Re: [Puppet Users] Possible to push changes to nodes?

[Stuart Cracraft]

The pulls are automatic

from the puppet agents and

depend on the setting of

runinterval in each client's

puppet.conf. 

push technology is considered

not very "cloud-like". 

That being said, I also want to know if puppet had a push-to-all

feature but have not googled or looked at puppetlabs.com for this feature yet. 

--Stuart

Via Apple iPhone 4S on the AT&T Wireless Network

On Jul 27, 2012, at 8:53 AM, Sandra Schlichting <littles...@gmail.com> wrote:

Dear readers,

When I have made a change to a template, class or file, is it then possible to push this change to the node(s), so they get the changes now?

I would like to be able to push the change from the master, and not have to login to each node and pull.

Is that possible?

Hugs,

Sandra

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/iVAfF5hNUpEJ.
To post to this group, send email to puppet...@googlegroups.com.
To unsubscribe from this group, send email to puppet-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

[Nan Liu]

On Fri, Jul 27, 2012 at 8:53 AM, Sandra Schlichting

<littles...@gmail.com> wrote:
> Dear readers,
>
> When I have made a change to a template, class or file, is it then possible
> to push this change to the node(s), so they get the changes now?
>
> I would like to be able to push the change from the master, and not have to
> login to each node and pull.

MCollective + Puppet Commander is probably the best way at the moment
for large number of nodes.

Nan

[Stephen J.]

MCollective + Puppet Commander is probably the best way at the moment
for large number of nodes.

Nan

For lots of nodes, MCollective is definitely the way to go. For smaller environments where you need one-off server initiated puppet runs, there's also 'puppet kick'

http://docs.puppetlabs.com/man/kick.html

-Steve

[Nick Fagerlund]

On Friday, July 27, 2012 9:41:28 AM UTC-7, Stephen J. wrote:

For lots of nodes, MCollective is definitely the way to go. For smaller environments where you need one-off server initiated puppet runs, there's also 'puppet kick'

http://docs.puppetlabs.com/man/kick.html

Note that getting puppet kick working is a multi-step process:

- Gotta change all agents' puppet.conf to have listen = true in either [main] or [agent].
- Gotta open port 8139 to incoming connections on every agent node's firewall. 
- Gotta add the following stanza somewhere near the top of each agent node's auth.conf file:

path /run
auth yes
allow puppet.example.com

(trading puppet.example.com for your puppet master's certname.)

Given that, you might find MCollective not that much more work.

[jcbollinger]

On Friday, July 27, 2012 11:30:16 AM UTC-5, Stuart Cracraft wrote:

The pulls are automatic

from the puppet agents and

depend on the setting of

runinterval in each client's

puppet.conf.

Or alternatively, it seems to be fairly popular to schedule agent runs via cron with --onetime --no-daemonize.  Some care is required in that case to spread out the agents so that they don't all hit the master at once, but that's doable.  Be aware that running the agent that way forecloses the possibility of using "puppet kick".

Others have described the best options I know for pushing out an urgent update.  Note that for that case too you need to take care not to overload the master if you have many nodes.


John

[Jakov Sosic]

You can push configuration through puppet itself, so it's not a big deal.

Although main issue is if you are using or planning to use mcollective
or not. If not, then kick is the only option to "push", and if yes then
mcollective with puppetd plugin.

I use the latter and it works superbly! For example I disable all the
puppet agents and enable them only when I change the manifests. One can
use shell script and help itself with the sleep(1) or disperse load
through mcollective. That way load on puppetmaster is eliminated.


--
Jakov Sosic
www.srce.unizg.hr

[Sandra Schlichting]

Note that getting puppet kick working is a multi-step process:

- Gotta change all agents' puppet.conf to have listen = true in either [main] or [agent].
- Gotta open port 8139 to incoming connections on every agent node's firewall. 
- Gotta add the following stanza somewhere near the top of each agent node's auth.conf file:

path /run
auth yes
allow puppet.example.com

That is very interesting!

I have now tried this with Puppet 3.0rc3, and on the node side I get

Error: Could not find indirection 'run'

so I have filed a bug report

http://projects.puppetlabs.com/issues/15717

Do you think it could be a bug, or am I doing something wrong?

My setup is explained in the bug report =)

 

[Jakov Sosic]

On 07/31/2012 11:08 AM, Sandra Schlichting wrote:
> Note that getting puppet kick working is a multi-step process:
>
> - Gotta change all agents' puppet.conf to have listen = true in
> either [main] or [agent].
> - Gotta open port 8139 to incoming connections on every agent node's
> firewall.
> - Gotta add the following stanza somewhere near the top of each
> agent node's auth.conf file:
>
> path /run
> auth yes

> allow puppet.example.com <http://puppet.example.com>

>
>
> That is very interesting!
>
> I have now tried this with Puppet 3.0rc3, and on the node side I get
>
> Error: Could not find indirection 'run'
>
> so I have filed a bug report
>
> http://projects.puppetlabs.com/issues/15717
>
> Do you think it could be a bug, or am I doing something wrong?
>
> My setup is explained in the bug report =)

Could you post your whole auth.conf once more? And maybe try to put this:

[puppetrunner]
allow *

to your client's /etc/puppet/namespace.auth?

Also check if your DNS is working ok.


--
Jakov Sosic
www.srce.unizg.hr

[Sandra Schlichting]

Could you post your whole auth.conf once more?

Sure =) I haven't touched anything besides adding your lines towards the bottom

auth.conf

http://pastebin.com/1Vv0y2tc

debug output from node

http://pastebin.com/h5cTHxUS

namespace.auth

http://pastebin.com/6Qut6MSJ

puppet.conf

http://pastebin.com/54Q1hyVS

 

And maybe try to put this:

[puppetrunner]
    allow *

to your client's /etc/puppet/namespace.auth?

I didn't had such file before, but even with, I get the same error. The debug log is with this file in place.

 

Also check if your DNS is working ok.

Just tested. They work both ways.

 

[Eric Sorenson]

We saw this too, and I don't think it's intentional. 

[Nick Fagerlund]

On Tuesday, July 31, 2012 6:03:37 AM UTC-7, Jakov Sosic wrote:

... And maybe try to put this:

[puppetrunner]
    allow *

to your client's /etc/puppet/namespace.auth?

Don't use namespaceauth.conf; it's vestigial code and does nothing. Patrick and I proved last week that it's fully inert in at least Puppet 2.7 and later, so it'll have no effect on what you're seeing. (Although there was a bug during the 2.6 series where we required the file to be PRESENT even though we never consulted it. That was pretty cool.)

And yes, Sandra's experience sounds like a bug! Thank you for reporting.