 18:13:48 as fdqn? 18:13:58 its there in /etc/hosts 18:14:31 FranciscoD, I don't think so 18:14:49 certs is signed for fqdn not ip 18:15:17 hrm 18:15:24 still error.. 18:15:24 :S 18:15:26 adimania: how do i confirm my fdqn is set? 18:15:30 hey, it suddenly works now :-) 18:15:31 i think thats where its screwing up 18:15:36 muep: what did you do? 18:15:38 fire: #hostname 18:16:03 adimania: I tried the waitforcert flag and now I get no route to host (but I can ping fine) 18:16:07 shows it correctly 18:16:10 in both hostname localhost.localdomain 18:16:23 dashcom: same problem 18:16:25 FranciscoD: tried again with --server=localhost, then it gave a different error which complained about different hostname than what is in the cert 18:16:52 and then tried yet again with the fqdn I had in /etc/hosts and now it seems to work 18:17:03 okay. simple test. "ping " 18:17:11 it must be pingable 18:17:26 yes but it will work because is loopback for localhost.localdomain 18:17:28 nah, aint working 18:17:37 does it also need to be reverse resolvable by the server or something? 18:17:40 if it is not, then something is wrong with your /etc/hosts 18:17:43 yep, pingable 18:17:47 I can ping 18:18:07 * FranciscoD scratches head 18:18:15 muep, I don't think so. 18:18:27 FranciscoD, try:# ping `hostname -f` 18:18:56 ctria: yup, can ping 18:19:12 then use for fqdn the output of # hostname -f 18:19:21 ctria: http://fpaste.org/izmo/ 18:19:25 i am 18:19:39 and still get the error 18:19:52 ping both directions works 18:19:52 someone can check my hosts file 18:19:54 http://fpaste.org/BBwK/ 18:20:15 both directions? 18:20:20 * FranciscoD is a little confused 18:20:22 FranciscoD, your hostname is set to ankur.pc? 18:20:28 adimania: thats what hostname says 18:20:37 so i assume yes 18:21:01 and from http://fpaste.org/IXux/ I see that you are firing fqdn as localhost.localdoamin 18:21:09 i tried both 18:21:10 :) 18:21:20 both directions: I'm making sure my vm and it's host can get to each other 18:22:11 rino, nope. that won't work. 18:22:20 what i need to change? 18:22:33 redirect it to ip instead of loopback 18:22:45 see your client and server have the same name. unless they are the same machine, they should not have the same name 18:23:11 do you have a /etc/hosts example 18:23:17 that is why I said that I'll manage localhost first and add nodes later. 18:23:43 Let us manage localhost for now. I'll tell you how to add nodes after some time. 18:24:08 ok in server works.. 18:24:11 but client no 18:24:26 rhino server and client should be the same node for now 18:24:26 on client it won't work for you at this stage. 18:24:50 ahh i asked before where run it and i understand client :S 18:24:55 sorry ;S 18:25:04 other than FranciscoD who else is facing issues? 18:25:21 rino: whatever your ip is (#ifconfig), set that to your localhost.domain in /etc/hosts, instead of using just 127.0.0.1 18:25:37 adimania, nope... 18:25:39 in server? 18:26:00 yes 18:26:01 adimania, i get an empty reply from cert --list but everything else works fine. 18:26:20 ctria, that is okay. empty reply means that cert is signed. 18:26:25 adimania, I get reply too 18:26:26 which commando to list cert 18:26:32 adimania, Oh good 18:26:44 rino, puppet cert --list 18:26:52 thk 18:27:22 okay. now let us move ahead. 18:27:35 FranciscoD, will debug your issue for sure :) 18:28:17 puppet agent -t requires the --server argument to work. should the server hostname be stated in puppet.conf or some other place? 18:28:20 sure thing 18:28:24 * FranciscoD is googling etc 18:28:34 so that I'd not need to always specify --server 18:28:35 so puppet run requires a magical file known as site.pp 18:28:54 muep, yes. we can (and we will) do that 18:29:06 adimania: thanks. I'll wait until you get to that then 18:30:01 actually we can do it right now. 18:30:18 everyone, please open up /etc/puppet/puppet.conf 18:30:49 now in your agent section append a line saying: 18:30:59 server = 18:31:18 done 18:31:45 seems to work 18:31:51 done 18:31:53 now restart the puppetmaster and try running "puppet agent -t" without any server arg 18:32:06 actually I am not sure if restart is required. 18:32:10 can someone confirm that? 18:32:20 adimania: it started working here without a restart 18:32:21 works fine 18:32:29 ah! good :) 18:32:37 (hm i didn't restart server too :) ) 18:32:37 Perfect :) 18:32:54 okay. moving back to the magical site.pp file. 18:33:03 work :) 18:33:15 open it in your favorite test editor. 18:33:20 * adimania goes for vim 18:34:11 what's path to site.pp again, please? 18:34:11 where is it ? 18:34:17 or where i need create it? 18:34:31 /etc/puppet/manifests create here 18:34:40 ty 18:35:04 dashcom, You're welcome 18:35:10 #topic Puppet manifests and modules 18:36:04 now puppet has two important config directories. one is /etc/puppet/manifests and other is /etc/puppet/modules 18:36:20 they might not be pre-created. 18:36:33 the modules one seems to not be 18:37:06 modules is the one where you define the config per application. 18:37:18 muep, that is absolutely fine. 18:37:59 you can have one module for apache, maybe another for mysql and so on 18:38:25 manifests is where you generally define nodes and which node include what module. 18:38:47 please keep in mind that this is the best practice and not a rule. 18:39:19 Now check out http://fpaste.org/fgdV/ 18:39:41 what happened with site.pp, is empty 18:40:20 rino, it would be 18:40:28 pok 18:40:40 my bad, have a look at http://fpaste.org/9dLX/ 18:40:55 and make your site.pp look like it. 18:41:27 so just paste this info in site.pp thar is on manifiest ? 18:41:29 as always replace localhost.localdoamin with the fqdn you are using 18:41:41 rino, yes 18:42:13 now. here we have defined a node and a class 18:42:41 a node is basically a client machine which in this case is itself. 18:42:52 a class is where you define the configs. 18:43:02 and the node will include that class. 18:43:27 adimania, Can we add multiple machine in same list or crete for each one ? 18:43:58 as the number of nodes keep on increasing, you can split the file into several files or you can use regex :) 18:44:58 adimania, Thank you 18:45:04 just remember that site.pp is the main file. if you split it, then you need to include the other files by add "include " in the beginning of the file 18:45:17 thunderbirdtr: I have a rule node /^ucmc\d+\.noblet\.ca$/ 18:45:21 thunderbirdtr, you are welcome :) 18:45:27 which matches a naming pattern 18:46:23 gnat42, yes. regex helps a lot. your files look a lot cleaner :) 18:46:44 adimania: if you think regex looks clean ;) and can remember what its looking for :D 18:46:53 is everyone done with setting up site.pp? 18:47:00 yes just you paste it 18:47:04 Done 18:47:09 done 18:47:14 * ctria doen 18:47:23 gnat42, hostnames don't tend to be that messy (in my limited experience) 18:47:38 true 18:47:47 okay. the node section is self explained. 18:48:17 done 18:48:57 in class test we are creating a resource of type "file" with name "/test" and ensuring it to be a directory. 18:49:02 makes sense? 18:49:19 yes it will be on root directory 18:49:28 this will create a directory /test on your machine. 18:49:41 you can modify the path if you want. 18:49:47 ok puppet will create it? 18:49:47 rino, correct. 18:49:50 yes. 18:50:11 makes sense 18:50:21 if every one is done with site.pp then run "puppet agent -t" 18:50:26 if i put /test/test2 will it require me to also mention /test ? 18:50:49 * casep notice: /Stage[main]/Test/File[/test]/ensure: created :) 18:51:06 notice: /File[/test]/ensure: created 18:51:07 notice: Finished catalog run in 0.04 seconds 18:51:14 * ctria notice: Finished catalog run in 0.04 seconds 18:51:15 work .) 18:51:34 * ctria but mkdir /test is much quicker :P 18:51:45 (still getting same error from before) 18:52:07 ctria, true but imagine creating the directory on 1000 servers. 18:52:47 yes but do you need to run puppet agent -t in 1000 server? 18:53:10 ctria, to give /test/test2 the only pre-requisite is that /test is created. 18:53:20 rino: the puppet agent usually runs on a 30 minute cycle 18:53:26 if you ran service puppetd start it would do that 18:53:44 rino, puppet agent is available as a service. so you need to fire it, it fires after itself every 30 minutes by default. 18:53:57 adimania, sure, i already manage about that number of nodes 18:54:04 ok and will connect with each node 18:54:07 adimania, How can we change time * 18:54:33 thunderbirdtr, time? 18:54:41 so the only issue is how you bootstrap it� kickstart? 18:54:44 didn't get you 18:54:51 so if I want to add more packages, then I just add the package names into site.pp and wait 30min? 18:54:52 adimania: thunderbirdtr: puppet.conf run_interval or something? 18:54:54 adimania, refresh cycle 18:55:36 gnat42, run_interval yes 18:56:30 gnat42, thunderbirdtr yes, run_interval is the option to be appended to puppet.conf 18:56:40 or you can use cron, if you prefer, 18:57:25 thunderbirdtr: in my situation I have a script that runs when NetworkManager detects functioning internet, and then runs puppet and then starts the agent, then when NM detects network is down it turns the agent off... 18:57:36 shaon, there are ways to trigger puppet run remotely even if it is not scheduled. I recommend you to have a look at mcollecitve after this session 18:58:15 gnat42, that sound cool :) 18:58:28 adimania: I'll post the script... 18:58:37 gnat42, Thank you That's really good one 18:59:15 * shaon nods 18:59:15 now let us create out first module. 18:59:42 I have created a basic one at https://gitorious.org/beginner-puppet/beginner-puppet/trees/master/ 18:59:47 Please have a look. 19:00:39 download it and place the apache directory inside the modules dir. 19:00:58 http://fpaste.org/wtwh/ place that file in /etc/NetworkManager/dispatcher.d/XX-puppet where XX is the order you want it run (I use 50) 19:01:14 /etc/puppet/modules/apache 19:01:14 oh 19:01:17 and change that ping line... 19:02:05 hi 19:02:16 /etc/puppet/modules/apache? 19:02:24 is everyone done? 19:02:28 netSys, hello 19:02:38 think so 19:03:06 no 19:03:08 ls /etc/puppet/modules/apache/manifests/ init.pp install.pp service.pp 19:03:18 do a "tail -n 20 /etc/puppet/module/apache/*" 19:03:20 so the correct path is moodules apache ? 19:03:29 nope. sorry, my bad 19:03:41 casep gave the correct path 19:03:42 where a i need to download it? 19:03:47 ok 19:04:36 do a "tail -n 20 /etc/puppet/modules/apache/manifests/" 19:04:49 actually "tail -n 20 /etc/puppet/modules/apache/manifests/*" 19:05:11 this will show you the content of all the files. 19:05:31 the most important file for any module is manifests/init.pp 19:05:47 check out what is says. 19:05:53 how i can faster from the web that you gave us 19:06:39 rino, on your right, there is a link to download as tar.gz 19:06:40 adimania, http://fpaste.org/egis/ 19:06:41 using copy paste.. 19:06:46 ahh :S 19:07:04 thunderbirdtr, perfect. 19:08:01 the init.pp file is just telling puppet to include two of the sub classes which is install and service. 19:09:01 wget --> internal server error 19:09:18 now puppet is capable of managing several kind of machines including all major linux distros, bsd, solaris and windows. 19:09:51 dashcom, i think you need to click on the url in your browser. 19:10:01 tarball is dynamically generated. 19:10:15 # wget https://gitorious.org/beginner-puppet/beginner-puppet/archive-tarball/master --no-check-certificate 19:10:28 kk 19:10:30 # mv master master.tar.gz 19:10:49 or use link git://gitorious.org/beginner-puppet/beginner-puppet.git 19:11:34 now should we have a look at install class? 19:12:03 If everybody is ready ? yes 19:12:31 yes 19:12:35 okay. let us have a look. 19:13:10 this class will install apache on your machine. 19:13:37 sorry what? 19:13:37 I picked this example because apache has different names across the distros. 19:13:54 rino, open up install.pp 19:14:04 ok 19:14:55 so we are going to install a resource of type package. the name changes across the distributions. 19:15:22 ok just running agent again? 19:15:26 so on the basis of your operating system, the name will be decided. 19:15:57 rino, no. I am not talking about agent. I am talking about the class in install.pp 19:16:20 nothing will happen if you run agent at this point. 19:16:24 ok just understanding the content 19:16:44 is this class understood? 19:17:11 I am expecting questions here. 19:17:23 yes 19:17:24 does this run all the time? 19:17:39 i mean every X minutes it will do this check and install the package if needed? 19:17:40 Do i need to have configured other repos? 19:18:16 ctria, no and the reason is interesting. 19:18:31 so it has user provide os and installs accordingly 19:18:36 rino, yes. httpd should be available in one of your repos 19:18:56 or does it just retrieve that maybe 19:19:14 dashcom, user needs to provide the os in this case since the package name was different across the distros 19:19:27 ok 19:20:07 so if you want mysql, you need not do this or if you have only fedora, rhel and centos to manage and not debian or its derivatives. 19:20:59 okay now I want all of you to fire a command "facter" on your terminals. 19:21:15 for client ? 19:21:20 yes. 19:21:45 ok on server because i do not have client configured 19:22:03 rino, your server and client are same. 19:22:12 hm nice 19:22:13 I get my machine all info 19:22:16 just fire the command. it will work fine. 19:22:17 that's too long :) 19:22:51 ok the output is long .. 19:23:08 ctria, this answers your previous question. puppet use this info to estimate that anything has changed or not. 19:23:33 so if apache is installed, it won't try to install it on every run. 19:24:02 and if not? 19:24:17 if anyone is interested, actually there are ways to store this info and create a nice inventory tool out of it. :) 19:24:34 rino, if not then it'll install it. 19:24:38 so it stateful interesting 19:24:42 not happened 19:24:52 rino, what did not happened? 19:25:01 installation of httpd package 19:25:37 yes. it won't happened right now. you have just placed the module. You still need to include it in your node. 19:25:47 :) 19:25:50 now everyone, open up site.pp again. 19:26:12 ok 19:26:36 there 19:26:42 just like there is an "include test", after that add "include apache" 19:27:03 in next line. 19:27:15 done 19:27:46 ok 19:28:04 notice: /Stage[main]/Apache::Service/Service[apache]/ensure: ensure changed 'stopped' to 'running' 19:28:05 notice: /File[/test]/seltype: seltype changed 'etc_runtime_t' to 'default_t' 19:28:05 notice: Finished catalog run in 3.99 seconds 19:28:17 done 19:28:28 just add and then? 19:28:37 it should look like http://fpaste.org/tfOm/ 19:28:45 notice: /Stage[main]/Apache::Service/Service[apache]/ensure: ensure changed 'stopped' to 'running' 19:28:51 after you do that, run "puppet agent -t" 19:29:08 done 19:29:19 casep, thunderbirdtr : I guess you guys had httpd package already. 19:29:29 rr: /Stage[main]/Apache::Service/Service[apache]/ensure: change from stopped to running failed: Could not start Service[apache]: Execution of '/sbin/service httpd start' returned 1: at /etc/puppet/modules/apache/manifests/service.pp:11 19:29:34 and I do not have it installed 19:29:49 still in process.. 19:29:50 rino, that is what i was looking for :) 19:29:58 info: Applying configuration version '1327606167' 19:29:58 err: /Stage[main]/Apache::Service/Service[apache]/ensure: change from stopped to running failed: Could not start Service[apache]: Execution of '/sbin/service httpd start' returned 1: at /etc/puppet/modules/apache/manifests/service.pp:11 19:29:58 notice: /Stage[main]/Apache::Install/Package[apache]/ensure: created 19:29:58 notice: Finished catalog run in 11.10 seconds 19:29:58 great :) 19:30:00 do not install it manually 19:30:06 I think we should delete :)) 19:30:22 rino, don't install apache manually 19:30:25 shall i need to stop the process ? 19:30:44 because i do not have any output the last is the error that i paste 19:30:58 ctria, if you can run "rpm -qa|grep httpd", you'll see that httpd got installed. 19:31:09 yeap 19:31:14 adimani: yep is pre-requisite for (gnome-user-share), could I just delete it and try it again? 19:31:14 rino, wait for a minute. 19:31:18 ok 19:31:25 notice: /Stage[main]/Apache::Install/Package[apache]/ensure: created 19:31:25 notice: /File[/test]/seltype: seltype changed 'etc_runtime_t' to 'default_t' 19:31:27 casep, sure 19:31:28 notice: Finished catalog run in 132.78 seconds 19:31:42 and installed :) 19:31:49 rino, cool 19:32:15 rino either my line or my node is faster :P 19:32:33 now those who saw the error, it was because puppet tried to start the httpd process but it was not installed. 19:32:33 ajaj here in argentina the internet is not so good :S 19:32:42 notice: /Stage[main]/Apache::Install/Package[apache]/ensure: created 19:32:43 notice: /Stage[main]/Apache::Service/Service[apache]/ensure: ensure changed 'stopped' to 'running' 19:32:45 should it have started httpd, too? 19:32:46 cool 19:32:58 info: Caching catalog for fedora.hp.dv6.pavilion.3031.et 19:32:58 info: Applying configuration version '1327606035' 19:32:58 notice: /Stage[main]/Apache::Install/Package[apache]/ensure: created 19:32:58 notice: /Stage[main]/Apache::Service/Service[apache]/ensure: ensure changed 'stopped' to 'running' 19:32:58 notice: Finished catalog run in 20.14 seconds 19:33:03 now if you run the puppet again, it'll start the httpd daemon. 19:33:14 I re-installed via puppet again 19:33:35 thunderbirdtr, awesome. it is working for you then :) 19:33:46 it did 19:33:56 notice: /Stage[main]/Apache::Service/Service[apache]/ensure: ensure changed 'stopped' to 'running' 19:33:59 notice: Finished catalog run in 3.20 seconds 19:34:22 http://fpaste.org/Bngm/ 19:34:22 and is runnign :) 19:34:26 well I installed and run it in one time 19:34:32 I would suggest you guys to go through puppet doc after the session 19:34:35 #link http://docs.puppetlabs.com/guides/language_guide.html 19:34:42 failed to start for some reason, with the output as pasted above 19:34:54 that's all? 19:34:57 muep, that is fine. 19:35:04 rino. not yet :) 19:35:20 :) 19:35:37 muep, it failed to start the httpd since there wasn't one to start. 19:35:51 adimania: it first tries to start it and only then installs it? 19:35:51 check "rpm -qa|grep httpd" 19:36:08 muep, that is actually random. 19:36:20 but you can specify the order, 19:36:41 but this setup just did not happen to specify dependencies for them? 19:36:44 check out "before" and "requires" for puppet after the session. 19:37:10 ok, thanks 19:37:25 this happened because it was defined in /etc/puppet/modules/apache/manifests/service.pp 19:38:04 it won't try to start it if you remove the service class in init.pp file. 19:38:31 okay. I guess everyone is done here. 19:38:45 now should we move on to adding an external node? 19:38:52 sure thing :) 19:39:00 yeah 19:39:56 cool. if anyone does not have access to another node, then you can just try to capture the concept. 19:40:20 so in the node we need to configure /etc/hosts ? 19:40:24 and then just run agent? 19:40:25 I am installing another vm, so will follow with delay 19:40:38 adimania, I have 2 machine in here 19:40:45 me too 19:40:55 now, first thing is that your master and client should be pingable by name (not only ip) 19:41:34 I suggest you name the client as something else like "localclient.localdomain" 19:41:40 do i need use the same domain,or it will be totatilly different 19:41:44 do not mess up with the name of server 19:41:51 ok the same? 19:41:53 like 19:41:53 any domain will do 19:42:09 ip localclient.localdomain 19:42:41 bottom line is that server and client should be pingable by each other. 19:42:53 rino, correct. 19:43:18 make relevant entries in your /etc/hosts 19:43:34 ok both are pingable 19:43:51 one localhost.localdomain and the other localclient.localdomain 19:44:13 packet puppet only installed on localclient 19:44:17 make sure that when you ping localhost.localdomain from client, it does not ping 127.0.0.1 19:44:44 yes i change it 19:44:45 it should ping the puppet server. 19:44:53 both with eth0 ip 19:45:47 cool. if you have firewalls up then either allow port 8140 or turn off firewall for sometime (don't do this on production servers) 19:46:25 ok 19:46:33 now do a yum install puppet on client 19:46:43 done .) 19:46:47 ok 19:46:55 I can't ping it ? 19:47:17 if you did that already and tried to connect puppet master before then you might need to delete /var/lib/puppet/ssl on client only. 19:47:32 thunderbirdtr, issues with your /etc/hosts? 19:47:45 I think so 19:48:12 can you do a fpaste? 19:48:38 http://fpaste.org/5Lvz/ 19:48:58 is this your client? 19:49:11 what is fqdn you are using on server? 19:49:30 http://www.fpaste.org/HU3M/ 19:49:33 there is no entry for puppet master. you need to do that, 19:49:49 It's server 19:49:59 for client 19:50:09 wait a sec 19:50:22 rino, that looks right. are you facing any trouble? 19:50:30 I do not know the next step 19:50:36 if i did puppet agent -t 19:50:39 i have error on client 19:50:42 http://fpaste.org/FOPU/ 19:51:35 thunderbirdtr, you have not made any entries for server or client on any of the boxes. 19:51:50 check out rino's hosts file at http://www.fpaste.org/HU3M/ 19:52:08 I have those error on client when i did puppet command http://www.fpaste.org/fmdI/ 19:52:35 rino, expected :) 19:52:38 I see now I'm re-configure now 19:52:41 great :) 19:53:10 now on master check out the certs "puppet cert --list" 19:53:50 #topic adding external nodes 19:53:52 localclient.localdomain (17:C2:55:89:65:ED:50:40:2A:93:E5:7C:A5:93:74:2D) 19:54:43 now sign the cert on master "puppet cert --sign localclient.localdomain" 19:56:00 done 19:56:05 notice: Removing file Puppet::SSL::CertificateRequest localclient.localdomain at '/var/lib/puppet/ssl/ca/requests/localclient.localdomain.pem' 19:56:36 there is no libselinux-ruby package for RHEL 6 19:57:17 trying on client --> http://www.fpaste.org/0aUz/ 19:57:20 wrsturm, is it related to this session? 19:57:52 rino, expected again :) 19:57:53 my hosts files seem fine, ping works, but still errors on 'puppet agent -t' and no cert request found on server for client 19:58:04 :) 19:58:15 the same error that me 19:58:17 same with dashcom 19:58:27 dashcom, "puppet agent -t --server=" 19:58:57 tyying to install puppet on an RHEL6 test machine 19:59:14 remember client does not know about the server unless you tell it via commandline argument or define it in puppet.conf 19:59:24 adimania: run that on puppet server, then client, right? 19:59:29 wrsturm: im using red hat 6 with server without any problem 19:59:34 wrsturm, you need epel repo for puppet to work on rhel 19:59:54 dashcom, only client for now. 19:59:59 ok 20:00:08 though running on server too will not do any harm 20:00:09 (I have server specified in puppet.conf) 20:00:22 still error 20:00:47 can you paste your puppet.conf and the error on fpaste 20:00:51 I have first one error because the cert is not signed 20:00:57 I'm getting same error as rino 20:00:58 paste the client's puppet.conf 20:01:05 and then another error that im waiting to solve it 20:01:13 dashcom, then go on server to sign it 20:01:31 dashcom: first you neet to list cert , and the use the listed cert to sign it 20:01:40 "puppet cert --list" will return you the client's fqdn to be signed 20:01:52 client puppet.conf: http://www.fpaste.org/2iTo/ 20:02:05 then "puppet cert --sign " 20:02:16 puppet cert --list; then puppet cert --sign localclient.localdomain (use your fqdn) 20:03:02 dashcom, is this the fqdn you were using at the master till now: lunaii.seventhring.tzo.net? 20:03:57 yes 20:04:22 did you see anything when you run puppet cert --list? 20:04:27 no 20:04:32 me too 20:04:46 puppet cert --list needs to be run on master 20:05:10 I get no response when doing so 20:05:10 what is the next step i need to go in 20m :S 20:05:14 make sure that you are addressing master by its hostname 20:05:36 next step would be to add the node in site.pp on master 20:05:49 it should look something like http://fpaste.org/MYhm/ 20:06:03 replace the fqdn wherever required. 20:06:16 we need client for this step 20:06:54 thunderbirdtr, have you fixed your hosts file? 20:07:46 done adimania 20:07:57 ok, fixed site.pp 20:08:07 dashcom: running "hostname" command on your puppet server returns lunaii.seventhring.tzo.net? 20:08:19 yes 20:08:24 adimania: i ranpuppet agent -t --server=localhost.localdomain 20:08:42 rino, you should now get apache on your client. 20:08:45 and it is in running maybe is installing apache :S 20:08:53 notice: Finished catalog run in 49.14 seconds 20:08:56 adimania, I fixed 20:09:07 yes installed and running .) 20:09:12 The libselinux-ruby is in the rhel-x86_64-server-optional-6 which was not enabled for the system 20:09:29 http://fpaste.org/rwxm/ 20:09:30 thunderbirdtr, so you are able to ping server and client form each other? 20:09:43 wrsturm: for is working 20:09:50 [root@localhost manifests]# cat /etc/redhat-release 20:09:50 CentOS release 6.1 (Final) 20:09:57 I can ping yes 20:10:21 this is you master, right? 20:10:27 yay, another fedora test page mirror :-) 20:10:39 adimania: for me work all fine.. 20:11:02 rino, yup. congrats. You are the first graduate of this class :) 20:11:05 adimania, I do now 20:11:09 I forget to 20:11:13 add server on client 20:11:19 now I get info correctly 20:11:32 I will add to cert list now 20:11:40 adimania: wow :) i like it i will try to do something in a real enviroment :) 20:11:41 thunderbirdtr, cool 20:11:41 fedora16verne.asus (49:CF:42:88:EE:18:F0:D0:00:4D:E5:FF:8B:53:12:8B) 20:11:52 notice: Signed certificate request for fedora16verne.asus 20:11:52 notice: Removing file Puppet::SSL::CertificateRequest fedora16verne.asus at '/var/lib/puppet/ssl/ca/requests/fedora16verne.asus.pem' 20:12:00 thunderbirdtr, you are on right track. 20:12:06 I will delete apache on client and try back to install 20:12:12 after add your line for client 20:12:25 adimania, what if remove an "include" will it revert the actions? 20:12:38 or at least uninstall the package 20:12:40 thunderbirdtr, and don't forget to add the node in site.pp 20:12:50 ctria, interestingly no. 20:12:59 damn, 20:13:25 ctria, but there is a way :) 20:13:35 re-install the node? 20:13:46 check out the install.pp in the apache module 20:13:56 I get 'no route' from client to server (ping works, hosts is set up) 20:14:16 wrsturm: check my package dependencies http://fpaste.org/tJjL/ 20:14:24 put something like "ensure => uninstalled" 20:14:24 you see the line "ensure => installed". just set it to "ensure => absent" 20:14:40 yes but i still need to know the previous state 20:14:42 adimania, I do now 20:14:50 adimania, I install apache and running now 20:14:59 thunderbirdtr, congrats :) 20:15:05 i'm actually looking of a tool that if i give it 2 node definitions 20:15:14 wrsturm: http://fpaste.org/MJ7P/ 20:15:15 it will give me the same results 20:15:18 http://www.fpaste.org/wxJf/ 20:15:22 no matter what was the previous state 20:15:44 adimania: thank you a lot for your time 20:15:57 I must go now :S 20:15:58 ctria, i dont think multiple node def for single are allowed in puppet. 20:16:10 rino, you are welcome 20:16:12 no no 20:16:19 rino, Goodbye 20:16:19 i mean if i define node001 and node002 20:16:26 and they both have "include apache" 20:16:36 to be sure that the only include the apache 20:16:46 no matter if node002 had mysql-server too in past 20:17:01 bye guys :) 20:17:07 bye rino 20:17:08 bye rino 20:18:10 ctria, see removing definitions just means that you don't want to touch it. If you want it to be gone then you have to do a "ensure => absent" or something similar 20:18:44 dashcom, something is really messed up with your hosts file. 20:18:55 can you paste it? 20:19:13 client or server? 20:19:32 both 20:20:31 client hosts http://www.fpaste.org/XOAg/ 20:21:30 server? 20:22:23 dashcom, server hosts file? 20:22:27 http://www.fpaste.org/0aOf/ 20:22:34 ah, I had to same name accidentally 20:22:41 on server and client 20:22:42 i need to run. adimania, all, thank you very much for this class 20:23:00 ctria, you are welcome :) 20:23:32 dashcom, yes. I guess that will solve your problem. 20:23:52 yes, thanks so much for showing us puppet 20:24:05 I need to end this session. need to catch some sleep before I go to work. 20:24:15 dashcom, you are welcome :) 20:24:15 adimania, Thank you so much 20:24:24 adimania, Great lessson 20:24:28 ok, bye 20:24:32 thunderbirdtr, no problem. 20:24:35 dashcom, bye 20:24:44 thanks guys for all the patience :) 20:25:46 I am ending the session now. You can catch me on #fedora-india or #fedora-admin for any questions. 20:25:50 #endmeeting