[Puppet Users] Does the "Learning VM" image actually work?
Folks, I tried downloading the Learning VM image for VMware, and while there does seem to be a .vmdk file inside the zip archive, along with various other parts I would expect to find, so far as I can tell this is not something that I can successfully import into VMware Fusion 7. Has this image been tested and confirmed to work with VMware Fusion 7? Thanks! -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/69b205dc-d04a-4fcf-ae33-950ebe47b13b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Puppet Learning VM?
Folks, I tried posting a message to this effect from my Google Groups account, but it doesn’t seem to have gone through. I’ll try to post it again via e-mail to the Google Groups address. Anyway, I’m wondering if anyone has managed to actually use the latest version of the Puppet Learning VM with VMware Fusion 7? I saw that VMware Fusion was preferred over VirtualBox, and so I downloaded the zip archive and extracted it, and I can see that there are various files inside the archive that would appear to be typical for a VMware image. However, I can’t seem to get it to load under Fusion 7. If you have used this VM recently with Fusion 7, can you share with me your system details so that I can compare those with my own? Thanks! -- Brad Knowles LinkedIn Profile: <http://tinyurl.com/y8kpxu> -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/8CA4BDE5-C490-4E69-8BBA-C2B4E58C7A81%40shub-internet.org. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Does the "Learning VM" image actually work?
On Feb 10, 2015, at 9:15 AM, Benito Mourelo wrote: > Unzip it and rename the resulted directory to attach the ".vmwarevm" > extension and then open it. Ahh. That was the thing I was missing from the instructions. BTW, I discovered that you probably want to pull the PDF file out of the extracted archive directory before you rename it, otherwise it will be a bit painful to refer back to the PDF if/when you want. ;) > It works for me on OS X 10.10 Yosemite. Working through it now. Thanks again! -- Brad Knowles LinkedIn Profile: <http://tinyurl.com/y8kpxu> -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/FB8B6B58-A786-4D16-A516-1E6A6CBA0E32%40shub-internet.org. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Does the "Learning VM" image actually work?
On Feb 10, 2015, at 12:39 PM, Hunter Haugen wrote:
> A tip on OS X about getting "inside" folder-app-things (like .app, .vmwarevm,
> etc).
>
> You can right click ("two finger" click) on the object, and select "Show
> package contents" to get into it with Finder. Then you'll be able to see the
> PDF.
For those who haven’t been MacFanatics since 1983, and OS X users since
Rhapsody, this is a good reminder. :-)
> Or you can `cd` in a terminal into it, and `open .` to open it in finder.
For those who haven’t been using Unix since 1984, this is another good
reminder. :-)
All the reminders notwithstanding, those are still work arounds that you can
easily avoid if you just move the file before you rename the directory.
--
Brad Knowles
LinkedIn Profile: <http://tinyurl.com/y8kpxu>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/908019D3-4277-4EB4-9A4F-668F62B11D1C%40shub-internet.org.
For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Any pointers to RHEL7 CIS hardening usig puppet
On Mar 30, 2015, at 9:34 PM, Dan White wrote: > To sum up my point of view: (preface this whole block with “I believe…/I > think…/IMHO…”) > Puppet-izing the CIS Hardening Guidelines should be done throughout the > entire catalog as necessary for one’s environment and system requirements. A > security audit should be an easy thing if all the code bits are clearly > referenced by paragraph. I’ve actually done hardening on three separate projects with tools like Chef (one) and Puppet (two, including my current one). I’ve also been a professional Unix system administrator since 1989 (got my start in the basement of the Pentagon), and I’ve been involved in a multitude of security projects over the decades (some classified ones, and plenty of unclassified ones). I’ve worked in a variety of sectors, but mostly Internet/tech-related. I’m not as experienced with Puppet as I am with Chef, but I would agree with Dan's assessment. Fundamentally, security is not something you can bolt-on as an after-thought. It has to be baked into all of your processes and procedures as well as all your tools. Any other approach is likely to lead to “ensure => madness”. On the current project I’m working on, we are using the Roles/Profiles/Component module methodology, and we’re trying to minimize the number of component modules that we have to build, so we choose to make maximum use of publicly available modules from places like puppetforge. We also have provided to us lengthy security standards based on the ones from CIS, among other sources. Unfortunately, we have already run into problems with various Component modules pushing out configuration files (and other things) that didn’t meet our security requirements and we didn’t want to get into a constant battle of which module would win. So, we have decided that we will fork any public Component modules that we use and make necessary modifications to them. However, we are going to do this in a way that the necessary changes are parameterized and minimized, and then hopefully we will get approval to contribute this code back to the community. Among other things, we really don’t want to have to continue to maintain our forks. At that point, we can keep most of our work in the Profile modules that call the Component modules, and we get both the functionality that we require as well as the security that we require. I see no viable alternative to this approach. -- Brad Knowles LinkedIn Profile: <http://tinyurl.com/y8kpxu> -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/941B58AC-2737-4D0C-8D77-EAEF5BD05F50%40shub-internet.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Message signed with OpenPGP using GPGMail
Re: [Puppet Users] puppet enterprise free eval hardware requirements
On Mar 30, 2015, at 5:32 PM, Vince Skahan wrote: > I have a 16-GB ram Intel NUC > (http://www.intel.com/content/dam/www/public/us/en/documents/product-briefs/nuc-kit-d54250wyk-product-brief.pdf) > running Centos7 and was thinking of spinning up some VMs to try this out. > Does this system have enough oomph to run the 10-node-max free eval, or am I > going to be stuck with running masterless perhaps ? When running the eval copy of PE 3.7.2 on AWS, we have found that you can boot the master if the VM is an m3.medium (3.5GB), but you run into memory problems that cause the system to be unreliable. If we use m3.larges (7.5GB), the systems are just fine. We haven’t come anywhere close to stressing the CPU or RAM of an m3.large in that kind of environment, but AWS doesn’t give you a whole lot of options between them. So, on a 16GB NUC, I would think you could devote 6GB to the puppet master and still have enough RAM left over to run 10x nodes with 1GB RAM each, and you should be fine. -- Brad Knowles LinkedIn Profile: <http://tinyurl.com/y8kpxu> -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CA5EBE9B-7EBE-4CD4-8536-4E37B48CFEAD%40shub-internet.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Message signed with OpenPGP using GPGMail
Re: [Puppet Users] puppet enterprise free eval hardware requirements
On Apr 1, 2015, at 6:57 PM, Vince Skahan wrote: > Thanks - for under 10 clients is 100GB for storage really needed ?Would > more like 50 be good enough ? Sorry, I haven’t looked at the storage requirements. > Thinking of kickstarting up a centos7 host under qemu-kvm (on a centos7 host) > if that matters. That sounds like it should work fine. But YMMV. ;) -- Brad Knowles LinkedIn Profile: <http://tinyurl.com/y8kpxu> -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/8DE5F90A-4E99-42B8-9D9E-66BFBD07499D%40shub-internet.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Message signed with OpenPGP using GPGMail
[Puppet Users] Using puppetlabs-apache to help install and secure Apache httpd 2.2?
Folks, So, I’m running into some issues with this module, and I wanted to ask for your advice. First, some background. I’m helping develop the systems that will allow a certain government agency to deploy their own public and private cloud systems. One of the web servers they want to include is Apache httpd. Of course, they also have an extensive document that they want us to follow with regards to hardening this system, an example of which can be found at <https://web.nvd.nist.gov/view/ncp/repository/checklist/download?id=909&checklistId=392>. Now, I know about the module at <https://forge.puppetlabs.com/arildjensen/cis>, but that’s not going to do it for us. We’re following a government standard that is similar to the CIS benchmark, but somewhat different. Multiple parties and organizations have had their fingers in this pie, so off-the-shelf solutions in this space won’t help. The particular problem I’m having at the moment is that, within the “Directory” option for a given vhost, we need to control the “order deny,allow” as well as the “deny from all” settings. This is easy enough to do with the puppetlabs-apache module for the main vhost definition, because it exposes options to do exactly that. However, we also need to control these settings for all the other configuration files in /etc/httpd/*, and the puppetlabs-apache module deploys the configuration file /etc/httpd/conf.d/alias.conf directly from a template where these values are hard coded (see <https://github.com/puppetlabs/puppetlabs-apache/blob/master/manifests/mod/alias.pp> and <https://github.com/puppetlabs/puppetlabs-apache/blob/master/templates/mod/alias.conf.erb>). And this doesn’t appear to be the only configuration file where it’s doing this. I don’t want to get into warring modules over who is going to be putting what content into this file, and since they aren’t using Augeas to perform this function, I don’t think that I can use Augeas myself to do configuration-file-surgery on it after-the-fact. So, is there an easy solution here? I really don’t want to have to fork the puppetlabs-apache module and then have to explain why we can’t use the standard puppet module for doing this kind of stuff, but I’ll do that if I have to. I just would prefer to find a solution to this issue that allows me to avoid that fight. Suggestions? Thanks! -- Brad Knowles LinkedIn Profile: <http://tinyurl.com/y8kpxu> -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/727A6A9E-2B3B-4168-A4F3-92B61B4E6843%40shub-internet.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Message signed with OpenPGP using GPGMail
Re: [Puppet Users] Complex edits on /etc/default/grub (Setting transparent_hugepage at boot time)
On Jul 29, 2015, at 5:01 PM, Tom Limoncelli wrote: > The Augeas people never fail to impress! So long as you’re not trying to edit XML files with Augeas. That’s 80% of the way there, maybe even 90% of the way there. But that last 10-20% will drive you absolutely bloody batshit insane. -- Brad Knowles LinkedIn Profile: <http://tinyurl.com/y8kpxu> -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/2F2AA56C-7BE5-4FE7-94D2-55EB893E517E%40shub-internet.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Message signed with OpenPGP using GPGMail
