puppetcommunity #puppet

rootshellz

12/05/2023, 6:00 PM

Is there a way for an ENC to have access to the current facts, from the run that caused it to be called, or to pass specific parameters to an ENC? From what I have seen, there is no built-in mechanism for passing an ENC anything but the node's name and then the ENC can only look up a given node's facts from its last run in puppetdb (i.e. I believe that during a run, the current facts have not yet been written to puppetdb at the time the ENC is called). Ultimately, I have a custom ENC implementation that assigns environment and it considers a node's facts when making the assignment, but these facts are "stale". For example the ENC considers the

agent_specified_environment

, but then make an ultimate decision on what environment to assign. If the agent specified environment changes on the node, it won't be seen by the ENC until a subsequent run. Is there a better pattern to solve for this?

riccsnet

12/05/2023, 9:43 PM

I am running Puppet Enterprise 2021.7 on a RHEL server. I just upgraded from RHEL 7.9 to RHEL 8.8. In the puppet manifest for the puppet server the is a

Validate_db_connection

resource that is failing after the upgrade. The following is the command being run and the error this command get when run at the command line.

Copy code

/opt/puppetlabs/server/bin/psql --tuples-only --quiet -p 5432 --dbname postgres
/opt/puppetlabs/server/bin/psql: error while loading shared libraries: libreadline.so.6: cannot open shared object file: No such file or directory

During the upgrade the readline rpm was upgraded from version 6.2 to 7.0. Is there something I need to do to allow the puppet resource to use the new libreadline version. Also, everything on the puppet server seems to be working. We have about 150 clients that are not having any issue connecting and useing the puppet server.

😱 1

riccsnet

12/05/2023, 9:45 PM

We used the Leapp product.

spp

12/05/2023, 10:10 PM

Even RedHat does not recommend upgrading applications in place with LEAPP. Their suggestion is to uninstall applications, upgrade the OS with LEAPP, then restore the applications.

bastelfreak

12/05/2023, 10:16 PM

insert sales pitch for arch linux here

😏 1

Neeloj

12/06/2023, 10:23 AM

Hi all, does Puppetsever use HSTS (HTTP Strict Transport Security) , can I verfiy that ?

Guillem Liarte

12/06/2023, 12:03 PM

--- Hello everyone. We are moving from Puppet 6 to Puppet 7. We notice no issues with agents running version 6 with server version7. However, lookups for Hash data type fail in the same node using v7 when they are perfectly fine in 6. For example calling this:

Copy code

$baseline = lookup( 'baseline', Hash, 'deep' )

With this in heira:

Copy code

baseline:
  os_name: Rocky Linux
  os_version: 8.6
  rpm_packages_present:
    - '<http://containerd.io|containerd.io> 1.4.3'
    - 'container-selinux 2.179.1'
    - 'docker-ce 20.10.17'
    - 'sqlite 3.26.0'
    - 'rsync 3.1.3'
    - 'perl-YAML 1.24'
    - 'perl-JSON 2.97.001'
    - 'qperf 0.4.11'
    - 'epel-release 8'

    (shortened on purpose)

fails with puppet-agent 7 while is it perfectly fine when calling from puppet agent v6 The classification seems to work correctly. I have looked in changes and release notes for v7 and i can't find anything specific to this. instead, we get:

Error while evaluating a Resource Statement, Function lookup() did not find a value for the name 'baseline' on node xxxxx

---- The same happens when using puppet lookup from command line from one of the puppet servers; the same node lookup will fail when that node is in v7 , but behave as expected in v6. But here, there is a more interesting result:

Copy code

Error: Could not run: No facts available for target node: xxxxxx

So, does it mean that the agent in v7 is not sending or finding the facts that v6 can find without issues? Has anyone any idea of what may be going on?

Guillem Liarte

12/06/2023, 12:05 PM

I have checked via API, and effectively, agents running v7 do not have the facts in PDB 😕

Guillem Liarte

12/06/2023, 12:19 PM

Error when performing lookup for hash data in agent v7, puppetserver.log

Guillem Liarte

12/06/2023, 12:21 PM

Exactly same host, classifications, etc. but sporting version 6 of puppet agent:

Copy code

2023-12-06T13:20:24.820+01:00 INFO  [qtp698030402-52] [puppetserver] Puppet 'replace_facts' command for YYYYYYYYYYY submitted to PuppetDB with UUID 53d86d27-f4cc-466b-8a8d-b04cf0b3e4c6
2023-12-06T13:20:28.558+01:00 INFO  [qtp698030402-52] [puppetserver] Puppet Compiled catalog for YYYYYYYYYYYYYYYYYYY in environment infra in 3.63 seconds
2023-12-06T13:20:28.561+01:00 INFO  [qtp698030402-52] [puppetserver] Puppet Caching catalog for YYYYYYYYYYYYYYYYY

bastelfreak

12/06/2023, 12:22 PM

@Guillem Liarte you can try a

puppet lookup

on the CLI and debug it. you need to run it on the puppetserver

Guillem Liarte

12/06/2023, 12:41 PM

that is exactly what I put at the top:

Guillem Liarte

12/06/2023, 12:41 PM

Copy code

The same happens when using puppet lookup from command line from one of the puppet servers; the same node lookup will fail when that node is in v7 , but behave as expected in v6.
But here, there is a more interesting  result:
Error: Could not run: No facts available for target node: xxxxxx
So, does it mean that the agent in v7 is not sending or finding the facts that v6 can find without issues?

Guillem Liarte

12/06/2023, 12:42 PM

so the RC seems the puppet agents in v7 not getting their facts published in puppetdb

1907

12/06/2023, 2:15 PM

Hi, I’m curious about the best method to enable a DNF module without updating the installed package. Essentially, I need to execute the command:

dnf module enable mariadb:10.5

. It appears that there isn’t much information about the

dnfmodule

provider in the documentation

Bruno Josafa

12/06/2023, 2:58 PM

Hello everyone, is it possible to enable package inventory for Node groups using hiera?

Elliott

12/06/2023, 4:31 PM

what is the alternative to

assert_type

validate_legacy

? It seems both are deprecated maybe? What should I be using to validate type of a variable not in a parameter and not in a declaration statement? Bard and ChatGPT are misleading here too.

Jean Michel Feltrin

12/06/2023, 5:14 PM

Guys, does anyone have experienced puppet running ok for most of the servers but breaking in a single server with this error:

Copy code

Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Function Call, Failed to execute '/pdb/query/v4' on at least 1 of the following 'server_urls'

even with certs showing as ok:

Copy code

openssl verify -CAfile ca.pem $(puppet master --configprint hostcert)
/etc/puppetlabs/puppet/ssl/certs/xxx.comain.pem: OK

I'm also able to curl the same endpoint using the server certs..

Jean Michel Feltrin

12/06/2023, 5:15 PM

I'd appreciate any hints

rismoney

12/07/2023, 1:37 AM

do yaml anchors in hiera work across yaml files, or only within them.

vchepkov

12/07/2023, 1:43 AM

within one file

Christian Michael Tan

12/07/2023, 9:00 AM

is it possible to use the "package" resource and use a github repo for the "source" parameter?

Neeloj

12/07/2023, 10:03 AM

hi all, is there a better way than: https://forge.puppet.com/modules/reidmv/puppet_certificate/readme? to allow agents renew theier own certificates . thanks all

rismoney

12/07/2023, 2:28 PM

what is the metric convert_catalog.

David Sandilands

12/08/2023, 2:31 PM

so at risk of asking a very wide question I'll kick off a thread. How are people using OSP processing/using event report data? Are you using something like foreman to view it? Custom report processors? Your not right now but would like to do something?

this 1

➕ 1

🙌 1

matthew katzenstein

12/08/2023, 6:47 PM

Hey friends! i have some noob questions about puppetlabs/apt and fun with GPG keys, hoping i might be able to find someone to help

Dr Bunsen Honeydew

12/08/2023, 6:47 PM

See the

puppetlabs-apt

module at https://forge.puppet.com/puppetlabs/apt?src=slack&channel=puppet

binford2k

12/08/2023, 7:19 PM

https://fosstodon.org/@puppet/111546409397983951

nice2 2

Kenneth Smith

12/08/2023, 8:25 PM

Hello puppet community. I have some weird puppetdb behavior I haven't been able to track down and was told I should just ask the folks here, so I'm starting a thread here in the hopes someone here can shed some light on the issue. We're running very old puppet still and trying to keep it alive to get a 3.7.2 ->4 migration done so we can quickly get 4 ->8 done without allowing it to also take forever, though at the moment, simply upgrading isn't an option. The issue is the connections in the connection pool seemingly being closed without the pool manager knowing. Which means when it goes to use those connections it finds they are now closed and produces logs showing that as the exception:

Copy code

2023-12-08 13:11:02,648 DEBUG [c.p.jdbc] Caught org.postgresql.util.PSQLException: 'This connection has been closed.'. SQL Error code: '08003'. Attempt: 4 of 5.
2023-12-08 13:11:14,172 DEBUG [c.p.jdbc] Caught org.postgresql.util.PSQLException: 'This connection has been closed.'. SQL Error code: '08003'. Attempt: 5 of 5.
2023-12-08 13:11:26,219 WARN  [c.p.jdbc] Caught exception. Last attempt, throwing exception.
2023-12-08 13:11:26,220 DEBUG [c.p.p.command] [566d9d3a-4a77-4128-b2e9-1dce2aced0d8] [replace catalog] Retrying after attempt 2, due to: org.postgresql.util.PSQLException: This connection has been closed.
org.postgresql.util.PSQLException: This connection has been closed.

It'll try 5 times and then give up with the final error and a very large stacktrace I can provide if needed. This can happen within minutes after restarting puppetdb after a few catalog/reports are successfully handled, though it sometimes can take an hour or two. It's hosted on the same physical box as the postgres (9.2, maybe can be upgraded if it would help) server. This is hardware, so no vm shenanigans at play at all. I've enabled connect/disconnect logging in postgres, and it does indeed log connections being closed, but it does not log any problem with them, just normal disconnects. Lots of googling has turned up various posts online from 2010-2013ish, which seems about right time-wise, with few things specifically puppet related, and lots of things jdbc specifically related. The most plausible being that there's likely some sql exception being thrown that is implicitly closing the connection in the pool, but isn't being being treated as such by the pool manager and/or application code. So the object says in the pool get's pulled to use later and then gets a connection closed exception. This translates to the retry loop above and mostly puppet agents timing out, because the master times out waiting for puppetdb. Watching the connection log in postgres, I do see connections being made and then disconnecting during this retry loop, however it's not clear of those are specific the retry loop trying to retry connections, or just other normal operations happening. I've tried tuning

conn-max-alive=1

conn-max-age=10

. and

conn-lifetime=5

to make the pool management code more aggressively check and rebuild the pool connections, but I can't tell if that's made any impact. The time between puppetdb restart and the problem happening seems about the same. If anyone has any knowledge about dusty versions of puppet to share, I'd be very happy to hear it, thanks!

binford2k

12/08/2023, 11:18 PM

Stop into the Vox Pupuli sync next week if you're interested in chatting about the Forge. Find the event on our Community Calendar -- puppet.com/community/calendar