[Puppet Users] Re: Best practice for Puppet CA servers in multiple Data Centres - upgrading to v6
Hi Luke, thanks a lot for this information, it will be very useful. Sorry I didn't reply earlier... I was particularly interested in this bit as it seems it would back up my preference to tell the boss we need to make each DC independent with it's own CA master :) Much simpler in my opinion. Cheers Chris > Intermediate Certs looks a bit fiddly but might be an option. >> Just to clarify, using these would mean we could also standup new >> client-servers in the other DCs if the main DC goes down? >> > > No, if you've got one CA / Signing Master, any new agent (fresh install) > would send it's CA signing requests to your Signing Master, also sometimes > called a Master of Masters. If you had a critical need you could turn one > of your existing masters in a DC into a CA, and then fix up the certs later > - basically destroy and re-add all the Agents once the main DC was back > online. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/3db23025-14d3-47fb-830b-edab6f0f028a%40googlegroups.com.
[Puppet Users] Bolt 1.31.0 now available
Greetings! We're happy to announce the release of Bolt 1.31.0. Highlights in this release include: - Plugins can now ship with modules - All configuration options now support file path expansion - Eliminated an incorrect error message with certain WinRM configuration settings - Improved consistency of plugin configuration and behavior For more information, check out the release notes: https://puppet.com/docs/bolt/latest/bolt_release_notes.html To try this version of Bolt, follow the installation instructions for your operating system: https://puppet.com/docs/bolt/latest/bolt_installing.html Thanks! -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAKi9oYY_XR5w-qoAsKkQF6T-C_5YcUivS2SfXWc8JD6WNfqwNg%40mail.gmail.com.
Re: [Puppet Users] Puppet agent is not applying changes
Hi Dan, I think the problem is that default should not be quoted (see https://puppet.com/docs/puppet/latest/lang_node_definitions.html#syntax): If you do node "default", then puppet will only apply the class if the node's fqdn is "default". Josh On Thu, Sep 26, 2019 at 9:55 AM Dan Crisp wrote: > Hello all, > > Been at this problem I have for nearly a week now and it's driving > crazy!!! I hope it's simply a case of someone with some fresh eyes taking > a look and showing me the error of my ways. > > Before I continue with the Puppet deployment, for testing purposes, I just > want to create a single user namely djc72uk on a single server. The > servers name is lhcadvdeveye05 and you can see below that it has > successfully generated a certificate: > > # puppetserver ca list --all > Signed Certificates: > lhcadvdeveye05.x.com (SHA256) > F1:07:CD:17:8F:0B:B5:AF:79:8A:13:F3:BA:CA:90:1A:1D:67:2C:74:C2:7F:25:3B:88:E9:34:C5:FB:50:CD:7D > puppet.fixnetix.com (SHA256) > 7D:2E:79:6D:DE:97:A7:B0:5D:EB:48:37:3D:B1:0F:B2:C3:E1:7F:ED:70:D9:EC:2D:71:BE:53:4A:7C:9B:B6:81 > alt names: ["DNS:puppet", "DNS:puppet.xx.com"] > > I'm seeing the following output from the servers when I run the agent: > > # puppet agent --no-daemonize --verbose --onetime > Info: Using configured environment 'production' > Info: Retrieving pluginfacts > Info: Retrieving plugin > Info: Retrieving locales > Info: Caching catalog for lhcadvdeveye05.xx.com > Info: Applying configuration version '1569503223' > Notice: Applied catalog in 0.24 seconds > > Looks all good here other than it's not applying the module I created > namely accounts (see below within the puppet environment). > > *Puppet Server Environment*: > > # puppet config print confdir > /etc/puppetlabs/puppet > > # ll /etc/puppetlabs/puppet > total 48 > drwxr-xr-x. 1 puppet puppet 4096 Sep 25 22:34 ./ > drwxr-xr-x. 1 root root 4096 Sep 24 12:16 ../ > -rw-r--r--. 1 puppet puppet 5487 Sep 23 22:22 auth.conf > -rw-r--r--. 1 puppet puppet 161 Sep 23 22:22 hiera.yaml > -rw-r--r--. 1 puppet puppet 697 Sep 25 22:34 puppet.conf > > # more /etc/puppetlabs/puppet/puppet.conf > [master] > vardir = /opt/puppetlabs/server/data/puppetserver > logdir = /var/log/puppetlabs/puppetserver > rundir = /var/run/puppetlabs/puppetserver > pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid > codedir = /etc/puppetlabs/code > environmentpath = $codedir/environments > autosign = true > > # puppet config print codedir > /etc/puppetlabs/code > > # puppet config print environmentpath > /etc/puppetlabs/code/environments > > # puppet config print modulepath > > /etc/puppetlabs/code/environments/production/modules:/etc/puppetlabs/code/modules:/opt/puppetlabs/puppet/modules > > # puppet module list --tree > /etc/puppetlabs/code/environments/production/modules > └── accounts (???) > /etc/puppetlabs/code/modules (no modules installed) > /opt/puppetlabs/puppet/modules (no modules installed) > > # puppet config print manifest > /etc/puppetlabs/code/environments/production/manifests > > # ls -lR /etc/puppetlabs/code > /etc/puppetlabs/code: > total 8 > drwxr-xr-x. 3 root root 4096 Sep 25 21:02 environments > drwxr-xr-x. 2 root root 4096 Sep 25 21:02 modules > > /etc/puppetlabs/code/environments: > total 4 > drwxr-xr-x. 5 root root 4096 Sep 25 20:47 production > > /etc/puppetlabs/code/environments/production: > total 20 > -rw-r--r--. 1 root root 808 Sep 25 20:47 environment.conf > -rw-r--r--. 1 root root 518 Sep 17 22:22 hiera.yaml > drwxr-xr-x. 2 root root 4096 Sep 24 20:34 manifests > drwxr-xr-x. 3 root root 4096 Sep 24 19:57 modules > > > /etc/puppetlabs/code/environments/production/manifests: > total 4 > -rw-r--r--. 1 root root 40 Sep 24 20:34 site.pp > > /etc/puppetlabs/code/environments/production/modules: > total 4 > drwxr-x---. 5 root root 4096 Sep 25 21:18 accounts > > /etc/puppetlabs/code/environments/production/modules/accounts: > total 12 > drwxr-x---. 2 root root 4096 Sep 24 20:38 manifests > > /etc/puppetlabs/code/environments/production/modules/accounts/manifests: > total 8 > -rw-r-. 1 root root 77 Sep 24 20:38 groups.pp > -rw-r-. 1 root root 224 Sep 24 20:01 init.pp > > /etc/puppetlabs/code/modules: > total 0 > > # more /etc/puppetlabs/code/environments/production/manifests/site.pp > node 'default' { > include accounts > } > > # more > /etc/puppetlabs/code/environments/production/modules/accounts/manifests/init.pp > class accounts { > > include accounts::groups > > user { 'djc72uk': > ensure => present, > home=> '/home/djc72uk', > shell => '/bin/bash', > managehome => true, > gid => 'djc72uk', > } > > } > > # more > /etc/puppetlabs/code/environments/production/modules/accounts/manifests/groups.pp > class accounts::groups { > > group { 'djc72uk': > ensure => present, > } > } > > My gut feel is that the site.pp file is in the wrong place and therefore > not being read however, based on th
[Puppet Users] Puppet agent is not applying changes
Hello all, Been at this problem I have for nearly a week now and it's driving crazy!!! I hope it's simply a case of someone with some fresh eyes taking a look and showing me the error of my ways. Before I continue with the Puppet deployment, for testing purposes, I just want to create a single user namely djc72uk on a single server. The servers name is lhcadvdeveye05 and you can see below that it has successfully generated a certificate: # puppetserver ca list --all Signed Certificates: lhcadvdeveye05.x.com (SHA256) F1:07:CD:17:8F:0B:B5:AF:79:8A:13:F3:BA:CA:90:1A:1D:67:2C:74:C2:7F:25:3B:88:E9:34:C5:FB:50:CD:7D puppet.fixnetix.com (SHA256) 7D:2E:79:6D:DE:97:A7:B0:5D:EB:48:37:3D:B1:0F:B2:C3:E1:7F:ED:70:D9:EC:2D:71:BE:53:4A:7C:9B:B6:81 alt names: ["DNS:puppet", "DNS:puppet.xx.com"] I'm seeing the following output from the servers when I run the agent: # puppet agent --no-daemonize --verbose --onetime Info: Using configured environment 'production' Info: Retrieving pluginfacts Info: Retrieving plugin Info: Retrieving locales Info: Caching catalog for lhcadvdeveye05.xx.com Info: Applying configuration version '1569503223' Notice: Applied catalog in 0.24 seconds Looks all good here other than it's not applying the module I created namely accounts (see below within the puppet environment). *Puppet Server Environment*: # puppet config print confdir /etc/puppetlabs/puppet # ll /etc/puppetlabs/puppet total 48 drwxr-xr-x. 1 puppet puppet 4096 Sep 25 22:34 ./ drwxr-xr-x. 1 root root 4096 Sep 24 12:16 ../ -rw-r--r--. 1 puppet puppet 5487 Sep 23 22:22 auth.conf -rw-r--r--. 1 puppet puppet 161 Sep 23 22:22 hiera.yaml -rw-r--r--. 1 puppet puppet 697 Sep 25 22:34 puppet.conf # more /etc/puppetlabs/puppet/puppet.conf [master] vardir = /opt/puppetlabs/server/data/puppetserver logdir = /var/log/puppetlabs/puppetserver rundir = /var/run/puppetlabs/puppetserver pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid codedir = /etc/puppetlabs/code environmentpath = $codedir/environments autosign = true # puppet config print codedir /etc/puppetlabs/code # puppet config print environmentpath /etc/puppetlabs/code/environments # puppet config print modulepath /etc/puppetlabs/code/environments/production/modules:/etc/puppetlabs/code/modules:/opt/puppetlabs/puppet/modules # puppet module list --tree /etc/puppetlabs/code/environments/production/modules └── accounts (???) /etc/puppetlabs/code/modules (no modules installed) /opt/puppetlabs/puppet/modules (no modules installed) # puppet config print manifest /etc/puppetlabs/code/environments/production/manifests # ls -lR /etc/puppetlabs/code /etc/puppetlabs/code: total 8 drwxr-xr-x. 3 root root 4096 Sep 25 21:02 environments drwxr-xr-x. 2 root root 4096 Sep 25 21:02 modules /etc/puppetlabs/code/environments: total 4 drwxr-xr-x. 5 root root 4096 Sep 25 20:47 production /etc/puppetlabs/code/environments/production: total 20 -rw-r--r--. 1 root root 808 Sep 25 20:47 environment.conf -rw-r--r--. 1 root root 518 Sep 17 22:22 hiera.yaml drwxr-xr-x. 2 root root 4096 Sep 24 20:34 manifests drwxr-xr-x. 3 root root 4096 Sep 24 19:57 modules /etc/puppetlabs/code/environments/production/manifests: total 4 -rw-r--r--. 1 root root 40 Sep 24 20:34 site.pp /etc/puppetlabs/code/environments/production/modules: total 4 drwxr-x---. 5 root root 4096 Sep 25 21:18 accounts /etc/puppetlabs/code/environments/production/modules/accounts: total 12 drwxr-x---. 2 root root 4096 Sep 24 20:38 manifests /etc/puppetlabs/code/environments/production/modules/accounts/manifests: total 8 -rw-r-. 1 root root 77 Sep 24 20:38 groups.pp -rw-r-. 1 root root 224 Sep 24 20:01 init.pp /etc/puppetlabs/code/modules: total 0 # more /etc/puppetlabs/code/environments/production/manifests/site.pp node 'default' { include accounts } # more /etc/puppetlabs/code/environments/production/modules/accounts/manifests/init.pp class accounts { include accounts::groups user { 'djc72uk': ensure => present, home=> '/home/djc72uk', shell => '/bin/bash', managehome => true, gid => 'djc72uk', } } # more /etc/puppetlabs/code/environments/production/modules/accounts/manifests/groups.pp class accounts::groups { group { 'djc72uk': ensure => present, } } My gut feel is that the site.pp file is in the wrong place and therefore not being read however, based on the above environment details, I'm struggling to see how that's possible. Any help will be appreciated here. Many Thanks, Dan, -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/34731f49-113f-4529-989d-18dd1dbe8e3d%40googlegroups.com.
[Puppet Users] Puppet client is not applying changes
Hello all, Been at this problem I have for nearly a week now and it's driving crazy!!! I hope it's simply a case of someone with some fresh eyes taking a look and showing me the error of my ways. Before I continue with the Puppet deployment, for testing purposes, I just want to create a single user namely djc72uk on a single server. The server hostname is lhcadvdeveye05 and you can see below that it has successfully generated a certificate: # puppetserver ca list --all Signed Certificates: lhcadvdeveye05.x.com (SHA256) F1:07:CD:17:8F:0B:B5:AF:79:8A:13:F3:BA:CA:90:1A:1D:67:2C:74:C2:7F:25:3B:88:E9:34:C5:FB:50:CD:7D puppet.xx.com (SHA256) 7D:2E:79:6D:DE:97:A7:B0:5D:EB:48:37:3D:B1:0F:B2:C3:E1:7F:ED:70:D9:EC:2D:71:BE:53:4A:7C:9B:B6:81 alt names: ["DNS:puppet", "DNS:puppet.xx.com"] I'm seeing the following output from the server when I run the agent: # puppet agent --no-daemonize --verbose --onetime Info: Using configured environment 'production' Info: Retrieving pluginfacts Info: Retrieving plugin Info: Retrieving locales Info: Caching catalog for lhcadvdeveye05.xx.com Info: Applying configuration version '1569503223' Notice: Applied catalog in 0.24 seconds Looks all good here other than it's not applying the module I created namely accounts (see below within the puppet environment). *Puppet Server Environment:* # puppet config print confdir /etc/puppetlabs/puppet # ll /etc/puppetlabs/puppet total 48 drwxr-xr-x. 1 puppet puppet 4096 Sep 25 22:34 ./ drwxr-xr-x. 1 root root 4096 Sep 24 12:16 ../ -rw-r--r--. 1 puppet puppet 5487 Sep 23 22:22 auth.conf -rw-r--r--. 1 puppet puppet 161 Sep 23 22:22 hiera.yaml -rw-r--r--. 1 puppet puppet 697 Sep 25 22:34 puppet.conf # more /etc/puppetlabs/puppet/puppet.conf [master] vardir = /opt/puppetlabs/server/data/puppetserver logdir = /var/log/puppetlabs/puppetserver rundir = /var/run/puppetlabs/puppetserver pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid codedir = /etc/puppetlabs/code environmentpath = $codedir/environments autosign = true # puppet config print codedir /etc/puppetlabs/code # puppet config print environmentpath /etc/puppetlabs/code/environments # puppet config print modulepath /etc/puppetlabs/code/environments/production/modules:/etc/puppetlabs/code/modules:/opt/puppetlabs/puppet/modules # puppet module list --tree /etc/puppetlabs/code/environments/production/modules └── accounts (???) /etc/puppetlabs/code/modules (no modules installed) /opt/puppetlabs/puppet/modules (no modules installed) # puppet config print manifest /etc/puppetlabs/code/environments/production/manifests # ls -lR /etc/puppetlabs/code /etc/puppetlabs/code: total 8 drwxr-xr-x. 3 root root 4096 Sep 25 21:02 environments drwxr-xr-x. 2 root root 4096 Sep 25 21:02 modules /etc/puppetlabs/code/environments: total 4 drwxr-xr-x. 5 root root 4096 Sep 25 20:47 production /etc/puppetlabs/code/environments/production: total 20 -rw-r--r--. 1 root root 808 Sep 25 20:47 environment.conf -rw-r--r--. 1 root root 518 Sep 17 22:22 hiera.yaml drwxr-xr-x. 2 root root 4096 Sep 24 20:34 manifests drwxr-xr-x. 3 root root 4096 Sep 24 19:57 modules /etc/puppetlabs/code/environments/production/manifests: total 4 -rw-r--r--. 1 root root 40 Sep 24 20:34 site.pp /etc/puppetlabs/code/environments/production/modules: total 4 drwxr-x---. 5 root root 4096 Sep 25 21:18 accounts /etc/puppetlabs/code/environments/production/modules/accounts: total 12 drwxr-x---. 2 root root 4096 Sep 24 20:38 manifests /etc/puppetlabs/code/environments/production/modules/accounts/manifests: total 8 -rw-r-. 1 root root 77 Sep 24 20:38 groups.pp -rw-r-. 1 root root 224 Sep 24 20:01 init.pp /etc/puppetlabs/code/modules: total 0 # more /etc/puppetlabs/code/environments/production/manifests/site.pp node 'default' { include accounts } # more /etc/puppetlabs/code/environments/production/modules/accounts/manifests/init.pp class accounts { include accounts::groups user { 'djc72uk': ensure => present, home=> '/home/djc72uk', shell => '/bin/bash', managehome => true, gid => 'djc72uk', } } # more /etc/puppetlabs/code/environments/production/modules/accounts/manifests/groups.pp class accounts::groups { group { 'djc72uk': ensure => present, } } Nothing complaining here: # puppet parser validate /etc/puppetlabs/code/environments/production/manifests/site.pp # puppet parser validate /etc/puppetlabs/code/environments/production/modules/accounts/manifests/init.pp # puppet parser validate /etc/puppetlabs/code/environments/production/modules/accounts/manifests/groups.pp My gut feel is that the site.pp file is in the wrong place and therefore not being read however, based on the above environment details, I'm struggling to see how that's possible. Any help will be appreciated here. Many Thanks, Dan. -- You received this message because you are subscribed to the Google Groups "P
[Puppet Users] Puppet client is not applying changes
Hello all, Been at this problem I have for nearly a week now and it's driving crazy!!! I hope it's simply a case of someone with some fresh eyes taking a look and showing me the error of my ways. Before I continue with the Puppet deployment, for testing purposes, I just want to create a single user namely djc72uk on a single server. The server hostname is lhcadvdeveye05 and you can see below that it has successfully generated a certificate: # puppetserver ca list --all Signed Certificates: lhcadvdeveye05.x.com (SHA256) F1:07:CD:17:8F:0B:B5:AF:79:8A:13:F3:BA:CA:90:1A:1D:67:2C:74:C2:7F:25:3B:88:E9:34:C5:FB:50:CD:7D puppet.xx.com (SHA256) 7D:2E:79:6D:DE:97:A7:B0:5D:EB:48:37:3D:B1:0F:B2:C3:E1:7F:ED:70:D9:EC:2D:71:BE:53:4A:7C:9B:B6:81 alt names: ["DNS:puppet", "DNS:puppet.xx.com"] I'm seeing the following output from the servers when I run the agent: # puppet agent --no-daemonize --verbose --onetime Info: Using configured environment 'production' Info: Retrieving pluginfacts Info: Retrieving plugin Info: Retrieving locales Info: Caching catalog for lhcadvdeveye05.xx.com Info: Applying configuration version '1569503223' Notice: Applied catalog in 0.24 seconds Looks all good here other than it's not applying the module I created namely accounts (see below within the puppet environment). Puppet Server Environment: # puppet config print confdir /etc/puppetlabs/puppet # ll /etc/puppetlabs/puppet total 48 drwxr-xr-x. 1 puppet puppet 4096 Sep 25 22:34 ./ drwxr-xr-x. 1 root root 4096 Sep 24 12:16 ../ -rw-r--r--. 1 puppet puppet 5487 Sep 23 22:22 auth.conf -rw-r--r--. 1 puppet puppet 161 Sep 23 22:22 hiera.yaml -rw-r--r--. 1 puppet puppet 697 Sep 25 22:34 puppet.conf # more /etc/puppetlabs/puppet/puppet.conf [master] vardir = /opt/puppetlabs/server/data/puppetserver logdir = /var/log/puppetlabs/puppetserver rundir = /var/run/puppetlabs/puppetserver pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid codedir = /etc/puppetlabs/code environmentpath = $codedir/environments autosign = true # puppet config print codedir /etc/puppetlabs/code # puppet config print environmentpath /etc/puppetlabs/code/environments # puppet config print modulepath /etc/puppetlabs/code/environments/production/modules:/etc/puppetlabs/code/modules:/opt/puppetlabs/puppet/modules # puppet module list --tree /etc/puppetlabs/code/environments/production/modules └── accounts (???) /etc/puppetlabs/code/modules (no modules installed) /opt/puppetlabs/puppet/modules (no modules installed) # puppet config print manifest /etc/puppetlabs/code/environments/production/manifests # ls -lR /etc/puppetlabs/code /etc/puppetlabs/code: total 8 drwxr-xr-x. 3 root root 4096 Sep 25 21:02 environments drwxr-xr-x. 2 root root 4096 Sep 25 21:02 modules /etc/puppetlabs/code/environments: total 4 drwxr-xr-x. 5 root root 4096 Sep 25 20:47 production /etc/puppetlabs/code/environments/production: total 20 -rw-r--r--. 1 root root 808 Sep 25 20:47 environment.conf -rw-r--r--. 1 root root 518 Sep 17 22:22 hiera.yaml drwxr-xr-x. 2 root root 4096 Sep 24 20:34 manifests drwxr-xr-x. 3 root root 4096 Sep 24 19:57 modules /etc/puppetlabs/code/environments/production/manifests: total 4 -rw-r--r--. 1 root root 40 Sep 24 20:34 site.pp /etc/puppetlabs/code/environments/production/modules: total 4 drwxr-x---. 5 root root 4096 Sep 25 21:18 accounts /etc/puppetlabs/code/environments/production/modules/accounts: total 12 drwxr-x---. 2 root root 4096 Sep 24 20:38 manifests /etc/puppetlabs/code/environments/production/modules/accounts/manifests: total 8 -rw-r-. 1 root root 77 Sep 24 20:38 groups.pp -rw-r-. 1 root root 224 Sep 24 20:01 init.pp /etc/puppetlabs/code/modules: total 0 # more /etc/puppetlabs/code/environments/production/manifests/site.pp node 'default' { include accounts } # more /etc/puppetlabs/code/environments/production/modules/accounts/manifests/init.pp class accounts { include accounts::groups user { 'djc72uk': ensure => present, home=> '/home/djc72uk', shell => '/bin/bash', managehome => true, gid => 'djc72uk', } } # more /etc/puppetlabs/code/environments/production/modules/accounts/manifests/groups.pp class accounts::groups { group { 'djc72uk': ensure => present, } } Nothing complaining here: # puppet parser validate /etc/puppetlabs/code/environments/production/manifests/site.pp # puppet parser validate /etc/puppetlabs/code/environments/production/modules/accounts/manifests/init.pp # puppet parser validate /etc/puppetlabs/code/environments/production/modules/accounts/manifests/groups.pp My gut feel is that the site.pp file is in the wrong place and therefore not being read however, based on the above environment details, I'm struggling to see how that's possible. Any help will be appreciated here. Many Thanks, Dan.Hello all, Been at this problem I have for nearly a week now and it's driving craz