RE: [Puppet Users] os release facter not parsing dracut version

[Bart-Jan Vrielink]

Hello,



The documentation for os-release 
(https://www.freedesktop.org/software/systemd/man/os-release.html) only briefly 
mentions major release, but indicates that VERSION_ID is where that should come 
from.

Both Debian and AlmaLinux have sensible values for VERSION_ID:

VERSION_ID="11"

VERSION_ID="9.2"



You may want to contact the upstream for CloudLinux dracut to see what their 
reasons behind "049-223.git20230119.el8" for VERSION_ID were and if they can 
consider changing this.





-Original message-
From: Melissa Ip 
Sent: Thursday 22nd June 2023 20:09
To: Puppet Users 
Subject: [Puppet Users] os release facter not parsing dracut version

Hi, I'm trying to use the os.release facter on a VM that is running CloudLinux 
dracut.

/etc/os-release looks like this:

NAME="dracut" VERSION="8.7 (Valeri Polyakov) dracut-049-223.git20230119.el8" 
ID=dracut VERSION_ID=049-223.git20230119.el8 PRETTY_NAME="CloudLinux 8.7 
(Valeri Polyakov) dracut-049-223.git20230119.el8 (Initramfs)" ANSI_COLOR="0;31"

The os facter output looks like this:

os => {
  architecture => "x86_64",
  family => "Dracut",
  hardware => "x86_64",
  name => "dracut",
  release => {
    full => "049-223.git20230119.el8",
    major => "049-223.git20230119.el8"
  },
  selinux => {
    enabled => false
  }
}

I expect the os.release.major value to be 8, not 049-223.git20230119.el8. Is 
this a bug?

Thanks for any help here, Melissa



-- 
 You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
 To unsubscribe from this group and stop receiving emails from it, send an 
email to puppet-users+unsubscr...@googlegroups.com 
 .
 To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/0bf82a96-117c-4d05-88be-4010a37e51d4n%40googlegroups.com.
 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/zarafa.64952b19.6f11.6842c53e74604045%40anjie.dontpanic.nl.

RE: [Puppet Users] Puppetserver ca migrate

[Bart-Jan Vrielink]

Hello,



"swamped" is also part of my job description.

Thank you for creating the PR. I will monitor this PR and if possible 
contribute to it.



-Original message-
From: Justin Stoller 
Sent: Thursday 11th March 2021 22:10
To: puppet-users@googlegroups.com
Subject: Re: [Puppet Users] Puppetserver ca migrate



On Sat, Mar 6, 2021 at 3:18 AM Bart-Jan Vrielink mailto:bart...@vrielink.net> > wrote:
/etc/puppetlabs/puppetserver/ca is not a volume listed in the docker-compose 
file. Unless that directory is symlinked to somewhere under 
/etc/puppetlabs/puppet/, that directory would get lost whenever the container 
gets updated. Not a good thing for certificates...


Yeah, that sounds terrible  I took that to the team that owns our docker 
images. They seemed swamped but suggested a path forward, so I gave it a shot 
in this PR: https://github.com/puppetlabs/puppetserver/pull/2505. Feel free to 
contribute to the approach there if you want, otherwise I'll reply to this 
thread when it's sorted out.






-Original message-
From: Justin Stoller mailto:jus...@puppet.com> >
Sent: Friday 5th March 2021 20:35
To: puppet-users@googlegroups.com <mailto:puppet-users@googlegroups.com> 
Subject: Re: [Puppet Users] Puppetserver ca migrate



On Thu, Mar 4, 2021 at 11:44 PM Bart-Jan Vrielink mailto:bart...@vrielink.net> > wrote:
Hello,



It would be nice if Puppet's Pupperware is also updated for this new CA 
location...


Is it not? I don't actually work on that team, but I pulled the latest 
puppet/puppetserver image and saw this in the log:
 pupperware (master<>) :: docker run -it puppet/puppetserver                    
                                             
Running /docker-entrypoint.d/10-analytics.sh                                    
                                             
(/docker-entrypoint.d/10-analytics.sh) Pupperware analytics disabled; skipping 
metric submission                             
Running /docker-entrypoint.d/20-use-templates-initially.sh                      
                                             
Upgrading /opt/puppetlabs/server/data/puppetserver/vendored-jruby-gems
Running /docker-entrypoint.d/30-set-permissions.sh
Running /docker-entrypoint.d/40-update-puppetdb-conf.sh
Running /docker-entrypoint.d/50-set-certname.sh
Running /docker-entrypoint.d/55-set-masterport.sh
Running /docker-entrypoint.d/60-setup-autosign.sh
Running /docker-entrypoint.d/70-set-dns-alt-names.sh
Running /docker-entrypoint.d/80-ca.sh
Generation succeeded. Find your files in /etc/puppetlabs/puppetserver/ca
Running /docker-entrypoint.d/85-setup-storeconfigs.sh
Running /docker-entrypoint.d/90-log-config.sh
System configuration values:


That "Generation succeeded. Find your files in /etc/puppetlabs/puppetserver/ca" 
line should be coming from the "puppetserver ca" cli generating the CA files in 
the new location







-Original message-
From: Justin Stoller mailto:jus...@puppet.com> >
Sent: Thursday 4th March 2021 18:11
To: puppet-users@googlegroups.com <mailto:puppet-users@googlegroups.com> 
Subject: Re: [Puppet Users] Puppetserver ca migrate

Hi!

If you've mounted external volumes for your cadir like:

  --mount source=ca-volume,destination=/etc/puppetlabs/puppet/ssl/ca

You should instead mount the destination as /etc/puppetlabs/puppetserver/ca

If you have a Dockerfile that pre-populates your cadir you'll need to update 
your script to the destination above.

Also, make sure your build process is running puppetserver ca setup as part of 
the process (that should ensure new installs have the right directory 
structure).

If you're using this container as a lightweight vm and you've upgraded your 
server inside it, you'll need to somehow override the entrypoint to be a shell 
for you to work in (but you should look into using the container as an 
ephemeral thing with persistent mounts to save data between containers).

If you're using this in a dev setup and are fine with your certs not persisting 
outside the life of the container you can effectively ignore the warning for 
now (but hopefully one of the ideas above will help you find the root cause of 
it).


Also, you're the second person to mention having to pass the --config flag. 
That should only be necessary if you have a custom puppet.conf for some 
advanced purposes. I'm wondering if it was the help output to the CA tool that 
led you in that direction? I could see the current text being confusing, just 
wondering if we should change:

> Use the currently configured puppet.conf file in your installation, or supply 
> one using the `--config` flag.

to something like

> Uses the default puppet.conf in your installation, override by supplying the 
> --config flag.

?


Hope that helps,
Justin




On Thu, Mar 4, 2021 at 8:05 AM Gwen Clayde mailto:mifoun...@gmail.com&g

RE: [Puppet Users] Puppetserver ca migrate

[Bart-Jan Vrielink]

/etc/puppetlabs/puppetserver/ca is not a volume listed in the docker-compose 
file. Unless that directory is symlinked to somewhere under 
/etc/puppetlabs/puppet/, that directory would get lost whenever the container 
gets updated. Not a good thing for certificates...



-Original message-
From: Justin Stoller 
Sent: Friday 5th March 2021 20:35
To: puppet-users@googlegroups.com
Subject: Re: [Puppet Users] Puppetserver ca migrate



On Thu, Mar 4, 2021 at 11:44 PM Bart-Jan Vrielink mailto:bart...@vrielink.net> > wrote:
Hello,



It would be nice if Puppet's Pupperware is also updated for this new CA 
location...


Is it not? I don't actually work on that team, but I pulled the latest 
puppet/puppetserver image and saw this in the log:
 pupperware (master<>) :: docker run -it puppet/puppetserver                    
                                             
Running /docker-entrypoint.d/10-analytics.sh                                    
                                             
(/docker-entrypoint.d/10-analytics.sh) Pupperware analytics disabled; skipping 
metric submission                             
Running /docker-entrypoint.d/20-use-templates-initially.sh                      
                                             
Upgrading /opt/puppetlabs/server/data/puppetserver/vendored-jruby-gems
Running /docker-entrypoint.d/30-set-permissions.sh
Running /docker-entrypoint.d/40-update-puppetdb-conf.sh
Running /docker-entrypoint.d/50-set-certname.sh
Running /docker-entrypoint.d/55-set-masterport.sh
Running /docker-entrypoint.d/60-setup-autosign.sh
Running /docker-entrypoint.d/70-set-dns-alt-names.sh
Running /docker-entrypoint.d/80-ca.sh
Generation succeeded. Find your files in /etc/puppetlabs/puppetserver/ca
Running /docker-entrypoint.d/85-setup-storeconfigs.sh
Running /docker-entrypoint.d/90-log-config.sh
System configuration values:


That "Generation succeeded. Find your files in /etc/puppetlabs/puppetserver/ca" 
line should be coming from the "puppetserver ca" cli generating the CA files in 
the new location







-Original message-
From: Justin Stoller mailto:jus...@puppet.com> >
Sent: Thursday 4th March 2021 18:11
To: puppet-users@googlegroups.com <mailto:puppet-users@googlegroups.com> 
Subject: Re: [Puppet Users] Puppetserver ca migrate

Hi!

If you've mounted external volumes for your cadir like:

  --mount source=ca-volume,destination=/etc/puppetlabs/puppet/ssl/ca

You should instead mount the destination as /etc/puppetlabs/puppetserver/ca

If you have a Dockerfile that pre-populates your cadir you'll need to update 
your script to the destination above.

Also, make sure your build process is running puppetserver ca setup as part of 
the process (that should ensure new installs have the right directory 
structure).

If you're using this container as a lightweight vm and you've upgraded your 
server inside it, you'll need to somehow override the entrypoint to be a shell 
for you to work in (but you should look into using the container as an 
ephemeral thing with persistent mounts to save data between containers).

If you're using this in a dev setup and are fine with your certs not persisting 
outside the life of the container you can effectively ignore the warning for 
now (but hopefully one of the ideas above will help you find the root cause of 
it).


Also, you're the second person to mention having to pass the --config flag. 
That should only be necessary if you have a custom puppet.conf for some 
advanced purposes. I'm wondering if it was the help output to the CA tool that 
led you in that direction? I could see the current text being confusing, just 
wondering if we should change:

> Use the currently configured puppet.conf file in your installation, or supply 
> one using the `--config` flag.

to something like

> Uses the default puppet.conf in your installation, override by supplying the 
> --config flag.

?


Hope that helps,
Justin




On Thu, Mar 4, 2021 at 8:05 AM Gwen Clayde mailto:mifoun...@gmail.com> > wrote:
Hi, 

I want to solve this issue " The cadir is currently configured to be inside the 
/etc/puppetlabs/puppet/ssl directory"

The first step is : 
puppetserver ca migrate --config 

After this , I got this message : "Puppetserver service is running. Please stop 
it before attempting to run this command"

i use puppet inside a docker container, if i stop it , i couldn't execute the 
command of the first step.

Is there another way to solve this problem?

Thanks.



-- 
 You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
 To unsubscribe from this group and stop receiving emails from it, send an 
email to puppet-users+unsubscr...@googlegroups.com 
<mailto:puppet-users+unsubscr...@googlegroups.com> .
 To view this discussion on the web visit 
https://grou

RE: [Puppet Users] Puppetserver ca migrate

[Bart-Jan Vrielink]

Hello,



It would be nice if Puppet's Pupperware is also updated for this new CA 
location...





-Original message-
From: Justin Stoller 
Sent: Thursday 4th March 2021 18:11
To: puppet-users@googlegroups.com
Subject: Re: [Puppet Users] Puppetserver ca migrate

Hi!

If you've mounted external volumes for your cadir like:

  --mount source=ca-volume,destination=/etc/puppetlabs/puppet/ssl/ca

You should instead mount the destination as /etc/puppetlabs/puppetserver/ca

If you have a Dockerfile that pre-populates your cadir you'll need to update 
your script to the destination above.

Also, make sure your build process is running puppetserver ca setup as part of 
the process (that should ensure new installs have the right directory 
structure).

If you're using this container as a lightweight vm and you've upgraded your 
server inside it, you'll need to somehow override the entrypoint to be a shell 
for you to work in (but you should look into using the container as an 
ephemeral thing with persistent mounts to save data between containers).

If you're using this in a dev setup and are fine with your certs not persisting 
outside the life of the container you can effectively ignore the warning for 
now (but hopefully one of the ideas above will help you find the root cause of 
it).


Also, you're the second person to mention having to pass the --config flag. 
That should only be necessary if you have a custom puppet.conf for some 
advanced purposes. I'm wondering if it was the help output to the CA tool that 
led you in that direction? I could see the current text being confusing, just 
wondering if we should change:

> Use the currently configured puppet.conf file in your installation, or supply 
> one using the `--config` flag.

to something like

> Uses the default puppet.conf in your installation, override by supplying the 
> --config flag.

?


Hope that helps,
Justin




On Thu, Mar 4, 2021 at 8:05 AM Gwen Clayde mailto:mifoun...@gmail.com> > wrote:
Hi, 

I want to solve this issue " The cadir is currently configured to be inside the 
/etc/puppetlabs/puppet/ssl directory"

The first step is : 
puppetserver ca migrate --config 

After this , I got this message : "Puppetserver service is running. Please stop 
it before attempting to run this command"

i use puppet inside a docker container, if i stop it , i couldn't execute the 
command of the first step.

Is there another way to solve this problem?

Thanks.



-- 
 You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
 To unsubscribe from this group and stop receiving emails from it, send an 
email to puppet-users+unsubscr...@googlegroups.com 
 .
 To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACWwVtOMfy16NxMxZtNqLV1VR-ei6DaEihzF11M1v3ut9VbSJA%40mail.gmail.com.


-- 
 You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
 To unsubscribe from this group and stop receiving emails from it, send an 
email to puppet-users+unsubscr...@googlegroups.com 
 .
 To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CA%2B%3DBEqUKBsBfQ1FQ5sP5n%2BsM9RBqW7uMkB_3f%2BhFVPi9J-72%3DQ%40mail.gmail.com.
 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/zarafa.6041e157.124f.16489cbc0b82ef82%40anjie.dontpanic.nl.

RE: [Puppet Users] Reg: Calling the sleep method

[Bart-Jan Vrielink]

Hello,



No. The try_sleep parameter defines the time to sleep between tries. The 
default value of tries is 1.



What are you trying to achieve?



-Original message-
From: Raghu Ram Baisani 
Sent: Thursday 3rd September 2020 7:17
To: Puppet Users 
Subject: [Puppet Users] Reg: Calling the sleep method

Hi Team
If I put:
$mainttime_converted = 100
exec{ 'maintenance_time':
  try_sleep => $mainttime_converted
 }
will this be in sleep state for 100 seconds?

Thanks
Raghuram Baisani



-- 
 You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
 To unsubscribe from this group and stop receiving emails from it, send an 
email to puppet-users+unsubscr...@googlegroups.com 
 .
 To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5ed25917-527c-49b9-97c4-a90dc4d717e5n%40googlegroups.com.
 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/zarafa.5f509049.60e5.2bcfbcfe014212fa%40anjie.dontpanic.nl.

RE: [Puppet Users] hiera with environments

[Bart-Jan Vrielink]

Hello,



Control Repo and R10K work fine with Puppet OSS and is the recommended 
architecture for using multiple environments with Puppet.



PE Code Manager is indeed only for PE, but in most cases is just a fancy name 
for R10K.



-Original message-
From: solarflow 99 
Sent: Thursday 11th June 2020 19:45
To: Puppet Users 
Subject: Re: [Puppet Users] hiera with environments

hi, thanks for the reply.  This is all for PE, but i'm using puppet 6 OSS..

It used to work this way in 5.5 too, so I don't understand why its not seeing 
hiera in the preprod environment.  I could always do this:

- make changed in preprod, and git commit there
- cd to prod, then:
- git remote update, 
- git merge --ff-only preprod/master
- cd back to preprod, then
- git pull



On Thursday, June 11, 2020 at 1:54:13 AM UTC-7, Martin Alfke wrote:
Hi,

You should change to using a control-repo and adopt your codebase.
https://puppet.com/docs/pe/2018.1/control_repo.html
https://github.com/puppetlabs/best-practices/blob/master/puppet-modules-and-the-control-repo.md

We recommend (assuming you use a git based control-repo and r10k or PE code 
manager for deployment):

1. Copy your global hiera.yaml file (etc/puppetlabs/puppet/hiera.yaml) to each 
of your environments.
2. Remove global hiera.yaml file
3. Just use data or hieradata as datadir. Not the complete path.
4. Use relative paths in your environment.conf file
5. Instead of having different hieradata per environment we recommend to add an 
environment hierarchy.

You can also separate your hieradata from control-repo and make them an 
individual git repo.
In this case you can add hieradata as a module to your puppet file and change 
the path in hiera.yaml file.

You can find examples on how to achieve this in our Puppet Infrastructure 
Construction Kit (https://github.com/example42/psick)
https://github.com/example42/psick/blob/production/Puppetfile#L7
Here we deploy the same branch name - when existing on hieradata repo - and 
fall back to master branch.

Hth,
Martin


On 9. Jun 2020, at 07:46, solarflow 99  wrote:

I have this strange problem where I just upgraded from puppetserver 5.5 to 6, 
and now the 2nd environment doesn't see hiera values, but the production 
environment does.  I wonder if top level lookups don't work anymore?  Here's 
how I have it configured:


Here's my directory layout:

code
└── environments
    ├── preprod
    │   ├── environment.conf
    │   ├── gitclone
    │   │   └── production
    │   │   ├── hieradata
    │   │   │   ├── common.yaml
    │   │   │   └── nodes
    │   │   ├── manifests
    │   │   │   ├── nodes.pp
    │   │   │   └── site.pp
    │   │   └── modules
    └── production
    ├── hieradata
    │   ├── common.yaml
    │   └── nodes
    ├── manifests
    │   ├── nodes.pp
    │   └── site.pp
    └── modules






/etc/puppetlabs/puppet:

$ cat hiera.yaml 
---
version: 5
defaults:
  # The default value for "datadir" is "data" under the same directory as the 
hiera.yaml
  # file (this file)
  # When specifying a datadir, make sure the directory exists.
  # See https://puppet.com/docs/puppet/latest/environments_about.html for 
further details on environments.
  # datadir: data
  # data_hash: yaml_data

  datadir: "/etc/puppetlabs/code/environments/%{::environment}/hieradata"
  data_hash: yaml_data


hierarchy:
  - name: "Per-node data (yaml version)"
    path: "nodes/%{::trusted.certname}.yaml"
  - name: "Other YAML hierarchy levels"
    paths:
  - "common.yaml"





/etc/puppetlabs/code/environments/preprod:


$ ls -la
total 4
drwxr-xr-x  3 root root  62 Jun  8 21:44 ./
drwxr-xr-x. 4 root root  39 Jun  8 14:33 ../
-rw-r--r--  1 root root 142 Jun  8 14:38 environment.conf
drwxr-xr-x  3 root root  24 Jun  8 14:36 gitclone/
lrwxrwxrwx  1 root root  29 Jun  8 21:44 hierdata -> 
gitclone/production/hieradata/





$ cat environment.conf 
manifest = $codedir/environments/preprod/gitclone/production/manifests
modulepath = $codedir/environments/preprod/gitclone/production/modules





 
$ cat hierdata/common.yaml 
---
infraserver: 'bigmachine.local'




$ cat site.pp 

$infraserver  = hiera( 'infraserver' )




But the clients don't see it in preprod, failing their puppet runs, and the 
codebase is exactly the same:

Error 500 on SERVER: Server Error: Function lookup() did not find a value for 
the name 'infraserver' on node dev1.local


$ puppet lookup infraserver --environment production --node dev1.local
--- bigmachine.local
 
$ puppet lookup infraserver --environment preprod --node dev1.local



-- 
 You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
 To unsubscribe from this group and stop receiving emails from it, send an 
email to puppet...@googlegroups.com.
 To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/a0655c3e-9b5e-4097-a793-60f3117df82do%40googlegroups.com.



--

RE: [Puppet Users] Hiera Setup Lookup Complaining

[Bart-Jan Vrielink]

Hello,



What you have in Hiera is the following:

---
sshdconfig:
  match_address: "xx.xx.xx.xx"
  permit_root_login: without-password



This is a single key sshdconfig with the value:

{
  "match_address" => "xx.xx.xx.xx",
  "permit_root_login" => "without-password"
}



If you want to use the contents of match_address in your Puppet code, you would 
need to lookup sshdconfig and then access $sshconfig['match_address'], or 
rewrite your yaml into something like:

---
sshdconfig::match_address: "xx.xx.xx.xx"
sshdconfig::permit_root_login: without-password



Where you can lookup sshdconfig::match_address



As you've already noted, this naming convention is most appropriate for a 
module sshdconfig. If there is such a module, its parameters match_address and 
permit_root_login would be automatically looked up in Hiera.



 


-Original message-
From: Dan Crisp 
Sent: Tuesday 25th February 2020 16:59
To: Puppet Users 
Subject: Re: [Puppet Users] Hiera Setup Lookup Complaining

Hello Bart,

Thanks for your reply.  Yes that threw me also.  I was originally looking for 
sshdconfig::match_adddress however the output from lookup returned:

Searching for "sshdconfig::match_address"
  Global Data Provider (hiera configuration version 5)
    Using configuration "/etc/puppetlabs/puppet/hiera.yaml"
    No such key: "sshdconfig::match_address"
  Environment Data Provider (hiera configuration version 5)
    Using configuration 
"/etc/puppetlabs/code/environments/production/hiera.yaml"
    Hierarchy entry "Per-node data (yaml version)"
      Path 
"/etc/puppetlabs/code/environments/production/data/nodes/lhcsrvmtrrsl01.fixnetix.com.yaml"
        Original path: "nodes/%{::trusted.certname}.yaml"
        Path not found
    Hierarchy entry "Other YAML hierarchy levels"
      Path "/etc/puppetlabs/code/environments/production/data/common.yaml"
        Original path: "common.yaml"
        Path not found
  Module "sshdconfig" not found
Function lookup() did not find a value for the name 'sshdconfig::match_address'

Suggesting that it was expecting sshdconfig to be be a module.  Not the case in 
this instance.  In fact, the hiera in question is not refferenced in any module 
or class etc.  Is that the issue?

On Tuesday, February 25, 2020 at 3:34:49 PM UTC, Bart-Jan Vrielink wrote:

Hello,



I see you are looking for 'match_address', but in Hiera it is stored as 
'sshdconfig::match_address'.



-Original message-
From: Dan Crisp 
Sent: Tuesday 25th February 2020 13:42
To: Puppet Users 
Subject: Re: [Puppet Users] Hiera Setup Lookup Complaining

I included the --compile option.  Now (not sure whether as a result of use 
--option) I can see 
/etc/puppetlabs/code/environments/production/data/nodes/nodename.domain.com.yaml
 in the output:

Searching for "lookup_options"
  Global Data Provider (hiera configuration version 5)
    No such key: "lookup_options"
  Environment Data Provider (hiera configuration version 5)
    Using configuration 
"/etc/puppetlabs/code/environments/production/hiera.yaml"
    Merge strategy hash
      Hierarchy entry "Per-node data"
        Path 
"/etc/puppetlabs/code/environments/production/data/nodes/nodename.fixnetix.com.yaml"
          Original path: "nodes/%{trusted.certname}.yaml"
          No such key: "lookup_options"
      Hierarchy entry "Per-OS defaults"
        Path "/etc/puppetlabs/code/environments/production/data/os/RedHat.yaml"
          Original path: "os/%{facts.os.family}.yaml"
          Path not found
      Hierarchy entry "Common data"
        Path "/etc/puppetlabs/code/environments/production/data/common.yaml"
          Original path: "common.yaml"
          Path not found
Searching for "match_address"
  Global Data Provider (hiera configuration version 5)
    No such key: "match_address"
  Environment Data Provider (hiera configuration version 5)
    Using configuration 
"/etc/puppetlabs/code/environments/production/hiera.yaml"
    Hierarchy entry "Per-node data"
      Path 
"/etc/puppetlabs/code/environments/production/data/nodes/lhcsrvmtrrsl01.fixnetix.com.yaml"
        Original path: "nodes/%{trusted.certname}.yaml"
        No such key: "match_address"
    Hierarchy entry "Per-OS defaults"
      Path "/etc/puppetlabs/code/environments/production/data/os/RedHat.yaml"
        Original path: "os/%{facts.os.family}.yaml"
        Path not found
    Hierarchy entry "Common data"
      Path "/etc/puppetlabs/code/environments/production/data/common.yaml"
        Original path: &q

RE: [Puppet Users] Hiera Setup Lookup Complaining

[Bart-Jan Vrielink]

Hello,



I see you are looking for 'match_address', but in Hiera it is stored as 
'sshdconfig::match_address'.



-Original message-
From: Dan Crisp 
Sent: Tuesday 25th February 2020 13:42
To: Puppet Users 
Subject: Re: [Puppet Users] Hiera Setup Lookup Complaining

I included the --compile option.  Now (not sure whether as a result of use 
--option) I can see 
/etc/puppetlabs/code/environments/production/data/nodes/nodename.domain.com.yaml
 in the output:

Searching for "lookup_options"
  Global Data Provider (hiera configuration version 5)
    No such key: "lookup_options"
  Environment Data Provider (hiera configuration version 5)
    Using configuration 
"/etc/puppetlabs/code/environments/production/hiera.yaml"
    Merge strategy hash
      Hierarchy entry "Per-node data"
        Path 
"/etc/puppetlabs/code/environments/production/data/nodes/nodename.fixnetix.com.yaml"
          Original path: "nodes/%{trusted.certname}.yaml"
          No such key: "lookup_options"
      Hierarchy entry "Per-OS defaults"
        Path "/etc/puppetlabs/code/environments/production/data/os/RedHat.yaml"
          Original path: "os/%{facts.os.family}.yaml"
          Path not found
      Hierarchy entry "Common data"
        Path "/etc/puppetlabs/code/environments/production/data/common.yaml"
          Original path: "common.yaml"
          Path not found
Searching for "match_address"
  Global Data Provider (hiera configuration version 5)
    No such key: "match_address"
  Environment Data Provider (hiera configuration version 5)
    Using configuration 
"/etc/puppetlabs/code/environments/production/hiera.yaml"
    Hierarchy entry "Per-node data"
      Path 
"/etc/puppetlabs/code/environments/production/data/nodes/lhcsrvmtrrsl01.fixnetix.com.yaml"
        Original path: "nodes/%{trusted.certname}.yaml"
        No such key: "match_address"
    Hierarchy entry "Per-OS defaults"
      Path "/etc/puppetlabs/code/environments/production/data/os/RedHat.yaml"
        Original path: "os/%{facts.os.family}.yaml"
        Path not found
    Hierarchy entry "Common data"
      Path "/etc/puppetlabs/code/environments/production/data/common.yaml"
        Original path: "common.yaml"
        Path not found
Function lookup() did not find a value for the name 'match_address'

Still no luck finding the requested value though.

Thanks,
Dan.

On Monday, February 24, 2020 at 7:13:25 PM UTC, Henrik Lindberg wrote: Dan 
Crisp wrote: 
>  environment/production/data/nodes/nodename.domain.com.yaml 
As you can see in the output - the hiera path expanded to: 
 
   Path "/etc/puppetlabs/code/environments/production/data/nodes/.yaml" 
 
Meaning that trusted.certname was empty. It would be empty if the node 
"nodename.domain.com  " never checked in with the 
puppet server to deposit 
any facts. It will do that on its first agent run though. 
 
Meanwhile you have to supply your own facts (and trusted) to do lookups 
as it will be done when the node later requests a catalog. Look at the 
help for the various flags to the lookup command to learn how to give it 
values for facts and trusted information. 
 
- henrik 
 
 
-- 
 
Visit my Blog "Puppet on the Edge" 
http://puppet-on-the-edge.blogspot.se/  
 


-- 
 You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
 To unsubscribe from this group and stop receiving emails from it, send an 
email to puppet-users+unsubscr...@googlegroups.com 
 .
 To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/51b5a4bd-0e18-42c9-8cc3-9b77bcfd4218%40googlegroups.com.
 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/zarafa.5e553d3f.4927.3fd0a0df5a56792e%40anjie.dontpanic.nl.

RE: [Puppet Users] Managing a local users password with puppet on EL7

[Bart-Jan Vrielink]

Of course this is not idempotent. Mmm, security is difficult.



-Original message-
From: Bart-Jan Vrielink 
Sent: Friday 15th November 2019 16:18
To: puppet-users@googlegroups.com
Subject: RE: [Puppet Users] Managing a local users password with puppet on EL7

Hello,



Glad to hear that you got it to work.

Before you put this into production, please make sure you don't re-use the same 
salt value. Try to randomize it. Something like 
seeded_rand_string(16,strftime("%s%L")) may work.



-Original message-
From: jmp242 
Sent: Friday 15th November 2019 15:31
To: Puppet Users 
Subject: Re: [Puppet Users] Managing a local users password with puppet on EL7

I figured it out. Thanks for the help. It's because I wasn't doing I

 password   => pw_hash('password', 'SHA-512', 'mysalt'),

 I was doing

Sensitive(pw_hash('$password', 'SHA-512', 'oursalt')),

And because I used single quotes, it wasn't actually getting the parameter / 
variable, but the literal $password. Remove the quotes entirely because it's 
just a variable, and it works!

And this is why you can't always just copy -> paste -> edit your stuff in!.

On Friday, November 15, 2019 at 8:55:57 AM UTC-5, Bart-Jan Vrielink wrote:

Hello,



I'm still puzzled by why this is not working on your system. The following 
works for me on a Centos7 machine:



user { 'testuser':
  ensure => 'present',
  password   => pw_hash('password', 'SHA-512', 'mysalt'),
}




-Original message-
From: jmp242 
Sent: Friday 15th November 2019 14:41
To: Puppet Users 
Subject: Re: [Puppet Users] Managing a local users password with puppet on EL7

So, I set the password manually with passwd and got an entirely different hash 
than when I use the pw_hash function. The salt is obviously different as well, 
but the rest of /etc/shadow entry is the same. ssh user@localhost works with 
the password when I set manually with passwd, and does not work with pw_hash - 
not surprisingly.
 I tried lowercase sha-512, and got the same hash as with uppercase SHA-512. 
Both methods (working manual passwd, and non working pw_hash) start with $6$ 
which implies a sha-512 hash from the docs, so I think pw_hash is just broken 
for EL7. Which means the user resource is broken.

I guess temporarily, I'll just set the hash as a string and generate it with 
passwd, and see if that works - but it's obviously not ideal.


-- 
 You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
 To unsubscribe from this group and stop receiving emails from it, send an 
email to puppet...@googlegroups.com.
 To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/64419ef7-6d5b-4028-8548-194ea8fae8c7%40googlegroups.com.


-- 
 You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
 To unsubscribe from this group and stop receiving emails from it, send an 
email to puppet-users+unsubscr...@googlegroups.com 
<mailto:puppet-users+unsubscr...@googlegroups.com> .
 To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/609eade7-8f51-4881-a7a5-9aaeda2571c3%40googlegroups.com.


-- 
 You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
 To unsubscribe from this group and stop receiving emails from it, send an 
email to puppet-users+unsubscr...@googlegroups.com 
<mailto:puppet-users+unsubscr...@googlegroups.com> .
 To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/zarafa.5dcec1b6.0474.3c55f75b3c65528f%40anjie.dontpanic.nl.
 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/zarafa.5dcec2e1.049b.5200bd245c927dad%40anjie.dontpanic.nl.

RE: [Puppet Users] Managing a local users password with puppet on EL7

[Bart-Jan Vrielink]

Hello,



Glad to hear that you got it to work.

Before you put this into production, please make sure you don't re-use the same 
salt value. Try to randomize it. Something like 
seeded_rand_string(16,strftime("%s%L")) may work.



-Original message-
From: jmp242 
Sent: Friday 15th November 2019 15:31
To: Puppet Users 
Subject: Re: [Puppet Users] Managing a local users password with puppet on EL7

I figured it out. Thanks for the help. It's because I wasn't doing I

 password   => pw_hash('password', 'SHA-512', 'mysalt'),

 I was doing

Sensitive(pw_hash('$password', 'SHA-512', 'oursalt')),

And because I used single quotes, it wasn't actually getting the parameter / 
variable, but the literal $password. Remove the quotes entirely because it's 
just a variable, and it works!

And this is why you can't always just copy -> paste -> edit your stuff in!.

On Friday, November 15, 2019 at 8:55:57 AM UTC-5, Bart-Jan Vrielink wrote:

Hello,



I'm still puzzled by why this is not working on your system. The following 
works for me on a Centos7 machine:



user { 'testuser':
  ensure => 'present',
  password   => pw_hash('password', 'SHA-512', 'mysalt'),
}




-Original message-
From: jmp242 
Sent: Friday 15th November 2019 14:41
To: Puppet Users 
Subject: Re: [Puppet Users] Managing a local users password with puppet on EL7

So, I set the password manually with passwd and got an entirely different hash 
than when I use the pw_hash function. The salt is obviously different as well, 
but the rest of /etc/shadow entry is the same. ssh user@localhost works with 
the password when I set manually with passwd, and does not work with pw_hash - 
not surprisingly.
 I tried lowercase sha-512, and got the same hash as with uppercase SHA-512. 
Both methods (working manual passwd, and non working pw_hash) start with $6$ 
which implies a sha-512 hash from the docs, so I think pw_hash is just broken 
for EL7. Which means the user resource is broken.

I guess temporarily, I'll just set the hash as a string and generate it with 
passwd, and see if that works - but it's obviously not ideal.


-- 
 You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
 To unsubscribe from this group and stop receiving emails from it, send an 
email to puppet...@googlegroups.com.
 To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/64419ef7-6d5b-4028-8548-194ea8fae8c7%40googlegroups.com.


-- 
 You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
 To unsubscribe from this group and stop receiving emails from it, send an 
email to puppet-users+unsubscr...@googlegroups.com 
<mailto:puppet-users+unsubscr...@googlegroups.com> .
 To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/609eade7-8f51-4881-a7a5-9aaeda2571c3%40googlegroups.com.
 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/zarafa.5dcec1b6.0474.3c55f75b3c65528f%40anjie.dontpanic.nl.

RE: [Puppet Users] Managing a local users password with puppet on EL7

[Bart-Jan Vrielink]

Hello,



I'm still puzzled by why this is not working on your system. The following 
works for me on a Centos7 machine:



user { 'testuser':
  ensure => 'present',
  password   => pw_hash('password', 'SHA-512', 'mysalt'),
}




-Original message-
From: jmp242 
Sent: Friday 15th November 2019 14:41
To: Puppet Users 
Subject: Re: [Puppet Users] Managing a local users password with puppet on EL7

So, I set the password manually with passwd and got an entirely different hash 
than when I use the pw_hash function. The salt is obviously different as well, 
but the rest of /etc/shadow entry is the same. ssh user@localhost works with 
the password when I set manually with passwd, and does not work with pw_hash - 
not surprisingly.
 I tried lowercase sha-512, and got the same hash as with uppercase SHA-512. 
Both methods (working manual passwd, and non working pw_hash) start with $6$ 
which implies a sha-512 hash from the docs, so I think pw_hash is just broken 
for EL7. Which means the user resource is broken.

I guess temporarily, I'll just set the hash as a string and generate it with 
passwd, and see if that works - but it's obviously not ideal.


-- 
 You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
 To unsubscribe from this group and stop receiving emails from it, send an 
email to puppet-users+unsubscr...@googlegroups.com 
 .
 To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/64419ef7-6d5b-4028-8548-194ea8fae8c7%40googlegroups.com.
 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/zarafa.5dceae63.7a00.155a3a393a858a2b%40anjie.dontpanic.nl.

RE: [Puppet Users] Managing a local users password with puppet on EL7

[Bart-Jan Vrielink]

Hello,



I doubt str2saltedsha512 can be used to generate encrypted passwords, as the 
resulting string does not contain the id nor salt.

pw_hash should work, although in the brief test I just did, it looks like a 
lower case 'sha-512' should be used.



I think you should debug this issue a little more on the client system.

Can you check the output (don't post it!) of 'getent shadow username'? It 
should consist of 9 colon separated fields, where the first one is the username 
and the second one the encrypted password. This encrypted password should start 
with $6$, the salt you've chosen, a third $ and finally the password hash.

If this string looks OK, then you should check the system journal (which you 
can read with 'journalctl -e') for any errors during the login (attempt).

Just to make sure the problem is not Puppet related, try to manually set a 
password for this user.

 



-Original message-
From: jmp242 
Sent: Thursday 14th November 2019 18:33
To: Puppet Users 
Subject: [Puppet Users] Managing a local users password with puppet on EL7


I'm not sure what's going on, but when I try and log in to XFCE using 
the local user account, I just get "Something went wrong". I've 
verified the password - but I wonder if I'm misunderstanding the puppet 
docs on the hashing, because it's obvious the password I have isn't working.

My line creating the password is

password =>Sensitive(str2saltedsha512($password)),




On the plus side, the Sensitive() function works, but I wonder if the 
str2saltedsha512() is not the right form / function? Under Windows we 
always just used a string in puppet, but the docs imply under RHEL it 
wants that salted sha512 ...

The relevant part seems to be:
password
(Property: This attribute represents concrete state on the target system.)

The user’s password, in whatever encrypted format the local system 
requires. Consult your operating system’s documentation for acceptable 
password encryption formats and requirements.

Mac OS X 10.5 and 10.6, and some older Linux distributions, use salted 
SHA1 hashes. You can use Puppet’s built-in sha1 function to generate a 
salted SHA1 hash from a password.

Mac OS X 10.7 (Lion), and many recent Linux distributions, use salted 
SHA512 hashes. The Puppet Labs stdlib module contains a str2saltedsha512 
function which can generate password hashes for these operating systems.

This post (re RHEL6.3 though) implies the puppet documentation is just 
wrong, or we have old modules?
https://stackoverflow.com/questions/19114328/managing-a-user-password-for-linux-in-puppet

I then tried:

password => pw_hash('password','SHA-512','mysalt'),




Which also doesn't seem to work. What am I missing here?



-- 
 You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
 To unsubscribe from this group and stop receiving emails from it, send an 
email to puppet-users+unsubscr...@googlegroups.com 
 .
 To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/9ef3af13-aecc-44b0-afa5-55dc0aeeb53e%40googlegroups.com.
 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/zarafa.5dce67bc.5e0e.4adbce39185a5aae%40anjie.dontpanic.nl.

RE: [Puppet Users] Re: [RFC] Changes to open-source container versioning

[Bart-Jan Vrielink]

Hello,



I'm equally confused. For almost all containers I'm used to, if the tag is just 
a version number, to me it indicates "built the same way as latest, but a fixed 
snapshot". If it is not built the same way as latest, I would expect the tag to 
include a label for that. So puppet/puppetserver:6.7-edge is more in line with 
other vendors of Docker images. This only for the first example in the table 
below, the others do make sense.





-Original message-
From: Morgan Rhodes 
Sent: Wednesday 16th October 2019 23:44
To: Puppet Users 
Subject: Re: [Puppet Users] Re: [RFC] Changes to open-source container 
versioning



On Wed, Oct 16, 2019 at 4:32 AM A Manzer mailto:aman...@gmail.com> > wrote:
I find this scheme confusing.  I would be hard pressed to explain the 
difference between :6.7, built from source, and :6.7.0, built from a package.  
I also don't think it's clear that :6.7 would advance past :6.7.0 in time.

Is your confusion mostly around the fact that one of them is built from source 
and one from package, or that 6.7 is more of a floating tag? I know I've seen 
that pattern in some other upstream repos like centos, postgres, mysql, etc, 
but for those it might be 6.7 points to the latest 6.7.x that was shipped, 
rather than more like head/nightly.
 
I like the :edge and :latest tags.

But I think I'd be happier with some kind of "nightly" specification on the 
source version (unless I've misunderstood).  Maybe :6.7-nightly.  That would 
make it more clear to me that it's a frequent build of the 6.7 branch, while 
6.7.0 is a pinned version.

On the whole though, I think it's a good change.  Thank you!


On Tuesday, October 15, 2019 at 2:56:49 PM UTC-4, Morgan Rhodes wrote:
Hi all,

tl;dr - We're trying to make the versioning scheme for our containers more 
intuitive, changes summarized in the table below, see more details at 
https://github.com/puppetlabs/puppetserver/pull/2188

build type  current tag new tag
from source puppet/puppetserver:6.7.0   puppet/puppetserver:6.7
from source (latest)puppet/puppetserver:latest  puppet/puppetserver:edge
from packagen/a puppet/puppetserver:6.7.0
from package (latest)   n/a puppet/puppetserver:latest
Versioning

For a while now, our containers have included a package built from source and 
versioned based on the most recent tag to the repo. While we still think 
building from source provides value to our users, it's become clear that they 
also need a way to pin to a specific, released version of puppetserver and 
count on that container not being updated. To address this, we're changing the 
versioning scheme for our container builds.

When we build images from source, those images will be versioned with X.Y 
versions based on the latest tag on master. So, for example, the current image 
versioned puppet/puppetserver:6.6.0 would move to puppet/puppetserver:6.6. This 
tag will continue to have rolling updates until the next X or Y release. If you 
want to follow whatever the latest version of the image from source is, you 
will want to pin to puppet/puppetserver:edge.

We will also start building and shipping images when puppetserver is shipped 
publicly. These images will be tagged with an X.Y.Z version that will match the 
version of puppetserver installed on that image. This tag will not receive any 
updates. If you want to follow the latest released version of puppetserver, you 
will want to pin to puppet/puppetserver:latest.

Other Changes for the puppetserver images

We are also looking into removing the puppetserver-standalone image. I've added 
a `USE_PUPPETDB` environment variable that can be set to false when running the 
puppetserver image to have the same behavior as the current 
puppetserver-standalone image.

Questions / Comments / Concerns?

Please leave comments at https://github.com/puppetlabs/puppetserver/pull/2188 
or respond here.

-- 
Morgan Rhodes
Release Engineering
mor...@puppet.com
she/her/hers


-- 
 You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
 To unsubscribe from this group and stop receiving emails from it, send an 
email to puppet-users+unsubscr...@googlegroups.com 
 .
 To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/3c910a1c-3e50-43ed-a554-57fceb48b7d1%40googlegroups.com.


-- 
Morgan Rhodes
Release Engineering
mor...@puppet.com  
she/her/hers


-- 
 You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
 To unsubscribe from this group and stop receiving emails from it, send an 
email to puppet-users+unsubscr...@googlegroups.com 
 .
 To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CA%2BFnDv2sauptPNBM23BPgdwBOZPDe%2BGtbOi93ChQ%2B-YYei6B2Q%40mail.gmail.com.
 

-- 
You received this m

RE: [Puppet Users] change from 'notrun' to ['0'] failed

[Bart-Jan Vrielink]

Hello,



The file resource also copies the file from the client, so it should work.



Of course, I do not (and/or cannot) explain why the diff fails, but by using a 
file resource (with a local file as a source) one simply works around this :)



-Original message-
From: Helmut Schneider 
Sent: Sunday 1st September 2019 16:52
To: puppet-users@googlegroups.com
Subject: Re: [Puppet Users] change from 'notrun' to ['0'] failed


Bart-Jan Vrielink wrote:

> I cannot fully understand what you are trying to do, as I do not know
> what $copyPrivateCommand is, but I would advice against using an exec
> for copying a file, but just use a file resource instead:

$copyPrivateKeyCommand = "cp -L
${letsencryptConfPath}/live/${letsencryptCommonName}/privkey.pem
$appEtcConfPath/ssl/private/${letsencryptCommonName}.letsencrypt.$letsen
cryptKeySize.key"

But the copy command does not fail, it is the diff the results in the
error.

I check if the certificate was renewed and then copy it. The
certificate is on the agent system, not the master so I need to do the
exec.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0lyf0k2bdc0qg001%40news.gmane.org.


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/zarafa.5d6be3c9.22c6.58d11cef550efd3c%40anjie.dontpanic.nl.

RE: [Puppet Users] change from 'notrun' to ['0'] failed

[Bart-Jan Vrielink]

Hello,

I cannot fully understand what you are trying to do, as I do not know what 
$copyPrivateCommand is, but I would advice against using an exec for copying a 
file, but just use a file resource instead:

file { "${letsencryptConfPath}/live/${letsencryptCommonName}/privkey.pem":
  ensure => file,
  source => 
"${appEtcConfPath}/ssl/private/${letsencryptCommonName}.letsencrypt.${letsencryptKeySize}.key",
  notify => Exec['/usr/local/bin/apache.sh -c restart'],
  # Or better: notify => Service['apache'],
}



This should only copy the private key if the source is different from the 
target and only in that case restart Apache.



N.B. Avoid exec resources as much as possible, as they often result in overly 
complex Puppet code that is hard to debug.



-Original message-
From: Helmut Schneider 
Sent: Friday 30th August 2019 11:41
To: puppet-users@googlegroups.com
Subject: [Puppet Users] change from 'notrun' to ['0'] failed


Hi,

I want to copy a file if a diff fails:

exec { "Private key
'${letsencryptConfPath}/live/${letsencryptCommonName}/privkey.pem'
changed, updating":
  path=> '/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin',
  command => "$copyPrivateCommand",
  unless  => "diff -q
${letsencryptConfPath}/live/${letsencryptCommonName}/privkey.pem
$appEtcConfPath/ssl/private/${letsencryptCommonName}.letsencrypt.$letsen
cryptKeySize.key > /dev/null",
  notify  => Exec['/usr/local/bin/apache.sh -c restart'],
  logoutput   => true,
}

This results in:

Debug: Executing: 'diff -q
/usr/local/etc/letsencrypt/live/www./privkey.pem
/usr/local/etc/ssl/private/www.letsencrypt.4096.key > /dev/null'
Error: no implicit conversion of nil into String
Error: /Stage[main]/Letsencrypt/Exec[Private key
'/usr/local/etc/letsencrypt/live/www/privkey.pem' changed,
updating]/returns: change from 'notrun' to ['0'] failed: no implicit
conversion of nil into String (corrective)
Debug: /Stage[main]/Letsencrypt/Exec[Copy live public key for www (SAN:
www)]: 'cp -L /usr/local/etc/letsencrypt/live/www/fullchain.pem
/usr/local/etc/ssl/www.letsencrypt.4096.crt' won't be executed because
of failed check 'refreshonly'

The diff itself runs fine:

[helmut@BSDHelmut ˜]$ sudo diff -q
/usr/local/etc/letsencrypt/live/www/privkey.pem
/usr/local/etc/ssl/private/www.letsencrypt.4096.key > /dev/null; echo $?
1
[helmut@BSDHelmut ˜]$

Where is the issue?

[helmut@BSDHelmut ˜]$ puppet -V
5.5.16
[helmut@BSDHelmut ˜]$

Thank you!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0lyako587brxt001%40news.gmane.org.


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/zarafa.5d6a9803.3d29.44815fd24bf22aba%40anjie.dontpanic.nl.

RE: [Puppet Users] Re: firewalld module configuration issue

[Bart-Jan Vrielink]

Hello,



I believe 'port' should be a hash that consist of 'port' and 'protocol' 
parameters:



    Example:
    
    firewalld_port {'Open port 8080 in the public Zone':
    ensure => 'present',
    zone   => 'public',
    port   => {
  'port' => 8080,
  'protocol' => 'tcp',
    },
    }
  }


The documentation for this module is confusing on this point, but in the source 
code I see that it only accept hashes, like shown in the 'parameters' part of 
the documentation for firewalld_port 
(https://forge.puppet.com/crayfishx/firewalld#parameters-6)



 

-Original message-
From: Jean Berthold 
Sent: Friday 30th August 2019 20:05
To: Puppet Users 
Subject: [Puppet Users] Re: firewalld module configuration issue

Hello A Manzer and thank you for your suggesion,

I tried to remove the quotes but no more success...

root@srv-eldpupet-02 manifests]# cat site.pp
node 'centos7-dev01.xxx.local'{# Applies only to mentioned node; if nothing 
mentioned, applies to all.
include snmp
include firewalld
include 'add_user'
 
firewalld_service {'Close dhcpv6-client':
  ensure  =>'present',
  service =>'dhcpv6-client',
  zone    =>'public',
} 
 
firewalld_port {'Open port 161 in the public zone':
  ensure   =>'present',
  zone     =>'public',
  port     =>161,
  protocol =>'udp',
}

The output on the node:

[root@centos7-dev01 ~]# puppet agent -tv
Info:Using configured environment 'production'
Info:Retrieving pluginfacts
Info:Retrieving plugin
Info:Retrieving locales
Info:Loading facts
Info:Caching catalog for centos7-dev01..local
Info:Applying configuration version '1567171673'
/opt/puppetlabs/puppet/cache/lib/puppet/type/firewalld_zone.rb:148: warning: 
key :port is duplicated and overwritten on line 150
Info:Redefining firewalld_service inPuppet::Type
Info:Redefining firewalld_port inPuppet::Type
Error:/Stage[main]/Main/Node[centos7-dev01.xxx.local]/Firewalld_port[Open port 
161in the public zone]:Couldnot evaluate:noimplicit conversion of 
StringintoInteger
Notice:/Stage[main]/Firewalld/Exec[firewalld::reload]:DependencyFirewalld_port[Open
 port 161in the public zone] has failures:true
Warning:/Stage[main]/Firewalld/Exec[firewalld::reload]:Skipping because of 
failed dependencies
Notice:Applied catalog in1.10 seconds
[root@centos7-dev01 ~]#

Again the message about conversion of String into Integer...
I followed the syntax given in the documentation...

Thanks again !








Le mercredi 28 août 2019 22:34:45 UTC+2, Jean Berthold a écrit :
Hello everyone,

’m currently learning about Puppet and I can’t see where is the error in my 
configuration…


I tested The following module to manage the CentOS firewall, firewalld.

I

 
Ok, following the instructions in the webpage: 
https://forge.puppet.com/crayfishx/firewalld

 
I installed themodule on the server (without special configuration)

I included the following configuration on my node :

 
[root@srv-eldpupet-02 manifests]# cat site.pp

node 'centos7-dev01..local' { # Applies only to mentioned node; if nothing 
mentioned, applies to all.

include snmp

include firewalld

 
firewalld_service { 'Close dhcpv6-client':

  ensure  => 'absent',

  service => 'dhcpv6-client',

  zone    => 'public',

}

[root@srv-eldpupet-02 manifests]#

 
This configuration works correctly, the snmp service/package and the firewalld 
service/package are installed.

And the service « dhcpv6-client is deactivated correctly, so the 
firewalld_service function correctly.

 
Now, following the documentation, if I try to use the « firewall_port » 
instruction, I have the following error on the client and the configuration 
defined for firewalld_port is not applied :

 
èDon’t work !!!

 
firewalld_port { 'Open port 161 in the public zone':

  ensure   => 'present',

  zone => 'public',

  port => '161',

  protocol => 'tcp',

}

 
è(Ffor opening the port dedicated to snmp…)

 
 
With this configuration, I have the following error on my client :

 
[root@centos7-dev01 ~]# puppet agent -tv

Info: Using configured environment 'production'

Info: Retrieving pluginfacts

Info: Retrieving plugin

Info: Retrieving locales

Info: Loading facts

Info: Caching catalog for centos7-dev01.eldora.local

Info: Applying configuration version '1566830315'

/opt/puppetlabs/puppet/cache/lib/puppet/type/firewalld_zone.rb:148: warning: 
key :port is duplicated and overwritten on line 150

Info: Redefining firewalld_service in Puppet::Type

Info: Redefining firewalld_port in Puppet::Type

Error: Execution of '/usr/bin/firewall-cmd --permanent --zone public --add-port 
/' returned 102: Error: INVALID_PORT

Error: /Stage[main]/Main/Node[centos7-dev01.eldora.local]/Firewalld_port[Open 
port 161 in the public zone]/ensure: change from 'absent' to 'present' failed: 
Execution of '/usr/bin/firewall-cmd --permanent --zone public --add-port /' 
returned 102: Error: INVALID_PORT

Notice: /Stage[main]/Firewalld/Exec[firewalld::reload]: Depend

RE: [Puppet Users] [EPP] Using tagged, defined, a better way to create variables, ... to verify if a class is included

[Bart-Jan Vrielink]

Hello,



Looks like the concat module may do the job?



$my_template = '/my/config.file'

concat { $my_template:

}



concat::fragment { 'standard contents':

  target => $my_template,

  content => template('my.epp'),

}



And then in the Amavis profile class:



concat::fragment { 'extra special contents':

  target => $my_template,

  content => '/var/lib/amavis',

}



Add any other fragments you'd like, and of course any other options you need. 
See https://forge.puppet.com/puppetlabs/concat



 


-Original message-
From: Helmut Schneider 
Sent: Monday 22nd July 2019 15:48
To: puppet-users@googlegroups.com
Subject: Re: [Puppet Users] [EPP] Using tagged, defined, a better way to create 
variables, ... to verify if a class is included


Christopher Wood wrote:

> Top post, I'm not skilled enough to read this hence not sure where I'd
> interject. You may be better off using simpler constructs so that
> people with a wider variety of skill levels in your organization can
> contribute.
> 
> What problems are you encountering where describing state is not
> sufficient to correctly configure a host?

I need to put "/var/amavis" into a configuration file (only) if amavisd
is installed. So I'm either looking for a way to do a lookup with
wildcards

$roleClasses = lookup({"name" => "role_details.*.*.classes", "merge" =>
"deep", "default_value" => undef})
[...]
<% if !empty(grep($roleClasses, "amavisd")) { -%>

or to pass tags to an epp template:

<% if tagged("amavisd") %>

If I put "/var/amavis" into this configuration file and amavisd is not
installed it throws an error.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0lwqkg17nfd95001%40news.gmane.org.


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/zarafa.5d35c154.13bc.3b6adc4113070289%40anjie.dontpanic.nl.

RE: [Puppet Users] How do you keep the forge modules you use up to date (and keep your sanity)

[Bart-Jan Vrielink]

Hi,



I share your pain. Too much time I waste on figuring out what set of 
dependencies will work. Something that may help is Voxpupuli's ra10ke gem 
(https://github.com/voxpupuli/ra10ke). This adds a few helpful rake tasks to 
work with dependencies.



https://voxpupuli.org/plugins/#r10k lists a few other plugins to add to your 
workflow that may work for you.



-Original message-
From: Karsten Heymann 
Sent: Tuesday 9th July 2019 9:53
To: puppet-users@googlegroups.com
Subject: [Puppet Users] How do you keep the forge modules you use up to date 
(and keep your sanity)


Hi there,

once again we are trying to update our set of about 70 external forge
modules our puppet codebase uses but we always end up in dependency
hell, especially when trying to update central modules like
puppetlabs/stdlib or puppetlabs/apt or my special friend
puppetlabs/concat. There are always not that well maintained modules
that have something like puppetlabs-apt < 3.0.0 in their metadata.yaml
that makes upgrading these modules to current versions extremely
annoying. How do you handle this? Do you try to keep your modules up
to date and do you care for the version limits in the modules you use.
So far we often just did puppet module upgrade --force
--ignore-dependencies and usually it works without problem, but that's
not really the best solution for this problem. And maintaining
internal forks of all problematic puppet modules with fixed
dependencies would be a lot of work. Any hints would be appreciated.

Best regards
Karsten

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAL017hCvp4dV%2BRZy%2B5V%2Bt9zW42j3ffscxQB5uzN-%3Da1nj313Hg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/zarafa.5d244c58.39f2.41afe1db3688e057%40anjie.dontpanic.nl.
For more options, visit https://groups.google.com/d/optout.

RE: [Puppet Users] Puppet does not recognize bind mounts

[Bart-Jan Vrielink]

Hello,



I'm unable to reproduce this behavior. To see about which mounts Puppet knows 
about, use 'puppet resource mount' or 'puppet resource mount 
/pub/fedora/site/candidates/30'



# puppet resource mount /mnt/home
mount { '/mnt/home':
  ensure  => 'mounted',
  device  => '/home',
  dump    => '0',
  fstype  => 'none',
  options => 'rw,bind,seclabel,relatime,errors=remount-ro',
  pass    => '0',
  target  => '/etc/fstab',
}




-Original message-
From: Michael Watters 
Sent: Friday 7th June 2019 16:02
To: Puppet Users 
Subject: [Puppet Users] Puppet does not recognize bind mounts

I'm having an issue with puppet repeatedly attempting to mount resources which 
are configured as bind mounts on one of my nodes.  Here is a copy of the 
relevant lines from my manifest.

$koji_fedora_releases = ['28', '29', '30']

$koji_fedora_releases.each |$release| {
    ['released', 'testing'].each |$tag| {
        mount { "/pub/fedora/org/${tag}/${release}":
            ensure => mounted,
            device => 
"/storage/projects/koji/repos-dist/aos-${release}-${tag}/latest",
            fstype => 'none',
            options => 'rw,bind',
        }
    }
}

The agent is able to successfully apply these resources however it attempts to 
remount the directories every time that puppet runs.  For example, here is the 
output on the agent side.

Notice: 
/Stage[main]/Site::Fileserver01/Mount[/pub/fedora/site/candidates/30]/ensure: 
current_value unmounted, should be mounted (noop)
Info: /Stage[main]/Site::Fileserver01/Mount[/pub/fedora/site/candidates/30]: 
Scheduling refresh of Mount[/pub/fedora/site/candidates/30]
Notice: /Stage[main]/Site::Fileserver01/Mount[/pub/fedora/site/candidates/30]: 
Would have triggered 'refresh' from 1 events
Info: /Stage[main]/Site::Fileserver01/Mount[/pub/fedora/site/candidates/30]: 
Scheduling refresh of Mount[/pub/fedora/site/candidates/30]
Notice: 
/Stage[main]/Site::Fileserver01/Mount[/pub/fedora/site/released/30]/ensure: 
current_value unmounted, should be mounted (noop)
Info: /Stage[main]/Site::Fileserver01/Mount[/pub/fedora/site/released/30]: 
Scheduling refresh of Mount[/pub/fedora/site/released/30]
Notice: /Stage[main]/Site::Fileserver01/Mount[/pub/fedora/site/released/30]: 
Would have triggered 'refresh' from 1 events
Info: /Stage[main]/Site::Fileserver01/Mount[/pub/fedora/site/released/30]: 
Scheduling refresh of Mount[/pub/fedora/site/released/30]
Notice: 
/Stage[main]/Site::Fileserver01/Mount[/pub/fedora/site/testing/30]/ensure: 
current_value unmounted, should be mounted (noop)
Info: /Stage[main]/Site::Fileserver01/Mount[/pub/fedora/site/testing/30]: 
Scheduling refresh of Mount[/pub/fedora/site/testing/30]
Notice: /Stage[main]/Site::Fileserver01/Mount[/pub/fedora/site/testing/30]: 
Would have triggered 'refresh' from 1 events
Info: /Stage[main]/Site::Fileserver01/Mount[/pub/fedora/site/testing/30]: 
Scheduling refresh of Mount[/pub/fedora/site/testing/30]

These lines are repeated for each bind mount resource.

How does puppet actually verify that a device is mounted?  The source 
directories *are* mounted and I'm able to access data in each directory without 
an issue.


-- 
 You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
 To unsubscribe from this group and stop receiving emails from it, send an 
email to puppet-users+unsubscr...@googlegroups.com 
 .
 To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/198a335b-9582-4053-ae52-50cc15bf02b1%40googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.
 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/zarafa.5cff66f0.7f7e.52b6d4cd1fd0327d%40anjie.dontpanic.nl.
For more options, visit https://groups.google.com/d/optout.

RE: [Puppet Users] How to start puppet master for v6.0.0 or late

[Bart-Jan Vrielink]

Hi,



puppetserver is a Java process, so getting it to run on S390 is not entirely 
impossible. The package (either RPM or DEB) for puppetserver is listed as 
platform agnostic (architecture: all, or noarch), so the package itself should 
install. You may encounter dependencies that are not (easily) available on your 
platform.

Please note the difference between "it may work" and "this is a recommended way 
to run a Puppet server" :)



-Original message-
From: samding dd 
Sent: Wednesday 22nd May 2019 15:52
To: Puppet Users 
Subject: Re: [Puppet Users] How to start puppet master for v6.0.0 or late

Thank you for you reply.

But how to get/build puppetserver on other platform than x86_64?
The document of v6.4 says  to get puppetserver by first adding a repository and 
then install it as a normal  package. 
But I cannot get it for s390x in the same way, probably the repository does not 
support it.
Is there any way to build to build puppetserver from the Github directly?

Thanks,


On Wednesday, 22 May 2019 03:25:32 UTC-4, Bart-Jan Vrielink wrote:

Hello,



Puppet master has been deprecated for a while and is removed from Puppet 6. 
Instead of a puppet master, you should switch to using a puppetserver instead.

See https://puppet.com/docs/puppet/6.0/release_notes_puppet.html#webrick



-Original message-
From: samding dd 
Sent: Tuesday 21st May 2019 22:10
To: Puppet Users 
Subject: [Puppet Users] How to start puppet master for v6.0.0 or late

Hi there,

I am new to puppet. 
I want to know how to start puppet master for v6.0.0 or late versions. 
For version below v6.0.0, I can install puppet by:

   

   gem install puppet -v 5.5.14

Then start by :
  
   puppet master --verbose --no-daemonizepuppet

However, after v6.0.0, there is no subcommand "master" option.

If installing v6.4.2, the "puppet help" shows below:

"puppet]# puppet help

Usage: puppet  [options]  [options]

Available subcommands:

  Common:
agent The puppet agent daemon
apply Apply Puppet manifests locally
configInteract with Puppet's settings.
help  Display Puppet help.
lookupInteractive Hiera lookup
moduleCreates, installs and searches for modules on the Puppet 
Forge.
resource  The resource abstraction layer shell


  Specialized:
catalog   Compile, save, view, and convert catalogs.
describe  Display help about resource types
deviceManage remote network devices
doc   Generate Puppet references
epp   Interact directly with the EPP template parser/renderer.
facts Retrieve and store facts.
filebucketStore and retrieve files in a filebucket
generate  Generates Puppet code from Ruby definitions.
node  View and manage node definitions.
parserInteract directly with the parser.
scriptRun a puppet manifests as a script without compiling a 
catalog
ssl   Manage SSL keys and certificates for puppet SSL clients 

Thanks,




-- 
 You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
 To unsubscribe from this group and stop receiving emails from it, send an 
email to puppet...@googlegroups.com.
 To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/0d3ae17b-e47e-4c79-a631-88c2dc163311%40googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.


-- 
 You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
 To unsubscribe from this group and stop receiving emails from it, send an 
email to puppet-users+unsubscr...@googlegroups.com 
<mailto:puppet-users+unsubscr...@googlegroups.com> .
 To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/78d5e284-7147-42c6-a9a8-e249d8e6bceb%40googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.
 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/zarafa.5ce55c93.317a.7643fb7c6714e1bf%40anjie.dontpanic.nl.
For more options, visit https://groups.google.com/d/optout.

RE: [Puppet Users] How to start puppet master for v6.0.0 or late

[Bart-Jan Vrielink]

Hello,



Puppet master has been deprecated for a while and is removed from Puppet 6. 
Instead of a puppet master, you should switch to using a puppetserver instead.

See https://puppet.com/docs/puppet/6.0/release_notes_puppet.html#webrick



-Original message-
From: samding dd 
Sent: Tuesday 21st May 2019 22:10
To: Puppet Users 
Subject: [Puppet Users] How to start puppet master for v6.0.0 or late

Hi there,

I am new to puppet. 
I want to know how to start puppet master for v6.0.0 or late versions. 
For version below v6.0.0, I can install puppet by:

   

   gem install puppet -v 5.5.14

Then start by :
  
   puppet master --verbose --no-daemonizepuppet

However, after v6.0.0, there is no subcommand "master" option.

If installing v6.4.2, the "puppet help" shows below:

"puppet]# puppet help

Usage: puppet  [options]  [options]

Available subcommands:

  Common:
agent The puppet agent daemon
apply Apply Puppet manifests locally
configInteract with Puppet's settings.
help  Display Puppet help.
lookupInteractive Hiera lookup
moduleCreates, installs and searches for modules on the Puppet 
Forge.
resource  The resource abstraction layer shell


  Specialized:
catalog   Compile, save, view, and convert catalogs.
describe  Display help about resource types
deviceManage remote network devices
doc   Generate Puppet references
epp   Interact directly with the EPP template parser/renderer.
facts Retrieve and store facts.
filebucketStore and retrieve files in a filebucket
generate  Generates Puppet code from Ruby definitions.
node  View and manage node definitions.
parserInteract directly with the parser.
scriptRun a puppet manifests as a script without compiling a 
catalog
ssl   Manage SSL keys and certificates for puppet SSL clients 

Thanks,




-- 
 You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
 To unsubscribe from this group and stop receiving emails from it, send an 
email to puppet-users+unsubscr...@googlegroups.com 
 .
 To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/0d3ae17b-e47e-4c79-a631-88c2dc163311%40googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.
 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/zarafa.5ce4f961.0cfd.420fa2fa3ac35bec%40anjie.dontpanic.nl.
For more options, visit https://groups.google.com/d/optout.

RE: [Puppet Users] converting Puppet reports to JUnit

[Bart-Jan Vrielink]

Hello,



For rspec I have set the environment variable CI_SPEC_OPTIONS to '-r yarjuf -f 
JUnit -o result.xml -f progress'. This uses the gem yarjuf to generate a Junit 
results.xml file (which is saved as an artifact in Gitlab).



-Original message-
From: Luke Bigum 
Sent: Friday 10th May 2019 18:38
To: Puppet Users 
Subject: Re: [Puppet Users] converting Puppet reports to JUnit

On Friday, 10 May 2019 14:04:33 UTC+1, Henrik Lindberg wrote: I remember using 
a JUnit compatible report format plugin for rspec. 
Maybe that is what you are looking for? 
 
This was quite some time ago and I don't remember its name. 

Sort of. I also looking into rspec report formats as that would plug in better 
to rspec-puppet / beaker-puppet.  It's more to take the raw Puppet report YAML 
(https://puppet.com/docs/puppet/6.4/format_report.html) and converting it to a 
testing framework report format (an Junit is pretty common).  End result would 
look like any failures in the Puppet run could be presented in a CI system as 
"test" failures.

The YAML's pretty simple, it won't be too hard to write, just thought someone 
might have a great library that already does it...  :-)


-- 
 You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
 To unsubscribe from this group and stop receiving emails from it, send an 
email to puppet-users+unsubscr...@googlegroups.com 
 .
 To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/46c4dd81-5df0-4f38-95bb-20924222f916%40googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.
 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/zarafa.5cd91718.1d45.1808561a3b9872b9%40anjie.dontpanic.nl.
For more options, visit https://groups.google.com/d/optout.

RE: [Puppet Users] Push Puppet custom Facts to agent

[Bart-Jan Vrielink]

Hello,



Normally you would place custom facts in the directory lib/facter of a module 
(any module). When the setting pluginsync is true (and this is the default 
value for quite a long time), on the next puppet run this fact will be synced 
to the agent.



https://puppet.com/blog/introduction-pluginsync



-Original message-
From: Nikhil Patil 
Sent: Thursday 31st January 2019 13:48
To: Puppet Users 
Subject: [Puppet Users] Push Puppet custom Facts to agent

Hi All,

I have created the custom fact in ruby and placed in facterlib path on master. 
when i run facter -p on master i see the facter value in response. Now i want 
this to be pushed on all my agent from puppet master. how this can be achieved. 

Thanks & Regards
Nikhil


-- 
 You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
 To unsubscribe from this group and stop receiving emails from it, send an 
email to puppet-users+unsubscr...@googlegroups.com 
 .
 To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/f69c0165-5a41-45a5-a2b2-8837d7374a8c%40googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.
 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/zarafa.5c52f4bc.4b90.2aa915f0620fd775%40anjie.dontpanic.nl.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] External NSS based CA & puppetserver

[Bart-Jan Vrielink]

Hello,



I'm currently trying to upgrade a Puppet 3.8 site to something newer 
(eventually 5.5). The current setup uses Passenger with Apache and mod_nss.

The reason mod_nss is used is because it uses the /etc/httpd/alias NSS database 
that Red Hat IPA uses. In there, certificates for each host are tracked.



Moving forward, I see 3 scenarios, but have no clue yet if either one will work:

- Figure out how/if puppetserver (Jetty) supports NSS based certificates

- Continue to use the deprecated Rack/Passenger setup

- (Deep) Dive into the (undocumented) scripts that are responsible for 
populating the NSS certificate database and also have it generate .pem files.



Will either of the first 2 options work? Or are OpenSSL certificates the only 
external certificates that work with Puppet 4.x/5.x ??



Regards,

Bart-Jan Vrielink

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/zarafa.5b69f5ea.12f7.3da21cbe3bd5060f%40anjie.dontpanic.nl.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Puppet repository accessable on IPv6

[Bart-Jan Vrielink]

Hello,



I'm trying to install a puppet agent on a server that only has IPv6 access. Is 
there any mirror of yum.puppet.com that has IPv6 or are we waiting for the next 
greatest thing to come after IPv6?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/zarafa.5b23c5dd.3052.6f668b597e71d333%40anjie.dontpanic.nl.
For more options, visit https://groups.google.com/d/optout.

RE: [Puppet Users] Avoiding duplicate declaration in a loop?

[Bart-Jan Vrielink]

Hello,



They are duplicate resources because Puppet (on the server) parses the 
manifests and adds all resources found to a catalog that is sent to the client, 
which uses this catalog to update the configuration.

The catalog cannot have duplicate resources.



I know of 3 basic methods to alter the contents of a file with Puppet: augeas, 
file_line and concat. Augeas is quite powerful, and maybe not best suited for 
this specific task. file_line is part of the puppetlabs-stdlibs module you most 
likely already have installed and concat is in a separate puppetlabs-concat 
module.



Untested, but with file_line I would do something like this:



joesfriends = jack, sam, sally

$joesfriends.each | String $joesfriend | {

  file_line { $joesfriend:

    ensure => present,

    path   => '/etc/list_of_joes_friends',

    line    => 'whatever you want',

  }

}



This assumes the file /etc/list_of_joes_friends is already present.



-Original message-
From: buoyant_puppy 
Sent: Thursday 6th July 2017 23:45
To: Puppet Users 
Subject: [Puppet Users] Avoiding duplicate declaration in a loop?

Excuse my newbieness, but I'm having a basic misunderstanding regarding loops.

Say I have: joesfriends = jack, sam, sally

I need to add each entry into a file - one per line.

$joesfriends.each | String $joesfriends| {    # loop



  file { "/etc/list_of_joes_friends":    

    line => "${joesfriends}"

  }

}





This fails on a duplicate declaration errorbut how can there not be a 
duplicate, it's a loop? The examples in the docs avoid this particular 
situation by using the var in the filename, but that's not usually going to be 
an option.



-- 
 You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
 To unsubscribe from this group and stop receiving emails from it, send an 
email to puppet-users+unsubscr...@googlegroups.com 
 .
 To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/220aaba3-2cc4-4338-b575-349b8397f694%40googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.
 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/zarafa.595f4f95.0ca2.541e22d26cae771f%40anjie.dontpanic.nl.
For more options, visit https://groups.google.com/d/optout.

RE: [Puppet Users] ntp package_name

[Bart-Jan Vrielink]

João,



The default value is defined in data/common.yaml (as present), but depending on 
the OS version, this may be overridden. See hiera.yaml for what files may be 
consulted.



Note that this version of the ntp module requires at least Puppet version 4.7.0.



-Original message-
From: João Matos 
Sent: Wednesday 28th June 2017 13:58
To: Puppet Users 
Subject: [Puppet Users] ntp package_name

I am baffled!

package_manage is not defined anywhere. How is this possible?

https://github.com/puppetlabs/puppetlabs-ntp/blob/master/manifests/install.pp
if $ntp::package_manage {
     
    package { $ntp::package_name:
    ensure => $ntp::package_ensure,
    }
 

https://github.com/puppetlabs/puppetlabs-ntp/blob/master/manifests/init.pp


-- 
 You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
 To unsubscribe from this group and stop receiving emails from it, send an 
email to puppet-users+unsubscr...@googlegroups.com 
 .
 To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/e39d3782-29ec-4cd3-a04a-e7f0a45c2616%40googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.
 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/zarafa.5953a812.4e63.286e02834d7efc7f%40anjie.dontpanic.nl.
For more options, visit https://groups.google.com/d/optout.

RE: [Puppet Users] Problem in looking up key value from hieradata

[Bart-Jan Vrielink]

Hello,



There are a few issues with your example that need to be fixed, to make it work.

As a start, you need to prefix certain keywords in /etc/hiera.yaml with a colon 
(:). I have tested using this setup:

---
:backends:
  - yaml
:hierarchy:
  - node/%{::fqdn}
  - "%{::environment}"
  - global
:yaml:
  :datadir: /etc/puppet/hieradata


Apart from that, you are querying hiera using the node=puppetmaster fact, but 
in /etc/hiera.yaml you are using the fact fqdn as one of the hierarchy parts. 
So, switching to using 'hiera webserver ::fqdn=puppetmaster' should work.



-Original message-
From: Maruti Gangumolu 
Sent: Saturday 28th January 2017 10:02
To: Puppet Users 
Subject: [Puppet Users] Problem in looking up key value from hieradata

Hi All,

I want to integrate hiera with puppet conifguration tool for managing my data

This is my setup that I have

puppetmaster version = 3.6.2
hiera version = 1.3.4

This is what i defined in my puppet.conf configuration file of puppetmaster

hiera_config = /etc/puppet/hiera.yaml

This is how my hiera.yaml looks...

---
backends:
  - yaml
hierarchy:
  - node/%{::fqdn}
  - "%{::environment}"
  - global
yaml:
  datadir: /etc/puppet/hieradata

cd /etc/puppet/hieradata/node

[root@puppetmaster node]# cat puppetmaster.yaml 
---
webserver: puppetmaster

when trying to lookup hiera key value, I'm getting nil value. Could you please 
help me where I'm making mistakes?

[root@puppetmaster node]# hiera -d webserver ::node=puppetmaster
DEBUG: 2017-01-28 14:26:46 +0530: Hiera YAML backend starting
DEBUG: 2017-01-28 14:26:46 +0530: Looking up webserver in YAML backend
DEBUG: 2017-01-28 14:26:46 +0530: Looking for data source defaults
DEBUG: 2017-01-28 14:26:46 +0530: Cannot find datafile 
/var/lib/hiera/defaults.yaml, skipping
DEBUG: 2017-01-28 14:26:46 +0530: Looking for data source global
DEBUG: 2017-01-28 14:26:46 +0530: Cannot find datafile 
/var/lib/hiera/global.yaml, skipping
nil


Thanks,
Maruti.



-- 
 You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
 To unsubscribe from this group and stop receiving emails from it, send an 
email to puppet-users+unsubscr...@googlegroups.com 
 .
 To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/921fe6ed-1386-4684-bf0a-3e2f626df8d0%40googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.
 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/zarafa.588f39a7.20ad.287536a667ca920a%40anjie.dontpanic.nl.
For more options, visit https://groups.google.com/d/optout.