I have a package installed with puppet: apt::ppa { 'ppa:thopiekar/cura': ensure => present, } package { 'cura': ensure => latest, require => [ Class['apt::update'], Apt::Ppa['ppa:thopiekar/cura'] ], } The package has stopped working, but I can get it to work if I manually remove it and its dependencies and reinstall: sudo apt remove cura sudo apt autoremove sudo apt install cura How can I get puppet to do this reinstall process on my nodes? I haven't pinpointed the cause of the error, but I know that reinstalling this way fixes it.

What is the standard way to set a static IP on a node after it has been deployed with Razor. I am doing a POC with Razor, I was able to deploy a CentOS server. However, I'm unsure of how to set the static IP. It would be preferable if I could set it during the Razor install. Or configure it after install using the puppet agent.

I am new to puppet, I want to make a class that creates users and sets their password to be managed and **encrypted**. Is this possible? I cant seem to find anyway of doing it by default? e.g. class users { user { "foo": ensure => present, managehome => true, home => "/home/foo", password => '!!', password_max_age => '99999', password_min_age => '0', } } Isn't !! == not a password? Do I just set each users password to password => 'password' or randomly generate one for each user? I read that you can use stdlib to encrypt it, e,g, password => pw_hash('password', 'SHA-512', 'mysalt') I am unsure how I would tie this INTO the class script without installing it prior. (I would rather have it part of this script for less manual execution of scripts) Thanks for the read!

I am new to puppet, I want to make a class that creates users and sets their password to be managed and **encrypted**. Is this possible? I cant seem to find anyway of doing it by default? e.g. class users { user { "foo": ensure => present, managehome => true, home => "/home/foo", password => '!!', password_max_age => '99999', password_min_age => '0', } } Isn't !! == not a password? Do I just set each users password to password => 'password' or randomly generate one for each user? I read that you can use stdlib to encrypt it, e,g, password => pw_hash('password', 'SHA-512', 'mysalt') I am unsure how I would tie this INTO the class script without installing it prior. (I would rather have it part of this script for less manual execution of scripts) Thanks for the read!

Millions of followers from all around the world, a huge organisational setup up carrying out service activities motivated and inspired by him in more than 120 countries, millions of dollars worth philanthropy, a village which was once just ram, www.youtube.com, a stones' throw away from stone age transformed to an international spiritual destination, an airport and a railway station attached to this remote village which otherwise would have been a poor and remote area of India, state of the art super specialty hospitals providing free medical care to the poorest of the poor, free but quality educational institutions of the highest reputation and grading - these are some of the striking achievements that world renowned spiritual guru -Sri Sathya Sai Baba achieved during His 85 years of earthly sojourn in the world famous Spiritual destination Prasanthi Nilayam, his abode in south India.

"I am God. And you too are God. The only difference between you and Me is that while I am aware of it, you are completely unaware." This was the answer Bhagawan Sri Sathya Sai Baba used to give to people who query him about his identity and divinity. Considered by many as a Divine Incarnate, Sai Baba's accomplishments speak volumes of his unflinching commitment to his vision - to unite humanity through a common bond of Love. Through thousands of public discourses and interactions in private with his devotees, he always emphasised that true and selfless love to fellow human beings is the only panacea for all the illnesses of this grief and strife torn world. Love All Serve All and Help Ever Hurt Never is his clarion call to all his followers to bring about a semblance of peace and steadiness to directionless humanity bereft of unity and love.

The presence of a large number of people from varied backgrounds, irrespective of caste, creed, religion, nationality is a true testament to his universal message of brotherhood - all are one - be alike to everyone. A visit to Prasanthi Nilayam, the spiritual empire and the ashram of Sri Sathya Sai Baba is a must in the travel schedule of every spiritual seeker visiting India. The grandeur and the glory of the most popular spiritual master can only be experienced and cannot be explained and for seeking such an experience, a visit to Prasanthi Nilayam is the only simple method. If money were to be the only resource required to replicate and undertake the noble initiatives of Sri Sathya Sai Baba, then by now there should have been multitudes of wealthy men with similar accomplishments. Sai Baba has proved that pure love towards fellow men and good and noble intentions are the only investments that one need to put in and that money shall never be a constraint for one who sole intentions are nothing but rendering selfless service to the needy. Sri Sathya Sai Baba often says that "My life is my message" and his message has been "Hands that serve are holier than lips that pray". Inspired by Sai Baba's example there have been many such similar initiatives undertaken all around the globe - be it distribution of food to the poor, be it rendering medical care by organising free medical camps across the globe or be it running of free schools - they were all the truly the works of God inspiring the humanity to take to the right path of service to humanity.

While the Indian media in general and local media in particular chose to conveniently ignore and highlight the noble works that Sai Baba has carried out during his life time, Prasanthi Nilayam became a much sought after destination for hordes of broadcast vans of media houses to transmit and cover his final days in hospital by raking up a controversy surrounding his health. His unfortunate and untimely exit and the subsequent bickerings and media reporting of certain allegations against some of his close associates might have taken some gloss off the accomplishments of Spiritual Master, but the legacy and the glory of one of the most revered personalities shall be eternal and always stay enshrined in the hearts of millions of his devotees for whom Sri Sathya Sai Baba has not only been a mere guru but their friend, philosopher, guide, father and mother and much more.

Hi, I am trying the latest puppet/puppetserver docker image and while getting the following error: root@a25018447d66:/# puppet resource user `whoami` Error: Could not run: Failed to open TCP connection to puppet:8140 (getaddrinfo: Name or service not known) While I understand that I can modify /etc/hosts to have puppet as the hostname, I'm trying to find out why I'm getting this error while I'm trying to find out information about a resource on a node locally. Thanks in advance.

I have a project where they are using Vagrant provision to load puppet modules. the modules are available in a directory inside the project most of them are git projects. I'm a beginner in using puppet, I'm asking if there is a way to install those modules without using vagrant provision. Can I install them one by one, I tried this but modules are coupled, I think there is a way to install them all at one time

I need to grep a string in a line using puppet using regular expressions. $var=['varms01' , 'varms02'] I need to run puppet exec onlyif varms01 and varms02 are not present in my config file. I am not sure How to implement this.

I am unable to successfully apply Puppetlabs/tomcat 2.0.0 to a CentOS apache server. Mod 'puppetlabs/apache', '1.6.0' was successfully applied. The errors suggest that the instance is trying to pick up information from /opt/apache-tomcat-8.0.41 but this is not the install directory I have defined - and does not exist. Any help greatly appreciated. Regards Ewan Errors: ===== Error: /Stage[main]/Profiles::Notify_tomcat/Tomcat::Instance[notify-tomcat8-instance]/Tomcat::Instance::Copy_from_home[/apps/notify/apache-tomcat-8.0.41/conf/catalina.policy]/File[/apps/notify/apache-tomcat-8.0.41/conf/catalina.policy]: Could not evaluate: Could not retrieve information from environment dti020_34 source(s) file:/opt/apache-tomcat/conf/catalina.policy Error: /Stage[main]/Profiles::Notify_tomcat/Tomcat::Instance[notify-tomcat8-instance]/Tomcat::Instance::Copy_from_home[/apps/notify/apache-tomcat-8.0.41/conf/context.xml]/File[/apps/notify/apache-tomcat-8.0.41/conf/context.xml]: Could not evaluate: Could not retrieve information from environment dti020_34 source(s) file:/opt/apache-tomcat/conf/context.xml Error: /Stage[main]/Profiles::Notify_tomcat/Tomcat::Instance[notify-tomcat8-instance]/Tomcat::Instance::Copy_from_home[/apps/notify/apache-tomcat-8.0.41/conf/logging.properties]/File[/apps/notify/apache-tomcat-8.0.41/conf/logging.properties]: Could not evaluate: Could not retrieve information from environment dti020_34 source(s) file:/opt/apache-tomcat/conf/logging.properties Error: /Stage[main]/Profiles::Notify_tomcat/Tomcat::Instance[notify-tomcat8-instance]/Tomcat::Instance::Copy_from_home[/apps/notify/apache-tomcat-8.0.41/conf/server.xml]/File[/apps/notify/apache-tomcat-8.0.41/conf/server.xml]: Could not evaluate: Could not retrieve information from environment dti020_34 source(s) file:/opt/apache-tomcat/conf/server.xml Error: /Stage[main]/Profiles::Notify_tomcat/Tomcat::Instance[notify-tomcat8-instance]/Tomcat::Instance::Copy_from_home[/apps/notify/apache-tomcat-8.0.41/conf/web.xml]/File[/apps/notify/apache-tomcat-8.0.41/conf/web.xml]: Could not evaluate: Could not retrieve information from environment dti020_34 source(s) file:/opt/apache-tomcat/conf/web.xml Manifest extract: ============ # Install Tomcat using the Forge module. $notify_catalina_base = "${notify_install_dir}/apache-tomcat-${notify_tomcat_version}" $notify_catalina_home = "${notify_install_dir}/apache-tomcat-${notify_tomcat_version}" file { "${notify_install_dir}/apache-tomcat": ensure => link, target => "apache-tomcat-${notify_tomcat_version}", require => File["${notify_install_dir}/apache-tomcat-${notify_tomcat_version}"], } class { '::tomcat': user => $notify_owner, group => $notify_group, manage_user => false, manage_group => false, } ::tomcat::install { '/apps/notify': source_url => "http://archive.apache.org/dist/tomcat/tomcat-${notify_tomcat_major_version}/v${notify_tomcat_version}/bin/apache-tomcat-${notify_tomcat_version}.tar.gz", } # Configure Tomcat. ::tomcat::instance { 'notify-tomcat8-instance': catalina_base => $notify_catalina_base, } ::tomcat::config::server { 'notify-tomcat8-config-server': catalina_base => $notify_catalina_base, port => '#removed#', } # REMOVES the default http connector on port 8080 as this is not used ::tomcat::config::server::connector { 'notify-tomcat8-http': catalina_base => $notify_catalina_base, port => '8080', protocol => 'HTTP/1.1', connector_ensure => 'absent' } ::tomcat::config::server::connector { 'notify-tomcat8-ajp': catalina_base => $notify_catalina_base, port => $notify_ajp_port, protocol => 'AJP/1.3', additional_attributes => { 'proxyPort' => '443', 'scheme' => 'https', 'tomcatAuthentication' => false, 'address' => '127.0.0.1', 'maxThreads' => '512', }, } ::tomcat::service { 'notify-tomcat8-service': catalina_base => $notify_catalina_base, service_ensure => 'running', } # Remove the default Tomcat webapps. file { [ "${notify_catalina_base}/webapps/docs", "${notify_catalina_base}/webapps/examples", "${notify_catalina_base}/webapps/host-manager", "${notify_catalina_base}/webapps/manager", "${notify_catalina_base}/webapps/ROOT", ]: ensure => absent, recurse => true, force => true, purge => true, backup => false, require => Tomcat::Instance['notify-tomcat8-instance'], } ::tomcat::setenv::entry {'CATALINA_OPTS': value => "\ -Xms256m -Xmx1024m -server -XX:+PrintGCDetails -XX:+PrintGCTimeStamps -XX:+PrintGCApplicationConcurrentTime -XX:+PrintGCApplicationStoppedTime -verbose:gc -Xloggc:${notify_tomcat_home}/logs/GC.log", config_file => "${notify_install_dir}/notify-env-opts", require => Tomcat::Instance['notify-tomcat8-instance'], } } All relevant file listings below. 2. Puppetfile tomcat entry ========================== mod 'puppetlabs/tomcat', '2.0.0' 3. Manifests ============= 3.1 notify_tomcat.pp --------------------- [escott12@es-puppet dti020_34]$ cat ./site/profiles/manifests/notify_tomcat.pp # == Class: profiles::notify_tomcat # # The profile for notify application servers. # # === Parameters # # None. # # === Authors # # #removed# # class profiles::notify_tomcat { # Get the tier of the application from Hiera. $jdk_version = hiera('profiles::javaroot::jdk_version') $jdk_version_update = hiera('profiles::javaroot::jdk_version_update') $jdk_version_build = hiera('profiles::javaroot::jdk_version_build') $javaroot_install_dir = hiera('profiles::javaroot::javaroot_install_dir') $notify_tomcat_major_version = hiera('profiles::notify::tomcat_major_version') $notify_tomcat_version = hiera('profiles::notify::tomcat_version') $notify_tomcat_home = hiera('profiles::notify::tomcat_home') $notify_owner = hiera('profiles::notify::notify_owner') $notify_group = hiera('profiles::notify::notify_group') $notify_install_dir = hiera('profiles::notify::notify_install_dir') $notify_url = hiera('profiles::notify::notify_url') $notify_ajp_port = hiera('profiles::notify::notify_ajp_port') # CoSign protected is off by default for the service. # Create the application directories. # Create a symlink for JDK as referencing java_home could be confused with JAVA_HOME. file { "${notify_install_dir}/jdk": ensure => link, target => '/apps/java/java_home', require => File['/apps/java/java_home'], } # Create the apache-tomcat symlink. # Install Tomcat using the Forge module. $notify_catalina_base = "${notify_install_dir}/apache-tomcat-${notify_tomcat_version}" $notify_catalina_home = "${notify_install_dir}/apache-tomcat-${notify_tomcat_version}" file { "${notify_install_dir}/apache-tomcat": ensure => link, target => "apache-tomcat-${notify_tomcat_version}", require => File["${notify_install_dir}/apache-tomcat-${notify_tomcat_version}"], } class { '::tomcat': user => $notify_owner, group => $notify_group, manage_user => false, manage_group => false, } ::tomcat::install { '/apps/notify': source_url => "http://archive.apache.org/dist/tomcat/tomcat-${notify_tomcat_major_version}/v${notify_tomcat_version}/bin/apache-tomcat-${notify_tomcat_version}.tar.gz", } # Configure Tomcat. ::tomcat::instance { 'notify-tomcat8-instance': catalina_base => $notify_catalina_base, } ::tomcat::config::server { 'notify-tomcat8-config-server': catalina_base => $notify_catalina_base, port => '#removed#', } # REMOVES the default http connector on port 8080 as this is not used ::tomcat::config::server::connector { 'notify-tomcat8-http': catalina_base => $notify_catalina_base, port => '8080', protocol => 'HTTP/1.1', connector_ensure => 'absent' } ::tomcat::config::server::connector { 'notify-tomcat8-ajp': catalina_base => $notify_catalina_base, port => $notify_ajp_port, protocol => 'AJP/1.3', additional_attributes => { 'proxyPort' => '443', 'scheme' => 'https', 'tomcatAuthentication' => false, 'address' => '127.0.0.1', 'maxThreads' => '512', }, } ::tomcat::service { 'notify-tomcat8-service': catalina_base => $notify_catalina_base, service_ensure => 'running', } # Remove the default Tomcat webapps. file { [ "${notify_catalina_base}/webapps/docs", "${notify_catalina_base}/webapps/examples", "${notify_catalina_base}/webapps/host-manager", "${notify_catalina_base}/webapps/manager", "${notify_catalina_base}/webapps/ROOT", ]: ensure => absent, recurse => true, force => true, purge => true, backup => false, require => Tomcat::Instance['notify-tomcat8-instance'], } # Java opts including memory etc notify { "This is TOMCAT HOME var1 ${notify_tomcat_home} ": } notify { "This is CATALINA BASE var2 ${notify_catalina_base} ": } notify { "This is CATALINA HOME var3 ${notify_catalina_home} ": } ::tomcat::setenv::entry {'CATALINA_OPTS': value => "\ -Xms256m -Xmx1024m -server -XX:+PrintGCDetails -XX:+PrintGCTimeStamps -XX:+PrintGCApplicationConcurrentTime -XX:+PrintGCApplicationStoppedTime -verbose:gc -Xloggc:${notify_tomcat_home}/logs/GC.log", config_file => "${notify_install_dir}/notify-env-opts", require => Tomcat::Instance['notify-tomcat8-instance'], } } 3.2 other manifests =================== notify_server_apache.pp [escott12@es-puppet dti020_34]$ cat ./site/profiles/manifests/notify_server_apache.pp # == Class: profiles::notify_server_apache # # The profile for # 1. notify server apache install and vhost definitions # 2. shared java install. # # === Parameters # # None. # # === Authors # # #removed# # class profiles::notify_server_apache { #Get the tier of the application from Hiera. $notifyadm_owner = hiera('profiles::notifyadm::notifyadm_owner') $notifyadm_group = hiera('profiles::notifyadm::notifyadm_group') $notifyadm_install_dir = hiera('profiles::notifyadm::notifyadm_install_dir') $notifyadm_url = hiera('profiles::notifyadm::notifyadm_url') $notifyadm_ajp_port = hiera('profiles::notifyadm::notifyadm_ajp_port') $cosign_cookie = hiera('profiles::notifyadm::cosign_cookie') $cosign_url = hiera('profiles::notifyadm::cosign_url') $notify_owner = hiera('profiles::notify::notify_owner') $notify_group = hiera('profiles::notify::notify_group') $notify_install_dir = hiera('profiles::notify::notify_install_dir') $notify_url = hiera('profiles::notify::notify_url') $notify_ajp_port = hiera('profiles::notify::notify_ajp_port') $javaroot_install_dir = hiera('profiles::javaroot::javaroot_install_dir') $jdk_version = hiera('profiles::javaroot::jdk_version') $jdk_version_update = hiera('profiles::javaroot::jdk_version_update') $jdk_version_build = hiera('profiles::javaroot::jdk_version_build') # CoSign protected is off by default for the service. $notifyadm_cosign_protected = true # Create the application directories. file { '/apps': ensure => 'directory', owner => 'root', group => 'root', mode => '0755', } file { $notifyadm_install_dir: ensure => 'directory', owner => $notifyadm_owner, group => $notifyadm_group, mode => '0755', } file { $javaroot_install_dir: ensure => 'directory', owner => 'root', group => 'root', mode => '0755', } # Install Oracle JDK using the Forge module. class { '::jdk_oracle': version => $jdk_version, version_update => $jdk_version_update, version_build => $jdk_version_build, install_dir => $javaroot_install_dir, default_java => false, } # Create a symlink for JDK as referencing java_home could be confused with JAVA_HOME. # Create a symlink for JDK as referencing java_home could be confused with JAVA_HOME. file { "${javaroot_install_dir}/jdk": ensure => link, target => 'java_home', require => File["${javaroot_install_dir}/java_home"], } java_ks { 'eduinca': ensure => latest, certificate => '/etc/pki/CA/certs/EdCAcert.crt', target => "${javaroot_install_dir}/jdk/jre/lib/security/cacerts", password => '#removed#', require => [ File["${javaroot_install_dir}/jdk"], File['/etc/pki/CA/certs/EdCAcert.crt'] ], trustcacerts => true, } java_ks { 'eduinca2': ensure => latest, certificate => '/etc/pki/CA/certs/eduni2.crt', target => "${javaroot_install_dir}/jdk/jre/lib/security/cacerts", password => '#removed#', require => [ File["${javaroot_install_dir}/jdk"], File['/etc/pki/CA/certs/eduni2.crt'] ], trustcacerts => true, } # Create the apache-tomcat symlink. # Install Apache using the Forge module. class { '::apache': logroot_mode => '0755', } # Install mod_ssl, mod_proxy_ajp and mod_remoteip. include ::apache::mod::proxy_ajp include ::apache::mod::ssl # notifyadm uses REMOTE_USER for stats purposes so set it to value of NS-X-Forwarded-For # if the request comes from the Load ballancer IP # Setup the required Apache VHosts. ::apache::vhost { $notifyadm_url: servername => $notifyadm_url, port => '80', serveradmin => '#removed#@ed.ac.uk', # Set the first field to %a to record the client ip as set by mod_remoteip access_log_format => '%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O %D', docroot => '/apps/notifyadm/htdocs/', docroot_owner => $notifyadm_owner, docroot_group => $notifyadm_group, docroot_mode => '0755', proxy_pass => [ { 'path' => '/cosign', 'url' => '!', }, { 'path' => '/cgi-bin', 'url' => '!', }, { 'path' => '/', 'url' => "ajp://localhost:${notifyadm_ajp_port}/", }, ], directories => [ { path => '/', provider => 'location', custom_fragment => 'CosignProtected On', }, { path => '/cgi-bin', provider => 'location', custom_fragment => 'CosignProtected Off', }, { path => '/healthcheck/healthcheck.jsp', provider => 'location', custom_fragment => 'CosignProtected Off', }, ], } ::apache::vhost { $notify_url: servername => $notify_url, port => '80', serveradmin => '#removed#@ed.ac.uk', # Set the first field to %a to record the client ip as set by mod_remoteip access_log_format => '%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O %D', docroot => '/apps/notify/htdocs/', docroot_owner => $notify_owner, docroot_group => $notify_group, docroot_mode => '0755', scriptalias => '/var/www/cgi-bin/', # Maps to /cgi-bin proxy_pass => [ { 'path' => '/cgi-bin', 'url' => '!', }, { 'path' => '/', 'url' => "ajp://localhost:${notify_ajp_port}/", }, ], directories => [ { path => '/cgi-bin', provider => 'location', }, { path => '/healthcheck', provider => 'location', }, ], } # Add CoSign stuff. cosign::vhost { $notifyadm_url: site_url => $notifyadm_url, cosign_cookie => $cosign_cookie, cosign_url => $cosign_url, cosign_protected => $notifyadm_cosign_protected, proxy_cookies => false, allow_public_access => false, } # Create the generic cosign-logout.pl script. file { '/var/www/cgi-bin/cosign-logout.pl': ensure => 'file', owner => 'root', group => 'root', mode => '0755', content => template('profiles/cosign-logout.pl.erb'), } } 4. hiera data ============= 4.1 ./hieradata/role/notify.yaml ================================ --- classes: roles::notify profiles::notify::jdk_version: "8" profiles::notify::jdk_version_update: "144" profiles::notify::jdk_version_build: "1" profiles::notify::tomcat_major_version: "8" profiles::notify::tomcat_version: "8.0.41" profiles::notify::notify_owner: notify profiles::notify::notify_group: notifygp profiles::notify::notify_install_dir: /apps/notify profiles::notify::tomcat_home: /apps/notify/apache-tomcat profiles::notifyadm::jdk_version: "8" profiles::notifyadm::jdk_version_update: "144" profiles::notifyadm::jdk_version_build: "1" profiles::notifyadm::tomcat_major_version: "8" profiles::notifyadm::tomcat_version: "8.0.41" profiles::notifyadm::notifyadm_owner: notifyadm profiles::notifyadm::notifyadm_group: notifygp profiles::notifyadm::notifyadm_install_dir: /apps/notifyadm profiles::cosign::cosign_rpm: cosign-3.2.0-git_9a50797.el7.x86_64 profiles::cosign::create_proxy_dir: false profiles::javaroot::javaroot_install_dir: '/apps/java' profiles::javaroot::jdk_version: '8' profiles::javaroot::jdk_version_update: '144' profiles::javaroot::jdk_version_build: '1' 4.2. ./hieradata/role/notify/dev.yaml ===================================== --- profiles::notify::notify_url: dev.notify.ws-apps.is.ed.ac.uk profiles::notify::notify_ajp_port: #removed# profiles::notifyadm::notifyadm_url: dev.notifyadm.is.ed.ac.uk profiles::notifyadm::notifyadm_ajp_port: #removed# profiles::notifyadm::cosign_cookie: eucsCosigntest-dev.notifyadm.is.ed.ac.uk profiles::notifyadm::cosign_url: www-dev.ease.ed.ac.uk profiles::notifyadm::tomcat_opts: "-Xms256m -Xmx2048m -server -XX:+PrintGCDetails -XX:+PrintGCTimeStamps -XX:+PrintGCApplicationConcurrentTime -XX:+PrintGCApplicationStoppedTime -verbose:gc -Xloggc:${TOMCAT_HOME}/logs/GC.log" profiles::certs::certs: dev.notifyadm.is.ed.ac.uk-eduni: cert: | -----BEGIN CERTIFICATE----- #removed# -----END CERTIFICATE----- profiles::certs::private_keys: dev.notifyadm.is.ed.ac.uk-eduni: key: > #removed# [escott12@es-puppet dti020_34]$ ---------- ----------

Hello, i have a problem with augeas and puppet. I'm trying to add a user in sudoers file, and in some servers it works perfectly but in others it doesn't (with same version centos 7 and puppet-agent-5.3.2) This is the code: [...] augeas { "sudosystem": context => "/files/etc/sudoers", changes => [ "set spec[user = 'system']/user system", "set spec[user = 'system']/host_group/host ALL", "set spec[user = 'system']/host_group/command ALL", "set spec[user = 'system']/host_group/command/runas_user ALL", ], } In servers that it doesn't work i have this error: Warning: Augeas[sudosystem](provider=augeas): Loading failed for one or more files, see debug for /augeas//error output Error: /Stage[main]/Linuxbase/Augeas[sudosystem]: Could not evaluate: Saving failed, see debug

As we were going through our masters' puppet.conf the other day we noticed the **hostprivkey** and **hostcert** settings set in the [master] section. This is some pretty old configuration that we 've been very slowly (very!!!) updating since the same puppetmaster configuration is being used across more than one environments and departments (each hosting their own puppetmasters - we value code reuse - maybe a bit too much). So, it turns out we have these settings set since the puppet 0.24.x something days. As we were reevaluating them, we realized that by mistake we had them set to non existing files for about a year now with absolutely no ill effect. After some code reading[1], we think that **hostprivkey** is utterly unused. Setting it either in [master], [agent] or [main] has absolutely no effect. **hostcert** seems to be used in 2 places. One is during puppet cert generate [2] and the other is when creating the http connection to the master [3] (note how ssl_certificates_are_present? is used in setup_connection() in line 120. Setting it in [main] or [agent] to /dev/null in an already functioning agent has no effect. Setting it to a non existing file causes the agent to croak with SSL errors (at least that's expected). Setting it to anything in [master] on a master does nothing. All other references to those 2 settings seem to have been removed in https://github.com/puppetlabs/puppet/commit/3a8b376b11a02643fee8cef15714914c21f08163, which was first released in 2.7.6 (yup.. that old). So... finally the question: Has anyone messed with these settings and has some more info that would help clarify this a bit more and whether we should file a task upstream ? [1] https://github.com/puppetlabs/puppet/search?utf8=%E2%9C%93&q=hostprivkey&type= [2] https://github.com/puppetlabs/puppet/blob/master/lib/puppet/face/certificate.rb#L80 [3] https://github.com/puppetlabs/puppet/blob/master/lib/puppet/ssl/validator/default_validator.rb#L171

Now this could be more of an issue with my router / dnsmasq configuration, but... I edited my `/etc/hosts` file on my Puppet agent host like so: 127.0.1.1 bareOSdirector.lan bareOSdirector #192.168.1.12 bareOSdirector.leerdomain.lan bareOSdirector but when I set it to #127.0.1.1 bareOSdirector.lan bareOSdirector 192.168.1.12 bareOSdirector.leerdomain.lan bareOSdirector The puppet master couldn't find it...and the changes were not applied. I've also got my records for the ip's of the puppet master and the bareosdirector defined as follows in my dnsmasq.conf: address=/bareosdirector.leerdomain.lan/192.168.1.12 ptr-record=bareosdirector.leerdomain.lan,192.168.1.12 address=/puppetmaster.leerdomain.lan/192.168.1.60 ptr-record=puppetmaster.leerdomain.lan,192.168.1.60 (I suppose I should have set the puppetmaster to just puppet, so it finds it automatically) How does puppet go about finding the fqdn of a node?

Hello, would like to know if we can install puppet master and agent as non-root user ? we would not have access to root as all the files will be owned by pe-puppet: pe-puppet what is the default password for pe-puppet user ? can we sudo in as pe-puppet user ? will anything break if we assign a password for pe-puppet user if it is not set. Thanks

Hello Friends, We have found `agent_catalog_run.lock` file is more than 24 hour old and not being deleted automatically and still it's pid exist . Puppet should heve advance enough to track such things and auto del this file if older than certain age OR should have some parameters in puppet.conf to control such situation . # date Mon May 11 16:24:45 IST 2015 # cat /var/lib/puppet/state/agent_catalog_run.lock 24145 # ll /var/lib/puppet/state/agent_catalog_run.lock -rw-r--r-- 1 root root 5 May 10 01:43 /var/lib/puppet/state/agent_catalog_run.lock # puppet agent -t --no-daemonize --onetime Notice: Run of Puppet configuration client already in progress; skipping (/var/lib/puppet/state/agent_catalog_run.lock exists) # stat /var/lib/puppet/state/agent_catalog_run.lock File: `/var/lib/puppet/state/agent_catalog_run.lock' Size: 5 Blocks: 8 IO Block: 4096 regular file Device: fd06h/64774d Inode: 131155 Links: 1 Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2015-05-11 10:51:43.761514774 +0530 Modify: 2015-05-10 01:43:52.205471543 +0530 Change: 2015-05-10 01:43:52.205471543 +0530 # ll /proc/24145/fd/ total 0 lr-x------ 1 root root 64 May 11 15:36 0 -> /dev/null l-wx------ 1 root root 64 May 11 15:36 1 -> /dev/null l-wx------ 1 root root 64 May 11 15:36 2 -> /dev/null lrwx------ 1 root root 64 May 11 15:36 3 -> socket:[6398356] lr-x------ 1 root root 64 May 11 15:36 4 -> /etc/group lrwx------ 1 root root 64 May 11 15:36 5 -> socket:[7500737] [root@qpass-prod-dbmgmt-101 ~]# We are running with: * Master: * puppet-server-3.7.5-1.el6.noarch * puppet-3.7.5-1.el6.noarch * facter-2.4.3-1.el6.x86_64 * ruby-1.8.7.374-3.el6_6.x86_64 * mcollective-2.8.0-1.el6.noarch * Agent: * mcollective-2.8.0-1.el6.noarch * puppet-3.7.5-1.el6.noarch * facter-2.4.3-1.el6.x86_64 * ruby-1.8.7.374-3.el6_6.x86_64 Any one faced such issue, please guide how to overcome this issue . I tried below: 1. restart puppet - NO luck 2. manually delete the `/var/lib/puppet/state/agent_catalog_run.lock` - this work but this can't be permanent solution . Please help!!

Hi Trying to register a host with puppet enterprise and am getting this error Error: Could not request certificate: Error 400 on SERVER: The environment must be purely alphanumeric, not 'puppet-ca' Google suggests this error is due to a version missmatch between client and server but that is not the case Master and compile nodes version check Master: # puppet --version 4.10.5 Compile nodes # puppet --version 4.10.5 # puppet --version 4.10.5 Client # puppet --version 4.10.5 according to puppet.conf environment should be DEV [main] logdir = /var/log/puppet [agent] report = true ignoreschedules = true daemon = false ca_server = cert..monash.edu certname = severname.monash.edu environment = DEV server = lb..monash.edu Any suggestions on where else to look for root cause.

Hello, Can someone explain how new Hiera 5 works ? what is data in ? datadir : data is it a directory and is it looking for this directory in default path /etc/puppetlabs/puppet/data ? for hiera global yaml ? is it expecting the data dir to be present and the hierarchy files defined ? When i tried to convert Hiera 3 to Hiera 5 yaml this line always gives an error datadir : data (Psych syntax error) I also created env specific hiera.yaml file /etc/puppetlabs/code/environment/production/hiera.yaml I tried giving a different location in global hiera.yaml which did not complain about the datadir. as below --- version: 5 hierarchy: - name: "Per-node data (yaml version)" path: "nodes/%{::fqdn}.yaml" - name: common path: common.yaml defaults: data_hash: yaml_data datadir: "/etc/puppetlabs/code/environments/global/hieradata5" Now question is how do i get environment specific value using puppet lookup ? i am trying to run the below commands from puppet master `puppet lookup --environment production ----->`does not work `puppet lookup environment=production --->` does not work

Recently i have wrongly removed the client(Amazon linux) certificate in puppet master, to recreate it i have deleted the /var/lib/puppet/ssl directory and then run command #puppet agent -t on the client and got the below error. The same method of regenerating the puppet certifiacte worked fine on Redhat linux servers. Puppet Client: =========== [root@proxy-AZa ~]# cd /var/lib/puppet/ssl/ [root@proxy-AZa ssl]# ls -lrt total 24 drwxr-x--- 2 puppet root 4096 Oct 30 17:32 private drwxr-x--- 2 puppet root 4096 Oct 30 17:32 private_keys drwxr-xr-x 2 puppet root 4096 Oct 30 17:32 public_keys drwxr-xr-x 2 puppet root 4096 Oct 30 17:32 certs drwxr-xr-x 2 puppet root 4096 Oct 31 06:52 certificate_requests drwxrwx--- 5 puppet puppet 4096 Oct 31 09:30 ca [root@proxy-AZa ssl]# rm -rf * [root@proxy-AZa ssl]# puppet agent -t info: Creating a new SSL key for proxy-aza.ad2015sit info: Caching certificate for ca info: Creating a new SSL certificate request for proxy-aza.ad2015sit info: Certificate Request fingerprint (md5): F4:45:68:AA:A8:48:5D:6D:D6:B2:62:11:70:5C:D3:AD err: Could not request certificate: Error 400 on SERVER: unknown message digest algorithm Exiting; failed to retrieve certificate and waitforcert is disabled Puppet Master =========== [root@puppet tmp]# puppet cert list "c2c-cgs-1b-197.eu-west-1.compute.internal" (SHA256) 9E:5C:51:B9:65:F5:02:96:D0:B1:84:52:95:6B:49:80:C9:3A:17:20:80:1E:31:FA:D7:80:6B:41:D1:C2:7A:6D "proxy-aza.ad2015sit" (MD5) 9E:90:70:C9:91:F8:80:2A:FE:C2:C5:71:FD:A7:F2:73 "proxy-aza" (MD5) 6C:9D:77:3C:C0:5D:08:26:A8:3F:3E:3D:C6:DA:CF:49 "win-0ev7r2vfdqc" (SHA256) 78:FA:FB:8F:07:1D:01:FA:CF:F0:29:EB:9F:94:B9:2A:23:31:F9:91:E4:29:6F:58:07:82:94:42:36:73:C6:B3 "win-4fucdt6gaiv" (SHA256) B2:92:F8:81:5D:78:AB:1A:77:6A:46:AD:9A:AE:7E:3A:0B:2C:8E:9A:4F:9D:18:1D:99:10:2D:D5:18:2B:F6:10 "win-nr2kko32ipn" (SHA256) F8:4B:48:31:03:D7:B9:F4:20:4C:DC:A6:25:E5:67:17:B0:6E:13:53:32:FA:94:A4:8C:E6:57:6B:D5:BA:55:FB "win-qv88oi3kji6" (SHA256) CF:45:DB:A2:E4:F8:57:85:B7:E6:25:CD:82:E0:32:8D:EE:83:12:FC:CA:E6:00:8D:83:63:54:F1:74:72:85:CA "win-sct3th2f3s7" (SHA256) 01:2F:4A:05:F2:06:8E:80:47:D5:8F:6E:A9:4E:9C:42:90:58:8D:8D:AE:75:B5:45:E9:78:FA:B5:B6:9E:BE:D1 You have new mail in /var/spool/mail/root [root@puppet tmp]# puppet cert sign "proxy-aza.ad2015sit" Error: unknown message digest algorithm The certificates are generated with MD5 and not in SHA256 format. The problem exists only on amazon linux servers. Please anyone guide to resolve this issue. Regards, Vinoth Kumar

Hello, By default puppet (PE 4.x) master uses pe-puppet user for installation . can i install it as another user instead of pe-puppet ? can i perform a custom install on master ? is there any default password for pe-puppet user created ? Do i need to create the password myself and use it to login ? as if i don't have the pe-puppet user access i wont be able to modify any of the code/manifests When i install agents that also i owned by root . In out organization we do not get access to root so would need to install agent as non-root . i see doc on how to install agent as non-root in unix in short we will not have root access so how do we write/modify the code/manifests on master ?

I would like to pin a node to an environment and role when requesting a cert. I know you can use external facts, but changing some files on a disk may be a potential security issue. I have heard of a way of using an api call during asking a cert request to do this.

Hi Team, Could you please help me out writing the oracle client installation using puppet manifest for both Linux and Solaris. Both version should include in single manifest(for both Linux and Solaris) . Let me know if you have any questions. Thanks, Mahender