Puppet Uesrs,
How do you deal with sensitive data in your puppet config that does
not belong in revision control? Think about things like SSL keys or
passwords.
i.e.
/etc/ldap.conf
...
binddn cn=foo,dc=example,dc=com
bindpw mysocratesnote
...
As of now we store the bindpw as a variable then re
In both cases for hiera and trocla doesn't the password end up in the
catalog and don't other things like the dashboard consume the catalog?
Does that mean the passwords are available in dashboard?
Is there a way to cause the client to pull down the password without
including it in the catalog?
Ok folks, I've read BestPractices and probably most of the wiki docs but I
am still banging my head about how to layout a new puppet deployment.
Everything is fresh, fresh repo, fresh puppet install.
We will use SVN for version control.
Here are some of my challenges. I go back and forth on how
Is the puppet documentation still in git somewhere and I can just
submit a pull request? I that the section on undefined variables in
the templating document was lacking. When using paramaterized
classes, default values for variables and has_variable?() the results
may not be what one expects. M
On Sat, May 19, 2012 at 9:47 PM, Dan White wrote:
> In my experience, replacements for NIS are things like LDAP and DNS
>
> While Puppet can help with the implementation, IMHO it cannot do the actual
> work of any of these services.
I tend to agree with Dan on this one. I am a fan of LDAP for
u
Guy,
Check the debug output of the agent. puppetd --debug or puppet agent
--debug (I think)
Or try running the same set with augtool from the command line.
# augtool --noload
augtool> set /files/etc/php5/fpm/php.ini/PHP/error_log /var/log/php/php.log
augtool> print /augeas//error
See what the
stuff
> behind the scenes.
>
> In my augeas lenses folder on the server I have both php.aug and
> sudoers.aug, and like I said, when I run augtool without --noload I can
> access these config files and change items perfectly fine.
>
> Thanks,
> Guy
>
>
> On Fri, J
mplying that the puppet augeas resource
> type acts in '--noload' mode, then?
>
> I tried doing the fully qualified set statement but it still does nothing,
> unfortunately.
>
>
> On Fri, Jun 15, 2012 at 2:20 PM, Alan Evans wrote:
>>
>> Guy,
>>
&g
>From what I can tell there is no need to use alternate names. You can
make the F5 appear to the clients to be the puppetmaster by leveraging
the F5 to do SSL offloading and part of the certificate verification
taking some load off your puppet masters. Even more though, since the
puppet environme
I believe the open-vm-tools at http://packages.vmware.com/tools are ESX
host version agnostic.
We pull the rhel 4-6 repos into RHN satellite and just use puppet ensure
the latest is installed.
If you do t use satellite you could just clone the repo and configure yum
on the clients.
Packages are
Budicom,
One thing I might suggest is not to put the entire JBoss directory in
puppet and realize it as a file resource. As gross as it is for a
former employer I used the zip deployment and extracted the zip file.
Disclaimer: No syntax checking, no validation YMMV, for example only. :)
file {
I have run into the problem of mutually exclusive classes in the past and I
have not found a great way to work it out. Consider the module
https://forge.puppet.com/wazuh/wazuh/readme which defines wazuh::agent and
wazuh::manager. The way the software is designed a node can be either an
agent
Hey Karsten thank you for your thoughts.
On Tuesday, November 5, 2019 at 1:52:12 AM UTC-7, Karsten Heymann wrote:
>
> Hi Alan,
>
> I would simply do
>
> class profile::base { include profile::wazuh }
>
> class profile::wazuh (
> Boolean $manager = False
> ) {
> if $manager {
> inclu
Sorry, I misread. I see what you're saying. This is like what I was
proposing w/ hiera. The trouble is that it's not really R&P then as has
been brought up by jcbollinger.
On Tuesday, November 5, 2019 at 5:27:33 PM UTC-7, Alan Evans wrote:
>
> Hey Karsten thank you for y
true
On Wednesday, November 6, 2019 at 2:55:02 AM UTC-7, Karsten Heymann wrote:
>
> Am Mi., 6. Nov. 2019 um 01:54 Uhr schrieb Alan Evans >:
> > Sorry, I misread. I see what you're saying. This is like what I was
> proposing w/ hiera. The trouble is that it's no
I love Automatic Parameter Lookup (APL) and hiera in general. But one
thing I have found awkward is that `lookup_options` are found in the hiera
data. In general the idea is to separate data from code right? Lookup
options do not feel like data to me, but more like something I would find
in
While _most_ things I want to manage via Puppet have modules on the forge
that are well maintained, tested and highly flexible. Sometimes though, I
find that there is something that my organizations uses that is just not
common enough to have a module on the forge.
In roles/profiles we conside
On Tuesday, June 9, 2020 at 6:22:55 AM UTC-6, A Manzer wrote:
>
> Option A, 100%.
>
> Why change your coding pattern just because a module isn't from the
> Forge? Who knows, maybe one day you'll post it yourself on the Forge!
>
I try to write modules as if I am going to post them to the Forge.
>
> Either you need to manage that
> complexity or you don't.
>
You are right and we have already decided that RP is warranted. So yeah,
module + profile.
Thank you for your input,
-Alan
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To
I am writing a module to manage a product w/ a few components. There are a
few parameters that are common to most of the components but there may be
cases where it would be useful to override the values from one component to
another. I can see two ways to handle this, 1. inheritance and 2. inc
20 matches
Mail list logo
