[Puppet Users] Re: puppet-agent-ubuntu DockerHub outdated

Hi Nathaniel, It looks like the puppet-agent images stopped being maintained in late 2022 when the following PR removed the Dockerfiles etc from the puppet-agent git repo: https://github.com/puppetlabs/puppet-agent/pull/2315 … Ben’s description on the PR: *This now lives at https://github.co

[Puppet Users] Re: puppet-agent-ubuntu DockerHub outdated

Any update on this? Sadly, it still has not been updated. On Tuesday, September 12, 2023 at 2:51:31 PM UTC-7 Nathaniel Black wrote: > Hello! > > We use Docker puppet/puppet-agent-ubuntu:latest in CI/CD pipelines to > perform actions like lint and validate checks, but I have noticed that the > r

[Puppet Users] Re: puppet-agent 7 & 8 nightly builds for Debian 11 (ARM64)

On Friday, November 3, 2023 at 6:14:29 PM UTC+1 shubham...@perforce.com wrote: Hello, We are happy to announce that puppet-agent nightly builds for Debian 11 (ARM64) are now available at https://nightlies.puppet.com/apt/index.html Please try them out and let us know if you have any questions!

[Puppet Users] Re: Puppet Content Releases

Puppet Content Releases*Supported modules* An important clarification was brought to my attention, thanks bastelfreak (Tim), that the postgresql module was updated to 10.0.1 and that the previously mentioned 10.0.0 version should NOT be used.

[Puppet Users] Re: puppet idiom to select particular module stream?

It should work, I use similar approach. Try to adjust your parameters, this what works for me package { 'nodejs-module': ensure => '18', enable_only => true, provider => 'dnfmodule', } -> package { 'nodejs': } On Monday, September 11, 2023 at 4:57:20 PM UTC-4 Tim.Mooney wrote: > > All-

[Puppet Users] Re: Puppet package for Debian 12 bookworm is missing

Am Montag, dem 04.09.2023 um 03:03 -0700 schrieb 'Saša Teković' via Puppet Users: If not, is it possible to get more information about Debian 12 (Bookworm) support. When are Puppet Server, Agent, PDK, and PuppetDB packages expected to be released for Debian 12? Bookworm ships its own Puppet 7

[Puppet Users] Re: Puppet package for Debian 12 bookworm is missing

On Friday, July 14, 2023 at 7:06:48 PM UTC+2 Kenyon Ralph wrote: Tracked here: https://tickets.puppetlabs.com/browse/PA-4995 Hello, I'm unable to access the mentioned Jira ticket. It seems that ticket is not publicly available, and I can't find an option to register at tickets.puppetlabs.com

[Puppet Users] Re: puppet error - agent test

Hi all, I am getting no output from below command : [root@pagent~]$ puppet agent --fingerprint Fingerprint asked but neither the certificate, nor the certificate request have been issued Can anyone suggest what is going wrong here ? On Monday, August 28, 2023 at 8:47:17 PM UTC+5:30 kovid bhardwa

[Puppet Users] Re: Puppet package for Debian 12 bookworm is missing

Tracked here: https://tickets.puppetlabs.com/browse/PA-4995 On Thursday, July 13, 2023 at 1:43:54 PM UTC-7 Firstname Lastname wrote: > Hi, > > I am maintaining my puppet repo with the apt class, which currently > results in non-working apt file as there is no bookworm package at > apt.puppetlab

[Puppet Users] Re: Puppet agent doesn't run on Windows 11 notebook.

Stephanos, You said your notebook is "a standalone node that won't connect to a master". If that's the case, then "puppet agent -t" is not what you should be running. The "puppet agent" command will attempt to talk to a Puppetserver

[Puppet Users] Re: Puppet Server on public host/IP address?

Hi Matthias, Yeah it was more as closest documentation I could find. I got some advice that the main thing people looked for when publically exposed was to prevent anyone being able to make CSR requests to the server which would be on the configured in /etc/puppetlabs/puppetserver/conf.d/auth.c

[Puppet Users] Re: Puppet Server on public host/IP address?

Thank you for these suggestions. I might be missing something, but these patterns seem to link parts of the infrastructure at different locations/availablility zones through virtual private cloud links. I did not see if/how a Puppet Master is exposed to the public internet there? Any suggestio

[Puppet Users] Re: Puppet Server on public host/IP address?

Our support for TLS termination is messy and you need to use a reverse proxy in front of PE, We have a couple of Patterns surrounding multi region solutions using proxies and compilers which may be helpful https://puppet.com/docs/pe/2021.7/installing_compilers.html#multi-region-load-balancing A

[Puppet Users] Re: Puppet can't fetch catalog

(and then you'll need to restart the server) On Tuesday, September 20, 2022 at 7:38:45 AM UTC-7 Ben Ford wrote: > On the Puppet server, you will need either both of these parameters > set (when using Satellite for classification), or both of them unset (when > not using Satellite for classifica

[Puppet Users] Re: Puppet can't fetch catalog

On the Puppet server, you will need either both of these parameters set (when using Satellite for classification), or both of them unset (when not using Satellite for classification). *external_nodes = /etc/puppetlabs/code/node.rbnode_terminus = exec* On Thursday, September 15, 2022 at 9:15

Re: [Puppet Users] Re: puppet-agent 6 & 7 nightly builds for Ubuntu 22.04 (AMD64)

We plan on releasing Open Source Puppet 7.18.0 (and Agent 7.18.0) with support of Ubuntu 22.04 by the end of July. Regards On Mon, Jul 11, 2022 at 10:22 AM Oleksandr Lytvyn wrote: > Please advice: when approx. puppet-agent 7.18.0 will be released (with > support of Ubuntu 22.04 LTS)? > > On Fri

[Puppet Users] Re: puppet-agent 6 & 7 nightly builds for Ubuntu 22.04 (AMD64)

Please advice: when approx. puppet-agent 7.18.0 will be released (with support of Ubuntu 22.04 LTS)? On Friday, June 24, 2022 at 2:48:00 AM UTC+3 Aria Li wrote: > Hello, > > We are happy to announce that puppet-agent nightly builds for Ubuntu 22.04 > (AMD64) are now available at http://nightlie

[Puppet Users] Re: Puppet Enterprise 2021.5 is now available!

Ubuntu 22.04 will be released by then, maybe go straight to that instead? On Friday, February 18, 2022 at 11:01:08 AM UTC-8 al...@puppet.com wrote: > We are planning for Ubuntu 20.04 PE primary server support on our next > Puppet Enterprise release planned for May. > > Cheers! > Alex Rodriguez >

[Puppet Users] Re: Puppet Enterprise 2021.5 is now available!

We are planning for Ubuntu 20.04 PE primary server support on our next Puppet Enterprise release planned for May. Cheers! Alex Rodriguez Technical Program Manager, R&D On Thursday, February 17, 2022 at 7:38:43 PM UTC-8 ama...@gmail.com wrote: > Thanks for the new platform support. > > Any idea

[Puppet Users] Re: Puppet Enterprise 2021.5 is now available!

Thanks for the new platform support. Any idea on when we'll see Ubuntu 20.04 as a supported platform for the main PE server? On Tuesday, February 15, 2022 at 6:58:50 PM UTC-5 Puppet Product Updates wrote: > The latest release for the Puppet Enterprise release track, PE 2021.5, is > now availa

[Puppet Users] Re: Puppet Master as agent to itself continues to generate SSL errors

Hi Puppet users group, First time poster here. This issue matches what I'm facing exactly, although in my circumstance we are not intentionally trying to do the " the master is also an agent pointing to itself " thing. We are in this situation because someone ran 'puppet ssl clean' and 'puppe

[Puppet Users] Re: Puppet CA expiring and puppetserver cert expiring

Cool thanks. That is actually the process I had setup in our lab but the difference is the puppet masters certs weren't expiring. I'm using puppetlabs-certregen to extend the CA cert instead of the manual steps you provided. A relief that I'm pretty much going to follow the same route you di

[Puppet Users] Re: Puppet CA expiring and puppetserver cert expiring

I ran into this issue a few weeks ago, but only my CA cert was expired as my master certs were a few years newer than CA. There are a couple blog articles I found (lost URLs) that pieced together these steps to renew CA cert. For clients you just have to remove then re-download the CA cert once

[Puppet Users] Re: [Puppet-dev] Availability of Facter 4 nightly gems

Good question! These are the exact same versions of Facter that are bundled with the nightly puppet-agent builds, so no additional steps are needed if you're already using nightly agent builds. Additionally, as most of you know, Facter 4 is also available as facter-ng on the puppet6 stream. Previo

[Puppet Users] Re: [Puppet-dev] Availability of Facter 4 nightly gems

Are these also fed into the nightly agent builds, or do I need additional steps to get nightly facter on top of a nightly agent build? On Thu, 20 May 2021 at 13:40, Gabriel Nagy wrote: > Hello, > > We are happy to announce that Facter 4 nightly gems are now available to > use under http://nightl

[Puppet Users] Re: Puppet agent run error "couldnt find valid string"

Hi avenk I think you just need to change from declaring *undef* to using an empty array. The code will throw the error where the class is *NOT called* with *$enable_ipv6_localhost = true*, Change: *$my_localhost6_aliases = undef* to *$my_localhost6_aliases = []* As your own code is throwing

[Puppet Users] Re: Puppet Enterprise 2019.7 is now available!

“Whoops, FIPS 140-2 compliant Microsoft Windows Server 2012R2 and 2012R2 core are now supported platforms for *agents*.” On Tue, May 12, 2020 at 2:48 PM Puppet Product Updates < puppet-product-upda...@puppet.com> wrote: > The latest release of Puppet Enterprise, PE 2019.7, is now available! > > C

[Puppet Users] Re: Puppet on Ubuntu Focal

The DEB files are not present under http://apt.puppetlabs.com/pool/focal/puppet/? Simon On Saturday, April 25, 2020 at 1:26:50 AM UTC+10, Arpit sharma wrote: > > I am having trouble using puppet(open-source) on Ubuntu Focal( as Focal > ships with ruby 2.7) mostly related to this issue > https:

[Puppet Users] Re: Puppet Not Running chkconfig correctly.

On Tuesday, 10 November 2009 01:27:42 UTC, Douglas wrote: > > So, I noticed that when adding a service to puppet, puppet is running > a chkconfig . However, as far as I can tell, puppet should be > running a chkconfig --add , otherwise the symlinks don't get > created from the service in /etc/rc.

[Puppet Users] Re: Puppet Enterprise 2019.5 is now available!

Seems pipeline for EL8 stuck somewhere, release is not available: $ wget --content-disposition >> "https://pm.puppet.com/cgi-bin/download.cgi?dist=el&rel=8&arch=x86_64&ver=latest"; > > --2020-03-20 04:44:35-- >> >> https://pm.puppet.com/cgi-bin/download.cgi?dist=el&rel=8&arch=x86_64&ver=latest

Re: [Puppet Users] Re: puppet bolt templates ??

The existing functions 'epp' and 'inline_epp' work. For example, the following plan returns the resolved template: plan examples::epp() { $templ = @(END) <%= $foo %> END return inline_epp($templ, {'foo' => 'hello'}) } On Tue, Feb 11, 2020 at 10:25 PM Shirish Shukla wrote: > There should be

Re: [Puppet Users] Re: puppet bolt templates ??

There should be inbuilt function to achieve so, as its very basic functionality every bolt user expect. On Tue, 11 Feb 2020 at 9:03 PM, Alex Dreyer wrote: > > > On Tue, Feb 11, 2020 at 7:24 AM Shirish Shukla > wrote: > >> What about if puppet agent not installed on target >> Is there any way we

Re: [Puppet Users] Re: puppet bolt templates ??

If you target the remote node (that doesn't have a Puppet agent) with an apply() block in a Bolt plan, the prereq apply_prep($nodes) step will install the Puppet agent binaries on that node for you. This allows you to still leverage all the functionality, without activating the agent. Kind regard

Re: [Puppet Users] Re: puppet bolt templates ??

On Tue, Feb 11, 2020 at 7:24 AM Shirish Shukla wrote: > What about if puppet agent not installed on target > Is there any way we can use epp file > There are a few options - You can target localhost for the apply to create the file locally and then use upload_file to copy it. - You can write a t

[Puppet Users] Re: puppet bolt templates ??

What about if puppet agent not installed on target Is there any way we can use epp file On Monday, 16 September 2019 21:51:05 UTC+5:30, Andy Hall wrote: > > hey there just starting using bolt and has a simple plan which applies a > manifest but I'd know like to write a dynamic file from a templa

[Puppet Users] Re: puppet --trace content

This will be my last note about this. I'll probably start work on it later _next_ week. fwiw, I'm leaning towards something like `--trace` returns just the ruby stacktrace, `--puppet_trace` returns just the puppet code stack, and passing both interleave them similar to previous behavior (but if mo

Re: [Puppet Users] Re: puppet agent fails to self-restart on config change

On Thu, Nov 21, 2019 at 7:49 AM Yvan Broccard wrote: > I experience the same issue here, sometimes agents are stuck in this >> Shutdown/restart loop, especially if puppet agent changed a config value in >> puppet.conf. >> > > We're using Puppet 6 now here and this issue is new with Puppet 6. In t

[Puppet Users] Re: puppet agent fails to self-restart on config change

> > I experience the same issue here, sometimes agents are stuck in this > Shutdown/restart loop, especially if puppet agent changed a config value in > puppet.conf. > We're using Puppet 6 now here and this issue is new with Puppet 6. In the past, with puppet serie 4, we never experienced this

[Puppet Users] Re: Puppet agent fails collect packages for puppet "Cannot collect packages for Puppet::Type::package::ProviderYum provider; Failed to list packages"

I sometimes have this issue on one particular node, the cause is that the Yum database gets corrupted on that node sometimes. I've built this Puppet Task to repair the database when it happens: #!/bin/bash rm -f /var/lib/rpm/__db* rpm --rebuilddb yum clean all yum check-update if [ $? == 100 ];

Re: [Puppet Users] Re: puppet resource processed just once a day

Thank you very much. El 18/9/19 a las 15:07, jcbollinger escribió: On Wednesday, September 18, 2019 at 1:55:29 AM UTC-5, amateo wrote: Hi, I have a puppet resource I would like it to be processed just in one run every day, I don't need it to be processed in e

[Puppet Users] Re: puppet bolt templates ??

Fantastic all works now. If I have any further questions I'll create a new thread. Thanks. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr

[Puppet Users] Re: puppet bolt templates ??

You do it as follows: plan puppet6::puppet_upgrade( TargetSpec $nodes, ) { $targets = get_targets($nodes) $targets.each |$target| { apply($nodes) { class { 'puppet6::upgrade': location => $target.vars['location'] } } } } -Kevin On Thursday, September 19, 2019 at 12:00:18

[Puppet Users] Re: puppet bolt templates ??

OK so how do I get the plan to read from the inventory file ?? I am running this plan : bolt plan run puppet6::puppet_upgrade -i inventory.yaml --nodes puppet6_nodes And am getting this error : puppet6::puppet_upgrade: expects a value for parameter 'location' Here is my inventory file : grou

[Puppet Users] Re: puppet bolt templates ??

OK this is great. Really looking forward to using this more. Being able to leverage our existing puppet codebase and modules for a quick agentless solution means we don't have to migrate everything to ansible. Thanks again for all your help !! -- You received this message because you are subsc

[Puppet Users] Re: puppet bolt templates ??

Yes to all of the above :-) 1) Within Apply blocks, you can leverage Hiera data from the module. Simply put a hiera.yaml in the root of the module to define where Hiera data should be read from 2) While Hiera is nice, it might be even more powerful (depending on the use case) to leverage the n

[Puppet Users] Re: puppet resource processed just once a day

On Wednesday, September 18, 2019 at 1:55:29 AM UTC-5, amateo wrote: > > Hi, > > I have a puppet resource I would like it to be processed just in > one > run every day, I don't need it to be processed in every run. > > Is this possible? How? > This is what schedules

[Puppet Users] Re: puppet bolt templates ??

This works great thanks very much for your help. I just had to add the location param to the plan itself as follows: plan profiles::puppet_upgrade( TargetSpec $servers, String $location, ) { It works perfectly !! Could I ask if the params can be read from a file similar to hiera (or an inve

[Puppet Users] Re: puppet bolt templates ??

Yes that will work, there are a few erros in your code though: - $location should not be quoted when calling epp() - the name of the variable for epp should not begin with $ class profiles::upgrade ($location = undef) { file { '/root/my_file.txt': ensure => file, content => epp('my

[Puppet Users] Re: puppet bolt templates ??

That's great thanks !! So if I want to pass a param to the template from the command line would this work ?? 1. The command: bolt plan run profiles::puppet_upgrade servers=hostname.domain.com location=uk --user root 2. The plan: plan profiles::puppet_upgrade( TargetSpec $servers, ) { app

[Puppet Users] Re: puppet bolt templates ??

Hi Andy, you can do this with an Apply block in your plan: apply_prep($nodes) apply($nodes, '_run_as' => 'root'){ file { '/root/my_file.txt': ensure => file, content => epp('my_module/my_file.epp', { 'my_param' => 'my_value' }) } } For the above example, you'll need to create a dir

[Puppet Users] Re: Puppet server won't start

What are the server specs? Any clues in /var/log/messages or /var/log/syslog to give clues if it's an OOM error? On Thursday, September 5, 2019 at 5:16:26 AM UTC+10, Prentice Bisbal wrote: > > I'm doing a fresh install of Puppet6 on CentOS 7.6: > > # rpm -qa | grep puppet > puppetserver-6.4.0-1

Re: [Puppet Users] Re: puppet server 3.7.1-1 running on RHEL 5.11 abrupt shutdown

Thanks John, I will enable debug logs and update this thread. On Tue, Aug 6, 2019 at 6:34 PM jcbollinger wrote: > > > On Tuesday, August 6, 2019 at 12:36:23 AM UTC-5, Mathew Jose wrote: > > >> Where should i start ? Is there a way to enable debug logs for puppet >> master ? >> >> > There is a

[Puppet Users] Re: puppet server 3.7.1-1 running on RHEL 5.11 abrupt shutdown

On Tuesday, August 6, 2019 at 12:36:23 AM UTC-5, Mathew Jose wrote: > Where should i start ? Is there a way to enable debug logs for puppet > master ? > > There is a log_level configuration parameter, which you can set to "debug" (without quotes) in the [main] or [master] section of puppet

[Puppet Users] Re: Puppet Platform 6.7.0 is now available!

https://tickets.puppetlabs.com/browse/PA-2809 On Wednesday, July 24, 2019 at 6:34:19 AM UTC+10, Puppet Product Updates wrote: > > This release contains bug fixes and enhancements, notably: > > Puppet 6.7 adds new `ca_fingerprint` setting verifies the CA bundle > download against a fingerprint. >

[Puppet Users] Re: Puppet Platform 6.7.0 is now available!

This has introduced a regression that has broken our MTA (Postfix), based on the camptocamp-postfix module. Steps to reproduce on Ubuntu 18.04 LTS: ``` https://apt.puppetlabs.com/puppet6-release-bionic.deb dpkg -i puppet6-release-bionic.deb apt update;apt install -y puppet-agent puppet module ins

[Puppet Users] Re: Puppet Module Best Practice (Roles/Profiles)

On Friday, 19 July 2019 01:59:26 UTC+1, Lesley Kimmel wrote: > > Hi all; > > I told him if it was the right way then all the smart people working with > and developing Puppet would have put it out as the best practice. However, > I can't seem to come up with a really great scenario that will conv

[Puppet Users] Re: Puppet Module Best Practice (Roles/Profiles)

On Thursday, July 18, 2019 at 7:59:26 PM UTC-5, Lesley Kimmel wrote: > > Hi all; > I'm a Linux engineer who went through a typical growth period with Puppet > and finally landed on the Roles and Profiles pattern which generally works > well. > > I have a coworker that started on after me and do

[Puppet Users] Re: Puppet enterprise replication error

HI There! Can you verify you are running a monolithic Master of 2019.1? With a target agent node that is currently under puppet management and is connected to orchestrator, however has no other Puppet software installed other than the agent? On the Current Primary Master, are you able to check

[Puppet Users] Re: Puppet Log Directory Permissions

Interesting, thanks! On Tuesday, June 4, 2019 at 1:59:07 PM UTC-4, Peter Krawetzky wrote: > > I want to be able to ingest the puppet servers logs into splunk but the > owner of the directory is puppet:puppet and the permissions are > /var/log/puppetlabs/puppet rwxr-x---. Since other has no acce

[Puppet Users] Re: Puppet Discovery configuration issues

Please note i had spoted the post from 2017 regarding firewall changes, i had already applied these. On Thursday, May 30, 2019 at 3:27:38 PM UTC+1, Shane O'Leary wrote: > > Hello > > I am reviewing the Puppet Discovery product currently in a test > environment. > > I have got the product to re

[Puppet Users] Re: puppet agent fails to self-restart on config change

Same issue: May 21 11:26:51 vm01 puppet-agent[419]: Shutdown/restart in progress (:restart_requested); skipping run May 21 12:26:51 vm01 puppet-agent[419]: Shutdown/restart in progress (:restart_requested); skipping run May 21 13:26:51 vm01 puppet-agent[419]: Shutdown/restart in progress (:rest

Re: [Puppet Users] Re: Puppet dumped multiple 1G files into folder after reboot

Stephen, apologies for the late response - I've been out sick last week. I've poked around a bit in old bug reports and the only thing I could find is https://tickets.puppetlabs.com/browse/PDB-1812 , which says that PuppetDB 3.0.2 fixed an issue with autovaccuming that was not properly garbage co

[Puppet Users] Re: Puppet dumped multiple 1G files into folder after reboot

Yes, I was able to get into the psql db and poke around. I see legit data there so I'm not comfortable removing any files. But, I am still concerned with what causes this to happen. At 5G a pop this could quickly fill up a partition. On Sunday, February 17, 2019 at 12:46:17 AM UTC-6, Stephen S

[Puppet Users] Re: Puppet 6 client lookup secret from Hashicorp Vault

If using a different Vault auth method is an option, you could use the AppRole method and define a role and policies in Vault. The Puppet agent then authenticates under a specific role (and instance of that role) that is governed by the policy. On Tuesday, October 9, 2018 at 8:12:39 AM UTC-4, c

[Puppet Users] Re: Puppet 6 client lookup secret from Hashicorp Vault

We've made some more progress integrating Puppet 6+ Deferred lookups with Vault for secrets storage. The basic principle we've used for the isolation is to upload and sync a Puppet TLS certificate per host, and lookup the relevant keys under there for the secret storage. ``` vault write secret

[Puppet Users] Re: Puppet 6 client lookup secret from Hashicorp Vault

We've made some more progress integrating Puppet 6+ Deferred lookups with Vault for secrets storage. The basic principle we've used for the isolation is to upload and sync a Puppet TLS certificate per host, and lookup the relevant keys under there for the secret storage. ``` vault write secret

Re: [Puppet Users] Re: Puppet 6 client lookup secret from Hashicorp Vault

Hi All! I've been working on a Vagrant repo that sets everything up: https://github.com/petems/puppet-vault-function-vagrant > #export VAULT_SKIP_VERIFY=true This one you can avoid by pointing to the puppet CA cert with VAULT_CACERT, means you're avoiding the cert skipping. > Our next challe

Re: [Puppet Users] Re: Puppet 6 client lookup secret from Hashicorp Vault

We now have Vault lookups working using the Deferred functionality that debuted in Puppet6x. Here are my high level note on "how", hoping they help someone else in the future (lots of assumptions, but if you have questions please reach out...) #export VAULT_SKIP_VERIFY=true #mkdir /var/lib/vaul

Re: [Puppet Users] Re: Puppet 3 and hiera

>> Is there any chance that you have *too new* an Hiera installed? I was actually worried at first that there was a regression in terms of what hiera was on there given the host was "patched" recently. I may have found the problem and yes I suspected right along the issue was on the remote master

[Puppet Users] Re: Puppet 3 and hiera

On Wednesday, January 9, 2019 at 11:06:54 AM UTC-6, Salty Old Cowdawg wrote: > > Hi folks, > > I know... I know... get off of Puppet 3. I'll be getting there soon. > > Right now I have Puppet 3 in our production environment where I work. > Long political story as to why we are still on 3 that

Re: [Puppet Users] Re: Puppet Certificate Issues

Hi Rohit, I don't have great ideas about what's going on in your environment. Are you using custom built containers or the puppet namespaced containers from hub.docker.com. You could try applying this patch ( https://github.com/puppetlabs/puppetdb/commit/a1ab2f50598f12ac51acb21f256232143891dbc1) a

Re: [Puppet Users] Re: Puppet Certificate Issues

Any idea if there are other steps I can consider? If not, should I simply rebuild the system? If I do go this route, is there a way to backup all the Puppet configurations set for servers and services that can be reimported in a fresh install? Would it also be suggested to go a non-Docker route

Re: [Puppet Users] Re: Puppet Certificate Issues

Thanks for the response, I did try those changes to see if it helps but unfortunately the issue still exists On Wednesday, November 21, 2018 at 8:43:16 AM UTC-8, John Gelnaw wrote: > > > I had difficulties with the stock puppetdb entrypoint script. I wound up > changing it thusly: > > #!/bin/ba

Re: [Puppet Users] Re: Puppet Certificate Issues

I had difficulties with the stock puppetdb entrypoint script. I wound up changing it thusly: #!/bin/bash if [ ! -d "/etc/puppetlabs/puppetdb/ssl" ]; then set -e /opt/puppetlabs/bin/puppet config set certname ${HOSTNAME} if [ ! -f "/etc/puppetlabs/puppet/ssl/certs/ca.pem" ]; th

Re: [Puppet Users] Re: Puppet Certificate Issues

Hello Morgan I was able to generate a new certificate with the alt name, and when doing a 'puppet cert list --all' I see the following: + "puppet4.psd401.net" (SHA256) 1D:16:67:30:0D:62:CE:6C:2A:80:11:7E:C7:79:BA :4F:25:C6:0E:E6:90:9D:4D:9F:86:4B:5C:42:A1:6D:09:96 (alt names: "DNS:puppet" , "DN

Re: [Puppet Users] Re: Puppet Certificate Issues

Hi Rohit, No, unfortunately, it's not just a change in your docker-compose.yml. When you're generating the certs for your puppetserver, you'll want to make sure you're passing the `--dns_alt_names=`, so it would be something like: puppet cert generate puppet4.psd401.net --dns_alt_names=puppet, pup

Re: [Puppet Users] Re: Puppet Certificate Issues

Hello Morgan, Apologies for the late response here, some of our Puppet services had started working but it looks like the same issue has arised and I am not entirely sure why. I did check the docker-entrypoint.sh file and indeed see the very exact response as you posted. However my question is

Re: [Puppet Users] Re: Puppet 6 client lookup secret from Hashicorp Vault

Hi Lindsay and Thomas, Thanks for your documentation - I'm having some problems getting the client lookup to work. I have the Puppetserver CA setup in Vault, and the Vault servers Puppet certificate and private key configured. I have added the Puppetserver CA to the trusted roots, per: https:

Re: [Puppet Users] Re: puppet master not seeing certificate signing request from agent

Hey Justin, Thanks for the reply! On Wed, Oct 31, 2018 at 10:49 PM Justin Stoller wrote: > What happens on the agent that is running on the master? > Works as expected. Thus indicting the firewall. Digging deeper... it looks like Debian testing bit me. But I don't blame them - I know I'm trac

Re: [Puppet Users] Re: puppet master not seeing certificate signing request from agent

What happens on the agent that is running on the master? When running any agent here's a flag, `--http_debug` I think, that will show you exactly what Puppet's requesting. Seeing the output from curling the CA endpoints from the agent in question might be helpful (both from curl's side and the ma

[Puppet Users] Re: puppet master not seeing certificate signing request from agent

On Wed, Oct 31, 2018 at 11:23 AM Matt Zagrabelny wrote: > Greetings, > > I'm running puppet 5.5.6 (Debian testing). > > I'm having issues getting the master to see the cert signing request from > an agent. > > The firewall isn't an issue. I see the packets hit an "allow" rule on the > master, but

Re: [Puppet Users] Re: Puppet 6 regenerate all certs fails with OpenSSL::X509::StoreError

On Sat, 27 Oct 2018 at 01:44, Maggie Dreyer wrote: > Assuming your intermediate CA was set up using `puppetserver ca setup`, the > important bits are: > 1) Delete the SSL dir on the agent > 2) Set CRL checking on the agent to "leaf" > 3) Copy the CA bundle from the master to the agent: > (master)

Re: [Puppet Users] Re: Puppet 6 regenerate all certs fails with OpenSSL::X509::StoreError

The information on this page from the Puppet 5 docs will probably help: https://puppet.com/docs/puppetserver/5.3/intermediate_ca_configuration.html Assuming your intermediate CA was set up using `puppetserver ca setup`, the important bits are: 1) Delete the SSL dir on the agent 2) Set CRL checking

[Puppet Users] Re: Puppet 6 regenerate all certs fails with OpenSSL::X509::StoreError

On Monday, October 22, 2018 at 1:25:10 AM UTC-10, Bret Wortman wrote: > We had an issue where someone removed our puppet server's ssl directory, so > we need to regenerate all our certs. I'm following the instructions at  > https://puppet.com/docs/puppet/6.0/ssl_regenerate_certificates.html but am

Re: [Puppet Users] Re: Puppet 6 regenerate all certs fails with OpenSSL::X509::StoreError

On Tuesday, 23 October 2018 01:37:10 UTC+10, Maggie Dreyer wrote: > > Puppet 5 agents do not properly support the intermediate CA setup without > manual intervention. > Hi Maggie, Could you elaborate on the "manual intervention" required to get a Puppet 5 agent to work with the intermediate CA?

[Puppet Users] Re: Puppet 6 regenerate all certs fails with OpenSSL::X509::StoreError

On Monday, October 22, 2018 at 1:25:10 AM UTC-10, Bret Wortman wrote: > We had an issue where someone removed our puppet server's ssl directory, so > we need to regenerate all our certs. I'm following the instructions at  > https://puppet.com/docs/puppet/6.0/ssl_regenerate_certificates.html but am

Re: [Puppet Users] Re: Puppet 6 regenerate all certs fails with OpenSSL::X509::StoreError

That worked like a champ. Now I just need to read up on how to get my puppetserver talking to puppetdb again... Thanks, Maggie! On 10/22/2018 11:36 AM, Maggie Dreyer wrote: Unfortunately that particular docs page was incorrectly updated for Puppet 6. If you are running Puppet 6 master AND age

Re: [Puppet Users] Re: Puppet 6 regenerate all certs fails with OpenSSL::X509::StoreError

Unfortunately that particular docs page was incorrectly updated for Puppet 6. If you are running Puppet 6 master AND agents, you can regenerate your CA by using `puppetserver can setup`. This creates a basic intermediate CA with a self-signed root and a CA signing cert. It will also create a new ce

RE: [Puppet Users] Re: Puppet 6 regenerate all certs fails with OpenSSL::X509::StoreError

try puppet cert list --all That seems to work git simalar error using the puppet ca command -Original message- From: Bret Wortman  Sent: Monday 22nd October 2018 14:48 To: Puppet Users Subject: [Puppet Users] Re: Puppet 6 regenerate all certs fails with OpenSSL::X509

[Puppet Users] Re: Puppet 6 regenerate all certs fails with OpenSSL::X509::StoreError

Out of curiosity, I updated the server to 6.0.1. No change. On Monday, October 22, 2018 at 7:25:10 AM UTC-4, Bret Wortman wrote: > > We had an issue where someone removed our puppet server's ssl directory, > so we need to regenerate all our certs. I'm following the instructions at > https://pup

Re: [Puppet Users] Re: Puppet Certificate Issues

When you look at the output of `puppet cert list all` does the certificate for your puppetmaster also include the alt name 'puppet'? (Something like 'alt names: "DNS:puppet", "DNS:testpuppet"'). If not, I'm guessing that's your problem. You mentioned in your earlier email that you were using puppe

Re: [Puppet Users] Re: Puppet Certificate Issues

1. puppet_db is trying to connect our.puppet.domain, there is no docker-entrypoint.sh script that I was able to find. 1. For reference, this is the docker-compose.yml: 2. puppetdb: container_name: puppet_db hostname: puppetdb.pen

Re: [Puppet Users] Re: Puppet Certificate Issues

A few things to verify: 1) what hostname is your puppetdb container trying to connect to puppetserver at? a) This should be in your docker-entrypoint.sh script in the puppetdb container. Likely either 'puppet' or '$PUPPETSERVER_HOSTNAME' depending on what variables you have set in your compose

[Puppet Users] Re: Puppet Certificate Issues

Hello Morgan, If you are refferring to the cert being in the conf/ssl/certs folder, then yes, our.puppet.domain.pem is in the folder. When running the 'puppet cert list --all' I see three certificates (in the SHA256 format): - computername.our.puppet.domain - our.puppet.domain - server

[Puppet Users] Re: Puppet Certificate Issues

Hi Rohit, Is the hostname from `/CN=our.puppet.domain` showing up in your puppetserver's certificate? You can verify that with `puppet cert list --all` on the puppetserver container. This looks like a DNS issue. On Thursday, October 18, 2018 at 11:41:16 AM UTC-7, Rohit wrote: > > Hello, we cur

Re: [Puppet Users] Re: Puppet 6 client lookup secret from Hashicorp Vault

On Wed, Oct 10, 2018 at 5:28 AM Thomas Müller wrote: > > > Am Dienstag, 9. Oktober 2018 14:12:39 UTC+2 schrieb comport3: >> >> Mentioned in the Puppet 6 release notes are the ability for a client to >> lookup secret data from Vault. >> >> Is there any more info on how to implement this? >> >> I h

[Puppet Users] Re: Puppet 6 client lookup secret from Hashicorp Vault

Am Dienstag, 9. Oktober 2018 14:12:39 UTC+2 schrieb comport3: > > Mentioned in the Puppet 6 release notes are the ability for a client to > lookup secret data from Vault. > > Is there any more info on how to implement this? > > I have done extensive work on POC environments that use Vault as a t

[Puppet Users] Re: [Puppet-dev] [Puppet-Users] Puppet Platform 6 Update

> On 18. Jul 2018, at 00:43, Eric Sorenson wrote: > > On Jul 17, 2018, at 2:26 AM, Martin Alfke wrote: >> >>> On 17. Jul 2018, at 01:40, Eric Sorenson wrote: >>> >>> So my question is - >>> - do you current use/rely on 'gem install puppet' for your workflows? If >>> so, what do you do wi

[Puppet Users] Re: [Puppet-dev] [Puppet-Users] Puppet Platform 6 Update

On Jul 17, 2018, at 2:26 AM, Martin Alfke wrote: > >> On 17. Jul 2018, at 01:40, Eric Sorenson > > wrote: >> >> So my question is - >> - do you current use/rely on 'gem install puppet' for your workflows? If so, >> what do you do with it? (does anybody use a 'gem instal

[Puppet Users] Re: [Puppet-dev] [Puppet-Users] Puppet Platform 6 Update

> On 17. Jul 2018, at 01:40, Eric Sorenson wrote: > > Another effort that's underway but not yet complete is the extraction of > non-core types/providers into modules. This addresses some long-standing > requests to, for example, be able to change the nagios types and OS-specific > resource

  1   2   3   4   5   6   7   8   9   10   >