In our project we have the manifest ready, but we have not confirmed from where we can manage the manifest effectively. Gone through R10K and other obvious possible way was GITHUB. Can anyone suggest the best repository to manage manifests.
↧
How to manage puppet manifests
↧
Profile variable
Hello,
I am working with icinga2 and puppet 4. We add our services in 3 different ways, and I would like to display in icinga2_services in notes the profile where it was added. Just for later use, if something goes wrong. I would know where to look :-) So I using e.g. an apache profile called profile::apache::httpd::server. And in this profile I add all the httpd services.
And the notes look like this:
notes => ''origin: profile::apache::httpd::server',
Is there a way in puppet to use a variable/fact for that ?
Cheers,
- Pascal
↧
↧
Fundamentals training
Hi all,
Can anyone confirm whether the official puppet findamentals (classroom) and the puppet fundamentals (online) are the same course except for physical location ?
And whether they use the learning VM as the baseline to the course ?
THanks
↧
Trouble with facts/hiera after puppet upgrade
Hello,
I'm attempting to upgrade puppet 3.8 -> 4.10 (just on vagrant right now). I'm having trouble getting my hiera paths to resolve.
### facts.yaml
```
myfact: engineering
```
### hiera.yaml
---
version: 5
hierarchy: # Most specific to least specific
- name: "Yaml lists"
datadir: /etc/puppetlabs/code/environments/%{::environment}/hieradata
data_hash: yaml_data
paths:
- nodes/%{facts.myfact}.yaml
### Command
puppet lookup --facts /vagrant/facts.yaml --hiera_config=/vagrant/modules/puppet/files/hiera.yaml --merge deep --environment some_environment --explain --compile classes
Searching for "classes"
Global Data Provider (hiera configuration version 5)
Using configuration "/vagrant/modules/puppet/files/hiera.yaml"
Hierarchy entry "Yaml lists"
Path "/etc/puppetlabs/code/environments/some_environment/hieradata/nodes/.yaml"
Original path: "nodes/%{facts.myfact}.yaml"
Path not found
Function lookup() did not find a value for the name 'classes
### Problem
Notice how the path didn't fillin "myfact" at all. I've also tried where "myfact" is a symbol in the fact.yaml and I'm getting the same result. This behavior is also happening in `puppet apply` (which was working before upgrade). You'll notice that %{::environment} *is* working correctly though.
↧
file_line simply not working
Hi, I am using file\_line resource to match and replace but it's simply not working. I have tried with even simpler code but it simply ignoring my file\_line resource.
file { '/tmp/eureka.txt':
ensure => present,
}->
file_line { 'Append a line to /tmp/eureka.txt':
ensure => 'present',
path => '/tmp/eureka.txt',
line => 'Hello World',
}
I have already added "name": "puppetlabs-stdlib", "version": "4.17.0" and using PE 2015.2. After executing the above code I don't see any change happening except creation of the eureka file. Any idea?
↧
↧
corruption issue for activemq.xml after re-naming PAYG vm
If you follow the instructions on the AMI user guide page to set the hostname, the system corrupts the /etc/puppetlabs/activemq/activemq.xml file to where pe-activemq will not start.
The solution is fairly painless, you just need to remove the duplicate broker section towards the top, but this is far from easy to determine by the error statements, and failure modes.
↧
Error 500 on SERVER: Server Error: No space left on device - /opt/puppetlabs/server/data/puppetserver/yaml/node/HOSTNAME.XXXXX:XX.
Hi Team
we are trying to run puppet sync manually from users machine. and we are getting the below error :
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: Error 500 on SERVER: Server Error: No space left on device - /opt/puppetlabs/server/data/puppetserver/yaml/node/HOSTNAME.XXXXX:XX.yaml20170614-12154-ipv7wc.lock
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: No space left on device - /opt/puppetlabs/server/data/puppetserver/yaml/facts/HOSTNAME.XXXXX:XX.yaml20170614-12154-v82502.lock
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
↧
Is there support for Puppet on Oracle Linux/SPARC?
Oracle supports Oracle Linux on SPARC now:
http://www.oracle.com/technetwork/server-storage/linux/downloads/oracle-linux-sparc-3665558.html
Is there any plan to support this? If not, is there any guidance on how to build an agent for it?
I looked into building it myself but it looks like the method for building is only for supported platforms: https://github.com/puppetlabs/puppet-agent
↧
Hiera: Unable to pass parameters to nodes after declaring class (hiera_include).
Hi,
I'm trying to move a class declaration out of the main manifest and use Hiera instead, on a new Dev environment we recently set up.
I'm using hiera_include('classes'), as I am looking at using Hiera to declare said classes and that works, the specific nodes pull the config from Puppet when I run the Puppet agent.
What's not working for me is passing class parameters from Hiera, after declaring them. It just uses the default values.
Specifically, I am trying to pass a new value for cassandra::datastax_repo::descr and cassandra::datastax_repo::pkg_url . Manifest code below:
class cassandra::datastax_repo (
$descr = 'DataStax Repo for Apache Cassandra',
$key_id = '7E41C00F85BFC1706C4FFFB3350200F2B999A372',
$key_url = 'http://debian.datastax.com/debian/repo_key',
$pkg_url = undef,
$release = 'stable',
Do I need to add some extra config somewhere else for this to work??
For more information, I am working this module: [locp-cassandra](https://forge.puppet.com/locp/cassandra/0.4.0) and testing declaring the cassandra::datastax_repo class.
site.pp
node 'default' {
hiera_include('classes')
}
hiera.yaml
---
:backends:
- yaml
:yaml:
:datadir: "/etc/puppetlabs/code/environments/%{environment}/hieradata"
:hierarchy:
- nodes/%{trusted.certname}
- projects/%{project}
- common
hieradata
---
classes:
- cassandra::datastax_repo
cassandra::datastax_repo:
descr: Test repo
pkg_url: http://test.url
↧
↧
Exported Resource - Could not evaluate: Field 'key' is required
Hello beginner here. I'm trying to do the classic distribute ssh keys to every server in the puppet environment, but I seem to be running into a issue as I'm receiving the error: **Error: /Stage[main]/Ssh/Sshkey[puppet-dev]: Could not evaluate: Field 'key' is required**
Puppet code that I borrowed from the puppet documentation:
> class ssh { #Declare @@sshkey {> $::hostname: type => dsa, key =>> $::sshdsakey, } # Collect: Sshkey><<| |>> }
Running puppet agent:
> [root@puppet-dev modules]# puppet agent -t> Info: Using configured environment 'production'> Info: Retrieving pluginfacts> Info: Retrieving plugin> Info: Loading facts> Info: Caching catalog for puppet-dev.esxi.com> Info: Applying configuration version '1497521436'> Notice: /Stage[main]/Ssh/Sshkey[puppet-dev]/ensure: created> **Error: /Stage[main]/Ssh/Sshkey[puppet-dev]: Could not evaluate: Field 'key' is required**>Notice: Applied catalog in 0.23 seconds>
↧
A question related to classes in puppet
Hi Team,
I an new to puppet. I have seen few classes in puppet like below,
class splunk_install::files
What is `::files` indicate here..!? Why can't we just write `class splunk_install` ..!
I just want to know the importance of `::files` here..!?
Regards,
Rohith
↧
How to solve SWEET32 vulnerability in nginx
We have had a security scan which has highlighted a vulnerability on our puppet master server for port 443. This relates to the nginx master.
Has anyone else encountered this and if so how did you resolve it?
Unacceptable ciphers being used are reported as;
TLSv1
ECDHE-RSA-DES-CBC3-SHA Kx=ECDH Au=RSA Enc=3DES-CBC(168) Mac=SHA1
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1
Mostly down to the 3DES element.
↧
Manifest are not applying to client
I have configured site.pp which include the content to install httpd package to node, however logs show status=unchange.
host: puppetclient.example.com
time: 2017-06-14 17:07:51.671854723 +05:30
kind: apply
report_format: 4
puppet_version: 4.2.1
configuration_version: 1497439605
transaction_uuid: 9e4b5852-aab8-4fd2-9aaa-d1bd6bb733f4
environment: production
status: unchanged
↧
↧
Warning: You cannot collect exported resources without storeconfigs being set
Hi, I am trying out a masterless process for setting up an OpenStack cloud. I use the puppetlabs-haproxy (v1.5.0) module for setting up HAProxy. When I run my puppet manifest for the controller node like so ...
puppet apply -e 'include controller'
I get this warning:
Warning: You cannot collect exported resources without storeconfigs being set; the collection will be ignored at /etc/puppetlabs/code/environments/production/modules/haproxy/manifests/balancermember/collect_exported.pp:7:3
I have tried setting storeconfigs to true like this:
puppet config set storeconfigs true
But that results in this error:
Error: Cached facts for aos-mgmt-01 failed: Could not find terminus puppetdb for indirection facts
Error: Could not find terminus puppetdb for indirection facts
Error: Could not run: Could not retrieve facts for aos-mgmt-01: Could not find terminus puppetdb for indirection facts
I guess I can just ignore the warning but does anyone know what I can do to correct or suppress the warning?
Thanks
↧
Getting errors after my attempt to convert to hiera5
I upgraded to Puppet version 4.10 on the server. If my hiera version 3 hiera.yaml is in place i don't get any errors.
[root@orion puppet]# puppet --version
4.10.1
[root@orion puppet]# puppet agent --version
4.10.1
/etc/puppetllabs/puppet/hiera.yaml (version 3):
[root@orion puppet]# cat hiera.yaml
---
:backends:
- yaml
:yaml:
#:datadir: "/etc/puppetlabs/code/environments/%{::environment}/hieradata"
:datadir: "/etc/puppetlabs/code/hieradata"
:hierarchy:
- "nodes/%{::trusted.certname}"
- cc
- viawest
- common
So, on node it0556:
it0556 ~ # puppet agent --version
4.10.2
it0556 ~ # puppet agent -t
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for it0556
Info: Applying configuration version '1497554187'
Notice: Applied catalog in 0.63 seconds
When I update hiera.yaml to version 5 (i've removed it from /etc/puppetlabs/puppet/ and it is now in /etc/puppetlabs/code/environment/production/hiera.yaml):
[root@orion production]# pwd
/etc/puppetlabs/code/environments/production
[root@orion production]# cat hiera.yaml
---
version: 5
hierarchy:
- name: "Per-node data (yaml version)"
path: "nodes/%{trusted.certname}.yaml"
# ommitting datadir and data_hash to use defaults.
- name: "Other YAML hierarchy levels"
path: # can specify an array of paths instead of one
#- "location/%{facts.whereami}/%{facts,group}.yaml"
#- "groups/%{facts.group}.yaml"
- "os/%{facts.os.family}.yaml"
- "common.yaml"
#defaults:
# data_hash: yaml_data
# datadir: data
And back on node it0556:
it0556 ~ # puppet agent -t
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Function Call, Lookup of key 'lookup_options' failed: The Lookup Configuration at '/etc/puppetlabs/code/environments/production/hiera.yaml' has wrong type, entry 'hierarchy' index 1 entry 'path' expects a String value, got Tuple at /etc/puppetlabs/code/environments/production/modules/profile/manifests/buildworkstation/sudoers.pp:3:2 on node it0556
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Here is what the sudoers.pp file it mentions looks like:
[root@orion buildworkstation]# pwd
/etc/puppetlabs/code/environments/production/modules/profile/manifests/buildworkstation
[root@orion buildworkstation]# cat sudoers.pp
class profile::buildworkstation::sudoers {
include sudo
include sudo::configs
}
I do have a yaml file for node it0556 that has some sudoers related info in it. That file contains:
[root@orion nodes]# pwd
/etc/puppetlabs/code/environments/production/data/nodes
[root@orion nodes]# cat it0556.yaml
---
sudo::configs:
'fflintstone':
'content' : 'fflintstone ALL=(ALL) NOPASSWD: ALL'
'fred_flintstone':
'content' : 'fred_flintstone ALL=(ALL) NOPASSWD: ALL'
I am currently at a loss on how to correct this error. I'm hoping someone can point me in the right direction.
Thanks,
gene
↧
DSC: server rejected client credentials
I am trying to use the DSC Puppet module to create a replicate domain controller. However when running dsc_xaddomaincontroller, I am returned with "The server has rejected the client credentials".
I am passing into "domainadministratorcredential" and "safemodeadministratorpassword" something similar to the following:
> dsc_user { ‘sample_admin’:
> dsc_username => 'Administrator',> dsc_description => 'administrative’,
> dsc_ensure => present,> dsc_password => {> 'user' => pw_hash(‘sample_domain\administrator',
> 'SHA-512', 'mysalt'),> 'password' => pw_hash(‘SuperPassword’, 'SHA-512',
> 'mysalt')> },> dsc_passwordneverexpires => false,> dsc_disabled => true,> }
Any insight into this?
↧
one puppet master with two addresses because of NAT - puppet agent times out
I inherited a network that has a firewall-with-NAT in the middle of it. The puppet master is behind that firewall, on a 10.x.x.x address. Hosts inside that firewall are able to find the puppet master just fine.
However, hosts outside the firewall need to use the non-NAT address for routing, obviously. When I put two A records in DNS (one for the 10.x.y.z address and one for the routable 128.x.y.z address) the puppet agents outside the firewall sit and spin until they time out. When I hard-code the single 128.x.y.z address in /etc/hosts on the client puppet agent runs complete without problems.
(with an entry in /etc/hosts):
-bash-4.2$ getent hosts puppet
128.X.Y.Z puppet.[redacted] puppet
-bash-4.2$ sudo /opt/puppetlabs/bin/puppet agent -t
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for external.chscc.biostat.washington.edu
Info: Applying configuration version '1497563758'
[...]
(with regular DNS):
-bash-4.2$ getent hosts puppet
10.X.Y.Z puppet.[redacted]
128.X.Y.Z puppet.[redacted]
-bash-4.2$ sudo /opt/puppetlabs/bin/puppet agent -t
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: execution expired
Info: Retrieving pluginfacts
Info: Retrieving plugin
[...]
or, alternatively:
-bash-4.2$ sudo /opt/puppetlabs/bin/puppet agent -t
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Error: /File[/opt/puppetlabs/puppet/cache/lib]: Failed to generate additional resources using 'eval_generate': execution expired
[...]
Any pointers on how to fix this would be greatly appreciated.
nomad
↧
↧
How to execute two commands one after the other in puppet program
Hi Team,
below is my puppet program snippet..!:
FYI...
exec {'unpack_splunk_forwarder.tar.gz':
unless => 'test -f /opt/splunkforwarder/bin/splunk',
cwd => '/opt',
command => 'gunzip /opt/splunkforwarder.tar.gz && tar -xvf /opt/splunkforwarder.tar',
}
in `command` attribute i have specified two commands with `&& (AND)` condition between them. Ideally i want `gunzip` command to executed first and then `tar` command. But i guess both are executing simultaneously. How could i solve this problem..!?
Please help here..!
Regards,
Rohith
↧
Opensource Puppet Master Setup Issue causing unable to get local issuer certificate for /CN=puppet
I have to give up using PE to set up my puppet master :( and I have been thrown to the cold cruel Opensource Puppet world.
I have been trying to set up a opensource puppet master on a RHEL7 system. I am planning to do this a couple of times so wrote a very simple shell script. Here's the script:
#!/bin/sh
pc_rpm_name='puppetlabs-release-pc1'
pc_yum_repo_url="https://yum.puppetlabs.com/${pc_rpm_name}-el-7.noarch.rpm"
# set up puppet collection yum repo
rpm -Uvh $pc_yum_repo_url
yum -y install puppetserver
systemctl start puppetserver
/opt/puppetlabs/bin/puppet module install puppetlabs-puppetdb --version 5.1.2
I have a puppet master puppet class I wrote it is very simple:
class my_puppetmaster {
class { 'puppetdb': listen_address => %{::fqdn} }"
include puppetdb::master::config
}
I want to use hiera for my node classification so I have done this:
# pwd
/etc/puppetlabs/code/environments/production/manifests
# cat site.pp
hiera_include('classes')
I have also created this file:
# pwd
/etc/puppetlabs/code/environments/production/hieradata/nodes
# cat puppet_master.yaml
classes:
- my_puppetmaster
And here is my hiera.yaml file:
# pwd
/etc/puppetlabs/puppet
# head hiera.yaml
---
:backends:
- yaml
:hierarchy:
- "nodes/%{::trusted.certname}"
- "nodes/%{::role}"
...
I haven't gotten around to set up a custom fact yet. I figure I could testing out at the point by rebooting the system to give everything a good shake out and then running `puppet agent -t` and see what happens. When I run `puppet agent -t` on the puppet master I get this output:
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=puppet]
Info: Retrieving pluginfacts
Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=puppet]
Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=puppet]
Info: Retrieving plugin
Error: /File[/opt/puppetlabs/puppet/cache/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=puppet]
Error: /File[/opt/puppetlabs/puppet/cache/lib]: Could not evaluate: Could not retrieve file metadata for puppet:///plugins: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=puppet]
Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=puppet]
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=puppet]
I guess I left something out of my set up script. So ... what did I miss?
Thanks
Red
↧
How to declare my defined class in puppet..!?
Hi Team,
I have the below `splunk_install.pp` under `.../aoa_agent_installation/manifests/splunk_install.pp`
class aoa_agent_installation::splunk_install {
file {
}
exec {
}
...
}
Now, where i have to declare it and How..!?
Please help here..!
Regards,
Rohith
↧