Talk I gave at puppetcamp seattle 2014 http://goo.gl/b2NISc
In the first part, Troubleshooting Puppet talks about problems with communication, how to make sure puppet is running and connecting to a master. In the second part, the talk moves on to compilation and catalog application issues. Real world solutions are presented throughout.
This keeps coming up so I thought I'd share one trick we've used to figure out if there are stale nodes out there. These are nodes that are failing to update for various reasons that won't be reported in your reporting mechanism. One of the common causes is an expired or revoked certificate. The agent never gets far enough to report a failure.
I've been running into the 800 node limit on mcollective and splitting up my nodes into subcollectives. I had a spot where I couldn't split up the nodes, so I started looking at why we were hitting this 800 node wall.
I'm using activemq with the ssl plugin, after turning on all the debugging I could find in activemq, it turns out it's just a simple resource limit problem.
I wanted to apply puppet classes to a node using a script, I started looking at the foreman REST API but stumbled upon the foreman_api ruby. I specified hostgroups in foreman and added puppet classes to the hostgroups. The idea is that I want to be able to change the hostgroups using a script.
Running things through irb this is what I came up with for changing the hostgroups.
#!/usr/bin/ruby
require 'rubygems'
require 'foreman_api'
hostname='node1.example.com'
My puppet book was released July 25th on Packtpub.com
You can also grab a copy from Amazon or O'reilly
Winners will be announced shortly, contest closed Thursday August 22 at midnight PDT
While configuring OMD (yes, Orchestral Manoeuvers in the Dark, no, not really) I ran into a point at which apache was supposed to run as the OMD user for check_mk. Hard coded into the check_mk configuration is a call to
sudo su - check_mk -c check_mk\ --automation\ *
I'm not sure of the utility of this, but maybe it'll be useful to someone else. I was requested to output all the facts from a system in xml, not wanting to type much I made the following script...
#!/usr/bin/env rubyrequire 'facter'
require 'rubygems'
require 'activesupport'Facter.loadfacts
facts = {}for fact in Facter.list.sort
facts[fact] = Facter.value(fact)
endxml = facts.to_xml(:root => "facts")
print xml
The output looks like the following:
Scenario
machine A (192.168.100.1) provides resource A on port 8888
machine B (192.168.200.1) needs to access resource A
without modifying machine B (not allowed), create machine C and have any traffic to machine C on port 8888 forwarded to machine A. Then tell machine B that machine C is machine A and nobody is the wiser. None of the examples I found online had this working properly.
I routinely used to transfer data between systems using rsync. Since I wanted the communication to be secure I used ssh-keys, I noticed that my trick for using a command in the key isn't terribly well documented, so here is how I do it...
Goal: Keep /opt/before on machine B in sync with /opt/after on machine A.
On machine A, create an ssh key for this
$ ssh-keygen -f id_rsync
I was trying to allow a user to sudo to another account and run a specific command. I'm not a fan of getting them to run through su since it doesn't make much sense to involve a third tool in the equation. I could get it working with the following:
theiruser ALL=(runasuser) NOPASSWD:/usr/local/bin/script.sh