Sometimes you want to use variable variables, for instance when you want to iterate over all the ipaddress_* facts that facter found. Using something like ${ipaddress_$if} doesn’t work, though. Inline_template to the rescue! Volcane on IRC suggested the following solution, which works great:

$ifs = split($interfaces,",")

define do_this {
	$mule = "ipaddress_${name}"
	$donkey = inline_template("<%= scope.lookupvar(mule) %>")

	notify { "Found interface $donkey":; }
}

do_this { $ifs:; }

This will output:

$ sudo puppet net.pp
notice: Found interface 172.29.121.22
notice: //Do_this[eth0]/Notify[Found interface 172.29.121.22]/message: defined 'message' as 'Found interface 172.29.121.22'
notice: Found interface 213.207.83.56
notice: //Do_this[eth1]/Notify[Found interface 213.207.83.56]/message: defined 'message' as 'Found interface 213.207.83.56'

Hope this helps someone else! Leave a message if it does.

Recently, I found a way to make the GlassFish supplied pkg(5) tool run using Debian’s python interpreter and associated libs. I also spent a while trying to package it in a sane way, but I’m afraid I lack the knowledge of Java and Debian package internals to do this properly (I’ve requested the package, though). But in the meantime we still need a nice way to setup GlassFish on a Debian Lenny machine. So I’ve turned to puppet, as usual.

You can find the module here: glassfish.tar.bz2 (12.8kB)

It doesn’t contain everything, though. You still need to download the glassfish ZIP file from here and rename that file to glassfish.zip and add it in the files directory of the module. After that, you can just include glassfish and it gets set-up!
Read the rest of this entry »

Ubuntu 10.04 LTS “Lucid Lynx” supports LUKS quite well per default. This is a nice feature if you’re seeking for some extra security. But what if you want a real two-factor based solution?

In the office we have been using OpenPGP cards for quite some time now to secure data. It seemed a good idea to use the newly released USB version of the OpenPGP card combined with LUKS. Very easy to use since you only need to rember your PIN code and very secure as well (even more if you use 2048 or even 3072 bits keys).

Let’s assume you already own an OpenPGP card (smartcard or USB version) and are familiar with GnuPG. Nice, but what about the rest?

Ubuntu 10.04 Live DVD

While setting up GlassFish 3.0.1 for a customer on Debian Lenny using 64 bit machines, I ran into the problem that the update tool shipped with GlassFish (OpenSolaris‘s pkg tool) uses a Python interpreter which is part of the package. That Python interpreter however is 32 bit, which requires the ia32 libraries to be installed. Worse, it requires lididn in 32 bit, which is not part of the default Debian packages, so I had to get that one from the (very nice) Debian Multimedia repository. Although that’s a quick fix to get stuff working, we rather not use these repositories on production machines, due to security concerns and the like. Also, upgrades are easier if you only use the standard Debian repositories.

So I decided to see if I could get it working with the Debian supplied Python interpreter. One problem is that there’s a shared object file written in C which is part of the pkg application. That file is a 32 bit ELF too. So we’re going to download that source and recompile it for 64 bit. If you’re on a 32 bit system, you can skip that step (although it doesn’t hurt to do it anyway). First, we need to install the following packages:
Read the rest of this entry »

Due to a silly networking problem originating from the LVS installation we’re using, we’re stuck with a setup in which machines in the DMZ cannot access themselves via their external addresses. This is a problem for several scripts which refer to their own URL when doing some maintenance. Especially with a certain WordPress MU installation managed by our friends from Interconnect IT, we ran into trouble when they tried to update their WordPress code.

Puppet to the rescue. Although not something I’m especially proud of, I can imagine other using this as an example to fix other problems. What we do is use the wp-config.php from the WordPress installation to get data from the database that WordPress MU connects to. We use a PHP script to retrieve that data and format it in a comma-separated-value list. We then use this output to create a Facter fact, which we use in puppet to create entries in the /etc/hosts file.
Read the rest of this entry »

I tend to create fairly ubiquitous defines, which allow for a lot of functionality. For that, it would be nice if you could tell puppet “if value X is present in array Y, do this”. I made it a feature request for puppet (#3871), which was luckily accepted and will be implemented in the next version of puppet. However, for the time being I needed this fixed. So I spend some time creating an ugly solution for this in older versions of puppet. Hope it helps someone!

# Setup additional services for this vhost, if any are required.
# Start with a general check to prevent a lot of work when it's
# not needed.
if $allow != "" {
           # FIXME Ideally we want something that simply does
           #  for i in allow do include $http::allow_$i
           # but that doesn't work (yet?).
           # W00t! That's going to be added in 2.6! #3871
           if inline_template("<%= allow.include?('php5') %>") == "true" {
                     include allow_php5
           }
           if inline_template("<%= allow.include?('rewrite') %>") == "true" {
                     include allow_rewrite
           }
           if inline_template("<%= allow.include?('ruby') %>") == "true" {
                     include allow_ruby
           }
           if inline_template("<%= allow.include?('python') %>") == "true" {
                     include allow_python
           }
}

Was looking for a method of getting queries that are running longer than 5 minutes out of a PostgreSQL. This solution needs stats_command_string enabled in the postgresql.conf, though. The query you can run:

echo "select procpid,datname,current_query,now() - pg_stat_activity.query_start as duration from pg_stat_activity where pg_stat_activity.current_query <> ''::text and now() - pg_stat_activity.query_start > interval '5 minutes'" | sudo -u postgres psql

Hope this helps someone!

Yesterday, I talked about Puppet at the NLUUG spring conference “System Administration”. Unfortunately I was unable to talk about all details I wanted to talk about since I got short in time. Despite the fact I had to shorten (and obscurify…) my presentation, most feedback I got was quite positive.

Anyway, I hope a lot more people will choose to (let us) use Puppet in their environments!

At Friday April 30th, Kumina is closed because of Koninginnedag, a Dutch national holiday. Clients having a 24×7 support contract can report really urgent matters by telephone using our regular 24×7 support number.

This is part of an ongoing series. Check this for the complete series!

Regular Expressions are important for us. We use them a lot, mostly because it’s such a powerful tool. So our puppet recipes contain several regsubst calls too. One problem is usually that regex can be fairly complex and you’d like a nice way to check it out. After some talk on IRC (#puppet on freenode), monarchus gave me some tips for this. Simply use the interactive Ruby shell, irb, for this.

Now, I wanted to check whether a certain string ended in “:ssl” or not. I tested my regex replacement as follows:

$ irb
>> s1="www.kumina.nl:ssl"
=> "www.kumina.nl:ssl"
>> s2="www.kumina.nl"
=> "www.kumina.nl"
>> s1.sub(/.*:(ssl)$/, "\\1")
=> "ssl"
>> s2.sub(/.*:(ssl)$/, "\\1")
=> "www.kumina.nl"
>>

Read the rest of this entry »