Hello!
We are currently in the process of implementing the role-profile-module method in our organization (about time, you might say, but better late than never!). Everything will be managed in a git repository, meaning that our environment is completely inside git: The node manifests and the modules, as well as, eventually, our hiera data (still working on that one...)
Logically, we want a branch to represent an environment. In almost all our solutions, we have already different environments. We have development, approbation, production, sometimes test, etc... But sometimes, between those environments, the configuration of the different tools we use isn't the same. For instance, we want to enable alerts in a monitoring system when it's in production, but we don't want to enable them in approbation. But if we have different code in our different environments, we fear that we may have a lot of merge conflicts. If we implement a change in approbation, and then merge it in production, all the modifications of approbation will be included, which *could* be bad...ish?
This is also apparent when managing our agents. If we define a node in our experimentation branch, it'll be included in out approbation and production branch as well. We can't ignore those files because they have to be sent to the puppet server in order to be included in our environment.
I feel like this should require a totally different way of developping our puppet code, forcing us to be more flexible in our code. How would you abord this problem? Should we put as much configuration in templates as we can, and write a lot of *case* statements? Or use booleans to insert or not data in those files, and assign values in hiera? And when it comes to profile, wich wouldn't be the same between those environments, could we put *if* statements in the profiles based on the environment? What would you suggest?
I'm looking for real life experiences and work methods, so feel free to say anything related to the subject which might help us figure out our way of handling the situation. **Thank you!**
↧
How do you manage your different configurations in environments?
↧
Require TLS 1.2 on client agent side (v 3.8) ?
I have a requirement to disable the TLS 1.0 and weak ciphers on all listeners which includes the agent side. There is a post on how to set the TLS version on the server side (https://ask.puppet.com/question/34402/require-tls-12/). Is there any such control on the client side? My environment is also 3.8 and also have the restriction of no upgrade.
↧
↧
Puppet across multiple servers?
Are there any recommended practices for using Puppet to configure applications that span multiple servers?
As an example, I have a two-tier application and want to use Puppet to configure both the application server and the database server. However, I only want the application server to be configured once the database server configuration is finished (so the application server can establish the connection).
Is this something that Puppet can handle?
Thanks
↧
Health Doesn't Have To Be Hard. Read These 10 Tips
The phrase plastic surgery can refer to several totally different treatments that a person may choose.
Body treatments may mean body shaping or fat removal .
These are usually vaser or laser procedures.
Hair restoration and transplants are a totally different thing.
There are alternative methods of restoring hair growth.
Breast procedures may be augentation, reduction or mastopexy.
Simpler processes like fillers and wrinkles are often carried out in cosmetic surgeries. Often you will find different clinics choose to administer certain treatments and have built up their reputation on those.
If you beloved this informative article in addition to you would like to acquire details about beauty [www.Nationwidecosmetics.co.uk] i implore you to stop by our own web site.
Body treatments may mean body shaping or fat removal .
These are usually vaser or laser procedures.
Hair restoration and transplants are a totally different thing.
There are alternative methods of restoring hair growth.
Breast procedures may be augentation, reduction or mastopexy.
Simpler processes like fillers and wrinkles are often carried out in cosmetic surgeries. Often you will find different clinics choose to administer certain treatments and have built up their reputation on those.
If you beloved this informative article in addition to you would like to acquire details about beauty [www.Nationwidecosmetics.co.uk] i implore you to stop by our own web site.
↧
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Could not find node statement
Hi everyone,
I try to run my first manifest but puppet give me Error 500! any idea?
**run this :**
puppet agent -t --debug
**output**
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Could not find node statement with name 'default' or 'srv.local.com, srv.local, srv' on node srv.local.local.com
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
**manifest:**
vi /etc/puppetlabs/code/environments/production/manifests/site.pp
node 'agent.local.com' {
package { 'httpd':
ensure => "installed",
}
service { 'httpd':
ensure => running,
enable => true
}
}
Thanks,
↧
↧
running simple script on AWS
hi all,
I have created a master and noe on aws unix instance. now i wanted to run simple script to make some changes on node and see if this are working.
could someone suggest me easy process to do it and any guidelines/document available,
Regards,
Chand
↧
What is the best way to manage code in open source puppet?
I'm looking for an alternative to code manager in open source puppet. I want to deploy all the changes which are pushed to git by the developers on master in one shot.
↧
"Error: Could not render to rich_data_json" when pushing binary file to host
I just installed a new host which is installed with puppet 6.0.0
Next to that I use a puppet server with foreman, which started with Foreman 1.12/puppet 4 and is now upgraded to Foreman 1.19/puppet 5.5.6
I have one module, which installs a C-compiled file on a server, using the following code :
file { 'super-handy-tool':
path => "/some/dir/on/system/handy-tool",
ensure => file,
content => file("my_module/handy-tool"),
owner => 'root',
group => 'root',
mode => '4755',
}
When I run the "puppet agent -t" on the host, I get the following output :
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Loading facts
Info: Caching catalog for my.host.local
Info: Unable to serialize catalog to json, retrying with pson
Error: Could not render to rich_data_json: source sequence is illegal/malformed utf-8
Info: Applying configuration version '1538142357'
I did try to change the "ensure => file" to "ensure => present", but this did not solve the error.
Does anyone have an idea get rid of this error ?
↧
Puppet profile with Foreman Smart Class Parameter override
I have a need to pass a Foreman Host Group parameter to a Puppet module where it will be used in a template like so:
- Create the component module
class my_module (
$foreman_param,
){
file { 'my_file':
ensure => 'file,'
content => epp(my_module/my_template.epp, { foreman_param => $foreman_param }),
}
}
- Create the template
my_value = <%= $foreman_param %>
- Import the module into Foreman and override it's value with an ERB template containing the Host Group Parameter
Everything up to here works as expected. The Foreman ENC inserts a dynamic value for $foreman_param based on the nodes host group.
The issue arises when I add my_module to a profile class. All of my attempts so far have resulted in "Class my_profile expects a value for parameter $foreman_param" type errors during puppet runs on a test node.
- This doesn't work:
class my_profile {
include my_module
}
- Nor does this with the Foreman Smart Class Parameter override replicated for my_profile::foreman_param:
class my_profile (
$foreman_param,
){
include my_module
}
Any ideas on what my problem is here?
↧
↧
puppet update from 4.10 to 6: mcollective broken dependency for puppet-agent
I am new to Puppet and have been hired somewhere that they use puppet opensource 4.10. They've requested a puppet server update with the agents and stuff.
After a bit of searching in documentation, I came across this [link](https://puppet.com/docs/puppet/6.0/puppet_platform.html) which says the following :
Deprecation Note: As of Puppet agent 5.5.4, MCollective was deprecated and has been removed in Puppet agent 6.0.
Well, I removed mcollective resource from the manifest and then had a puppet run. Then we took a backup of the server (it is a CentOS 7 running as a VM) and I tried updating to puppet server 6 with the following method :
[root@puppet ~]# yum update puppetserver
Loaded plugins: fastestmirror, priorities
Loading mirror speeds from cached hostfile
* base: centos.turhost.com
* epel: mirror.ps.kz
* extras: ftp.linux.org.tr
* updates: mirror.saglayici.com
Resolving Dependencies
--> Running transaction check
---> Package puppetserver.noarch 0:2.8.0-1.el7 will be updated
---> Package puppetserver.noarch 0:6.0.1-1.el7 will be an update
--> Processing Dependency: puppet-agent >= 5.5.0 for package: puppetserver-6.0.1-1.el7.noarch
--> Running transaction check
---> Package puppet-agent.x86_64 0:1.10.9-1.el7 will be updated
--> Processing Dependency: mcollective-common >= 2.2.1 for package: mcollective-sysctl-data-2.0.1-1.el7.noarch
--> Processing Dependency: mcollective-common >= 2.2.1 for package: mcollective-service-common-3.1.3-1.el7.noarch
--> Processing Dependency: mcollective-common >= 2.2.1 for package: mcollective-nettest-common-3.0.4-1.el7.noarch
--> Processing Dependency: mcollective-common >= 2.2.1 for package: mcollective-sshkey-security-0.5.0-1.el7.noarch
--> Processing Dependency: mcollective-common >= 2.2.1 for package: mcollective-actionpolicy-auth-2.1.0-1.el7.noarch
--> Processing Dependency: mcollective-common >= 2.2.1 for package: mcollective-filemgr-common-1.1.0-1.el7.noarch
--> Processing Dependency: mcollective-common >= 2.2.1 for package: mcollective-nrpe-common-3.1.0-1.el7.noarch
--> Processing Dependency: mcollective-common >= 2.2.1 for package: mcollective-iptables-common-3.0.2-1.el7.noarch
--> Processing Dependency: mcollective-common >= 2.2.1 for package: mcollective-shell-common-0.0.2-1.el7.noarch
--> Processing Dependency: mcollective-common >= 2.2.1 for package: mcollective-puppet-common-1.11.1-1.el7.noarch
--> Processing Dependency: mcollective-common >= 2.2.1 for package: mcollective-package-common-4.4.0-1.el7.noarch
---> Package puppet-agent.x86_64 0:6.0.2-1.el7 will be an update
--> Finished Dependency Resolution
Error: Package: mcollective-iptables-common-3.0.2-1.el7.noarch (@puppetlabs-products)
Requires: mcollective-common >= 2.2.1
Removing: puppet-agent-1.10.9-1.el7.x86_64 (@puppetlabs-pc1)
mcollective-common >= 3.0.0-1.el7
Updated By: puppet-agent-6.0.2-1.el7.x86_64 (puppetlabs)
Not found
....................
[Same as above for each and every mcollective packages...removed them to summarize]
......................
You could try using --skip-broken to work around the problem
I tried using --skip-broken but no luck. What am I missing here? I've spent the last 3 days finding out how to resolve the issue but I am stuck.
Should I install Puppet 5 first, then remove mcollective and then update to 6? Or some other way?
FYI, the repository information is as below, maybe the problem is here :
name=Puppet Opensource edition
baseurl=https://yum.puppet.com/puppet6/el/7/x86_64/
enabled=1
↧
puppet 6 package jdk install
I'm testing puppet 6 to see what module changes I need. One thing I've found is package behaves differently. Trying to install jdk & jdk1.8 on same system.
With puppet 5.2.0-1 it works fine because it does "Debug: Executing '/bin/yum -d 0 -e 0 -y install jdk'".
Wtil puppet 6.0.2 it doesn't work becuase it does "Debug: Executing: '/bin/rpm -q jdk --nosignature --nodigest --qf '%{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION} %{RELEASE} %{ARCH}\n' --whatprovides'" which tries to install jdk1.8 instead of jdk-1.7.
How do I install jdk and jdk1.8 in puppet 6?
I tried "package {'jdk': ensure => '1.7.0_79-fcs'"
but it tried to run: "Debug: Executing: '/bin/yum -d 0 -e 0 -y downgrade jdk-1.7.0_79-fcs'"
which is not what I asked for.
How do I get puppet 6 to use yum instead of "rpm --whatprovides"?
↧
puppet 6 package jdk & jdk1.8 install
I'm testing puppet 6 to see what module changes I need. One thing I've found is package behaves differently. Trying to install jdk & jdk1.8 on same system.
With puppet 5.2.0-1 it works fine because it does "Debug: Executing '/bin/yum -d 0 -e 0 -y install jdk'".
Wtil puppet 6.0.2 it doesn't work becuase it does "Debug: Executing: '/bin/rpm -q jdk --nosignature --nodigest --qf '%{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION} %{RELEASE} %{ARCH}\n' --whatprovides'" which tries to install jdk1.8 instead of jdk-1.7.
How do I install jdk and jdk1.8 in puppet 6?
I tried "package {'jdk': ensure => '1.7.0_79-fcs'"
but it tried to run: "Debug: Executing: '/bin/yum -d 0 -e 0 -y downgrade jdk-1.7.0_79-fcs'"
which is not what I asked for.
How do I get puppet 6 to use yum instead of "rpm --whatprovides"?
↧
Why was code successfully deployed in one data center but generated an 'Error 500: Unknown Resource Type' in another data center?
Despite finding serveral somewhat related references to this issue (Error 500) on the Internet, the cause of this particular error (Error 500: Puppet Unknown Resource Type) eludes me. Please help me resolve this issue (and thank you in advance).
Problem Statement
-----------------
We have three data centers: DC-East and DC-West.
After successfully deploying to DC-East, I added the following code to 'site.pp' and attempted to deploy to DC-West:
node /wdct00reladm001/
{
include role::puppet_server
include role::puppet_server_db
}
After the deployment, running 'puppet agent -t' resulted in the following error message:
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Resource Statement, Unknown resource type: 'profile_d::script' (file: /etc/puppetlabs/code/environments/test/site/profile/manifests/prereq/timeout.pp, line: 3, column: 4) on node wdct01atgapp001.test.bbb-app.it
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Note that no errors occured when I re-ran 'puppet agent -t' (with the aforementioned change) on a Puppet Agent in DC-East.
Configuration
-------------
Git git add, commit, and push
|
Puppet Master of Masters mco r10k deploy test -v OR mco r10k synchronize
| |
DC-East DC-West
| |
Puppet Master Puppet Master
| |
Puppet Agents Puppet Agents puppet agent -t --debug
|
edct06atgapp001 wdct01atgapp001
(10.161.98.206) (10.169.98.201)
* Certificate Authority not shown.
* Linux servers are used (e.g. Linux wdct01atgapp001.test.bbb-app.it 2.6.32-696.23.1.el6.x86_64
#1 SMP Sat Feb 10 11:10:31 EST 2018 x86_64 x86_64 x86_64 GNU/Linux).
Code
----
There are two instances of 'profile_d' in the project:
Puppetfile: mod 'marcgascon-profile_d', '0.1.0'
timeout.pp: class profile::prereq::timeout
{
profile_d::script { 'tmout.sh':
ensure => present,
content_file => 'profile/tmout.sh.erb',
}
'prereq.pp' contains: class role::prereq {
include profile::prereq::hostfile
include profile::prereq::timeout <<< Generates Error.
include profile::prereq::user_add
include profile::prereq::sshkey
include profile::prereq::sudoer <<< Same Error if timeout is commented out.
include profile::prereq::ulimit
include profile::prereq::resolv_conf
include profile::prereq::nexus_get_and_untar
Class['profile::prereq::user_add']->
Class['profile::prereq::sshkey']->
Class['profile::prereq::sudoer']
}
Note that if 'include profile::prereq::timeout' is removed then the same error occurs on 'include profile::prereq::sudoer'.
'sudoer.pp' contains entries like: class profile::prereq::sudoer {
sudo::conf { 'bbbyrelease':
content => 'bbbyrelease ALL=(ALL) NOPASSWD: ALL',
}
}
↧
↧
puppet-backup create --scope=config (very large)
When we issue the command " puppet-backup create --scope=config --name=puppetdb_config.tgz" the backup file is 78GB?
The [documentation](https://puppet.com/docs/pe/2018.1/backing_up_and_restoring_pe.html) states : Your PE configuration, including license, classification, and RBAC settings. However, configuration backup does not include Puppet gems or Puppet Server gems.
This environment is less than 100 nodes. What exactly is this backing up? What do I need to do to trim this down a bit?
Version: 2018.1.4
-Archie
↧
How do you get a current time in Puppet (5.3)?
Use to be able to use @_timestamp in .erb template file. How would I get the same type string in current 5.x Puppet in an .epp file?
↧
How do I get execution/run time in Puppet 5.3 for use in .epp template?
Was able to use @_timestamp in old .erb template with Puppet 3.8 (I think). Now have Puppet 5.3 and would like to use .epp template. What is the correct/preferred why to do that now? Want to keep a log of when various modules have been run on each system.
↧
Automatic class parameters and rspec testing
I have a module with a class and a subclass, the first class:
class foo {
class { 'bar': }
}
And the sub class
class foo::bar (
$baz = "yes"
) {
if $baz == "yes" {
fail('baz is yes')
}
}
Now I have a rspec test
require 'spec_helper'
describe 'foo' do
context 'with default values' do
it { should compile.and_raise_error(/baz is yes/)
end
end
Which will test for the failure but how do I write a second test for the `foo` module that tests for different parameters being set on `foo::bar` when automatic class parameters are used?
I thought I could do something like:
require 'spec_helper'
describe 'foo' do
context 'with default values' do
it { should compile.and_raise_error(/baz is yes/)
end
context 'with foo::bar::baz' do
let(:params) do
{
'foo::bar::baz' => 'no'
}
end
it { is_expected.to compile }
it { is_expected.to compile.with_all_deps }
end
end
But that's trying to pass the value `'no'` to a parameter that doesn't exist on the class `foo`. In my module it is expected that the user can override the subclass if they need to, but I can't see any way to test for this.
↧
↧
post-receive hook not invoked when pushing changes to remote git repository
I am trying to automate the r10k deployment using git hooks. I am making changes on local system and pushing to remote git repository.
I want that r10k should auto deploy once the changes are pushed . So i wrote the post-receive hook on puppet master which has following script
#!/bin/sh
echo "Deploying r10k new changes received"
/usr/local/rvm/gems/ruby-2.4.4/bin/r10k depoly environment -pv debug
I made that hook executable but still its not getting invoked when i push from my local machine.
↧
Is puppet-lint busted with respect to autoload module layout ?
It complains about this:
# Class: sandbox
#
class sandbox{
# A Testing Sandbox for PUppet Code
include 'stdlib'
notify{'Hello from the Sandbox':}
}
puppet-lint 2.3.3
Came with pdk
↧
Puppet list files of certain type
Hi!
I would like to know if it is possible to perform a file search using puppet which collects all the files of a certain type. I have seen an interesting puppet attribute named **tidy** [More info here](https://puppet.com/docs/puppet/6.0/type.html#tidy) which is used to remove all files of a certain type. I would like to be able to just collect the names of those files (not delete them). I know that I can create my own puppet fact with python code to do that, but efficiency is also important. Is it possible to use tidy just for collecting (and avoid deleting) or a similar puppet attribute to do this?
Thanks!
↧