[Puppet Users] Heartbleed Security Bug: Update for Puppet Users

As you probably know, the OpenSSL project recently announced a serious security vulnerability in OpenSSL affecting versions 1.0.1 and 1.0.2 (CVE-2014-0160[1]), currently referred to as "Heartbleed"[2]. This vulnerability allows unauthorized users access to private data such as encrypted traffic

Re: [Puppet Users] Emergency Certificate Revocation Procedure

On 2014-04-08 21:43, Matthew Burgess wrote: On 8 Apr 2014 09:29, "Tom" wrote: > > Hi, > > In light of the recently publicised vulnerability in OpenSSL versions provided on RHEL6/CentOS6 http://heartbleed.com/ [2], do you have any recommendations on a procedure to regenerate new master certif

[Puppet Users] Re: Is there a puppet module for tomcat and apache

Al, I want to install Tomcat7 on CentOs 6.4, and was wondering if i can either use your puppet module, or any module you know that works Thanks, -Kamal. On Friday, 4 April 2014 19:17:03 UTC-4, Alessandro Franceschi wrote: > > I expect this to work: > https://github.com/example42/puppet-tomcat >

Re: [Puppet Users] Need help optimizing our Puppet module

On 2014-07-04 22:03, Harrison Ripps wrote: Hey all-- Over at OpenShift we are big fans of Puppet. We've developed our own module , which is central to our OpenShift Origin installer and to our Vagrant-based develop

Re: [Puppet Users] Emergency Certificate Revocation Procedure

On 8 Apr 2014 09:29, "Tom" wrote: > > Hi, > > In light of the recently publicised vulnerability in OpenSSL versions provided on RHEL6/CentOS6 http://heartbleed.com/, do you have any recommendations on a procedure to regenerate new master certificates and then revoke, clean and re-sign all client S

Re: [Puppet Users] Re: Trying to deploy / update logmein on Windows 7x64 with Puppet 3.4.3, getting error

On Mon, Apr 7, 2014 at 2:34 PM, Adam Stacey wrote: > On Monday, 7 April 2014 18:39:54 UTC+1, jmp242 wrote: >> >> So I'm trying to do this: >> file {'logmein.msi': >> path => 'C:/ProgramData/puppetfiles/logmein.msi', >> source => "puppet:///modules/logmein/Log

[Puppet Users] Re: Need help optimizing our Puppet module

Hey all-- Thanks for this great feedback; much appreciated. I'll take a shot at making some of these changes and see if any other speed benefit opportunities materialize in the process. I'll post my GitHub pull requests here in case you're interested in commenting on the changes. Cheers, Harris

[Puppet Users] Re: Edit a XML configuration file with templates

On Monday, April 7, 2014 5:24:15 PM UTC-5, Edward wrote: > > Hello, > > I am automating with Puppet the installation of a software on a Windows > puppet agent. At a moment I need to edit a configuration file (xml file). > No, in fact you need to ensure that a particular attribute of a particul

[Puppet Users] Re: Windows puppet agent SSL cert revocation woes.

On Monday, April 7, 2014 4:57:43 PM UTC-5, Charlie Baum wrote: > > I have 8 or 9 Windows 2012 servers with latest puppet client 3.4.3. Out > of those, 4 of them have experienced issues with the SSL cert. Here is > what my event log contains: (each line is a different entry in the event > log

Re: [Puppet Users] Re: Can ERB templates be used to process hashes of arbitrary depth?

John, thank you very much for the most informative reply. On 2014-04-08 16:31, jcbollinger wrote: > Actually, no, sorting the keys is a primary concern because otherwise > the computed content may not be stable, which could cause Puppet to > needlessly update the file. By that statement I meant

Re: [Puppet Users] Need help optimizing our Puppet module

On Monday, April 7, 2014 5:06:25 PM UTC-5, denmat wrote: > > Hi, > > And further to that I also did a quick skim and found you use augeas for a > few resources that can probably be better executed with simpler resource > types (I'm looking at you yumrepo). Augeas is costly from my understandin

[Puppet Users] Re: Can ERB templates be used to process hashes of arbitrary depth?

On Monday, April 7, 2014 6:58:40 PM UTC-5, Andreas Ntaflos wrote: > > Hi list, > > I am in the process of writing a module to manage strongSwan, an IKE > keying daemon for IPsec VPNs on Linux [1]. The strongSwan daemon's > (charon) configuration file is basically formatted like a hash, with >

Re: [Puppet Users] fileserving in parser function

I am getting this error in rpec using the puppet gem 3.4.3 On Monday, April 7, 2014 10:43:38 AM UTC-4, Rob Reynolds wrote: > > Rich, > What version is the puppet agent? > > > On Fri, Apr 4, 2014 at 3:51 PM, Rich Siegel > > wrote: > >> In my loadcsv parser function I do (I stripped out all non-

Re: [Puppet Users] Re: chaining of create_resources

Le mardi 8 avril 2014 15:27:13 UTC+2, jcbollinger a écrit : > > No, that's very mixed up. > > There are three different, but related, things that are being commingled > there: the 'require' statement/function of Puppet DSL, a hash key 'require' > in the hiera data describing a resource, and, b

Re: [Puppet Users] Emergency Certificate Revocation Procedure

On Tue, Apr 8, 2014 at 12:57 AM, Tom wrote: > > In light of the recently publicised vulnerability in OpenSSL versions > provided on RHEL6/CentOS6 http://heartbleed.com/, do you have any > recommendations on a procedure to regenerate new master certificates and > then revoke, clean and re-sign all

[Puppet Users] Retrieving pluginfacts?

This is new to our environment and is only occurring on a handful of systems: When they run puppet agent, we see this: # puppet agent -t Info: Retrieving pluginfacts Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional resources using 'eval_generate': Error 400 on SERVER: Not au

Re: [Puppet Users] Re: chaining of create_resources

On Monday, April 7, 2014 11:53:39 AM UTC-5, Baptiste wrote: > > Hi, > > Le mercredi 26 mars 2014 16:03:05 UTC+1, Jose Luis Ledesma a écrit : >> >> >> About using the "require" I think the problem is the parser doesn't found >> the File['/local_area'] beacuse it's created in the "create_resources

[Puppet Users] Re: Trying to deploy / update logmein on Windows 7x64 with Puppet 3.4.3, getting error

The file resource is working fine, so I seriously doubt it would be 1). On 2) are you suggesting source_permisisons => ignore so "On Windows, Puppet will use the default DACL associated with the user it is running as"? I can try, but again, I use the same template, with the same permissions in

Re: [Puppet Users] How to configure puppetDB

> How to configure PuppetDB with puppet?, please give me some static document > for the same.. http://docs.puppetlabs.com/puppetdb/1.6/ ken. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emai

Re: [Puppet Users] Re: Getting latest agent on debian for ARM?

Ah nice! I did the same on the dream plug. It's the same chip. On Tuesday, April 8, 2014 5:07:52 AM UTC-7, Dirk Heinrichs wrote: > > Am 08.04.2014 12:29, schrieb JonY: > > Not sure. The devices are fanless PCs called 'dream plugs'. How would I > determine the chip id? > > > I've got a Gurupl

[Puppet Users] How to configure puppetDB

Hello Group, How to configure PuppetDB with puppet?, please give me some static document for the same.. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-

Re: [Puppet Users] How to remove a directory?

file {'remove_directory': ensure => absent, path=> '/your/directory', recurse => true, purge => true, force => true, } On Tuesday, April 8, 2014 9:06:42 AM UTC-3, Felix.Frank wrote: > > Hi, > > On 04/07/2014 04:31 PM, jcbollinger wrote: > > Or maybe it would work to u

Re: [Puppet Users] Re: Getting latest agent on debian for ARM?

Am 08.04.2014 12:29, schrieb JonY: > Not sure. The devices are fanless PCs called 'dream plugs'. How would > I determine the chip id? I've got a Guruplug, which is the predecessor. It's armv5tel, running on Marvel Feroceon CPU. % cat /proc/cpuinfo processor : 0 model name : Feroceon 88

Re: [Puppet Users] How to remove a directory?

Hi, On 04/07/2014 04:31 PM, jcbollinger wrote: > Or maybe it would work to use just one File resource with ensure => > 'absent', recurse => 'true'. I would expect this to be the case, and IIRC force => true will also be necessary for non-empty directories (this may even lift the need to recurse).

[Puppet Users] Re: Newbie namespace question: how to access variable in different module

Hi John, many thanks for your detailed answer! Yes, I am somewhat socialized with Python and have just started with Puppet ;) Cheers and thanks, Thomas -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop

Re: [Puppet Users] Re: Remove certificate requests

Hi, this approach to working around the issue is pretty horrible IMHO. I would recommend to go ahead and use Tim's approach of just removing the CSR files manually. That is both less error prone and more secure. Regards, Felix On 04/07/2014 07:35 PM, Leon Springer wrote: > I created a quick scri

Re: [Puppet Users] Re: Getting latest agent on debian for ARM?

Not sure. The devices are fanless PCs called 'dream plugs'. How would I determine the chip id? On Monday, April 7, 2014 10:40:11 PM UTC-7, Ashutosh Parida wrote: > > > Hey Jon, > > I am also planning to deploy puppet on ARM and am glad to see you tried > and may be you fixed issues with it. > I

[Puppet Users] Edit a XML configuration file with templates

Hello, I am automating with Puppet the installation of a software on a Windows puppet agent. At a moment I need to edit a configuration file (xml file). I need to change the value of the "address" property in this bean: http://10.126.81.152:8088/MockIM"; /> I searche

[Puppet Users] Dashboard cert uses wrong name

Why do I have "pe-internal-dashboard" all over my puppet master installation? I specified a hostname during installation, and that hostname appears in some places. But in puppet-dashboard/settings.yml, the cn_name is "pe-internal-dashboard", and all the certs have that in the filename (although

Re: [Puppet Users] Re: Getting latest agent on debian for ARM?

Hey Jon, I am also planning to deploy puppet on ARM and am glad to see you tried and may be you fixed issues with it. I dropped a mail to Puppetlabs, seeking information as to what is their roadmap for supporting puppet on ARMv7 and later releases and puppetlabs replied back saying currently t

[Puppet Users] Windows puppet agent SSL cert revocation woes.

I have 8 or 9 Windows 2012 servers with latest puppet client 3.4.3. Out of those, 4 of them have experienced issues with the SSL cert. Here is what my event log contains: (each line is a different entry in the event log, all within about 1.5 seconds) *Unable to fetch my node definition, but

[Puppet Users] Emergency Certificate Revocation Procedure

Hi, In light of the recently publicised vulnerability in OpenSSL versions provided on RHEL6/CentOS6http://heartbleed.com/ , do you have any recommendations on a procedure to regenerate new master certificates and then revoke, clean and re-sign all client SSL certificat