Re: [Puppet Users] Is it possible to gracefully exit the puppet agent run after sending facts?

I think its clever and do like the simplicity of it. Will give it a go and report back, thanks! On Friday, 8 July 2016 17:04:42 UTC+10, R.I. Pienaar wrote: > > > > - Original Message - > > From: "Haani Niyaz" > > > To: "puppet-users" > > > Sent: Friday, 8 July, 2016 03:25:26 > > Subje

Re: [Puppet Users] Re: hiera-eyaml not decrypting?

Same, all files here are eyaml. On Fri, Jul 08, 2016 at 11:04:11AM -0700, Andrew Grimberg wrote: > Our team completely dropped the yaml backend as we always ended up with > weird issues of hiera not always finding the yaml. Doesn't matter if we > don't actually have anything encrypted in the eyaml

Re: [Puppet Users] Re: hiera-eyaml not decrypting?

Our team completely dropped the yaml backend as we always ended up with weird issues of hiera not always finding the yaml. Doesn't matter if we don't actually have anything encrypted in the eyaml file, all files for us are eyaml now. -Andy- On 07/08/2016 10:37 AM, dkoleary wrote: > I'll be damned

[Puppet Users] Re: hiera-eyaml not decrypting?

I'll be damned.. that was it. Well, I don't feel so bad about that one. Thank you very much! On Friday, July 8, 2016 at 12:33:02 PM UTC-5, Michael Watters wrote: > > I think I ran into a similar issue before. Try putting "eyaml" as the > first backend to see if that helps. > > Here's a cop

[Puppet Users] Re: hiera-eyaml not decrypting?

I think I ran into a similar issue before. Try putting "eyaml" as the first backend to see if that helps. Here's a copy of our hiera.yaml file which works. --- :backends: - eyaml - yaml :hierarchy: - "nodes/%{::trusted.certname}" - common :yaml: # datadir is empty here, so hiera use

[Puppet Users] hiera-eyaml not decrypting?

Hi; I have hiera.eyaml installed and functional from the CLI; however, when I attempt to use it in a module, the encrypted string is being used rather than the decrypted value. I have to be missing something mind numbingly simple; but, I've been through the doc at https://github.com/TomPoulton

[Puppet Users] File_line only if the file exists

Quick question, Im writing a module that makes sure file_line exists but cant figure out how to only apply this if the target file exists, heres the module so far $file = '/etc/modprobe.d/CIS.conf' file { $file : ensure => file, mode => '0600', owner => 'root', group => 'root', }

Re: [Puppet Users] encrypting hiera data?

On 07/08/2016 06:29 AM, dkoleary wrote: > Hey; > > I've come to the point where I need to encrypt a password in hiera data. > After trying (and failing) the recipe in the puppet cookbook, I hit the > google searches and very quickly came across hiera eyaml. > > So, short question: is hiera.eya

Re: [Puppet Users] encrypting hiera data?

Thanks. I'll take a look. I appreciate the response. On Friday, July 8, 2016 at 9:12:04 AM UTC-5, Jeffrey Miller wrote: > > It's one way to go. Another way is to use GPG encryption using > https://github.com/StackExchange/blackbox . All depends the requirements > at your site. > > -Jeffrey > >

Re: [Puppet Users] Restricting ssh keys?

Hey Thanks for the response. Moving where sshd looks for authorized_keys is one of the recommendations I make in a white paper I wrote a while back discussing the benefits of 2FA to privileged accounts. http://www.olearycomputers.com/ll/security/ssh/sudo_v_ssh-pka.html I'll take a look at you

Re: [Puppet Users] Restricting ssh keys?

I've solved this by moving ssh keys to a different location outside /home/user/.ssh to /etc/ssh.d/user. This gives you full control over the ssh-keys without the possibility that a user more or less accidentally change it to something not compliant. You can take a look at my ssh module ( https://fo

Re: [Puppet Users] encrypting hiera data?

It's one way to go. Another way is to use GPG encryption using https://github.com/StackExchange/blackbox . All depends the requirements at your site. -Jeffrey On Fri, Jul 8, 2016 at 8:46 AM, Christopher Wood wrote: > Puppet at least plugs it in their blog. > > https://puppet.com/blog/encrypt-

Re: [Puppet Users] encrypting hiera data?

Puppet at least plugs it in their blog. https://puppet.com/blog/encrypt-your-data-using-hiera-eyaml We've had lots of good uses for it in production. On Fri, Jul 08, 2016 at 06:29:31AM -0700, dkoleary wrote: >Hey; >I've come to the point where I need to encrypt a password in hiera data.

[Puppet Users] encrypting hiera data?

Hey; I've come to the point where I need to encrypt a password in hiera data. After trying (and failing) the recipe in the puppet cookbook, I hit the google searches and very quickly came across hiera eyaml. So, short question: is hiera.eyaml the generally accepted method of encrypting data

[Puppet Users] Re: BROKEN PUPPETDB

I didnt declared node definition properly. changed that and it started working. Thank you very much !! On Friday, July 8, 2016 at 3:29:59 AM UTC-4, Stefan Heijmans wrote: > > And does this node have a proper node definiton? > > On Wednesday, July 6, 2016 at 8:10:12 PM UTC+2, Virat wrote: >> >>

Re: [Puppet Users] Is it possible to gracefully exit the puppet agent run after sending facts?

Or have the suggested cron script run "facter -p" and deal with the output as appropriate ? Dan White | d_e_wh...@icloud.com “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to

Re: [Puppet Users] Is it possible to gracefully exit the puppet agent run after sending facts?

- Original Message - > From: "Peter Faller" > To: "puppet-users" > Sent: Friday, 8 July, 2016 10:29:56 > Subject: Re: [Puppet Users] Is it possible to gracefully exit the puppet > agent run after sending facts? > Would 'puppet agent --test --noop' be an option? in theory, but -noop w

Re: [Puppet Users] Is it possible to gracefully exit the puppet agent run after sending facts?

Would 'puppet agent --test --noop' be an option? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussi

[Puppet Users] Re: most idiomatic way to set resource defaults

Are you using the create_resources function to instantiate the resources? It takes a third argument containing default values: $widgets = hiera('widgets', {}) $widget_defaults = hiera('widget_defaults', {}) create_resources(::widget, $widgets, $widget_defaults) -- You received this message beca

[Puppet Users] Re: BROKEN PUPPETDB

And does this node have a proper node definiton? On Wednesday, July 6, 2016 at 8:10:12 PM UTC+2, Virat wrote: > > view /var/log/puppetlabs/puppetdb/puppetdb.log > > 2016-07-06 14:06:11,444 INFO [p.p.command] > [3a13ea71-ecd1-4c5b-b0fa-ffe9e7c8afb6] [replace facts] puppetagent.com >

Re: [Puppet Users] Is it possible to gracefully exit the puppet agent run after sending facts?

- Original Message - > From: "Haani Niyaz" > To: "puppet-users" > Sent: Friday, 8 July, 2016 03:25:26 > Subject: Re: [Puppet Users] Is it possible to gracefully exit the puppet > agent run after sending facts? > Not all but most of it. I guess the intention was to use the PuppetDB sin